Configuration Guide - IP Service (V100R006C00 - 01) Huawei

Quidway S7700 Smart Routing Switch V100R006C00
Configuration Guide - IP Service

Issue Date 01 2011-07-15
HUAWEI TECHNOLOGIES CO., LTD.
Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com support@huawei.com
Website: Email:
Issue 01 (2011-07-15)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.
Quidway S7700 Smart Routing Switch Configuration Guide - IP Service
About This Document
About This Document

Intended Audience
This document describes the configurations of the IP services of the S7700, including the basic knowledge and configurations of secondary IP addresses, DHCP, DHCPv6, IP performance, IP unicast policy-based routing, UDP Helper, basic IPv6 functions, IPv6 over IPv4 tunnels, IPv4 over IPv6 tunnels, and IP sessions. By reading this document, you can learn the concepts and configuration procedures of IP services. This document is intended for: l l l l Policy planning engineers Installation and commissioning engineers NM configuration engineers Technical support engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury. Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
WARNING
CAUTION
TIP
NOTE
Issue 01 (2011-07-15)
ii
About This Document
Command Conventions
The command conventions that may be found in this document are defined as follows. Convention Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }* Description The keywords of a command line are in boldface. Command arguments are in italics. Items (keywords or arguments) in brackets [ ] are optional. Optional items are grouped in braces and separated by vertical bars. One item is selected. Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected. The parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments.
[ x | y | ... ]* &<1-n> #
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains all changes made in previous issues.
Changes in Issue 01 (2011-07-15)

Initial commercial release.
Issue 01 (2011-07-15)
iii
Contents
Contents
About This Document.....................................................................................................................ii 1 IP Addresses Configuration........................................................................................................1
1.1 Introduction to IP Addresses..............................................................................................................................2 1.2 Features of IP Addresses Supported by the S7700.............................................................................................2 1.3 Configuring IP Addresses for Interfaces............................................................................................................3 1.3.1 Establishing the Configuration Task.........................................................................................................3 1.3.2 Configuring a Primary IP Address for an Interface...................................................................................3 1.3.3 (Optional) Configuring a Secondary IP Address for an Interface.............................................................4 1.3.4 Checking the Configuration.......................................................................................................................4 1.4 Configuring IP Address Unnumbered for Interfaces..........................................................................................5 1.4.1 Establishing the Configuration Task.........................................................................................................5 1.4.2 Configuring the Primary IP Address of the Interface That Lends an IP Address.....................................6 1.4.3 Configuring an Interface That Borrows an IP Address from Another Interface.......................................6 1.4.4 Checking the Configuration.......................................................................................................................7 1.5 Configuration Examples.....................................................................................................................................7 1.5.1 Example for Setting Primary and Secondary IP Addresses......................................................................7 1.5.2 Example for Configuring a Tunnel Interface to Borrow the IP Address of a Loopback Interface...........9
2 ARP Configuration......................................................................................................................12
2.1 Overview of ARP.............................................................................................................................................14 2.2 Features of ARP Supported by the S7700........................................................................................................14 2.3 Configuring Static ARP....................................................................................................................................16 2.3.1 Establishing the Configuration Task.......................................................................................................17 2.3.2 Configuring Common Static ARP Entries...............................................................................................17 2.3.3 Configuring Static ARP Entries in a VLAN...........................................................................................18 2.3.4 Configuring Static ARP Entries in a VPN Instance................................................................................19 2.3.5 Checking the Configuration.....................................................................................................................19 2.4 Optimizing Dynamic ARP................................................................................................................................20 2.4.1 Establishing the Configuration Task.......................................................................................................20 2.4.2 Modify the aging parameters of dynamic ARP.......................................................................................20 2.4.3 Enabling ARP Suppression Function......................................................................................................21 2.4.4 Enabling Layer 2 Topology Detection Function.....................................................................................21 2.4.5 Checking the Configuration.....................................................................................................................22 Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. iv
Contents
2.5 Configuring Routed Proxy ARP.......................................................................................................................22 2.5.1 Establishing the Configuration Task.......................................................................................................22 2.5.2 Configure an IP Addresses for the Interface............................................................................................23 2.5.3 Enabling the Routed Proxy ARP Function..............................................................................................23 2.5.4 Checking the Configuration.....................................................................................................................24 2.6 Configuring Proxy ARP Within a VLAN........................................................................................................24 2.6.1 Establishing the Configuration Task.......................................................................................................24 2.6.2 Configure an IP Addresses for the Interface............................................................................................25 2.6.3 Enabling Proxy ARP Within a VLAN....................................................................................................25 2.6.4 Checking the Configuration.....................................................................................................................26 2.7 Configuring Proxy ARP Between VLANs.......................................................................................................26 2.7.1 Establishing the Configuration Task.......................................................................................................26 2.7.2 Configuring an IP Addresses for the Interface........................................................................................27 2.7.3 Enabling Proxy ARP Between VLANs...................................................................................................27 2.7.4 Checking the Configuration.....................................................................................................................28 2.8 Configuring ARP-Ping IP.................................................................................................................................28 2.8.1 Establishing the Configuration Task.......................................................................................................28 2.8.2 Detecting the IP Address by Using the arp-ping ip Command...............................................................29 2.9 Configuring ARP-Ping MAC...........................................................................................................................29 2.9.1 Establishing the Configuration Task.......................................................................................................29 2.9.2 Detecting the MAC Address by Using the arp-ping mac Command......................................................30 2.10 Maintaining ARP............................................................................................................................................30 2.10.1 Clearing ARP Entries............................................................................................................................31 2.10.2 Monitoring Network Operation Status of ARP.....................................................................................31 2.10.3 Debugging ARP.....................................................................................................................................31 2.11 Configuration Examples.................................................................................................................................32 2.11.1 Example for Configuring ARP..............................................................................................................32 2.11.2 Example for Configuring Routed Proxy ARP.......................................................................................35 2.11.3 Example for Configuring Intra-VLAN Proxy ARP..............................................................................37 2.11.4 Example for Configuring Inter-VLAN Proxy ARP..............................................................................39 2.11.5 Example for Configuring Layer 2 Topology Detection........................................................................42
3 DHCP Configuration..................................................................................................................45
3.1 Introduction to DHCP.......................................................................................................................................46 3.2 DHCP Features Supported by the S7700.........................................................................................................46 3.3 Configuring the DHCP Server Based on the Global Address Pool..................................................................48 3.3.1 Establishing the Configuration Task.......................................................................................................48 3.3.2 Configuring an Interface to Use Global Address Pool............................................................................50 3.3.3 Configuring Address Allocation Mode for Global Address Pool...........................................................51 3.3.4 (Optional) Configuring DNS for Global Address Pool...........................................................................52 3.3.5 (Optional) Configuring NetBIOS for Global Address Pool....................................................................53 3.3.6 (Optional) Configuring the Customized DHCP Option for the Global Address Pool............................54 3.3.7 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................55 Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v
Contents
3.3.8 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................55 3.3.9 Checking the Configuration.....................................................................................................................56 3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool...............................................57 3.4.1 Establishing the Configuration Task.......................................................................................................57 3.4.2 Configuring Address Allocation Mode for Interface Address Pool........................................................59 3.4.3 (Optional) Configuring the DNS Service of the VLANIF Interface Address Pool.................................60 3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF Interface Address Pool..........................61 3.4.5 (Optional) Configuring the Customized DHCP Option of the VLANIF Interface Address Pool...........62 3.4.6 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................62 3.4.7 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................63 3.4.8 Checking the Configuration.....................................................................................................................64 3.5 Configuring the DHCP Relay Agent................................................................................................................65 3.5.1 Establishing the Configuration Task.......................................................................................................65 3.5.2 Configuring DHCP Relay on an Interface...............................................................................................66 3.5.3 Configuring a Destination DHCP Server Group.....................................................................................67 3.5.4 Binding an Interface to a DHCP Server Group.......................................................................................68 3.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCP Release Packet...................................69 3.5.6 Checking the Configuration.....................................................................................................................70 3.6 Maintaining DHCP...........................................................................................................................................71 3.6.1 Clearing DHCP Statistics........................................................................................................................71 3.6.2 Monitoring DHCP Operation..................................................................................................................71 3.7 Configuration Examples...................................................................................................................................72 3.7.1 Example for Configuring a DHCP Server Based on the Global Address Pool.......................................72 3.7.2 Example for Configuring the DHCP Server Based on the Interface Address Pool.................................75 3.7.3 Example for Configuring a DHCP Relay Agent.....................................................................................79 3.7.4 Example for Configuring a DHCP Relay Agent for VPN.......................................................................83
4 IP Session Configuration...........................................................................................................89
4.1 Introduction to the IP Session...........................................................................................................................90 4.2 IP Session Supported by the S7700..................................................................................................................90 4.3 Configuring IP Session.....................................................................................................................................91 4.3.1 Establishing the Configuration Task.......................................................................................................91 4.3.2 Enabling the IP Session Function............................................................................................................92 4.3.3 Binding a User Authentication Domain to a Sub-Interface.....................................................................92 4.3.4 (Optional) Setting the Format of DHCP User Name and the Password..................................................93 4.3.5 (Optional) Configuring the S7700 to Process Option Fields...................................................................94 4.3.6 (Optional) Setting ARP Detection Parameters........................................................................................95 4.3.7 (Optional) Setting the Type of a NAS Interface......................................................................................95 4.3.8 (Optional) Binding a VPN Instance to an Interface.................................................................................96 4.3.9 Checking the Configuration.....................................................................................................................96 4.4 Example for Configuring IP Session................................................................................................................97 4.4.1 Example for Configuring IP Session.......................................................................................................97
5 DHCPv6 Configuration............................................................................................................101
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vi
Contents
5.1 Introduction to DHCPv6.................................................................................................................................102 5.2 DHCPv6 Features Supported by the S7700...................................................................................................103 5.3 Configuring DHCPv6 Relay...........................................................................................................................105 5.3.1 Establishing the Configuration Task.....................................................................................................105 5.3.2 Enabling the DHCPv6 Relay Function..................................................................................................105 5.3.3 (Optional) Configuring the Remote ID.................................................................................................106 5.3.4 (Optional) Configuring Rate Limit of DHCPv6 Messages...................................................................108 5.3.5 Checking the Configuration...................................................................................................................108 5.4 Maintaining DHCPv6.....................................................................................................................................109 5.4.1 Clearing the Statistics About DHCPv6 Messages Passing Through the DHCP Relay Agent..............109 5.4.2 Monitoring the Running Status of the DHCPv6 Relay Agent...............................................................109 5.5 Configuration Examples.................................................................................................................................110 5.5.1 Example for Configuring DHCPv6 Relay.............................................................................................110
6 IP Performance Configuration................................................................................................114
6.1 Introduction to IP Performance......................................................................................................................115 6.2 IP Performance Supported by the S7700........................................................................................................115 6.3 Optimizing IP Performance............................................................................................................................115 6.3.1 Establishing the Configuration Task.....................................................................................................115 6.3.2 Enabling an Interface to Check the Source IP Addresses of Packets....................................................116 6.3.3 Configuring Forcible Fragmentation of Outgoing Packets on an Interface..........................................117 6.3.4 Setting ICMP Parameters......................................................................................................................117 6.3.5 Setting TCP Parameters.........................................................................................................................119 6.3.6 (Optional) Setting the Load Balancing Mode of IP Packet Forwarding...............................................120 6.3.7 Checking the Configuration...................................................................................................................121 6.4 Maintaining IP Performance...........................................................................................................................121 6.4.1 Clearing IP Performance Statistics........................................................................................................122 6.4.2 Monitoring the Running Status of IP Performance...............................................................................122 6.4.3 Debugging IP Performance...................................................................................................................123 6.5 Configuration Examples.................................................................................................................................124 6.5.1 Example for Disabling the Sending of ICMP Redirection Packets.......................................................124 6.5.2 Example for Disabling the Sending of ICMP Host Unreachable Packets.............................................127 6.5.3 Example for Optimizing System Performance by Discarding Certain ICMP Packets..........................130
7 UDP Helper Configuration......................................................................................................133

7.1 Introduction to UDP Helper...........................................................................................................................134 7.2 UDP Helper Features Supported by the S7700..............................................................................................134 7.3 Configuring UDP Helper................................................................................................................................135 7.3.1 Establishing the Configuration Task.....................................................................................................135 7.3.2 Enabling the UDP Helper Function.......................................................................................................135 7.3.3 Configuring the UDP Port on Which Packets Are Forwarded..............................................................136 7.3.4 Configuring the Destination Server to Which Packets of the UDP Port Need to Be Forwarded..........136 7.3.5 Checking the Configuration...................................................................................................................137 7.4 Maintaining UDP Helper................................................................................................................................137 Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vii
Contents
7.4.1 Clearing UDP Helper Statistics.............................................................................................................137 7.4.2 Monitoring the Running Status of UDP Helper....................................................................................138 7.5 Configuration Examples.................................................................................................................................138 7.5.1 Example for Configuring UDP Helper..................................................................................................138
8 DNS Configuration...................................................................................................................141
8.1 Introduction to DNS.......................................................................................................................................142 8.2 DNS Supported by the S7700.........................................................................................................................142 8.3 Configuring DNS............................................................................................................................................142 8.3.1 Establishing the Configuration Task.....................................................................................................142 8.3.2 Configuring Static DNS Entries............................................................................................................143 8.3.3 Configuring Dynamic DNS...................................................................................................................143 8.3.4 Checking the Configuration...................................................................................................................144 8.4 Maintaining DNS............................................................................................................................................145 8.4.1 Clearing DNS Entries............................................................................................................................145 8.4.2 Monitoring Network Operation Status of DNS.....................................................................................146 8.4.3 Debugging DNS....................................................................................................................................146 8.5 Configuration Examples.................................................................................................................................147 8.5.1 Example for Configuring DNS..............................................................................................................147
9 Basic Configurations of IPv6...................................................................................................151

9.1 Introduction to IPv6........................................................................................................................................152 9.2 IPv6 Features Supported by the S7700...........................................................................................................152 9.3 Configuring an IPv6 Address for an Interface................................................................................................154 9.3.1 Establishing the Configuration Task.....................................................................................................154 9.3.2 Enabling IPv6 Packet Forwarding Capability.......................................................................................155 9.3.3 Configuring an IPv6 Link-Local Address for an Interface....................................................................155 9.3.4 Configuring an IPv6 Global Unicast Address for an Interface..............................................................156 9.3.5 Checking the Configuration...................................................................................................................157 9.4 Configuring IPv6 Neighbor Discovery...........................................................................................................157 9.4.1 Establishing the Configuration Task.....................................................................................................157 9.4.2 Configuring Static Neighbors................................................................................................................158 9.4.3 Enabling RA Message Advertising.......................................................................................................159 9.4.4 Setting the Interval for Advertising RA Messages................................................................................159 9.4.5 Enabling Stateful Auto Configuration...................................................................................................160 9.4.6 Configuring the Address Prefixes to Be Advertised.............................................................................160 9.4.7 Configuring Other Information to Be Advertised.................................................................................161 9.4.8 Checking the Configuration...................................................................................................................162 9.5 Maintaining IPv6............................................................................................................................................163 9.5.1 Clearing IPv6 Statistics.........................................................................................................................163 9.5.2 Monitoring the Running Status of IPv6.................................................................................................164 9.5.3 Debugging IPv6.....................................................................................................................................164 9.6 Configuration Examples.................................................................................................................................165 9.6.1 Example for Setting an IPv6 Address for an Interface..........................................................................165 Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. viii
Contents
10 IPv6 DNS Configuration........................................................................................................169

10.1 Introduction to IPv6 DNS.............................................................................................................................170 10.2 IPv6 DNS Supported by the S7700..............................................................................................................170 10.3 Configuring IPv6 DNS.................................................................................................................................170 10.3.1 Establishing the Configuration Task...................................................................................................170 10.3.2 Configuring a Static IPv6 DNS Entry.................................................................................................171 10.3.3 Configuring the Dynamic IPv6 DNS Services....................................................................................171 10.3.4 Checking the Configuration.................................................................................................................172 10.4 Maintaining IPv6 DNS.................................................................................................................................173 10.4.1 Clearing IPv6 DNS Entries..................................................................................................................173 10.4.2 Monitoring Network Operation Status of IPv6 DNS..........................................................................174 10.5 Configuration Examples...............................................................................................................................174 10.5.1 Example for Configuring IPv6 DNS...................................................................................................174
11 IPv6 over IPv4 Tunnel Configuration................................................................................. 179

11.1 Introduction to IPv6 over IPv4.....................................................................................................................180 11.2 IPv6 over IPv4 Supported by the S7700......................................................................................................180 11.3 Configuring IPv4/IPv6 Dual Stacks.............................................................................................................185 11.3.1 Establishing the Configuration Task...................................................................................................185 11.3.2 Enabling IPv6 Packet Forwarding.......................................................................................................186 11.3.3 Configuring IPv4 and IPv6 Addresses for the Interface......................................................................187 11.3.4 Checking the Configuration.................................................................................................................188 11.4 Configuring an IPv6 over IPv4 Tunnel........................................................................................................188 11.4.1 Establishing the Configuration Task...................................................................................................188 11.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface.................................................188 11.4.3 Configuring an IPv6 over IPv4 Manual Tunnel..................................................................................189 11.4.4 Configuring a 6to4 Tunnel..................................................................................................................190 11.4.5 Configuring an ISATAP Tunnel..........................................................................................................191 11.4.6 Configuring Routes in the Tunnel.......................................................................................................192 11.4.7 Checking the Configuration.................................................................................................................193 11.5 Configuring 6PE...........................................................................................................................................193 11.5.1 Establishing the Configuration Task...................................................................................................193 11.5.2 Configuring IPv4/IPv6 Dual Protocol Stacks......................................................................................194 11.5.3 Configuring MPLS..............................................................................................................................195 11.5.4 Enabling 6PE Peer...............................................................................................................................196 11.5.5 Checking the Configuration.................................................................................................................196 11.6 Maintaining IPv6 over IPv4 Tunnels............................................................................................................197 11.6.1 Monitoring the Running Status of IPv6 over IPv4 Tunnel..................................................................197 11.6.2 Debugging IPv6 over IPv4 Tunnel......................................................................................................197 11.7 Configuration Examples...............................................................................................................................198 11.7.1 Example for Configuring an IPv6 over IPv4 Tunnel Manually..........................................................198 11.7.2 Example for Configuring a 6to4 Tunnel..............................................................................................203 11.7.3 Example for Configuring a 6to4 Relay................................................................................................207 Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ix
Contents
11.7.4 Example for Configuring an ISATAP Tunnel.....................................................................................211 11.7.5 Example for Configuring 6PE.............................................................................................................214
12 IPv4 over IPv6 Tunnel Configuration.................................................................................222

12.1 Introduction to IPv4 over IPv6.....................................................................................................................223 12.2 IPv4 over IPv6 Supported by the S7700......................................................................................................223 12.3 Configuring an IPv4 over IPv6 Tunnel........................................................................................................224 12.3.1 Establishing the Configuration Task...................................................................................................224 12.3.2 Configuring a Tunnel Interface...........................................................................................................224 12.3.3 Configuring Routes in the Tunnel.......................................................................................................225 12.3.4 Checking the Configuration.................................................................................................................226 12.4 Maintaining IPv4 over IPv6 Tunnels............................................................................................................227 12.4.1 Monitoring the Operation Status of IPv4 over IPv6 Tunnel...............................................................227 12.4.2 Debugging IPv4 over IPv6 Tunnel......................................................................................................227 12.5 Configuration Examples...............................................................................................................................228 12.5.1 Example for Configuring an IPv6 over IPv4 Tunnel..........................................................................228
Issue 01 (2011-07-15)
1 IP Addresses Configuration
1
About This Chapter
IP Addresses Configuration
By assigning IP addresses to network devices, you can enable data communications between the network devices. 1.1 Introduction to IP Addresses IP is the core of the TCP/IP protocol suite. The packets of the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and Internet Group Membership Protocol (IGMP) are all transmitted in the format of IP datagrams. Devices on different networks communicate with each other using their network layer addresses, namely IP addresses. 1.2 Features of IP Addresses Supported by the S7700 IP addresses can be obtained through static manual configuration or borrowing. 1.3 Configuring IP Addresses for Interfaces Assigning an IP address to a device on a network enables the device to communicate with the other devices on the network. 1.4 Configuring IP Address Unnumbered for Interfaces IP address unnumbered refers to the situation that an interface that is not assigned an IP address obtains an IP address by borrowing an IP address from another interface. 1.5 Configuration Examples This section provides several examples of IP address configuration.
Issue 01 (2011-07-15)
1.1 Introduction to IP Addresses

IP is the core of the TCP/IP protocol suite. The packets of the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and Internet Group Membership Protocol (IGMP) are all transmitted in the format of IP datagrams. Devices on different networks communicate with each other using their network layer addresses, namely IP addresses. To communicate with each other on Internet Protocol (IP) networks, each host must be assigned an IP address. An IP address is a 32-bit number that is composed of two parts, namely, the network ID and host ID. The network ID identifies a network and the host ID identifies a host on the network. If the network IDs of hosts are the same, it indicates that the hosts are on the same network regardless of their physical locations.
1.2 Features of IP Addresses Supported by the S7700

IP addresses can be obtained through static manual configuration or borrowing. The S7700 supports IP address configuration through the following methods: l l Manually configuring an IP address for an interface Borrowing an IP address from other interfaces
The S7700 supports the space overlapping of network segment addresses to save the address space. l Different IP addresses in the overlapped network segments but not same can be configured on different interfaces of the same device. For example, after an interface on a device is configured with the IP address 20.1.1.1/16, if another interface is configured with the IP address 20.1.1.2/24, the system prompts a message. However, the configuration is still successful; if another interface is configured with the IP address 20.1.1.2/16, the system prompts an IP address conflict. The configuration fails. The primary IP address and the secondary IP address in the overlapped network segments but not same can be configured on the same interface. For example, after the interface is configured with a primary IP address 20.1.1.1/24, if the secondary IP address is 20.1.1.2/16 sub, the system prompts a message. However, the configuration is still successful. The primary IP address and the secondary IP address in the overlapped network segments but not same can be configured on different interfaces of the same device. However, the primary IP address and the secondary IP address cannot be the same. For example, after an interface on a device is configured with the IP address 20.1.1.1/16, if another interface is configured with the IP address 20.1.1.2/24 sub, the system prompts a message. However, the configuration is still successful.
The S7700 supports 31-bit IP address masks. Therefore, there are only two IP addresses in a network segment, that is, the network address and broadcast address. The two IP addresses can be used as host addresses.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2
1.3 Configuring IP Addresses for Interfaces

Assigning an IP address to a device on a network enables the device to communicate with the other devices on the network.
1.3.1 Establishing the Configuration Task

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for assigning an IP address to an interface.
Applicable Environment
To start IP services on an interface, configure the IP address for the interface. You can assign several IP addresses to each interface. Among them, one is the primary IP address and the others are secondary IP addresses. Generally, you need to configure only a primary IP address for an interface. Secondary IP addresses, however, are required in some cases. For instance, when a device connects to a physical network through an interface, and computers on this network belong to two Class C networks, you need to configure a primary IP address and a secondary IP address for this interface to ensure that the device can communication with all computers on this network.
Pre-configuration Tasks
Before configuring an IP addresses for an interface, complete the following tasks: l l Configuring the physical parameters for the interface and ensuring that the physical layer status of the interface is Up Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up
Data Preparation
To configure IP addresses for an interface, you need the following data. No. 1 2 3 Data Interface number Primary IP address and subnet mask of the interface (Optional) Secondary IP address and subnet mask of the interface
1.3.2 Configuring a Primary IP Address for an Interface

An interface can have only one primary IP address.
Issue 01 (2011-07-15)
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run:

interface vlanif vlan-id
The VLANIF interface view is displayed. Step 3 Run:

ip address ip-address { mask | mask-length }
A primary IP address is configured. An interface has only one primary IP address. If the interface already has a primary IP address, the newly configured primary IP address replaces the original one. ----End
1.3.3 (Optional) Configuring a Secondary IP Address for an Interface

To enable an interface to communicate with several networks with different network IDs, you need to assign a secondary IP address to this interface.
Procedure
Step 1 Run:
system-view


ip address ip-address { mask | mask-length } sub
A secondary IP address is configured. You can configure a maximum of 255 secondary IP addresses on an interface. ----End
1.3.4 Checking the Configuration

You can view the configuration of the IP address for an interface.
Prerequisite
The configurations of the IP addresses for the interface are complete.
Procedure
l l Run the display ip interface [ brief ] [ interface-type [ interface-number ] ] command to check the IP configuration on the interface. Run the display interface [ interface-type [ interface-number ] ] command to check interface information.
----End
1.4 Configuring IP Address Unnumbered for Interfaces

IP address unnumbered refers to the situation that an interface that is not assigned an IP address obtains an IP address by borrowing an IP address from another interface.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring IP address unnumbered.
To save IP address resources in some cases, configure the IP address unnumbered on the interface. You can also perform this configuration for an interface that is occasionally used rather than making the interface occupy an IP address constantly. Restrictions on configuring IP address unnumbered on an interface are as follows: l l l l l l The interface of IP address borrower can not be an Ethernet interface. The interface of IP address lender cannot be IP address from other. Multiple interfaces can borrow the IP address from the interface of IP address lender. If the interface of IP address lender has multiple IP addresses, the IP address lender can only be the primary IP address. If the interface of IP address borrower borrows an IP address from the interface with no IP address, the IP address borrower gets the IP adderss 0.0.0.0. The IP address of the virtual loopback interface can be borrowed by other interfaces. The loopback interface, however, cannot borrow the IP address from other interfaces.
Before configuring IP address unnumbered on an interface, complete the following tasks: l l Configuring physical attributes for the IP address borrower and lender Configuring link layer protocols for the IP address borrower and lender
Data Preparation
To configure IP address unnumbered on an interface, you need the following data.
Issue 01 (2011-07-15)
No. 1 2
Data Number, IP address, and mask of the interface that lends the IP address to other interfaces Number of the interface that borrows an IP address from another interface
1.4.2 Configuring the Primary IP Address of the Interface That Lends an IP Address
Only the primary IP address of an interface can be borrowed.
Procedure
Step 1 Run:
system-view


The primary IP address of the interface is configured. ----End
1.4.3 Configuring an Interface That Borrows an IP Address from Another Interface

An Ethernet interface cannot borrow the IP address of another interface.
Procedure
Step 1 Run:
system-view

interface tunnel interface-number
The TUNNEL interface view is displayed. Step 3 Run:

ip address unnumbered interface interface-type interface-number
The interface is configured to borrow an IP address from the specified interface. ----End

You can view the borrowed IP address of an interface.
Prerequisite
The configurations of IP address unnumbered are complete.
Procedure
l l Run the display ip interface [ brief ] [ interface-type [ interface-number ] ] command to check the IP configuration on the interface. Run the display interface [ interface-type [ interface-number ] ] command to check interface information.
----End
1.5 Configuration Examples

This section provides several examples of IP address configuration.
1.5.1 Example for Setting Primary and Secondary IP Addresses

This section provides a configuration example of setting primary and secondary IP addresses.
Networking Requirements
As shown in Figure 1-1, GigabitEthernet 1/0/1 of the Switch is connected to a LAN, in which hosts belong to two different network segments, that is 172.16.1.0/24 and 172.16.2.0/24. It is required that the Switch can access the two network segments but the host in 172.16.1.0/24 cannot interconnect with the host in 172.16.2.0/24. Figure 1-1 Networking diagram for setting IP addresses
172.16.1.0/24
Switch
GE 1/0/1 VLANIF 100 172.16.1.1/24 172.16.2.1/24 sub
172.16.2.0/24
Issue 01 (2011-07-15)
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Analyze the address of the network segment to which each interface is connected. Set the secondary IP addresses for an interface.
NOTE
Note that the primary and secondary IP addresses of the same interface or different secondary IP addresses of the same interface cannot be in the same network segment.
Data Preparation
To complete the configuration, you need the following data. l l Primary IP address and subnet mask of the interface Secondary IP address and subnet mask of the interface
Procedure
Step 1 Set the IP address for VLANIF 100 where GigabitEthernet 1/0/1 of the Switch belongs.
<Quidway> system-view [Quidway] vlan 100 [Quidway-Vlan100] quit [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface vlanif 100 [Quidway-Vlanif100] ip address 172.16.1.1 24 [Quidway-Vlanif100] ip address 172.16.2.1 24 sub
Step 2 Verify the configuration. # Ping a host on network segment 172.16.2.0 from Switch. The ping succeeds.
<Quidway> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128 --- 172.16.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/26/27 ms
time=25 time=27 time=26 time=26 time=26
ms ms ms ms ms
Ping a host on network segment 172.16.2.0 from the Switch. The ping succeeds.
<Quidway> ping 172.16.2.2 PING 172.16.2.2: 56 data bytes, press CTRL_C to break Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25 Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26 Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26 Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26 Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26 --- 172.16.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received
ms ms ms ms ms
Issue 01 (2011-07-15)

0.00% packet loss round-trip min/avg/max = 25/25/26 ms
----End
Configuration Files
Configuration file of the Switch
# sysname Quidway # vlan 100 # interface Vlanif100 ip address 172.16.1.1 255.255.255.0 ip address 172.16.2.1 255.255.255.0 sub # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # return
1.5.2 Example for Configuring a Tunnel Interface to Borrow the IP Address of a Loopback Interface
This section provides a configuration example of tunnel interface borrowing the IP address of a Loopback interface.
As shown in Figure 1-2, Tunnel 3/0/15 of Switch A is connected to Switch C through a tunnel. Tunnel 3/0/15 of Switch A is rarely used. To save IP addresses, configure Tunnel 3/0/15 of Switch A to borrow the IP address of Loopback0 of Switch A. Tunnel 3/0/15 of Switch C borrows the IP address of Loopback0 of Switch C. Figure 1-2 Networking diagram for configuring a tunnel interface to borrow an IP address of a loopback interface
SwitchB
LoopBack 0 116.116.116.116/32
SwitchA Tunnel Tunnel 3/0/15
SwitchC
LoopBack 0 9.9.9.9/32
Tunnel 3/0/15
PC 1
PC 2
Issue 01 (2011-07-15)
The configuration roadmap is as follows: l l l l Set addresses of the Loopback0 interfaces of Switch A and Switch C. Configure OSPF. Configure Tunnel 3/0/15 of Switch A to borrow the IP address of Loopback0. Configure Tunnel 3/0/15 of Switch C to borrow the IP address of Loopback0.
Data Preparation
To complete the configuration, you need the following data. l l l l IP address for Loopback0 of Switch A IP address for Loopback0 of Switch C Index for Loopback0 of Switch A Index for Loopback0 of Switch C
Procedure
Step 1 # Configure Switch A. # Set an IP address for Loopback0 of Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] interface loopback 0 [SwitchA-LoopBack0] ip address 116.116.116.116 32 [SwitchA-LoopBack0] quit
Configure OSPF.
[SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 116.116.116.116 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
# Configure Tunnel 3/0/15 to borrow the IP address of Loopback0.

[SwitchA] interface tunnel 3/0/15 [SwitchA-Tunnel3/0/15] ip address unnumbered interface loopback 0 [SwitchA-Tunnel3/0/15] quit
Step 2 Configure Switch C. The configuration procedure is the same as the configuration procedure of Switch A. Step 3 Verify the configuration. # Ping 9.9.9.9 on Switch A.
[SwitchA] ping 9.9.9.9 PING 9.9.9.9: 56 data bytes, press CTRL_C to break Reply from 9.9.9.9: bytes=56 Sequence=1 ttl=255 time=2 Reply from 9.9.9.9: bytes=56 Sequence=2 ttl=255 time=3 Reply from 9.9.9.9: bytes=56 Sequence=3 ttl=255 time=3 Reply from 9.9.9.9: bytes=56 Sequence=4 ttl=255 time=3 Reply from 9.9.9.9: bytes=56 Sequence=5 ttl=255 time=3 --- 9.9.9.9 ping statistics --5 packet(s) transmitted
ms ms ms ms ms
Issue 01 (2011-07-15)
10

5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # interface LoopBack0 ip address 116.116.116.116 255.255.225.255 # interface Tunnel3/0/15 ip address unnumbered interface LoopBack0 # ospf 1 area 0.0.0.0 network 116.116.116.116 0.0.0.0 # return
Configuration file of Switch C

# sysname SwitchC # interface LoopBack0 ip address 9.9.9.9 255.255.225.255 # interface Tunnel3/0/15 ip address unnumbered interface LoopBack0 # ospf 1 area 0.0.0.0 network 9.9.9.9 0.0.0.0 # return
Issue 01 (2011-07-15)
11
2 ARP Configuration
2
About This Chapter
ARP Configuration
ARP can map an IP address to a MAC address and implements transmission of Ethernet frames. 2.1 Overview of ARP An Ethernet device must support ARP. ARP implements dynamic mapping between Layer 3 IP addresses and Layer 2 MAC addresses. 2.2 Features of ARP Supported by the S7700 ARP can operate in either of two modes: static and dynamic. The extensions of ARP include proxy ARP, gratuitous ARP, and ARP-Ping. 2.3 Configuring Static ARP Static ARP indicates that there is a fixed mapping between an IP address and a MAC address. Static ARP needs to be configured by an administrator. 2.4 Optimizing Dynamic ARP If dynamic ARP is configured, the system automatically resolutes an IP address into an Ethernet MAC address. 2.5 Configuring Routed Proxy ARP Proxy ARP enables devices whose IP addresses belong to the same network segment but different physical networks to communicate with each other. 2.6 Configuring Proxy ARP Within a VLAN By configuring proxy ARP on a VLAN, you can interconnect isolated hosts on a VLAN. 2.7 Configuring Proxy ARP Between VLANs By configuring inter-VLAN proxy ARP, you can interconnect hosts on different VLANs. 2.8 Configuring ARP-Ping IP ARP-Ping IP is a method of detecting whether an IP address is used by another device on a local area network (LAN) by sending ARP packets. 2.9 Configuring ARP-Ping MAC ARP-Ping MAC is a method of detecting whether a MAC address is used by another device on a LAN by sending ICMP packets. 2.10 Maintaining ARP
2 ARP Configuration
The operations of ARP maintenance include clearing ARP statistics and monitoring ARP operating status. 2.11 Configuration Examples This section provides several configuration examples of ARP.
Issue 01 (2011-07-15)
13
2 ARP Configuration
2.1 Overview of ARP

An Ethernet device must support ARP. ARP implements dynamic mapping between Layer 3 IP addresses and Layer 2 MAC addresses. Each host or device on the Local Area Network (LAN) can be configured a 32-bit IP address to communicate with others. The assigned IP address is independent of the hardware address. On the Ethernet, a host or a device transmits and receives Ethernet frames according to a 48-bit Medium Access Control (MAC) address. The MAC address is also called the physical address or the hardware address, which is assigned to an Ethernet interface when equipment is produced. Therefore, on an interconnected network, an address resolution mechanism is required to provide the mapping between MAC addresses and IP addresses. The Address Resolution Protocol (ARP) maps an IP address to the corresponding MAC address.
2.2 Features of ARP Supported by the S7700

ARP can operate in either of two modes: static and dynamic. The extensions of ARP include proxy ARP, gratuitous ARP, and ARP-Ping. ARP is only used in the IPv4 environment and can only run on Ethernet links.
Introduction to ARP-Ping
ARP-Ping consists of ARP-Ping IP and ARP-Ping MAC. ARP-Ping is developed to maintain the deployed Layer 2 features.
Introduction to ARP-Ping IP
ARP-Ping IP uses ARP packets to check whether an IP address is used by another device on the LAN. Before configuring an IP address for a device, you need to check that this IP address is not used by another device on the network by sending the ARP packets. Then, you can take appropriate actions. You can also run the ping command to check whether the IP address is used by another device on the network. If enabled with the firewall function that does not reply to Ping packets, the destination host and device do not reply to Ping packets and think that the IP address is not in use. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall. In this way, the preceding situation does not occur.
Principles of ARP-Ping IP
ARP-Ping IP sends ARP Request packets. The following describes how to implement ARP-Ping IP: 1. 2. After setting the specified IP address through command lines, you can send ARP Request packets and start the timeout timer. After receiving an ARP Request packet, each device or host on the LAN replies with an ARP Reply packet.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 14
Issue 01 (2011-07-15)
2 ARP Configuration
3.
After receiving the ARP Reply packet, the source device compares the source IP address contained in the Reply packet with the IP address input in the command line. If they are consistent, the MAC address corresponding to the input IP address is displayed and the timeout timer of ARP Reply packets is disabled. The operation finishes. If the timeout timer of ARP Reply packets times out, it means that the IP address is not in use.
As shown in Figure 2-1, Switch A and Gigabitethernet A are directly connected. You can run the arp-ping ip command on Switch A to check whether the IP address 10.1.1.2 is in use. Figure 2-1 Implementation procedure of ARP-Ping IP
Host B
Host A
10.1.1.3/32 10.1.1.2/32 GE1/0/0 10.1.1.1/24
SwitchA Gigabitethernet A
Run the arp-ping ip 10.1.1.2 command on Switch A. After receiving the ARP Reply packet from Host A 10.1.1.2 on the network, Switch A displays the MAC address of Host A.Switch A displays the MAC address of Node B. Through the command output, you can know whether the IP address is used by another host on the network.
NOTE
Introduction to ARP-Ping MAC

ARP-Ping MAC uses ICMP packets to check whether a MAC address is used by another device on the LAN. When you know a specific MAC address on a network segment but do not know the corresponding IP address, you can obtain the IP address corresponding to the MAC address by sending the broadcast Internet Control Messages Protocol (ICMP) packets through ARP-Ping MAC. In this way, you can query the IP address corresponding to the specific MAC address on the network segment.
Principles of ARP-Ping MAC

ARP-Ping MAC sends broadcast ICMP Echo Request packets. The following describes how to implement ARP-Ping MAC: 1. After setting the specified MAC address through the command line, you can send broadcast ICMP Echo Request packets and start the timeout timer.
Issue 01 (2011-07-15)
2 ARP Configuration
2. 3.
After receiving an ICMP Echo Request packet, each device or host on the LAN replies with an ICMP Echo Reply packet. After receiving the ICMP Echo Reply packet, the source device compares the source MAC address contained in the Echo Reply packet with the MAC address input in the command line. If they are consistent, the IP address of the Echo Reply packet is displayed. Then the source device prompts you that the MAC address is in use and disables the timeout timer. The operation finishes. If the timeout timer of the ICMP Echo Reply packets times out, it means that the MAC address is not in use.
NOTE
If the system denies the request for replying with the network segment address, the sender cannot receive the ICMP Echo Reply packet.
As shown in Figure 2-2, Switch A and Gigabitethernet A are directly connected. You can run the arp-ping mac command on Switch A to check whether the MAC address 0013-46E7-2EF5 is in use. Figure 2-2 Implementation procedure of ARP-Ping MAC
Host A
0013-46E7-2EF5 GE1/0/0 10.1.1.1/24
SwitchA Gigabitethernet A
The following describes how to implement ARP-Ping MAC on Switch A: Run the arp-ping mac 0013-46E7-2EF5 10.1.1.0 or arp-ping mac 0013-46E7-2EF5 gigabitethernet 1/0/0 command on Switch A. After receiving the ICMP Reply packets replied by all the hosts on the network, Switch A displays the IP address of the host with the MAC address 0013-46E7-2EF5. Through the command output, you can obtain the IP address corresponding to the MAC address.
NOTE
The arp-ping mac command is applicable to the outgoing interface in one of the following types: the Ethernet interface, Gigabit Ethernet interface, Eth-Trunk interface, and VLANIF interface.
2.3 Configuring Static ARP

Static ARP indicates that there is a fixed mapping between an IP address and a MAC address. Static ARP needs to be configured by an administrator.
Issue 01 (2011-07-15)
16
2 ARP Configuration

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring static ARP.
Static ARP is used in the following situations: l For the packets whose destination IP address is on another network segment, static ARP can help these packets traverse a gateway of the local network segment so that the gateway can forward the packets to their destination. When you need to filter out some packets with illegitimate destination IP addresses, static ARP can bind these illegitimate addresses to a nonexistent MAC address.
Before configuring ARP, complete the following tasks: l l l Configuring physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring link layer protocol parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Configuring the network layer protocol for the interface
Data Preparation
To configure ARP, you need the following data. No. 1 2 Data IP address and MAC address of the static ARP entry VPN instance name and VLAN ID to which the static ARP entry belongs
2.3.2 Configuring Common Static ARP Entries

Static ARP entries are required for the communication between common interfaces.
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
17
2 ARP Configuration

arp static ip-address mac-address
Configure common static ARP entries.

