HPE FlexNetwork 10500 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexNetwork 10500 SERIES
  6. Configuration manual
HPE FlexNetwork 10500 Series Configuration Manual

HPE FlexNetwork 10500 Series Configuration Manual

Layer 3-ip services
Hide thumbs Also See for FlexNetwork 10500 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Configuration Manual
HPE FlexNetwork 10500 Switch Series
Layer 3—IP Services Configuration Guide
Part number: 5200-1900a
Software version: 10500-CMW710-R7557P01
Document version: 6W101-20171020

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexNetwork 10500 Series and is the answer not in the manual?

Questions and answers

Related Manuals for HPE FlexNetwork 10500 Series

Summary of Contents for HPE FlexNetwork 10500 Series

  • Page 1 HPE FlexNetwork 10500 Switch Series Layer 3—IP Services Configuration Guide Part number: 5200-1900a Software version: 10500-CMW710-R7557P01 Document version: 6W101-20171020...
  • Page 2 © Copyright 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Configuring ARP ···························································································· 1 Overview ···························································································································································· 1 ARP message format ································································································································· 1 ARP operating mechanism ························································································································ 1 ARP table ··················································································································································· 2 Configuring a static ARP entry ··························································································································· 3 Configuring a multiport ARP entry······················································································································ 4 Setting the maximum number of dynamic ARP entries for a device ·································································· 5 Setting the maximum number of dynamic ARP entries for an interface ····························································...
  • Page 4 Configuration procedure ··························································································································· 24 Configuring IP unnumbered ····························································································································· 24 Configuration guidelines ··························································································································· 24 Configuration prerequisites ······················································································································ 25 Configuration procedure ··························································································································· 25 Displaying and maintaining IP addressing ······································································································· 25 IP address configuration example ···················································································································· 25 Network requirements ······························································································································ 25 Configuration procedure ··························································································································· 26 Verifying the configuration ························································································································...
  • Page 5 Enabling DHCP logging on the DHCP server ·································································································· 55 Displaying and maintaining the DHCP server ·································································································· 56 DHCP server configuration examples ·············································································································· 56 Static IP address assignment configuration example ·············································································· 56 Dynamic IP address assignment configuration example ········································································· 58 DHCP user class configuration example ·································································································· 60 DHCP user class whitelist configuration example ····················································································...
  • Page 6 DHCP snooping support for Option 82 ····································································································· 91 DHCP snooping configuration task list ············································································································· 92 Configuring basic DHCP snooping features ···································································································· 92 Restrictions and guidelines ······················································································································ 92 Configuring basic DHCP snooping features in a common network ························································· 93 Configuring basic DHCP snooping features in a VXLAN network ··························································· 94 Disabling DHCP snooping on an interface ·······························································································...
  • Page 7 Configuring DDNS ····················································································· 122 Overview ························································································································································ 122 DDNS application ··································································································································· 122 DDNS client configuration task list ················································································································· 123 Configuring a DDNS policy ···························································································································· 123 Configuration prerequisites ···················································································································· 124 Configuration procedure ························································································································· 124 Applying the DDNS policy to an interface ······································································································ 125 Setting the DSCP value for outgoing DDNS packets ·····················································································...
  • Page 8 Configuring UDP helper to convert broadcast to multicast ············································································ 149 Displaying and maintaining UDP helper········································································································· 149 UDP helper configuration examples··············································································································· 150 Configuring UDP helper to convert broadcast to unicast ······································································· 150 Configuring UDP helper to convert broadcast to multicast ···································································· 151 Configuring basic IPv6 settings ··································································...
  • Page 9 Protocols and standards ································································································································ 188 Configuring the DHCPv6 server ································································· 189 Overview ························································································································································ 189 IPv6 address assignment ······················································································································· 189 IPv6 prefix assignment ··························································································································· 189 Concepts ················································································································································ 190 DHCPv6 address pool ···························································································································· 190 IPv6 address/prefix allocation sequence ································································································ 191 Configuration task list ····································································································································· 192 Configuring IPv6 prefix assignment ···············································································································...
  • Page 10 Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 client ····················································· 218 Displaying and maintaining DHCPv6 client ···································································································· 218 DHCPv6 client configuration examples ·········································································································· 219 IPv6 address acquisition configuration example ···················································································· 219 IPv6 prefix acquisition configuration example ························································································ 220 IPv6 address and prefix acquisition configuration example ···································································...
  • Page 11 IPv4 over IPv6 tunneling ············································································ 260 Overview ························································································································································ 260 Implementation ······································································································································· 260 Tunnel modes ········································································································································ 260 Configuring an IPv4 over IPv6 manual tunnel ································································································ 261 Configuration example ··························································································································· 261 IPv6 over IPv6 tunneling ············································································ 265 Overview ························································································································································ 265 Configuring an IPv6 over IPv6 tunnel ············································································································ 265 Configuration example ···································································································································...

  • Page 12: Configuring Arp

    Configuring ARP Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages. Numbers in the figure refer to field lengths. Figure 1 ARP message format Hardware address length Protocol address length...

  • Page 13: Arp Table

    All hosts on this subnet can receive the broadcast request, but only the requested host (Host B) processes the request. Host B compares its own IP address with the target IP address in the ARP request. If they are the same, Host B operates as follows: a.

  • Page 14: Configuring A Static Arp Entry

    • Long static ARP entry—It contains the IP address, MAC address, and one of the following combinations: VLAN and output interface.  Input and output interfaces.  A long static ARP entry is directly used for forwarding packets. • Short static ARP entry—It contains only the IP address and MAC address. If the output interface is a Layer 3 Ethernet interface, the short ARP entry can be directly ...

  • Page 15: Configuring A Multiport Arp Entry

    Step Command Remarks Enter system view. system-view • Configure a long static ARP entry: arp static ip-address mac-address [ vlan-id interface-type interface-number | interface-type interface-number interface-type interface-number | vsi-interface vsi-interface-id tunnel number vsi Configure a static ARP By default, no static ARP entries vsi-name | vsi-interface entry.

  • Page 16: Setting The Maximum Number Of Dynamic Arp Entries For A Device

    Setting the maximum number of dynamic ARP entries for a device A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn. When the maximum number is reached, the device stops learning ARP entries.

  • Page 17: Setting The Aging Timer For Dynamic Arp Entries

    Setting the aging timer for dynamic ARP entries Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. A dynamic ARP entry that is not updated before its aging timer expires is deleted from the ARP table.

  • Page 18: Enabling Arp Logging

    you can use this command to specify a port that connects a user terminal as a customer-side port. The device will not associate the routing information with the learned ARP entries. To configure a customer-side port: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.

  • Page 19: Configuration Examples

    Task Command display arp [ [ all | dynamic | multiport | static ] [ chassis (In IRF mode.) Display ARP entries. chassis-number slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] (In standalone mode.) Display the ARP display arp ip-address [ slot slot-number ] [ verbose ] entry for an IP address.

  • Page 20: Short Static Arp Entry Configuration Example

    Figure 3 Network diagram Device A 192.168.1.1/24 00e0-fc01-0000 GE1/0/1 VLAN10 Device B Configuration procedure # Create VLAN 10. <DeviceB> system-view [DeviceB] vlan 10 [DeviceB-vlan10] quit # Add interface GigabitEthernet 1/0/1 to VLAN 10. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port access vlan 10 [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN-interface 10 and configure its IP address.

  • Page 21: Multiport Arp Entry Configuration Example

    Figure 4 Network diagram Device A 192.168.1.1/24 00e0-fc01-001f GE1/0/2 192.168.1.2/24 Device B GE1/0/1 Configuration procedure # Configure an IP address for GigabitEthernet 1/0/2. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] ip address 192.168.1.2 24 [DeviceB-GigabitEthernet1/0/2] quit # Configure a short static ARP entry that has IP address 192.168.1.1 and MAC address 00e0-fc01-001f.
  • Page 22 Figure 5 Network diagram Device GE1/0/1 GE1/0/3 GE1/0/2 Server Server Server Server group 192.168.1.1/24 00e0-fc01-0000 Configuration procedure # Create VLAN 10. <Device> system-view [Device] vlan 10 [Device-vlan10] quit # Add GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 10. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port access vlan 10 [Device-GigabitEthernet1/0/1] quit...

  • Page 23: Configuring Gratuitous Arp

    Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device.

  • Page 24: Configuration Procedure

    Configuration procedure When you configure gratuitous ARP, follow these restrictions and guidelines: • You can enable periodic sending of gratuitous ARP packets on a maximum of 1024 interfaces. • Periodic sending of gratuitous ARP packets takes effect on an interface only when the following conditions are met: The data link layer state of the interface is up.

  • Page 25: Configuring Gratuitous Arp Packet Retransmission For The Device Mac Address Change

    Configuring gratuitous ARP packet retransmission for the device MAC address change The device sends a gratuitous ARP packet to inform other devices of its MAC address change. However, the other devices might fail to receive the packet because the device sends the gratuitous ARP packet only once by default.

  • Page 26: Configuring Proxy Arp

    Configuring proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP.

  • Page 27: Common Proxy Arp Configuration Example

    Task Command Display common proxy ARP display proxy-arp [ interface interface-type interface-number ] status. Display local proxy ARP status. display local-proxy-arp [ interface interface-type interface-number ] Common proxy ARP configuration example Network requirements As shown in Figure 6, Host A and Host D have the same IP prefix and mask, but they are located on different subnets separated by the switch.

  • Page 28: Verifying The Configuration

    [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 # Enable common proxy ARP on VLAN-interface 2. [Switch-Vlan-interface2] proxy-arp enable Verifying the configuration # Verify that Host A and Host D can ping each other.

  • Page 29: Configuring Arp Snooping

    Configuring ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. ARP fast-reply and manual-mode MFF can use the ARP snooping entries. For more information about MFF, see Security Configuration Guide. If you enable ARP snooping for a VLAN, ARP packets received in the VLAN are redirected to the CPU.

  • Page 30: Configuring Arp Fast-Reply

    Configuring ARP fast-reply Overview ARP fast-reply enables a device to directly answer ARP requests according to DHCP snooping entries or ARP snooping entries. ARP fast-reply functions in a VLAN. For information about DHCP snooping, see "Configuring DHCP snooping." If the target IP address of a received ARP request is the IP address of the VLAN interface, the device delivers the request to the ARP module.

  • Page 31: Configuration Procedure

    Figure 7 Network diagram Client 1 Client 16 VLAN 2 …… DHCP server Switch …… Client 17 Client 32 VLAN 2 Configuration procedure # Enable ARP snooping for VLAN 2 on the switch. <Switch> system-view [Switch] vlan 2 [Switch-vlan2] arp snooping enable # Enable ARP fast-reply for VLAN 2 on the switch.

  • Page 32: Configuring Arp Proxy Forwarding

    Configuring ARP proxy forwarding With this feature enabled on an interface, the device does not issue static and dynamic ARP entries that use the interface as the output interface to the following interface modules: • SE interface modules: LSU1TGS8SE0 (JC631A, JG389A). ...

  • Page 33: Configuring Ip Addressing

    Configuring IP addressing The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. This chapter describes IP addressing basics and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) is beyond the scope of this chapter. Overview This section describes the IP addressing basics.

  • Page 34: Special Ip Addresses

    Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses: • IP address with an all-zero net ID—Identifies a host on the local network. For example, IP address 0.0.0.16 indicates the host with a host ID of 16 on the local network. •...

  • Page 35: Configuration Guidelines

    Configuration guidelines Follow these guidelines when you assign an IP address to an interface: • An interface can have only one primary IP address. A newly configured primary IP address overwrites the previous one. • You cannot assign secondary IP addresses to an interface that obtains an IP address through BOOTP, DHCP, or IP unnumbered.

  • Page 36: Configuration Prerequisites

    Configuration prerequisites Assign an IP address to the interface from which you want to borrow the IP address. Alternatively, you can configure the interface to obtain one through BOOTP or DHCP. Configuration procedure To configure IP unnumbered on an interface: Step Command Remarks...

  • Page 37: Configuration Procedure

    Figure 10 Network diagram 172.16.1.0/24 Switch Host B Vlan-int1 172.16.1.1/24 172.16.1.2/24 172.16.2.1/24 sub 172.16.2.2/24 Host A 172.16.2.0/24 Configuration procedure # Assign a primary IP address and a secondary IP address to VLAN-interface 1. <Switch> system-view [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0 [Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub # Set the gateway address to 172.16.1.1 on the PCs attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to subnet 172.16.2.0/24.
  • Page 38 56 bytes from 172.16.2.2: icmp_seq=3 ttl=128 time=2.000 ms 56 bytes from 172.16.2.2: icmp_seq=4 ttl=128 time=1.000 ms --- Ping statistics for 172.16.2.2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.600/7.000/2.245 ms # Verify the connectivity between a host on subnet 172.16.1.0/24 and a host on subnet 172.16.2.0/24. The ping operation succeeds.

  • Page 39: Dhcp Overview

    DHCP overview The DHCP configuration is not supported on Layer 3 Ethernet subinterfaces and Layer 3 aggregate subinterfaces. The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 11 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet.

  • Page 40: Ip Address Allocation Process

    IP address allocation process Figure 12 IP address allocation process DHCP client DHCP server (1) DHCP-DISCOVER (2) DHCP-OFFER (3) DHCP-REQUEST (4) DHCP-ACK As shown in Figure 12, a DHCP server assigns an IP address to a DHCP client in the following process: The client broadcasts a DHCP-DISCOVER message to locate a DHCP server.

  • Page 41: Dhcp Message Format

    If the client receives no reply, it broadcasts another DHCP-REQUEST message for lease extension when about seven-eighths of the lease duration elapses. Again, depending on the availability of the IP address, the DHCP server returns either a DHCP-ACK unicast or a DHCP-NAK unicast. DHCP message format Figure 13 shows the DHCP message format.

  • Page 42: Dhcp Options

    DHCP options DHCP extends the message format as an extension to BOOTP for compatibility. DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information for clients. Figure 14 DHCP option format Option type Option length Value (variable) Common DHCP options...
  • Page 43 • Service provider identifier, which is acquired by the CPE from the DHCP server and sent to the ACS for selecting vender-specific configurations and parameters. For more information about CPE and ACS, see Network Management and Monitoring Configuration Guide. • PXE server address, which is used to obtain the boot file or other control information from the PXE server.

  • Page 44: Protocols And Standards

    Relay agent option (Option 82) Option 82 is the relay agent option. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request and sends it to the server.

