H3C S5820X Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. s5820x series
  6. Configuration manual

H3C S5820X Series Configuration Manual

Layer 3 - ip services
Hide thumbs Also See for S5820X Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Configuration Manual
H3C S5820X&S5800 Series Ethernet Switches
Layer 3 - IP Services
Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W103-20100716
Product Version: Release 1110

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5820X Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S5820X Series

Summary of Contents for H3C S5820X Series

  • Page 1 H3C S5820X&S5800 Series Ethernet Switches Layer 3 - IP Services Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 6W103-20100716 Product Version: Release 1110...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
  • Page 3 Preface The H3C S5800&S5820X documentation set includes 11 configuration guides, which describe the software features for the S5800&S5820X Series Ethernet Switches and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Means reader be careful. Improper operation may cause data loss or damage to equipment. Means a complementary description. About the H3C S5800&S5820X Documentation Set The H3C S5800&S5820X documentation set also includes: Category Documents Purposes Marketing brochures Describe product specifications and benefits.
  • Page 5 Interface Cards User available for the products. Manual Describes the benefits, features, hardware H3C OAP Cards User specifications, installation, and removal of the OAP Manual cards available for the products. H3C Low End Series...
  • Page 6 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 7: Table Of Contents

    Table of Contents 1 ARP Configuration·····································································································································1-1 ARP Overview·········································································································································1-1 ARP Function ··································································································································1-1 ARP Message Format ·····················································································································1-1 ARP Operation ································································································································1-2 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-4 Configuring a Static ARP Entry ·······································································································1-4 Configuring the Maximum Number of Dynamic ARP Entries for an Interface ································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-5 Enabling the ARP Entry Check ·······································································································1-5 Configuration Gratuitous ARP·················································································································1-6...
  • Page 8 IP Addressing Configuration Example·····························································································4-4 Displaying and Maintaining IP Addressing ·····························································································4-6 5 DHCP Overview··········································································································································5-1 Introduction to DHCP ······························································································································5-1 DHCP Address Allocation ·······················································································································5-1 Allocation Mechanisms····················································································································5-1 Dynamic IP Address Allocation Process ·························································································5-2 IP Address Lease Extension ···········································································································5-3 DHCP Message Format ··························································································································5-3 DHCP Options·········································································································································5-4 DHCP Options Overview ·················································································································5-4 Introduction to DHCP Options ·········································································································5-4 Self-Defined Options ·······················································································································5-5...
  • Page 9 Dynamic IP Address Assignment Configuration Example ····························································6-19 Self-Defined Option Configuration Example··················································································6-21 Troubleshooting DHCP Server Configuration·······················································································6-22 7 DHCP Relay Agent Configuration ············································································································7-1 Introduction to DHCP Relay Agent ·········································································································7-1 Application Environment··················································································································7-1 Fundamentals··································································································································7-1 DHCP Relay Agent Support for Option 82 ······················································································7-2 DHCP Relay Agent Configuration Task List ···························································································7-3 Configuring the DHCP Relay Agent········································································································7-4 Enabling DHCP ·······························································································································7-4 Enabling the DHCP Relay Agent on an Interface ···········································································7-4...
  • Page 10 Protocols and Standards ···············································································································10-2 Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP ·······························10-2 Displaying and Maintaining BOOTP Client Configuration·····································································10-3 BOOTP Client Configuration Example··································································································10-3 11 IPv4 DNS Configuration ························································································································11-1 DNS Overview·······································································································································11-1 Static Domain Name Resolution ···································································································11-1 Dynamic Domain Name Resolution ······························································································11-1 DNS Proxy·····································································································································11-3 Configuring the IPv4 DNS Client···········································································································11-4 Configuring Static Domain Name Resolution················································································11-4...
  • Page 11 Displaying and Maintaining UDP Helper·······························································································14-2 UDP Helper Configuration Examples····································································································14-3 UDP Helper Configuration Example······························································································14-3 15 IPv6 Basics Configuration ····················································································································15-1 IPv6 Overview ·······································································································································15-1 IPv6 Features ································································································································15-1 IPv6 Addresses ·····························································································································15-3 IPv6 Neighbor Discovery Protocol·································································································15-6 IPv6 PMTU Discovery ···················································································································15-9 IPv6 Transition Technologies ······································································································15-10 Protocols and Standards ·············································································································15-10 IPv6 Basics Configuration Task List ···································································································15-11 Configuring Basic IPv6 Functions ·······································································································15-11 Enabling IPv6 ······························································································································15-11...
  • Page 12 Displaying and Maintaining DHCPv6 ····································································································16-6 DHCPv6 Configuration Examples·········································································································16-7 Stateless DHCPv6 Configuration Example ···················································································16-7 DHCPv6 Relay Agent Configuration Example ··············································································16-8 17 Tunneling Configuration·······················································································································17-1 Tunneling Overview ······························································································································17-1 Introduction to the Tunneling Technology ·····················································································17-1 Introduction to IPv4/IPv6 Transition Tunnels ················································································17-2 IPv6 over IPv4 Tunnel ···················································································································17-2 IPv4 over IPv4 Tunnel ···················································································································17-5 IPv4/IPv6 over IPv6 Tunnel···········································································································17-6 GRE tunnel ····································································································································17-7...
  • Page 13 Configuration Example ················································································································17-39 Configuring a GRE over IPv6 Tunnel··································································································17-41 Configuration Prerequisites ·········································································································17-41 Configuration Procedure··············································································································17-41 Configuration Example ················································································································17-42 Displaying and Maintaining Tunneling Configuration··········································································17-45 Troubleshooting Tunneling Configuration ···························································································17-45 18 Index ·······················································································································································18-1...

  • Page 14: Arp Configuration

    ARP Configuration This chapter includes these sections: ARP Overview Configuring ARP Displaying and Maintaining ARP ARP Configuration Example ARP Overview ARP Function The Address Resolution Protocol (ARP) is used to resolve an IP address into a physical address (Ethernet MAC address, for example). In an Ethernet LAN, when a device sends data to another device, it uses ARP to translate the IP address of that device to the corresponding MAC address.

  • Page 15: Arp Operation

    Sender hardware address: This field specifies the hardware address of the device sending the message. Sender protocol address: This field specifies the protocol address of the device sending the message. Target hardware address: This field specifies the hardware address of the device the message is being sent to.

  • Page 16: Arp Table

    ARP request, in which the target IP address is the IP address of Host B. After obtaining the MAC address of Host B, the gateway sends the packet to Host B. ARP Table After obtaining the MAC address of a host, the device puts the IP-to-MAC mapping into its own ARP table.

  • Page 17: Configuring Arp

    Configuring ARP Configuring a Static ARP Entry A static ARP entry is effective when the device is working normally. However, when the VLAN or VLAN interface to which a static ARP entry corresponds is deleted, the entry, if long, will be deleted, and if short and resolved, will become unresolved.

  • Page 18: Setting The Aging Time For Dynamic Arp Entries

    Ethernet switches interface can learn 8192 by default for S5820X series Ethernet switches Setting the Aging Time for Dynamic ARP Entries To keep pace with the network changes, the ARP table is refreshed. Each dynamic ARP entry in the ARP table has an aging time rather than is always valid.

  • Page 19: Configuration Gratuitous Arp

    Configuration Gratuitous ARP Introduction to Gratuitous ARP In a gratuitous ARP packet, the sender IP address and the target IP address are both the IP address of the device issuing the packet, the sender MAC address is the MAC address of the device, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.

  • Page 20: Configuring Gratuitous Arp

    address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the interface on the master router. For more information about VRRP, see VRRP Configuration in the High Availability Configuration Guide.

  • Page 21: Displaying And Maintaining Arp

    Displaying and Maintaining ARP To do… Use the command… Remarks display arp [ [ all | dynamic | static ] [ slot slot-number ] | vlan vlan-id | interface interface-type Display ARP entries in the ARP table Available in any view interface-number ] [ [ verbose ] [ | { begin | exclude | include } regular-expression ] | count ]...
  • Page 22 Figure 1-3 Network diagram for configuring static ARP entries Configuration procedure Configure the Switch # Create VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit # Add interface GigabitEthernet 1/0/1 to VLAN 10. [Switch] interface GigabitEthernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk permit vlan 10 [Switch-GigabitEthernet1/0/1] quit # Create interface VLAN-interace 10 and configure its IP address.