NOTE
Static ARP entries keep valid when a device works normally.
----End
2.3.3 Configuring Static ARP Entries in a VLAN

In the scenario where two users belong to the same VLAN but user isolation is configured in the VLAN, to implement communications between the two users, you need to enable static ARP within the VLAN on the member interface of the VLAN.
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device simultaneously, the virtual IP address of the VRRP backup group configured on the VLAN interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and thus packets cannot be normally forwarded.
NOTE
To configure static ARP for the packets with double tags, run the arp static cevid command. For details, see the Quidway S7700 Smart Routing Switch Command Reference - Ethernet.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Configure static ARP entries in a Virtual Local Area Network (VLAN). To configure static ARP entries in a VLAN, do as follows: l Run the arp static ip-address mac-address [ vid vlan-id interface interface-type interfacenumber ] command. To configure static ARP entries for VLANIF interfaces, if an ARP entry contains only the IP address and MAC address, and the VLAN ID and outbound interface of the ARP packet are not specified, the system selects the outbound interface automatically. If the VLAN ID and outbound interface are specified, the system forwards the packet from the specified outbound interface. If the interface corresponding to the VLAN is bound to a Virtual Private Network (VPN), the device can automatically associate the configured static ARP entry with the VPN. This command is applicable to port-based VLANs. l Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlanid command.

NOTE
2 ARP Configuration
----End
2.3.4 Configuring Static ARP Entries in a VPN Instance

To implement Layer 2 interworking of the devices in a VPN instance, you can configure static ARP in the VPN instance.
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view

arp static ip-address mac-address vpn-instance vpn-instance-name
Configure static ARP entries in a VPN instance.

NOTE
----End

You can view the configuration of static ARP.
Prerequisite
The configurations of the ARP function are complete.
Procedure
l l l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics { all } command to check the statistics for ARP entries. Run the display arp trackcommand to check the ARP entries learned by VLANIF interfaces and view detailed information about the change of outbound interfaces.
----End
2 ARP Configuration
2.4 Optimizing Dynamic ARP

If dynamic ARP is configured, the system automatically resolutes an IP address into an Ethernet MAC address.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for optimizing dynamic ARP.
Dynamic ARP is one of functions owned by a device or host. You do not need to run a command to enable dynamic ARP but you can modify some parameters of dynamic ARP.
None
Data Preparation
Optimizing dynamic ARP, you need the following data. No. 1 2 Data Aging detection times of the dynamic ARP entry Aging time of the dynamic ARP entry
2.4.2 Modify the aging parameters of dynamic ARP

If the device needs to update ARP entries frequently, you can reduce the aging timeout period of ARP entries, increase the number of aging detections for ARP entries, and reduce the aging detection intervals of ARP entries.
Procedure
Step 1 Run:
system-view


arp detect-times detect-times
Issue 01 (2011-07-15)
20
2 ARP Configuration
The number of aging detection times of the dynamic ARP entries is configured. Step 4 Run:
arp expire-time expire-times
The timeout period for aging dynamic ARP entries is configured. By default, the aging detection times of the dynamic ARP entries is three, and the aging timeout period is 1200 seconds. Step 5 Run:
arp detect-mode unicast
The interface is configured to send ARP Aging Detection packets in unicast mode. By default, an interface sends ARP Aging Detection packets in broadcast mode. ----End
2.4.3 Enabling ARP Suppression Function

If the system receives a great number of ARP packets from the same source at a time, the system needs to update ARP entries repeatedly. To ensure the performance of the system, you can enable ARP suppression. In this manner, the system only responds to the ARP packets but does not update ARP entries.
Procedure
Step 1 Run:
system-view

arp-suppress enable
ARP suppression is enabled on the current device. ----End
2.4.4 Enabling Layer 2 Topology Detection Function

After Layer 2 topology detection is enabled, the system updates all the ARP entries corresponding to the VLANs to which a Layer 2 interface belongs, if this Layer 2 interface goes Up.
Procedure
Step 1 Run:
system-view

l2-topology detect enable
The Layer 2 topology detection function is enabled.

2 ARP Configuration
By default, this function is not enabled. ----End

You can view the configuration of dynamic ARP.
Prerequisite
The configurations of the ARP function are complete.
Procedure
l l l l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check information about ARP mapping tables based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics { all } command to check the statistics for ARP entries. Run the display arp trackcommand to check the ARP entries learned by VLANIF interfaces and view detailed information about the change of outbound interfaces.
----End
2.5 Configuring Routed Proxy ARP

Proxy ARP enables devices whose IP addresses belong to the same network segment but different physical networks to communicate with each other.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring routed proxy ARP.
The two physical networks of an enterprise are in different subnets of the same IP network, and are separated by a device. You need to enable the proxy ARP on the device interface connected to the physical networks. This enables communication between the two networks. Network IDs of subnet hosts must be the same. You need not configure default gateways for hosts.
Before configuring routed proxy ARP, complete the following tasks: l l Configuring the physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up
Issue 01 (2011-07-15)
2 ARP Configuration
Data Preparation
To configure routed proxy ARP, you need the following data. No. 1 2 Data Number of the interface to be enabled with routed proxy ARP IP address of the interface to be enabled with routed proxy ARP
2.5.2 Configure an IP Addresses for the Interface

The IP address assigned to a routed proxy ARP-enabled interface must be on the same network segment with the IP address of the host on the LAN to which this interface connects.
Procedure
Step 1 Run:
system-view

The VLANIF interface view is displayed. Routed proxy ARP can be enabled only on the VLANIF interface of the S7700. Step 3 Run:
The interface is configured with an IP address. The IP address configured for the interface must be in the same network segment with that of hosts in the LAN connected with this interface. ----End
2.5.3 Enabling the Routed Proxy ARP Function

To interconnect the subnets in the same IP network, you need to enable routed proxy ARP.
Procedure
Step 1 Run:
system-view

The VLANIF interface view is displayed.

2 ARP Configuration
Step 3 Run:
arp-proxy enable
By default, the routed proxy ARP function is disabled on the interface. After routed proxy ARP is enabled, you must reduce the aging time of ARP entries in the deviece so that the number of packets received but cannot be forwarded by the device is decreased. To configure the aging time of ARP entries. ----End

You can view the configuration of routed proxy ARP.
Prerequisite
The configurations of the routed proxy ARP function are complete.
Procedure
l l l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check information about ARP mapping tables based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics command to check statistics about ARP entries.
----End
2.6 Configuring Proxy ARP Within a VLAN

By configuring proxy ARP on a VLAN, you can interconnect isolated hosts on a VLAN.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring proxy ARP on a VLAN.
If two users are in the same VLAN but they are isolated from each other, to ensure the two users can communicate, you need to enable proxy ARP within the VLAN on the interface associated with the VLAN.
Before configuring proxy ARP within a VLAN, complete the following tasks: l l l
Issue 01 (2011-07-15)
Configuring physical attributes for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the VLAN Configuring user isolation in the VLAN
2 ARP Configuration
Data Preparation
To configure proxy ARP within a VLAN, you need the following data. No. 1 2 3 Data Number of the interface to be enabled with proxy ARP in a VLAN IP address of the interface to be enabled with proxy ARP in a VLAN VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN
2.6.2 Configure an IP Addresses for the Interface

The IP address assigned to an interface needs to be in the same network segment with the IP addresses of the users of the VLANs associated to this interface.
Procedure
Step 1 Run:
system-view

The VLANIF interface view is displayed. Intra-VLAN proxy ARP can be enabled on only the VLANIF interface of the S7700. Step 3 Run:
The interface is configured with an IP address. The IP address configured for the interface must be in the same network segment with that of hosts in the VLAN associated with this interface. ----End
2.6.3 Enabling Proxy ARP Within a VLAN

To interconnect isolated users on a VLAN, you need to enable intra-VLAN proxy ARP on the interface associated to the VLAN.
Procedure
Step 1 Run:
system-view

Issue 01 (2011-07-15)
25
2 ARP Configuration

arp-proxy inner-sub-vlan-proxy enable
Proxy ARP within a VLAN is enabled. ----End

You can view the configuration of intra-VLAN proxy ARP.
Prerequisite
The configurations of the proxy ARP within a VLAN function are complete.
Procedure
----End
2.7 Configuring Proxy ARP Between VLANs

By configuring inter-VLAN proxy ARP, you can interconnect hosts on different VLANs.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring inter-VLAN proxy ARP.
If two users belong to different VLANs and they need to communicate, you need to enable proxy ARP between VLANs on the sub-interface associated with the VLAN. IP addresses of hosts in a VLAN must be in the same network segment.
Before configuring proxy ARP between VLANs, complete the following tasks: l l Configuring physical attributes for the interface and ensuring that the status of the physical layer of the interface is Up Configuring VLAN aggregation
Data Preparation
To configure proxy ARP between VLANs, you need the following data.
2 ARP Configuration
No. 1 2 3
Data Number of the interface to be enabled with proxy ARP between VLANs IP address of the interface to be enabled with proxy ARP between VLANs VLAN ID associated with the interface to be enabled with proxy ARP between VLANs
2.7.2 Configuring an IP Addresses for the Interface

The IP address assigned to an interface needs to be in the same network segment with the IP addresses of the users of all the VLANs associated to this interface.
Procedure
Step 1 Run:
system-view

The VLANIF interface view is displayed. Inter-VLAN proxy ARP can be enabled only on the VLANIF interface of the S7700. Step 3 Run:
The interface is configured with an IP address. The IP address configured for the interface must be in the same network segment with that of hosts in the VLAN associated with this interface. ----End
2.7.3 Enabling Proxy ARP Between VLANs

To interconnect users on different VLANs, you need to enable inter-VLAN proxy ARP on the VLANIF interfaces.
Procedure
Step 1 Run:
system-view


2 ARP Configuration
Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable
Proxy ARP between VLANs is enabled. ----End

You can view the configuration of inter-VLAN proxy ARP.
Prerequisite
The configurations of Proxy ARP Between VLANs are complete.
Procedure
----End
2.8 Configuring ARP-Ping IP

ARP-Ping IP is a method of detecting whether an IP address is used by another device on a local area network (LAN) by sending ARP packets.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring ARP-Ping IP.
In the LAN, to configure an IP address for a device, you need to use the arp-ping ip command to check whether this IP address is used by another device in the network. You can also run the ping command to check whether the IP address is used by another device on the network. If enabled with the firewall function that does not reply to Ping packets, the destination host and device do not reply to Ping packets and think that the IP address is not in use. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall. In this way, the preceding situation does not occur.
Before configuring ARP-Ping IP, complete the following tasks: l Configuring parameters of the link layer protocol and IP addresses for the interfaces and ensuring that the status of the link layer protocol on the interfaces is Up.
Issue 01 (2011-07-15)
2 ARP Configuration
Data Preparation
To configure ARP-Ping IP, you need the following data. No. 1 Data IP address to be checked
2.8.2 Detecting the IP Address by Using the arp-ping ip Command

ARP-Ping IP detects whether an IP address is used by a device on a LAN by sending ARP requests.
Procedure
Step 1 Run: Check whether the IP address is in use. The following information is displayed: l If the following information is displayed, it means that the IP address is not in use.
[Quidway] arp-ping ip 110.1.1.2 ARP-Pinging 110.1.1.2: Request timed out Request timed out Request timed out The IP address is not used by anyone!
l If the following information is displayed, it means that the IP address is in use.

[Quidway] arp-ping ip 128.1.1.1 ARP-Pinging 128.1.1.1: 128.1.1.1 is used by 00e0-517d-f202
----End
2.9 Configuring ARP-Ping MAC

ARP-Ping MAC is a method of detecting whether a MAC address is used by another device on a LAN by sending ICMP packets.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring ARP-Ping MAC.
To check whether a MAC address is in use or query the IP address through the MAC address, you can use the arp-ping mac command.
Before configuring ARP-Ping MAC, complete the following tasks:
2 ARP Configuration
Configuring parameters of the link layer protocol and IP addresses for the interfaces and ensuring that the status of the link layer protocol on the interfaces is Up.
Data Preparation
To configure ARP-Ping MAC, you need the following data. No. 1 Data MAC address to be checked
2.9.2 Detecting the MAC Address by Using the arp-ping mac Command
ARP-Ping MAC detects whether an IP address is used by a device on a LAN by sending ICMP packets.
Procedure
Step 1 Run:
arp-ping mac mac-address { ip-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number }
Check whether the MAC address is in use. Alternatively, you can query the IP address through the MAC address. The following information is displayed: l If the following information is displayed, it means that the MAC address is not in use.
[Quidway] arp-ping mac 00e0-517d-f201 interface gigabitethernet 1/0/0 OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-01], press CTRL_C to break Request timed out Request timed out Request timed out ----- ARP-Ping MAC statistics ----3 packet(s) transmitted 0 packet(s) received MAC[00-E0-51-7D-F2-01] not be used
l If the following information is displayed, it means that the MAC address is in use.
[Quidway] arp-ping mac 00e0-517d-f202 interface gigabitethernet 1/0/0 OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-02], press CTRL_C to break ----- ARP-Ping MAC statistics ----1 packet(s) transmitted 1 packet(s) received IP ADDRESS MAC ADDRESS 128.1.1.1 00-E0-51-7D-F2-02
----End
2.10 Maintaining ARP

The operations of ARP maintenance include clearing ARP statistics and monitoring ARP operating status.
2 ARP Configuration
2.10.1 Clearing ARP Entries

This section describes ARP entries clearance through the reset command.
Context
CAUTION
l The mapping between the IP and MAC addresses is deleted after you clear ARP entries. So, confirm the action before you use the command. l The static ARP entries cannot restore after you clear it. So, confirm the action before you use the command.
Procedure
Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | static } command in the user view to clear the ARP entries in the ARP mapping table. ----End
2.10.2 Monitoring Network Operation Status of ARP

This section describes ARP operation monitoring through the display command.
Context
In routine maintenance, you can run the following command in any view to check the operation of ARP.
Procedure
l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command in any view to check the information about the ARP mapping table based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command in any view to check the information about ARP mapping tables based on VPN instances. Run the display arp track command in any view to check the information about the outbound interfaces change of ARP entries learned by VLANIF interfaces.
l l
----End
2.10.3 Debugging ARP

This section describes ARP debugging through the debugging command.
Issue 01 (2011-07-15)
31
2 ARP Configuration
Context
CAUTION
Debugging affects the performance of the system. Thus, after debugging, run the undo debugging all command to disable debugging immediately. When the CPU usage is close to 100%, debugging ARP may cause the board resetting. So, confirm the action before you use the command. When faults occur during ARP operation, run the following debugging command in the user view to debug ARP and locate the fault. For more information, see chapter "Information Center Configuration" in the Quidway S7700 Smart Routing Switch Configuration Guide-System Management. For descriptions about the debugging commands, see the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
l l Run the debugging arp packet [ interface interface-type interface-number | slot slot-id ] command in the user view to debug ARP. Run the debugging arp-proxy [ inner-sub-vlan-proxy | inter-sub-vlan-proxy ] [ interface interface-type interface-number ] command in the user view to debug proxy ARP. Run the debugging arp process [slot slot-id | interface interface-type interface-number ] command in the user view to debug the processing of ARP packets.
----End

This section provides several configuration examples of ARP.
2.11.1 Example for Configuring ARP

As shown in Figure 2-3, GE 1/0/1 of the Switch is connected to the host through the LAN switch (LSW); GE 1/0/2 is connected to the server through the router. It is required that: l l l GE 1/0/1 should be added to VLAN 2, and GE 1/0/2 should be added to VLAN 3. To adapt to fast changes of the network and ensure correct forwarding of packets, dynamic ARP parameters need to be set on VLANIF 2 of the Switch. To ensure communication security between hosts and the server, and prevent invalid ARP packets, a static ARP entry needs to be created on GE 1/0/2 of the Switch. In the ARP entry, the IP address of the router is 10.2.2.3 and the MAC address is 00e0-fc01-0000.
Issue 01 (2011-07-15)
32
2 ARP Configuration
Figure 2-3 Networking diagram for configuring ARP
Server Internet
Router GE1/0/2 Switch GE1/0/1 LSW PC1 PC2 PC2
The configuration roadmap is as follows: 1. 2. 3. Create a VLAN and add an interface to the VLAN. Set dynamic ARP parameters on a VLANIF interface at the user side. Create a static ARP entry.
Data Preparation
To complete the configuration, you need the following data: l l l l GE 1/0/1 added to VLAN 2 and GE 1/0/2 added to VLAN 3 VLANIF 2 with the IP address being 2.2.2.2 and subnet mask being 255.255.255.0, aging time of ARP entries being 60s, and number of detection times being 2 LSW with the IP address being 2.2.2.1 and subnet mask being 255.255.255.0 Interface connecting the router and the Switch, with the IP address being 10.2.2.3, subnet mask being 255.255.255.0, and MAC address being 00e0-fc01-0000
Procedure
Step 1 Create a VLAN and add an interface to the VLAN. # Create VLAN 2 and VLAN 3.

<Quidway> system-view [Quidway] vlan batch 2 3
2 ARP Configuration
# Add GE 1/0/1 to VLAN 2 and add GE 1/0/2 to VLAN 3.

[Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/1] port [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/2] port [Quidway-GigabitEthernet1/0/2] quit 1/0/1 hybrid tagged vlan 2 1/0/2 hybrid tagged vlan 3
Step 2 Set dynamic ARP parameters on a VLANIF interface. # Create VLANIF2.

[Quidway] interface vlanif 2
# Assign an IP address to VLANIF 2.

[Quidway-Vlanif2] ip address 2.2.2.2 255.255.255.0
# Set the aging time of ARP entries to 60s.

[Quidway-Vlanif2] arp expire-time 60
# Set the number of detection times before deleting ARP entries to 2.

[Quidway-Vlanif2] arp detect-times 2 [Quidway-Vlanif2] quit
Step 3 Create a static ARP entry. # Create VLANIF 3.


[Quidway-Vlanif3] ip address 10.2.2.2 255.255.255.0 [Quidway-Vlanif3] quit
# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN ID 3, and outgoing interface GE 1/0/2.
[Quidway] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface gigabitethernet 1/0/2 [Quidway] quit
Step 4 Verify the configuration. # Run the display current-configuration command. You can view the aging time of ARP entries, the number of detection times before deleting ARP entries, and the ARP mapping table.
<Quidway> display current-configuration | include arp arp expire-time 60 arp detect-times 2 arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2
----End
Configuration Files
The following is the configuration file of the Switch.
# sysname Quidway # vlan batch 2 to 3
Issue 01 (2011-07-15)
34
2 ARP Configuration
# interface Vlanif2 ip address 2.2.2.2 255.255.255.0 arp expire-time 60 arp detect-times 2 # interface Vlanif3 ip address 10.2.2.2 255.255.255.0 # interface GigabitEthernet 1/0/1 port hybrid tagged vlan 2 # interface GigabitEthernet 1/0/2 port hybrid tagged vlan 3 # arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2 # return
2.11.2 Example for Configuring Routed Proxy ARP

As shown in Figure 2-4, GE 1/0/0 and GE 1/0/1 of the Switch are connected to a LAN respectively, and the network IDs of the two LANs are 172.16.0.0/16. Host A and Host B are not configured with the default gateway. It is required that routed proxy ARP should be enabled on the Switch so that hosts in the two LANs can communicate. Figure 2-4 Networking diagram for configuring routed proxy ARP
Host A 172.16.1.2/16 0000-5e33-ee20 GE1/0/0 172.16.1.1/24 VLAN 2 Switch Ethernet A
Host B 172.16.2.2/16 0000-5e33-ee10 GE1/0/1 172.16.2.1/24 VLAN 3
Ethernet B
The configuration roadmap is as follows: 1. 2. 3. Assign an IP Address to an interface. Enable routed proxy ARP on the interface. Configure the default route.
Data Preparation
To complete the configuration, you need the following data:
2 ARP Configuration
l l l
IP addresses of the interfaces Default route IP addresses of the hosts
Procedure
Step 1 Create VLAN 2 and add GE 1/0/0 to VLAN 2.
<Quidway> system-view [Quidway] vlan 2 [Quidway-vlan2] quit [Quidway] interface gigabitethernet 1/0/0 [Quidway-GigabitEthernet1/0/0] port link-type access [Quidway-GigabitEthernet1/0/0] port default vlan 2 [Quidway-GigabitEthernet1/0/0] quit
Step 2 Create and configure VLANIF 2.

[Quidway] interface vlanif 2 [Quidway-Vlanif2] ip address 172.16.1.1 255.255.255.0
Step 3 Enable routed proxy ARP on VLANIF 2.

[Quidway-Vlanif2] arp-proxy enable [Quidway-Vlanif2] quit
Step 4 Create VLAN 3 and add GE 1/0/1 to VLAN 3.

[Quidway] vlan 3 [Quidway-vlan3] quit [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port link-type access [Quidway-GigabitEthernet1/0/1] port default vlan 3 [Quidway-GigabitEthernet1/0/1] quit
Step 5 Create and configure VLANIF 3.

[Quidway] interface vlanif 3 [Quidway-Vlanif3] ip address 172.16.2.1 255.255.255.0
Step 6 Enable routed proxy ARP on VLANIF 3.

[Quidway-Vlanif3] arp-proxy enable [Quidway-Vlanif3] quit
Step 7 Configure the hosts. # Assign IP address 172.16.1.2/16 to Host A. # Assign IP address 172.16.2.2/16 to Host B. Step 8 Verify the configuration. # Ping Host B from Host A. The ping operation is successful. ----End
Configuration Files
# sysname Quidway # vlan batch 2 to 3 # interface Vlanif2 ip address 172.16.1.1 255.255.255.0
Issue 01 (2011-07-15)
36

arp-proxy enable # interface Vlanif3 ip address 172.16.2.1 255.255.255.0 arp-proxy enable # interface GigabitEthernet1/0/0 port link-type access port default vlan 2 # interface GigabitEthernet1/0/1 port link-type access port default vlan 3 # return
2 ARP Configuration
2.11.3 Example for Configuring Intra-VLAN Proxy ARP

As shown in Figure 2-5, GE 1/0/1 and GE 1/0/0 of the Switch belong to sub-VLAN 2. SubVLAN 2 belong to super-VLAN 3. It is required that: l l Host A and host B in VLAN 2 should be isolated at Layer 2. Host A should communicate with host B at Layer 3 through intra-VLAN proxy ARP.
The IP address and subnet mask of the VLANIF interface in super-VLAN 3 should be 10.10.10.1 and 255.255.255.0. Figure 2-5 Networking diagram for configuring intra-VLAN proxy ARP
Internet
Switch GE1/0/1 hostB 10.10.10.3/24 00-e0-fc-00-00-03 sub-VLAN2 GE1/0/0 hostA 10.10.10.2/24 00-e0-fc-00-00-02
The configuration roadmap is as follows: 1. 2.
Issue 01 (2011-07-15)
Create and configure a super-VLAN and a sub-VLAN. Add an interface to the sub-VLAN.
2 ARP Configuration
3. 4.
Create a VLANIF interface of the super-VLAN and assign an IP address to the VLANIF interface. Enable intra-VLAN proxy ARP on the VLANIF interface of the super-VLAN.
Data Preparation
To complete the configuration, you need the following data: l l l VLAN IDs of the super-VLAN and sub-VLAN GE 1/0/1 and GE 1/0/0 belonging to sub-VLAN 2 IP address and subnet mask of VLANIF 3 of super-VLAN 3 being 10.10.10.1 and 255.255.255.0
Procedure
Step 1 Configure the super-VLAN and sub-VLAN. # Configure sub-VLAN 2.
<Quidway> system-view [Quidway] vlan 2 [Quidway-vlan2] quit
# Enable port isolation on GE 1/0/0 and GE 1/0/1.

[Quidway] port-isolate mode l2 [Quidway] interface gigabitethernet 1/0/0 [Quidway-GigabitEthernet1/0/0] port-isolate enable [Quidway-GigabitEthernet1/0/0] quit [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port-isolate enable [Quidway-GigabitEthernet1/0/1] quit
# Add GE 1/0/0 and GE 1/0/1 to sub-VLAN 2.

[Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/0] port [Quidway-GigabitEthernet1/0/0] port [Quidway-GigabitEthernet1/0/0] quit [Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/1] port [Quidway-GigabitEthernet1/0/1] port [Quidway-GigabitEthernet1/0/1] quit 1/0/0 link-type access default vlan 2 1/0/1 link-type access default vlan 2
# Configure super-VLAN 3 and add sub-VLAN 2 to super-VLAN 3.

[Quidway] vlan 3 [Quidway-vlan3] aggregate-vlan [Quidway-vlan3] access-vlan 2 [Quidway-vlan3] quit
Step 2 Create and configure VLANIF 3. # Create VLANIF 3.


[Quidway-Vlanif3] ip address 10.10.10.1 24
Step 3 Enable intra-VLAN proxy ARP on VLANIF 3.

[Quidway-Vlanif3] arp-proxy inner-sub-vlan-proxy enable [Quidway-Vlanif3] quit
Step 4 Verify the configuration.

2 ARP Configuration
# Run the display current-configuration command. You can view the configurations of the super-VLAN, sub-VLAN, and VLANIF interface. For query results, see the following configuration file. # Run the display arp command to view all the ARP entries.
<Quidway> display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN -----------------------------------------------------------------------------10.10.10.1 0018-2000-0083 I Vlanif3 10.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0 2/10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1 2/-----------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1
----End
Configuration Files
The following lists the configuration file of the Switch.
# sysname Quidway # vlan batch 2 to 3 # vlan 3 aggregate-vlan access-vlan 2 # interface Vlanif3 ip address 10.10.10.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable # interface GigabitEthernet1/0/0 port link-type access port default vlan 2 port-isolate enable group 1 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 port-isolate enable group 1 # return
2.11.4 Example for Configuring Inter-VLAN Proxy ARP

As shown in Figure 2-6, VLAN 2 and VLAN 3 constitute super-VLAN 4. It is required that: l l Hosts in the sub-VLANs 2 and 3 should not be pinged mutually. Hosts in VLAN 2 and VLAN 3 should be pinged mutually after inter-VLAN proxy ARP is enabled.
Issue 01 (2011-07-15)
39
2 ARP Configuration
Figure 2-6 Networking diagram for configuring inter-VLAN proxy ARP
Switch
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
The configuration roadmap is as follows: 1. 2. 3. 4. Configure a super-VLAN and a sub-VLAN. Add an interface to the sub-VLAN. Create an VLANIF interface of the super-VLAN and assign an IP address to the VLANIF interface. Enable inter-VLAN proxy ARP.
Data Preparation
To complete the configuration, you need the following data: l l l l VLAN IDs of the super-VLAN and sub-VLAN GE 1/0/1 and GE 1/0/0 belonging to sub-VLAN 2 GE 2/0/0 and GE 2/0/1 belonging to sub-VLAN 3 IP address and subnet mask of VLANIF 4 in super-VLAN 4 being 10.10.10.1 and 255.255.255.0
Procedure
Step 1 Configure the super-VLAN and sub-VLAN. # Configure sub-VLAN 2.
# Add GE 1/0/0 and GE 1/0/1 to sub-VLAN 2.

[Quidway] interface gigabitethernet 1/0/0 [Quidway-GigabitEthernet1/0/0] port link-type access [Quidway-GigabitEthernet1/0/0] port default vlan 2
Issue 01 (2011-07-15)
40

[Quidway-GigabitEthernet1/0/0] quit [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port link-type access [Quidway-GigabitEthernet1/0/1] port default vlan 2 [Quidway-GigabitEthernet1/0/1] quit
2 ARP Configuration
# Configure sub-VLAN 3.
# Add GE2/0/0 and GE2/0/1 to sub-VLAN 3.

# Configure super-VLAN 4 and add sub-VLAN 2 to super-VLAN 4.

[Quidway] vlan 4 [Quidway-vlan4] aggregate-vlan [Quidway-vlan4] access-vlan 2 [Quidway-vlan4] access-vlan 3 [Quidway-vlan4] quit
Step 2 Create and configure VLANIF 4. # Create VLANIF 4.


[Quidway-Vlanif4] ip address 10.10.10.1 24
Step 3 Enable inter-VLAN proxy ARP on VLANIF 4.

[Quidway-Vlanif4] arp-proxy inter-sub-vlan-proxy enable [Quidway-Vlanif4] quit
Step 4 Verify the configuration. # Run the display current-configuration command. You can view the configurations of the super-VLAN, sub-VLAN, and VLANIF interface. For query results, see the following configuration file. # Run the display arp command to view all the ARP entries.
<Quidway> display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN -----------------------------------------------------------------------------10.10.10.1 0018-2000-0083 I Vlanif4 10.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0 2/10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1 2/10.10.10.4 00e0-fc00-0004 19 D-0 GE2/0/0 3/10.10.10.5 00e0-fc00-0005 19 D-0 GE2/0/1 3/-----------------------------------------------------------------------------Total:5 Dynamic:4 Static:0 Interface:1
----End
2 ARP Configuration
Configuration Files
The following lists the configuration file of the Switch.
# sysname Quidway # vlan batch 2 to 4 # vlan 4 aggregate-vlan access-vlan 2 to 3 # interface Vlanif4 ip address 10.10.10.1 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable # interface GigabitEthernet1/0/0 port link-type access port default vlan 2 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 # interface GigabitEthernet2/0/0 port link-type access port default vlan 3 # interface GigabitEthernet2/0/1 port link-type access port default vlan 3 # return
2.11.5 Example for Configuring Layer 2 Topology Detection

As shown in Figure 2-7, two GE interfaces are added to VLAN 100 in default mode and the IP addresses of the two GE interfaces are shown in the figure. Figure 2-7 Networking diagram for configuring Layer 2 topology detection
Switch
VLANIF100 10.1.1.2/24 PC B 10.1.1.3/24
PC A 10.1.1.1/24
VLAN100
Issue 01 (2011-07-15)
42
2 ARP Configuration
The configuration roadmap is as follows: 1. 2. Add two GE interfaces to VLAN 100 in default mode. Enable Layer 2 topology detection and view changes of ARP entries.
Data Preparation
To complete the configuration, you need the following data: l l Types and numbers of the interfaces to be added to a VLAN IP addresses of the VLANIF interface and the PCs
Procedure
Step 1 Create VLAN 100 and add the two GE interfaces of the Switch to VLAN 100 in default mode. # Create VLANIF 100 and assign an IP addresses to VLANIF 100.
<Quidway> system-view [Quidway] vlan 100 [Quidway-vlan100] quit [Quidway] interface vlanif 100 [Quidway-vlanif100] ip address 10.1.1.2 24 [Quidway-vlanif100] quit
# Add the two GE interfaces to VLAN 100 in default mode.

Step 2 # Enable Layer 2 topology detection.