  • Page 45: Configuring The Dhcp Server

    Configuring the DHCP server Overview The DHCP server is well suited to networks where: • Manual configuration and centralized management are difficult to implement. • IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users must acquire IP addresses dynamically.
  • Page 46 NOTE: All address ranges must belong to the primary subnet. If an address range does not reside on the primary subnet, DHCP cannot assign the addresses in the address range. • Method 2—Specify a primary subnet and multiple secondary subnets in an address pool. The DHCP server selects an IP address from the primary subnet first.

  • Page 47: Ip Address Allocation Sequence

    NOTE: As a best practice, configure a minimum of one matching primary subnet in your network. Otherwise, the DHCP server selects only the first matching secondary subnet for address allocation. If the network has more DHCP clients than the assignable IP addresses in the secondary subnet, not all DHCP clients can obtain IP addresses.

  • Page 48: Configuring An Address Pool On The Dhcp Server

    Tasks at a glance (Optional.) Applying a DHCP address pool to a VPN instance (Optional.) Enabling client offline detection on the DHCP server (Optional.) Enabling DHCP logging on the DHCP server Configuring an address pool on the DHCP server Configuration task list Tasks at a glance (Required.) Creating a DHCP address pool...
  • Page 49 If there is no need to classify clients, you do not need to configure DHCP user classes or their address ranges. Follow these guidelines when you specify a primary subnet and multiple address ranges for a DHCP address pool: • If you use the network or address range command multiple times for the same address pool, the most recent configuration takes effect.
  • Page 50 Step Command Remarks By default, except for the IP address of the DHCP server dhcp server forbidden-ip interface, all IP addresses in 12. (Optional.) Exclude the start-ip-address [ end-ip-address ] address pools are assignable. specified IP addresses from [ vpn-instance automatic allocation globally.

  • Page 51: Specifying Gateways For Dhcp Clients

    Step Command Remarks Except for the IP address of the DHCP server interface, IP addresses in all address (Optional.) Exclude the specified pools are assignable by dhcp server forbidden-ip IP addresses from dynamic default. start-ip-address [ end-ip-address ] allocation globally. To exclude multiple address ranges globally, repeat this step.

  • Page 52: Specifying A Domain Name Suffix For Dhcp Clients

    • If gateways are specified in both address pool view and secondary subnet view, DHCP assigns those specified in the secondary subnet view. • If gateways are specified in address pool view but not in secondary subnet view, DHCP assigns those specified in address pool view.

  • Page 53: Specifying Wins Servers And Netbios Node Type For Dhcp Clients

    Specifying WINS servers and NetBIOS node type for DHCP clients A Microsoft DHCP client using NetBIOS protocol must contact a WINS server for name resolution. You can specify up to eight WINS servers for such clients in a DHCP address pool. In addition, you must specify a NetBIOS node type for the clients to approach name resolution.

  • Page 54: Specifying The Configuration File For Dhcp Client Auto-Configuration

    Specifying the configuration file for DHCP client auto-configuration Auto-configuration enables a device to obtain a set of configuration settings automatically from servers when the device starts up without a configuration file. It requires the cooperation of the DHCP server, HTTP server, DNS server, and TFTP server. For more information about auto-configuration, see Fundamentals Configuration Guide.

  • Page 55: Configuring Option 184 Parameters For Dhcp Clients

    Step Command Remarks Enter system view. system-view Create a DHCP address pool By default, no DHCP address dhcp server ip-pool pool-name and enter its view. pool exists. Specify the IP address of a next-server ip-address By default, no server is specified. server.
  • Page 56 To customize a DHCP option in a DHCP address pool: Step Command Remarks Enter system view. system-view Create a DHCP address By default, no DHCP address pool dhcp server ip-pool pool-name pool and enter its view. exists. By default, no DHCP option is customized in a DHCP address pool.

  • Page 57: Configuring The Dhcp User Class Whitelist

    Corresponding Recommended option Option Option name command command parameters Domain Name Server Option dns-list ip-address Domain Name domain-name ascii NetBIOS over TCP/IP Name nbns-list ip-address Server Option NetBIOS over TCP/IP Node netbios-type Type Option TFTP server name tftp-server ascii Boot file name bootfile-name ascii Vendor Specific Information...

  • Page 58: Enabling The Dhcp Server On An Interface

    Step Command Remarks Enter system view. system-view Enable DHCP. dhcp enable By default, DHCP is disabled. Enabling the DHCP server on an interface Perform this task to enable the DHCP server on an interface. Upon receiving a DHCP request on the interface, the DHCP server assigns the client an IP address and other configuration parameters from a DHCP address pool.

  • Page 59: Configuring Ip Address Conflict Detection

    DHCP policy must be applied to the interface that acts as the DHCP server. When receiving a DHCP request, the DHCP server compares the packet against the user classes in the order that they are configured. • If a match is found and the bound address pool has assignable IP addresses, the server assigns an IP address and other parameters from the address pool.

  • Page 60: Enabling Handling Of Option 82

    Step Command Remarks Enter system view. system-view The default setting is one. (Optional.) Set the maximum dhcp server ping packets number of ping packets to be The value 0 disables IP address number sent for conflict detection. conflict detection. The default setting is 500 ms. (Optional.) Set the ping dhcp server ping timeout The value 0 disables IP address...

  • Page 61: Configuring Dhcp Starvation Attack Protection

    Restrictions and guidelines Enable DHCP flood attack protection on the VSIs mapped to the Ethernet service instances on the VXLAN site-facing interfaces. For more information about the site-facing interface module requirements, see "Configuring VXLAN IP gateways." Procedure To configure DHCP flood attack protection in a VXLAN network: Step Command Remarks...

  • Page 62: Configuring Dhcp Server Compatibility

    Configuring DHCP server compatibility Perform this task to enable the DHCP server to support DHCP clients that are incompliant with RFC. Configuring the DHCP server to broadcast all responses By default, the DHCP server broadcasts a response only when the broadcast flag in the DHCP request is set to 1.

  • Page 63: Setting The Dscp Value For Dhcp Packets Sent By The Dhcp Server

    Step Command Remarks Enter system view. system-view Enable the DHCP server to send By default, the DHCP server BOOTP responses in RFC 1048 format dhcp server bootp directly copies the Vend field of to the RFC 1048-incompliant BOOTP reply-rfc-1048 such requests into the responses. requests for statically bound addresses.

  • Page 64: Configuring Address Pool Usage Alarming

    Step Command Remarks (Optional.) Terminate the dhcp server database update download of DHCP bindings stop from the backup file. Configuring address pool usage alarming Perform this task to set the threshold for address pool usage alarming. When the threshold is exceeded, the system sends log messages to the information center.

  • Page 65: Advertising Subnets Assigned To Clients

    Step Command Remarks Enter system view. system-view Create a DHCP address pool By default, no DHCP address dhcp server ip-pool pool-name and enter its view. pool exists. Bind the gateways to the gateway-list ip-address&<1-64> By default, gateways are not device's MAC address. export-route bound to any MAC address.

  • Page 66: Enabling Client Offline Detection On The Dhcp Server

    • The client's VPN information stored in authentication modules. • The VPN information of the DHCP server's interface that receives DHCP packets from the client. The VPN information from authentication modules takes priority over the VPN information of the receiving interface. To apply a DHCP address pool to a VPN instance: Step Command...

  • Page 67: Displaying And Maintaining The Dhcp Server

    Displaying and maintaining the DHCP server IMPORTANT: A restart of the DHCP server or execution of the reset dhcp server ip-in-use command deletes all lease information. The DHCP server denies any DHCP request for lease extension, and the client must request an IP address again. Execute display commands in any view and reset commands in user view.
  • Page 68 client VLAN-interface Switch 0030-3030-662e-6532-3030-2e30-3030-322d-4574-6865-726e-6574. The MAC address of VLAN-interface 2 on Switch C is 000f-e200-01c0. Figure 20 Network diagram Gateway 10.1.1.126/25 Vlan-int2 10.1.1.2/25 10.1.1.1/25 Vlan-int2 Vlan-int2 Switch A Switch B Switch C DHCP server DHCP client BOOTP client DNS server Configuration procedure Specify an IP address for VLAN-interface 2 on Switch A.

  • Page 69: Dynamic Ip Address Assignment Configuration Example

    # Verify that Switch C can obtain IP address 10.1.1.6 and all other network parameters from Switch A. (Details not shown.) # On the DHCP server, display the IP addresses assigned to the clients. [SwitchA] display dhcp server ip-in-use IP address Client identifier/ Lease expiration Type...
  • Page 70 # Enable the DHCP server on VLAN-interface 10 and VLAN-interface 20. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select server [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface 20 [SwitchA-Vlan-interface20] dhcp select server [SwitchA-Vlan-interface20] quit # Exclude the DNS server address, WINS server address, and gateway addresses from dynamic allocation.

  • Page 71: Dhcp User Class Configuration Example

    10.1.1.131 3030-0020-fe02-3020- Jan 9 10:45:11 2015 Auto(C) 7052-0201-2013-1e02 0201-9068-23 10.1.1.132 2020-1220-1102-3021- Jan 9 10:45:11 2015 Auto(C) 7e52-0211-2025-3402 0201-9068-9a 10.1.1.133 2021-d012-0202-4221- Jan 9 10:45:11 2015 Auto(C) 8852-0203-2022-55e0 3921-0104-31 DHCP user class configuration example Network requirement As shown in Figure 22, the DHCP relay agent (Switch A) forwards DHCP packets between DHCP clients and the DHCP server (Switch B).

  • Page 72: Dhcp User Class Whitelist Configuration Example

    [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] dhcp select server [SwitchB-Vlan-interface10] quit # Create DHCP user class tt and configure a match rule to match client requests with Option [SwitchB] dhcp class tt [SwitchB-dhcp-class-tt] if-match rule 1 option 82 [SwitchB-dhcp-class-tt] quit # Create DHCP user class ss and configure a match rule to match DHCP requests in which the hardware address is six bytes long and begins with aabb-aabb-aab.

  • Page 73: Primary And Secondary Subnets Configuration Example

    Figure 23 Network diagram Vlan-int2 Vlan-int2 10.1.1.1/24 Switch A Switch B DHCP client DHCP server Configuration procedure Specify IP addresses for the interfaces on the DHCP server. (Details not shown.) Configure DHCP: # Enable DHCP. <SwitchB> system-view [SwitchB] dhcp enable # Enable DHCP server on VLAN-interface 2.
  • Page 74 Configure two subnets in the address pool on the DHCP server: 10.1.1.0/24 as the primary subnet and 10.1.2.0/24 as the secondary subnet. The DHCP server selects IP addresses from the secondary subnet when the primary subnet has no assignable addresses. Switch A assigns the following parameters: •...

  • Page 75: Dhcp Option Customization Configuration Example

    IP address Client identifier/ Lease expiration Type Hardware address 10.1.1.2 0031-3865-392e-6262- Jan 14 22:25:03 2015 Auto(C) 3363-2e30-3230-352d- 4745-302f-30 10.1.2.2 3030-3030-2e30-3030- Jan 14 22:25:03 2015 Auto(C) 662e-3030-3033-2d45- 7568-6572-1e DHCP option customization configuration example Network requirements As shown in Figure 25, DHCP clients obtain IP addresses and PXE server addresses from the DHCP server (Switch A).

  • Page 76: Troubleshooting Dhcp Server Configuration

    [SwitchA-dhcp-class-ss] if-match rule 1 hardware-address aabb-aabb-0000 mask ffff-ffff-0000 [SwitchA-dhcp-class-ss] quit # Create DHCP option group 1 and customize Option 43. [SwitchA] dhcp option-group 1 [SwitchA-dhcp-option-group-1] option 43 hex 800B0000020203040503030303 # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server [SwitchA-Vlan-interface2] quit # Create DHCP address pool 0.
  • Page 77 Enable the network adapter or connect the network cable, release the IP address, and obtain another one on the client. For example, to release the IP address and obtain another one on a Windows XP DHCP client: a. In Windows environment, execute the cmd command to enter the DOS environment. b.

  • Page 78: Configuring The Dhcp Relay Agent

    Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 26 shows a typical application of the DHCP relay agent.

  • Page 79: Dhcp Relay Agent Support For Option 82

    Figure 27 DHCP relay agent operation DHCP client DHCP relay agent DHCP server DHCP-DISCOVER DHCP-DISCOVER (broadcast) (unicast) DHCP-OFFER (unicast) DHCP-OFFER DHCP-REQUEST DHCP-REQUEST (broadcast) (unicast) DHCP-ACK DHCP-ACK (unicast) DHCP relay agent support for Option 82 Option 82 records the location information about the DHCP client. It enables the administrator to perform the following tasks: •...

  • Page 80: Enabling Dhcp

    Tasks at a glance (Optional.) Configuring the DHCP relay agent to release an IP address (Optional.) Configuring Option 82 (Optional.) Setting the DSCP value for DHCP packets sent by the DHCP relay agent (Optional.) Enabling DHCP server proxy on the DHCP relay agent (Optional.) Configuring a DHCP address pool on the DHCP relay agent (Optional.)

  • Page 81: Specifying Dhcp Servers On A Relay Agent

    Specifying DHCP servers on a relay agent To improve availability, you can specify several DHCP servers on the DHCP relay agent. When the interface receives request messages from clients, the relay agent forwards them to all DHCP servers. Follow these guidelines when you specify a DHCP server address on a relay agent: •...

  • Page 82: Configuring Dhcp Flood Attack Protection

    • The MAC address of the DHCP relay interface. The relay agent maintains the relay entries depending on what it receives from the DHCP server: • If the server returns a DHCP-ACK message or does not return any message within an interval, the DHCP relay agent removes the relay entry.

  • Page 83: Enabling Dhcp Starvation Attack Protection

    Enabling DHCP starvation attack protection A DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests using different MAC addresses in the chaddr field to a DHCP server. This exhausts the IP address resources of the DHCP server so legitimate DHCP clients cannot obtain IP addresses. The DHCP server might also fail to work because of exhaustion of system resources.

  • Page 84: Configuring Option 82

    Step Command Remarks Enter system view. system-view Configure the DHCP relay dhcp relay release ip ip-address This command can release only agent to release an IP [ vpn-instance the IP addresses in the recorded address. vpn-instance-name ] relay entries. Configuring Option 82 Follow these guidelines when you configure Option 82: •...

  • Page 85: Enabling Dhcp Server Proxy On The Dhcp Relay Agent

    Step Command Remarks Enter system view. system-view Set the DSCP value for DHCP By default, the DSCP value in DHCP packets sent by the DHCP dhcp dscp dscp-value packets sent by the DHCP relay agent is relay agent. Enabling DHCP server proxy on the DHCP relay agent The DHCP server proxy feature isolates DHCP servers from DHCP clients and protects DHCP servers against attacks.