  • Page 23: Proxy Arp Configuration

    Proxy ARP Configuration This chapter includes these sections: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP Proxy ARP Overview A host may send an ARP request for the MAC address of another host that is isolated from the sending host at Layer 2.

  • Page 24: Local Proxy Arp

    Because Host A considers that Host B is on the same network, it broadcasts an ARP request for the MAC address of Host B. Host B, however, cannot receive this request because it locates in a different broadcast domain. You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP request from Host A with the MAC address of Vlan-interface1, and forward packets sent from Host A to Host B.

  • Page 25: Displaying And Maintaining Proxy Arp

    To do… Use the command… Remarks Required Enable proxy ARP proxy-arp enable Disabled by default. Follow these steps to enable local proxy ARP in VLAN interface view: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view —...

  • Page 26: Local Proxy Arp Configuration Example In Case Of Port Isolation

    Figure 2-3 Network diagram for proxy ARP Configuration procedure # Create VLAN 2. <Switch> system-view [Switch] vlan 2 [Switch-vlan2] quit # Specify the IP address of interface VLAN-interface 1. [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 # Enable proxy ARP on interface VLAN-interface 1. [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit # Specify the IP address of interface VLAN-interface 2.
  • Page 27 Figure 2-4 Network diagram for local proxy ARP between isolated ports Configuration procedure Configure Switch B # Add GigabitEthernet1/0/3, GigabitEthernet1/0/1 and GigabitEthernet1/0/2 to VLAN 2. Configure port isolation on Host A and Host B. <SwitchB> system-view [SwitchB] vlan 2 [SwitchB-vlan2] port gigabitethernet 1/0/1 [SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] port gigabitethernet 1/0/3 [SwitchB-vlan2] quit...

  • Page 28: Local Proxy Arp Configuration Example In Isolate-User-Vlan

    Local Proxy ARP Configuration Example in Isolate-User-VLAN Network requirements As shown in Figure 2-5, Switch B is attached to Switch A. VLAN 5 on Switch B is an isolate-user-VLAN, which includes uplink port GigabitEthernet1/0/1 and two secondary VLANs, VLAN 2 and VLAN 3. GigabitEthernet1/0/2 belongs to VLAN 2, and GigabitEthernet1/0/3 belongs to VLAN 3.
  • Page 29 [SwitchA-vlan5] quit [SwtichA-vlan5] interface vlan-interface 5 [SwtichA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to implement Layer 3 communication between VLAN 2 and VLAN 3. [SwtichA-Vlan-interface5] local-proxy-arp enable The ping operation from Host A to Host B succeeds with the above configuration.

  • Page 30: Arp Snooping Configuration

    ARP Snooping Configuration This chapter includes these sections: ARP Snooping Overview Configuring ARP Snooping Displaying and Maintaining ARP Snooping ARP Snooping Overview Introduction ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries using ARP packets, and the entries can be used by manual-mode MFF to answer ARP requests from a gateway.

  • Page 31: Displaying And Maintaining Arp Snooping

    Displaying and Maintaining ARP Snooping To do… Use the command… Remarks display arp-snooping [ ip ip-address | Display ARP snooping entries Available in any view vlan vlan-id ] reset arp-snooping [ ip ip-address | vlan Remove ARP snooping entries Available in user view vlan-id ]...

  • Page 32: Ip Addressing Configuration

    IP Addressing Configuration This chapter includes these sections: IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP Addressing Overview This section covers these topics: IP Address Classes Special IP Addresses IP Address Classes On an IP network, a 32-bit IP address is used to identify a host. In general, IP addresses are written in dotted decimal notation, for example, 10.1.1.1.

  • Page 33: Special Ip Addresses

    Table 4-1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test. Packets destined for these addresses are processed locally as input packets rather than sent to the link.

  • Page 34: Configuring Ip Addresses

    Figure 4-2 Subnet a Class B network Subnetting is a tradeoff between subnets and accommodated hosts. For example, a Class B network has 65,534 (2 – 2) addresses before being subnetted. After you break it down into 512 (2 ) subnets by using the first 9 bits of the host ID, you have only 7 bits for the host ID and thus have only 126 (2 –...

  • Page 35: Ip Addressing Configuration Example

    To do… Use the command… Remarks interface interface-type Enter interface view –– interface-number Required Assign an IP address to the ip address ip-address { mask | interface mask-length } [ sub ] No IP address is assigned by default. An interface can have only one primary IP address. A newly configured primary IP address overwrites the previous one.
  • Page 36 Figure 4-3 Network diagram for IP addressing configuration Configuration procedure # Assign a primary IP address and a secondary IP address to VLAN-interface 1. <Switch> system-view [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0 [Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub # Set the gateway address to 172.16.1.1 on the PCs attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to subnet 172.16.2.0/24.

  • Page 37: Displaying And Maintaining Ip Addressing

    Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/25/26 ms The output information shows that the switch can communicate with the hosts on subnet 172.16.2.0/24.

  • Page 38: Dhcp Overview

    DHCP Overview Introduction to DHCP The fast expansion and growing complexity of networks have resulted in scarce IP addresses assignable to hosts. Meanwhile, as many people need to take their laptops across networks, the IP addresses need to be changed accordingly. Therefore, related configurations on hosts become more complex.

  • Page 39: Dynamic Ip Address Allocation Process

    Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease. Most DHCP clients obtain their addresses in this way. Dynamic IP Address Allocation Process Figure 5-2 Dynamic IP address allocation process As shown in Figure 5-2, a DHCP client obtains an IP address from a DHCP server via four steps:...

  • Page 40: Ip Address Lease Extension

    IP Address Lease Extension The IP address dynamically allocated by a DHCP server to a client has a lease. When the lease expires, the IP address is reclaimed by the DHCP server. If the client wants to use the IP address longer, it has to extend the lease duration.

  • Page 41: Dhcp Options

    giaddr: IP address of the first relay agent a request message traveled. chaddr: Client hardware address. sname: Server host name, from which the client obtained configuration parameters. file: Bootfile name and path information, defined by the server to the client. options: Optional parameters field that is variable in length, which includes the message type, lease, domain name server IP address, and WINS IP address.

  • Page 42: Self-Defined Options

    Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table. If Option 121 exists, Option 33 is ignored. For more information about DHCP options, refer to RFC 2132. Self-Defined Options Some options, such as Option 43, have no unified definitions in RFC 2132.
  • Page 43 Figure 5-6 Format of the value field of the ACS parameter sub-option The value field of the service provider identifier sub-option contains the service provider identifier. Figure 5-7 shows the format of the value field of the PXE server address sub-option. Currently, the value of the PXE server type can only be 0.
  • Page 44 Figure 5-8 Sub-option 1 in normal padding format Sub-option 2: Padded with the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client’s request. The following figure gives its format. The value of the sub-option type is 2, and that of the remote ID type is 0. Figure 5-9 Sub-option 2 in normal padding format Verbose padding format The padding contents for sub-options in the verbose padding format are as follows:...

  • Page 45: Protocols And Standards

    Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads. Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.

  • Page 46: Dhcp Server Configuration

    DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: Introduction to DHCP Server DHCP Server Configuration Task List Configuring an Address Pool for the DHCP Server Enabling DHCP Enabling the DHCP Server on an Interface Applying an Extended Address Pool on an Interface Configuring the DHCP Server Security Functions Configuring the Handling Mode for Option 82...

  • Page 47: Dhcp Address Pool

    In addition to assigning IP addresses to DHCP clients on public networks, a multi-VPN-instance customer edge (MCE) device serving as the DHCP server can also assign IP addresses to DHCP clients on private networks. Note that the IP address ranges of public and private networks or those of private networks on the DHCP server cannot overlap each other.

  • Page 48: Ip Address Allocation Sequence

    address to the client. For the configuration of this address pool, refer to section Configuring manual address allocation. If the receiving interface has an extended address pool referenced, the DHCP server will assign an IP address from this address pool. If no IP address is available in the address pool, the DHCP server will fail to assign an address to the client.

  • Page 49: Dhcp Server Configuration Task List

    DHCP Server Configuration Task List Complete the following tasks to configure the DHCP server: Task Remarks Configuring an Address Pool for the DHCP Server Required Enabling DHCP Required Enabling the DHCP Server on an Interface Required Required by the extended address pool configuration Applying an Extended Address Pool on an Interface When configuring a common address...