[Quidway] l2-topology detect enable
Step 3 Restart GE 1/0/1 and view changes of the ARP entries and aging time. # View ARP entries on the Switch. You can find that the Switch has learnt the MAC address of the PC.
[Quidway] display arp all IP ADDRESS MAC ADDRESS INSTANCE EXPIRE(M) TYPE INTERFACE VPN-
VLAN/CEVLAN ----------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I Vlanif100 10.1.1.1 00e0-c01a-4901 20 D-0 GE1/0/1 10.1.1.3 00e0-de24-bf04 20 D-0 GE1/0/2 ----------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1
# Run the shutdown command and then the undoshutdown command on GE 1/0/1 to view the aging time of ARP entries.
[Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] shutdown [Quidway-GigabitEthernet1/0/1] undo shutdown [Quidway-GigabitEthernet1/0/1] display arp all
Issue 01 (2011-07-15)
43

IP ADDRESS MAC ADDRESS
2 ARP Configuration
EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN ---------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I Vlanif100 10.1.1.3 00e0-de24-bf04 0 D-0 GE1/0/2 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1
NOTE
According to the displayed information, the ARP entry learned from GE 1/0/1 is deleted after GE 1/0/1 is shut down. The aging time of ARP entries learned from GE 1/0/2 becomes 0 after GE1/0/1 is restored and becomes Up again. When the aging time is 0, the Switch sends an ARP probe packet for updating ARP entries.
[Quidway-GigabitEthernet1/0/1] display arp all IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN ---------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I Vlanif100 10.1.1.3 00e0-de24-bf04 20 D-0 GE1/0/2 ---------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1
NOTE
After the ARP entry is updated, the aging time is restored to the default value, 20 minutes.
----End
Configuration Files
# sysname Quidway # L2-topolgy detect enable # vlan 100 # interface Vlanif100 ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type access port default vlan 100 # interface GigabitEthernet1/0/2 port link-type access port default vlan 100 # return
Issue 01 (2011-07-15)
44
3 DHCP Configuration
3
About This Chapter
DHCP Configuration
The DHCP technology is applicable to a variety of networks. It ensures proper IP address allocation and saves IP addresses on networks. 3.1 Introduction to DHCP Dynamic Host Configuration Protocol (DHCP) enables a client to dynamically obtain a valid IP address. 3.2 DHCP Features Supported by the S7700 The S7700 can be used as a DHCP server or a DHCP relay agent. 3.3 Configuring the DHCP Server Based on the Global Address Pool A DHCP server can allocate IP addresses to clients by using the global address pool. 3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool If a DHCP server based on a VLANIF interface address pool is configured, all the users going online through this interface obtain IP addresses from the VLANIF interface address pool. 3.5 Configuring the DHCP Relay Agent By using a DHCP relay agent, the DHCP clients on a local area network (LAN) can communicate with the DHCP servers on other network segments, and obtain IP addresses from them. The DHCP clients on different network segments can also use one DHCP server. This reduces costs and achieves centralized device management. 3.6 Maintaining DHCP After DHCP configurations are complete, you can clear DHCP statistics and monitor DHCP operation. 3.7 Configuration Examples DHCP configuration examples explain the networking requirements, networking diagram, configuration notes, configuration roadmap, and configuration procedure. The configuration examples involve various usage scenarios of DHCP.
Issue 01 (2011-07-15)
45
3.1 Introduction to DHCP

Dynamic Host Configuration Protocol (DHCP) enables a client to dynamically obtain a valid IP address.
Overview
Network scales and complexity grow fast, so the network configurations become increasingly complicated. For example, the locations of hosts such as portable computers and wireless network terminals frequently change, and the number of hosts often exceeds the number of available IP addresses. The DHCP is developed to solve the preceding problems. DHCP works in the client/server model. A DHCP client requests the DHCP server for configurations, and the DHCP server sends the configurations to the client. The DHCP protocol requires that the DHCP clients and DHCP server be in the same network segment; therefore, each network segment needs a DHCP server. This wastes resources. DHCP relay achieves address allocation between network segments.
Definition
DHCP server A DHCP server allocates IP addresses to clients. A client sends a packet to the server to request for configurations such as the IP address, subnet mask, and default gateway. After receiving the packet, the server replies with a packet carrying the corresponding configurations according to policies. Both the Request and Reply packets are encapsulated in UDP packets. DHCP relay agent A DHCP relay agent transparently transmits DHCP broadcast packets between the DHCP clients and DHCP server that are on different network segments.
3.2 DHCP Features Supported by the S7700

The S7700 can be used as a DHCP server or a DHCP relay agent. Table 3-1 describes the DHCP usage scenarios where the S7700 is used. Table 3-1 DHCP usage scenarios Usage DHCP server based on the global address pool DHCP server based on the interface address pool DHCP relay agent Scenario The DHCP clients and DHCP server are on the same network segment or on different network segments. The DHCP clients and DHCP server are on the same network segment. The DHCP clients and DHCP server are different network segments.
Issue 01 (2011-07-15)
46
Using the S7700 as a DHCP Server

The S7700 can function as a DHCP server to allocate IP addresses to clients. A client sends a packet to the server to request for configurations such as the IP address, subnet mask, and default gateway. After receiving the packet, the server replies with a packet carrying the corresponding configurations according to policies. Both the Request and Reply packets are encapsulated in UDP packets. The S7700 allocates IP addresses to clients by using the global address pool or an interface address pool. l Using the global address pool: When an interface of the S7700 receives a DHCP packet from a DHCP client, the S7700 allocates an IP address to the client from the global address pool. For details about configuring the global address pool, see 3.3 Configuring the DHCP Server Based on the Global Address Pool. Using an interface address pool: When an interface of the S7700 receives a DHCP packet from a DHCP client, the S7700 allocates an IP address to the client from the interface address pool. If there is no available address in the interface address pool, the S7700 uses the global address pool that contains the addresses in the interface address pool. For details about configuring the interface address pool, see 3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool.
NOTE
The S7700 supports the DHCP snooping function. For details about DHCP snooping, see the Quidway S7700 Smart Routing Switch Configuration Guide - Security.
Using the S7700 as a DHCP Relay Agent

When functioning as a DHCP relay agent, the S7700 forwards the DHCP packets to the DHCP servers or clients on different network segments. The DHCP clients on different networks can use one DHCP server. The DHCP relay agent saves costs and facilitates device management. After receiving a DHCP packet from a DHCP client, the S7700 functioning as a DHCP relay agent forwards the DHCP packet to a DHCP server, and then the DHCP server allocates an IP address to the client. For details about configuring the DHCP relay agent, see 3.5 Configuring the DHCP Relay Agent.
Application
The S7700 functions as a DHCP server and is in the same network segment as the DHCP clients. On this network, the DHCP server can use the global address pool or the interface address pool. Figure 3-1 DHCP clients and DHCP server are on the same network segment
100.10.10.3/24
100.10.10.4/24 DHCP Server 100.10.10.1/24
100.10.10.2/24
An S7700 functions as a DHCP server and another one functions as a DHCP relay agent. The DHCP server and DHCP clients are on different network segments. On this network, the DHCP server can use only the global address pool. Figure 3-2 DHCP clients and DHCP server are on different network segments
Internet
DHCP Server 100.10.10.1/24 SwitchA
DHCP Relay 20.20.20.1/24
SwitchB
DHCP Client
DHCP Client
DHCP Client
3.3 Configuring the DHCP Server Based on the Global Address Pool
A DHCP server can allocate IP addresses to clients by using the global address pool.

Before configuring the DHCP server based on the global address pool, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
On an enterprise network, if the computers are connected to the DHCP server through another network, the global address pool needs to be configured on the S7700 to allocate IP addresses to computers, as shown in Figure 3-3.
Issue 01 (2011-07-15)
48
Figure 3-3 Networking diagram for configuring the DHCP server based on the global address pool
NetBIOS server
DHCP client
DHCP client
DHCP client
SwtichB SwtichA DHCP server
SwtichC
DNS server
DHCP client
DHCP client
DHCP client
When the S7700 functions as the DHCP server based on the global address pool, it must work with the DHCP relay agent.
Before configuring the DHCP server based on the global address pool, complete the following tasks: l l l l l Ensuring that the link between the DHCP clients and the S7700 works properly and the DHCP clients can communicate with the S7700 (Optional) Configuring the DNS server (Optional) Configuring the NetBIOS server Configuring routes from the S7700 to the DNS server and the NetBIOS server (The routes are required only when the servers are configured.) (Optional) Configuring the customized DHCP option
Data Preparation
Before configuring the DHCP server based on the global address pool, you need the following data. No. 1 Data Address pool name, IP address range, IP address lease, IP addresses not to be allocated in the IP address pool (optional), and IP address and MAC address that need to be statically bound (optional) Egress gateway of the DHCP clients (Optional) IP address of the DNS server and domain name of the DHCP clients
2 3
Issue 01 (2011-07-15)
No. 4 5
Data (Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP clients (Optional) Code of the customized DHCP option and corresponding ASCII character string, hexadecimal numeral, or IP address
3.3.2 Configuring an Interface to Use Global Address Pool

When a DHCP server receives a DHCP packet from a client, the server can allocate an IP address to the client from the global address pool.
Context
Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view

dhcp enable
The DHCP function is enabled. Step 3 Run:


ip address ip address { mask | mask-length}
An IP address is allocated to the VLANIF interface. If there is no DHCP relay agent between the DHCP clients and S7700, the S7700 allocates IP addresses that are in the same network segment as the interface address to the clients connected to this interface. If the VLANIF interface is not configured with an IP address or no address pool is on the same network segment as the interface address, the clients cannot go online. If there is a DHCP relay agent between the DHCP clients and S7700, the S7700 parses the gateway address in the received DHCP packets forwarded by the DHCP relay agent. If the gateway address does not match an entry in the address pool, the clients cannot go online. Step 5 Run:
dhcp select global
Issue 01 (2011-07-15)
50
The DHCP function is enabled on the interface and the DHCP server allocates IP addresses to clients by using the global address pool. ----End
3.3.3 Configuring Address Allocation Mode for Global Address Pool

According to the requirements of clients, you can select the static binding mode or the dynamic allocation mode for the address pool, but the two modes cannot be enabled simultaneously for the same IP address in the global address pool.
Context
Up to 256 address pools can be configured on the S7700, including the global address pools and interface address pools. The number of address pools of each type is not limited. To use the dynamic allocation mode, you must specify the range of addresses to be allocated; to use the static binding mode, only one address can be allocated to a client. The global address pool attributes include the IP address range, IP address lease, IP addresses not to be automatically allocated, and IP addresses to be statically bound to MAC addresses. Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view

ip pool ip-pool-name
The global address pool view is displayed. By default, no global address pool exists on the S7700. Step 3 Run:
network ip-address [ mask { mask | mask-length } ]
The range of IP addresses in the address pool is set. An address pool can contain only one address segment. The address range of the address pool is set by the mask, and must be within the network segment where the gateway is located. Step 4 Run:
lease { day day [ hour hour [ minute minute ] ] | unlimited }
The lease of IP addresses is set. By default, the IP address lease is one day. Different address pools on a DHCP server can be set with different IP address leases, but the IP addresses in one address pool must be set with the same lease. Step 5 (Optional) Run:
excluded-ip-address start-ip-address [ end-ip-address ]
Issue 01 (2011-07-15)
51
The IP addresses that cannot be automatically allocated in the DHCP address pool are configured. Some IP addresses are reserved for other services, for example, the IP address of the DNS server cannot be allocated to clients. You can run the excluded-ip-address command to configure the IP addresses that are not allocated in the DHCP address pool. If you run the excluded-ipaddress command multiple times, you can set multiple IP address ranges that cannot be automatically allocated in the DHCP address pool. Step 6 (Optional) Run:
static-bind ip-address ip-address mac-address mac-address
An IP address in the address pool is bound to a MAC address. When a client requires a fixed IP address, bind an idle IP address in the address pool to the MAC address of the client. Step 7 Run:
gateway-list ip-address &<1-8>
The egress gateway is configured for the global address pool.

NOTE
To load balance the traffic and improve the reliability of the network, you can configure multiple egress gateways. An IP address pool can be configured with up to eight gateway addresses. The gateway address cannot be a broadcast address of a subnet. When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress gateway address is the same as the egress gateway address of the DHCP relay agent.
----End
3.3.4 (Optional) Configuring DNS for Global Address Pool

Each client has a domain name. To enable DHCP clients to communicate by using their domain names and prevent IP address conflicts, the DHCP server needs to specify domain names for these clients when allocating IP addresses to them.
Context
On the DHCP server, the domain-name command specifies a domain name for each global address pool. When allocating IP addresses to clients, the DHCP server also sends the domain names to the clients. During domain name resolution, users only need to enter a part of the domain name, and then the system uses a complete domain name for resolution. Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view

The IP address pool view is displayed.

Step 3 Run:
domain-name domain-name
The DNS domain name to be allocated to the DHCP client is configured. On the DHCP server, you can specify a DNS domain name for each address pool. If the DNS domain name is configured, the DNS server used by the DHCP client is also specified. Step 4 Run:
dns-list ip-address &<1-8>
The IP address of the DNS server is configured for the DHCP client. To load balance the traffic and improve the reliability of the network, configure multiple DNS servers. Each address pool can be configured with a maximum of eight DNS servers. ----End
3.3.5 (Optional) Configuring NetBIOS for Global Address Pool

DHCP clients running on the Microsoft Windows operating system use the Network Basic Input Output System (NetBIOS) protocol for communication. The NetBIOS server translates host names to IP addresses for the clients.
Context
NOTE
NetBIOS: Network Basic Input Output System.
When a DHCP client uses the NetBIOS protocol for communication, the host names must be mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified into the following types: l l l l b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast mode. p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by communicating with the NetBIOS server. m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast features. h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end communication mechanism.
Procedure
Step 1 Run:
system-view

The IP address pool view is displayed.

Step 3 Run:
nbns-list ip-address &<1-8>
The NetBIOS server address of the DHCP client is configured. Each IP address pool can be configured with up to eight NetBIOS server addresses. Step 4 Run:
netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS type is set for DHCP clients. By default, the NetBIOS node type is not specified for DHCP clients. ----End
3.3.6 (Optional) Configuring the Customized DHCP Option for the Global Address Pool
DHCP provides various options. To use these options, add them to the attribute list of the DHCP server manually.
Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP Reply packet containing the option field.
NOTE
The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address lease. The system also provides commands to configure these functions separately. These commands take precedence over the option command. If no configuration command of these functions is run, the related options configured by using the option command take effect. Related commands: l l l DNS service: domain-name and dns-list NetBIOS service: nbns-list and netbios-type Lease: lease
Procedure
Step 1 Run:
system-view

The IP address pool view is displayed. Step 3 Run:

option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string &<1-10> | ip-address ip-address &<1-8> }
The DHCP option is configured.

After the option command is used, the specified option is carried by the DHCP Reply packet returned by the DHCP server. Before using this command, ensure that you know the functions of the option to be configured. For details on the DHCP options, see RFC 2132. ----End
3.3.7 (Optional) Preventing Repetitive Allocation of an IP Address

To prevent repetitive IP address allocation, the DHCP server pings the IP address to be allocated before allocating it to a client.
Context
Perform the following steps on the DHCP server. After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP address allocation. The DHCP server pings an IP address to be allocated. If there is no response to the ping packet within a certain period, the DHCP server continues to send ping packets to this IP address until the number of ping packets reaches the maximum value. If there is still no response, this IP address is not in use, and the DHCP server allocates the IP address to a client.
Procedure
Step 1 Run:
system-view

dhcp server ping packet number
The maximum number of ping packets is set. By default, the maximum number of ping packets to be sent by the S7700 is 0. That is, the S7700 does not ping the IP addresses to be allocated. Step 3 Run:
dhcp server ping timeout milliseconds
The period in which the S7700 waits for the response is set. By default, the period in which the S7700 waits for the response is 500 ms. ----End
3.3.8 (Optional) Configuring Automatic Saving of DHCP Data

You can configure the S7700 to save DHCP data to the storage device. When a fault occurs, you can restore data from the storage device.
Context
Perform the following steps on the DHCP server. When the S7700 functions as the DHCP server, you can enable the function of saving DHCP data so that IP address information is saved to the storage device periodically.
Procedure
Step 1 Run:
system-view

dhcp server database enable
The S7700 automatically saves DHCP data to the CF card. After the dhcp server database enable command is executed, the system generates the lease.txt and conflict.txt files in the CF card. The two files save the address lease information and address conflict information. Step 3 Run:
dhcp server database write-delay interval
The interval for saving DHCP data is set. By default, DHCP data is not automatically saved to CF card. After the S7700 is configured to automatically save DHCP data, the S7700 saves data every 7200 seconds by default and the latest data overwrites the previous data. Step 4 Run:
dhcp server database recover
The DHCP data in the storage device is restored. After the dhcp server database recover command is executed, the S7700 restores the DHCP data in the CF card. ----End

This section describes how to verify the configurations of the DHCP server based on the global address pool.
Prerequisite
The configurations of the DHCP server based on the global address pool are complete.
Procedure
l l Run the display dhcp server statistics command to view the statistics about the DHCP server. Run the display ip pool name ip-pool-name [ low-ip-address high-ip-address | all | expired | conflict | used ] command to view information about the global address pool.
----End
Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics Server Statistics:
Issue 01 (2011-07-15)
56
Client Request: Dhcp Discover: Dhcp Request: Dhcp Decline: Dhcp Release: Dhcp Inform: Server Reply: Dhcp Offer: Dhcp Ack: Dhcp Nak: Bad Messages:
6 1 4 0 1 0 4 1 3 0 0
Run the display ip pool name ip-pool-name command to view the IP address pool named huawei. The similar information is displayed.
<Quidway> display ip pool name huawei Pool-Name : huawei Pool-No : 2 Lease : 3 Days 0 Hours 0 Minutes Domain-name : DNS-Server0 : 10.10.10.5 DNS-Server1 : 10.10.10.6 NBNS-Server0 : 20.20.20.5 Netbios-type : Position : Local Status : Unlocked Gateway-0 : 10.10.10.10 Mask : 255.255.255.0 Vpn instance : --------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable -------------------------------------------------------------------------10.10.10.1 10.10.10.254 253 0 253 0 0 --------------------------------------------------------------------------
3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool
If a DHCP server based on a VLANIF interface address pool is configured, all the users going online through this interface obtain IP addresses from the VLANIF interface address pool.

Before configuring the DHCP server based on the interface address pool, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
If the DHCP clients and the DHCP server are on the same network segment, the interface address pool needs to be configured on the S7700 to allocate IP addresses for the clients, as shown in Figure 3-4.
Issue 01 (2011-07-15)
57
Figure 3-4 Networking diagram for configuring the DHCP server based on the interface address pool
Client
Client DHCP Server
Client
The interface address pool takes precedence over the global address pool. If an address pool is configured on an interface, the clients connected to the interface obtain IP addresses from the interface address pool even if a global address pool is configured. On an S7700, only VLANIF interfaces can be configured with address pools.
Before configuring the DHCP server based on the VLANIF interface address pool, complete the following tasks: l l l l Ensuring that the link between the DHCP clients and the S7700 works properly and the DHCP clients can communicate with the S7700 (Optional) Configuring the DNS server (Optional) Configuring the NetBIOS server Configuring routes from the S7700 to the DNS server and the NetBIOS server (The routes are required only when the servers are configured.)
Data Preparation
Before configuring the DHCP server based on the VLANIF interface address pool, you need the following data. No. 1 Data Number of the VLANIF interface configured with an address pool, IP address range, IP address lease, IP addresses not to be allocated in the IP address pool (optional), and IP address and MAC address that need to be statically bound (optional) (Optional) Egress gateway of the DHCP clients (Optional) IP address of the DNS server and domain name of the DHCP clients (Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP clients
2 3 4
Issue 01 (2011-07-15)
58
No. 5
Data (Optional) Code of the customized DHCP option and corresponding ASCII character string, hexadecimal numeral, or IP address
3.4.2 Configuring Address Allocation Mode for Interface Address Pool

According to the requirements of clients, you can select the static binding mode or the dynamic allocation mode for the address pool, but you cannot enable the two modes for the same DHCP address pool.
Context
The interface address pool takes precedence over the global address pool.
Procedure
Step 1 Run:
system-view

dhcp enable
The DHCP function is enabled. Step 3 Run:


An IP address is allocated to the VLANIF interface. Step 5 Run:

dhcp select interface
The S7700 is configured to use the interface address pool. The interface address pool is actually the network segment to which the interface belongs, and such an interface address pool takes effect only on this interface. Step 6 Run:
dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }
The lease of IP addresses is set. By default, the IP address lease is one day. Step 7 (Optional) Run:
dhcp server excluded-ip-address start-ip-address [ end-ip-address ]
Issue 01 (2011-07-15)
59
The IP addresses that cannot be automatically allocated in the DHCP address pool are configured. Some IP addresses are reserved for other services, for example, the IP address of the DNS server cannot be allocated to clients. You can run the dhcp server excluded-ip-address command to exclude these IP addresses. If you run the dhcp server excluded-ip-address command multiple times, you can set multiple IP address ranges that cannot be automatically allocated in the DHCP address pool. Step 8 (Optional) Run:
dhcp server static-bind ip-address ip-address mac-address mac-address
An IP address in the address pool is bound to a MAC address. When a client requires a fixed IP address, bind an idle IP address in the address pool to the MAC address of the client. ----End
3.4.3 (Optional) Configuring the DNS Service of the VLANIF Interface Address Pool
Each client has a domain name. To enable DHCP clients to communicate by using their domain names and prevent IP address conflicts, the DHCP server needs to specify domain names for these clients when allocating IP addresses to them.
Context
On the DHCP server, the dhcp server domain-name command specifies a domain name for each interface address pool. When allocating IP addresses to clients, the DHCP server also sends the domain names to the clients. During domain name resolution, users only need to enter a part of the domain name, and then the system uses a complete domain name for resolution. Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view


dhcp server domain-name domain-name
The DNS domain name is configured for the DHCP client. Step 4 Run:
dhcp server dns-list ip-address &<1-8>
The DNS server address is configured for the DHCP client.

To load balance the traffic and improve the reliability of the network, configure multiple DNS servers. Each address pool can be configured with a maximum of eight DNS servers. ----End
3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF Interface Address Pool
DHCP clients running on the Microsoft Windows operating system use the Network Basic Input Output System (NetBIOS) protocol for communication. The NetBIOS server translates host names to IP addresses for the clients.
Context
Perform the following steps on the DHCP server. When a DHCP client uses the NetBIOS protocol for communication, the host names must be mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified into the following types: l l l l b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast mode. p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by communicating with the NetBIOS server. m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast features. h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end communication mechanism.
Procedure
Step 1 Run:
system-view


dhcp server nbns-list ip-address &<1-8>
The NetBIOS server address is configured for the DHCP client. Each IP address pool can be configured with up to eight NetBIOS server addresses. Step 4 Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS type is set for DHCP clients. By default, the NetBIOS node type is not specified for DHCP clients. ----End
3.4.5 (Optional) Configuring the Customized DHCP Option of the VLANIF Interface Address Pool
DHCP provides various options. To use these options, add them to the attribute list of the DHCP server manually.
Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP Reply packet containing the option field.
NOTE
The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address lease. The system also provides commands to configure these functions separately. These commands take precedence over the option command. Related commands: l l l DNS service: dhcp server domain-name and dhcp server dns-list NetBIOS service: dhcp server nbns-list and dhcp server netbios-type Lease: dhcp server lease
Procedure
Step 1 Run:
system-view


dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hexstring &<1-10> | ip-address ip-address &<1-8> }
The DHCP option is configured. After the dhcp server option command is run, the specified option is carried by the DHCP Reply packet returned by the DHCP server. Before using this command, ensure that you know the functions of the option to be configured. For details on the DHCP options, see RFC 2132. ----End
3.4.6 (Optional) Preventing Repetitive Allocation of an IP Address

To prevent repetitive IP address allocation, the DHCP server pings the IP address to be allocated before allocating it to a client.
Context
After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP address allocation. The DHCP server pings an IP address to be allocated. If there is no response to the ping packet within a certain period, the DHCP server continues to send ping packets to this IP address until the number of ping packets reaches the maximum value. If there is still no response, this IP address is not in use, and the DHCP server allocates the IP address to a client.
Procedure
Step 1 Run:
system-view

dhcp server ping packet number
The maximum number of ping packets is set. By default, the maximum number of ping packets to be sent by the S7700 is 0. That is, the S7700 does not ping the IP addresses to be allocated. Step 3 Run:
dhcp server ping timeout milliseconds
The period in which the S7700 waits for the response is set. By default, the period in which the S7700 waits for the response is 500 ms. ----End
3.4.7 (Optional) Configuring Automatic Saving of DHCP Data

You can configure the S7700 to save DHCP data to the storage device. When a fault occurs, you can restore data from the storage device.
Context
Perform the following steps on the DHCP server. When the S7700 functions as the DHCP server, you can enable the function of saving DHCP data so that IP address information is saved to the storage device periodically.
Procedure
Step 1 Run:
system-view

dhcp server database enable
The S7700 automatically saves DHCP data to the CF card. After the dhcp server database enable command is executed, the system generates the lease.txt and conflict.txt files in the CF card. The two files save the address lease information and address conflict information.
Step 3 Run:
dhcp server database write-delay interval
The interval for saving DHCP data is set. By default, DHCP data is not automatically saved to CF card. After the S7700 is configured to automatically save DHCP data, the S7700 saves data every 7200 seconds by default and the latest data overwrites the previous data. Step 4 Run:
dhcp server database recover
The DHCP data in the storage device is restored. After the dhcp server database recover command is executed, the S7700 restores the DHCP data in the CF card. ----End

This section describes how to view the configuration of the DHCP server based on the VLANIF interface address pool.
Prerequisite
The configurations of the DHCP server based on the VLANIF interface address pool are complete.
Procedure
l l Run the display dhcp server statistics command to view the statistics about the DHCP server. Run the display ip pool interface interface-name [ start-ip-address high-ip-address | all | expired | conflict | used ] command to view information about the interface address pool.
----End
Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics Server Statistics: Client Request: Dhcp Discover: Dhcp Request: Dhcp Decline: Dhcp Release: Dhcp Inform: Server Reply: Dhcp Offer: Dhcp Ack: Dhcp Nak: Bad Messages: 6 1 4 0 1 0 4 1 3 0 0
Run the display ip pool interface ip-pool-name command to view interface address pool on VLANIF 10. The similar information is displayed.
<Quidway> display ip pool interface vlanif10 Pool-name : vlanif10 Pool-No : 2 Lease : 1 Days 0 Hours 0 Minutes Domain-name : DNS-server0 : NBNS-server0 : Netbios-type : Position : Interface Status : Unlocked Gateway-0 : 192.168.10.2 Mask : 255.255.255.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------192.168.10.1 192.168.10.254 253 0 253 0 0 0 -----------------------------------------------------------------------------
3.5 Configuring the DHCP Relay Agent

By using a DHCP relay agent, the DHCP clients on a local area network (LAN) can communicate with the DHCP servers on other network segments, and obtain IP addresses from them. The DHCP clients on different network segments can also use one DHCP server. This reduces costs and achieves centralized device management.

Before configuring the DHCP relay agent, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.
If no DHCP server is configured on the local network, the DHCP relay function can be enabled on an S7700 to forward DHCP Request packets to the DHCP servers on other networks. To ensure that the DHCP clients obtain IP addresses, the DHCP server must use a global address pool, and no address pool can be configured on the interface connected to the DHCP relay agent.
Issue 01 (2011-07-15)
65
Figure 3-5 Network diagram of DHCP relay
Internet
DHCP Server 100.10.10.1/24 SwitchA
DHCP Relay 20.20.20.1/24
SwitchB
DHCP Client
DHCP Client
DHCP Client
Before configuring the DHCP relay agent, complete the following tasks: l l Configuring the DHCP server Configuring a route from the S7700 to the DHCP server
Data Preparation
To configure the DHCP relay agent, you need the following data. No. 1 2 3 Data Name of the DHCP server group IP addresses of the DHCP servers in a DHCP server group Number and IP address of the interface enabled with the DHCP relay function
3.5.2 Configuring DHCP Relay on an Interface

When the network where a DHCP client resides does not have a DHCP server, a DHCP relay agent can be configured to forward the DHCP packets of the client to a DHCP server.
Issue 01 (2011-07-15)
66
Context
NOTE
A DHCP packet is forwarded between a DHCP client and a DHCP server at most 16 times, and then the DHCP packet is discarded. If DHCP relay is enabled in a super-VLAN, DHCP snooping cannot be enabled in this super-VLAN.
Procedure
Step 1 Run:
system-view

dhcp enable
DHCP is enabled globally. Step 3 Run:


An IP address is allocated to the VLANIF interface.

NOTE
When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress gateway address is the same as the egress gateway address of the DHCP relay agent.
Step 5 Run:
dhcp select relay
The DHCP relay function is enabled for the VLANIF interface. ----End
Follow-up Procedure
When functioning as a DHCP relay agent, the S7700 forwards the DHCP Request packets from DHCP clients to the DHCP server. After the DHCP relay function is enabled on the VLANIF interface, set the DHCP server address on the VLANIF interface in either of the following ways: l Configure a destination DHCP server group and bind the group to the interface. For details, see 3.5.3 Configuring a Destination DHCP Server Group and 3.5.4 Binding an Interface to a DHCP Server Group. Run the dhcp relay server-ip ip-address command in the VLANIF interface view to configure the destination DHCP server address.
3.5.3 Configuring a Destination DHCP Server Group

Generally, a DHCP relay agent serves multiple DHCP servers. The DHCP servers that share one DHCP relay agent can be added to a server group to facilitate server management. The DHCP server group allocates IP addresses for the users connected to the DHCP relay agent.
Context
Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view

dhcp server group group-name
A DHCP server group is created and the DHCP server group view is displayed. A maximum of 64 DHCP server groups can be configured globally. Step 3 Run:
dhcp-server ip-address [ ip-address-index ]
A DHCP server is added to the DHCP server group. Up to 20 DHCP servers can be added to a DHCP server group. If you do not specify the server index, the system allocates an idle index to the server. Step 4 (Optional) Run:
vpn-instance vpn-instance-name
A VPN instance is bound to the DHCP server group. ----End
3.5.4 Binding an Interface to a DHCP Server Group

Multiple VLANIF interfaces can be bound to a DHCP server group; however, a VLANIF interface can belong to only one DHCP server group. That is, the DHCP Request packets on a VLANIF interface can be relayed to only one DHCP server group.
Context
Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view


dhcp relay server-select group-name
The VLANIF interface is bound to a DHCP server group.

You can also run dhcp relay server-ip command to specify a server for the VLANIF interface. Step 4 (Optional) Run:
ip binding vpn-instance vpn-instance-name
A VPN instance is bound to the VLANIF interface. If a user connected to the S7700 interface is in a private network, bind the interface to a VPN instance. The bound VPN instance must be the same as the VPN instance bound to the DHCP server group. For details on binding a VPN instance to a DHCP server group, see 3.5.3 Configuring a Destination DHCP Server Group. ----End
3.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCP Release Packet
If a user is forcibly disconnected, the IP address of the user needs to be released manually on the DHCP server.
Context
When the IP address of a user expires, the DHCP server renews the IP address for the user if it does not receive the DHCP Release packet. You can configure the DHCP relay agent to actively send DHCP Release packets to the DHCP server. The DHCP server then releases the expired IP addresses. Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 (Optional) Run:


dhcp relay release client-ip-address mac-address [ server-ip-address ]
The DHCP relay agent is configured to send DHCP Release packets to the DHCP server. l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ] command in the system view: If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets to the servers in all DHCP server groups bound to the DHCP relay interfaces. If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to the specified DHCP server. l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ] command in the VLANIF interface view:
If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets to all the servers in the DHCP server group bound to this VLANIF interface. If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to the specified DHCP server. ----End

After the DHCP relay function is configured, you can use commands to view the configuration result.
Prerequisite
The DHCP relay configurations are complete.
Procedure
l Run the display dhcp relay { all | interface interface-type interface-number } command to view the DHCP server group on a VLANIF interface and the servers in the DHCP server group. Run the display dhcp relay statistics command to view packet statistics on the DHCP relay agent. Run the display dhcp server group group-name command to view the DHCP server group configuration.
l l
----End
Example
Run the display dhcp relay interface interface-type interface-number command to view the DHCP server group on VLANIF 100 and the servers in the DHCP server group. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp relay interface vlanif 100 DHCP relay agent running information of interface Vlanif100 : Server IP address [01] : 10.2.2.3 Gateway address in use : 10.2.2.2
Run the display dhcp relay statistics command. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp relay statistics The statistics of DHCP RELAY: DHCP packets received from clients DHCP DISCOVER packets received DHCP REQUEST packets received DHCP RELEASE packets received DHCP INFORM packets received DHCP DECLINE packets received DHCP packets sent to clients Unicast packets sent to clients Broadcast packets sent to clients DHCP packets received from servers DHCP OFFER packets received DHCP ACK packets received DHCP NAK packets received DHCP packets sent to servers DHCP Bad packets received
: : : : : : : : : : : : : : :
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Issue 01 (2011-07-15)
70
Run the display dhcp server group group-name command to view the configuration of DHCP server group group1. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp server group group1 Group-name : group1 (0) Server-IP : 100.10.10.1 (1) Server-IP : 100.10.10.2 Gateway : -VPN instance : --
3.6 Maintaining DHCP

After DHCP configurations are complete, you can clear DHCP statistics and monitor DHCP operation.
3.6.1 Clearing DHCP Statistics

During routine maintenance, you can use the reset commands to clear the statistics about the specified DHCP server group.
Context
CAUTION
DHCP statistics cannot be restored after they are cleared. Exercise caution when running the reset commands.
Procedure
l l To clear DHCP server statistics, run the reset dhcp server statistics command in the user view. To clear DHCP relay agent statistics, run the reset dhcp relay statistics command in the user view.
----End
3.6.2 Monitoring DHCP Operation

During routine maintenance, you can use the following commands in any view to monitor DHCP operation status.
Procedure
l Run the display dhcp relay { all | interface interface-type interface-number } command to view the DHCP server group on a VLANIF interface and the servers in the DHCP server group. Run the display dhcp relay statistics command to view packet statistics on the DHCP relay agent.
Issue 01 (2011-07-15)
Run the display dhcp server group [ group-name ] command to view the servers in the DHCP server group.
----End

DHCP configuration examples explain the networking requirements, networking diagram, configuration notes, configuration roadmap, and configuration procedure. The configuration examples involve various usage scenarios of DHCP.
3.7.1 Example for Configuring a DHCP Server Based on the Global Address Pool
This section describes how to configure a global address pool to allocate IP addresses for clients when the clients and DHCP server are in the same network segment.
An enterprise has two offices that are in the same network segment. To reduce network construction cost, the enterprise uses one DHCP server to allocate IP addresses for the computers in the two offices. As shown in Figure 3-6, SwitchA functions as the DHCP server, and SwitchB and SwitchC are user access switches. A global address pool or an interface address pool can be configured on SwitchA. This section describes how to configure a global address pool. Address pool 10.1.1.0/24 consists of two network segments: 10.1.1.0/25 and 10.1.1.128/25. The IP addresses of the VLANIF interfaces on the DHCP server are 10.1.1.1/25 and 10.1.1.129/25. There are a few computers in network segment 10.1.1.0/25 and the computer locations are fixed. The lease of an IP address in 10.1.1.0/25 is 10 days, the DNS address is 10.1.1.2, no NetBIOS address is set, and the IP address of the egress gateway is 10.1.1.126. There are many computers in network segment 10.1.1.128/25 and the computers are often moved from one place to another. The lease of an IP address in 10.1.1.128/25 is 2 days, the DNS address is 10.1.1.2, the NetBIOS address is 10.1.1.4, and the IP address of the egress gateway is 10.1.1.254.
Issue 01 (2011-07-15)
72
Figure 3-6 Networking diagram for configuring the DHCP server based on the global address pool
NetBIOS server
DHCP client GE 1/0/1 VLANIF10 10.1.1.1/25
DHCP client GE 1/0/2 VLANIF20 10.1.1.129/25
DHCP client
SwtichB SwtichA DHCP server
SwtichC
DNS server
DHCP client
DHCP client
DHCP client
Network: 10.1.1.0/25
Network: 10.1.1.128/25
The configuration roadmap is as follows: 1. 2. 3. Enable the DHCP server function on SwitchA. Create a global address pool on SwitchA and set the attributes of the address pool, including the range of the address pool, egress gateway, NetBIOS address, and address lease. Configure VLANIF interfaces to use the global address pool to allocate IP addresses.
Data Preparation
To complete the configuration, you need the following data: Number and range of the global address pool on SwitchA
NOTE
The following configurations are performed on SwitchA.
Procedure
Step 1 Enable DHCP.
<Quidway> system-view [Quidway] dhcp enable
Step 2 Create address pools and set the attributes of the address pools. # Set the attributes of IP address pool 1, including the address pool range, DNS address, egress gateway address, and address lease.
[Quidway] ip pool 1 [Quidway-ip-pool-1] network 10.1.1.0 mask 255.255.255.128 [Quidway-ip-pool-1] dns-list 10.1.1.2
Issue 01 (2011-07-15)
73

[Quidway-ip-pool-1] [Quidway-ip-pool-1] [Quidway-ip-pool-1] [Quidway-ip-pool-1] [Quidway-ip-pool-1] gateway-list 10.1.1.126 excluded-ip-address 10.1.1.2 excluded-ip-address 10.1.1.4 lease day 10 quit
# Set the attributes of IP address pool 2, including the address pool range, DNS address, egress gateway address, NetBIOS address, and address lease.
[Quidway] ip pool 2 [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] network 10.1.1.128 mask 255.255.255.128 dns-list 10.1.1.2 nbns-list 10.1.1.4 gateway-list 10.1.1.254 lease day 2 quit
Step 3 Set the address allocation mode on the VLANIF interfaces. # Add GE 1/0/1 to VLAN 10 and GE 1/0/2 to VLAN 20.
[Quidway] vlan batch 10 20 [Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/1] port [Quidway-GigabitEthernet1/0/1] port [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/2] port [Quidway-GigabitEthernet1/0/2] port [Quidway-GigabitEthernet1/0/2] quit 1/0/1 hybrid pvid vlan 10 hybrid untagged vlan 10 1/0/2 hybrid pvid vlan 20 hybrid untagged vlan 20
# Configure the clients on VLANIF 10 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] ip address 10.1.1.1 255.255.255.128 [Quidway-Vlanif10] dhcp select global [Quidway-Vlanif10] quit
# Configure the clients on VLANIF 20 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 20 [Quidway-Vlanif20] ip address 10.1.1.129 255.255.255.128 [Quidway-Vlanif20] dhcp select global [Quidway-Vlanif20] quit
Step 4 Verify the configuration. Run the display ip pool command on the S7700, and you can view the configuration of the IP address pool.
[Quidway] display ip pool ----------------------------------------------------------------------Pool-name : 2 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : 10.1.1.254 Mask : 255.255.255.128 VPN instance : -----------------------------------------------------------------------Pool-name : 1 Pool-No : 2 Position : Local Status : Unlocked Gateway-0 : 10.1.1.126 Mask : 255.255.255.128 VPN instance : -IP address Statistic
Issue 01 (2011-07-15)
74

Total Used Expired :250 :0 :0
Idle Conflict
:248 :0
Disable
:2
----End
Configuration Files
Configuration file of the SwitchA
# sysname Quidway # vlan batch 10 20 # dhcp enable # ip pool 1 ip pool 2 # ip pool 1 gateway-list 10.1.1.126 network 10.1.1.0 mask 255.255.255.128 excluded-ip-address 10.1.1.2 excluded-ip-address 10.1.1.4 dns-list 10.1.1.2 lease day 10 hour 0 minute 0 # ip pool 2 gateway-list 10.1.1.254 network 10.1.1.128 mask 255.255.255.128 dns-list 10.1.1.2 nbns-list 10.1.1.4 lease day 5 hour 0 minute 0 # interface Vlanif10 ip address 10.1.1.1 255.255.255.128 dhcp select global # interface Vlanif20 ip address 10.1.1.129 255.255.255.128 dhcp select global # interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 # return
3.7.2 Example for Configuring the DHCP Server Based on the Interface Address Pool
A DHCP server can allocate IP addresses for the clients in the same network segment by using an interface address pool.
A campus has two equipment rooms, which are in different network segments. A switch needs to be configured as a DHCP server to allocate IP addresses for the computers in the two equipment rooms.
The DHCP server is connected to the access switches of the two equipment rooms, and allocates IP addresses for the computers by using two interface address pools. As shown in Figure 3-7, SwitchA functions as the DHCP server, and SwitchB and SwitchC are the access switches. The two VLANIF interface address pools need to be configured on GE 1/0/1 and GE 1/0/2 of SwitchA. Figure 3-7 Networking diagram for configuring a DHCP server based on a VLANIF interface address pool
NetBIOS Server 10.1.1.3/24
DHCP Client
DNS Server 10.1.1.2/24
SwitchB
VLANIF10 10.1.1.1/24 GE1/0/1 GE1/0/2 VLANIF11 10.1.2.1/24
SwitchA DHCP Server
SwitchC
DHCP Client
DHCP Client
DHCP Client
The configuration roadmap is as follows: 1. 2. 3. 4. Configure SwitchA as a DHCP server. Create VLANIF interfaces and allocate IP addresses to VLANIF interfaces to determine the range of address pools. Enable the VLANIF interface address pools. Set the address pool attributes, including the DNS server address, NetBIOS server address, and IP address lease.
Data Preparation
To complete the configuration, you need the following data: l l l
Issue 01 (2011-07-15)
IP addresses of the interfaces DNS server address and NetBIOS server address Address lease in the address pool
Procedure
Step 1 Enable DHCP.
Step 2 Add interfaces to VLANs. # Add GE 1/0/1 to VLAN 10.