  • Page 86: Specifying The Dhcp Relay Agent Address To Be Padded To Dhcp Requests

    Step Command Remarks Create a DHCP address By default, no DHCP address pools dhcp server ip-pool pool-name pool and enter its view. exist. Specify gateway addresses gateway-list ip-address&<1-64> By default, no gateway address is for the clients matching the [ export-route ] specified.

  • Page 87: Configuring The Dhcp Smart Relay Feature

    Step Command Remarks By default, the relay agent does not record relay entries. Enable the relay agent to dhcp relay record relay entries. client-information record Without relay entries, client offline detection cannot function correctly. interface interface-type Enter interface view. interface-number By default, when DHCP is enabled, Enable the DHCP relay agent.

  • Page 88: Specifying The Dhcp Server Selecting Algorithm

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, an interface operates in Enable the DHCP relay agent. dhcp select relay the DHCP server mode when DHCP is enabled. Return to system view. quit Create a DHCP address pool dhcp server ip-pool By default, no DHCP address pool...
  • Page 89 after a delay. If the master DHCP server is available, the DHCP relay agent forwards DHCP requests to the master DHCP server. If the master DHCP server is not available, the DHCP relay agent still uses the backup DHCP server. To specify the DHCP server selecting algorithm in interface view: Step Command...

  • Page 90: Specifying The Source Ip Address For Dhcp Requests

    Step Command Remarks (Optional.) Set the DHCP By default, the DHCP server server response timeout time dhcp-server timeout time response timeout time is 30 for DHCP server switchover. seconds. 10. (Optional.) Enable the By default, the DHCP relay agent switchback to the master master-server switch-delay does not switch back to the master DHCP server and set the...

  • Page 91: Displaying And Maintaining The Dhcp Relay Agent

    Procedure To configure the DHCP relay agent to discard the DHCP requests that are delivered from VXLAN tunnels Step Command Remarks Enter system view. system-view Enter interface view. interface vsi-interface vsi-number By default, the DHCP relay agent can forward the DHCP requests that are delivered from VXLAN tunnels.

  • Page 92: Dhcp Relay Agent Configuration Examples

    DHCP relay agent configuration examples DHCP relay agent configuration example Network requirements As shown in Figure 28, configure the DHCP relay agent on Switch A. The DHCP relay agent enables DHCP clients to obtain IP addresses and other configuration parameters from the DHCP server on another subnet.

  • Page 93: Option 82 Configuration Example

    Option 82 configuration example Network requirements As shown in Figure 28, the DHCP relay agent (Switch A) replaces Option 82 in DHCP requests before forwarding them to the DHCP server (Switch B). • The Circuit ID sub-option is company001. • The Remote ID sub-option is device001.
  • Page 94 Figure 29 Network diagram Switch B DHCP server1 1.1.1.1/24 Vlan-int3 1.1.1.100/24 Switch A DHCP relay agent Vlan-int2 22.22.22.1/24 Vlan-int4 DHCP client 2.2.2.100/24 Switch C DHCP server2 2.2.2.2/24 Configuration procedure Assign IP addresses to interfaces on the switches. (Details not shown.) Configure Switch B and Switch C as DHCP servers.

  • Page 95: Troubleshooting Dhcp Relay Agent Configuration

    Troubleshooting DHCP relay agent configuration Symptom DHCP clients cannot obtain configuration parameters through the DHCP relay agent. Analysis Some problems might occur with the DHCP relay agent or server configuration. Solution To locate the problem, enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information.

  • Page 96: Configuring The Dhcp Client

    Configuring the DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address. The DHCP client configuration is supported only on Layer 3 Ethernet interfaces, VLAN interfaces, and Layer 3 aggregate interfaces. Enabling the DHCP client on an interface Follow these guidelines when you enable the DHCP client on an interface: •...

  • Page 97: Enabling Duplicated Address Detection

    Step Command Remarks DHCP client ID includes ID type and type value. Each ID type has a fixed type value. You can check the fields for the client ID to verify which type of client ID is used: • If an ASCII string is used as the client display dhcp client ID, the type value is 00.

  • Page 98: Dhcp Client Configuration Example

    Task Command display dhcp client [ verbose ] [ interface interface-type Display DHCP client information. interface-number ] DHCP client configuration example Network requirements As shown in Figure 31, on a LAN, Switch B contacts the DHCP server through VLAN-interface 2 to obtain an IP address, a DNS server address, and static route information.

  • Page 99: Verifying The Configuration

    [SwitchA] dhcp server forbidden-ip 10.1.1.2 # Configure DHCP address pool 0. Specify the subnet, lease duration, DNS server address, and a static route to subnet 20.1.1.0/24. [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] expired day 10 [SwitchA-dhcp-pool-0] dns-list 20.1.1.1 [SwitchA-dhcp-pool-0] option 121 hex 18 14 01 01 0A 01 01 02 Configure Switch B:...
  • Page 100 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0...

  • Page 101: Configuring Dhcp Snooping

    Configuring DHCP snooping Overview DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes.

  • Page 102: Dhcp Snooping Support For Option 82

    Figure 32 Trusted and untrusted ports DHCP server Trusted DHCP snooping Untrusted Untrusted DHCP client Unauthorized DHCP server DHCP reply messages In a cascaded network as shown in Figure 33, configure the DHCP snooping devices' ports facing the DHCP server as trusted ports. To save system resources, you can enable only the untrusted ports directly connected to the DHCP clients to record DHCP snooping entries.

  • Page 103: Dhcp Snooping Configuration Task List

    Table 5 Handling strategies If a DHCP request Handling DHCP snooping… has… strategy Drop Drops the message. Keep Forwards the message without changing Option 82. Option 82 Forwards the message after replacing the original Option 82 with Replace the Option 82 padded according to the configured padding format, padding content, and code type.

  • Page 104: Configuring Basic Dhcp Snooping Features In A Common Network

    DHCP snooping can work with QinQ to record VLAN tags for DHCP packets received from clients. For more information about QinQ, see Layer 2—LAN Switching Configuration Guide. In a VXLAN network, an Ethernet service instance uses the DHCP snooping configuration (except the trusted port configuration) of the Layer 2 Ethernet interface where the Ethernet service instance is on.

  • Page 105: Configuring Basic Dhcp Snooping Features In A Vxlan Network

    Configuring basic DHCP snooping features for VLANs Step Commands Remarks Enter system view. system-view Enable DHCP snooping dhcp snooping enable vlan By default, DHCP snooping is for VLANs. vlan-id-list disabled for all VLANs. Make sure DHCP snooping is Enter VLAN view vlan vlan-id enabled for the VLAN.

  • Page 106: Disabling Dhcp Snooping On An Interface

    Configuring basic DHCP snooping in a VXLAN network (DHCP server at a remote site) Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name By default, all ports are untrusted after DHCP snooping is enabled. Configure the VXLAN tunnel This command sets all VXLAN interfaces as the DHCP dhcp snooping trust tunnel...

  • Page 107: Configuring Dhcp Snooping Entry Auto Backup

    • If the handling strategy is replace, configure a padding mode and padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure any padding mode or padding format for Option 82. The settings do not take effect even if you configure them. •...

  • Page 108: Enabling Dhcp Starvation Attack Protection

    Step Command Remarks Enter system view. system-view By default, the DHCP snooping device does not back up DHCP snooping entries. dhcp snooping binding Configure the DHCP With this command executed, the database filename { filename | snooping device to back up DHCP snooping device backs up url url [ username username DHCP snooping entries to a...

  • Page 109: Enabling Dhcp-Request Attack Protection

    Step Command Remarks By default, MAC address Enable MAC address check. dhcp snooping check mac-address check is disabled. Enabling DHCP-REQUEST attack protection DHCP-REQUEST messages include DHCP lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This feature prevents the unauthorized clients that forge the DHCP-REQUEST messages from attacking the DHCP server.

  • Page 110: Configuring Dhcp Packet Rate Limit

    Configuring DHCP packet rate limit Perform this task to set the maximum rate at which an interface can receive DHCP packets. This feature discards exceeding DHCP packets to prevent attacks that send large numbers of DHCP packets. To configure DHCP packet rate limit: Step Command Remarks...

  • Page 111: Displaying And Maintaining Dhcp Snooping

    Step Command Remarks Enable DHCP snooping By default, DHCP snooping dhcp snooping log enable logging. logging is disabled. Displaying and maintaining DHCP snooping Execute display commands in any view, and reset commands in user view. Task Command Remarks display dhcp snooping binding [ ip Available in any Display DHCP snooping entries.

  • Page 112: Vlan-Specific Dhcp Snooping Configuration Example

    Figure 34 Network diagram Switch A DHCP server GE1/0/1 Switch B DHCP snooping GE1/0/2 GE1/0/3 Unauthorized DHCP client DHCP server Configuration procedure # Enable DHCP snooping globally. <SwitchB> system-view [SwitchB] dhcp snooping enable # Configure GigabitEthernet 1/0/1 as a trusted port. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-GigabitEthernet1/0/1] quit...

  • Page 113: Option 82 Configuration Example

    Figure 35 Network diagram Switch A DHCP server GE1/0/1 (VLAN100) Switch B DHCP snooping GE1/0/2 GE1/0/3 (VLAN100) (VLAN100) Unauthorized DHCP client DHCP server Configuration procedure # Assign GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 100. <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/3 [SwitchB-vlan100] quit # Enable DHCP snooping for VLAN 100.

  • Page 114: Enable Dhcp Snooping

    Figure 36 Network diagram Switch A DHCP server GE1/0/1 Switch B DHCP snooping GE1/0/2 GE1/0/3 DHCP client DHCP client Configuration procedure # Enable DHCP snooping. <SwitchB> system-view [SwitchB] dhcp snooping enable # Configure GigabitEthernet 1/0/1 as a trusted port. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Configure Option 82 on GigabitEthernet 1/0/2.

  • Page 115: Configuring The Bootp Client

    Configuring the BOOTP client BOOTP client configuration only applies to Layer 3 Ethernet interfaces, Layer 3 aggregate interfaces and VLAN interfaces. BOOTP application An interface that acts as a BOOTP client can use BOOTP to obtain information (such as IP address) from the BOOTP server.

  • Page 116: Displaying And Maintaining Bootp Client

    Step Command Remarks Configure an interface to use By default, an interface does not BOOTP for IP address ip address bootp-alloc use BOOTP for IP address acquisition. acquisition. Displaying and maintaining BOOTP client Execute display command in any view. Task Command display bootp client [ interface interface-type Display BOOTP client information.

  • Page 117: Configuring Dns

    Configuring DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. The domain name-to-IP address mapping is called a DNS entry. DNS services can be static or dynamic. After a user specifies a name, the device checks the static name resolution table for an IP address.

  • Page 118: Dns Proxy

    Dynamic domain name resolution allows the DNS client to store latest DNS entries in the dynamic domain name cache. The DNS client does not need to send a request to the DNS server for a repeated query within the aging time. To make sure the entries from the DNS server are up to date, a DNS entry is removed when its aging timer expires.

  • Page 119: Dns Configuration Task List

    A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution cache after receiving the request.

  • Page 120: Configuring Dynamic Domain Name Resolution

    Configuring dynamic domain name resolution To use dynamic domain name resolution, configure DNS servers so that DNS queries can be sent to a correct server for resolution. A DNS server manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS server configured earlier takes precedence. A name query is first sent to the DNS server that has the highest priority.

  • Page 121: Configuring Dynamic Domain Name Resolution

    • For the public network or a VPN instance, each host name maps to only one IPv6 address. The most recent configuration for a host name takes effect. • The system allows a maximum of 1024 IPv6 DNS entries for the public network or each VPN instance.

  • Page 122: Configuring The Dns Proxy

    Step Command Remarks • Specify a DNS server IPv4 address: dns server ip-address [ vpn-instance vpn-instance-name ] By default, no DNS server is specified. • Specify a DNS server IPv6 Specify a DNS server. address: You can specify both the IPv4 and ipv6 dns server ipv6-address IPv6 addresses.

  • Page 123: Configuring The Dns Trusted Interface

    When sending an IPv6 DNS request, the device follows the method defined in RFC 3484 to select an IPv6 address of the source interface. You can configure only one source interface on the public network or a VPN instance. You can configure the source interface for both public network and VPN instances.

  • Page 124: Displaying And Maintaining Dns

    Displaying and maintaining DNS Execute display commands in any view and reset commands in user view. Task Command Display the domain name resolution display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] table. Display IPv4 DNS server display dns server [ dynamic ] [ vpn-instance vpn-instance-name ] information.

  • Page 125: Dynamic Domain Name Resolution Configuration Example

    Dynamic domain name resolution configuration example Network requirements As shown in Figure 40, configure the DNS server to store the mapping between the host's domain name host and IPv4 address 3.1.1.1/16 in the com domain. Configure dynamic IPv4 DNS and DNS suffix com on the device so that the device can use domain name host to access the host.
  • Page 126 Figure 41 Creating a zone c. On the DNS server configuration page, right-click zone com and select New Host. Figure 42 Adding a host d. On the page that appears, enter host name host and IP address 3.1.1.1. e. Click Add Host. The mapping between the IP address and host name is created.
  • Page 127 Figure 43 Adding a mapping between domain name and IP address Configure the DNS client: # Specify the DNS server 2.1.1.2. <Sysname> system-view [Sysname] dns server 2.1.1.2 # Specify com as the name suffix. [Sysname] dns domain com Verifying the configuration # Verify that the device can use the dynamic domain name resolution to resolve domain name host.com into IP address 3.1.1.1.

  • Page 128: Ipv6 Dns Configuration Examples

    IPv6 DNS configuration examples Static domain name resolution configuration example Network requirements As shown in Figure 44, the host at 1::2 has domain name host.com. Configure static IPv6 DNS on the device so that the device can use the easy-to-remember domain name rather than the IPv6 address to access the host.
  • Page 129 Figure 45 Network diagram IP network 3::1/64 2::2/64 2::1/64 1::1/64 host.com Device DNS server Host DNS client Configuration procedure Before performing the following configuration, make sure that: • The device and the host can reach each other. • The IPv6 addresses of the interfaces are configured as shown in Figure Configure the DNS server: The configuration might vary by DNS server.
  • Page 130 Figure 47 Adding a host d. On the page that appears, enter host name host and IPv6 address 1::1. e. Click Add Host. The mapping between the IPv6 address and host name is created. Figure 48 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Specify the DNS server 2::2.

  • Page 131: Troubleshooting Ipv4 Dns Configuration

    <Device> system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Verify that the device can use the dynamic domain name resolution to resolve the domain name host.com into the IP address 1::1. [Device] ping ipv6 host Ping6(56 data bytes) 3::1 -->...
  • Page 132 If the specified domain name is in the cache, but the IPv6 address is incorrect, check that the DNS client has the correct IPv6 address of the DNS server. Verify that the mapping between the domain name and IPv6 address is correct on the DNS server.