  • Page 50: Creating A Dhcp Address Pool

    Creating a DHCP Address Pool When creating a DHCP address pool, specify it as a common address pool or an extended address pool. Follow these steps to create a DHCP address pool: To do… Use the command… Remarks Enter system view system-view —...
  • Page 51 To do… Use the command… Remarks Enter system view system-view — Enter common address pool view dhcp server ip-pool pool-name — Required static-bind ip-address ip-address Specify the IP address of the binding No IP addresses are statically [ mask-length | mask mask ] bound by default.

  • Page 52: Configuring Dynamic Address Allocation For An Extended Address Pool

    Follow these steps to configure dynamic address allocation for a common address pool: To do… Use the command… Remarks Enter system view system-view — Enter common address pool view dhcp server ip-pool pool-name — Required network network-address Specify an IP address range [ mask-length | mask mask ] Not specified by default.

  • Page 53: Configuring A Domain Name Suffix For The Client

    To do… Use the command… Remarks Enter extended address pool dhcp server ip-pool pool-name — view extended Required network ip range min-address Specify the IP address range max-address Not specified by default. Required Specify the IP address mask network mask mask Not specified by default.

  • Page 54: Configuring Dns Servers For The Client

    Configuring DNS Servers for the Client When a DHCP client wants to access a host on the Internet via the host name, it contacts a Domain Name System (DNS) server holding host name-to-IP address mappings to get the host IP address. You can specify up to eight DNS servers in the DHCP address pool.

  • Page 55: Configuring The Bims Server Information For The Client

    To do… Use the command… Remarks Required netbios-type { b-node | Specify the NetBIOS node type h-node | m-node | p-node } Not specified by default. If b-node is specified for the client, you do not need to specify any WINS server address. Configuring the BIMS Server Information for the Client A DHCP client performs regular software update and backup by using configuration files obtained from a branch intelligent management system (BIMS) server.

  • Page 56: Configuring Option 184 Parameters For The Client With Voice Service

    Configuring Option 184 Parameters for the Client with Voice Service To assign voice calling parameters along with an IP address to DHCP clients with voice service, you need to configure Option 184 on the DHCP server. If Option 55 in the request from a DHCP client contains Option 184, the DHCP server will return parameters specified in Option 184 to the client.

  • Page 57: Configuring Self-Defined Dhcp Options

    After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization. If the client cannot get such parameters, it will perform system initialization without loading any configuration file. To implement auto-configuration, you need to specify the IP address or name of a TFTP server and the bootfile name in the DHCP address pool on the DHCP server, but you do not need to perform any configuration on the DHCP client.

  • Page 58: Enabling Dhcp

    To do… Use the command… Remarks Required option code { ascii ascii-string | Configure a self-defined DHCP hex hex-string&<1-16> | No DHCP option is configured by option ip-address ip-address&<1-8> } default. Table 6-1 Description of common options Option Option name Corresponding command Command parameter Router Option...

  • Page 59: Enabling The Dhcp Server On An Interface

    Enabling the DHCP Server on an Interface With the DHCP server enabled on an interface, upon receiving a client’s request, the DHCP server will assign an IP address from its address pool to the DHCP client. Follow these steps to enable the DHCP server on an interface: To do…...

  • Page 60: Configuring The Dhcp Server Security Functions

    To do… Use the command… Remarks Optional By default, the DHCP server has no Apply an extended address pool dhcp server apply ip-pool extended address pool applied on its on the interface pool-name interface, and assigns an IP address from a common address pool to a requesting client.

  • Page 61: Configuring Ip Address Conflict Detection

    With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server. The administrator needs to find unauthorized DHCP servers from the log information. Configuring IP Address Conflict Detection To avoid IP address conflicts, the DHCP server checks whether the address to be assigned is in use by sending ping packets.

  • Page 62: Displaying And Maintaining The Dhcp Server

    Configuring the handling mode for Option 82 Follow these steps to enable the DHCP server to handle Option 82: To do… Use the command… Remarks Enter system view system-view — Optional Enable the server to handle Option dhcp server relay information enable Enabled by default.

  • Page 63: Dhcp Server Configuration Examples

    To do… Use the command… Remarks Clear information about DHCP server Available in user view reset dhcp server statistics statistics Using the save command does not save DHCP server lease information. Therefore, when the system boots up or the reset dhcp server ip-in-use command is executed, no lease information will be available in the configuration file.

  • Page 64: Dynamic Ip Address Assignment Configuration Example

    <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit Configure the DHCP server # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server global-pool [SwitchA-Vlan-interface2] quit # Create DHCP address pool 0, configure a static binding, DNS server and gateway in it.
  • Page 65 The domain name and DNS server address on subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and DNS server address can be configured only for subnet 10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 should be less than 124.

  • Page 66: Self-Defined Option Configuration Example

    [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] domain-name aabbcc.com [SwitchA-dhcp-pool-0] dns-list 10.1.1.2 [SwitchA-dhcp-pool-0] quit # Configure DHCP address pool 1 (address range, gateway, lease duration, and WINS server). [SwitchA] dhcp server ip-pool 1 [SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128 [SwitchA-dhcp-pool-1] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-1] expired day 10 hour 12 [SwitchA-dhcp-pool-1] nbns-list 10.1.1.4...

  • Page 67: Troubleshooting Dhcp Server Configuration

    <SwitchA> system-view [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server global-pool [SwitchA-Vlan-interface2] quit # Configure DHCP address pool 0. [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] option 43 hex 80 0B 00 00 02 01 02 03 04 02 02 02 02 Verification After the preceding configuration is complete, Switch B can obtain its IP address on 10.1.1.0/24 and...

  • Page 68: Dhcp Relay Agent Configuration

    DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent DHCP Relay Agent Configuration Task List Configuring the DHCP Relay Agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Examples Troubleshooting DHCP Relay Agent Configuration Introduction to DHCP Relay Agent...

  • Page 69: Dhcp Relay Agent Support For Option 82

    Figure 7-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way.

  • Page 70: Dhcp Relay Agent Configuration Task List

    If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.

  • Page 71: Configuring The Dhcp Relay Agent

    Configuring the DHCP Relay Agent Enabling DHCP Enable DHCP before performing other DHCP-related configurations. Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view system-view — Required Enable DHCP dhcp enable Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.

  • Page 72: Configuring The Dhcp Relay Agent Security Functions

    To do… Use the command… Remarks Enter system view system-view — Required Create a DHCP server group and dhcp relay server-group group-id ip add a server into the group ip-address Not created by default. interface interface-type Enter interface view — interface-number Required Correlate the DHCP server group...
  • Page 73 To do… Use the command… Remarks Enter system view system-view — dhcp relay security static Optional ip-address mac-address Create a static binding No static binding is created by [ interface interface-type default. interface-number ] interface interface-type Enter interface view — interface-number Required dhcp relay address-check...

  • Page 74: Configuring The Dhcp Relay Agent To Send A Dhcp-Release Request

    To do… Use the command… Remarks Optional Enable periodic refresh of dhcp relay security refresh dynamic client entries enable Enabled by default. Optional dhcp relay security tracker auto by default. (auto interval is calculated Configure the refresh interval { interval | auto } by the relay agent according to the number of client entries.) Enabling the detection of unauthorized DHCP servers...

  • Page 75: Configuring The Dhcp Relay Agent To Support Option 82

    To do… Use the command… Remarks Configure the DHCP relay agent to send a dhcp relay release ip client-ip Required DHCP-RELEASE request Configuring the DHCP Relay Agent to Support Option 82 Prerequisites You need to complete the following tasks before configuring the DHCP relay agent to support Option Enabling DHCP Enabling the DHCP relay agent on the specified interface Correlating a DHCP server group with relay agent interfaces...

  • Page 76: Displaying And Maintaining Dhcp Relay Agent Configuration

    To do… Use the command… Remarks Optional By default, the code type is Configure the code dhcp relay information hex. type for the remote remote-id format-type { ascii This code type configuration ID sub-option | hex } applies to non-user-defined Option 82 only.

  • Page 77: Dhcp Relay Agent Configuration Examples

    To do… Use the command… Remarks Display information about bindings of display dhcp relay security Available in any view DHCP relay agents [ ip-address | dynamic | static ] Display statistics information about display dhcp relay security Available in any view bindings of DHCP relay agents statistics Display information about the refreshing...

  • Page 78: Dhcp Relay Agent Option 82 Support Configuration Example

    # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Add DHCP server 10.1.1.1 into DHCP server group 1. [SwitchA] dhcp relay server-group 1 ip 10.1.1.1 # Enable the DHCP relay agent on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] dhcp select relay # Correlate VLAN-interface 1 to DHCP server group 1.