[Quidway] vlan batch 10 to 11 [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 10 [Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 10 [Quidway-GigabitEthernet1/0/1] quit
# Add GE 1/0/2 to VLAN 11.

[Quidway] interface gigabitethernet 1/0/2 [Quidway-GigabitEthernet1/0/2] port hybrid pvid vlan 11 [Quidway-GigabitEthernet1/0/2] port hybrid untagged vlan 11 [Quidway-GigabitEthernet1/0/2] quit
Step 3 Allocate IP addresses to VLANIF interfaces. # Allocate an IP address to VLANIF 10.

[Quidway] interface vlanif 10 [Quidway-Vlanif10] ip address 10.1.1.1 24 [Quidway-Vlanif10] quit
# Allocate an IP address to VLANIF 11.

[Quidway] interface vlanif 11 [Quidway-Vlanif11] ip address 10.1.2.1 24 [Quidway-Vlanif11] quit
Step 4 Enable the VLANIF interface address pool. # Configure the clients on VLANIF 10 to obtain IP addresses from the interface address pool.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] dhcp select interface [Quidway-Vlanif10] quit
# Configure the clients on VLANIF 11 to obtain IP addresses from the interface address pool.
[Quidway] interface vlanif 11 [Quidway-Vlanif11] dhcp select interface [Quidway-Vlanif11] quit
Step 5 Configure the DNS service and NetBIOS services of the address pool. # Configure the DNS service and NetBIOS service of VLANIF 10 address pool.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server domain-name huawei.com dns-list 10.1.1.2 nbns-list 10.1.1.3 excluded-ip-address 10.1.1.2 excluded-ip-address 10.1.1.3 netbios-type b-node
Step 6 Set IP address leases of IP address pools. # Set the IP address lease of VLANIF 10 address pool to 30 days.

[Quidway] interface vlanif 10 [Quidway-Vlanif10] dhcp server lease day 30 [Quidway-Vlanif10] quit
# Set the IP address lease of VLANIF 11 address pool to 20 days.

[Quidway] interface vlanif 11 [Quidway-Vlanif11] dhcp server lease day 20 [Quidway-Vlanif11] quit
Step 7 Verify the configuration. Run the display ip pool interface command on SwitchA to view the configuration of the interface address pool.
[Quidway] display ip pool interface vlanif10 Pool-Name : vlanif10 Pool-No : 0 Lease : 30 Days 0 Hours 0 Minutes Domain-name : huawei.com DNS-Server0 : 10.1.1.2 NBNS-Server0 : 10.1.1.3 Netbios-type : b-node Position : Interface Status : Unlocked Gateway-0 : 10.1.1.1 Mask : 255.255.255.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------10.1.1.1 10.1.1.254 253 0 251 0 0 2 ----------------------------------------------------------------------------[Quidway] display ip pool interface vlanif11 Pool-Name : vlanif11 Pool-No : 1 Lease : 20 Days 0 Hours 0 Minutes Domain-name : DNS-Server0 : NBNS-Server0 : Netbios-type : Position : Interface Status : Unlocked Gateway-0 : 10.1.2.1 Mask : 255.255.255.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------10.1.2.1 10.1.2.254 253 0 253 0 0 0 -----------------------------------------------------------------------------
----End
Configuration Files
Configuration file of SwitchA
# sysname Quidway # vlan batch 10 to 11 # dhcp enable # interface Vlanif10 ip address 10.1.1.1 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 10.1.1.2 10.1.1.3 dhcp server dns-list 10.1.1.2 dhcp server netbios-type b-node
Issue 01 (2011-07-15)
78

dhcp server nbns-list 10.1.1.3 dhcp server lease day 30 hour 0 minute 0 dhcp server domain-name huawei.com # interface Vlanif11 ip address 10.1.2.1 255.255.255.0 dhcp select interface dhcp server lease day 20 hour 0 minute 0 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 11 port hybrid untagged vlan 11 # return
3.7.3 Example for Configuring a DHCP Relay Agent

When the DHCP server and DHCP clients are in different network segments, a DHCP relay agent is required.
An enterprise has multiple offices, which are distributed in different office buildings. The offices in a building belong to the same local area network (LAN), and the buildings belong to different LANs. The enterprise uses a DHCP server to allocate IP addresses to all clients. As shown in Figure 3-8, the DHCP clients are in the network segment 20.20.20.0/24 and the DHCP server is in the network segment 100.10.10.0/24. A Switch enabled with DHCP relay is required between the clients and server. By using the DHCP relay agent, the DHCP clients can obtain IP addresses from the DHCP server. The DHCP server and the clients are in different network segments, and an interface-based address pool cannot allocate IP addresses to the clients in different network segments. A global address pool in the network segment 20.20.20.0/24 is required, and the DHCP server must have a reachable route to the network segment 20.20.20.0/24.
Issue 01 (2011-07-15)
79
Figure 3-8 DHCP relay agent networking diagram
SwitchB GE1/0/0 Internet DHCP Server VLANIF20 100.10.10.1/24 DHCP Relay GE1/0/1 SwitchA VLANIF100 20.20.20.1/24
DHCP Client
DHCP Client VLAN100
DHCP Client
Configure SwitchA as a DHCP relay agent. The configuration roadmap is as follows: 1. 2. 3. Configure a DHCP server group on SwitchA and add SwitchB to the DHCP server group. Enable DHCP relay on VLANIF 100. Bind the DHCP server group to VLANIF 100 and specify the DHCP server for the DHCP relay agent.
Configure SwitchB as the DHCP server. The configuration roadmap is as follows: 1. 2. 3. Configure a reachable route from the DHCP server to GE 1/0/1 of the DHCP relay agent. Enable the DHCP function on the server. Configure the clients connected to GE 1/0/0 of the server to obtain IP addresses from the global address pool. Create a global address pool on the DHCP server to allocate IP addresses to clients.
Data Preparation
To complete the configuration, you need the following data: l l l Name of the DHCP server group IP address of the DHCP server in the DHCP server group Number and IP address of the interface enabled with DHCP relay
Issue 01 (2011-07-15)
80
Procedure
Step 1 Create a DHCP server group and add DHCP servers to the DHCP server group. # Create a DHCP server group.
<Quidway> system-view [Quidway] dhcp server group dhcpgroup1
# Add DHCP servers to the DHCP server group.

[Quidway-dhcp-server-group-dhcpgroup1] dhcp-server 100.10.10.1 [Quidway-dhcp-server-group-dhcpgroup1] quit
Step 2 Enable DHCP relay on the VLANIF interface. # Create a VLAN and add GE 1/0/1 to the VLAN.
[Quidway] vlan 100 [Quidway-Vlan100] quit [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port link-type trunk [Quidway-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [Quidway-GigabitEthernet1/0/1] quit
# Enable DHCP globally, and then enable DHCP Relay on the VLANIF 100 interface.
[Quidway] dhcp enable [Quidway] interface vlanif 100 [Quidway-Vlanif100] dhcp select relay [Quidway-Vlanif100] quit
Step 3 Bind a VLANIF interface to a specified DHCP server group. # Assign an IP address to the VLANIF interface.
[Quidway] interface vlanif 100 [Quidway-Vlanif100] ip address 20.20.20.1 24
# Bind the VLANIF interface to a specified DHCP server group.

[Quidway-Vlanif100] dhcp relay server-select dhcpgroup1 [Quidway-Vlanif100] quit
Step 4 Configure the DHCP server. # Create a VLAN and add GE 1/0/0 to the VLAN.
[Quidway] vlan 20 [Quidway-Vlan20] quit [Quidway] interface gigabitethernet 1/0/0 [Quidway-GigabitEthernet1/0/0] port link-type trunk [Quidway-GigabitEthernet1/0/0] port trunk allow-pass vlan 20 [Quidway-GigabitEthernet1/0/0] quit
# Enable the DHCP function and configure the clients connected to VLANIF 20 to obtain IP addresses from the global address pool.
<Quidway> system-view [Quidway] dhcp enable [Quidway] interface vlanif 20 [Quidway-Vlanif20] ip address 100.10.10.1 24 [Quidway-Vlanif20] dhcp select global [Quidway-Vlanif20] quit
Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static route from the DHCP server to the Switch. Ensure that the route between the DHCP server and network segment 20.20.20.0/24 is reachable.

[Quidway] ip pool 1 [Quidway-ip-pool-1] network 20.20.20.0 mask 24 [Quidway-ip-pool-1] quit
# Configure a static route from the address pool to the DHCP relay agent to ensure that the DHCP server has a reachable route to the network segment 20.20.20.0/24.(The configuration procedure is not provided here.) Step 5 Verify the configuration. # Run the display dhcp relay command on SwitchA to view the DHCP relay configuration on the interface.
[Quidway] display dhcp relay interface vlanif100 DHCP relay agent running information of interface Vlanif100 : Server group name : dhcpgroup1 Gateway address in use : 100.10.10.1
# Run the display ip pool command on SwitchB to view the address pool configuration.
[Quidway] display ip pool ----------------------------------------------------------------------Pool-Name : 1 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : Mask : 255.255.255.0 Vpn instance : -IP address Statistic Total :250 Used :0 Idle :248 Expired :0 Conflict :0 Disable :2
----End
Configuration Files
Configuration file of SwitchA
# sysname Quidway # vlan 100 # dhcp enable # dhcp server group dhcpgroup1 dhcp-server 100.10.10.1 # interface Vlanif100 ip address 20.20.20.1 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 100 # return
Configuration file of SwitchB

# sysname Quidway # vlan batch 20 # dhcp enable #
Issue 01 (2011-07-15)
82

ip pool 1 network 20.20.20.0 mask 255.255.255.0 # interface Vlanif20 ip address 100.10.10.1 255.255.255.0 dhcp select global # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20 # return
3.7.4 Example for Configuring a DHCP Relay Agent for VPN

This section describes how to configure a DHCP relay agent for a VPN.
An enterprise establishes a VPN for employees to communicate with each other. The DHCP server is not in the VPN. Users in the VPN need to obtain IP addresses from the DHCP server. As shown in Figure 3-9, the DHCP clients are located in VPNA, which is in network segment 20.20.20.0/24; the DHCP server is located in network segment 10.10.10.0/24. The DHCP packets need to be relayed by the Switch enabled with the DHCP relay function. The DHCP clients on the VPN then can apply for IP addresses from the DHCP server. An address pool containing network segment 20.20.20.0/24 is configured on the DHCP server. The DHCP server has a reachable route to 20.20.20.0/24. Figure 3-9 Networking diagram for configuring the DHCP relay for a VPN
Loopback1 2.2.2.2/32 Internet PE GE1/0/0 VLANIF101 10.10.10.2/24 Loopback1 1.1.1.1/32 Swtich DHCP Relay GE1/0/0 VLANIF100 20.20.20.1/24 vpna DHCP Server 10.10.10.1/24
DHCP Client
Issue 01 (2011-07-15)
83
The configuration roadmap is as follows: 1. 2. 3. 4. Create a DHCP server group and add a DHCP server to the group. Enable DHCP relay on VLANIF 100 so that the Switch functions as the DHCP relay agent. Create a VPN instance and bind the DHCP server group and VLANIF interface to the VPN instance. Bind the specified DHCP server group to VLANIF 100 so that the packets passing VLANIF 100 are forwarded to the specified server.
Data Preparation
To complete the configuration, you need the following data: l l l l Name of the DHCP server group IP addresses of the DHCP servers Number and IP address of the interface enabled with the DHCP relay function Name of the VPN instance that the client belongs to
Procedure
Step 1 Create a DHCP server group and add DHCP server to the group. # Create a DHCP server group.
<Quidway> system-view [Quidway] sysname Switch [Switch] dhcp server group dhcpgroup1
# Add a DHCP server to the DHCP server group.

[Switch-dhcp-server-group-dhcpgroup1] dhcp-server 10.10.10.1 [Switch-dhcp-server-group-dhcpgroup1] quit
Step 2 Enable the DHCP relay function on the VLANIF interface. # Create a VLAN and add GE 1/0/0 to the VLAN.
[Switch] vlan 100 [Switch-Vlan100] quit [Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] port link-type trunk [Switch-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 [Switch-GigabitEthernet1/0/0] quit
# Enable global DHCP and enable the DHCP relay function on the VLANIF interface.
[Switch] dhcp enable [Switch] interface vlanif 100 [Switch-Vlanif100] dhcp select relay [Switch-Vlanif100] quit
Step 3 Create a VPN instance and bind the DHCP server group and VLANIF interface to the VPN instance.

NOTE
The following lists how to create a VPN instance and bind the VPN instance on the Switch in Figure 3-9. The configuration procedure is not mentioned here. For details, see the Quidway S7700 Smart Routing Switch Configuration Guide - VPN.
# Create a VPN instance.

[Switch] ip vpn-instance vpna [Switch-vpn-instance-vpna] route-distinguisher 1:1 [Switch-vpn-instance-vpna] vpn-target 2:2 both [Switch-vpn-instance-vpna] quit
# Bind the DHCP server group to the VPN instance.

[Switch] dhcp server group dhcpgroup1 [Switch-dhcp-server-group-dhcpgroup1] vpn-instance vpna [Switch-dhcp-server-group-dhcpgroup1] quit
# Bind the VLANIF interface to the VPN instance.

[Switch] interface vlanif 100 [Switch-Vlanif100] ip binding vpn-instance vpna
Step 4 Bind the VLANIF interface to the specified DHCP server group. # Set the IP address of the VLANIF interface.
[Switch] interface vlanif 100 [Switch-Vlanif100] ip address 20.20.20.1 24
# Specify a DHCP server for the VLANIF interface.

[Switch-Vlanif100] dhcp relay server-select dhcpgroup1
Step 5 Configure the DHCP server and PE. # Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static route from the DHCP server to the Switch. Ensure that the route between the DHCP server and network segment 20.20.20.0/24 is reachable.
<Quidway> system-view [Quidway] sysname SERVER [SERVER] ip pool 1 [SERVER-ip-pool-1] network 20.20.20.0 mask 255.255.255.0 [SERVER-ip-pool-1] gateway-list 20.20.20.1 [SERVER-ip-pool-1] quit [SERVER] ip route-static 20.20.20.0 255.255.255.0 10.10.10.2
# Configure the PE connected to the DHCP server and the Switch in Figure 3-9 to be in the same VPN instance and ensure that the VPN target of the DHCP server corresponds to the VPN target of the Switch.
<Quidway> system-view [Quidway] sysname PE [PE] vlan 101 [PE-Vlan101] quit [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] port link-type trunk [PE-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 [PE-GigabitEthernet1/0/0] quit [PE] ip vpn-instance vpna [PE-vpn-instance-vpna] route-distinguisher 1:1 [PE-vpn-instance-vpna] vpn-target 2:2 both [PE-vpn-instance-vpna] quit [PE] interface vlanif 101 [PE-Vlanif101] ip binding vpn-instance vpna
Issue 01 (2011-07-15)
85

[PE-Vlanif101] ip address 10.10.10.2 24 [PE-Vlanif101] quit
Step 6 Configure MP-IBGP to exchange VPN routing information.

NOTE
After configuring the routing and MPLS capability between the PE and Switch, configure MP-IBGP to exchange VPN routing information.
# Configure the PE.

[PE] bgp 100 [PE-bgp] peer 1.1.1.1 as-number 100 [PE-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE-bgp] ipv4-family vpnv4 [PE-bgp-af-vpnv4] peer 1.1.1.1 enable [PE-bgp-af-vpnv4] quit [PE-bgp] quit
# Configure the Switch.

[Switch] bgp 100 [Switch-bgp] peer 2.2.2.2 as-number 100 [Switch-bgp] peer 2.2.2.2 connect-interface loopback 1 [Switch-bgp] ipv4-family vpnv4 [Switch-bgp-af-vpnv4] peer 2.2.2.2 enable [Switch-bgp-af-vpnv4] quit
After the configuration, run the display bgp peer command on the PE, and you can see that the BGP peer relationship between the PEs is in Established state.
[PE] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 1 Peer PrefRcv 1.1.1.1 0 V 4 AS 100 MsgRcvd 12 MsgSent 6
Peers in established state : 1 OutQ Up/Down State Established
0 00:02:21
Step 7 Verify the configuration. Run the display dhcp relay command on the Switch to view the DHCP relay configuration on the interface.
[Switch] display dhcp relay interface vlanif100 DHCP relay agent running information of interface Vlanif100 : DHCP server group name : dhcpgroup1 DHCP server IP [0] :10.10.10.1 DHCP server IP [1] :255.255.255.255 DHCP server IP [2] :255.255.255.255 DHCP server IP [3] :255.255.255.255 DHCP server IP [4] :255.255.255.255 DHCP server IP [5] :255.255.255.255 DHCP server IP [6] :255.255.255.255 DHCP server IP [7] :255.255.255.255 DHCP server IP [8] :255.255.255.255 DHCP server IP [9] :255.255.255.255 DHCP server IP [10] :255.255.255.255 DHCP server IP [11] :255.255.255.255 DHCP server IP [12] :255.255.255.255 DHCP server IP [13] :255.255.255.255 DHCP server IP [14] :255.255.255.255 DHCP server IP [15] :255.255.255.255 DHCP server IP [16] :255.255.255.255
Issue 01 (2011-07-15)
86

DHCP server IP [17] :255.255.255.255 DHCP server IP [18] :255.255.255.255 DHCP server IP [19] :255.255.255.255
----End
Configuration Files
# sysname Switch # vlan 100 # dhcp enable # ip vpn-instance vpna route-distinguisher 1:1 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # dhcp server group dhcpgroup1 dhcp-server 10.10.10.1 0 vpn-instance vpna # interface Vlanif100 ip binding vpn-instance vpna ip address 20.20.20.1 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 100 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface loopback 1 ipv4-family vpnv4 peer 2.2.2.2 enable # return
Configuration file of the DHCP server

# sysname SERVER # ip pool 1 network 20.20.20.0 mask 255.255.255.0 gateway-list 20.20.20.1 # ip route-static 20.20.20.0 255.255.255.0 10.10.10.2 # return
Configuration file of the PE

# sysname PE # vlan 101 # ip vpn-instance vpna route-distinguisher 1:1 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # interface Vlanif101 ip binding vpn-instance vpna
Issue 01 (2011-07-15)
87

ip address 10.10.10.2 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 101 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface loopback 1 ipv4-family vpnv4 peer 1.1.1.1 enable # return
Issue 01 (2011-07-15)
88
4 IP Session Configuration
4
About This Chapter
IP Session Configuration
This chapter describes the basic principle and configuration of the IP session function and provides configuration examples. 4.1 Introduction to the IP Session This section describes the concepts related to the IP session. 4.2 IP Session Supported by the S7700 The S7700 supports the access of IP sessions to Layer 3 sub-interfaces, but does not support the access to main interfaces. 4.3 Configuring IP Session This section describes how to create an IP session and set related parameters. 4.4 Example for Configuring IP Session This section provides an example for configuring the IP Session function.
Issue 01 (2011-07-15)
89
4.1 Introduction to the IP Session

This section describes the concepts related to the IP session. IP session, also called DHCP proxy, is an application of the DHCP protocol. It manages DHCP users. l l The DHCP proxy authenticates and authorizes access users with the local, remote (RADIUS or HWTACACS), and non-authentication policies. After the status of access users becomes stable, the DHCP proxy is able to manage the specified user, for example, carry out accounting for the user again or disconnect the user from the network.
Typical Application of IP Session

Figure 4-1 Typical application of IP session
DHCP server
SwitchB
SwitchA AAA server
DHCP clients
As shown in Figure 4-1, SwitchB is the access device of DHCP users, the IP session service is run on the aggregation switch SwitchA. SwitchA allocates IP addresses to users through the DHCP server, and the AAA server authenticates and authorizes users. Thus the users can be online once they power on the computer. The DHCP server can be a remote server or a local server. If a local server is used, it indicates that the S7700 functions as the DHCP server.
NOTE
For the configurations of AAA and user management function on the S7700, see the Quidway S7700 Smart Routing Switch Configuration Guide - Security.
4.2 IP Session Supported by the S7700

The S7700 supports the access of IP sessions to Layer 3 sub-interfaces, but does not support the access to main interfaces.
NOTE
At present, the IP session function is only supported on the G48VA, S24XA, T24XA, G24CFAT. A board supporting Layer 3 interfaces can be configured with a maximum of 4096 sessions. Trunk sub-interfaces support IP sessions. The member interfaces of a trunk interface cannot be located on different boards or subcards.
Issue 01 (2011-07-15)
90
The S7700 can terminate DHCP packets on sub-interfaces. You can configure a remote DHCP server or a local DHCP server to allocate IP addresses. You need to configure the IP session access function on the Layer 3 sub-interface. This indicates that the sub-interface can terminate DHCP packets. In addition, you need to configure the access domain and authentication mode for the users on this sub-interface. After the IP session function is enabled on the interface, the default values of other parameters are generated automatically. You can change the parameter values through commands. l l l l l l The IP sessions can access sub-interfaces. The DHCP packets can be sent to the CPU. The DHCP packets can be processed, for example, parsed and encapsulated. The users can be authenticated. The users can be charged based on the online duration. The ARP probe can be performed for online users. If a user goes offline abnormally (that is, the user does not request the server to release the address), the S7700 can detect this user by performing ARP probe on online users. Then the S7700 deletes the data of the offline user to ensure the effective resource usage. l Users can join multicast groups. After a DHCP user, maybe IPTV terminal, joins a multicast group, the user can receive the video data normally.
4.3 Configuring IP Session

This section describes how to create an IP session and set related parameters.

This section describes the applicable environment, pre-configuration tasks, and data preparation for configuring IP session.
When a user connects to the S7700, the S7700 authenticates the user, performs lease management, and forwards data.
NOTE
To make access users go online successfully, you must configure a static route between the egress gateway and the DHCP server on the S7700. The address of the egress gateway is set according to the actual situation and the configuration of the static route is described in IP Static Route Configuration.
Before configuring IP session, complete the following tasks: l l Setting physical parameters of a sub-interface Creating a VPN instance
Data Preparation
To configure IP session, you need the following data.
No. 1 2 3
Data User name and password Name of the user authentication domain VLAN ID on the interface, which cannot be an existing one
4.3.2 Enabling the IP Session Function

Before enabling IP session on a sub-interface, you must enable DHCP globally.
Procedure
Step 1 Run:
system-view

dhcp enable
DHCP is enabled globally. Step 3 Run:

interface interface-type interface-number.subinterface-number
The sub-interface view is displayed. Currently, the IP session function can be enabled only in other sub-interfaces view except for the XGE sub-interface. Step 4 Run:
ip-session enable
The IP session function is enabled. ----End
4.3.3 Binding a User Authentication Domain to a Sub-Interface

If a user authentication domain is bound to a sub-interface, when a user goes online, the S7700 selects the bound domain to authenticate and authorize the user.
Procedure
Step 1 Run:
system-view

aaa
Issue 01 (2011-07-15)
92
The AAA view is displayed. Step 3 Run:

domain domain-name
The authentication domain is created. Step 4 Run:

quit
Return to the AAA view. Step 5 Run:

quit
Return to the system view. Step 6 Run:

The sub-interface view is displayed. Step 7 Run:

authentication-domain domain-name
A user authentication domain is bound to the sub-interface. When a user goes online, the S7700 selects the bound domain to authenticate and authorize the user. By default, the user authentication domain bound to a sub-interface is the global default domain. You can change the domain by running the domain command in the system view. ----End
4.3.4 (Optional) Setting the Format of DHCP User Name and the Password
The format of the DHCP user name needs to be set in server authentication.
Procedure
Step 1 Run:
system-view

dhcp user-name format-include { ip-address | mac-address | option82 | sysname }
The format of the DHCP user name and the sequence of elements in the user name are specified. By default, the DHCP user name is in the following format: system name + "-" + slot ID (two digits, prefixed 0 if it contains only one digit) + subcard ID (one digit, set to 0 if the subcard does not exist) + port number (two digits, prefixed 0 if it contains only one digit) + outer VLAN ID (four digits, prefixed 0 if it contains less than four digits) + inner VLAN ID (five digits, prefixed 0 if it contains less than five digits) + @ + access domain name, for example, Quidway-02024000000768@domain1.
If the user name is generated according to the Option 82 field and the user name contains nonASCII characters, the non-ASCII characters are displayed as "..." for example, ...session1@domain1. Step 3 Run:
dhcp user-password { cipher cipher-password | simple simple-password }
The password of DHCP user is set. By default, the DHCP password is vlan in plain text mode. ----End
4.3.5 (Optional) Configuring the S7700 to Process Option Fields

Through the IP session function, the S7700 can process the Option 82 field of DHCP messages and select the service policy according to the Option 60 field.
Procedure
Step 1 Run:
system-view


dhcp option82 insert enable
The function of appending the Option 82 field to DHCP messages is enabled. Or, run:
dhcp option82 rebuild enable
The function of forcibly appending the Option 82 field to DHCP messages is enabled. By default, the S7700 does not process the Option 82 field of DHCP messages. After the dhcp option82 insert enable or dhcp option82 rebuild enable command is used, the S7700 replaces the Option 82 field of DHCP messages of the online IP session user. The Option 82 field is generated according to the configuration and is used for sending DHCP messages to the remote DHCP server. Step 4 Run:
dhcp service-policy option60
The service policy associated with the service scheme for users going online is configured. By default, users connected to a sub-interface go online through the service scheme in the domain bound to the sub-interface. After the dhcp service-policy option60 command is used, the S7700 selects the related service policy according to the Option 60 field in DHCP messages. ----End
4.3.6 (Optional) Setting ARP Detection Parameters

ARP detection is configured on sub-interfaces. If the ARP detection interval is 0, it indicates that ARP detection is disabled.
Context
By using the DHCP protocol, a server leases IP addresses to clients. The clients then need to apply for new IP addresses when the leases expire. In actual applications, the situation that a client that already has a leased IP address is abnormally disconnected but no release packet is sent to the DHCP server is often encountered. In this case, the S7700 needs to regularly send ARP detection packets to check whether users remain online. Upon the timeout of the ARP detection, users are disconnected. In addition, DHCP Release packets are constructed and sent to the DHCP server to enable the DHCP server to release the IP address.
Procedure
Step 1 Run:
system-view


dhcp user-detect retransmit times interval interval
The interval and number of detection times are set. By default, the detection interval is 30 seconds and the number of detection timeout times is 5. ----End
4.3.7 (Optional) Setting the Type of a NAS Interface

When a user is being authenticated, the NAS interface type encapsulated in the RADIUS attribute is reported. By default, the NAS interface type is ethernet.
Procedure
Step 1 Run:
system-view


dhcp nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }
The NAS interface type is set. By default, the NAS interface type is ethernet. ----End
4.3.8 (Optional) Binding a VPN Instance to an Interface

A user can go online only when the VPN instance of the IP address pool through which the user connects to the VPN is the same as the VPN instance bound to the sub-interface.
Procedure
Step 1 Run:
system-view

ip vpn-instance vpn-instance-name
The VPN instance is created. Step 3 Run:

quit


vpn-instance vpn-instance-name
The VPN instance is bound to the interface. ----End

This section describes how to check the configuration of IP session.
Prerequisite
All configurations of IP session are complete.
Procedure
l Run the display session-interface [ interface-type interface-number ] command to check information about the sub-interface enabled with IP session.
----End
4.4 Example for Configuring IP Session

This section provides an example for configuring the IP Session function.
4.4.1 Example for Configuring IP Session

This section provides a configuration example of IP session.
As shown in Figure 4-2, STB-A is connected to GE 1/0/1.100 of the Switch; STB-B is connected to GE 1/0/2.100 of the Switch. You need to configure IP session on the Switch so that STB-A and STB-B users can be online once they power on STB-A and STB-B. Figure 4-2 Networking diagram of IPTV
DHCP server Router 10.10.10.10
Multicast server
Radius server Loopback0 20.20.20.20/32 Swtich GE1/0/1.100 GE1/0/2.100
STB-A
STB-B
The configuration roadmap is as follows: 1. 2. 3. 4.
Issue 01 (2011-07-15)
Enable global DHCP. Enable the IP session function. Bind the user authentication domain to a sub-interface. Set IP session-related parameters for the sub-interface.
5. 6. 7.
Configure a DHCP server group. Configure an egress gateway. Configure a static route.
Data Preparation
To complete the configuration, you need the following data: l l l l l l l Physical parameters on the sub-interface VLAN ID of the interface Type of the NAS interface ARP detection parameter Name of the DHCP server group: dhcp-group Gateway address: 20.20.20.20 IP address of the DHCP server: 10.10.10.10
Context
NOTE
Only IP session-related configurations are involved in this example. The AAA configurations, RADIUS configurations, multicast-related configurations, and router-related configurations are not described in this example.
Procedure
Step 1 Enable DHCP globally.
Step 2 Enable the IP session function on sub-interfaces. # Enable the IP session function on GE1/0/1.100.
[Quidway] interface gigabitethernet 1/0/1.100 [Quidway-GigabitEthernet1/0/1.100] ip-session enable [Quidway-GigabitEthernet1/0/1.100] quit
# Enable the IP session function on GE1/0/2.100.

[Quidway] interface gigabitethernet 1/0/2.100 [Quidway-GigabitEthernet1/0/2.100] ip-session enable [Quidway-GigabitEthernet1/0/2.100] quit
Step 3 Bind user authentication domains to sub-interfaces. # Bind the user authentication domain stb-a to GE 1/0/1.100.
[Quidway] aaa [Quidway-aaa] domain stb-a [Quidway-aaa-domain-stb-a] quit [Quidway-aaa] quit [Quidway] interface gigabitethernet 1/0/1.100 [Quidway-GigabitEthernet1/0/1.100] authentication-domain stb-a [Quidway-GigabitEthernet1/0/1.100] quit
# Bind the user authentication domain stb-b to GE 1/0/2.100.

[Quidway] aaa [Quidway-aaa] domain stb-b
Issue 01 (2011-07-15)
98
[Quidway-aaa-domain-stb-b] quit [Quidway-aaa] quit [Quidway] interface gigabitethernet 1/0/2.100 [Quidway-GigabitEthernet1/0/2.100] authentication-domain stb-b [Quidway-GigabitEthernet1/0/2.100] quit
Step 4 Set sub-interface-related parameters on the S7700. # Set the detection interval to 60s and number of detection times to 8 for GE 1/0/1.100.
[Quidway] interface gigabitethernet 1/0/1.100 [Quidway-GigabitEthernet1/0/1.100] control-vid 100 dot1q-termination [Quidway-GigabitEthernet1/0/1.100] dot1q termination vid 100 [Quidway-GigabitEthernet1/0/1.100] dhcp user-detect retransmit 8 interval 60 [Quidway-GigabitEthernet1/0/1.100] quit
# Set the detection interval to 60s and number of detection times to 8 for GE 1/0/2.100.
[Quidway] interface gigabitethernet 1/0/2.100 [Quidway-GigabitEthernet1/0/2.100] control-vid 100 dot1q-termination [Quidway-GigabitEthernet1/0/2.100] dot1q termination vid 100 [Quidway-GigabitEthernet1/0/2.100] dhcp user-detect retransmit 8 interval 60 [Quidway-GigabitEthernet1/0/2.100] quit
Step 5 Set the format of the DHCP user name to mac-address and the password in simple mode to stb.
[Quidway] dhcp user-name format-include mac-address [Quidway] dhcp user-password simple stb
Step 6 Configure a DHCP server group.

[Quidway] dhcp server group dhcp-group [Quidway-dhcp-server-group-dhcp-group] dhcp-server 10.10.10.10 [Quidway-dhcp-server-group-dhcp-group] gateway 20.20.20.20 [Quidway-dhcp-server-group-dhcp-group] quit
Step 7 Configure an egress gateway.

[Quidway] interface loopback 0 [Quidway-LoopBack0] ip address 20.20.20.20 32 [Quidway-LoopBack0] quit
Step 8 Configure a static route.

[Quidway] ip route-static 10.10.10.0 255.255.255.0 NULL 0
Step 9 Verify the configuration. # View configuration on GE 1/0/1.100.

<Quidway> display session-interface gigabitethernet 1/0/1.100 Access type IPSessIF state Authentication default domain Nas port type Vpn Instance User detect interval User detect retransmit times Option82 policy Service policy : : : : : : : : : Enable Updated stb-a ethernet (15) 60 (s) 8 none (0) default (0)
# View configuration on GE 1/0/2.100.