  • Page 133: Configuring Ddns

    Configuring DDNS Overview DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails. Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers.

  • Page 134: Ddns Client Configuration Task List

    DDNS client configuration task list Tasks at a glance (Required.) Configuring a DDNS policy (Required.) Applying the DDNS policy to an interface (Optional.) Setting the DSCP value for outgoing DDNS packets Configuring a DDNS policy A DDNS policy contains the DDNS server address, port number, login ID, password, time interval, associated SSL client policy, and update time interval.

  • Page 135: Configuration Prerequisites

    • gnudip://—The TCP-based GNUDIP server. • oray://—The TCP-based DDNS server. The domain names of DDNS servers are members.3322.org and phservice2.oray.net. The domain names of PeanutHull DDNS servers can be phservice2.oray.net, phddns60.oray.net, client.oray.net, ph031.oray.net, and so on. Determine the domain name in the URL according to the actual situation. The port number in the URL address is optional.

  • Page 136: Applying The Ddns Policy To An Interface

    Step Command Remarks By default, no SSL client policy is associated with the DDNS policy. (Optional.) Associate an SSL ssl-client-policy This step is only effective and a must for client policy with the DDNS policy-name HTTP-based DDNS update requests. For policy.

  • Page 137: Displaying Ddns

    Step Command Remarks Enter system view. system-view Set the DSCP value for By default, the DSCP value for • ddns dscp dscp-value outgoing DDNS packets. outgoing DDNS packets is 0. Displaying DDNS Execute display commands in any view. Task Command Display DDNS policy information.

  • Page 138: Ddns Configuration Example With Peanuthull Server

    • Make sure the devices can reach each other. # Create a DDNS policy named 3322.org, and enter its view. <Switch> system-view [Switch] ddns policy 3322.org # Specify the URL address, username, and password for DDNS update requests. [Switch-ddns-policy-3322.org] url http://members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>...
  • Page 139 Configuration procedure Before configuring DDNS on the switch, perform the following tasks: • Register with username steven and password nevets at http://www.oray.cn/. • Configure a DDNS policy to update the mapping between the switch's FQDN and IP address. • Make sure the devices can reach each other. # Create a DDNS policy named oray.cn and enter its view.

  • Page 140: Configuring Ip Forwarding Basic Settings

    Configuring IP forwarding basic settings Overview The device uses the destination IP address of a received packet to find a match from the forwarding information base (FIB) table. It then uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table.

  • Page 141: Displaying Fib Table Entries

    To automatically save the IP forwarding entries periodically, configure a schedule for the device to automatically run the ip forwarding-table save command. For information about scheduling a task, see Fundamentals Configuration Guide. To save the IP forwarding entries to a file: Task Command Remarks...

  • Page 142: Configuring Fast Forwarding

    Configuring fast forwarding Overview Fast forwarding reduces route lookup time and improves packet forwarding efficiency by using a high-speed cache and data-flow-based technology. It identifies a data flow by using the following fields: source IP address, source port number, destination IP address, destination port number, and protocol number.
  • Page 143 Task Command display ip fast-forwarding cache [ ip-address ] (In standalone mode.) Display fast forwarding [ slot slot-number ] entries. display ip fast-forwarding cache [ ip-address ] (In IRF mode.) Display fast forwarding entries. [ chassis chassis-number slot slot-number ] (In standalone mode.) Display fast forwarding entries display ip fast-forwarding fragcache [ ip-address ] [ slot slot-number ]...

  • Page 144: Using The Adjacency Table

    Using the adjacency table This feature can be used only to display the adjacency table on tunnel interfaces. For information about tunnel interfaces, see "Configuring tunneling." Overview The adjacency table stores information about directly connected neighbors for IP forwarding. The neighbor information in this chapter refers to non-Ethernet neighbor information.

  • Page 145: Displaying And Maintainig The Adjacency Table

    Item Description Link head information(IP) Link layer header for IP forwarding. Link head information(IPv6) Link layer header for IPv6 forwarding. Link head Link layer header for MPLS forwarding. information(MPLS) Displaying and maintainig the adjacency table To display adjacency table entries, use one of the following commands in any view: Task Command display adjacent-table { all | physical-interface interface-type...

  • Page 146: Configuring Irdp

    Configuring IRDP The term "router" in this chapter refers to a routing-capable device. The term "host" in this chapter refers to the host that supports IRDP. For example, a host that runs the Linux operating system. Overview ICMP Router Discovery Protocol (IRDP), an extension of the ICMP, is independent of any routing protocol.

  • Page 147: Protocols And Standards

    Advertising interval A router interface with IRDP enabled sends out RAs randomly between the minimum and maximum advertising intervals. This mechanism prevents the local link from being overloaded by a large number of RAs sent simultaneously from routers. As a best practice, shorten the advertising interval on a link that suffers high packet loss rates. Destination address of RAs An RA uses either of the following destination IP addresses: •...

  • Page 148: Irdp Configuration Example

    Step Command Remarks (Optional.) Specify the By default, RAs use the broadcast multicast address 224.0.0.1 as ip irdp multicast address 255.255.255.255 as the the destination IP address of destination IP address. RAs. Repeat this step to specify multiple proxy-advertised IP addresses. (Optional.) Specify a By default, no IP address is ip irdp address ip-address...

  • Page 149: Verifying The Configuration

    # Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent by VLAN-interface 2. [SwitchA-Vlan-interface2] ip irdp multicast # Specify the IP address 192.168.1.0 and preference 400 for VLAN-interface 2 to proxy-advertise. [SwitchA-Vlan-interface2] ip irdp address 192.168.1.0 400 Configure Switch B: # Specify an IP address for VLAN-interface 2.

  • Page 150: Optimizing Ip Performance

    Optimizing IP performance A customized configuration can help optimize overall IP performance. This chapter describes various techniques you can use to customize your installation. Enabling an interface to forward directed broadcasts destined for the directly connected network A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

  • Page 151: Setting The Mtu Of Ipv4 Packets Sent Over An Interface

    Configuration procedure Configure Switch A: # Specify IP addresses for VLAN-interface 3 and VLAN-interface 2. <SwitchA> system-view [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ip address 1.1.1.2 24 [SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts directed for the directly connected network.

  • Page 152: Configuring Tcp Path Mtu Discovery

    of a TCP segment is smaller than the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, it fragments the segment according to the receiver's MSS. If you set the TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value.

  • Page 153: Enabling Syn Cookie

    • After the aging timer expires, the source device uses a larger MSS in the MTU table, as described in RFC 1191. • If no ICMP error message is received within two minutes, the source device increases the MSS again until the MSS negotiated during TCP three-way handshake is reached. To enable TCP path MTU discovery: Step Command...

  • Page 154: Enabling Sending Icmp Error Messages

    • SYN wait timer—TCP starts the SYN wait timer after sending a SYN packet. Within the SYN wait timer if no response is received or the upper limit on TCP connection tries is reached, TCP fails to establish the connection. •...

  • Page 155: Disabling Forwarding Icmp Fragments

    The device sends the source an ICMP protocol unreachable message when the following  conditions are met: − The packet is destined for the device. − The transport layer protocol of the packet is not supported by the device. NOTE: If a DHCP enabled device receives an ICMP echo reply without sending any ICMP echo requests, the device does not send any ICMP protocol unreachable messages to the source.

  • Page 156: Configuring Rate Limit For Icmp Error Messages

    Step Command Remarks Enter system view. system-view ip icmp fragment By default, forwarding ICMP Disable forwarding ICMP fragments. discarding fragments is enabled. Configuring rate limit for ICMP error messages To avoid sending excessive ICMP error messages within a short period that might cause network congestion, you can limit the rate at which ICMP error messages are sent.

  • Page 157: Displaying And Maintaining Ip Performance Optimization

    (In standalone mode.) This feature enables the receiving LPU to reassemble the IPv4 fragments instead of delivering them to the active MPU for reassembly. It applies only to fragments destined for the same LPU. (In IRF mode.) This feature enables the receiving subordinate to reassemble the received IPv4 fragments instead of delivering them to the master for reassembly.
  • Page 158 Task Command display tcp statistics [ slot slot-number ] (In standalone mode.) Display TCP traffic statistics. display tcp statistics [ chassis chassis-number (In IRF mode.) Display TCP traffic statistics. slot slot-number ] (In standalone mode.) Display UDP traffic statistics. display udp statistics [ slot slot-number ] display udp statistics [ chassis chassis-number (In IRF mode.) Display UDP traffic statistics.

  • Page 159: Configuring Udp Helper

    Configuring UDP helper Overview UDP helper can provide the following packet conversion for packets with specific UDP destination port numbers: • Convert broadcast to unicast, and forward the unicast packets to specific destinations. • Convert broadcast to multicast, and forward the multicast packets. Configuration restrictions and guidelines When you configure UDP helper, follow these restrictions and guidelines: •...

  • Page 160: Configuring Udp Helper To Convert Broadcast To Multicast

    Step Command Remarks By default, no destination server is specified. If you specify multiple Specify a destination destination servers, UDP server for UDP helper to udp-helper server ip-address [ global | helper creates one copy for convert broadcast to vpn-instance vpn-instance-name ] each server.

  • Page 161: Udp Helper Configuration Examples

    Task Command Display information about broadcast to display udp-helper interface interface-type unicast conversion by UDP helper on an interface-number interface. Clear packet statistics for UDP helper. reset udp-helper statistics UDP helper configuration examples Configuring UDP helper to convert broadcast to unicast Network requirements As shown in Figure...

  • Page 162: Configuring Udp Helper To Convert Broadcast To Multicast

    Configuring UDP helper to convert broadcast to multicast Network requirements As shown in Figure 55, VLAN-interface 1 of Switch B can receive multicast packets destined to 225.1.1.1. Configure UDP helper to convert broadcast to multicast on VLAN-interface 1 of Switch A. This feature enables Switch A to forward broadcast packets with UDP destination port number 55 to the multicast group 225.1.1.1.
  • Page 163 # Configure VLAN-interface 2 as a static member of the multicast group 225.1.1.1. [SwitchA-Vlan-interface2] igmp static-group 225.1.1.1 Verifying the configuration Verify that you can capture multicast packets from Switch A on Switch B.

  • Page 164: Configuring Basic Ipv6 Settings

    Configuring basic IPv6 settings Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.

  • Page 165: Ipv6 Addresses

    • Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and other configuration information by using its link-layer address and the prefix information advertised by a router. To communicate with other hosts on the same link, a host automatically generates a link-local address based on its link-layer address and the link-local address prefix (FE80::/10).
  • Page 166 • Multicast address—An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address. Broadcast addresses are replaced by multicast addresses in IPv6. •...

  • Page 167: Ipv6 Nd Protocol

    duplicate addresses. Each IPv6 unicast or anycast address has a corresponding solicited-node address. The format of a solicited-node multicast address is FF02:0:0:0:0:1:FFXX:XXXX. FF02:0:0:0:0:1:FF is fixed and consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 unicast address or anycast address.
  • Page 168 ICMPv6 message Type Function Responds to an RS message. Router Advertisement (RA) Advertises information, such as the Prefix Information options and flag bits. Informs the source host of a better next hop on the path to a Redirect particular destination when certain conditions are met. Address resolution This function is similar to ARP in IPv4.

  • Page 169: Ipv6 Path Mtu Discovery

    Figure 59 Duplicate address detection Host A Host B 2000::1 ICMPv6 type = 135 Src = :: Dst = FF02::1:FF00:1 ICMPv6 type = 136 Src = 2000::1 Dst = FF02::1 Host A sends an NS message. The source address is the unspecified address and the destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected.

  • Page 170: Ipv6 Transition Technologies

    Figure 60 Path MTU discovery process MTU = 1500 MTU = 1500 MTU = 1350 MTU = 1400 Source Packet with MTU = 1500 ICMPv6 error: packet too big; use MTU = 1350 Packet with MTU = 1350 Packet received The source host sends a packet no larger than its MTU to the destination host.

  • Page 171: 6Pe

    6PE enables communication between isolated IPv6 networks over an IPv4 backbone network. 6PE adds labels to the IPv6 routing information about customer networks and advertises the information into the IPv4 backbone network over internal Border Gateway Protocol (IBGP) sessions. IPv6 packets are labeled and forwarded over tunnels on the backbone network. The tunnels can be GRE tunnels or MPLS LSPs.

  • Page 172: Assigning Ipv6 Addresses To Interfaces

    Tasks at a glance (Optional.) Configuring IPv6 • Configuring a static neighbor entry • Setting the maximum number of dynamic neighbor entries • Setting the aging timer for ND entries in stale state • Minimizing link-local ND entries • Setting the hop limit •...
  • Page 173 takes effect. However, it does not overwrite the automatically generated address. If you delete the manually configured global unicast address, the device uses the automatically generated one. EUI-64 IPv6 address To configure an interface to generate an EUI-64 IPv6 address: Step Command Remarks...
  • Page 174 • Public IPv6 address—Includes the address prefix in the RA message and a fixed interface ID generated based on the MAC address of the interface. • Temporary IPv6 address—Includes the address prefix in the RA message and a random interface ID generated through MD5. You can also configure the interface to preferentially use the temporary IPv6 address as the source address of sent packets.

  • Page 175: Configuring An Ipv6 Link-Local Address

    Step Command Remarks • (Method 1) Configure a static IPv6 prefix: ipv6 prefix prefix-number ipv6-prefix/prefix-length • By default, no static or dynamic (Method 2) Use DHCPv6 to Configure an IPv6 prefix. IPv6 prefixes exist. obtain a dynamic IPv6 prefix: For more information about IPv6 prefix acquisition, see "Configuring the DHCPv6 client."...

  • Page 176: Configuring An Ipv6 Anycast Address

    Manually specifying an IPv6 link-local address for an interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Manually specify an IPv6 ipv6 address ipv6-address By default, no link-local address is link-local address for the link-local configured on an interface.

  • Page 177: Setting The Maximum Number Of Dynamic Neighbor Entries

    If you use Method 2, make sure the Layer 2 port belongs to the specified VLAN and the corresponding VLAN interface already exists. The device associates the VLAN interface with the neighbor IPv6 address to identify the static neighbor entry. To configure a static neighbor entry: Step Command...

  • Page 178: Setting The Hop Limit

    By default, the device assigns all ND entries to the driver. With this feature enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route into the driver. This saves driver resources. This feature takes effect only on newly learned link-local ND entries.
  • Page 179 Parameter Description Tells the receiving hosts how long the advertising router can live. If the lifetime of Router Lifetime a router is 0, the router cannot be used as the default gateway. If the device does not receive a response message within the specified time after Retrans Timer sending an NS message, it retransmits the NS message.