  • Page 79: Troubleshooting Dhcp Relay Agent Configuration

    [SwitchA-Vlan-interface1] dhcp select relay # Correlate VLAN-interface 1 to DHCP server group 1. [SwitchA-Vlan-interface1] dhcp relay server-select 1 # Enable the DHCP relay agent to support Option 82, and perform Option 82-related configurations. [SwitchA-Vlan-interface1] dhcp relay information enable [SwitchA-Vlan-interface1] dhcp relay information strategy replace [SwitchA-Vlan-interface1] dhcp relay information circuit-id string company001 [SwitchA-Vlan-interface1] dhcp relay information remote-id string device001 You need to perform corresponding configurations on the DHCP server to make the Option 82...

  • Page 80: Dhcp Client Configuration

    DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface Displaying and Maintaining the DHCP Client DHCP Client Configuration Example When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.

  • Page 81: Displaying And Maintaining The Dhcp Client

    An interface can be configured to acquire an IP address in multiple ways, but these ways are mutually exclusive. The latest configuration will overwrite the previous one. After the DHCP client is enabled on an interface, no secondary IP address can be configured for the interface.
  • Page 82 Figure 8-1 Network diagram for DHCP client configuration example Configuration procedure Configure Switch A # Specify the IP address of VLAN-interface 2. <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 24 [SwitchA-Vlan-interface2] quit # Enable the DHCP service. [SwitchA] dhcp enable # Exclude an IP address from automatic allocation.
  • Page 83 Destination: 20.1.1.0, Mask: 255.255.255.0, NextHop: 10.1.1.2 DNS server: 20.1.1.1 Client ID: 3030-3066-2e65-3230- 302e-3030-3032-2d45- 7468-6572-6e65-7430- 2f30 T1 will timeout in 4 days 23 hours 59 minutes 50 seconds. # Use the display ip routing-table command to view the route information on Switch B. A static route to network 20.1.1.0/24 is added to the routing table.

  • Page 84: Dhcp Snooping Configuration

    DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 Displaying and Maintaining DHCP Snooping DHCP Snooping Configuration Examples The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.

  • Page 85: Application Environment Of Trusted Ports

    clients, ports that connect to DHCP clients, and VLANs to which the ports belong. With DHCP snooping entries, DHCP snooping can implement the following: ARP detection: Whether ARP packets are sent from an authorized client is determined based on DHCP snooping entries. This feature prevents ARP attacks from unauthorized clients. For details, see ARP Attack Protection Configuration in the Security Configuration Guide.
  • Page 86 Figure 9-2 Configure trusted ports in a cascaded network Table 9-1 describes roles of the ports shown in Figure 9-2. Table 9-1 Roles of ports Trusted port disabled from Trusted port enabled to Device Untrusted port recording binding entries record binding entries Switch A GigabitEthernet 1/0/1 GigabitEthernet 1/0/3...

  • Page 87: Configuring Dhcp Snooping Basic Functions

    If a client’s Handling requesting message Padding format The DHCP snooping device will… strategy has… Drop — Drop the message. Forward the message without changing Option Keep Random Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.

  • Page 88: Configuring Dhcp Snooping To Support Option 82

    To do… Use the command… Remarks interface interface-type Enter Ethernet interface view — interface-number Required dhcp-snooping trust Specify the port as trusted [ no-user-binding ] Untrusted by default. You need to specify the ports connected to the authorized DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses.
  • Page 89 To do… Use the command… Remarks Configure the handling strategy for Optional dhcp-snooping information strategy requesting messages containing Option { drop | keep | replace } replace by default. dhcp-snooping information format Configure the Optional { normal | verbose [ node-identifier padding format for { mac | sysname | user-defined normal by default.

  • Page 90: Displaying And Maintaining Dhcp Snooping

    You can enable DHCP snooping to support Option 82 on Layer 2 Ethernet interfaces and Layer 2 aggregation interfaces only. If a Layer 2 Ethernet interface is added to an aggregation group, enabling DHCP snooping to support Option 82 on the interface will not take effect. After the interface quits the aggregation group, the configuration will be effective.

  • Page 91: Dhcp Snooping Configuration Examples

    DHCP Snooping Configuration Examples DHCP Snooping Configuration Example Network requirements As shown in Figure 9-3, Switch B is connected to a DHCP server through GigabitEthernet 1/0/1, and to two DHCP clients through GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. GigabitEthernet 1/0/1 forwards DHCP server responses while the other two do not. Switch B records clients’...
  • Page 92 [SwitchB] dhcp-snooping # Specify GigabitEthernet 1/0/1 as trusted. [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 to support Option 82. [SwitchB] interface GigabitEthernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information enable [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information strategy replace [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information circuit-id string company001 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information remote-id string device001 [SwitchB-GigabitEthernet1/0/2] quit # Configure GigabitEthernet 1/3 to support Option 82.

  • Page 93: Bootp Client Configuration

    BOOTP Client Configuration While configuring a BOOTP client, go to these sections for information you are interested in: Introduction to BOOTP Client Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP Displaying and Maintaining BOOTP Client Configuration If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.

  • Page 94: Obtaining An Ip Address Dynamically

    Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition. A BOOTP client dynamically obtains an IP address from a BOOTP server in the following steps: The BOOTP client broadcasts a BOOTP request, which contains its own MAC address. The BOOTP server receives the request and searches the configuration file for the corresponding IP address and other information according to the MAC address of the BOOTP client.

  • Page 95: Displaying And Maintaining Bootp Client Configuration

    Displaying and Maintaining BOOTP Client Configuration To do… Use the command… Remarks display bootp client [ interface Display BOOTP client information Available in any view interface-type interface-number ] BOOTP Client Configuration Example Network requirement As shown in Figure 6-2. Switch B’s port belonging to VLAN 1 is connected to the LAN. VLAN-interface 1 obtains an IP address from the DHCP server by using BOOTP.

  • Page 96: Ipv4 Dns Configuration

    IPv4 DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring the IPv4 DNS Client Configuring the DNS Proxy Displaying and Maintaining IPv4 DNS IPv4 DNS Configuration Examples Troubleshooting IPv4 DNS Configuration DNS Overview The Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses.
  • Page 97 Figure 11-1 Dynamic domain name resolution Figure 11-1 shows the relationship between the user program, DNS client, and DNS server. The resolver and cache comprise the DNS client. The user program and DNS client can run on the same device or on different devices. The DNS server and the DNS client usually run on different devices.

  • Page 98: Dns Proxy

    DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 11-2, a DNS client sends a DNS request to the DNS proxy, which forwards the request to the designated DNS server, and conveys the reply from the DNS server to the client.

  • Page 99: Configuring The Ipv4 Dns Client

    Configuring the IPv4 DNS Client Configuring Static Domain Name Resolution Configuring static domain name resolution refers to specifying the mappings between host names and IPv4 addresses. Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses. Follow these steps to configure static domain name resolution: To do…...

  • Page 100: Configuring The Dns Proxy

    You can configure up to six DNS servers, including those with IPv6 addresses. You can specify up to ten DNS suffixes. Configuring the DNS Proxy Follow these steps to configure the DNS proxy: To do… Use the command… Remarks Enter system view system-view —...

  • Page 101: Dynamic Domain Name Resolution Configuration Example

    Figure 11-3 Network diagram for static domain name resolution Configuration procedure # Configure a mapping between host name host.com and IP address 10.1.1.2. <Sysname> system-view [Sysname] ip host host.com 10.1.1.2 # Use the ping host.com command to verify that the Switch can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2.
  • Page 102 Configuration procedure Before performing the following configuration, make sure that the switch and the host are accessible to each another via available routes, and the IP addresses of the interfaces are configured as shown Figure 11-4. This configuration may vary with different DNS servers. The following configuration is performed on a Windows server 2000 PC.
  • Page 103 Figure 11-6 Add a host Figure 11-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 11-7. Enter host name host and IP address 3.1.1.1. Figure 11-7 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution.

  • Page 104: Dns Proxy Configuration Example

    <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Use the ping host command on the switch to verify that the communication between the switch and the host is normal and that the corresponding destination IP address is 3.1.1.1.
  • Page 105 Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 11-8. Configure the DNS server This configuration may vary with different DNS servers.