<Quidway> display session-interface gigabitethernet 1/0/2.100 Access type IPSessIF state Authentication default domain Nas port type Vpn Instance User detect interval : : : : : : Enable Updated stb-b ethernet (15) 60 (s)
Issue 01 (2011-07-15)
99

User detect retransmit times Option82 policy Service policy : 8 : none (0) : default (0)
----End
Configuration Files
# sysname Quidway # dhcp enable # dhcp server group dhcp-group # dhcp user-name format-include mac-address dhcp user-password simple stb # dhcp server group dhcp-group dhcp-server 10.10.10.10 0 gateway 20.20.20.20 # aaa domain stb-a domain stb-b # interface GigabitEthernet1/0/1.100 ip-session enable authentication-domain stb-a dhcp user-detect retransmin 8 interval 60 control-vid 100 dot1q-termination dot1q termination vid 100 # interface GigabitEthernet1/0/2.100 ip-session enable authentication-domain stb-b dhcp user-detect retransmin 8 interval 60 control-vid 100 dot1q-termination dot1q termination vid 100 # interface NULL0 # interface LoopBacl0 ip address 20.20.20.20 255.255.255.255 # ip route-static 10.10.10.0 255.255.255.0 NULL0 # return
Issue 01 (2011-07-15)
100
5 DHCPv6 Configuration
5
About This Chapter
DHCPv6 Configuration
Currently, the S7700 can function as only the DHCP relay agent on IPv6 networks. This document describes how to configure Dynamic Host Configuration Protocol for IPv6 (DHCPv6) relay. 5.1 Introduction to DHCPv6 DHCPv6 is designed for IPv6 addressing and is used to allocate IPv6 addresses and other network configuration parameters to hosts. 5.2 DHCPv6 Features Supported by the S7700 Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 server or client. 5.3 Configuring DHCPv6 Relay When the DHCPv6 client and the DHCPv6 server are on different links, you need to deploy DHCPv6 relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, the DHCPv6 relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client and the DHCPv6 server. 5.4 Maintaining DHCPv6 This section describes how to clear the statistics about DHCPv6 messages passing through the DHCPv6 relay agent and monitor the running status of the DHCPv6 relay agent. 5.5 Configuration Examples This section provides a configuration example of DHCPv6 relay.
Issue 01 (2011-07-15)
101
5.1 Introduction to DHCPv6

DHCPv6 is designed for IPv6 addressing and is used to allocate IPv6 addresses and other network configuration parameters to hosts.
Advantages of Addresses Allocated by DHCPv6

Compared with other IPv6 address allocation modes (manual configuration and stateless address auto-configuration through the network prefix in router advertisement messages), DHCPv6 has the following advantages: l Controls address allocation better. The device enabled with DHCPv6 can record the address allocated to the host and allocate a special address to the specified host. This facilitates network management. Provides network configuration parameters including the IP address of the DNS server and the domain name for hosts in addition to IPv6 addresses.
Basic Concepts of DHCPv6

l Multicast address In DHCPv6, the client does not need to be configured with the IP address of the DHCPv6 server. Instead, the client locates the DHCPv6 server by sending Solicit messages whose destination address is a multicast address. DHCPv6 uses the following multicast addresses: FF02::1:2 (All_DHCP_Relay_Agents_and_Servers): indicates the multicast address of all the DHCP servers and relay agents. The address is the link-scoped multicast address and is used for communication between a DHCP client and its neighboring server or relay agent on the link. All the DHCP servers and relay agents are members of the multicast group. FF05::1:3 (All_DHCP_Servers): indicates the multicast address of all the DHCP servers. The address is the site-scoped address and is used for communication between DHCP relay agents and DHCP servers within a site. All DHCP servers within a site are members of this multicast group. l UDP port number DHCPv6 messages are transmitted through UDPv6. DHCP clients listen on port 546 for DHCP messages, and DHCP servers and relay agents listen on port 547 for DHCP messages. l DUID The DHCP Unique Identifier (DUID) identifies a DHCPv6-enabled device including the DHCPv6 client and is used for verification between DHCPv6-enabled devices. The S7700 uses the DUID Based on hardware type, Link-layer Address and Time (DUIDLLT) to identify DHCPv6-enabled devices. Figure 5-1 shows the format of the DUID-LLT.
Issue 01 (2011-07-15)
102
Figure 5-1 DUID-LLT format
0 DUID type
15 Hardware type Time Link layer address
31
DUID type: The value of the DUID type is 0x0001. Hardware type: The hardware type supported by the device is Ethernet and the value is 0x0006. Time: time when the DUID is generated. Before the DUID is generated, the system time must be configured or the clock source is available. Link layer address: The value is the link layer address of any interface. The interface has a unique link layer address. The link layer address is the MAC address.
5.2 DHCPv6 Features Supported by the S7700

Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 server or client.
Typical Networking of DHCPv6

Figure 5-2 shows a typical networking of DHCPv6. The DHCPv6 client communicates with the DHCPv6 server through the link-scoped multicast address to obtain the IPv6 address and other network configuration parameters. If the DHCPv6 server and the DHCPv6 client are located on different links, the DHCPv6 relay agent is required to forward messages. In this case, you do not need to deploy a DHCPv6 server on each link. The costs are thus saved and concentrated management is implemented easily.
Issue 01 (2011-07-15)
103
Figure 5-2 Typical networking of DHCPv6
DHCPv6 client
DHCPv6 client
IPv6 network DHCPv6 relay agent
DHCPv6 client
DHCPv6 client
DHCPv6 server
NOTE
Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 server or client.
DHCPv6 Relay Function Supported by the S7700

l Forwards messages from DHCPv6 clients. If the S7700 is the first-hop DHCPv6 relay agent, it receives DHCPv6 messages from DHCPv6 clients. Then the S7700 resolves, encapsulates, and forwards the received DHCPv6 messages. l Forwards messages from DHCPv6 relay agents. If the S7700 is the non-first-hop DHCPv6 relay agent, it receives DHCPv6 messages from DHCPv6 relay agents. Then the S7700 resolves, encapsulates, and forwards the received DHCPv6 messages. l Forwards messages from DHCPv6 servers. If the S7700 is the last-hop DHCPv6 relay agent, it receives DHCPv6 messages from DHCPv6 servers. Then the S7700 resolves, encapsulates, and forwards the received DHCPv6 messages. l l Appends the remote ID. The S7700 can append or forcibly append the remote ID in Relay-Forward messages. Limits the rate of DHCPv6 messages to be forwarded. To prevent a large number of messages of clients or relay agents from attacking the device, the S7700 can limit the rate of DHCPv6 messages to be forwarded. An alarm is generated when the number of discarded packets exceeds the threshold. l Collects statistics on forwarded DHCPv6 messages. If the S7700 is enabled with the DHCPv6 relay function, the S7700 collects statistics on DHCPv6 messages passing through the DHCP relay agent.
Issue 01 (2011-07-15)
104
5.3 Configuring DHCPv6 Relay

When the DHCPv6 client and the DHCPv6 server are on different links, you need to deploy DHCPv6 relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, the DHCPv6 relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client and the DHCPv6 server.

This section describes the applicable environment, pre-configuration tasks, and data preparation for configuring DHCPv6 relay.
When the DHCPv6 client applies to the DHCPv6 server on a different link for the IP address, you need to deploy relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, the relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client and the DHCPv6 server.
Before configuring DHCPv6 relay, complete the following tasks: l l Configuring the DHCPv6 server Configuring the route between the S7700 and DHCPv6 server
Data Preparation
To configure DHCPv6 relay, you need the following data. No. 1 2 Data Type and number of the interface where DHCPv6 relay is enabled (the interface type is VLANIF) Type and number of the interface where the function of appending the remote ID to DHCPv6 relay messages is enabled (the interface type can be Ethernet, GE, or XGE) (Optional) Maximum transmission rate of DHCPv6 messages and alarm threshold of the number of DHCPv6 messages discarded
5.3.2 Enabling the DHCPv6 Relay Function

You can enable the DHCPv6 relay function on a VLANIF interface of the S7700, set the IPv6 address of the DHCPv6 server or the next hop relay agent, and specify the outbound interface of relay messages.
Procedure
Step 1 Run:
system-view

dhcp enable
DHCP is enabled. Step 3 Run:

ipv6
The IPv6 packet forwarding capability is enabled. Step 4 Run:


ipv6 enable
The IPv6 capability is enabled on the interface. Step 6 Run:

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
The IPv6 address is configured on the interface. Step 7 Run:

dhcpv6 relay destination ipv6-address [ interface interface-type interface-number ]
The DHCPv6 relay function is enabled on the VLANIF interface, the IPv6 address of the DHCPv6 server or the next hop relay agent is set, and the outbound interface of relay messages is specified. By default, the DHCPv6 relay function is disabled on a VLANIF interface. l If the configured IPv6 address is a global address or a site address, the outbound interface does not need to be specified. The DHCPv6 server sends the relay messages to the IPv6 address by searching for a route. l If the configured IPv6 address is a local address or a multicast address, the outbound interface of the DHCPv6 server or the next hop relay agent needs to be specified. On the S7700, up to eight interfaces can be enabled with the DHCPv6 relay function and each interface can be configured with up to eight destination addresses. ----End
5.3.3 (Optional) Configuring the Remote ID

The remote ID carries information about a client and identifies a client.
Context
The DHCPv6 server can make decisions about address allocation, parameter setting, and prefix agent according to the remote ID. The format of the remote ID is defined by the vendor. Usually,
the remote ID carries the phone number and user name in a dial-up connection, or the peer IP address and access interface in a point-to-point connection. Currently, a remote ID can contain a maximum of 247 bytes. When the S7700 functions as the DHCPv6 relay agent, it processes the remote ID as follows: l The S7700 directly receives messages from DHCPv6 clients. When constructing a RelayForward message, the S7700 adds the remote ID to the Relay-Forward message according to the configuration. If the Relay-Reply message received by the S7700 from the DHCPv6 server contains the remote ID, the S7700 removes the remote ID from the Relay-Reply message before forwarding it to DHCPv6 clients or other relay agents.
Procedure
Step 1 Run:
system-view

dhcpv6 remote-id format { default | user-defined text }
The format of the remote ID in DHCPv6 messages is set. By default, the default format of the remote ID in DHCPv6 messages is used. Step 3 Run:
interface interface-type interface-number
The interface view is displayed. The interface can be an Ethernet interface, a GE interface or an XGE interface. Step 4 Run:
dhcpv6 remote-id insert enable
The function of appending the remote ID to DHCPv6 relay messages is enabled. Or, run:
dhcpv6 remote-id rebuild enable
The function of forcibly appending the remote ID to DHCPv6 relay messages is enabled. l After the dhcpv6 remote-id insert enable command is used, if the original DHCPv6 messages do not carry the remote ID, the S7700 appends the remote ID to the DHCPv6 messages. If the original DHCPv6 messages carry the remote ID, the S7700 sends the DHCP messages directly. l After the dhcpv6 remote-id rebuild enable command is used, if the original DHCPv6 messages do not carry the remote ID, the S7700 appends the remote ID to the DHCPv6 messages. If the original DHCPv6 messages carry the remote ID, the S7700 deletes the original remote ID from the DHCP messages and appends a new remote ID to the DHCP messages. If you run the dhcpv6 remote-id insert enable and dhcpv6 remote-id rebuild enable commands simultaneously on an interface, the command that you run later takes effect. ----End
5.3.4 (Optional) Configuring Rate Limit of DHCPv6 Messages

To prevent a large number of messages of clients or relay agents from attacking the device, the S7700 can limit the rate of DHCPv6 messages to be forwarded.
Context
After rate limit of DHCPv6 messages is enabled, excessive DHCPv6 messages are discarded when the rate of DHCPv6 messages exceeds the limit. When the number of discarded DHCPv6 messages exceeds the threshold, the S7700 supports the log function.
Procedure
Step 1 Run:
system-view

dhcp enable
DHCP is enabled. Step 3 Run:

dhcpv6 packet-rate packet-rate
Rate limit of DHCPv6 messages is enabled and the maximum transmission rate of DHCPv6 messages is set. By default, rate limit of DHCPv6 messages is disabled on the S7700. Step 4 Run:
dhcpv6 packet-rate drop-alarm enable
The alarm function for DHCPv6 messages discarded when the rate of DHCPv6 messages exceeds rate limit. After the log function is enabled, if the number of DHCPv6 messages that pass through the S7700 every second exceeds the rate limit, they are discarded. By default, S7700 sends logs when the number of discarded DHCPv6 messages exceeds 100. Step 5 Run:
dhcpv6 packet-rate drop-alarm threshold threshold
The log threshold for DHCPv6 messages discarded is set when the rate of DHCPv6 messages exceeds rate limit. ----End

This section describes how to check the configuration of DHCPv6 relay.
Prerequisite
The configurations of DHCPv6 relay are complete.
Procedure
l Run the display dhcpv6 relay [ interface interface-type interface-number ] command to check the configuration about the interface enabled with the DHCPv6 relay function. Currently, the interface type can only be the VLANIF interface. l Run the display dhcpv6 relay statistics [ interface interface-type interface-number ] command to check the statistics about DHCPv6 messages passing through the DHCPv6 relay agent. Currently, the interface type can only be the VLANIF interface. ----End
5.4 Maintaining DHCPv6

This section describes how to clear the statistics about DHCPv6 messages passing through the DHCPv6 relay agent and monitor the running status of the DHCPv6 relay agent.
5.4.1 Clearing the Statistics About DHCPv6 Messages Passing Through the DHCP Relay Agent
If the S7700 is enabled with the DHCPv6 relay function, the system collects statistics about DHCPv6 messages passing through the DHCP relay agent. To clear the statistics about DHCPv6 messages passing through the DHCPv6 relay agent, you can use the command in the user view or system view.
Context
CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you use the command.
Procedure
l Run the reset dhcpv6 relay statistics [ interface interface-type interface-number ] command to clear the statistics about DHCPv6 messages passing through the DHCPv6 relay agent. The interface must be the VLANIF interface. If no interface is specified, all the statistics about DHCPv6 messages are cleared. If the interface is specified, the statistics about DHCPv6 messages on the specified interface are cleared. ----End
5.4.2 Monitoring the Running Status of the DHCPv6 Relay Agent

This section describes how to use the display commands to monitor the running status of the DHCPv6 relay agent.
Procedure
l l Run the display dhcpv6 relay [ interface interface-type interface-number ] command to check the configuration about the interface enabled with the DHCPv6 relay function. Run the display dhcpv6 relay statistics [ interface interface-type interface-number ] command to check the statistics about DHCPv6 messages passing through the DHCPv6 relay agent.
----End

This section provides a configuration example of DHCPv6 relay.
5.5.1 Example for Configuring DHCPv6 Relay

This section provides a configuration example of DHCPv6 relay.
As shown in Figure 5-3, the DHCPv6 client address is 2000::/64 and the DHCPv6 server address is 3000::3/64. The DHCPv6 client and the DHCPv6 server are on different links; therefore, a DHCPv6 relay agent is required to forward DHCPv6 messages. It is required that the Switch should function as the DHCPv6 relay agent to forward DHCPv6 messages exchanged between the DHCPv6 client and the DHCPv6 server. In addition, the Switch functions as the gateway device of the network at 2000::/64. By specifying the M flag bit and O flag bit in RA messages, hosts on the network are enabled to obtain IPv6 addresses and other network configuration parameters through DHCPv6. Figure 5-3 Networking for configuring DHCPv6 relay
DHCPv6 client
DHCPv6 client GE1/0/2 GE1/0/1 Switch VLANIF20 VLANIF10 3000::1/64 2000::1/64 3000::3/64 DHCPv6 server
DHCPv6 relay agent DHCPv6 client DHCPv6 client
The configuration roadmap is as follows: 1.
Issue 01 (2011-07-15)
Enable DHCP.
2. 3. 4.
Create VLANIF interfaces and set IPv6 addresses of the VLANIF interfaces. Enable the DHCPv6 relay function and set the DHCPv6 server address. Configure the Switch as the gateway.
Data Preparation
To complete the configuration, you need the following data: l l IPv6 addresses of the interfaces IP address of the DHCPv6 server
Procedure
Step 1 Enable DHCP.
Step 2 Add interfaces to VLANs. # Add GigabitEthernet1/0/1 to VLAN 10.

# Add GigabitEthernet1/0/2 to VLAN 20.

Step 3 Set IPv6 addresses of VLANIF interfaces. # Enable the IPv6 packet forwarding function.
[Quidway] ipv6
# Set the IPv6 address of VLANIF 10.

[Quidway] vlan batch 10 20 [Quidway] interface vlanif 10 [Quidway-Vlanif10] ipv6 enable [Quidway-Vlanif10] ipv6 address 2000::1 64 [Quidway-Vlanif10] quit
# Set the IPv6 address of VLANIF 20.

[Quidway] interface vlanif 20 [Quidway-Vlanif20] ipv6 enable [Quidway-Vlanif20] ipv6 address 3000::1 64 [Quidway-Vlanif20] quit
Step 4 Enable the DHCPv6 relay function. # Enable the DHCPv6 relay function on VLANIF 10 and set the IP address of the DHCPv6 server.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] dhcpv6 relay destination 3000::3
Step 5 Configure the Switch as the gateway.

# Configure the Switch to send RA messages and configure M and O flag bits.
[Quidway-Vlanif10] [Quidway-Vlanif10] [Quidway-Vlanif10] [Quidway-Vlanif10] undo ipv6 nd ra halt ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag quit
Step 6 Verify the configuration. Run the display dhcpv6 relay command on the Switch, and you can view the configuration of DHCPv6 relay.
[Quidway] display dhcpv6 relay Interface Mode Destination -----------------------------------------------------------------Vlanif10 Relay 3000::3 ------------------------------------------------------------------
Run the display dhcpv6 relay statistics on the Switch, and you can view the statistics about DHCP messages passing through the DHCPv6 relay agent.
[Quidway] display dhcpv6 relay statistics MessageType Receive Send Solicit 0 0 Advertise 0 0 Request 0 0 Confirm 0 0 Renew 0 0 Rebind 0 0 Reply 0 0 Release 0 0 Decline 0 0 Reconfigure 0 0 Information-request 0 0 Relay-forward 0 0 Relay-reply 0 0 UnknownType 0 0 Error 0 0 0 0 0 0 0 0 0 0 0 0 0 0
----End
Configuration Files
# sysname Quidway # vlan batch 10 20 # ipv6 # dhcp enable # interface Vlanif10 ipv6 enable ipv6 address 2000::1/64 undo ipv6 nd ra halt ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag dhcpv6 relay destination 3000::3 # interface Vlanif20 ipv6 enable ipv6 address 3000::1/64 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 #
Issue 01 (2011-07-15)
112

interface GigabitEthernet1/0/2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 # return
Issue 01 (2011-07-15)
113
6 IP Performance Configuration
6
About This Chapter
IP Performance Configuration
This chapter describes the basic concepts of IP performance, and provides configuration procedures and examples of IP performance. 6.1 Introduction to IP Performance On certain networks, you need to change IP parameters to optimize the performance of networks. Here, IP performance parameters supported by the S7700 are described. 6.2 IP Performance Supported by the S7700 This section describes the IP Performance features supported by the S7700. 6.3 Optimizing IP Performance This section describes how to optimize IP performance of a certain network by setting IP performance parameters. 6.4 Maintaining IP Performance This section describes how to maintain IP performance. 6.5 Configuration Examples This section provides several configuration examples of IP performance.
Issue 01 (2011-07-15)
114
6.1 Introduction to IP Performance

On certain networks, you need to change IP parameters to optimize the performance of networks. Here, IP performance parameters supported by the S7700 are described.
6.2 IP Performance Supported by the S7700

This section describes the IP Performance features supported by the S7700. The S7700 supports the following IP performance parameters that can be changed: l l l l l l l Sending of Internet Control Message Protocol (ICMP) host unreachable packets Sending of ICMP redirection packets Sending ICMP Port Unreachable packets Discarding the ICMP packets whose TTL values are 1 Discarding the ICMP packets that carry options Discarding ICMP Destination Unreachable packets Load balancing mode of IP packet forwarding
NOTE
On the S7700, you can set the load balancing mode for only the packets sent by the CPU.
l l l l l
Timeout interval of the TCP FIN-Wait timer Timeout interval of the TCP SYN-Wait timer Size of the packet receive or transmit buffer of the connection-oriented socket Forcible fragmentation of packets on an interface at the outbound direction Statistics on Transmission Control Protocol (TCP), IP, User Datagram Protocol (UDP), and socket monitor traffic
6.3 Optimizing IP Performance

This section describes how to optimize IP performance of a certain network by setting IP performance parameters.

On certain networks, you need to change IP performance parameters to optimize the performance. To optimize the performance, you need to set parameters.
Before optimizing IP performance, complete the following tasks: l Connecting interfaces and setting physical parameters of the interfaces to ensure that the physical layer of the interfaces is in the Up state
Issue 01 (2011-07-15)
l l l
Setting parameters of the link layer protocol for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Assigning IP addresses to interfaces Configuring access control lists (ACLs)
Data Preparation
To optimize IP performance, you need the following data. No. 1 2 3 Data Number of the interface on which the Don't Fragment (DF) field of packets needs to be deleted Number of the interface on which ICMP redirection and ICMP host unreachable need to be configured Timeout interval of the TCP SYN-Wait timer, timeout interval of the TCP FIN-Wait timer, receive or transmit buffer of the socket
6.3.2 Enabling an Interface to Check the Source IP Addresses of Packets

Context
Do as follows on the S7700.
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created. Step 3 Run:

quit


ip verify source-address
The interface is enabled to check the source IP addresses.

The S7700 only checks the source IP addresses of the packets sent from the interface to the CPU. ----End
6.3.3 Configuring Forcible Fragmentation of Outgoing Packets on an Interface

Context
Procedure
Step 1 Run:
system-view

vlan vlan-id
A VLAN is created. Step 3 Run:

quit


NOTE
The DF field is deleted from the packet sent from an interface; therefore, you need to configure this function on an outgoing interface.
Step 5 Run:
clear ip df
The interface is configured to delete the DF field. By default, outgoing packets are not fragmented forcibly on an interface. ----End
6.3.4 Setting ICMP Parameters

Context
By default, the S7700 is enabled to send ICMP redirection packets and ICMP host unreachable packets. The fast ICMP reply function is disabled on a S7700.
CAUTION
l If the S7700 is disabled from sending ICMP redirection packets, the S7700 does not send ICMP redirection packets in any case. l If the S7700 is disabled from sending ICMP host unreachable packets, the S7700 does not send ICMP host unreachable packets in any case. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view

icmp-reply fast
The fast ICMP reply function is enabled.

NOTE
After the fast ICMP reply function is enabled on the S7700, the S7700 can respond to ICMP Echo request packets quickly in the following situations: l The S7700 does not have the ARP entry of the device that initiates the ping. However, the S7700 cannot learn the ARP entry of this device in this case. l The S7700 does not have a route to the device that initiates the ping. l The checksum of the received ICMP Echo request packet is incorrect.
Step 3 Run:
icmp ttl-exceeded drop { slot slot-id | all }
The LPU is configured to discard the ICMP packets whose TTL values are 1. Step 4 Run:
icmp with-options drop { slot slot-id | all }
The LPU is configured to discard the ICMP packets that carry options. Step 5 Run:
icmp unreachable drop
The S7700 is configured to discard the ICMP Destination Unreachable packets. Step 6 Run:
icmp port-unreachable send
The S7700 is configured to send ICMP Port Unreachable packets. Step 7 Run:
icmp host-unreachable send
The S7700 is configured to send ICMP Host Unreachable packets.


NOTE
The relationship between the icmp host-unreachable send (system view) and the icmp host-unreachable send (interface view) commands are as follows: l When the S7700 is disabled from sending ICMP Host Unreachable packets, all the interfaces of the S7700 do not send the ICMP Host Unreachable packets even if you run the undo icmp host-unreachable send (interface view) command in the interface view. l When the S7700 is enabled to send ICMP Host Unreachable packets, all the interfaces of the S7700 can send ICMP Host Unreachable packets, which conforms to the default setting. In this case, you can run the undo icmp host-unreachable send (interface view) command to disable a specified interface from sending the ICMP Host Unreachable packets.
Step 8 Run:

icmp redirect send
The interface is enabled to send ICMP redirection packets. Step 10 Run:

icmp host-unreachable send
The interface is enabled to send ICMP host unreachable packets. ----End
6.3.5 Setting TCP Parameters

Context
You can set the following TCP parameters: l SYN-Wait timer: When sending packets with the SYN flag, TCP starts the SYN-Wait timer. If no response is received before the SYN-Wait timer expires, the TCP connection ends. The timeout interval of the TCP SYN-Wait timer is an integer that ranges from 2 to 600, in seconds. By default, the value is 75s. FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to FIN_WAIT_2, the FIN-Wait timer is enabled. If no packet with the FIN flag is received before the FIN-Wait timer expires, the TCP connection ends. The timeout interval of the TCP FIN-Wait timer is an integer that ranges from 76 to 3600, in seconds. By default, the value is 675s. Size of the packet receive or transmit buffer: The value is an integer that ranges from 1 to 32, in Kbytes. By default, the value is 8 Kbytes.
If you run the tcp window command repeatedly in the same system view, the latest configuration overrides the previous configuration. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
119

tcp timer syn-timeout interval
The timeout interval of the TCP SYN-Wait timer is set. Step 3 Run:
tcp timer fin-timeout interval
The timeout interval of the TCP FIN-Wait timer (FIN_WAIT_2) is set. Step 4 Run:
tcp window window-size
The size of the packet receive or transmit buffer is set. ----End
6.3.6 (Optional) Setting the Load Balancing Mode of IP Packet Forwarding

Context
NOTE
Currently, the S7700 supports only the flow-based load balancing.
When flow-based load balancing mode is adopted, the S7700 performs the Hash algorithm based on the protocol type, source IP address and mask, destination IP address and mask, source port number, and destination port number, and then selects a route for forwarding packets according to the Hash value. By default, the flow-based load balancing mode is adopted. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view

load-balance flow [ all | slot slot-id ]
The load balancing mode is configured for IP packet forwarding.

NOTE
The value of slot-id can only be 0. That is, on the S7700, you can set the load balancing mode for only the packets sent by the CPU.
----End

Prerequisite
The configurations of optimizing IP performance are complete.
Procedure
l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status. Run the display tcp statistics command to check the statistics on TCP traffic. Run the display udp statistics command to check the statistics on UDP traffic. Run the display ip statistics command to check the statistics on IP traffic. Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type socket-type ] command to check information about the created IPv4 socket. Run the display icmp statistics command to check the statistics on ICMP traffic. Run the display rawlink statistics command to check the Rawlink statistics. Run the display fib [ slot-id ] command to check the Forwarding Information Base (FIB) table on the Line Processing Unit (LPU). Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] command to check information about the FIB table. Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ] command to check information about the FIB entries that match ACL rules in a certain format. Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface as a specified interface. Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name [ verbose ] command to check information about the FIB entries that match a specified IP prefix list. Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1 [ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIB entries that match destination IP addresses in a specified range. Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address command to check information about the FIB entries that match the specified next hop address. Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command to check the total number of FIB entries.
l l l l l l l l l
l l
----End
6.4 Maintaining IP Performance

This section describes how to maintain IP performance.
Issue 01 (2011-07-15)
121
6.4.1 Clearing IP Performance Statistics

Context
CAUTION
The statistics on IP, TCP, or UDP traffic cannot be restored after you clear them. So, confirm the action before you use the command.
Procedure
l l l l l Run the reset ip statistics [ interface interface-type interface-number ] command in the user view to clear the statistics on IP traffic. Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the user view to clear the information about the socket monitor. Run the reset tcp statistics command in the user view to clear the statistics on TCP traffic. Run the reset udp statistics command in the user view to clear the statistics on UDP traffic. Run the reset rawlink statistics command in the user view to clear the Rawlink statistics.
----End
6.4.2 Monitoring the Running Status of IP Performance

Context
In routine maintenance, you can run the following command in any view to view the running status of IP performance.
Procedure
l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status. Run the display tcp statistics command to check the statistics on TCP traffic. Run the display udp statistics command to check the statistics on UDP traffic. Run the display ip statistics command to check the statistics on IP traffic. Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type socket-type ] command to check information about the created IPv4 socket. Run the display icmp statistics command to check the statistics on ICMP traffic. Run the display rawlink statistics command to check the Rawlink statistics. Run the display fib [ slot-id ] command to check the FIB table on the LPU. Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] command to check information about the FIB table. Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ] command to check information about the FIB entries that match ACL rules in a certain format.
l l l l l l l l l
Issue 01 (2011-07-15)
Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface as a specified interface. Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name [ verbose ] command to check information about the FIB entries that match a specified IP prefix list. Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1 [ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIB entries that match destination IP addresses in a specified range. Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address command to check information about the FIB entries that match the specified next hop address. Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command to check the total number of FIB entries.
l l
----End
6.4.3 Debugging IP Performance

Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. When an IP, TCP, UDP, RAWIP, or RAWLINK fault occurs, run the following debugging commands in the user view to locate the fault. For details on debugging commands, see the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
l l l Run the debugging ip packet [ error ] [ acl acl-number ] [ verbose ] command in the user view to debug IP packets. Run the debugging ip icmp [ verbose ] command in the user view to debug ICMP packets. Run the debugging udp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging udp packet [ task-id task-id ] [ socket-id socket-id ] command in the user view to debug UDP packets. Run the debugging tcp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] [ flag flag-number ] or debugging tcp packet [ task-id task-id ] [ socket-id socket-id ] [ flag flag-number ] command in the user view to debug UDP packets. Run the debugging tcp event [ local-ip local-address ] [ local-port local-port ] [ remoteip remote-address ] [ remote-port remote-port ] or debugging tcp event [ task-id taskid ] [ socket-id socket-id ] command in the user view to debug TCP events. Run the debugging tcp md5 [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging tcp md5 [ task-id task-id ] [ socket-id
Issue 01 (2011-07-15)
socket-id ] command in the user view to debug TCP Message Digest Algorithm 5 (MD5) authentication. l Run the debugging rawip packet [ src-ip src-address ] [ dest-ip dest-address ] [ protocol protocol-number ] [ verbose verbose-number ] or debugging rawip packet [ task-id task-id ] [ socket-id socket-id ] [ verbose verbose-number ] command in the user view to debug RAWIP packets. Run the debugging rawlink packet [ src-mac src-mac ] [ dest-mac dest-mac ] [ verbose verbose-number ] or debugging rawlink packet [ task-id task-id ] [ socket-id socket-id ] [ verbose verbose-number ] command in the user view to debug RAWLINK packets.
----End

This section provides several configuration examples of IP performance.
6.5.1 Example for Disabling the Sending of ICMP Redirection Packets

This section provides a configuration example of disabling the sending of ICMP redirection packets.
As shown in Figure 6-1, to limit the sending of ICMP redirection packets, Switch A, Switch B, and Switch C are required and these devices are connected through their GE interfaces. Figure 6-1 Networking diagram for disabling the sending of ICMP redirection packets
SwitchA
VLANIF10 1.1.1.1/24
GE1/0/0
GE1/0/0
VLANIF10 2.2.2.2/24
Internet
GE1/0/0
VLANIF10 1.1.1.2/24
SwitchC
SwitchB
Issue 01 (2011-07-15)
124
The configuration roadmap is as follows: 1. 2. 3. Assign IP addresses to interfaces on routing devices. Configure static routes to indirectly connected devices. Disable the sending of ICMP redirection packets on an interface.
Data Preparation
To complete the configuration, you need the following data: l l Static routes to indirectly connected devices IP address of the interface
Procedure
Step 1 Assign IP addresses to VLANIF interfaces. # Configure Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 10 [SwitchA-Vlan10] quit [SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] port hybrid tagged vlan 10 [SwitchA-GigabitEthernet1/0/0] quit [SwitchA] interface vlanif 10 [SwitchA-Vlanif10] ip address 1.1.1.1 24 [SwitchA-Vlanif10] quit
# Configure Switch B.
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] vlan 10 [SwitchB-Vlan10] quit [SwitchB] interface gigabitethernet 1/0/0 [SwitchB-GigabitEthernet1/0/0] port hybrid tagged vlan 10 [SwitchB-GigabitEthernet1/0/0] quit [SwitchB] interface vlanif 10 [SwitchB-Vlanif10] ip address 1.1.1.2 24 [SwitchB-Vlanif10] quit
# Configure Switch C.
<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] vlan 10 [SwitchC-Vlan10] quit [SwitchC] interface gigabitethernet 1/0/0 [SwitchC-GigabitEthernet1/0/0] port hybrid tagged vlan 10 [SwitchC-GigabitEthernet1/0/0] quit [SwitchC] interface vlanif 10 [SwitchC-Vlanif10] ip address 2.2.2.2 24 [SwitchC-Vlanif10] quit
Step 2 Configure static routes. # Configure Switch A.

[SwitchA] ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
Issue 01 (2011-07-15)
125
[SwitchB] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
Step 3 Disable the sending of ICMP redirection packets on VLANIF 10 of Switch B.

[SwitchB] interface vlanif 10 [SwitchB-Vlanif10] undo icmp redirect send [SwitchB-Vlanif10] quit
Step 4 Verify the configuration. # Debug ICMP packets on Switch B.

<SwitchB> debugging ip icmp
# Run the ping command on Switch A. You can view that Switch B does not send host redirection packets. No ICMP redirection packet is displayed in the output of the debugging command.
[SwitchA] ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=3 --- 2.2.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms
ms ms ms ms ms
----End
Configuration Files
# sysname SwitchA # vlan batch 10 # interface vlanif 10 ip address 1.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 port hybrid tagged vlan 10 # ip route-static 2.2.2.0 255.255.255.0 1.1.1.2 # return
Configuration file of Switch B

# sysname SwitchB # vlan batch 10 # interface vlanif 10 ip address 1.1.1.2 255.255.255.0 undo icmp redirect send # interface GigabitEthernet1/0/0 port hybrid tagged vlan 10 # ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
Issue 01 (2011-07-15)
126

# return

# sysname SwitchC # vlan batch 10 # interface vlanif 10 ip address 2.2.2.2 255.255.255.0 # interface GigabitEthernet1/0/0 port hybrid tagged vlan 10 # return
6.5.2 Example for Disabling the Sending of ICMP Host Unreachable Packets
This section provides a configuration example of disabling the sending of ICMP host unreachable packets.
As shown in Figure 6-2, to limit the sending of ICMP redirection packets, Switch A, Switch B, and Switch C are required and these devices are connected through their GigabitEthernet interfaces. Figure 6-2 Networking diagram for disabling the sending of ICMP host unreachable packets
GE1/0/2
VLANIF11 2.2.2.2/24 SwitchC
GE1/0/2
VLANIF11 2.2.2.1/24
SwitchB
GE1/0/1 GE1/0/1
VLANIF10 1.1.1.1/24
VLANIF10 1.1.1.2/24
SwitchA
The configuration roadmap is as follows: 1. 2. 3.
Issue 01 (2011-07-15)
Assign IP addresses to interfaces on Switches. Configure static routes to indirectly connected devices. Enable the sending of ICMP host unreachable packets in the interface view.

NOTE
By default, the sending of ICMP host unreachable packets is enabled on the interface view. If the configuration is not changed, you can skip this configuration.
Data Preparation
To complete the configuration, you need the following data: l l Static routes to indirectly connected devices IP address of the interface
Procedure
Step 1 Configure Switch A. # Assign an IP address to VLANIF 10.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 10 [SwitchA-Vlan10] quit [SwitchA] interface gigabitethernet1/0/1 [SwitchA-GigabitEthernet1/0/1] port hybrid tagged vlan 10 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface vlanif 10 [SwitchA-Vlanif10] ip address 1.1.1.1 24 [SwitchA-Vlanif10] quit
# Configure a static route on Switch A.

[SwitchA] ip route-static 2.2.2.0 24 1.1.1.2
Step 2 Configure Switch B. # Assign an IP address to VLANIF 10 on Switch B and disable the sending of ICMP host unreachable packets.
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] vlan 10 [SwitchB-Vlan10] quit [SwitchB] interface gigabitethernet1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid tagged vlan 10 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface vlanif 10 [SwitchB-Vlanif10] ip address 1.1.1.2 24 [SwitchB-Vlanif10] quit [SwitchB] vlan 11 [SwitchB-Vlan11] quit [SwitchB] interface gigabitethernet1/0/2 [SwitchB-GigabitEthernet1/0/2] port hybrid tagged vlan 11 [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface vlanif 11 [SwitchB-Vlanif11] ip address 2.2.2.1 24 [SwitchB-Vlanif11] icmp host-unreachable send [SwitchB-Vlanif11] quit
Step 3 Configure Switch C. # Assign an IP address to VLANIF 11 on Switch C.

<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] vlan 11 [SwitchC-Vlan11] quit
Issue 01 (2011-07-15)
128
[SwitchC] interface gigabitethernet1/0/2 [SwitchC-GigabitEthernet1/0/2] port hybrid tagged vlan 11 [SwitchC-GigabitEthernet1/0/2] quit [SwitchC] interface vlanif 11 [SwitchC-Vlanif11] ip address 2.2.2.2 24 [SwitchC-Vlanif11] quit
Step 4 Verify the configuration. # Debug ICMP packets on Switch A.