  • Page 180: Setting The Maximum Number Of Attempts To Send An Ns Message For Dad

    Step Command Remarks By default, no prefix information is configured for RA messages, and the IPv6 address of the interface sending ipv6 nd ra prefix { ipv6-prefix RA messages is used as the prefix prefix-length | information. If the IPv6 address is Configure the prefix ipv6-prefix/prefix-length } manually configured, the prefix uses a...

  • Page 181: Configuring Nd Snooping

    Step Command Remarks interface interface-type Enter interface view. interface-number Set the number of attempts The default setting is 1. When the to send an NS message for ipv6 nd dad attempts interval interval argument is set to 0, DAD DAD. is disabled.
  • Page 182 − If the device receives an NA message within the invalid entry lifetime, the ND snooping entry remains unchanged. If an ND snooping entry has no matching ND messages within the valid entry lifetime (set by  the ipv6 nd snooping lifetime valid command), the entry becomes invalid. The device then performs DAD for the entry by sending NS messages out of the interface in the entry twice.

  • Page 183: Enabling Nd Proxy

    Step Command Remarks 11. (Optional.) Set the interval for ipv6 nd snooping dad The default setting is 250 retransmitting an NS retrans-timer interval milliseconds. message for DAD. Enabling ND proxy About ND proxy ND proxy enables a device to answer an NS message requesting the hardware address of a host on another network.

  • Page 184: Configuring A Customer-Side Port

    Because Host A's IPv6 address is on the same subnet as Host B's, Host A directly sends an NS message to obtain Host B's MAC address. However, Host B cannot receive the NS message because they belong to different VLANs. To solve this problem, enable local ND proxy on GigabitEthernet 1/0/2 of the router so that the router can forward messages between Host A and Host B.

  • Page 185: Configuring Path Mtu Discovery

    Step Command Remarks Specify the VLAN By default, a port acts as interface as a ipv6 nd mode uni a network-side port. customer-side port. Configuring path MTU discovery Setting the interface MTU IPv6 routers do not support packet fragmentation. If the size of a packet exceeds the MTU of the output interface, the router discards the packet and sends a packet too big message to the source host.

  • Page 186: Controlling Sending Icmpv6 Messages

    Step Command Remarks Enter system view. system-view The default setting is 10 minutes. Set the aging time for ipv6 pathmtu age age-time The aging time is invalid for a dynamic path MTUs. static path MTU. Controlling sending ICMPv6 messages This section describes how to configure ICMPv6 message sending. Configuring the rate limit for ICMPv6 error messages To avoid sending excessive ICMPv6 error messages within a short period that might cause network congestion, you can limit the rate at which ICMPv6 error messages are sent.

  • Page 187: Enabling Sending Icmpv6 Destination Unreachable Messages

    Enabling sending ICMPv6 destination unreachable messages The device sends the source the following ICMPv6 destination unreachable messages: • ICMPv6 No Route to Destination message—A packet to be forwarded does not match any route. • ICMPv6 Communication with Destination Administratively Prohibited message—An administrative prohibition is preventing successful communication with the destination.

  • Page 188: Specifying The Source Address For Icmpv6 Packets

    • The interface receiving the packet is the interface forwarding the packet. • The selected route is not created or modified by any ICMPv6 redirect messages. • The selected route is not a default route. • The forwarded packet does not contain the routing extension header. The ICMPv6 redirect feature simplifies host management by enabling hosts that hold few routes to optimize their routing table gradually.

  • Page 189: Enabling A Device To Discard Ipv6 Packets That Contain Extension Headers

    Step Command Remarks Enable IPv6 local ipv6 reassemble local By default, IPv6 local fragment fragment reassembly. enable reassembly is disabled. Enabling a device to discard IPv6 packets that contain extension headers This feature enables a device to discard a received IPv6 packet in which the extension headers cannot be processed by the device.

  • Page 190: Displaying And Maintaining Ipv6 Basics

    Step Command Remarks Enter system view. system-view Create a VLAN interface and Create the VLAN before you enter its view, or enter the interface vlan-interface create the VLAN interface for a view of an existing VLAN vlan-interface-id VLAN. interface. By default, ND proxy forwarding Enable ND proxy forwarding.
  • Page 191 Task Command (In standalone mode.) Display brief display ipv6 rawip [ slot slot-number ] information about IPv6 RawIP connections. (In IRF mode.) Display brief information display ipv6 rawip [ chassis chassis-number slot about IPv6 RawIP connections. slot-number ] (In standalone mode.) Display detailed display ipv6 rawip verbose [ slot slot-number [ pcb information about IPv6 RawIP pcb-index ] ]...

  • Page 192: Ipv6 Configuration Example

    Task Command reset ipv6 neighbors { all | dynamic | interface interface-type (In IRF mode.) Clear IPv6 neighbor interface-number | chassis chassis-number slot slot-number | information. static } Clear path MTUs. reset ipv6 pathmtu { all | dynamic | static } (In standalone mode.) Clear IPv6 and reset ipv6 statistics [ slot slot-number ] ICMPv6 packet statistics.

  • Page 193: Verifying The Configuration

    [SwitchB-Vlan-interface2] ipv6 address 3001::2/64 [SwitchB-Vlan-interface2] quit # Configure an IPv6 static route with destination IPv6 address 2001::/64 and next hop address 3001::1. [SwitchB] ipv6 route-static 2001:: 64 3001::1 Configure the host: Enable IPv6 for the host to automatically obtain an IPv6 address through IPv6 ND. # Display neighbor information for GigabitEthernet 1/0/2 on Switch A.
  • Page 194 InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA] display ipv6 interface vlan-interface 1 Vlan-interface1 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1...
  • Page 195 OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es):...

  • Page 196: Troubleshooting Ipv6 Basics Configuration

    OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected. NOTE: When you ping a link-local address, use the -i parameter to specify an interface for the link-local address.

  • Page 197: Dhcpv6 Overview

    DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 65, rapid assignment operates in the following steps: The DHCPv6 client sends to the DHCPv6 server a Solicit message that contains a Rapid Commit option to prefer rapid assignment.

  • Page 198: Address/Prefix Lease Renewal

    Figure 66 Assignment involving four messages DHCPv6 client DHCPv6 server (1) Solicit (2) Advertise (3) Request (4) Reply Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time.

  • Page 199: Stateless Dhcpv6

    Stateless DHCPv6 Stateless DHCPv6 enables a device that has obtained an IPv6 address/prefix to get other configuration parameters from a DHCPv6 server. The device performs stateless DHCPv6 if an RA message with the following flags is received from the router during stateless address autoconfiguration: •...

  • Page 200: Configuring The Dhcpv6 Server

    Configuring the DHCPv6 server Overview A DHCPv6 server can assign IPv6 addresses, IPv6 prefixes, and other configuration parameters to DHCPv6 clients. IPv6 address assignment As shown in Figure 70, the DHCPv6 server assigns IPv6 addresses, domain name suffixes, DNS server addresses, and other configuration parameters to DHCPv6 clients. The IPv6 addresses assigned to the clients include the following types: •...

  • Page 201: Concepts

    Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers. It uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).

  • Page 202: Ipv6 Address/Prefix Allocation Sequence

    Address allocation mechanisms DHCPv6 supports the following address allocation mechanisms: • Static address allocation—To implement static address allocation for a client, create a DHCPv6 address pool, and manually bind the DUID and IAID of the client to an IPv6 address in the DHCPv6 address pool.

  • Page 203: Configuration Task List

    Assignable IPv6 address/prefix in the address pool/prefix pool expected by the client. Assignable IPv6 address/prefix in the address pool/prefix pool. IPv6 address/prefix that was a conflict or passed its lease duration. If no IPv6 address/prefix is assignable, the server does not respond. If a client moves to another subnet, the DHCPv6 server selects an IPv6 address/prefix from the address pool that matches the new subnet.

  • Page 204: Configuration Procedure

    Configuration procedure To configure IPv6 prefix assignment: Step Command Remarks Enter system view. system-view By default, no IPv6 prefixes in the prefix pool are excluded from dynamic assignment. (Optional.) Specify the ipv6 dhcp server forbidden-prefix IPv6 prefixes excluded start-prefix/prefix-len If the excluded IPv6 prefix is in a from dynamic [ end-prefix/prefix-len ] [ vpn-instance static binding, the prefix still can...

  • Page 205: Configuration Guidelines

    If you bind a DUID and an IAID to an IPv6 address, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client. If you only bind a DUID to an IPv6 address, the DUID in a request must match the DUID in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client.

  • Page 206: Configuring Network Parameters Assignment

    Step Command Remarks By default, no IPv6 address subnet is specified. network { prefix/prefix-length | The IPv6 subnets cannot be the prefix prefix-number same in different address pools. Specify an IPv6 subnet for [ sub-prefix/sub-prefix-length ] } If you specify an IPv6 prefix by dynamic assignment.

  • Page 207: Configuring Network Parameters In A Dhcpv6 Option Group

    Step Command Remarks By default, no IPv6 subnet is specified. The IPv6 subnets cannot be network { prefix/prefix-length | prefix the same in different address prefix-number Specify an IPv6 subnet for pools. [ sub-prefix/sub-prefix-length ] } dynamic assignment. If you specify an IPv6 prefix [ preferred-lifetime preferred-lifetime by its ID, make sure the IPv6 valid-lifetime valid-lifetime ]...

  • Page 208: Configuring A Dhcpv6 Policy For Ipv6 Address And Prefix Assignment

    Step Command Remarks Specify a DHCPv6 option By default, no DHCPv6 option-group option-group-number group. option group is specified. Configuring a DHCPv6 policy for IPv6 address and prefix assignment In a DHCPv6 policy, each DHCPv6 user class has a bound DHCPv6 address pool. Clients matching different user classes obtain IPv6 addresses, IPv6 prefixes, and other parameters from different address pools.

  • Page 209: Configuring The Dhcpv6 Server On An Interface

    Configuring the DHCPv6 server on an interface Enable the DHCP server and configure one of the following address/prefix assignment methods on an interface: • Apply an address pool on the interface—The DHCPv6 server selects an IPv6 address/prefix from the applied address pool for a requesting client. If there is no assignable IPv6 address/prefix in the address pool, the DHCPv6 server cannot to assign an IPv6 address/prefix to a client.

  • Page 210: Setting The Dscp Value For Dhcpv6 Packets Sent By The Dhcpv6 Server

    Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 server The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. To set the DSCP value for DHCPv6 packets sent by the DHCPv6 server: Step Command Remarks...

  • Page 211: Advertising Subnets Assigned To Clients

    Advertising subnets assigned to clients This feature enables the route management module to advertise subnets assigned to DHCPv6 clients. This feature achieves symmetric routing for traffic of the same host. As shown in Figure 73, Router A and Router B act as both the DHCPv6 server and the BRAS device. The BRAS devices send accounting packets to the RADIUS server.

  • Page 212: Enabling The Dhcpv6 Server To Advertise Ipv6 Prefixes

    The VPN information from authentication modules takes priority over the VPN information of the receiving interface. To apply a DHCPv6 address pool to a VPN instance: Step Command Remarks Enter system view. system-view Create an address pool and By default, no DHCPv6 address ipv6 dhcp pool pool-name enter its view.

  • Page 213: Dhcpv6 Server Configuration Examples

    Task Command display ipv6 dhcp duid Display the DUID of the local device. Display information about a DHCPv6 display ipv6 dhcp option-group [ option-group-number ] option group. Display DHCPv6 address pool display ipv6 dhcp pool [ pool-name | vpn-instance information. vpn-instance-name ] display ipv6 dhcp prefix-pool [ prefix-pool-number ] Display prefix pool information.
  • Page 214 Figure 74 Network diagram Switch DHCPv6 server Vlan-int2 1::1/64 DHCPv6 client DHCPv6 client Configuration procedure # Specify an IPv6 address for VLAN-interface 2. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1::1/64 # Disable RA message suppression on VLAN-interface 2. [Switch-Vlan-interface2] undo ipv6 nd ra halt # Set the M flag to 1 in RA advertisements to be sent on VLAN-interface 2.
  • Page 215 [Switch-dhcp6-pool-1] sip-server domain-name bbb.com [Switch-dhcp6-pool-1] quit # Enable the DHCPv6 server on VLAN-interface 2, enable desired prefix assignment and rapid prefix assignment, and set the preference to the highest. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 dhcp select server [Switch-Vlan-interface2] ipv6 dhcp server allow-hint preference 255 rapid-commit Verifying the configuration # Display DHCPv6 server configuration on VLAN-interface 2.

  • Page 216: Dynamic Ipv6 Address Assignment Configuration Example

    2001:410:201::/48 Static(C) Jul 10 19:45:01 2009 # After the other client obtains an IPv6 prefix, display binding information on the DHCPv6 server. [Switch-Vlan-interface2] display ipv6 dhcp server pd-in-use Pool: 1 IPv6 prefix Type Lease expiration 2001:410:201::/48 Static(C) Jul 10 19:45:01 2009 2001:410::/48 Auto(C) Jul 10 20:44:05 2009...
  • Page 217 # Specify an IPv6 address for VLAN-interface 20. [SwitchA] interface vlan-interface 20 [SwitchA-Vlan-interface20] ipv6 address 1::2:0:0:1/96 # Disable RA message suppression on VLAN-interface 20. [SwitchA-Vlan-interface20] undo ipv6 nd ra halt # Set the M flag to 1 in RA advertisements to be sent on VLAN-interface 20. Hosts that receive the RA advertisements will obtain IPv6 addresses through DHCPv6.

  • Page 218: Configuring The Dhcpv6 Relay Agent

    Configuring the DHCPv6 relay agent Overview A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. As shown in Figure 76, if the DHCPv6 server resides on another subnet, the DHCPv6 clients need a DHCPv6 relay agent to contact the server.

  • Page 219: Dhcpv6 Relay Agent Configuration Task List

    Figure 77 Operating process of a DHCPv6 relay agent DHCPv6 client DHCPv6 relay agent DHCPv6 server Solicit (contains a Rapid Commit option) (2) Relay-forward (3) Relay-reply (4) Reply DHCPv6 relay agent configuration task list Tasks at a glance (Required.) Enabling the DHCPv6 relay agent on an interface (Required.) Specifying DHCPv6 servers on the relay agent (Optional.)

  • Page 220: Specifying Dhcpv6 Servers On The Relay Agent

    Specifying DHCPv6 servers on the relay agent You can use the ipv6 dhcp relay server-address command to specify a maximum of eight DHCPv6 servers on the DHCP relay agent interface. The DHCPv6 relay agent forwards DHCP requests to all the specified DHCPv6 servers. To specify a DHCPv6 server on a relay agent: Step Command...