  • Page 106: Troubleshooting Ipv4 Dns Configuration

    Troubleshooting IPv4 DNS Configuration Symptom After enabling the dynamic domain name resolution, the user cannot get the correct IP address. Solution Use the display dns dynamic-host command to verify that the specified domain name is in the cache. If the specified domain name does not exist, check that dynamic domain name resolution is enabled and the DNS client can communicate with the DNS server.

  • Page 107: Ipv6 Dns Configuration

    IPv6 DNS Configuration Introduction to IPv6 DNS IPv6 DNS is responsible for translating domain names into IPv6 addresses. Similar to IPv4 DNS, IPv6 DNS involves static domain name resolution and dynamic domain name resolution. The functions and implementations of the two types of domain name resolution are the same as those of IPv4 DNS. Configuring the IPv6 DNS Client Configuring Static Domain Name Resolution Configuring static domain name resolution refers to specifying the mappings between host names and...

  • Page 108: Displaying And Maintaining Ipv6 Dns

    To do… Use the command… Remarks Required Enable dynamic domain dns resolve name resolution Disabled by default. Required Not specified by default. dns server ipv6 ipv6-address If the IPv6 address of a DNS server is Specify a DNS server [ interface-type interface-number ] a link-local address, you need to specify the interface-type and interface-number arguments.

  • Page 109: Ipv6 Dns Configuration Examples

    IPv6 DNS Configuration Examples Static Domain Name Resolution Configuration Example Network requirements As shown in Figure 12-1, static domain name resolution is configured on the switch and thus the switch can use the domain name host.com to access the host whose IPv6 address is 1::2. Figure 12-1 Network diagram for static domain name resolution Configuration procedure # Configure a mapping between host name host.com and IPv6 address 1::2.
  • Page 110 Dynamic domain name resolution and the domain name suffix are configured on the switch that serves as a DNS client, and thus the switch can use domain name host to access the host with the domain name host.com and the IPv6 address 1::1/64. Figure 12-2 Network diagram of dynamic domain name resolution Configuration procedure Before performing the following configuration, make sure that the switch and the host are...
  • Page 111 As shown in Figure 12-3, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone named com. Figure 12-3 Create a zone # Create a mapping between the host name and the IPv6 address. As shown in Figure 12-4, right click zone com.
  • Page 112 Figure 12-4, select Other New Records to bring up a dialog box as shown in Figure 12-5. Select IPv6 Host (AAA) as the resource record type. Figure 12-5 Select the resource record type As shown in Figure 12-6, type host name host and IPv6 address 1::1, and then click OK. 12-6...
  • Page 113 Figure 12-6 Add a mapping between domain name and IPv6 address Configure the DNS client # Enable dynamic domain name resolution. <Switch> system-view [Switch] dns resolve # Specify the DNS server 2::2. [Switch] dns server ipv6 2::2 # Configure com as the DNS suffix. [Switch] dns domain com Configuration verification # Use the ping ipv6 host command on the switch to verify that the communication between the switch...
  • Page 114 bytes=56 Sequence=3 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=4 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=5 hop limit=126 time = 1 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms 12-8...

  • Page 115: Ip Performance Optimization Configuration

    IP Performance Optimization Configuration This chapter includes these sections: Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring Cut-Through Forwarding Enabling the SYN Cookie Feature Configuring TCP Attributes Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance Optimization Overview You can adjust the IP parameters in some network environments to maximum network performance.

  • Page 116: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network

    Enabling Forwarding of Directed Broadcasts to a Directly Connected Network Follow these steps to enable the device to forward directed broadcasts: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Enable the interface to forward ip forward-broadcast [ acl directed broadcasts...

  • Page 117: Configuring Cut-Through Forwarding

    Enable cut-through forwarding cut-through enable Disabled by default. Currently, the S5820X series support only this feature. Enabling the SYN Cookie Feature As a general rule, the establishment of a TCP connection involves the following three handshakes: The request originator sends a SYN message to the target server.

  • Page 118: Configuring Tcp Attributes

    The SYN Cookie feature can prevent SYN Flood attacks. After receiving a TCP connection request, the server directly returns a SYN ACK message, instead of establishing an incomplete TCP connection. Only after receiving an ACK message from the client can the server establish a connection, and then enter the ESTABLISHED state.

  • Page 119: Configuring Icmp To Send Error Packets

    To do… Use the command… Remarks Optional Configure the TCP finwait timer tcp timer fin-timeout time-value 675 seconds by default. Optional Configure the size of TCP tcp window window-size receive/send buffer 8 KB by default. The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer –...
  • Page 120 ICMP destination unreachable packets If the device receives an IP packet whose destination is unreachable, it drops the packet and sends an ICMP destination unreachable error packet to the source. Conditions for sending ICMP destination unreachable packets: If a packet matches no route, the device sends a “network unreachable” ICMP error packet. If the transport layer protocol of a packet destined to the receiving device is not supported by the receiving device, the device sends a “protocol unreachable”...

  • Page 121: Displaying And Maintaining Ip Performance Optimization

    The device stops sending “TTL timeout” ICMP error packets if you disable sending of ICMP timeout packets. However, “reassembly timeout” error packets are still sent normally. Displaying and Maintaining IP Performance Optimization To do… Use the command… Remarks Display current TCP connection state display tcp status Available in any view Display TCP connection statistics...

  • Page 122: Udp Helper Configuration

    UDP Helper Configuration This chapter includes these sections: Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Examples Currently, only VLAN interfaces support UDP Helper related configuration. Introduction to UDP Helper A host may need to send broadcast packets to obtain network configuration information or request the names of other devices on the network.

  • Page 123: Displaying And Maintaining Udp Helper

    To do… Use the command… Remarks Specify the UDP destination port Required udp-helper port { port-number | dns number with which broadcast | netbios-ds | netbios-ns | tacacs | No UDP port number is packets are forwarded by UDP tftp | time } specified by default.

  • Page 124: Udp Helper Configuration Examples

    UDP Helper Configuration Examples UDP Helper Configuration Example Network requirements On Switch A, configure UDP helper to forward broadcast packets with UDP destination port number 55 and destination IP address 255.255.255.255 or 10.110.255.255 to the destination server 10.2.1.1/16. Figure 14-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available.

  • Page 125: Ipv6 Basics Configuration

    IPv6 Basics Configuration This chapter includes these sections: IPv6 Overview IPv6 Basics Configuration Task List Configuring Basic IPv6 Functions Configuring IPv6 NDP Configuring PMTU Discovery Configuring IPv6 TCP Properties Configuring ICMPv6 Packet Sending Displaying and Maintaining IPv6 DNS IPv6 Configuration Example Troubleshooting IPv6 Basics Configuration IPv6 Overview Internet Protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the...
  • Page 126 Figure 15-1 IPv4 packet header format and basic IPv6 packet header format Larger address space The source and destination IPv6 addresses are 128 bits (or 16 bytes) long. IPv6 can provide 3.4 x 10 addresses to meet the requirements of hierarchical address division and the allocation of public and private addresses.

  • Page 127: Ipv6 Addresses

    Router Discovery messages, and ICMPv4 Redirect messages and provides a series of other functions. Flexible extension headers IPv6 cancels the Options field in the header and introduces optional extension headers to provide scalability and improve efficiency. The Options field in the IPv4 packet header contains 40 bytes at most, whereas the IPv6 extension headers are restricted to the maximum size of IPv6 packets only.
  • Page 128 identified by that address. The nearest interface is chosen according to the routing protocols' measure of distance. There are no broadcast addresses in IPv6. Their function is replaced by multicast addresses. The type of an IPv6 address is designated by the first several bits called the format prefix. Table 15-1 lists the mappings between address types and format prefixes.
  • Page 129 The unspecified address is 0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets. The unspecified address cannot be used as a destination IPv6 address. Multicast addresses IPv6 multicast addresses listed in Table 15-2...

  • Page 130: Ipv6 Neighbor Discovery Protocol

    Figure 15-2 Convert a MAC address into an EUI-64 address-based interface identifier On a tunnel interface The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros.
  • Page 131 ICMPv6 message Type Function Responds to an RS message. Router Advertisement (RA) Advertises information such as the Prefix Information message options and flag bits (with the RA message suppression function disabled). Informs the source host of a better next hop on the path to a Redirect message particular destination when certain conditions are satisfied.
  • Page 132 IPv4). DAD is accomplished through NS and NA message exchange. Figure 15-4 shows the DAD process. Figure 15-4 Duplicate address detection The DAD process is: Host A sends an NS message whose source address is the unspecified address and whose destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected.