<SwitchA> debugging ip icmp <SwitchA> terminal monitor <SwitchA> terminal debugging
# Run the ping 2.2.2.3 command on Switch A. According to the received packet captured by the tester on Switch A, Switch B sends host unreachable packets.
[SwitchA] ping 2.2.2.3
----End
Configuration Files
# sysname SwitchA # vlan 10 # interface vlanif 10 ip address 1.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/1 port hybrid tagged vlan 10 # ip route-static 2.2.2.0 255.255.255.0 1.1.1.2 # return

# sysname SwitchB # vlan batch 10 to 11 # interface vlanif 10 ip address 1.1.1.2 255.255.255.0 # interface vlanif 11 ip address 2.2.2.1 255.255.255.0 # interface GigabitEthernet1/0/1 port hybrid tagged vlan 10 # interface GigabitEthernet1/0/2 port hybrid tagged vlan 11 # return

# sysname SwitchC # vlan 11 # interface vlanif 11 ip address 2.2.2.2 255.255.255.0
Issue 01 (2011-07-15)
129

# interface GigabitEthernet1/0/2 port hybrid tagged vlan 11 # return
6.5.3 Example for Optimizing System Performance by Discarding Certain ICMP Packets
This section provides a configuration example of optimizing system performance by discarding certain ICMP packets.
Networking Requirement
As shown in Figure 6-3, the Switch functions as the convergence device. The enterprise users, individual users, and DSLAMs are attached to the Switch. The Switch is connected to the Internet through a BRAS. To reduce the workload on the Switch, you need to configure the Switch to discard certain ICMP packets. The ICMP packets to be discarded have any of the following characteristics: l l l The TTL values of the packets are 1. The packets carry options. The destination addresses of the packets are unreachable.
Figure 6-3 Networking for configuring ICMP security function
Internet
BRAS
S9300
DSLAM User network
Enterprise user
Individual user
Issue 01 (2011-07-15)
130
Perform the configurations in the system view of the Switch. The configuration roadmap is as follows: l l l Configure the Switch to discard the ICMP packets whose TTL values are 1. Configure the Switch to discard the ICMP packets that carry options. Configure the Switch to discard the ICMP packets whose destination addresses are unreachable.
Data Preparation
None
Procedure
Step 1 Configure the Switch to discard certain ICMP packets. # Configure the Switch to discard the ICMP packets whose TTL values are 1.
<Quidway> system-view [Quidway] icmp ttl-exceeded drop all
# Configure the Switch to discard the ICMP packets that carry options.
[Quidway] icmp with-options drop all
# Configure the Switch to discard the ICMP packets whose destination addresses are unreachable.
[Quidway] icmp unreachable drop
Step 2 Verify the configuration. # Run the display this command in the system view to display the configuration of the ICMP security function.
[Quidway] display this # icmp unreachable drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop
slot slot slot slot slot slot
1 1 2 2 3 3
----End
Configuration Files
# sysname Quidway # icmp unreachable drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop
slot slot slot slot slot slot
1 1 2 2 3 3
Issue 01 (2011-07-15)
131

# return
Issue 01 (2011-07-15)
132
7 UDP Helper Configuration
7
About This Chapter
UDP Helper Configuration
This chapter describes the principle of UDP helper, and provides configuration procedures and examples of UDP helper. 7.1 Introduction to UDP Helper This section describes the principle of UDP helper. 7.2 UDP Helper Features Supported by the S7700 This section describes the UDP Helper features supported by the S7700. 7.3 Configuring UDP Helper This section describes how to configure UDP helper to forward IP broadcast packets of a specified UDP port. 7.4 Maintaining UDP Helper This section describes how to maintain UDP helper. 7.5 Configuration Examples This section provides several configuration examples of UDP helper.
Issue 01 (2011-07-15)
133
7.1 Introduction to UDP Helper

This section describes the principle of UDP helper. The S7700 on a network needs to obtain network configurations or query the name of another device by sending broadcast packets. The S7700, however, cannot obtain the required information if the S7700 and the server or the device to be queried are in different broadcast domains. To address the preceding problem, the S7700 provides the UDP helper function. Through the UDP helper function, the S7700 can convert broadcast packets on a specified User Datagram Protocol (UDP) port into unicast packets to be sent to a specified destination server, or forward broadcast packets on a subnet to another subnet.
7.2 UDP Helper Features Supported by the S7700

This section describes the UDP Helper features supported by the S7700. After the UDP helper function is enabled on the S7700, the S7700 forwards broadcast packets of six default UDP ports to corresponding destination servers in unicast mode. Other UDP ports must be configured manually. Table 7-1 lists the default ports. Table 7-1 Lists of default UDP ports on which packets are forwarded after the UDP helper function is enabled Protocol Trivial File Transfer Protocol (TFTP) Domain Name System (DNS) Time Service NetBIOS Name Service (NetBIOSNS) NetBIOS Datagram Service (NetBIOSDS) Terminal Access Controller Access Control System (TACACS) UDP Port Number 69 53 37 137
138
49
Issue 01 (2011-07-15)
134
The UDP helper function cannot be used to send DHCP messages, that is, the number of the UDP port cannot be 67 or 68. To forward Dynamic Host Configuration Protocol (DHCP) messages, you need to enable the DHCP relay function.
7.3 Configuring UDP Helper

This section describes how to configure UDP helper to forward IP broadcast packets of a specified UDP port.

When an S7700 on a network needs to obtain network configurations or query the name of another device by sending broadcast packets, you can enable the UDP helper function if the S7700 and the device to be queried are in different broadcast domains.
Before configuring the UDP helper function, complete the following task: l Configuring a reachable route between the S7700 and the server
Data Preparation
To configure the UDP helper function, you need the following data. No. 1 2 Data UDP port on which packets are forwarded VLANIF interface and IP address of the destination server that sends packets of UDP ports
7.3.2 Enabling the UDP Helper Function

Context
After the UDP Helper function is enabled, the S7700 checks the destination UDP port of the received packet and determines whether to relay the packet. Then the S7700 performs the operations as follows: l If the destination UDP port number of packets matches the UDP port number on which packets need to be forwarded and the destination MAC address is the broadcast MAC address, the S7700 changes the destination IP address in the IP packet header and sends them to a specified destination server. If the destination UDP port number of packets does not match the UDP port number on which packets need to be forwarded, the S7700 discards them.
Issue 01 (2011-07-15)
Procedure
Step 1 Run:
system-view

udp-helper enable
The UDP helper function is enabled. ----End
7.3.3 Configuring the UDP Port on Which Packets Are Forwarded

Prerequisite
The UDP helper function is enabled.
Context
After the UDP helper function is enabled, the S7700 forwards broadcast packets of UDP ports 37 (Time), 49 (TACACS), 53 (DNS), 69 (TFTP), 137 (NetBIOS-NS), and 138 (NetBIOS-DS) by default. If the port number that needs to be configured is in the range of default UDP port numbers, you can skip this configuration procedure. The S7700 does not forward DHCP messages of UDP ports 67 and 68. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view

udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }
The UDP port on which packets need to be forwarded are configured. ----End
7.3.4 Configuring the Destination Server to Which Packets of the UDP Port Need to Be Forwarded
Context
Procedure
Step 1 Run:
system-view


udp-helper server ip-address
The destination server to which UDP packets are forwarded is configured. After the UDP Helper function is enabled, if the destination UDP port of the packet received by the VLANIF interface is the same as the UDP port for packet relay, the packet is forwarded to the destination server configured on the VLANIF interface. ----End

Prerequisite
The configurations of the UDP helper function are complete.
Procedure
l Run the display udp-helper server [ interface vlanif vlan-id ] command to check information about UDP packets forwarded on the interface
----End
Example
Run the display udp-helper server command to check the number of the VLANIF interface that relays UDP packets, the IP address of the destination server, and the number of forwarded UDP packets.
<Quidway> display udp-helper server interface Vlanif 100 vlan-interface Server-Ip packet-num Vlanif100 10.10.10.10 20
7.4 Maintaining UDP Helper

This section describes how to maintain UDP helper.
7.4.1 Clearing UDP Helper Statistics

Context
CAUTION
The UDP helper statistics cannot be restored after you clear them. So, confirm the action before you use the command.
Procedure
Step 1 Run the reset udp-helper packet command in the user view to clear the UDP helper statistics. ----End
7.4.2 Monitoring the Running Status of UDP Helper

Context
In routine maintenance, you can run the following command in any view to view the running status of UDP helper.
Procedure
Step 1 Run the display udp-helper server [ interface vlanif vlan-id ] command to check the number of the VLANIF interface that forwards UDP packets, the IP address of the destination server, and the number of forwarded UDP packets. ----End

This section provides several configuration examples of UDP helper.
7.5.1 Example for Configuring UDP Helper

This section provides a configuration example of UDP helper.
As shown in Figure 7-1, the IP address of VLANIF 100 on the Switch is 10.110.1.1/16; the IP address of the NetBIOS-NS name server is 10.2.1.1/16. The Switch and the NetBIOS-NS name server are on different network segments, but the route between the Switch and the NetBIOSNS name server is reachable. The Switch is configured to forward broadcast packets with the destination UDP port number as 137 and the destination IP address as 255.255.255.255 and broadcast packets with the destination IP address as 10.110.255.255 to the NetBIOS-NS name server.
When receiving broadcast packets of NetBIOS-NS Register, the Switch changes the packets whose destination IP address is the IP address of the NetBIOS-NS name server. Then, the Switch forwards the packets to the specified NetBIOS-NS name server. Figure 7-1 Networking diagram for configuring UDP helper
Internet NETBIOS-NS Name Server 10.2.1.1/16
VLANIF100 10.110.1.1/16
Switch
PC1
PC2
The configuration roadmap is as follows: 1. 2. Enable the UDP helper function on the Switch. After the UDP helper function is enabled on the Switch, the Switch forwards broadcast packets with the destination UDP port as 137 by default. The UDP port number, therefore, does not need to be configured here. Create a VLAN, assign the IP address and configure the destination server to which packets of UDP ports are forwarded on the VLANIF interface.
3.
Data Preparation
To complete the configuration, you need the following data: l l VLANIF interface of the destination server to which packets of UDP ports are forwarded IP address of the destination server
Procedure
Step 1 Enable the UDP helper function.
<Quidway> system-view [Quidway] udp-helper enable
Step 2 Configure the destination server to which packets of UDP ports are forwarded.
[Quidway] vlan 100 [Quidway-Vlan100] quit [Quidway] interface vlanif 100
Issue 01 (2011-07-15)
139

[Quidway-Vlanif100] ip address 10.110.1.1 16 [Quidway-Vlanif100] udp-helper server 10.2.1.1 [Quidway-Vlanif100] quit [Quidway] quit
Step 3 Verify the configuration. The destination server to which packets of UDP ports are forwarded on VLANIF 100 is the NetBIOS-NS name server.
<Quidway> display udp-helper server interface Vlanif 100 vlan-interface Server-Ip packet-num Vlanif100 10.2.1.1 0
----End
Configuration Files
# sysname Quidway # vlan batch 100 # udp-helper enable # interface Vlanif100 ip address 10.110.1.1 255.255.0.0 udp-helper server 10.2.1.1 # return
Issue 01 (2011-07-15)
140
8 DNS Configuration
8
About This Chapter
DNS Configuration
By configuring the Domain Name System (DNS), you can enable network devices to communicate with other through their domain names. 8.1 Introduction to DNS After each host on the Internet is assigned a domain name, you can set up a mapping between the domain name and IP address of a host through. In this manner, you can use domain names, which are easy to memorize and are of significance, instead of complicated IP addresses. 8.2 DNS Supported by the S7700 Domain name resolution can be performed in either dynamic mode or static mode. 8.3 Configuring DNS By configuring the DNS, you can set up a mapping between a domain name and an IP address. In this manner, you can enable the device to communicate with other devices. 8.4 Maintaining DNS The operations of DNS maintenance include clearing DNS statistics and monitoring the DNS operating status. 8.5 Configuration Examples This section provides a configuration example of DNS.
Issue 01 (2011-07-15)
141
8 DNS Configuration
8.1 Introduction to DNS

After each host on the Internet is assigned a domain name, you can set up a mapping between the domain name and IP address of a host through. In this manner, you can use domain names, which are easy to memorize and are of significance, instead of complicated IP addresses. The Domain Name System (DNS) is a host naming mechanism provided by TCP/IP, with which hosts can be named in the form of character string. This system assumes a hierarchical naming structure. It designates a meaningful name for the device in the Internet and associates the name with the IP address through a domain name resolution server. In this manner, you can use domain names that are easy to remember instead of memorizing complex IP addresses.
8.2 DNS Supported by the S7700

Domain name resolution can be performed in either dynamic mode or static mode. DNS has two resolution modes: dynamic DNS resolution and static DNS resolution. To resolve a domain name, the system first uses static DNS resolution. If this mode fails, the system uses dynamic DNS resolution. To improve resolution efficiency, you can put common domain names in a static domain name resolution table. The S7700 supports static resolution and dynamic resolution.
8.3 Configuring DNS

By configuring the DNS, you can set up a mapping between a domain name and an IP address. In this manner, you can enable the device to communicate with other devices.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring the DNS.
If local users accessing devices need to communicate with other devices by using domain names, you can configure DNS on the device. An DNS entry is an mapping between a domain name and an IP address. If local users communicate with other devices hardly through the domain name or if the DNS server is unavailable, configure static DNS. Prior to configuring static DNS, you must know the mapping between the domain name and the IP address. In case of a change in the mapping, you must modify the DNS entry manually. You can configure dynamic DNS on the device if local users frequently use domain names for communicating with other devices and the DNS server is available.
Before configuring DNS, complete the following tasks:
8 DNS Configuration
l l l l
Configuring physical attributes of the interface and ensuring that the physical layer status of the interface is Up Configuring parameters of the link layer protocol of the interface and ensuring that the link layer protocol status of the interface is Up Configuring routes between the local device and the DNS server Configuring the DNS server
Data Preparation
To configure DNS, you need the following data. No. 1 2 3 Data Domain name and the corresponding IP address in a static DNS entry IP address of a DNS server Domain name or the domain name list of a dynamic DNS entry
8.3.2 Configuring Static DNS Entries

You can create a table of mappings between domain names and IP addresses and add commonlyused domain names to this table. When a client needs to use the IP address corresponding to a domain name, the client can search the table for the required IP address. This improves the efficiency of domain name resolution.
Procedure
Step 1 Run:
system-view

ip host host-name ip-address
The IP address corresponding to the host name is configured. A host name corresponds to only one IP address. When you configure an IP address for a host for several times, only the IP address configured at the latest is valid. To resolve several host names, repeat Step 2. You can configure a maximum of 50 static DNS entries. ----End
8.3.3 Configuring Dynamic DNS

To perform dynamic domain name resolution, you need a special domain name resolution server, which runs a server program. This server provides mappings between domain names and IP addresses and receives resolution requests from the client.
8 DNS Configuration
Procedure
Step 1 Run:
system-view

dns resolve
Dynamic domain name resolution is enabled. Step 3 Run:

dns server ip-address
A DNS server is specified. Step 4 (Optional) Run:

dns server source-ip source-ip-address
The IP address of the local device is specified. The local device uses the specified IP address to communicate with the DNS server, which ensures communication security. Step 5 Run:
dns domain domain-name
The suffix of the domain name is added. ----End
Follow-up Procedure
The system supports the configuration of a maximum of 6 domain name servers, 1 source address, and 10 domain name suffixes. To configure more than one domain name server, repeat Step 3. To configure more than one domain name suffix, repeat Step 5.

You can view the configuration of the DNS.
Prerequisite
The configurations of the DNS function are complete.
Procedure
l l l Run the display ip host command to check the information about the static DNS entry table. Run the display dns server command to check the configurations about DNS servers. Run the display dns domain command to check the configurations about domain name suffixes.
Issue 01 (2011-07-15)
8 DNS Configuration
Run the display dns dynamic-host command to check the information about dynamic DNS entries in the domain name cache.
----End
Example
Run the display ip host command. If static DNS entries including the mappings between host names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ip host Host Age Flags hw 0 static gww 0 static Address 10.1.1.1 192.168.1.1
Run the display dns server command. If IP addresses of all domain servers are displayed, it means that the configuration succeeds. For example:
<Quidway> display dns server IPv4 Dns Servers : Domain-server IpAddress 1 172.16.1.1 2 172.16.1.2 IPv6 Dns Servers : No configured servers.
Run the display dns domain command. If the list of suffixes of domain names is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns domain No Domain-name 1 com 2 net
Run the display dns dynamic-host command. If information about the dynamic domain name cache is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns dynamic-host No Domain-name IpAddress 1 www.huawei.com 91.1.1.1 2 www.huawei.com.cn 87.1.1.1 TTL 3521 3000 Alias
8.4 Maintaining DNS

The operations of DNS maintenance include clearing DNS statistics and monitoring the DNS operating status.
8.4.1 Clearing DNS Entries

This section describes DNS entry clearance through the reset command.
Context
CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this command.
Issue 01 (2011-07-15)
145
8 DNS Configuration
Procedure
Step 1 Run the reset dns dynamic-host command in the user view to clear dynamic DNS entries statistics in the domain name cache. ----End
8.4.2 Monitoring Network Operation Status of DNS

This section describes DNS operation monitoring through the display command.
Context
In routine maintenance, you can run the following command in any view to check the operation of DNS.
Procedure
l l l l Run the display ip host command to check the information about the static DNS entry table. Run the display dns server command to check configurations about DNS servers. Run the display dns domain command to check configurations about domain name suffixes. Run the display dns dynamic-host command to check the information about dynamic DNS entries in the domain name cache.
----End
8.4.3 Debugging DNS

This section describes DNS debugging through the debugging command.
Context
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging all command to disable it immediately. Run the following debugging command in the user view to debug DNS and locate the fault. For more information, refer to the chapter "Information Center Configuration" in the Quidway S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
Step 1 Run the debugging dns command in the user view to debug dynamic DNS. ----End
8 DNS Configuration

This section provides a configuration example of DNS.
8.5.1 Example for Configuring DNS

This section provides a configuration example of DNS.
As shown in Figure 8-1, Switch A acts as a DNS client, being required to access the host 2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes "com" and "net". On Switch A, configure static DNS entries of Switch B and Switch C so that Switch A can communicate with them by using domain names. Figure 8-1 Networking diagram of DNS
Loopback0 4.1.1.1/32 GE1/0/1 VLANIF 100 SwitchB 1.1.1.2/16
Loopback0 4.1.1.2/32
SwitchC
GE1/0/1 VLANIF 100 2.1.1.1/16
GE1/0/2 VLANIF 101 3.1.1.1/16 GE1/0/1 VLANIF 100 DNS Server 2.1.1.2/16 3.1.1.2/16
DNS Client SwitchA
GE1/0/2 VLANIF 101 1.1.1.1/16
huawei.com
2.1.1.3/16
The configuration roadmap is as follows: 1. 2. 3. 4. Configure static DNS entries. Enable DNS resolution. Configure an IP address for the DNS server. Configure suffixes of domain names.
Data Preparation
To complete the configuration, you need the following data: l l
Issue 01 (2011-07-15)
Domain names of Switch B and Switch C IP address of the DNS server

8 DNS Configuration
Suffixes of domain names
Procedure
Step 1 Configure Switch A. # Configure static DNS entries.
<SwitchA> system-view [SwitchA] ip host SwitchB 4.1.1.1 [SwitchA] ip host SwitchC 4.1.1.2
# Enable DNS resolution.

[SwitchA] dns resolve
# Configure an IP address for the DNS server.

[SwitchA] dns server 3.1.1.2
# Configure a domain name suffix "net".

[SwitchA] dns domain net
# Configure a domain name suffix "com".

[SwitchA] dns domain com [SwitchA] quit
NOTE
To complete DNS resolution, configuring routes from Switch A to the DNS server is mandatory. For procedures for configuring routes, refer to the Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
Step 2 Verify the configuration. # Run the ping huawei.com command on Switch A to ping the IP address 2.1.1.3. The ping succeeds.
<SwitchA> ping huawei.com Trying DNS server (3.1.1.2) PING huawei.com (2.1.1.3): 56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56
data bytes, press CTRL_C to break Sequence=1 ttl=126 time=6 ms Sequence=2 ttl=126 time=4 ms Sequence=3 ttl=126 time=4 ms Sequence=4 ttl=126 time=4 ms Sequence=5 ttl=126 time=4 ms
--- huawei.com ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/6 ms
# Run the display ip host command on Switch A to view static DNS entries, including mappings between host names and IP addresses.
<SwitchA> display ip host Host Age SwitchB 0 SwitchC 0 Flags Address static 4.1.1.1 static 4.1.1.2
# Run the display dns dynamic-host command on Switch A to view dynamic DNS entries in the domain name cache.

<SwitchA> display dns dynamic-host No Domain-name IpAddress 1 huawei.com 2.1.1.3
NOTE
8 DNS Configuration
TTL 3579
Alias
TTL value in the above display indicates the lifetime of an entry. It is in seconds.
----End
Configuration Files
# sysname SwitchA # vlan batch 100 # ip host SwitchB 4.1.1.1 ip host SwitchC 4.1.1.2 # dns resolve dns server 3.1.1.2 dns domain net dns domain com # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface vlanif100 ip address 1.1.1.2 255.255.0.0 # rip 1 network 1.0.0.0 # return

# sysname SwitchB # vlan batch 100 101 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 101 port hybrid untagged vlan 101 # interface LoopBack0 ip address 4.1.1.1 255.255.255.255 # interface vlanif100 ip address 2.1.1.1 255.255.0.0 # interface vlanif101 ip address 1.1.1.1 255.255.0.0 # rip 1 network 2.0.0.0 network 1.0.0.0 network 4.0.0.0 # return
Issue 01 (2011-07-15)
149
8 DNS Configuration

# sysname SwitchC # vlan batch 100 101 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 101 port hybrid untagged vlan 101 # interface LoopBack0 ip address 4.1.1.2 255.255.255.255 # interface vlanif100 ip address 2.1.1.2 255.255.0.0 # interface vlanif101 ip address 3.1.1.1 255.255.0.0 # rip 1 network 2.0.0.0 network 3.0.0.0 network 4.0.0.0 # return
Issue 01 (2011-07-15)
150
9 Basic Configurations of IPv6
9
About This Chapter
Context
NOTE
Basic Configurations of IPv6
This chapter describes the basic concept and configurations of IPv6.
The IPv6 functions of the S7700 are restricted through the license. Generally, the IPv6 commands can be run on a new device, but the corresponding IPv6 functions cannot take effect. To make the IPv6 functions effective on the S7700, contact local office of Huawei to buy the license.
9.1 Introduction to IPv6 This section describes the basic principle of IPv6. 9.2 IPv6 Features Supported by the S7700 The S7700 supports the IPv6 protocol suite and TCP6 protocol suite. 9.3 Configuring an IPv6 Address for an Interface Assigning an IPv6 address to a device on a network enables the device to communicate with the other devices on the network. 9.4 Configuring IPv6 Neighbor Discovery IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship between neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the Address Resolution Protocol (ARP), ICMP Device Discovery messages, and ICMP Redirect messages, and introduces neighbor reachability detection. 9.5 Maintaining IPv6 This section describes how to maintain IPv6. Detailed operations include deleting information about IPv6 operation and monitoring IPv6 operation. 9.6 Configuration Examples This section provides a configuration example of IPv6 addresses.
Issue 01 (2011-07-15)
151
9.1 Introduction to IPv6

This section describes the basic principle of IPv6.
Basic Concepts
Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network protocol of 2nd generation. It is designed by Internet Engineering Task Force as an upgraded version of IPv4. The major feature of IPv6 is the larger address space: addresses in IPv6 are 128 bits long versus 32 bits in IPv4.
Overview of IPv6 Addresses

A 128-bit IPv6 address has two formats: l X:X:X:X:X:X:X:X In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are separated by ":". Every "X" represents four hexadecimal characters. l X:X:X:X:X:X:d.d.d.d Addresses in this format are classified into two types: IPv4-compatible IPv6 addresses IPv4-mapped IPv6 addresses IPv4-compatible IPv6 addresses are used to configure the IPv6 over IPv4 tunnel. Each "X" stands for 16 bits that are represented by four hexadecimal characters. Each "d" stands for 8 bits that are represented by decimal numbers. "d.d.d.d" is a standard IPv4 address. An IPv6 address can be divided into two parts: l l Network prefix: n bits, equivalent to the network ID in the IPv4 address. Interface identifier: 128-n bits, equivalent to the host ID in the IPv4 address.
9.2 IPv6 Features Supported by the S7700

The S7700 supports the IPv6 protocol suite and TCP6 protocol suite.
IPv6 Features Supported by the S7700

The S7700 supports the setting of IPv6 addresses on a VLANIF, Loopback interface. Each interface supports a maximum of 20 IPv6 addresses, including link-local addresses and the global unicast addresses. The link-local address is used in the neighbor discovery protocol and used in the communication between the nodes on the local link in the stateless address auto-configuration. The packets whose source or destination address is the link-local address are forwarded on only the local link. A link-local address can be set automatically or manually. After the command to enable the system to automatically set link-local addresses is run, the system automatically sets a link-local
address for an interface. The link-local address manually set must be a valid link-local address (FE80::/10). Automatically generated link-local addresses are recommended because link-local addresses are used only for communications between link-local nodes usually to satisfy the communication request of protocols and irrelevant to communications between users. A global unicast address is equal to an IP address on the IPv4 public network, which is used to forward data on the public network and mandatory for communications between users. An EUI-64 address is equivalent to a global unicast address in view of functions. For an EUI-64 address, however, only the network bits need to be specified. Its host bits are transformed from the MAC address of the interface. For a global unicast address, complete 128 bits of the address have to be specified.
IPv6 Neighbor Discovery

IPv6 neighbor discovery (ND) is a packet transmission process to identify relationships between neighboring nodes. The ND protocol replaces the Address Resolution Protocol (ARP), ICMP Redirect message, and ICMP Router Discovery message on an IPv4 network and provides other functions.
IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing protocols. This brings about Routing Information Base (RIB). The RIB is a base of the FIB. Guided by route management policies, the S7700 obtains minimum necessary forwarding information from the RIB and adds the information to the FIB. Through the route management module, you can also add static routes into the FIB. Forwarding Information Base (FIB) contains minimum necessary information needed by an S7700 to forward packets. An FIB entry usually contains the destination address, prefix length, transport port, next-hop address, route flag, time stamp. An S7700 forwards packets according to FIB entries. The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB container (used on the forwarding plane). The control plane (FibAgent) is responsible for interacting with the RM module and downloading the FIB to the forwarding engine. For a distributed system, the FIB needs to be downloaded to the I/O board. A FIB contains the following information: l l l l l l Destination address: indicates the network or host a packet is destined for. Prefix length: indicates the length of the destination address prefix. From the prefix length, you can infer that the destination address is a network address or a host address. Nexthop: indicates the address of the next hop through which the packet reaches the destination. Flag(s): identifies route characteristics. Interface: indicates the outgoing interface of the packet. Timestamp: time when an FIB entry is generated.
Issue 01 (2011-07-15)
153
9.3 Configuring an IPv6 Address for an Interface

Assigning an IPv6 address to a device on a network enables the device to communicate with the other devices on the network.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for assigning an IPv6 address to an interface.
When a device communicates with an IPv6 device, you need to configure IPv6 address for the interface. An EUI-64 address has the same function as an global unicast address. The difference is that only the network bits need to be specified for the EUI-64 address and the host bits are transformed from the MAC addresses of the interface while a complete 128-bit address need to be specified for the global unicast address. Note that the prefix length of the network bits in an EUI-64 address must not be longer than 64 bits. The EUI-64 address and the global unicast address can be configured simultaneously or alternatively. However, the IP addresses configured for one interface cannot be in the same network segment.
Before configuring IPv6 addresses, complete the following tasks: l l Configuring the physical features of the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up
Data Preparation
To configure IPv6 addresses for an interface, you need the following data. No. 1 2 3 Data Number of the interface Link-local address configured manually Global unicast address and prefix length
Issue 01 (2011-07-15)
154
9.3.2 Enabling IPv6 Packet Forwarding Capability

You can perform other IPv6 configurations on an interface only when IPv6 is enabled in the interface view. To enable IPv6 packet forwarding on an interface, you must configure IPv6 in the system view.
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the system view and the interface view. This is because: l If you run the ipv6 command only in the system view, only the IPv6 packet forwarding capability is enabled on a device. The IPv6 function, however, is not enabled on the interface and hence you cannot perform any IPv6 configurations. If you run the ipv6 enable command only in the interface view, the IPv6 capability is enabled only on an interface but the IPv6 protocol status on the interface is Down. Therefore, the device cannot forward IPv6 data.
Procedure
Step 1 Run:
system-view

ipv6
The IPv6 packet forwarding capability is enabled. By default, the IPv6 packet forwarding capability is disabled. To enable a device to forward IPv6 packets, you must run this command in the system view; otherwise, the IPv6 protocol status of the interface is Down and the device cannot forward IPv6 packets although you enable IPv6 on the interface. Step 3 Run:
The view of the VLANIF interface to be enabled with the IPv6 capability is displayed. Step 4 Run:
ipv6 enable
The IPv6 capability is enabled on the interface. Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability in the interface view. By default, the IPv6 capability is disabled on the interface. ----End
9.3.3 Configuring an IPv6 Link-Local Address for an Interface

The local address of a link is used in the neighbor discovery protocol, and in the communications between nodes on the local end of the link in stateless address auto-configuration. The local
address of a link is valid only for the link. A packet with a link-local address as the source or destination address is forwarded only along the local link.
Procedure
Step 1 Run:
system-view

The interface view is displayed. Step 3 Perform the following as required. Run:
ipv6 address auto link-local
Auto generation of the IPv6 link-local address is enabled. Or Run:

ipv6 address ipv6-address link-local
The IPv6 link-local address is manually configured. Besides configuring a link-local address through the preceding two commands, you can also configure a global unicast IPv6 address for auto generating a link-local address. For details, see Configuring an IPv6 Global Unicast Address for an Interface. ----End
9.3.4 Configuring an IPv6 Global Unicast Address for an Interface

A global unicast IP address is equal to an Internet IPv4 address and can be used for links whose route prefixes can be aggregated. In this manner, routing entries can be reduced.
Procedure
Step 1 Run:
system-view


ipv6 enable
You can enable the IPv6 capability. Step 4 Run:

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } or ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64
The global unicast address is configured on the interface. ----End

Prerequisite
All configurations of the IPv6 address are complete.
Procedure
l l Run the display ipv6 interface [ interface-type interface-number | brief ] command to check IPv6 information about the interface. Run the display ipv6 statistics command to view statistics on IPv6 packets.
----End
9.4 Configuring IPv6 Neighbor Discovery

IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship between neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the Address Resolution Protocol (ARP), ICMP Device Discovery messages, and ICMP Redirect messages, and introduces neighbor reachability detection.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for IPv6 neighbor discovery.
Most of the ND configurations are implemented based on the interfaces.
Before configuring IPv6 neighbor discovery, complete the following tasks: l l l Configuring the physical features for the interface and ensuring that the status of the physical layer of the interface is Up Configuring link layer parameters for the interface Configuring the IPv6 address for the interface
Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
No. 1 2 3 4 5 6 7 8 9
Data Number of interface which needs to be configured with IPv6 ND IPv6 address and MAC address of the static neighbor Intervals, prefix, and life duration of RA messages Flag bit of automatic configuration Hop limit of ND Sending times of DAD Intervals for re-transmitting NS messages NUD reachable time Interface MTU
9.4.2 Configuring Static Neighbors

By configuring a static neighbor, you can obtain the mapping of the IPv6 address and MAC address of the neighbor.
Procedure
Step 1 Run:
system-view


ipv6 enable
You can enable the IPv6 capability. Step 4 Run one of the following commands as required: l To configure a static neighbor entry on a common Layer 3 interface, run the ipv6 neighbor ipv6-address mac-address command. l To configure a static neighbor entry on a VLANIF interface, run the ipv6 neighbor ipv6address mac-address vid vlan-id interface-type interface-number command. Static neighbors can be configured for VLANIF interfaces. You can configure up to 300 neighbors on each interface. ----End
Issue 01 (2011-07-15)
158
9.4.3 Enabling RA Message Advertising

After being enabled with switch advertisement, the device can send router advertisement messages, providing prefixes for hosts.
Procedure
Step 1 Run:
system-view


ipv6 enable

undo ipv6 nd ra halt
The function of advertising RA messages is enabled. ----End
9.4.4 Setting the Interval for Advertising RA Messages

The device periodically sends router advertisement messages containing information such as prefixes and flag bits.
Procedure
Step 1 Run:
system-view


ipv6 enable

ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }
The interval for advertising RA messages is configured. By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds. The maximum interval can not be shorter than the minimum interval.
When the maximum interval is less than 9 seconds, the minimum interval is set to the same value as the maximum interval. ----End
9.4.5 Enabling Stateful Auto Configuration

After being enabled with stateful auto-configuration, the host can obtain an IPv6 address through stateful auto-configuration, for example, the DHCP server.
Procedure
Step 1 Run:
system-view


ipv6 enable

ipv6 nd autoconfig managed-address-flag
The flag bit for stateful auto configuration addresses is set. If this flag is set, hosts use the stateful protocol for address auto-configuration in addition to any addresses auto-configured using stateless address auto-configuration. Step 5 Run:
ipv6 nd autoconfig other-flag
The flag bit for other stateful configurations is set. When this flag is set, hosts use the stateful protocol for auto-configuration of other (non-address) information. ----End
9.4.6 Configuring the Address Prefixes to Be Advertised

Nodes of the local links can perform address auto-configuration by using prefixes of these addresses.
Procedure
Step 1 Run:
system-view



ipv6 enable

ipv6 nd ra prefix { ipv6-address ipv6-prefix-length | ipv6-prefix/ipv6-prefixlength } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ]
The prefix of RA messages is configured. ----End
9.4.7 Configuring Other Information to Be Advertised

A router advertisement message carries information such as the maximum number of hops, prefix option, neighbor hold time, and keepalive time.
Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can configure the number of DAD messages which are sent continuously. Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS re-transmitting time interval is 1000ms. Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. By default, NUD value is 30000ms. The MTU of the interface determines whether to fragment IP packets on the interface. Default MTUs vary with interface types. The MTU on an GigabitEthernet interface defaults to be 1500 bytes.
Procedure
Step 1 Run:
system-view

ipv6 nd hop-limit limit
ND hop limit is configured. The value of limit ranges from 1 to 255. By default, it is 64. Step 3 Run:

ipv6 enable
Issue 01 (2011-07-15)
161

ipv6 nd ra router-lifetime ra-lifetime
The life duration of RA messages is configured.

NOTE
l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval must be less than or equal to the life duration. l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds. l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration is still 1800 seconds.
Step 6 Run:
ipv6 nd dad attempts value
Times to send DAD messages are configured. Step 7 Run:

ipv6 nd ns retrans-timer interval
The interval for re-sending NS messages is set. Step 8 Run:

ipv6 nd nud reachable-time value
The NUD reachable time is set. Step 9 Run:

ipv6 mtu mtu
MTU of the interface is configured. ----End
Follow-up Procedure
If the IPv6 MTU value is changed, run the shutdown command and the undo shudown command orderly in the interface view to validate the configuration.