  • Page 221: Configuring A Dhcpv6 Address Pool On The Dhcpv6 Relay Agent

    Step Command Remarks By default, the relay agent fills the Specify a padding mode for ipv6 dhcp relay interface-id Interface-ID option with the interface the Interface-ID option. { bas | interface } index of the interface. Configuring a DHCPv6 address pool on the DHCPv6 relay agent This feature allows DHCPv6 clients of the same type to obtain IPv6 addresses, IPv6 prefixes, and other configuration parameters from the DHCPv6 servers specified in the matching DHCPv6...

  • Page 222: Enabling The Dhcpv6 Relay Agent To Record Relay Entries

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, the DHCPv6 relay Specify a gateway address for ipv6 dhcp relay gateway agent uses the first IPv6 DHCPv6 clients. ipv6-address address of the relay interface as the clients' gateway address.

  • Page 223: Enabling Client Offline Detection

    Enabling client offline detection This feature enables the DHCPv6 relay agent to detect the status of ND entries. After an ND entry ages out, the DHCPv6 relay agent considers the client offline and deletes the relay entry for the client. For more information about ND, see "Configuring basic IPv6 settings."...

  • Page 224: Displaying And Maintaining The Dhcpv6 Relay Agent

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, the DHCPv6 relay agent uses the global unicast IPv6 address of the interface that connects to the DHCPv6 server as ipv6 dhcp relay the source IPv6 address for relayed Specify the source IPv6 source-address DHCPv6 requests.

  • Page 225: Dhcpv6 Relay Agent Configuration Example

    DHCPv6 relay agent configuration example Network requirements As shown in Figure 78, configure the DHCPv6 relay agent on Switch A to relay DHCPv6 packets between DHCPv6 clients and the DHCPv6 server. Switch A acts as the gateway of network 1::/64. It sends RA messages to notify the hosts to obtain IPv6 addresses and other configuration parameters through DHCPv6.

  • Page 226: Verifying The Configuration

    Verifying the configuration # Display DHCPv6 server address information on Switch A. [SwitchA-Vlan-interface3] display ipv6 dhcp relay server-address Interface: Vlan-interface3 Server address Outgoing Interface 2::2 # Display packet statistics on the DHCPv6 relay agent. [SwitchA-Vlan-interface3] display ipv6 dhcp relay statistics Packets dropped Packets received Solicit...

  • Page 227: Configuring The Dhcpv6 Client

    Configuring the DHCPv6 client Overview With DHCPv6 client configured, an interface can obtain configuration parameters from the DHCPv6 server. A DHCPv6 client can use DHCPv6 to complete the following functions: • Obtain an IPv6 address, an IPv6 prefix, or both, and obtain other configuration parameters. The client automatically creates a DHCPv6 option group for the obtained parameters.

  • Page 228: Configuring Ipv6 Prefix Acquisition

    Configuring IPv6 prefix acquisition Step Command Remarks Enter system view. system-view Supported interfaces include Layer 3 Ethernet interface, Layer interface interface-type 3 Ethernet subinterface, Layer 3 Enter interface view. interface-number aggregate interface, Layer 3 aggregate subinterface, and VLAN interface. Configure the interface to ipv6 dhcp client pd By default, the interface does not use DHCPv6 to obtain an...

  • Page 229: Configuring The Dhcpv6 Client Duid

    Configuring the DHCPv6 client DUID The DUID of a DHCPv6 client is the globally unique identifier of the client. The client pads its DUID into Option 1 of the DHCPv6 packet that it sends to the DHCPv6 server. The DHCPv6 server can assign specific IPv6 addresses or prefixes to DHCPv6 clients with specific DUIDs.

  • Page 230: Dhcpv6 Client Configuration Examples

    DHCPv6 client configuration examples IPv6 address acquisition configuration example Network requirements As shown in Figure 79, configure the switch to use DHCPv6 to obtain configuration parameters from the DHCPv6 server. The parameters include IPv6 address, DNS server address, domain name suffix, SIP server address, and SIP server domain name.

  • Page 231: Ipv6 Prefix Acquisition Configuration Example

    Will expire on Mar 27 2014 at 08:06:57 (198 seconds left) DNS server addresses: 2000::FF Domain name: example.com SIP server addresses: 2:2::4 SIP server domain names: bbb.com # Verify that the client has created a dynamic DHCPv6 option group for saving configuration parameters.
  • Page 232 Figure 80 Network diagram DHCPv6 server Vlan-int2 1::1/48 Vlan-int2 1::2/48 Switch DHCPv6 client DHCPv6 client Configuration procedure You must configure the DHCPv6 server first before configuring the DHCPv6 client. For information about configuring DHCPv6 server, see "Configuring the DHCPv6 server." # Configure an IPv6 address for VLAN-interface 2 that is connected to the DHCPv6 server.

  • Page 233: Ipv6 Address And Prefix Acquisition Configuration Example

    bbb.com # Verify that the client has obtained an IPv6 prefix. [Switch] display ipv6 prefix 1 Number: 1 Type : Dynamic Prefix: 12:34::/48 Preferred lifetime 100 sec, valid lifetime 200 sec # Verify that the client has created a dynamic DHCPv6 option group for saving configuration parameters.
  • Page 234 Configuration procedure You must configure the DHCPv6 server before configuring the DHCPv6 client. For information about configuring the DHCPv6 server, see "Configuring the DHCPv6 server." # Configure an IPv6 address for VLAN-interface 2 that is connected to the DHCPv6 server. <Switch>...

  • Page 235: Stateless Dhcpv6 Configuration Example

    Number: 1 Type : Dynamic Prefix: 12:34::/48 Preferred lifetime 100 sec, valid lifetime 200 sec # Verify that the client has created a dynamic DHCPv6 option group for saving configuration parameters. [Switch] display ipv6 dhcp option-group 1 DNS server addresses: Type: Dynamic (DHCPv6 address and prefix allocation) Interface: Vlan-interface2 2000::FF...
  • Page 236 # Set the O flag to 1 in RA advertisements to be sent on VLAN-interface 2. Hosts that receive the RA advertisements will obtain information other than IPv6 address through DHCPv6. [SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag # Disable RA message suppression on VLAN-interface 2. [SwitchB-Vlan-interface2] undo ipv6 nd ra halt Configure the DHCPv6 client Switch A.

  • Page 237: Configuring Dhcpv6 Snooping

    Configuring DHCPv6 snooping Overview DHCPv6 snooping works between the DHCPv6 client and server, or between the DHCPv6 client and DHCPv6 relay agent. It guarantees that DHCPv6 clients obtain IPv6 addresses or prefixes from authorized DHCPv6 servers. Also, it records IP-to-MAC bindings of DHCPv6 clients (called DHCPv6 snooping address entries) and prefix-to-port bindings of DHCPv6 clients (called DHCPv6 snooping prefix entries) for security purposes.

  • Page 238: Implementation Of Option 18 And Option 37

    Figure 83 Trusted and untrusted ports DHCPv6 server Trusted DHCPv6 snooping Untrusted Untrusted DHCPv6 client Unauthorized DHCPv6 server DHCPv6 reply messages Implementation of Option 18 and Option 37 Option 18 for DHCPv6 snooping Option 18, also called the interface-ID option, is used by the DHCPv6 relay agent to determine the interface to use to forward RELAY-REPLY message.

  • Page 239: Dhcpv6 Snooping Support For Option 37

    DHCPv6 snooping support for Option 37 Option 37, also called the remote-ID option, is used to identify the client. The DHCPv6 snooping device adds Option 37 to the received DHCPv6 request message before forwarding it to the DHCPv6 server. This option provides client information about address allocation. Figure 85 Option 37 format Option code Option length...

  • Page 240: Configuring Basic Dhcpv6 Snooping

    Configuring basic DHCPv6 snooping Follow these guidelines when you configure basic DHCPv6 snooping: • To make sure DHCPv6 clients can obtain valid IPv6 addresses, specify the ports connected to authorized DHCPv6 servers as trusted ports. The trusted ports and the ports connected to DHCPv6 clients must be in the same VLAN.

  • Page 241: Configuring Dhcpv6 Snooping Entry Auto Backup

    Configuring DHCPv6 snooping entry auto backup The auto backup feature saves DHCPv6 snooping entries to a backup file, and allows the DHCPv6 snooping device to download the entries from the backup file at reboot. The entries on the DHCPv6 snooping device cannot survive a reboot. The auto backup helps the security features provide services if these features (such as IP source guard) must use DHCPv6 snooping entries for user authentication.

  • Page 242: Configuring Dhcpv6 Packet Rate Limit

    Step Command Remarks Set the maximum number By default, the number of DHCPv6 of DHCPv6 snooping ipv6 dhcp snooping snooping entries for an interface to entries for the interface to max-learning-num max-number learn is not limited. learn. Configuring DHCPv6 packet rate limit This DHCPv6 packet rate limit feature discards exceeding DHCPv6 packets to prevent attacks that send large numbers of DHCPv6 packets.

  • Page 243: Configuring A Dhcpv6 Packet Blocking Port

    Step Command Remarks Enable ipv6 dhcp snooping check By default, DHCPv6-REQUEST check is DHCPv6-REQUEST request-message disabled. check. Configuring a DHCPv6 packet blocking port Perform this task to configure a port as a DHCPv6 packet blocking port. The DHCPv6 packet blocking port drops all incoming DHCP requests. To configure a DHCPv6 packet blocking port: Step Command...

  • Page 244: Dhcpv6 Snooping Configuration Example

    Task Command display ipv6 dhcp snooping packet statistics (In IRF mode.) Display DHCPv6 packet statistics for [ chassis chassis-number slot slot-number ] DHCPv6 snooping. display ipv6 dhcp snooping pd binding [ prefix Display DHCPv6 snooping prefix entries. prefix/prefix-length [ vlan vlan-id ] ] reset ipv6 dhcp snooping binding { all | address Clear DHCPv6 snooping address entries.

  • Page 245: Verifying The Configuration

    # Enable recording DHCPv6 snooping address entries on GigabitEthernet 1/0/2. [SwitchB]interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] ipv6 dhcp snooping binding record [SwitchB-GigabitEthernet1/0/2] quit Verifying the configuration # Verify that the DHCPv6 client obtains an IPv6 address and all other configuration parameters only from the authorized DHCPv6 server.

  • Page 246: Configuring Ipv6 Fast Forwarding

    Configuring IPv6 fast forwarding Overview Fast forwarding reduces route lookup time and improves packet forwarding efficiency by using a high-speed cache and data-flow-based technology. It identifies a data flow by using the following fields: • Source IPv6 address. • Destination IPv6 address. •...

  • Page 247: Displaying And Maintaining Ipv6 Fast Forwarding

    Displaying and maintaining IPv6 fast forwarding Execute display commands in any view and reset commands in user view. Task Command (In standalone mode.) Display IPv6 fast forwarding display ipv6 fast-forwarding cache [ ipv6-address ] entries. [ slot slot-number ] display ipv6 fast-forwarding cache [ ipv6-address ] (In IRF mode.) Display IPv6 fast forwarding entries.

  • Page 248: Configuring Tunneling

    Configuring tunneling Overview Tunneling encapsulates the packets of a network protocol within the packets of a second network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source and de-encapsulated at the tunnel destination.
  • Page 249 Step Command Remarks By default, no source address or source interface is configured for the tunnel interface. If you specify a source address, it is used as the source address Configure a source address source { ipv4-address | of tunneled packets. or source interface for the ipv6-address | interface-type If you specify a source interface,...

  • Page 250: Displaying And Maintaining Tunneling Configuration

    Displaying and maintaining tunneling configuration Execute display commands in any view and reset commands in user view. Task Command display interface [ tunnel [ number ] ] [ brief [ description | Display information about tunnel interfaces. down ] ] Display IPv6 information on tunnel display ipv6 interface [ tunnel [ number ] ] [ brief ] interfaces.

  • Page 251: Ipv6 Over Ipv4 Tunneling

    IPv6 over IPv4 tunneling Overview Implementation IPv6 over IPv4 tunneling enables isolated IPv6 networks to communicate, as shown in Figure NOTE: The devices at both ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack. Figure 87 IPv6 over IPv4 tunnel IPv4 header IPv6 header IPv6 data...
  • Page 252 • Automatic tunnel—The destination IPv4 address of the tunnel can be automatically obtained from the destination IPv6 address (with an IPv4 address embedded) of an IPv6 packet at the tunnel source. The source IPv4 addresses for all IPv6 over IPv4 tunnels are manually configured. According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the modes shown in the following table: Table 11 Automatic tunnel modes and key parameters...

  • Page 253: Ipv6 Over Ipv4 Tunneling Configuration Task List

    A forwards all packets destined for the IPv6 network over the 6to4 tunnel, and Device C then forwards them to the IPv6 network. Figure 88 Principle of 6to4 tunneling and 6to4 relay 6to4 router 6to4 network Site 2 Device B 6to4 router 6to4 network IPv4 network...

  • Page 254: Configuration Example

    reaching the destination IPv6 network through the tunnel interface. You can configure the route by using one of the following methods: Configure a static route, and specify the local tunnel interface as the egress interface or  specify the IPv6 address of the peer tunnel interface as the next hop. Enable a dynamic routing protocol on both tunnel interfaces to achieve the same purpose.
  • Page 255 Figure 90 Network diagram GE1/0/2 GE1/0/2 Switch A Switch B Vlan-int100 Vlan-int100 192.168.50.1/24 192.168.100.1/24 IPv4 netwok GE1/0/3 GE1/0/3 IPv6 manual tunnel GE1/0/1 GE1/0/1 Tunnel1 Tunnel1 Vlan-int101 Vlan-int101 3002::1/64 3001::1/64 3001::2/64 3003::1/64 IPv6 IPv6 network 2 network 1 Service loopback interface Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4.
  • Page 256 # Configure a static route destined for IPv6 network 2 through tunnel 1. [SwitchA] ipv6 route-static 3003:: 64 tunnel 1 • Configure Switch B: # Add GigabitEthernet 1/0/2 (the physical interface of the tunnel) to VLAN 100. <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/2 [SwitchB-vlan100] quit # Specify an IPv4 address for VLAN-interface 100.

  • Page 257: Configuring A 6To4 Tunnel

    56 bytes from 3003::1, icmp_seq=2 hlim=64 time=4.000 ms 56 bytes from 3003::1, icmp_seq=3 hlim=64 time=10.000 ms 56 bytes from 3003::1, icmp_seq=4 hlim=64 time=11.000 ms --- Ping6 statistics for 3003::1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 4.000/16.000/45.000/14.711 ms Configuring a 6to4 tunnel Follow these guidelines when you configure a 6to4 tunnel: •...