  • Page 133: Ipv6 Pmtu Discovery

    In addition to an address prefix, the Prefix Information option also contains the preferred lifetime and valid lifetime of the address prefix. Nodes update the preferred lifetime and valid lifetime accordingly through periodic RA messages. An automatically generated address is applicable within the valid lifetime and is removed when the valid lifetime expires.

  • Page 134: Ipv6 Transition Technologies

    If the MTU supported by a forwarding interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error packet containing the interface MTU to the source host. After receiving the ICMPv6 error packet, the source host uses the returned MTU to limit the packet size, performs fragmentation, and sends the resulting packet to the destination host.

  • Page 135: Ipv6 Basics Configuration Task List

    RFC 1981: Path MTU Discovery for IP version 6 RFC 2375: IPv6 Multicast Address Assignments RFC 2460: Internet Protocol, Version 6 (IPv6) Specification. RFC 2461: Neighbor Discovery for IP Version 6 (IPv6) RFC 2462: IPv6 Stateless Address Autoconfiguration RFC 2463: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification RFC 2464: Transmission of IPv6 Packets over Ethernet Networks RFC 2526: Reserved IPv6 Subnet Anycast Addresses...
  • Page 136 EUI-64 format: When the EUI-64 format is used, the IPv6 address prefix of an interface is the configured prefix, and the interface identifier is generated automatically by the interface. Manual configuration: IPv6 site-local addresses or global unicast addresses are configured manually.
  • Page 137 To do... Use the command... Remarks configured for an interface, Manually assign a ipv6 address ipv6-address a link-local address will be link-local address link-local generated automatically. for the interface Note that: An interface can have only one link-local address, but can have multiple global unicast addresses with different prefixes and site-local addresses.

  • Page 138: Configuring Ipv6 Ndp

    Configuring IPv6 NDP Configuring a Static Neighbor Entry The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry. The device uniquely identifies a static neighbor entry by the neighbor's IPv6 address and the local Layer 3 interface number.

  • Page 139: Configuring Parameters Related To Ra Messages

    S5820X series Ethernet switch can learn up to 4096 neighbors dynamically. Configuring Parameters Related to RA Messages You can enable an interface to send RA messages, and configure the interval for sending RA messages and parameters in RA messages.
  • Page 140 Parameters Description This field determines whether hosts use the stateful autoconfiguration to acquire other configuration information. If the O flag is set to 1, hosts use the stateful autoconfiguration (for example, O flag through a DHCP server) to acquire other configuration information. Otherwise, hosts use the stateless autoconfiguration to acquire other configuration information.
  • Page 141 To do… Use the command… Remarks Required Disable the RA message undo ipv6 nd ra halt By default, RA messages are suppression suppressed. Optional By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds.

  • Page 142: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad

    To do… Use the command… Remarks Optional By default, the local interface sends Set the NS retransmission ipv6 nd ns retrans-timer NS messages at 1000 ms intervals, timer value and the value of the Retrans Timer field in RA messages sent by the local interface is 0.

  • Page 143: Configuring Pmtu Discovery

    To do… Use the command… Remarks Optional Configure the number of 1 by default. When the value attempts to send an NS ipv6 nd dad attempts value argument is set to 0, DAD is message for DAD disabled. Configuring PMTU Discovery Configuring a Static PMTU for a Specified IPv6 Address You can configure a static PMTU for a specified destination IPv6 address.

  • Page 144: Configuring Icmpv6 Packet Sending

    synwait timer: When a SYN packet is sent, the synwait timer is triggered. If no response packet is received before the synwait timer expires, the IPv6 TCP connection establishment fails. finwait timer: When the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered.

  • Page 145: Enabling Replying To Multicast Echo Requests

    To do… Use the command… Remarks Optional By default, the capacity of a token bucket is 10 and the update interval is 100 milliseconds. In Configure the capacity ipv6 icmp-error { bucket other words, at most 10 ICMPv6 error packets and update interval of bucket-size | ratelimit can be sent within 100 milliseconds.

  • Page 146: Displaying And Maintaining Ipv6 Basics Configuration

    To do… Use the command… Remarks Optional Enable sending of ICMPv6 Time ipv6 hoplimit-expires enable Exceeded messages Enabled by default. Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks display ipv6 fib [ slot slot-number ] Display the IPv6 FIB entries Available in any view [ ipv6-address ] Display the IPv6 information of the...

  • Page 147: Ipv6 Configuration Example

    To do… Use the command… Remarks reset ipv6 neighbors { all | dynamic | interface interface-type Clear IPv6 neighbor information Available in user view interface-number | slot slot-number | static } reset ipv6 pathmtu { all | static | Clear the PMTU values Available in user view dynamic} Clear the statistics of IPv6 and...
  • Page 148 <SwitchA> system-view [SwitchA] ipv6 # Specify a global unicast address for VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 3001::1/64 [SwitchA-Vlan-interface2] quit # Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default). [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ipv6 address 2001::1/64 [SwitchA-Vlan-interface1] undo ipv6 nd ra halt...
  • Page 149 ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 25829 InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos:...
  • Page 150 IPv6 Packet statistics: InReceives: InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All the IPv6 global unicast addresses configured on the interface are displayed.
  • Page 151 InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them.

  • Page 152: Troubleshooting Ipv6 Basics Configuration

    round-trip min/avg/max = 3/3/3 ms As shown in the output information, Switch B can ping Switch A and Host. Troubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled.

  • Page 153: Dhcpv6 Configuration

    DHCPv6 Configuration This chapter includes these sections: DHCPv6 Configuration Overview Configuring the DHCPv6 Client Configuring the DHCPv6 Relay Agent Displaying and Maintaining DHCPv6 DHCPv6 Configuration Examples DHCPv6 Configuration Overview The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is used to assign IPv6 addresses and other configuration parameters to hosts.

  • Page 154: Typical Dhcpv6 Network Application

    Typical DHCPv6 Network Application Figure 16-2 Network diagram for DHCPv6 Figure 16-2 shows a typical DHCPv6 network. A DHCPv6 client uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. If the DHCPv6 server resides on another subnet, the DHCPv6 client can contact the server via a DHCPv6 relay agent.

  • Page 155: Operation Of Dhcpv6 Relay Agent

    With an IPv6 address obtained through stateless address autoconfiguration, a device automatically enables the stateless DHCPv6 function after it receives an RA message with the managed address configuration flag (“M” flag) set to 0 and with the other stateful configuration flag (“O” flag) set to 1. Two types of messages are exchanged in the operation of stateless DHCPv6: the information request message sent by the client and the reply message sent by the server.

  • Page 156: Protocols And Standards

    After receiving the request, the DHCPv6 relay agent encapsulates the request into the Relay Message Option of a Relay-forward message, and sends the message to the DHCPv6 server. After obtaining the request from the Relay-forward message, the DHCPv6 server selects an IPv6 address and other required parameters and adds them into a reply which is encapsulated into the Relay Message Option of a Relay-reply message.

  • Page 157: Configuring The Dhcpv6 Relay Agent

    For detailed information about the ipv6 address auto command, see IPv6 Basics Configuration Commands in the Layer 3 - IP Services Command Reference. With an IPv6 address obtained through stateless address autoconfiguration, a device automatically enables the stateless DHCPv6 function to obtain other configuration parameters upon receiving an RA message with the “M”...

  • Page 158: Displaying And Maintaining Dhcpv6

    Executing the ipv6 dhcp relay server-address command repeatedly can specify multiple DHCPv6 servers, and up to eight DHCPv6 servers can be specified for an interface. After receiving requests from DHCPv6 clients, the DHCPv6 relay agent forwards the requests to all the specified DHCPv6 servers.

  • Page 159: Dhcpv6 Configuration Examples

    DHCPv6 Configuration Examples Stateless DHCPv6 Configuration Example Network requirements As shown in Figure 16-5, through stateless DHCPv6, Switch A obtains the DNS server address, domain name, and other information from the server. Switch B acts as the gateway to send RA messages periodically. Figure 16-5 Stateless DHCPv6 configuration Configuration procedure Configure Switch B...