You can view the configuration of IPv6 neighbor discovery.
Prerequisite
The configurations of the IPv6 neighbor discovery function are complete.
Procedure
l l Run the display ipv6 neighbors [ ipv6-address | [ vid vlan-id ] interface-type interfacenumber ] command to check the neighbor information in the cache. Run the display ipv6 interface [ interface-type interface-number | brief ] command to check the IPv6 information of an interface.
----End
Example
Run the display ipv6 neighbors command. If the cache of the neighbor information contains neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.
<Quidway> display ipv6 neighbors VLANIF10 -------------------------------------------------------IPv6 Address : 3003::2 Link-layer : 00e0-fc89-fe6e State : STALE Interface : VLANIF10 Age : 7 VPN name : vpn1 VLAN : Is Router :TRUE IPv6 Address : FE80::2E0:FCFF:FE89:FE6E Link-layer : 00e0-fc89-fe6e State : STALE Interface : VLANIF10 Age : 7 VPN name : vpn1 VLAN : Is Router :TRUE--------------------------------------------------------Total: 2 Dynamic: 2 Static: 0
Run the display ipv6 interface brief command. If information about the IPv6 address on the interface and interface status are displayed, it means that the configuration succeeds.
<Quidway> display ipv6 interface brief *down: administratively down (l): loopback (s): spoofing Interface Physical VLANIF20 up up [IPv6 Address] 2030::101:101 VLANIF30 up up [IPv6 Address] 2001::1 LoopBack0 up [IPv6 Address] Unassigned
Protocol
up(s)
9.5 Maintaining IPv6

This section describes how to maintain IPv6. Detailed operations include deleting information about IPv6 operation and monitoring IPv6 operation.
9.5.1 Clearing IPv6 Statistics

Context
CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you run the command.
Procedure
l l To clear statistics about processing IPv6 packets, run the reset ipv6 statistics command in the user view. To clear the IPv6 neighbor cache entry, run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interface-number] | interface-type interface-number } command in the user view.
Issue 01 (2011-07-15)
l l
To clear statistics about TCP6, run the reset tcp ipv6 statistics command in the user view. To clear statistics about UDP6, run the reset udp ipv6 statistics command in the user view.
----End
9.5.2 Monitoring the Running Status of IPv6

Context
In routine maintenance, you can run the following commands in any view to display the running of IPv6.
Procedure
l l l l l l l l Run the display ipv6 interface [ interface-type interface-number | brief ] command in any view to view information about IPv6 on an interface. Run the display ipv6 statistics command in any view to view statistics on IPv6 packets. Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ] command in any view to view the cache content of neighbors. Run the display tcp ipv6 statistics command in any view to view statistics on TCP6 packets. Run the display tcp ipv6 status command in any view to view the status of a TCP6 connection. Run the display udp ipv6 statistics command in any view to view statistics on UDP6 packets. Run the display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] command in any view to view information about the specified socket. Run the display ipv6 fib [ existing-slot-id ] command in any view to view information about FIB.
----End
9.5.3 Debugging IPv6

This section describes IPv6 debugging through the debugging command.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, execute the undo debugging all command to disable it immediately. Run the following debugging commands in the user view to debug IPv6 and locate the fault. For the procedures of displaying the debugging information, refer to the chapter "Information Center Configuration" in the S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the S7700 Smart Routing Switch Debugging Reference.
Procedure
l l l l l l Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6. Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and ND messages. Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to debug IPv6 packet. Run the debugging ipv6 pathmtu command in the user view to debug PMTU. Run the debugging tcp ipv6 { event | packet } [ task-id task id | socket-id socket id ] command in the user view to debug TCP6. Run the debugging udp ipv6 packet [ task-id task id | socket-id socket id ] command in the user view to debug UDP6.
----End

This section provides a configuration example of IPv6 addresses.
9.6.1 Example for Setting an IPv6 Address for an Interface

This section provides a configuration example of IPv6 address for an interface.
As shown in Figure 9-1, two Switches are connected through GE 1/0/1. The GE 1/0/1 interfaces of Switch A and Switch B correspond to their VLANIF 100 interfaces. You need to set IPv6 global unicast addresses for the VLANIF 100 interfaces and check the Layer 3 interconnection between them. The IPv6 global unicast addresses for the interfaces are 3001::1/64 and 3001::2/64. Figure 9-1 Networking diagram for setting IPv6 addresses SwitchA SwitchB
GE 1/0/1 VLANIF 100 3001::1/64
GE 1/0/1 VLANIF 100 3001::2/64
The configuration roadmap is as follows: 1. 2.
Issue 01 (2011-07-15)
Enable the IPv6 forwarding capability on the Switch. Set IPv6 global unicast addresses for the interfaces.
Data Preparation
To complete the configuration, you need the following data. l Global unicast address of an interface
Procedure
Step 1 Enable the IPv6 forwarding capability on the Switch. # Configure Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] ipv6
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] ipv6
Step 2 Configure the IPv6 global unicast address for the interfaces. # Configure Switch A.
[SwitchA] vlan 100 [SwitchA-Vlan100] quit [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ipv6 enable [SwitchA-Vlanif100] ipv6 address 3001::1/64 [SwitchA-Vlanif100] quit
[SwitchB] vlan 100 [SwitchB-Vlan100] quit [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ipv6 enable [SwitchB-Vlanif100] ipv6 address 3001::2/64 [SwitchB-Vlanif100] quit
Step 3 Verify the configuration. If the configuration succeeds, you can view the configured global unicast addresses. The status of the interface and the IPv6 protocol are Up. # Display information about the interface on Switch A.
[SwitchA] display ipv6 interface vlanif 100 Vlanif100 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::218:20FF:FE00:83 [TENTATIVE] Global unicast address(es): 3001::1, subnet is 3001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF00:1 FF02::1:FF00:83 FF02::2
Issue 01 (2011-07-15)
166

FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses
# Display information about the interface on Switch B.

[SwitchB] display ipv6 interface vlanif 100 Vlanif100 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE33:11 [TENTATIVE] Global unicast address(es): 3001::2, subnet is 3001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF00:2 FF02::1:FF33:11 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses
# On Switch A, ping the link-local address of Switch B. Note that you need to use the parameter -i to specify the interface of the link-local address.
[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100 PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=1 hop limit=64 time = 7 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=3 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=4 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=5 hop limit=64 time = 3 ms --- FE80::2E0:FCFF:FE33:11 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/7 ms
# On Switch A, ping the IPv6 global unicast address of Switch B.

[SwitchA] ping ipv6 3001::2 PING 3001::2 : 56 data bytes, press CTRL_C to break Reply from 3001::2 bytes=56 Sequence=1 hop limit=64 time = 12 ms Reply from 3001::2 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from 3001::2 bytes=56 Sequence=3 hop limit=64 time = 3 ms Reply from 3001::2 bytes=56 Sequence=4 hop limit=64 time = 3 ms Reply from 3001::2 bytes=56 Sequence=5 hop limit=64 time = 3 ms --- 3001::2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/4/12 ms
----End
Configuration Files
# sysname SwitchA # ipv6 # vlan 100 # interface Vlanif100 ipv6 enable ipv6 address 3001::1/64 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # return

# sysname SwitchB # ipv6 # vlan 100 # interface Vlanif100 ipv6 enable ipv6 address 3001::2/64 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # return
Issue 01 (2011-07-15)
168
10 IPv6 DNS Configuration
10
About This Chapter
IPv6 DNS Configuration
By configuring the IPv6 Domain Name System (DNS), you can enable network devices to communicate with other through their domain names. 10.1 Introduction to IPv6 DNS After each host on the Internet is assigned a domain name, you can set up mapping between the domain name and IP address of a host. In this manner, you can use domain names, which are easy to memorize and are of significance, instead of complicated IP addresses. 10.2 IPv6 DNS Supported by the S7700 IPv6 domain name resolution can be performed in either dynamic mode or static mode. 10.3 Configuring IPv6 DNS By configuring the IPv6 DNS, you can set up a mapping between a domain name and an IPv6 address. In this manner, you can enable the device to communicate with other devices. 10.4 Maintaining IPv6 DNS This section describes how to maintain the IPv6 DNS. Detailed operations include deleting IPv6 DNS entries and monitoring IPv6 DNS operation. 10.5 Configuration Examples This section provides several configuration examples of IPv6 DNS.
Issue 01 (2011-07-15)
169
10.1 Introduction to IPv6 DNS

After each host on the Internet is assigned a domain name, you can set up mapping between the domain name and IP address of a host. In this manner, you can use domain names, which are easy to memorize and are of significance, instead of complicated IP addresses. IPv6 DNS has two resolution modes: dynamic IPv6 DNS resolution and static IPv6 DNS resolution. To resolve a domain name, the system first uses static IPv6 DNS resolution. If this mode fails, the system uses dynamic IPv6 DNS resolution. To improve resolution efficiency, you can put common domain names in a static domain name resolution table.
10.2 IPv6 DNS Supported by the S7700

IPv6 domain name resolution can be performed in either dynamic mode or static mode. IPv6 domain name system (DNS) is similar to IPv4 DNS. For configurations of IPv4 DNS, refer to "DNS Configuration."
10.3 Configuring IPv6 DNS

By configuring the IPv6 DNS, you can set up a mapping between a domain name and an IPv6 address. In this manner, you can enable the device to communicate with other devices.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring the IPv6 DNS.
DNS needs to be configured if the local users log on to a device using domain names to communicate with other devices. The IPv6 DNS entries show the mapping between domain names and IPv6 addresses. If users seldom use the domain name to access other devices, or if the DNS server is unavailable, a static DNS needs to be configured. To configure a static IPv6 DNS, the network administrator needs to know the relation between domain names and IPv6 addresses, and manually modify the IPv6 DNS entry when the relation changes. If the users need to use the domain name to access many devices, and the DNS server is available, a dynamic DNS can be configured. The dynamic DNS needs to be supported by a DNS server.
Before configuring IPv6 DNS, configure the route between a local device and a DNS server.
Data Preparation
To configure IPv6 DNS, you need the following data.
No. 1 2 3
Data Domain name of the static IPv6 DNS entry and the corresponding IPv6 address IPv6 address of the IPv6 DNS server Domain name of the dynamic IPv6 DNS or the domain name list
10.3.2 Configuring a Static IPv6 DNS Entry

You can create a table of mappings between domain names and IPv6 addresses and add common domain names to this table. When a client needs to use the IPv6 address corresponding to a domain name, the client can search the table for the required IPv6 address. This improves the efficiency of domain name resolution.
Procedure
Step 1 Run:
system-view

ipv6

ipv6 host host-name ipv6-address
The host name and the corresponding IPv6 address are configured. If the same host is configured with IPv6 addresses for several times (the maximum times is 8 IPv6 addresses), the IPv6 address configured earliest is used when needing to find the host with the IPv6 address, such as ping this host. ----End
10.3.3 Configuring the Dynamic IPv6 DNS Services

To perform dynamic domain name resolution, you need a special domain name resolution server, which runs a server program. This server provides mappings between domain names and IPv6 addresses and receives resolution requests from the client.
Context
If the IPv6 DNS server is configured with a link-local address, the interface name should also be configured with the IPv6 address. Figure 10-1 DNS server connecting IPv4 and IPv6 networks
DNS IPv4 client
DNS server
DNS IPv6 client IPv6 link

171
IPv4 link
Issue 01 (2011-07-15)
CAUTION
If multiple DNS servers are configured, the servers are queried in the order of configuration till proper response is received. If both IPv4 and IPv6 servers are configured, the A query is first sent to the IPv4 server, while AAAA query packets are first sent to the IPv6 server. The DNS domains are configured on a device and the domain names can be searched. If the DNS fails in searching for a host name, it appends a domain name to the host name following a "." and continues the DNS search. You can configure some commonly used domain names like "com", and "net". For example, if the search for the host name "huawei" fails, the system then searches for "huawei.com" or "huawei.net". Do as follows on the switch:
Procedure
Step 1 Run:
system-view

dns resolve
The dynamic domain name resolution is enabled. Step 3 Run:

dns server ipv6 ipv6-address [ interface-type interface-number ]
The IPv6 DNS server is configured. Step 4 Run:

dns server ipv6 source-ip ipv6-address
The IPv6 address of the local device is specified. After the source IPv6 address is specified for the local device, the local device uses the specified source IPv6 address to communicate with the IPv6 DNS server to ensure the security of check. Step 5 Run:
dns domain domain-name
The suffix of domain names is added. ----End

You can view the configuration of the IPv6 DNS.
Prerequisite
The configurations of the IPv6 DNS function are complete.
Procedure
l l l l Run the display ipv6 host command to check the static IPv6 DNS table. Run the display dns server command to check the configuration of the DNS server. Run the display dns domain command to check the configuration of the suffix list of the domain name. Run the display dns ipv6 dynamic-host command to check the cache of the dynamic domain name.
----End
Example
Run the display ipv6 host command. If the static IPv6 DNS entries, including the host name and the IPv6 address, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ipv6 host Host Age RTB 0 RTA 0 Flags static static IPv6Address (es) 20::1 20::2
Run the display dns server command. If the IPv6 addresses of all DNS servers are displayed, it means that the configuration succeeds. For example:
<Quidway> display dns server IPv4 Dns Servers : Domain-server IpAddress 1 169.254.65.125 IPv6 Dns Servers: Domain-server Ipv6Address 1 3001::2 2 FE80::2
(Interface Name) GigabitEthernet6/0/0
Run the display dns domain command. If the suffixes of the domain names are displayed, it means that the configuration succeeds. For example:
<Quidway> display dns domain No Domain-name 1 com 2 net
Run the display dns ipv6 dynamic-host command. If information about the cache of the dynamic domain name is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns ipv6 dynamic-host No Domain-name Ipv6address TTL 1 huawei6 3001::2 6
10.4 Maintaining IPv6 DNS

This section describes how to maintain the IPv6 DNS. Detailed operations include deleting IPv6 DNS entries and monitoring IPv6 DNS operation.
10.4.1 Clearing IPv6 DNS Entries

This section describes IPv6 DNS entry clearance through the reset command.
Context
CAUTION
IPv6 DNS entries cannot be restored after being cleared. So, confirm the action before you use this command.
Procedure
Step 1 Run the reset dns ipv6 dynamic-host command in the user view to clear dynamic IPv6 DNS entries statistics in the domain name cache. ----End
10.4.2 Monitoring Network Operation Status of IPv6 DNS

This section describes IPv6 DNS operation monitoring through the display command.
Context
In routine maintenance, you can run the following commands in any view to check the operation of IPv6 DNS.
Procedure
l Run:
display dns domain
Domain names are checked. l Run:

display dns server
Configurations of the DNS server are checked. l Run:

display dns ipv6 dynamic-host
Contents about the cache of the IPv6 dynamic domain names are checked. l Run:
display ipv6 host
The static DNS table is checked. ----End

This section provides several configuration examples of IPv6 DNS.
10.5.1 Example for Configuring IPv6 DNS

This section provides a configuration example of IPv6 DNS.
As shown in Figure 10-2, Switch A, functioning as the IPv6 DNS client and working jointly whose IPv6 DNS server, can access the host with the IP address as 2002::1/64 based on the domain name huawei.com. On Switch A, the static IPv6 DNS entries of Switch B and Switch C are configured. This ensures that Switch A can manage both the routers based on the domain names Switch B and Switch C. Figure 10-2 Networking diagram of IPv6 DNS configurations
Loopback0 4.1.1.1/32 GE1/0/1 VLANIF100 SwitchB 2001::1/64
Loopback0 4.1.1.2/32
SwitchC
GE1/0/2 VLANIF100 2002::2/64
GE1/0/1 VLANIF101 2003::1/64 GE1/0/2 VLANIF100 DNS server 2002::3/64 2003::2/64
DNS client SwitchA
GE1/0/1 VLANIF101 2001::2/64
huawei.com
2002::1/64
The configuration roadmap is as follows: 1. 2. 3. 4. Configure static IPv6 DNS entries. Enable the DNS resolution function. Configure IPv6 address of the IPv6 DNS server. Set the domain name suffix.
Data Preparation
To complete the configuration, you need the following data: l l l Domain names of Switch B and Switch C IPv6 address of the IPv6 DNS server Domain name suffix
Procedure
Step 1 Configure Switch A. # Configure static IPv6 DNS entries.
<SwitchA> system-view
Issue 01 (2011-07-15)
175

[SwitchA] ipv6 host RouterB 2001::2 [SwitchA] ipv6 host RouterC 2002::3
# Enable the DNS resolution function.

[SwitchA] dns resolve
# Configure the IPv6 address of the IPv6 DNS server.

[SwitchA] dns server ipv6 2003::2
# Set the domain name suffix to ".net".

[SwitchA] dns domain net
# Set the domain name suffix to ".com".

[SwitchA] dns domain com [SwitchA] quit
NOTE
To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server. For details of how to configure the route, see Configuration example of IP static route in the Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
Step 2 Verify the configuration. # Run the ping ipv6 huawei.com command on Switch A. You can find that the Ping operation succeeds, and the destination IP address is 2002::1.
<SwitchA> ping ipv6 huawei.com Resolved Host ( huawei.com -> 2002::1) PING huawei.com : 56 data bytes, press CTRL_C to Reply from 2002::1: bytes=56 Sequence=1 ttl=126 Reply from 2002::1: bytes=56 Sequence=2 ttl=126 Reply from 2002::1: bytes=56 Sequence=3 ttl=126 Reply from 2002::1: bytes=56 Sequence=4 ttl=126 Reply from 2002::1: bytes=56 Sequence=5 ttl=126 --- huawei.com ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/6 ms
break time=6 time=4 time=4 time=4 time=4
ms ms ms ms ms
# Run the display ipv6 host command on SwitchA. You can view the mapping relationships between the host names in static IPv6 DNS entries and the IPv6 addresses.
<SwitchA> display ipv6 host Host Age SwitchB 0 SwitchC 0 Flags static static IPv6Address (es) 2001::2 2002::3
Run the display dns ipv6 dynamic-host command on SwitchA. You can view information about dynamic IPv6 DNS entries in the dynamic cache.
<SwitchA> display dns ipv6 dynamic-host No Domain-name Ipv6address 1 huawei.com 2002::1
NOTE
TTL 3579
TTL in the command output indicates the life time of the entry, in seconds.
----End
Configuration Files
l l Configuration file of Switch A
# sysname SwitchA # vlan batch 100 # ipv6 # ipv6 host SwitchB 2001::2 ipv6 host SwitchC 2002::3 # dns resolve dns server ipv6 2003::2 dns domain net dns domain com # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface vlanif100 ipv6 enable ipv6 address 2001::1/64 # return

# sysname SwitchB # vlan batch 100 101 # ipv6 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 101 port hybrid untagged vlan 101 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface vlanif100 ipv6 enable ipv6 address 2002::2/64 # interface vlanif101 ipv6 enable ipv6 address 2001::2/64 # return

# sysname SwitchC # vlan batch 100 101 # ipv6 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 101 port hybrid untagged vlan 101 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 100 port hybrid untagged vlan 100
Issue 01 (2011-07-15)
177

# interface vlanif100 ipv6 enable ipv6 address 2002::3/64 # interface vlanif101 ipv6 enable ipv6 address 2003::1/64 # return
Issue 01 (2011-07-15)
178
11 IPv6 over IPv4 Tunnel Configuration
11
IPv6 over IPv4 Tunnel Configuration
About This Chapter

The IPv6 over IPv4 tunnel technology is developed to address the problem in the transition from IPv4 networks to IPv6 networks. 11.1 Introduction to IPv6 over IPv4 An IPv6 packet is transparently transmitted after being encapsulated into an IPv4 packet. 11.2 IPv6 over IPv4 Supported by the S7700 You can configure manual IPv6 over IPv4 tunnels or 6to4 tunnels to interconnect IPv6 networks. 11.3 Configuring IPv4/IPv6 Dual Stacks To establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network. 11.4 Configuring an IPv6 over IPv4 Tunnel You can interconnect IPv6 networks by using IPv4 networks. 11.5 Configuring 6PE By performing this configuration task, you can interconnect IPv6 networks through the existing MPLS network. 11.6 Maintaining IPv6 over IPv4 Tunnels This section describes how to maintain an IPv6 over IPv4 tunnel, including how to monitor an IPv6 over IPv4 tunnel. 11.7 Configuration Examples This section provides configuration examples of IPv6 over IPv4 tunnel.
Issue 01 (2011-07-15)
179
11.1 Introduction to IPv6 over IPv4

An IPv6 packet is transparently transmitted after being encapsulated into an IPv4 packet. During the transition from the IPv4 Internet to the IPv6 Internet, IPv4 networks have been widely deployed while IPv6 domains are isolated and dispersed around the world. It is not economical to connect these isolated sites with private lines. The usual method is tunnel technology. This technology creates tunnels over IPv4 networks to connect isolated IPv6 domains. This is similar to the situation where the tunnel technology is used to deploy VPNs on the IP networks. The tunnel used to connect isolated IPv6 domains over IPv4 networks is called IPv6 over IPv4 tunnel. To implement this tunnel, enable IPv4/IPv6 dual stacks on the devices at the border of the IPv4 network and the IPv6 network.
11.2 IPv6 over IPv4 Supported by the S7700

You can configure manual IPv6 over IPv4 tunnels or 6to4 tunnels to interconnect IPv6 networks.
Dual Stacks
The simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve a complete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure 11-1 shows a single stack structure and a dual stack structure. Figure 11-1 Single stack and dual stack structures (Ethernet)
IPv4 Application TCP UDP
IPv4/IPv6 Application TCP UDP
IPv4 Protocol ID: 0x0800 Ethernet IPv4 Stack
IPv6 Protocol ID: Protocol ID: 0x86DD 0x0800 Ethernet Dual Stack
The characteristics of the dual-stack structure are as follows: l Supported by multiple link layer protocols Multiple link layer protocols, such as Ethernet, support dual stacks. The link layer in the above diagram is the Ethernet. For an Ethernet frame with the protocol ID field value of 0x0800 indicates that the network layer has IPv4 packets. The ID field value of 0x86DD indicates that the network has IPv6 packets.
Supported by multiple applications Multiple applications such as DNS, FTP and Telnet support dual stacks. The upper application, such as DNS, can select TCP or UDP as its transport layer protocol. However, it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.
IPv6 over IPv4 Tunnel

Figure 11-2 shows principles of the IPv6 over IPv4 tunnel technology. 1. 2. Enabling IPv4/IPv6 dual stacks Enable IPv4/IPv6 dual stacks on the border device. Encapsulating IPv6 packets After receiving a packet from the IPv6 network, the border device takes the received IPv6 packet as the payload, adds an IPv4 packet header before the payload and encapsulates it into an IPv4 packet if it finds that the destination of the packet is not for itself. 3. 4. Transmitting the encapsulated packet In the IPv4 network, the encapsulated packet is transmitted to the peer border device. Decapsulating the packet The peer border device decapsulates the packet, removes the IPv4 packet header, and forwards the resulting IPv6 packet to the remote IPv6 network. Figure 11-2 Schematic diagram of IPv6 over IPv4 tunnel
Dual Stack Router IPv6 IPv6 host

IPv6 Header IPv6 Data IPv4 Header
IPv4
Tunnel
Dual Stack Router IPv6 IPv6 host

IPv6 Header IPv6 Data
IPv6 Header
IPv6 Data
The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 over IPv4 tunnel. Tunnels can be classified according to their setup modes. The common IPv6 over IPv4 tunnel modes include: l l l l IPv6 over IPv4 manual tunnels 6to4 tunnels Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnels 6PE
IPv6 over IPv4 Manual Tunnel

An IPv6 over IPv4 manual tunnel is set up by configuring the border devices of two tunnel ends. The source IPv4 address and destination IPv4 address of such a tunnel must be configured statically.
A manual tunnel is equivalent to a permanent link between two IPv6 networks over an IPv4 backbone network. It is the fixed channel for regular and secure communication between the two border devices. The manual tunnel can be used between isolated IPv6 networks. It can also be used between a border device and a host. In this case, the host and the device on both ends of the tunnel must support the IPv4 and the IPv6 protocol stacks.
6to4 Tunnel
A 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over an IPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6 network and the IPv4 network. The border device on both the ends of the 6to4 tunnel must support the IPv4 and the IPv6 dual protocol stacks at the same time. The key difference between the 6to4 tunnel and the manual tunnel is that the former can be a point-to-multipoint connection, and the latter is only a point-to-point connection. Hence, the devices of the 6to4 tunnel are not configured in pairs. The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. You need not specify the IPv4-compatible IPv6 address for it. The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the following format: 2002:IPv4 address: subnet ID:interface ID The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4 address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address must be configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4 network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both the subnet ID and the interface ID are allocated in the isolated IPv6 domains. As shown in Figure 11-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4 network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address of the host or device in Site1 is the IPv4 address of the interface through which Switch A accesses the IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or device in Site2 is the IPv4 address of the interface through which Switch B accesses the IPv4 network. Switch A and Switch B are both 6to4 devices. Figure 11-3 6to4 tunnel and 6to4 relay
6to4 Router 6to4 Router IPv4 Network
6to4 Network Site2
6to4 Network Site1
SwitchB SwitchC
IPv6 Internet Site3
SwitchA
6to4 Relay
Issue 01 (2011-07-15)
182
When the host in Site1 accesses the host in Site2, the process concerned is as follows: 1. 2. 3. The IPv6 packet is transmitted to Switch A. Switch A checks the destination address of the IPv6 packet and finds that the address is the 6to4 address, from which Switch A obtains the remote IPv4 address of the 6to4 tunnel. Switch A encapsulates this IPv6 packet into the IPv4 packet. The destination address of IPv4 packet header is the remote IPv4 address of the tunnel, and its source address is the local IPv4 address of the tunnel. Switch A forwards the IPv4 packet in the IPv4 network to Switch B. Switch B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6 packet to the destination host in Site2.
4. 5.
The above process implements the communication between the 6to4 networks. To implement the communication between the 6to4 network and native IPv6 network, a 6to4 relay device is needed. The so-called native IPv6 network means that both its internal host and device are not configured with the 6to4 address. The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network. One side of the 6to4 relay device is connected to the native IPv6 network; the other side is connected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device. As shown in Figure 11-3, when the host in the 6to4 network accesses the IPv6 Internet, the process concerned is as follows: 1. 2. 3. 4. The IPv6 packet is routed to Switch A. A 6to4 tunnel is created between Switch A and Switch C. The IPv6 packet is encapsulated into the IPv4 packet and is sent to Switch C. Switch C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends the IPv6 packet to the destination host in the IPv6 Internet.
ISATAP Tunnel
The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6 network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device. The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows: Prefix (64bit)::5EFE:IPv4-Address When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in a same IPv4 network), the IPv4 address embedded into the ISATAP address can be either a public network address or a private network address. As shown in Figure 11-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as follows: 1. The IPv4/IPv6 host sends a request message to a device. The IPv4/IPv6 host uses the link-local address in the ISATAP format to send a router request message to the ISATAP device. It encapsulates the message into the IPv4 packet. 2.
Issue 01 (2011-07-15)
The ISATAP device responds to the request message.

The ISATAP device uses a router notification message to respond to the request. The router notification message contains the ISATAP prefix, which is manually configured on the device. 3. The IPv4/IPv6 host obtains its IPv6 address. The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with 5EFE:IPv4-Address, and uses this address to access the IPv6 host. Figure 11-4 ISATAP tunnel
IPv6 Network ISATAP Switch
IPv4 Network ISATAP Tunnel IPv4/IPv6 Host 2.1.1.1 FE80::5EFE:0201:0101 3FFE::5EFE:0201:0101
IPv6 Host
The principle of an IPv4 or IPv6 host accessing an IPv6 network is as follows: 1. 2. 3. The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps given above. The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host in the IPv6 network. An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6 host.
6PE
On an IPv4 backbone network where the MPLS is deployed, the ISP can use the IPv6 Provider Edge (6PE) technology to provide the interconnection capacity for the IPv6 networks of dispersed users. 6PE is the PE with the IPv6 capacity. Figure 11-5 shows the principle of interconnecting isolated IPv6 domains through 6PE. 1. When the 6PE device receives an IPv6 packet from the CE, it directly labels the packet to translate the packet into an MPLS packet that can be transmitted over the IPv4 backbone network. The MPLS packet is forwarded to the remote 6PE through the LSP. The remote 6PE removes the label and finds the IPv6 routing table according to the destination address in the resulting IPv6 packet header. The remote 6PE then sends the packet to the destination host in the remote IPv6 network through the remote CE.
2. 3. 4.
Issue 01 (2011-07-15)
184
Figure 11-5 Networking diagram of 6PE
6PE Router
IPv4/MPLS IBGP
6PE Router
CE PE
Customer site
CE IPv6
IPv6
Customer site
Note the following points when you connect isolated IPv6 sites through a 6PE tunnel: l l l l Enable IPv4, MPLS and IPv6 on 6PE. MP-BGP also needs to be enabled between 6PEs to receive or send IPv6 routes from/to the remote 6PE. The IGP over ISP's IPv4 backbone network can be OSPF or IS-IS. Static routing protocol, IGP or EBGP can work between CE and 6PE.
When ISPs tend to extend their IPv4 or MPLS networks with IPv6 traffic exchange capability on MPLS, they only need to update their PE devices.
11.3 Configuring IPv4/IPv6 Dual Stacks

To establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for the IPv4/IPv6 dual protocol stack.
If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to be enabled on the device. Enabling the IPv4/IPv6 dual protocol stacks on the S7700 is a simple process. Enable the IPv6 packet forwarding capacity in the system view and configure an IPv4 address or IPv6 address on the corresponding interface. The device can then forward IPv4 and IPv6 packets on the corresponding interface.
Before configuring IPv6 tunnels, complete the following tasks:
l l
Configuring the physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer parameters for the interface
Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data. No. 1 2 3 4 Data Type and number of the interface connected with the IPv4 network IPv4 address and mask of the interface connected with the IPv4 network Type and number of the interface connected with the IPv6 network IPv6 address and prefix of the interface connected with the IPv6 network
11.3.2 Enabling IPv6 Packet Forwarding

To enable IPv6 packet forwarding, you need to enable IPv6 in both the interface view and the system view.
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the system view and the interface view. This is because: l If you run the ipv6 command only in the system view, only the IPv6 packet forwarding capability is enabled on a device. The interface on the device is not of the IPv6 capability and hence you cannot perform any IPv6 configurations. If you run the ipv6 enable command only in the interface view, the IPv6 capability is enabled only on an interface but the IPv6 protocol status on the interface is Down and the device cannot forward IPv6 data.
Procedure
Step 1 Run:
system-view

ipv6
The IPv6 packet forwarding capability is enabled. To enable a device to forward IPv6 packets, you must run this command in the system view; otherwise, the IPv6 protocol status on the interface is Down and the device cannot forward IPv6 packets although the interface is configured with an IPv6 address. By default, the IPv6 packet forwarding capability is disabled.
Step 3 Run:
The view of the interface to be enabled with the IPv6 capability is displayed. Step 4 Run:
ipv6 enable
The IPv6 capability is enabled on the interface. Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability in the interface view. By default, the IPv6 capability is disabled on the interface. ----End
11.3.3 Configuring IPv4 and IPv6 Addresses for the Interface

You need to configure IPv4 and IPv6 addresses separately on the IPv4 and IPv6 networks.
Procedure
Step 1 Run:
system-view

The interface view of the IPv4 network is displayed. Step 3 Run:

An IPv4 address is assigned to the interface. Step 4 Run:

quit

The interface view of the IPv6 network is displayed. Step 6 Perform the following configuration as required. l Run:
ipv6 address auto link-local
The link-local address is set to be automatically generated. l Run:

ipv6 address ipv6-address link-local
The link-local address of the interface is configured. l Run:

ipv6 address { ipv6-address | prefix-length }
Issue 01 (2011-07-15)
187
The global unicast address is configured. l Run:

ipv6 address { ipv6-address | prefix-length } eui-64
The IPv6 EUI-64 address is configured. ----End

Prerequisite
All configurations are complete.
Procedure
Step 1 Run the display ipv6 interface command to view the IPv6 information about the interface. ----End
11.4 Configuring an IPv6 over IPv4 Tunnel

You can interconnect IPv6 networks by using IPv4 networks.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring an IPv6 over IPv4 tunnel.
To enable communication between two IPv6 networks over the IPv4 network, configure an IPv6 over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.
Before configuring an IPv6 over IPv4 tunnel, complete the following tasks: l l l Configuring the physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer protocol for the interface and ensuring that the status of the link layer protocol on the interface is Up Configuring the IPv4/IPv6 dual-protocol stacks
Data Preparation
To configure an IPv6 over IPv4 tunnel, you need the following data.
11.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface

Context
Before enabling the service loopback function on an Eth-Trunk interface, note the following: l l Before enabling the service loopback function, create an Eth-Trunk, add member interfaces to the Eth-Trunk and keep it in the Up state. Only one interface enabled with the service loopback function is needed on a device.
Procedure
Step 1 Run:
system-view

interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed. Step 3 Run:

service type tunnel
The Eth-Trunk interface is enabled with the service loopback function. Step 4 Run:
The interface view is displayed. Step 5 Run:

eth-trunk trunk-id
The interface is added to the Eth-Trunk. ----End
11.4.3 Configuring an IPv6 over IPv4 Manual Tunnel

A manual IPv6 over IPv4 tunnel is a P2P tunnel. The source address and destination address of a manual IPv6 over IPv4 tunnel are both manually assigned. The source address and destination address of a manual IPv6 over IPv4 tunnel on the same device must be unique. A manual IPv6 over IPv4 tunnel acts as a permanent link that crosses an IPv4 network and connects two IPv6 networks. Border devices can communicate with each other securely and regularly through manual IPv6 over IPv4 tunnels.
Context
Note the following when configuring an IPv6 over IPv4 manual tunnel: l l l Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface. When the specified source interface of the tunnel is a physical interface, it is recommended to set the tunnel ID to be the same as the number of the physical interface. You need to conduct the following configurations on the devices on both the ends of the tunnel. During the configuration, note that the source address of the local tunnel end is the
Issue 01 (2011-07-15)
destination address set for the remote tunnel end; the destination address of the local tunnel end is the source address set for the remote tunnel end.
Procedure
Step 1 Run:
system-view

The tunnel interface is created. Step 3 Run:

tunnel-protocol ipv6-ipv4
The tunnel is specified be an IPv6 over IPv4 manual tunnel. Step 4 Run:
source { ip-address | interface-type interface-number }
The source address or source interface of the tunnel is specified. Step 5 Run:
destination dest-ip-address
The destination address of the tunnel is specified.

NOTE
The destination address of the tunnel can be the address of a physical interface or the address of a loopback interface.
Step 6 Run:
ipv6 enable
IPv6 is enabled on the interface. Step 7 Run:

The tunnel interface is configured with an IPv6 address. ----End
11.4.4 Configuring a 6to4 Tunnel

A 6to4 tunnel is a P2MP tunnel and can interconnect IPv6 networks which are isolated from each other through an IPv4 network.
Context
Note the following when configuring a 6to4 tunnel: l l Before configuring other parameters of the tunnel, create a tunnel interface. When the specified source interface of the tunnel is a physical interface, it is recommended to set the tunnel ID to be the same as the number of the physical interface.
Issue 01 (2011-07-15)
When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. The destination address of the tunnel is automatically obtained from the destination IP address field carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnel must be unique. On the border device, configure a 6to4 address on the interface that is connected with the 6to4 network, and configure an IPv4 address on the interface that is connected with the IPv4 network. To make the tunnel support the routing protocol, configure an IP address for the tunnel interface.
Procedure
Step 1 Run:
system-view

A tunnel interface is created. Step 3 Run:

tunnel-protocol ipv6-ipv4 6to4
The tunnel is specified as a 6to4 tunnel. Step 4 Run:

ipv6 enable

The interface is configured with an IPv6 address. ----End
Follow-up Procedure
The configuration of 6to4 relay needed to access the IPv6 network, is similar to the 6to4 tunnel. For the configuration example, see "Example for Configuring 6to4 Relay."
11.4.5 Configuring an ISATAP Tunnel

Intra-site Automatic Tunnel Addressing Protocol (ISATAP) tunnels are used in the situation where IPv4/IPv6 hosts in an IPv4 network need to access an IPv6 network. An ISATAP tunnel can be established between an ISATAP host and an ISATAP device.
Context
Note the following when configuring an ISATAP tunnel:
l l l
Before configuring other parameters of the tunnel, create a tunnel interface. When the specified source interface of the tunnel is a physical interface, it is recommended to set the tunnel ID to be the same as the number of the physical interface. When configuring an ISATAP tunnel, you need to specify only the source address of the tunnel. The destination address of the tunnel is automatically obtained from the destination IP address field carried in the original IPv6 packet. Note that the source interface of the ISATAP tunnel must be unique. The IPv6 address configured on the tunnel interface is an ISATAP address with a prefix length of 64 bits.
Procedure
Step 1 Run:
system-view

A tunnel interface is created. Step 3 Run:

tunnel-protocol ipv6-ipv4 isatap
The tunnel is specified as an ISATAP tunnel. Step 4 Run:

The tunnel interface is configured with an IPv6 address. Step 6 Run:

undo ipv6 nd ra halt
The device is allowed to advertise routes. ----End
11.4.6 Configuring Routes in the Tunnel

Packets can be normally forwarded only when routes exist on both the source device and destination device of the tunnel.
Context
Configuring routes in the tunnel comprises configuring static routes and dynamic routes.
NOTE
Currently, the tunnel interface of the S7700 cannot be configured with routing protocols.
When configuring a static route, you need to run the ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-number nexthop-ipv6-address | nexthop-ipv6Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 192
Issue 01 (2011-07-15)
address } command to configure a route destined for the destination address (the destination address specified before the packet encapsulation, rather than the destination address of the tunnel). In addition, you need to set the next hop address to the address of the interface on the remote end of the tunnel.