  • Page 258: 6To4 Tunnel Configuration Example

    6to4 tunnel configuration example Network requirements As shown in Figure 91, configure a 6to4 tunnel between 6to4 switches Switch A and Switch B so the two hosts can reach each other over the IPv4 network. Figure 91 Network diagram Switch A Switch B GE1/0/2 GE1/0/2...
  • Page 259 # Create service loopback group 1, and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1. [SwitchA] interface gigabitethernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Create 6to4 tunnel interface Tunnel 1. [SwitchA] interface tunnel 1 mode ipv6-ipv4 6to4 # Specify an IPv6 address for the tunnel interface.

  • Page 260: 6To4 Relay Configuration Example

    [SwitchB] ipv6 route-static 2002:: 16 tunnel 1 Verifying the configuration # Verify that the Linux-running hosts Host A and Host B can ping each other. D:\>ping6 -s 2002:201:101:1::2 2002:501:101:1::2 Pinging 2002:501:101:1::2 from 2002:201:101:1::2 with 32 bytes of data: Reply from 2002:501:101:1::2: bytes=32 time=13ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms...
  • Page 261 # Add GigabitEthernet 1/0/2 (the physical interface of the tunnel) to VLAN 100. <SwitchA> system-view [SwitchA] vlan 100 [SwitchA-vlan100] port gigabitethernet 1/0/2 [SwitchA-vlan100] quit # Specify an IPv4 address for VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 2.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Add GigabitEthernet 1/0/1 to VLAN 101.

  • Page 262: Configuring An Isatap Tunnel

    [SwitchB-vlan101] port gigabitethernet 1/0/1 [SwitchB-vlan101] quit # Specify an IPv6 address for VLAN-interface 101. [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2001::1/16 [SwitchB-Vlan-interface101] quit # Create service loopback group 1, and specify its service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1.

  • Page 263: Configuration Example

    next hop of the route. For more information about route configuration, see Layer 3—IP Routing Configuration Guide. To configure an ISATAP tunnel: Step Command Remarks Enter system view. system-view Enter ISATAP tunnel interface tunnel number [ mode interface view. ipv6-ipv4 isatap ] By default, no IPv6 address is Specify an IPv6 address for "Configuring basic IPv6...
  • Page 264 [Switch] vlan 100 [Switch-vlan100] port gigabitethernet 1/0/1 [Switch-vlan100] quit # Specify an IPv6 address for VLAN-interface 100. [Switch] interface vlan-interface 100 [Switch-Vlan-interface100] ipv6 address 3001::1/64 [Switch-Vlan-interface100] quit # Add GigabitEthernet 1/0/2 (the physical interface of the tunnel) to VLAN 101. [Switch] vlan 101 [Switch-vlan101] port gigabitethernet 1/0/2 [Switch-vlan101] quit...
  • Page 265 current hop limit 128 reachable time 42500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 default site prefix length 48 # Specify an IPv4 address for the ISATAP switch. C:\>netsh interface ipv6 isatap set router 1.1.1.1 # Display information about the ISATAP interface. C:\>ipv6 if 2 Interface 2: Automatic Tunneling Pseudo-Interface Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}...

  • Page 266: Ipv4 Over Ipv4 Tunneling

    IPv4 over IPv4 tunneling Overview IPv4 over IPv4 tunneling (RFC 1853) enables isolated IPv4 networks to communicate. For example, an IPv4 over IPv4 tunnel can connect isolated private IPv4 networks over a public IPv4 network. Figure 94 IPv4 over IPv4 tunnel IPv4 header IPv4 header IPv4 data...

  • Page 267: Configuration Example

    • The IPv4 address of the local tunnel interface cannot be on the same subnet as the destination address configured on the tunnel interface. • To ensure correct packet forwarding, identify whether the destination IPv4 network and the IPv4 address of the local tunnel interface are on the same subnet. If they are not, configure a route reaching the destination IPv4 network through the tunnel interface.
  • Page 268 Figure 95 Network diagram Switch A Switch B GE1/0/2 GE1/0/2 Vlan-int101 Vlan-int101 2.1.1.1/24 3.1.1.1/24 IPv4 netwok GE1/0/3 GE1/0/3 IPv4 over IPv4 tunnel GE1/0/1 GE1/0/1 Tunnel1 Tunnel2 Vlan-int100 Vlan-int100 10.1.2.1/24 10.1.2.2/24 10.1.1.1/24 10.1.3.1/24 IPv4 IPv4 Service loopback group 1 group 2 interface Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach...
  • Page 269 # Configure a static route destined for IPv4 group 2 through the tunnel interface. [SwitchA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1 • Configure Switch B: # Add GigabitEthernet 1/0/1 to VLAN 100. <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 [SwitchB-vlan100] quit # Specify an IPv4 address for VLAN-interface 100.
  • Page 270 56 bytes from 10.1.3.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 10.1.3.1: icmp_seq=3 ttl=255 time=1.000 ms 56 bytes from 10.1.3.1: icmp_seq=4 ttl=255 time=1.000 ms --- Ping statistics for 10.1.3.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/1.000/2.000/0.632 ms...

  • Page 271: Ipv4 Over Ipv6 Tunneling

    IPv4 over IPv6 tunneling Overview Implementation IPv4 over IPv6 tunneling adds an IPv6 header to IPv4 packets so that the IPv4 packets can pass an IPv6 network through a tunnel to realize interworking between isolated IPv4 networks. Figure 96 IPv4 over IPv6 tunnel IPv6 header IPv4 header IPv4 data...

  • Page 272: Configuring An Ipv4 Over Ipv6 Manual Tunnel

    Configuring an IPv4 over IPv6 manual tunnel Follow these guidelines when you configure an IPv4 over IPv6 manual tunnel: • The tunnel destination address specified on the local device must be identical with the tunnel source address specified on the tunnel peer device. •...
  • Page 273 Figure 97 Network diagram Switch A Switch B GE1/0/2 GE1/0/2 Vlan-int101 Vlan-int101 2001::1:1/64 2001::2:1/64 IPv6 network GE1/0/3 GE1/0/3 IPv4 over IPv6 tunnel GE1/0/1 GE1/0/1 Tunnel2 Tunnel1 Vlan-int100 Vlan-int100 30.1.2.2/24 30.1.2.1/24 30.1.1.1/24 30.1.3.1/24 IPv4 IPv4 Service loopback network 1 network 2 interface Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach...
  • Page 274 # Configure a static route destined for IPv4 network 2 through the tunnel interface. [SwitchA] ip route-static 30.1.3.0 255.255.255.0 tunnel 1 • Configure Switch B: # Add GigabitEthernet 1/0/1 to VLAN 100. <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 [SwitchB-vlan100] quit # Specify an IPv4 address for VLAN-interface 100.
  • Page 275 56 bytes from 30.1.3.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 30.1.3.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 30.1.3.1: icmp_seq=3 ttl=255 time=1.000 ms 56 bytes from 30.1.3.1: icmp_seq=4 ttl=255 time=1.000 ms --- Ping statistics for 30.1.3.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/1.200/3.000/0.980 ms...

  • Page 276: Ipv6 Over Ipv6 Tunneling

    IPv6 over IPv6 tunneling Overview IPv6 over IPv6 tunneling (RFC 2473) enables isolated IPv6 networks to communicate with each other over another IPv6 network. For example, two isolated IPv6 networks that do not want to show their addresses to the Internet can use an IPv6 over IPv6 tunnel to communicate with each other. Figure 98 Principle of IPv6 over IPv6 tunneling IPv6 header IPv6 header...

  • Page 277: Configuration Example

    • To ensure correct packet forwarding, identify whether the destination IPv6 network and the IPv6 address of the local tunnel interface are on the same subnet. If they are not, configure a route reaching the destination IPv6 network through the tunnel interface. You can configure the route by using one of the following methods: Configure a static route, and specify the local tunnel interface as the egress interface or ...
  • Page 278 Figure 99 Network diagram Switch A Switch B GE1/0/2 GE1/0/2 Vlan-int101 Vlan-int101 2001::11:1/64 2001::22:1/64 IPv6 network GE1/0/3 GE1/0/3 IPv6 over IPv6 tunnel GE1/0/1 GE1/0/1 Tunnel1 Tunnel2 Vlan-int100 Vlan-int100 3001::1:1/64 3001::1:2/64 2001:3::1/64 2001:1::1/64 IPv6 IPv6 Service loopback group 2 group 1 interface Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach...
  • Page 279 # Configure a static route destined for the IPv6 network group 2 through the tunnel interface. [SwitchA] ipv6 route-static 2001:3:: 64 tunnel 1 • Configure Switch B: # Add GigabitEthernet 1/0/1 to VLAN 100. <SwitchB> system-view [SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 [SwitchB-vlan100] quit # Specify an IPv6 address for VLAN-interface 100.
  • Page 280 56 bytes from 2001:3::1, icmp_seq=2 hlim=64 time=0.000 ms 56 bytes from 2001:3::1, icmp_seq=3 hlim=64 time=0.000 ms 56 bytes from 2001:3::1, icmp_seq=4 hlim=64 time=0.000 ms --- Ping6 statistics for 2001:3::1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/2.000/9.000/3.521 ms...

  • Page 281: Configuring Gre

    Configuring GRE Overview Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a protocol (such as IP, MPLS, or Ethernet) into a virtual point-to-point tunnel over a network (such as an IP network). Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end. The network layer protocol of the packets before encapsulation and after encapsulation can be the same or different.

  • Page 282: Gre Application Scenarios

    As shown in Figure 101, an IPv6 protocol packet traverses an IPv4 network through a GRE tunnel as follows: After receiving an IPv6 packet from the interface connected to IPv6 network 1, Device A processes the packet as follows: a. Looks up the routing table to identify the outgoing interface for the IPv6 packet. b.
  • Page 283 Enlarging network scope Figure 103 Network diagram Device A Device D GRE tunnel IP network IP network Device B Device C Host A Host B IP network In an IP network, the maximum TTL value of a packet is 255. If two devices have more than 255 hops in between, they cannot communicate with each other.

  • Page 284: Protocols And Standards

    • Allows IPsec to protect not only unicast packets. GRE supports encapsulating multicast, broadcast, and non-IP packets. After GRE encapsulation, these packets become common unicast packets, which can be protected by IPsec. • Simplifies IPsec configuration. Packets are first encapsulated by GRE. You can define the packets to be protected by IPsec according to the GRE tunnel's source and destination addresses, without considering the source and destination addresses of the original packets.

  • Page 285: Configuration Procedure

    Configuration procedure To configure a GRE/IPv4 tunnel: Step Command Remarks Enter system view. system-view By default, no tunnel interfaces exist. Create a GRE tunnel interface tunnel You must configure the same interface, and specify the interface-number mode gre tunnel mode on both ends of a tunnel mode as GRE/IPv4.

  • Page 286: Configuring A Gre/Ipv6 Tunnel

    Step Command Remarks (Optional.) Configure the device to discard IPv6 tunnel discard By default, the device does not packets with ipv4-compatible-packet discard such IPv6 packets. IPv4-compatible IPv6 addresses. Configuring a GRE/IPv6 tunnel Perform this task to configure a GRE tunnel on an IPv6 network. Configuration guidelines Follow these guidelines when you configure a GRE/IPv6 tunnel: •...

  • Page 287: Displaying And Maintaining Gre

    Step Command Remarks By default, no IPv4 or IPv6 For information about how to address is configured for a tunnel assign an IPv4 address to an interface. interface, see "Configuring IP Configure an IPv4 or IPv6 When the passenger protocol is addressing."...

  • Page 288: Gre Configuration Examples

    Task Command Remarks For more information about this command, see Layer 3—IP Services Command Reference. display ipv6 interface [ tunnel Display IPv6 information about tunnel interface. [ number ] ] [ brief ] Support for the display ipv6 interface tunnel command depends on the device model.
  • Page 289 [SwitchA-Tunnel1] source vlan-interface 101 # Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch B. [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] quit # Configure a static route from Switch A through the tunnel interface to Group 2. [SwitchA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1 Configure Switch B: # Create service loopback group 1, and configure the service type as tunnel.

  • Page 290: Configuring An Ipv4 Over Ipv6 Gre Tunnel

    Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Display tunnel interface information on Switch B.
  • Page 291 Figure 107 Network diagram GE1/0/2 GE1/0/2 Switch A Switch B Vlan-int101 Vlan-int101 2002::1:1/64 2001::2:1/64 IPv6 network GE1/0/3 GE1/0/3 GRE tunnel GE1/0/1 GE1/0/1 Vlan-int100 Vlan-int100 Tunnel1 10.1.1.1/24 Tunnel1 10.1.3.1/24 10.1.2.2/24 10.1.2.1/24 IPv4 IPv4 Service loopback Group 1 Group 2 interface Configuration procedure Before performing the following configuration, configure an IP address for each interface, and make sure Switch A and Switch B can reach each other.
  • Page 292 # Configure the source address of tunnel interface as the IPv6 address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel1] source 2001::2:1 # Configure the destination address of the tunnel interface as the IPv6 address of VLAN-interface 101 on Switch A. [SwitchB-Tunnel1] destination 2002::1:1 [SwitchB-Tunnel1] quit # Configure a static route from Switch B through the tunnel interface to Group 1.

  • Page 293: Troubleshooting Gre

    Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # From Switch B, ping the IP address of VLAN-interface 100 on Switch A.

  • Page 294: Solution

    Solution Execute the display ip routing-table command on Device A and Device C to view whether Device A has a route over tunnel 1 to 10.2.0.0/16 and whether Device C has a route over tunnel 1 to 10.1.0.0/16. If such a route does not exist, execute the ip route-static command in system view to add the route.

  • Page 295: Configuring Http Redirect

    Configuring HTTP redirect About HTTP redirect HTTP redirect is a method to redirect users' HTTP or HTTPS requests to a specific URL. It is used in the following features: • Redirect URL assignment in 802.1X authentication, MAC authentication, and port security. •...

  • Page 296: Associating An Ssl Server Policy With The Https Redirect Service

    Associating an SSL server policy with the HTTPS redirect service About associating an SSL server policy with the HTTPS redirect service To improve the security of HTTPS redirect, you can associate an SSL server policy with the HTTPS redirect service. For more information about the SSL server policy configuration, see SSL in Security Configuration Guide.

  • Page 297: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.