  • Page 160: Dhcpv6 Relay Agent Configuration Example

    [SwitchA-Vlan-interface2] display ipv6 dhcp client interface vlan-interface 2 Vlan-interface2 is in stateless DHCPv6 client mode State is OPEN Preferred Server: Reachable via address : FE80::213:7FFF:FEF6:C818 DUID : 0003000100137ff6c818 DNS servers : 1:2:3::5 1:2:4::7 Domain names : abc.com Sysname.com # You can use the display ipv6 dhcp client statistics command to view the current client statistics. [SwitchA-Vlan-interface2] display ipv6 dhcp client statistics Interface : Vlan-interface2...
  • Page 161 Configuration procedure Configure Switch A as a DHCPv6 relay agent # Enable the IPv6 packet forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure the IPv6 addresses of VLAN-interface 1 and VLAN-interface 2 respectively. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 2::1 64 [SwitchA-Vlan-interface2] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ipv6 address 1::1 64...

  • Page 162: Tunneling Configuration

    Tunneling Configuration This chapter includes these sections: Tunneling Overview Tunneling Configuration Task List Configuring an IPv6 Manual Tunnel Configuring a 6to4 Tunnel Configuring an ISATAP Tunnel Configuring an IPv4 over IPv4 Tunnel Configuring an IPv4 over IPv6 Tunnel Configuring an IPv6 over IPv6 Tunnel Configuring a GRE over IPv4 Tunnel Configuring a GRE over IPv6 Tunnel Displaying and Maintaining Tunneling Configuration...

  • Page 163: Introduction To Ipv4/Ipv6 Transition Tunnels

    The term tunnel used throughout this document refers to an IPv4/IPv6 transition tunnel, IPv4 over IPv4 tunnel or IPv6 over IPv6 tunnel unless otherwise specified. For information about VPN, see MCE Configuration in the Layer 3 - IP Routing Configuration Guide.
  • Page 164 The devices at both ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack. Figure 17-1 IPv6 over IPv4 tunnel The IPv6 over IPv4 tunnel processes packets in the following way: A host in the IPv6 network sends an IPv6 packet to the device at the source end of the tunnel. After determining according to the routing table that the packet needs to be forwarded through the tunnel, the device at the source end of the tunnel encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel.
  • Page 165 Type According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the following types: Tunnel type Tunnel mode Manually configured tunnel IPv6 manual tunnel 6to4 tunnel Automatic tunnel Intra-site automatic tunnel addressing protocol (ISATAP) tunnel The configuration parameters for each tunnel mode are listed in the following table: IP address of the tunnel Tunnel mode...

  • Page 166: Ipv4 Over Ipv4 Tunnel

    With the application of the IPv6 technology, there will be more and more IPv6 hosts in the existing IPv4 network. The ISATAP tunneling technology provides a satisfactory solution for IPv6 application. An ISATAP tunnel is a point-to-point automatic tunnel. The destination of a tunnel can automatically be acquired from the embedded IPv4 address in the destination address of an IPv6 packet.

  • Page 167: Ipv4/Ipv6 Over Ipv6 Tunnel

    The IP protocol stack determines how to route the packet according to the destination address in the IP header. If the packet needs to be routed to the IPv4 host connected to Router B, the packet is sent to Router A’s tunnel interface that is connected to Router B. After the tunnel interface receives the packet, the packet is encapsulated and submitted to the IP protocol stack for processing.

  • Page 168: Gre Tunnel

    If the passenger protocol is IPv4 or IPv6, the packet is sent to the tunnel processing module for decapsulation. The decapsulated packet is sent to the corresponding protocol module for the secondary routing process. GRE tunnel Generic Routing Encapsulation (GRE) is a protocol designed for encapsulating and carrying the packets of one network layer protocol (for example, IP or IPX) over another network layer protocol (for example, IP).

  • Page 169: Protocols And Standards

    Figure 17-7 Format of an X packet encapsulated for transmission over an IP tunnel These are the terms involved: Payload: Packet that needs to be encapsulated and transmitted. Passenger protocol: Protocol that the payload packet uses, IPX in the example. Encapsulation or carrier protocol: Protocol used to encapsulate the payload packet, that is, GRE.

  • Page 170: Configuring A Tunnel Interface

    Task Remarks Configuring a Tunnel Interface Required Configuring an IPv6 Manual Tunnel Optional Configuring an IPv6 Configuring a 6to4 Tunnel over IPv4 tunnel Use one as needed. Configuring an ISATAP Tunnel Configuring an IPv4 over IPv4 Tunnel Optional Configuring an IPv4 over IPv6 Tunnel Optional Configuring an IPv6 over IPv6 Tunnel Optional...

  • Page 171: Configuring An Ipv6 Manual Tunnel

    To do… Use the command… Remarks Required Reference a service loopback service-loopback-group By default, the tunnel does not group number reference any service loopback group. Optional Set the MTU of the interface mtu size 64000 by default Optional Shut down the tunnel interface shutdown By default, a tunnel interface is in the up state.
  • Page 172 To do… Use the command… Remarks interface a site-local By default, no IPv6 global unicast ipv6 address address address or site-local address is ipv6-address/prefix-length eui-64 configured for the tunnel interface. ipv6 address auto link-local Optional Configure a By default, a link-local address will link-local IPv6 automatically be created when an ipv6 address ipv6-address...

  • Page 173: Configuration Example

    Configuration Example Network requirements As shown in Figure 17-8, two IPv6 networks are connected to an IPv4 network through Switch A and Switch B respectively. Configure an IPv6 manual tunnel between Switch A and Switch B to make the two IPv6 networks reachable to each other. Figure 17-8 Network diagram for an IPv6 manual tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and can...
  • Page 174 [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] undo stp enable [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Reference service loopback group 1 on the tunnel. [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] service-loopback-group 1 [SwitchA-Tunnel0] quit # Configure a static route to IPv6 Group 2 through tunnel 0 on Switch A. [SwitchA] ipv6 route-static 3003:: 64 tunnel 0 Configuration on Switch B # Enable IPv6.
  • Page 175 Line protocol current state :UP IPv6 is enabled, link-local address is FE80::C0A8:6401 Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1:FF00:0 FF02::1:FF00:1 FF02::1:FFA8:6401 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives:...

  • Page 176: Configuring A 6To4 Tunnel

    5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring a 6to4 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication. Specify one of the above interfaces as the source interface of the tunnel.

  • Page 177: 6To4 Tunnel Configuration Example

    To do… Use the command… Remarks Required Configure a source address or source { ip-address | By default, no source address or interface for the tunnel interface-type interface-number } interface is configured for the tunnel. No destination address needs to be configured for a 6to4 tunnel because the destination address can automatically be obtained from the IPv4 address embedded in the 6to4 IPv6 address.
  • Page 178 Figure 17-9 Network diagram for a 6to4 tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
  • Page 179 [SwitchA-GigabitEthernet1/0/3] quit # Reference service loopback group 1 on the tunnel. [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] service-loopback-group 1 [SwitchA-Tunnel0] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 0 Configuration on Switch B # Enable IPv6.

  • Page 180: Configuring An Isatap Tunnel

    Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms Ping statistics for 2002:501:101:1::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 13ms, Average = 3ms Configuring an ISATAP Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the...

  • Page 181: Configuration Example

    To do… Use the command… Remarks Required By default, the tunnel is a GRE over Specify the ISATAP tunnel IPv4 tunnel. The same tunnel mode tunnel-protocol ipv6-ipv4 isatap mode should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
  • Page 182 Figure 17-10 Network diagram for an ISATAP tunnel Configuration procedure Make sure that the corresponding VLAN interfaces have been created on the switch. Make sure that VLAN-interface 101 on the ISATAP switch and the ISATAP host are reachable to each other. Configuration on the switch # Enable IPv6.
  • Page 183 # Reference service loopback group 1 on the tunnel. [Switch] interface tunnel 0 [Switch-Tunnel0] service-loopback-group 1 [Switch-Tunnel0] quit # Configure a static route to the ISATAP host. [Switch] ipv6 route-static 2001:: 16 tunnel 0 Configuration on the ISATAP host The specific configuration on the ISATAP host is related to its operating system. The following example shows the configuration of the host running the Windows XP.

  • Page 184: Configuring An Ipv4 Over Ipv4 Tunnel

    default site prefix length 48 # By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch.

  • Page 185: Configuration Example

    To do… Use the command… Remarks Optional By default, the tunnel is a GRE over Specify the IPv4 over IPv4 IPv4 tunnel. The same tunnel mode tunnel-protocol ipv4-ipv4 tunnel mode should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
  • Page 186 Figure 17-11 Network diagram for an IPv4 over IPv4 tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Configure an IPv4 address for VLAN-interface 100. <SwitchA>...
  • Page 187 [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Reference service loopback group 1 on the tunnel. [SwitchA] interface tunnel 1 [SwitchA-Tunnel1] service-loopback-group 1 [SwitchA-Tunnel1] quit # Configure a static route from Switch through the interface tunnel 1 to Group 2. [SwitchA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1 Configuration on Switch B # Configure an IPv4 address for VLAN-interface 100.
  • Page 188 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1480 Internet Address is 10.1.2.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source 2.1.1.1, destination 3.1.1.1 Tunnel protocol/transport IP/IP Last clearing of counters: Never Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 2 bytes/sec, 0 packets/sec 4 packets input, 256 bytes...

  • Page 189: Configuring An Ipv4 Over Ipv6 Tunnel

    Configuring an IPv4 over IPv6 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication. Specify one of the above interfaces as the source interface of the tunnel. Ensure reachability between the tunnel source and destination addresses.

  • Page 190: Configuration Example

    To encapsulate and forward IPv4 packets whose destination address does not belong to the network segment where the receiving tunnel interface resides, you need to configure a static route or dynamic routing for forwarding those packets through this tunnel interface. If you configure a static route to that destination IPv4 address, specify this tunnel interface as the outbound interface, or the peer tunnel interface as the next hop.
  • Page 191 [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 30.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101 [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2002::1:1 64 [SwitchA-Vlan-interface101] quit # Create the interface tunnel 1.
  • Page 192 # Create the interface tunnel 2. [SwitchB] interface tunnel 2 # Configure an IPv4 address for the interface tunnel 2. [SwitchB-Tunnel2] ip address 30.1.2.2 255.255.255.0 # Configure the tunnel encapsulation mode. [SwitchB-Tunnel2] tunnel-protocol ipv4-ipv6 # Configure the source address for the interface tunnel 2 (IP address of VLAN-interface 101). [SwitchB-Tunnel2] source 2002::2:1 # Configure the destination address for the interface tunnel 2 (IP address of VLAN-interface 101 of Switch A).

  • Page 193: Configuring An Ipv6 Over Ipv6 Tunnel

    Description: Tunnel2 Interface The Maximum Transmit Unit is 1460 Internet Address is 30.1.2.2/24 Primary Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source 2002::0002:0001, destination 2002::0001:0001 Tunnel protocol/transport IP/IPv6 Last clearing of counters: Never Last 300 seconds input: 1 bytes/sec, 0 packets/sec Last 300 seconds output: 1 bytes/sec, 0 packets/sec 167 packets input, 10688 bytes 0 input error...
  • Page 194 To do… Use the command… Remarks ipv6 address { ipv6-address Configure an prefix-length | IPv6 global ipv6-address/prefix-length } unicast address Required Configure an or site-local ipv6 address IPv6 address Use one of the commands. address ipv6-address/prefix-length eui-64 for the tunnel By default, no IPv6 address is interface configured for the tunnel interface.

  • Page 195: Configuration Example

    To encapsulate and forward IPv6 packets whose destination address does not belong to the network segment where the receiving tunnel interface resides, you need to configure a static route or dynamic routing for forwarding those packets through this tunnel interface. If you configure a static route to that destination IPv6 address, specify this tunnel interface as the outbound interface, or the peer tunnel interface as the next hop.
  • Page 196 Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv6 address for VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ipv6 address 2002:1::1 64 [SwitchA-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101.
  • Page 197 <SwitchB> system-view [SwitchB] ipv6 # Configure an IPv6 address for VLAN-interface 100. [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 2002:3::1 64 [SwitchB-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101. [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2002::22:1 64 [SwitchB-Vlan-interface101] quit # Create the interface tunnel 2.
  • Page 198 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1460 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: <SwitchB> display ipv6 interface tunnel 2 verbose Tunnel2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::2024:1 Global unicast address(es): 3001::1:2, subnet is 3001::/64...

  • Page 199: Configuring A Gre Over Ipv4 Tunnel

    Configuring a GRE over IPv4 Tunnel Configuration Prerequisites Interfaces on a device, such as VLAN interfaces, and loopback interfaces, are configured with IPv4 addresses and can communicate. These interfaces can be used as the source of a virtual tunnel interface to ensure the reachability of the tunnel destination address. Configuration Procedure Follow these steps to configure a GRE over IPv4 tunnel: To do…...

  • Page 200: Configuration Example

    The source address and destination address of a tunnel uniquely identify a path. They must be configured at both ends of the tunnel and the source address at one end must be the destination address at the other end and vice versa. Tunnel interfaces using the same encapsulation protocol must have different source addresses and destination addresses.
  • Page 201 [SwitchA] interface tunnel 1 # Configure an IPv4 address for interface Tunnel 1. [SwitchA-Tunnel1] ip address 10.1.2.1 255.255.255.0 # Configure the tunnel encapsulation mode. [SwitchA-Tunnel1] tunnel-protocol gre # Configure the source address of interface Tunnel 1 to be the IP address of the VLAN interface. [SwitchA-Tunnel1] source vlan-interface 101 # Configure the destination address for interface Tunnel 1.

  • Page 202: Configuring A Gre Over Ipv6 Tunnel

    [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] undo stp enable [SwitchB-GigabitEthernet1/0/3] port service-loopback group 1 # Apply service loopback group 1 to the tunnel in tunnel interface view. [SwitchB-GigabitEthernet1/0/3] quit [SwitchB] interface tunnel 1 [SwitchB-Tunnel1] service-loopback-group 1 [SwitchB-Tunnel1] quit # Configure a static route from Switch B through interface Tunnel 1 to Group 1. [SwitchB] ip route-static 10.1.1.0 255.255.255.0 Tunnel 1 Configuring a GRE over IPv6 Tunnel Configuration Prerequisites...

  • Page 203: Configuration Example

    To do… Use the command… Remarks Required Configure the source address or source { ipv6-address | By default, no source address or interface for the tunnel interface interface-type interface-number } interface is configured for a tunnel interface. Required Configure the destination address destination ipv6-address By default, no destination address for the tunnel interface...
  • Page 204 Figure 17-15 Network diagram for a GRE over IPv6 tunnel Configuration procedure Before the configuration, make sure that Switch A and Switch B can reach each other. Configure Switch A <SwitchA> system-view # Enable IPv6. [SwitchA] ipv6 # Configure interface VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit...
  • Page 205 # Add interface GigabitEthernet 1/0/3 to service loopback group 1. [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] undo stp enable [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 # Apply service loopback group 1 to the tunnel in tunnel interface view. [SwitchA-GigabitEthernet1/0/3] quit [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] service-loopback-group 1 [SwitchA-Tunnel0] quit # Configure a static route from Switch A through interface Tunnel 0 to Group 2.

  • Page 206: Displaying And Maintaining Tunneling Configuration

    [SwitchB-Tunnel0] quit # Configure a static route from Switch B through interface Tunnel 0 to Group 1. [SwitchB] ip route-static 10.1.1.0 255.255.255.0 tunnel 0 Displaying and Maintaining Tunneling Configuration To do… Use the command… Remarks Display information about tunnel display interface tunnel [ number ] Available in any view interfaces Display IPv6 information on tunnel...

  • Page 207: Index

    Index 6to4 Tunnel Configuration Example 17-16 Configuring IP Address Conflict Detection 6-16 Configuring Option 184 Parameters for the Allocation Mechanisms Client with Voice Service 6-11 Application Environment of Trusted Ports Configuring Parameters Related to RA Messages 15-15 ARP Function Configuring Self-Defined DHCP Options 6-12 ARP Message Format Configuring Static Domain Name Resolution...
  • Page 208 DHCP Address Pool Functions of DHCP Snooping DHCP Options Overview Fundamentals DHCP Relay Agent Configuration Example 7-10 GRE tunnel 17-7 DHCP Relay Agent Option 82 Support Configuration Example 7-11 DHCP Relay Agent Support for Option 82 Introduction to DHCP Options Introduction to Gratuitous ARP DHCP Snooping Configuration Example Introduction to IPv4/IPv6 Transition Tunnels...
  • Page 209 Proxy ARP Self-Defined Option Configuration Example 6-21 Self-Defined Options Setting the Aging Time for Dynamic ARP Entries Special IP Addresses Stateless DHCPv6 Configuration Example 16-7 Stateless DHCPv6 Configuration 16-2 Static Domain Name Resolution 11-1 Static IP Address Assignment Configuration Example 6-18 Subnetting and Mask Typical DHCPv6 Network Application...

This manual is also suitable for:

S5800 series

Table of Contents