  • Page 298: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 299: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 300: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 301 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 302: Index

    Index DHCPv6 address pool VPN instance application, Numerics DHCPv6 address/prefix assignment, technology, DHCPv6 address/prefix lease renewal, 6to4 DHCPv6 client IPv6 address acquisition, relay configuration, DHCPv6 client IPv6 address+prefix acquisition, tunnel configuration, 246, 247 DHCPv6 client subnet advertisement, DHCPv6 IA, acquiring DHCPv6 IAID, BOOTP client dynamic IP address, DHCPv6 IPv6 address assignment,...
  • Page 303 DHCP IP address allocation sequence, assembling DHCPv6 dynamic address allocation, IPv6 local fragment reassembly, DHCPv6 dynamic prefix allocation, assigning DHCPv6 IPv6 address/prefix allocation DHCP address, sequence, DHCPv6 address/prefix, DHCPv6 static address allocation, DHCPv6 assignment (4 messages), DHCPv6 static prefix allocation, DHCPv6 IPv6 address, Anycast DHCPv6 IPv6 prefix,...
  • Page 304 DHCPv6 snooping packet blocking port, DHCPv6 IPv6 address acquisition, BOOTP DHCPv6 IPv6 address acquisition configuration, client configuration, 104, 105 DHCPv6 IPv6 address+prefix acquisition, client display, DHCPv6 IPv6 address+prefix acquisition client dynamic IP address acquisition, configuration, DHCP application, DHCPv6 IPv6 prefix acquisition, DHCP client IP address acquisition interface, DHCPv6 IPv6 prefix acquisition configuration, DHCP server BOOTP request ignore,...
  • Page 305 DHCP relay agent security features, DHCPv6 server IPv6 address+prefix policy assignment, DHCP relay agent server selection, DHCPv6 server IPv6 prefix assignment, DHCP server, 34, 36 DHCPv6 server network parameters (address DHCP server address pool, pool), DHCP server BOOTP request ignore, DHCPv6 server network parameters (option DHCP server BOOTP response format, group),...
  • Page 306 IPv6 address (global unicast)(prefix DHCP server address pool, application), customer IPv6 anycast address, ARP customer-side port, IPv6 basic settings, 153, 160, 181 IPv6 ND customer-side port, IPv6 DNS, customizing IPv6 DNS client, DHCP custom options, IPv6 DNS client domain name resolution DHCP options, (dynamic), 110, 117...
  • Page 307 DHCP server configuration, 34, 36, 56 IPv4/IPv6 GRE tunnel configuration, DHCP server IP address dynamic assignment, IPv4/IPv6 manual tunnel configuration, IPv6 DNS client configuration, DHCP server IP address static assignment, IPv6/IPv4 manual tunnel configuration, IPv6/IPv6 tunnel configuration, DHCP server option customization, ISATAP tunnel configuration, DHCP server packet DSCP value, stateless DHCPv6,...
  • Page 308 message format, server BOOTP request ignore, Option #, See also Option # server BOOTP response format, Option 121, server broadcast response, Option 150, server client offline detection, Option 184 (reserved), 31, 33 server compatibility configuration, Option 3;Option 003, server configuration, 34, 36, 56 Option 33;Option 033, server display,...
  • Page 309 DHCP-REQUEST message attack protection, relay agent maintain, DHCPv6 relay agent packet DSCP value, address allocation, relay agent server, address pool, relay agent source IPv6 address, address pool selection, server configuration, 189, 192, 202 address pool VPN instance application, server configuration on interface, address/prefix assignment, server display, address/prefix lease renewal,...
  • Page 310 DDNS, troubleshoot IPv4 DNS incorrect IP address, DHCP client, troubleshoot IPv6 DNS configuration, DHCP relay agent, troubleshoot IPv6 DNS incorrect IP address, DHCP server, trusted interface configuration, DHCP snooping, domain DHCPv6 client, DHCP client domain name suffix, DHCPv6 relay agent, name system.
  • Page 311 ARP logging, GRE configuration, 270, 277 common proxy ARP, GRE encapsulation format, DHCP, IPv4/IPv4 GRE tunnel configuration, DHCP client (on interface), IPv4/IPv6 GRE tunnel configuration, DHCP client duplicated address detection, IPv6/IPv4 tunneling configuration, DHCP Option 82 handling, tunneling configuration, DHCP relay agent (on interface), error DHCP relay agent client offline detection, IPPO ICMP error message sending,...
  • Page 312 IP conflict notification, packet learning, fast periodic packet send, ARP fast-reply configuration, 19, 19 GRE, 237, See also tunneling IPv6 fast forwarding configuration, application scenarios, fast forwarding configuration, 270, 277 aging time configuration, display, configuration, encapsulation format, display, GRE/IPv4 tunnel configuration, load sharing configuration, GRE/IPv6 tunnel configuration, maintain,...
  • Page 313 IPv6 ND router/prefix discovery, DDNS client policy application, IPv6 ND stateless address autoconfiguration, DDNS configuration, 122, 126 DDNS configuration (PeanutHull server), DDNS configuration (www.3322.org), DHCPv6 relay agent Interface-ID option DHCP address allocation, 28, 29 padding mode, DHCP address allocation sequence, IP address class Host ID, DHCP address assignment, IP address class Net ID,...
  • Page 314 DHCPv6 client subnet advertisement, IPv6 dynamic path MTU aging timer, DHCPv6 configuration, IPv6 global unicast address, DHCPv6 overview, IPv6 ICMPv6 destination unreachable message, DHCPv6 server configuration, 192, 202 IPv6 ICMPv6 error message rate limit, DHCPv6 server configuration on interface, IPv6 ICMPv6 message send, DHCPv6 server dynamic IPv6 address IPv6 ICMPv6 redirect message, assignment,...
  • Page 315 6to4 relay configuration, DHCP dynamic address assignment policy, 6to4 tunnel configuration, 246, 247 DHCP enable, adjacency table use, DHCP gateway+DHCP server's MAC address bind, ARP configuration, DHCP IP address allocation, ARP display, DHCP IP address conflict detection, ARP dynamic entry check enable, DHCP IP address lease extension, ARP dynamic entry max (device), DHCP message format,...
  • Page 316 DHCP server user class whitelist configuration, DHCPv6 relay agent configuration, 207, 214 DHCPv6 relay agent display, DHCP smart relay, DHCPv6 relay agent enable on interface, DHCP snooping basic configuration (VLAN), DHCPv6 relay agent entry recording, DHCPv6 relay agent Interface-ID option padding DHCP snooping configuration, 90, 92, 100 mode,...
  • Page 317 forwarding basic settings, IPv6 ICMPv6 redirect message, global DHCP snooping basic configuration, IPv6 ICMPv6 time exceeded message, IPv6 interface address assignment, gratuitous ARP configuration, 12, 13 IPv6 interface MTU, gratuitous ARP device MAC address change, IPv6 link-local address configuration, IPv6 local fragment reassembly, gratuitous ARP IP conflict notification, IPv6 max number NS message sent attempts, GRE application scenarios,...
  • Page 318 troubleshooting IPv6 DNS configuration, IP addressing IP unnumbered, troubleshooting IPv6 DNS incorrect IP IP addressing masking, address, IP addressing subnetting, troubleshooting tunnel cannot come up, IP services 6PE technology, troubleshooting tunneling configuration, IPv4/IPv4 GRE tunnel configuration, tunneling configuration, IPv4/IPv4 tunnel configuration, 255, 256 tunneling configuration display, IPv4/IPv4 tunneling implementation,...
  • Page 319 ICMPv6 message send, RA message parameter, ICMPv6 packet source address specification, RA message parameter configuration, RA message send enable, ICMPv6 redirect message, stateless address autoconfiguration, ICMPv6 time exceeded message, static path MTU configuration, interface address assignment, transition technologies, interface link-local address automatic troubleshoot address cannot be pinged, generation, troubleshoot basics configuration,...
  • Page 320 DHCPv6 client IPv6 address+prefix DHCP gateway+DHCP server's MAC address acquisition configuration, bind, DHCPv6 client IPv6 prefix acquisition gratuitous ARP configuration, configuration, gratuitous ARP packet learning, DHCPv6 snooping configuration, 226, 228, gratuitous ARP periodic packet send, IPv6 EUI-64 address-based interface identifiers, global DHCP snooping basic configuration, proxy ARP configuration, UDP helper broadcast >...
  • Page 321 IPPO ICMP error message sending, IPv4 DNS client domain name resolution (dynamic), 109, 114 IPv6 ICMPv6 error message rate limit, IPv4 DNS client domain name resolution (static), IPv6 ICMPv6 message send, 108, 113 IPv6 ND protocol, IPv6 DNS client domain name resolution proxy ARP configuration, (dynamic), 110, 117...
  • Page 322 BOOTP client IP address acquisition interface, DHCP smart relay, DHCP snooping basic configuration, client stateless DHCPv6 configuration, DHCP snooping basic configuration (common common proxy ARP configuration, network), DDNS client configuration, DHCP snooping basic configuration (VLAN), DDNS client policy, DHCP snooping basic configuration (VXLAN network), DDNS client policy application, DHCP snooping configuration,...
  • Page 323 DHCPv6 server dynamic IPv6 prefix IPPO ICMP error message rate limit, assignment, IPPO ICMP error message send, DHCPv6 server IPv6 address assignment, IPPO ICMP fragment forwarding disable, IPPO interface TCP MSS configuration, DHCPv6 server IPv6 address+prefix policy IPPO IPv4 local fragment reassembly, assignment, IPPO IPv4 packet MTU configuration, DHCPv6 server IPv6 prefix assignment,...
  • Page 324 IPv6 ND dynamic neighbor entries max DHCPv6 snooping configuration, 226, 228, 233 number, DNS configuration, 106, 108 IPv6 ND hop limit, fast forwarding configuration, IPv6 ND link-local entry minimization, gratuitous ARP configuration, IPv6 ND neighbor reachability detection, GRE configuration, 270, 277 IPv6 ND protocol, HTTP redirect, IPv6 ND protocol address resolution,...
  • Page 325 option GRE tunnel operation, DHCP field, IP addressing configuration, 22, 25 DHCP option customization, IP forwarding basic settings, DHCP server option customization, IP performance optimization, DHCPv6 relay agent Interface-ID option IPPO ICMP error message rate limit, padding, IPPO ICMP fragment forwarding disable, Option 121 (DHCP), IPPO ICMP packet source address, Option 150 (DHCP),...
  • Page 326 UDP helper broadcast > multicast conversion, DHCPv6 client IPv6 address+prefix acquisition, UDP helper broadcast > unicast conversion, DHCPv6 client IPv6 prefix acquisition, DHCPv6 dynamic prefix allocation, UDP helper configuration, DHCPv6 IPv6 address assignment, parameter DHCPv6 IPv6 address/prefix allocation sequence, DHCPv6 server network parameters (address pool), DHCPv6 IPv6 prefix assignment, DHCPv6 server network parameters (option...
  • Page 327 configuring DHCP client ID (on interface), configuring DHCP snooping packet blocking port, configuring DHCP dynamic address assignment policy, configuring DHCP snooping packet rate limit, configuring DHCP IP address conflict configuring DHCP user class whitelist, detection, configuring DHCP voice client Option 184 configuring DHCP relay address pool, parameters, configuring DHCP relay agent,...
  • Page 328 configuring gratuitous ARP, configuring IPv6 ND, configuring gratuitous ARP device MAC configuring IPv6 ND customer-side port, address change, configuring IPv6 ND dynamic neighbor entries configuring GRE/IPv4 tunnel, max number, configuring GRE/IPv6 tunnel, configuring IPv6 ND snooping, configuring IP addressing, configuring IPv6 ND stale state entry aging timer, configuring IP addressing IP unnumbered, configuring IPv6 ND static neighbor entry, configuring IPPO directed broadcast forward,...
  • Page 329 displaying IPv6 fast forwarding, enabling IPPO directed broadcast forward, displaying proxy ARP, enabling IPPO ICMP error message send, displaying tunneling configuration, enabling IPPO IPv4 local fragment reassembly, displaying UDP helper, enabling IPPO SYN cookie, enabling ARP dynamic entry check, enabling IPv6 ICMPv6 destination unreachable enabling ARP logging, message send, enabling common proxy ARP,...
  • Page 330 specifying DHCP address pool primary DHCP relay agent starvation attack protection, subnet+multiple address range, DHCP relay agent starvation flood protection, specifying DHCP address pool primary DHCP snooping disable (interface), subnet+multiple secondary subnets, DHCP snooping starvation attack protection, specifying DHCP client auto-configuration file, DHCP-REQUEST message attack protection, protocols and standards specifying DHCP client BIMS server...
  • Page 331 DHCP operation, DNS static domain name resolution, DHCP Option 82, 31, 33 IPv4 DNS client domain name resolution (dynamic), 109, 114 DHCP Option 82 configuration, IPv4 DNS client domain name resolution (static), DHCP Option 82 support, 108, 113 DHCP overview, IPv4 DNS configuration, DHCP relay address pool configuration, IPv6 DNS client domain name resolution...
  • Page 332 IPPO directed broadcast forward, DHCP snooping disable (interface), IPPO directed broadcast forward DHCP snooping entry auto backup, configuration, DHCP snooping packet blocking port, IPPO ICMP error message send, DHCP snooping packet rate limit, IPPO ICMP fragment forwarding disable, DHCP snooping starvation attack protection, IPPO interface TCP MSS configuration, DHCP-REQUEST message attack protection, IPPO IPv4 packet MTU configuration,...
  • Page 333 DHCP server subnet configuration, DHCP snooping disable (interface), DHCP server user class configuration, DHCP snooping entry auto backup, DHCP server user class whitelist configuration, DHCP snooping entry max, DHCP snooping Option 82 configuration, DHCP voice client Option 184 parameters, DHCP snooping Option 82 support, DHCPv6 address pool, DHCP snooping packet blocking port, DHCPv6 configuration,...
  • Page 334 IPPO ICMP packet source address, IPPO interface TCP MSS configuration, IPv6 ICMPv6 packet source address, IPPO SYN cookie, IPv6 interface link-local address manually, IPPO TCP path MTU discovery, IPPO TCP timer configuration, TCP/IP associating SSL server policy with HTTPS DDNS client configuration, redirect, DDNS configuration, 122, 126...
  • Page 335 6to4 tunnel configuration, 246, 247 UDP helper broadcast > unicast conversion, 148, configuration, unnumbered configuration display, IP addressing IP unnumbered configuration, configuration maintain, untrusted DHCP relay agent requests from VXLAN tunnels, DHCP snooping untrusted port, GRE configuration, 270, 277 DHCPv6 snooping port, GRE encapsulation format, user User Datagram Protocol.
  • Page 336 DHCP snooping basic configuration (VXLAN network), whitelisting DHCP server user class whitelist configuration, DHCP user class whitelist, Windows BOOTP client configuration, 104, 105 DHCP client configuration, 85, 87 DHCP client WINS server, Internet Naming Service. Use WINS...

Table of Contents