Prerequisite
All configurations of the IPv6 over IPv4 tunnel are complete.
Procedure
Step 1 Run the display ipv6 interface tunnel interface-number command to view the IPv6 attribute of the tunnel interface. ----End
11.5 Configuring 6PE

By performing this configuration task, you can interconnect IPv6 networks through the existing MPLS network.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring 6PE.
To interconnect IPv6 networks over the existing MPLS network, 6PE must be configured on the PE devices.
Before configuring 6PE, complete the following tasks: l l l l Configuring the physical features of interfaces and ensuring that the status of the physical layer of the interface is Up Configuring the link layer protocols on interface and ensuring that the status of the link layer protocol on the interface is Up Configuring routes from 6PE to CE Configuring routes to the backbone network
Data Preparation
To configure 6PE, you need the following data. No. 1
Issue 01 (2011-07-15)
Data Interface number and IPv6 address of the 6PE's interface connected with CE devices
No. 2 3 4 5
Data Interface number and IPv4 address of the 6PE's interface Interface number and IPv4 address of the loopback interface to be created LSP triggering policy IPv4 address of the peer of the 6PE
11.5.2 Configuring IPv4/IPv6 Dual Protocol Stacks

You need to enable the IPv4/IPv6 dual stack on the border device of the IPv4 and IPv6 networks.
Procedure
Step 1 Run:
system-view

ipv6
The IPv6 packet forwarding is enabled. Step 3 Run:


The interface is configured with an IPv4 address. Step 5 Run:

quit


ipv6 enable

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64
Or
Issue 01 (2011-07-15)
194
The interface is configured with an IPv6 address. Step 9 Run:

quit
Return to the system view. ----End
11.5.3 Configuring MPLS

This section describes how to configure the basic functions of MPLS including LSP setup and LDP enabling.
Procedure
Step 1 Run:
system-view

mpls lsr-id ip-address
The LSR ID is specified. Step 3 Run:

mpls
MPLS is enabled and the MPLS view is displayed. Step 4 Run:

quit

mpls ldp
MPLS LDP is enabled. Step 6 Run:

quit
Exit the system view. Step 7 Run:


mpls
MPLS is enabled on the interface. Step 9 Run:

mpls ldp
Issue 01 (2011-07-15)
195
MPLS LDP is enabled on the interface. ----End
11.5.4 Enabling 6PE Peer

By configuring a particular 6PE peer, you can configure a particular 6PE peer to exchange routing information with the peer configured in the IPv6 view.
Procedure
Step 1 Run:
system-view

bgp as-number
The BGP view is displayed. Step 3 Run:

peer ipv4-address as-number as-number
The IP address and the AS number of a specified BGP peer are specified. Step 4 Run:
peer ipv4-address connect-interface interface-type interface-number
PE peer is specified to connect with a specified interface. Step 5 Run:

ipv6-family
The BGP-IPv6 unicast address family view is displayed. Step 6 Run:

peer peer-ipv4-address enable
6PE peer is enabled. Step 7 Run:

peer peer-ipv4-address label-route-capability
Label routing capacity is enabled for 6PE. ----End

Prerequisite
All configurations are complete.
Procedure
Step 1 Run the display mpls lsp command to view information about LSP.
Step 2 Run the display bgp ipv6 routing-table command to view information about IPv6 BGP routes. ----End
11.6 Maintaining IPv6 over IPv4 Tunnels

This section describes how to maintain an IPv6 over IPv4 tunnel, including how to monitor an IPv6 over IPv4 tunnel.
11.6.1 Monitoring the Running Status of IPv6 over IPv4 Tunnel

This section describes how to monitor an IPv6 over IPv4 tunnel.
Context
In routine maintenance, you can run the following command in any view to check the operation of IPv6 over IPv4 tunnel.
Procedure
Step 1 Run the display ipv6 interface tunnel { interface-number } command in any view to check the operation status of the tunnel interface. ----End
11.6.2 Debugging IPv6 over IPv4 Tunnel

This section describes how to debug an IPv6 over IPv4 tunnel.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. If an operation fault occurs on the IPv6 tunnel, run the following debugging commands in the user view to debug the IPv6 tunnel. View information about debugging, locate the fault, and analyze the cause. For the procedure of displaying the debugging information, refer to the chapter "Information Center Configuration" in the S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the S7700 Smart Routing Switch Debugging Reference.
Procedure
Step 1 Run the debugging tunnel { all | control | error | keepalive | packet | timer } [ interface tunnel interface-type interface-number ] command in the user view to debug tunnel information. ----End

This section provides configuration examples of IPv6 over IPv4 tunnel.
11.7.1 Example for Configuring an IPv6 over IPv4 Tunnel Manually

This section provides a configuration example of manual IPv6 over IPv4 tunnel.
As shown in Figure 11-6, two IPv6 networks are connected to Switch B on the IPv4 backbone network respectively through Switch A and Switch C. To enable the communication between two IPv6 networks, manually configure an IPv6 over IPv4 tunnel between Switch A and Switch C. Figure 11-6 Networking diagram for configuring the IPv6 over IPv4 tunnel manually
GE 1/0/1 VLANIF 100 192.168.50.1/24 GE 1/0/1 VLANIF 100 192.168.50.2/24 IPv6
IPv4 network
GE 1/0/2 VLANIF 200 192.168.51.1/24 GE 1/0/1 VLANIF 200 192.168.51.2/24 IPv6
SwitchB Dual stack Dual stack
SwitchA
SwitchC
The configuration roadmap is as follows: 1. 2. 3. 4. Enabling the service loopback function on an Eth-Trunk interface. Set the IP address for the VLANIF interface mapping with the physical interface. Configure IPv6 addresses, source interface, and destination addresses for the tunnel interfaces. Set the tunnel protocol to IPv6-IPv4.
Data Preparation
To complete the configuration, you need the following data. l
Issue 01 (2011-07-15)
IP addresses of interfaces
IPv6 address, source address, and destination address of the tunnel
Procedure
Step 1 Configure Switch A. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view [Quidway] interface eth-trunk 1 [Quidway-Eth-Trunk1] service type tunnel [Quidway-Eth-Trunk1] quit [Quidway] interface gigabitethernet 1/0/3 [Quidway-GigabitEthernet1/0/3] eth-trunk 1 [Quidway-GigabitEthernet1/0/3] quit
# Assign IP addresses to interfaces.

<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] ipv6 [SwitchA] vlan 100 [SwitchA-Vlan100] quit [SwitchA] interface gigabitethernet1/0/1 [SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 192.168.50.2 255.255.255.0 [SwitchA-Vlanif100] quit
# Set the tunnel protocol to IPv6-IPv4.

[SwitchA] interface tunnel 1/0/1 [SwitchA-Tunnel1/0/1] tunnel-protocol ipv6-ipv4
# Bind the tunnel interface to the Eth-Trunk.

[SwitchA-Tunnel1/0/1] eth-trunk 1
# Set IPv6 address and destination address for the tunnel interface.
[SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] ipv6 enable ipv6 address 3001::1/64 source vlanif 100 destination 192.168.51.2 quit
Configure a static route.

[SwitchA] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1
Step 2 Configure Switch B. Assign IP addresses to interfaces.

<Quidway> [Quidway] [SwitchB] [SwitchB] system-view sysname SwitchB ipv6 vlan 100
Issue 01 (2011-07-15)
199
[SwitchB-Vlan100] quit [SwitchB] vlan 200 [SwitchB-Vlan200] quit [SwitchB] interface gigabitethernet1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet1/0/2 [SwitchB-GigabitEthernet1/0/2] port hybrid pvid vlan 200 [SwitchB-GigabitEthernet1/0/2] port hybrid untagged vlan 200 [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ip address 192.168.50.1 255.255.255.0 [SwitchB-Vlanif100] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] ip address 192.168.51.1 255.255.255.0 [SwitchB-Vlanif200] quit
Step 3 Configure Switch C. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
<Quidway> system-view [Quidway] interface eth-trunk 1 [Quidway-Eth-Trunk1] service type tunnel [Quidway-Eth-Trunk1] quit [Quidway] interface gigabitethernet1/0/1 [Quidway-GigabitEthernet1/0/3] eth-trunk 1 [Quidway-GigabitEthernet1/0/3] quit
Assign IP addresses to interfaces.

<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] ipv6 [SwitchC] vlan 200 [SwitchC-Vlan200] quit [SwitchC] interface gigabitethernet1/0/1 [SwitchC-GigabitEthernet1/0/1] port hybrid pvid vlan 200 [SwitchC-GigabitEthernet1/0/1] port hybrid untagged vlan 200 [SwitchC-GigabitEthernet1/0/1] quit [SwitchC] interface vlanif 200 [SwitchC-Vlanif200] ip address 192.168.51.2 255.255.255.0 [SwitchC-Vlanif200] quit
# Set the tunnel protocol to IPv6-IPv4.

[SwitchC] interface tunnel 1/0/1 [SwitchC-Tunnel1/0/1] tunnel-protocol ipv6-ipv4
# Bind the tunnel interface to the Eth-Trunk.

[SwitchC-Tunnel1/0/1] eth-trunk 1
# Set IPv6 address and destination address for the tunnel interface.
[SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] ipv6 enable ipv6 address 3001::2/64 source vlanif 200 destination 192.168.50.2 quit
Issue 01 (2011-07-15)
200
# Configure a static route.

[SwitchC] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1
Step 4 Verify the configuration. # On Switch C, ping the IPv4 address of VLANIF 100 of Switch A. Switch C can receive the response packet from Switch A.
[SwitchC] ping 192.168.50.2 PING 192.168.50.2: 56 data bytes, press CTRL_C to break Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=84 ms Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=25 ms Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=3 ms Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=24 ms --- 192.168.50.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/32/84 ms
# On Switch C, ping the IPv6 address of Tunnel 1/0/1 of Switch A. Switch C can receive the response packet from Switch A.
[SwitchC] ping ipv6 3001::1 PING 3001::1 : 56 data bytes, press Reply from 3001::1 bytes=56 Sequence=1 hop limit=255 Reply from 3001::1 bytes=56 Sequence=2 hop limit=255 Reply from 3001::1 bytes=56 Sequence=3 hop limit=255 Reply from 3001::1 bytes=56 Sequence=4 hop limit=255 Reply from 3001::1 bytes=56 Sequence=5 hop limit=255 --- 3001::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 26/26/28 ms CTRL_C to break time = 28 ms time = 27 ms time = 26 ms time = 27 ms time = 26 ms
----End
Configuration Files
# sysname SwitchA # ipv6 # vlan batch 100 # interface Vlanif100 192.168.50.2 255.255.255.0 # interface Eth-Trunk1 service type tunnel # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/3 eth-trunk 1
Issue 01 (2011-07-15)
201
# interface Tunnel1/0/1 ipv6 enable ipv6 address 3001::1/64 tunnel-protocol ipv6-ipv4 source Vlanif100 destination 192.168.51.2 # ip route-static 192.168.51.0 255.255.255.0 192.168.50.1 # return

# sysname SwitchB # vlan batch 100 200 # interface Vlanif100 192.168.50.1 255.255.255.0 # interface Vlanif200 192.168.51.1 255.255.255.0 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # return

# sysname SwitchC # ipv6 # vlan batch 200 # interface Vlanif200 192.168.51.2 255.255.255.0 # interface Eth-Trunk1 service type tunnel # interface GigabitEthernet1/0/1 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface GigabitEthernet1/0/3 eth-trunk 1 # interface Tunnel1/0/1 ipv6 enable ipv6 address 3001::2/64 tunnel-protocol ipv6-ipv4 source Vlanif200 destination 192.168.50.2 # ip route-static 192.168.50.0 255.255.255.0 192.168.51.1 # return
Issue 01 (2011-07-15)
202
11.7.2 Example for Configuring a 6to4 Tunnel

This section provides a configuration example of 6to4 tunnel.
As shown in Figure 11-7, Switch A and Switch B are connected to a 6to4 network and an IPv4 backbone network respectively. To enable communication between two 6to4 network hosts, you need to manually configure an 6to4 tunnel between Switch A and Switch B. To enable communication between 6to4 networks, configure 6to4 addresses for the hosts on the 6to4 network. A 6to4 address has a 48-bit prefix, which is in the format 2002:IPv4 address. As shown in Figure 11-7, the IPv4 address of the interface through which Switch A is connected to the IPv4 network is 2.1.1.1. Therefore, the 6to4 address prefix of the 6to4 network where Switch A is located is 2002:0201:0101::. Figure 11-7 Networking diagram for configuring a 6to4 tunnel
GE 1/0/2 VLANIF 200 2002:201:101:1::1/64
GE 1/0/1 VLANIF 100 2.1.1.1 SwitchA
IPv4
GE 1/0/1 VLANIF 100 2.1.1.2 SwitchB
GE 1/0/2 VLANIF 200 2002:201:102:1::1/64
PC1 IPv6
Tunnel 1/0/1 2002:201:101::1/64 2002:201:101:1::2
Tunnel 1/0/1 2002:201:102::1/64 2002:201:102:1::2
PC2 IPv6
The configuration roadmap is as follows: 1. 2. 3. 4. Enabling the service loopback function on an Eth-Trunk interface. Configure the IPv4/IPv6 stack on the Switch. Configure a 6to4 tunnel on the Switch. Configure related routes on the Switch.
Data Preparation
To complete the configuration, you need the following data. l l
Issue 01 (2011-07-15)
IPv4 and IPv6 addresses of interfaces Source tunnel interface

Procedure
Step 1 # Configure Switch A. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
# Configure the IPv4/IPv6 stack.

<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] ipv6 [SwitchA] vlan batch 100 200 [SwitchA] interface gigabitethernet1/0/1 [SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 2.1.1.1 8 [SwitchA-Vlanif100] quit [SwitchA] interface gigabitethernet1/0/2 [SwitchA-GigabitEthernet1/0/2] port hybrid pvid vlan 200 [SwitchA-GigabitEthernet1/0/2] port hybrid untagged vlan 200 [SwitchA-GigabitEthernet1/0/2] quit [SwitchA] interface vlanif 200 [SwitchA-Vlanif200] ipv6 enable [SwitchA-Vlanif200] ipv6 address 2002:0201:0101:1::1/64 [SwitchA-Vlanif200] quit
# Configure a 6to4 tunnel.

[S7700-A] interface tunnel 1/0/1 [SwitchA-Tunnel0/0/1] eth-trunk 1 [SwitchA-Tunnel1/0/1] tunnel-protocol ipv6-ipv4 6to4 [SwitchA-Tunnel1/0/1] ipv6 enable [SwitchA-Tunnel1/0/1] ipv6 address 2002:0201:0101::1/64 [SwitchA-Tunnel1/0/1] source vlanif 100 [SwitchA-Tunnel1/0/1] quit
# Configure a route to other 6to4 networks.

[SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/1
Step 2 # Configure Switch B. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
Issue 01 (2011-07-15)
204

# Configure the IPv4/IPv6 stack.

<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] ipv6 [SwitchB] vlan batch 100 200 [SwitchB] interface gigabitethernet1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ip address 2.1.1.2 8 [SwitchB-Vlanif100] quit [SwitchB] interface gigabitethernet1/0/2 [SwitchB-GigabitEthernet1/0/2] port hybrid pvid vlan 200 [SwitchB-GigabitEthernet1/0/2] port hybrid untagged vlan 200 [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] ipv6 enable [SwitchB-Vlanif200] ipv6 address 2002:0201:0102:1::1/64 [SwitchB-Vlanif200] quit

[SwitchB] interface tunnel 1/0/1 [SwitchB-Tunnel0/0/1] eth-trunk 1 [SwitchB-Tunnel1/0/1] tunnel-protocol ipv6-ipv4 6to4 [SwitchB-Tunnel1/0/1] ipv6 enable [SwitchB-Tunnel1/0/1] ipv6 address 2002:0201:0102::1/64 [SwitchB-Tunnel1/0/1] source vlanif 100 [SwitchB-Tunnel1/0/1] quit
# Configure a route to other 6to4 networks.

[SwitchB] ipv6 route-static 2002:: 16 tunnel 1/0/1
NOTE
There must be a reachable route between SwitchA and SwitchB. In this example, the routing protocol needs to be configured on GigabitEthernet1/0/1 of SwitchA and SwitchB to ensure a reachable route between SwitchA and SwitchB. For the configuration procedure, see the Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
Step 3 Verify the configuration. # View the IPv6 status of Tunnel 1/0/1 on Switch A, and you can find that the status is Up.
[SwitchA] display ipv6 interface tunnel 1/0/1 Tunnel1/0/1 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::201:101 [TENTATIVE] Global unicast address(es): 2002:201:101::1, subnet is 2002:201:101::/64 [TENTATIVE] Joined group address(es): FF02::1:FF01:101 FF02::1:FF00:1 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses
Issue 01 (2011-07-15)
205
# On Switch A, ping the 6to4 address of VLANIF 200 of Switch B. Switch A can receive the response packet from Switch B.
[SwitchA] ping ipv6 2002:0201:0102:1::1 PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break Reply from 2002:201:102:1::1 bytes=56 Sequence=1 hop limit=255 time = 8 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=2 hop limit=255 time = 25 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=3 hop limit=255 time = 4 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=4 hop limit=255 time = 5 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=5 hop limit=255 time = 5 ms --- 2002:0201:0102:1::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/9/25 ms
----End
Configuration Files
# sysname SwitchA # ipv6 # vlan batch 100 200 # interface Vlanif100 ip address 2.1.1.1 255.0.0.0 # interface Vlanif200 ipv6 enable ipv6 address 2002:201:101:1::1/64 # interface Eth-Trunk1 service type tunnel # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # GigabitEthernet1/0/3 eth-trunk 1 # interface Tunnel1/0/1 eth-trunk 1 ipv6 enable ipv6 address 2002:201:101:1::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100 # ipv6 route-static 2002:: 16 Tunnel 0/0/1 # return
l
Issue 01 (2011-07-15)


# sysname SwitchB # ipv6 # vlan batch 100 200 # interface Vlanif100 ip address 2.1.1.2 255.0.0.0 # interface Vlanif200 ipv6 enable ipv6 address 2002:201:102:1::1/64 # interface Eth-Trunk1 service type tunnel # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface GigabitEthernet1/0/3 eth-trunk 1 # interface Tunnel1/0/1 ipv6 enable ipv6 address 2002:201:102:1::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100 # ipv6 route-static 2002:: 16 Tunnel 0/0/1 # return
11.7.3 Example for Configuring a 6to4 Relay

This section provides a configuration example of 6to4 relay.
As shown in Figure 11-8, Switch A is a 6to4 device and is connected to an IPv6 network. Switch B is a 6to4 relay device and is connected to the IPv6 Internet (2001::/64). Switch A and Switch B are connected through an IPv4 backbone network. To enable communication between the 6to4 network and the IPv6 network, you need to configure a 6to4 tunnel between Switch A and Switch B. The configuration of a tunnel between a 6to4 relay device and a common 6to4 device is similar to configuration of a tunnel between common 6to4 devices. A static route to the IPv6 network must be configured on the common 6to4 device so that the 6to4 network and the IPv6 network can communicate with each other.
Issue 01 (2011-07-15)
207
Figure 11-8 Networking diagram for configuring the 6to4 relay
IPv4 GE 1/0/0 GE 1/0/0 VLANIF 100 VLANIF 100 2.1.1.1 2.1.1.2 SwitchA SwitchB GE 2/0/0 GE 2/0/0 VLANIF 200 VLANIF 200 2001::1/64 2002:201:101:1::1/64 Tunnel 1/0/0 Tunnel 1/0/0 2002:201:101::1/64 2002:201:102::1/64 PC1 IPv6 2002:201:101:1::2 2001::2/64 PC2 IPv6
The configuration roadmap is as follows: 1. 2. 3. Configure IPv4/IPv6 stacks on devices. Configure a 6to4 tunnel on devices. Configure related static routes on devices.
Data Preparation
To complete the configuration, you need the following data. l l l IPv4 and IPv6 addresses of interfaces Source tunnel interface Static route to an indirectly connected device
Procedure
Step 1 # Configure Switch A. # Configure the IPv4/IPv6 stack.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] ipv6 [SwitchA] vlan batch 100 200 [SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/0] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 2.1.1.1 255.0.0.0 [SwitchA-Vlanif100] quit [SwitchA] interface gigabitethernet 2/0/0 [SwitchA-GigabitEthernet2/0/0] port hybrid pvid vlan 200
Issue 01 (2011-07-15)
208
[SwitchA-GigabitEthernet2/0/0] port hybrid untagged vlan 200 [SwitchA-GigabitEthernet2/0/0] quit [SwitchA] interface vlanif 200 [SwitchA-Vlanif200] ipv6 enable [SwitchA-Vlanif200] ipv6 address 2002:0201:0101:1::1/64 [SwitchA-Vlanif200] quit

[S7700-A] interface tunnel 1/0/0 [SwitchA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4 [SwitchA-Tunnel1/0/0] ipv6 enable [SwitchA-Tunnel1/0/0] ipv6 address 2002:0201:0101::1/64 [SwitchA-Tunnel1/0/0] source vlanif 100 [SwitchA-Tunnel1/0/0] quit
# Configure a static route to 2002::/16.

[SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/0
# Configure a default route to the local IPv6 network.

[SwitchA] ipv6 route-static :: 0 2002:0201:0102::1
Step 2 Configure Switch B. Configure the IPv4/IPv6 stack

<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] ipv6 [SwitchB] vlan batch 100 200 [SwitchB] interface gigabitethernet 1/0/0 [SwitchB-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/0] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ip address 2.1.1.2 255.0.0.0 [SwitchB-Vlanif100] quit [SwitchB] interface gigabitethernet 2/0/0 [SwitchB-GigabitEthernet2/0/0] port hybrid pvid vlan 200 [SwitchB-GigabitEthernet2/0/0] port hybrid untagged vlan 200 [SwitchB-GigabitEthernet2/0/0] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] ipv6 enable [SwitchB-Vlanif200] ipv6 address 2001::1/64 [SwitchB-Vlanif200] quit

[SwitchB] interface tunnel 1/0/0 [SwitchB-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4 [SwitchB-Tunnel1/0/0] ipv6 enable [SwitchB-Tunnel1/0/0] ipv6 address 2002:0201:0102::1/64 [SwitchB-Tunnel1/0/0] source vlanif 100 [SwitchB-Tunnel1/0/0] quit
# Configure a static route to 2002::/16.

[SwitchB] ipv6 route-static 2002:: 16 tunnel 1/0/0
Step 3 Verify the configuration. # On Switch A, the IPv6 address of VLANIF 200 on Switch B can be successfully pinged.
[SwitchA] ping ipv6 2001::1 PING 2001::1 : 56 data bytes, press CTRL_C to break Reply from 2001::1 bytes=56 Sequence=1 hop limit=255 time = 29 ms Reply from 2001::1
Issue 01 (2011-07-15)
209

bytes=56 Sequence=2 Reply from 2001::1 bytes=56 Sequence=3 Reply from 2001::1 bytes=56 Sequence=4 Reply from 2001::1 bytes=56 Sequence=5 hop limit=255 hop limit=255 hop limit=255 hop limit=255

time = 5 ms time = 5 ms time = 5 ms time = 26 ms
--- 2001::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 5/14/29 ms
----End
Configuration Files
# sysname SwitchA # ipv6 # vlan batch 100 200 # interface Vlanif100 ip address 2.1.1.1 255.0.0.0 #interface Vlanif200 ipv6 enable ipv6 address 2002:201:101:1::1/64 # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface Tunnel 1/0/0 ipv6 enable ipv6 address 2002:201:101::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100 # ipv6 route-static :: 0 2002:201:102::1 # ipv6 route-static 2002:: 16 Tunnel 1/0/0 # return

# sysname SwitchB # ipv6 # vlan batch 100 200 # interface Vlanif100 ip address 2.1.1.2 255.0.0.0 # interface Vlanif200 ipv6 enable ipv6 address 2001::1/64 # interface GigabitEthernet1/0/0
Issue 01 (2011-07-15)
210

port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface Tunnel 1/0/0 ipv6 enable ipv6 address 2002:201:102::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100 # ipv6 route-static 2002:: 16 Tunnel 1/0/0 # return
11.7.4 Example for Configuring an ISATAP Tunnel

This section provides a configuration example of ISATAP tunnel.
Network Requirements
As shown in Figure 11-9, an IPv6 host in the IPv4 network running the Windows XP system needs to access the IPv6 network through a border device. Both the IPv6 host and the border device support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host and the border device. Figure 11-9 Networking diagram of the ISATAP tunnel
IPv6 network IPv6 host 3001::2
ISATAP
IPv4 network
Switch ISATAP host GE1/0/2 GE1/0/1 FE80::5EFE:0201:0102 VLANIF 100 VLANIF 200 2.1.1.2 3001::1/64 2.1.1.1/8 2001::5EFE:0201:0102
The configuration roadmap is as follows: 1. 2. 3. 4. Enabling the service loopback function on an Eth-Trunk interface. Configure IPv4/IPv6 dual protocol stacks. Configure an ISATAP tunnel. Configure static routes from the IPv6 host to the ISATAP host.
Data Preparation
To complete the configuration, you need the following data: l
Issue 01 (2011-07-15)
IPv4 or IPv6 addresses of interfaces

l l
Source interface of the tunnel VLAN that the physical interface of the Switch belongs to
Procedure
Step 1 Configure the ISATAP device. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.
<Quidway> system-view [Quidway] ipv6 [Quidway] vlan batch 100 200 [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface gigabitethernet 1/0/2 [Quidway-GigabitEthernet1/0/2] port hybrid pvid vlan 200 [Quidway-GigabitEthernet1/0/2] port hybrid untagged vlan 200 [Quidway-GigabitEthernet1/0/2] quit [Quidway] interface vlanif 100 [Quidway-Vlanif100] ipv6 enable [Quidway-Vlanif100] ipv6 address 3001::1/64 [Quidway-Vlanif100] quit [Quidway] interface vlanif 200 [Quidway-Vlanif200] ip address 2.1.1.1 255.0.0.0 [Quidway-Vlanif200] quit
# Configure an ISATAP tunnel.

[Quidway] interface tunnel 1/0/2 [Quidway-Tunnel0/0/2] eth-trunk 1 [Quidway-Tunnel1/0/2] tunnel-protocol ipv6-ipv4 isatap [Quidway-Tunnel1/0/2] ipv6 enable [Quidway-Tunnel1/0/2] ipv6 address 2001::/64 eui-64 [Quidway-Tunnel1/0/2] source vlanif 200 [Quidway-Tunnel1/0/2] undo ipv6 nd ra halt [Quidway-Tunnel1/0/2] quit
Step 2 Configure the ISATAP host.

NOTE
The ISATAP host needs to run IPv6 and needs to be enabled with the IPv6 function.
# Configure a static route to the border device. (The pseudo interface number of the host is 2. You can run the ipv6 if command to view the interface corresponding to the automatic tunneling pseudo interface.)
C:\> netsh interface ipv6 isatap set router 2.1.1.1
Step 3 Configure the IPv6 host. # Configure a static route on the IPv6 host to the border device, so hosts in different networks can communicate through the ISATAP tunnel.
C:\> netsh interface ipv6 set route 2001::/64 3001::1
Step 4 Verify the configuration. Check the status of the Tunnel 1/0/2 on the ISATAP device and find it is Up.
[Quidway] display ipv6 interface tunnel 1/0/2 Tunnel1/0/2 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::5EFE:201:101 [TENTATIVE] Global unicast address(es): 2001::5EFE:201:101, subnet is 2001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF01:101 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisement max interval 600 seconds, min interval 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses
# On the ISATAP device, ping the global unicast IP address of the tunnel interface on the ISATAP host.
[Quidway] ping ipv6 2001::5efe:2.1.1.2 PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break Reply from 2001::5EFE:201:102 bytes=56 Sequence=1 hop limit=64 time = 4 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=3 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=4 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=5 hop limit=64 time = 2 ms --- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/4 ms
# On the ISATAP host, ping the global unicast IP address of the ISATAP device.
C:\> ping6 2001::5efe:2.1.1.1 Pinging 2001::5efe:2.1.1.1 from 2001::5efe:2.1.1.2 with 32 bytes of data: Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Ping statistics for 2001::5efe:2.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
Issue 01 (2011-07-15)
213
# The ISATAP host can ping through the IPv6 host.

C:\> ping6 3001::2 Pinging 3001::2 with 32 bytes of data: Reply Reply Reply Reply from from from from 3001::2: 3001::2: 3001::2: 3001::2: time<1ms time<1ms time<1ms time<1ms
Ping statistics for 3001::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
----End
Configuration Files
The configuration file of the ISATAP device is as follows:
# sysname Quidway # vlan batch 100 200 # ipv6 # interface Vlanif100 ipv6 enable ipv6 address 3001::1/64 # interface Vlanif200 ip address 2.1.1.1 255.0.0.0 # interface Eth-Trunk1 service-type tunnel # interface GigabitEthernet1/0/3 eth-trunk 1 # interface Tunnel1/0/2 ipv6 enable ipv6 address 2001::/64 eui-64 undo ipv6 nd ra halt tunnel-protocol ipv6-ipv4 isatap source Vlanif200 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # return
11.7.5 Example for Configuring 6PE

This section provides a configuration example of 6PE.
Issue 01 (2011-07-15)
214
NOTE
To run MPLS-related commands, you need to purchase a license.
As shown in Figure 11-10, PE1 and PE2 support the 6PE feature, and CE1 and CE2 support the IPv6 protocol. Between PE devices is the IPv4/MPLS network of carriers. IBGP connections of IPv4 need to be set up between PEs. IGP adopts the OSPF routing protocol. The CE device is located on an IPv6 network. The PE device and CE device exchange routing information in static routing mode through the IPv6 address. Use the 6PE feature to connect IPv6 networks of users through the IPv4/MPLS network of carriers. Figure 11-10 Networking diagram for configuring the 6PE
GE 2/0/0 VLANIF 200 4.3.5.1/24 PE 1 GE 1/0/0 VLANIF 100 3000:435::1/64 CE 1
IPv4/MPLS
GE 2/0/0 VLANIF 200 4.3.5.2/24 PE 2 GE 1/0/0 VLANIF 100 3000:1065::1/64
GE 1/0/0 GE 1/0/0 VLANIF 100 VLANIF 100 CE 2 3000:435::2/64 3000:1065::2/64 IPv6 Customer site
IPv6 Customer site
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the 6PE to enable the IPv6 capability and configure an IPv4/IPv6 stack. Configure the 6PE to enable the MPLS capability. Configure a peer of the 6PE. Set the IPv6 address and static route for the CE interface.
Data Preparation
To complete the configuration, you need the following data. l l
Issue 01 (2011-07-15)
IP addresses of interfaces LSR ID

Configuration Procedure
1. Configure the 6PE to enable the IPv6 capability and configure an IPv4/IPv6 stack. # Configure PE1 to enable the IPv6 capability.
<Quidway> system-view [Quidway] sysname PE1 [PE1] ipv6
# Configure PE2 to enable the IPv6 capability.

<Quidway> system-view [Quidway] sysname PE2 [PE2] ipv6
# Set the IPv6 address for VLANIF 100 of PE1 and the IP address for Loopback0.
[PE1] vlan batch 100 200 [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [PE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [PE1-GigabitEthernet1/0/0] quit [PE1] interface vlanif 100 [PE1-Vlanif100] ipv6 enable [PE1-Vlanif100] ipv6 address 3000:435::1 64 [PE1-Vlanif100] quit [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255 [PE1-LoopBack0] quit
# Set the IPv6 address for VLANIF 100 of PE2 and the IP address for Loopback0.
[PE2] vlan batch 100 200 [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [PE2-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [PE2-GigabitEthernet1/0/0] quit [PE2] interface vlanif 100 [PE2-Vlanif100] ipv6 enable [PE2-Vlanif100] ipv6 address 3000:1065::1 64 [PE2-Vlanif100] quit [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 255.255.255.255 [PE2-LoopBack0] quit
2.
Configure the 6PE to enable the MPLS capability.

NOTE
The PE devices are directly connected in this example, you need to run the label advertise command to enable the egress node to assign labels normally to the penultimate hop.
# Set the IP address for VLANIF 200 of PE1 and enable MPLS and LDP.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] port hyrbid pvid vlan 200 [PE1-GigabitEthernet2/0/0] port hyrbid untagged vlan 200 [PE1-GigabitEthernet2/0/0] quit [PE1] interface vlanif 200 [PE1-Vlanif200] ip address 4.3.5.1 255.255.255.0 [PE1-Vlanif200] mpls [PE1-Vlanif200] mpls ldp [PE1-Vlanif200] quit
# Set the IP address for VLANIF 200 of PE2 and enable MPLS and LDP.
[PE2] mpls lsr-id 2.2.2.9 [PE2] mpls
Issue 01 (2011-07-15)
216
[PE2-mpls] lsp-trigger all [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] port hyrbid pvid vlan 200 [PE2-GigabitEthernet2/0/0] port hyrbid untagged vlan 200 [PE2-GigabitEthernet2/0/0] quit [PE2] interface vlanif 200 [PE2-Vlanif200] ip address 4.3.5.2 255.255.255.0 [PE2-Vlanif200] mpls [PE2-Vlanif200] mpls ldp [PE2-Vlanif200] quit
# Configure OSPF on PE1 and trigger the setup of the LSP.

[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 4.3.5.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure OSPF on PE2 and trigger the setup of the LSP.

[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 4.3.5.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
3.
Configure a peer of the 6PE. # Configure IBGP on PE1, enable the peer 6PE capability, and import the direct and static routes of IPv6.
[PE1] bgp 65100 [PE1-bgp] peer 2.2.2.9 as-number 65100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv6-family [PE1-bgp-af-ipv6] import-route direct [PE1-bgp-af-ipv6] import-route static [PE1-bgp-af-ipv6] peer 2.2.2.9 enable [PE1-bgp-af-ipv6] peer 2.2.2.9 label-route-capability [PE1-bgp-af-ipv6] quit [PE1-bgp] quit
# Configure IBGP on PE2, enable the peer 6PE capability, and import the direct and static routes of IPv6.
[PE2] bgp 65100 [PE2-bgp] peer 1.1.1.9 as-number 65100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv6-family [PE2-bgp-af-ipv6] import-route direct [PE2-bgp-af-ipv6] import-route static [PE2-bgp-af-ipv6] peer 1.1.1.9 enable [PE2-bgp-af-ipv6] peer 1.1.1.9 label-route-capability [PE2-bgp-af-ipv6] quit [PE2-bgp] quit
4.
Set the IPv6 address and static route for the CE interface. # Configure CE1 to set up the connection between the IPv6 and PE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] ipv6 [CE1] vlan batch 100 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [CE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100
Issue 01 (2011-07-15)
217

[CE1-GigabitEthernet1/0/0] quit [CE1] interface vlanif 100 [CE1-Vlanif100] ipv6 enable [CE1-Vlanif100] ipv6 address 3000:435::2 64 [CE1-Vlanif100] quit [CE1] ipv6 route-static :: 0 vlanif 100
# Configure CE2 to set up the IPv6 connection with PE1.

<Quidway> system-view [Quidway] sysname CE2 [CE2] ipv6 [CE2] vlan batch 100 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [CE2-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [CE2-GigabitEthernet1/0/0] quit [CE2] interface vlanif 100 [CE2-Vlanif100] ipv6 enable [CE2-Vlanif100] ipv6 address 3000:1065::2 64 [CE2-Vlanif100] quit [CE2] ipv6 route-static :: 0 vlanif 100
5.
Verify the configuration. # Display the LSP information about PE1.

[PE1] display mpls lsp ----------------------------------------------------------LSP Information: LDP LSP ----------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 2.2.2.9/32 NULL/3 -/Vlanif200 ----------------------------------------------------------LSP Information: BGP IPV6 LSP ----------------------------------------------------------FEC : 3000:435::/64 In Label : 109568 Out Label : ----In Interface : ----OutInterface : ----Vrf Name :
# Display IPv6 routing information about PE1.

[PE1] display bgp ipv6 routing-table Total Number of Routes: 5 BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network NextHop MED Label Path/Ogn Network NextHop MED Label Path/Ogn Network NextHop MED Label Path/Ogn : : : : : : : : : : : : : : : ::1 :: 0 ? 3000:435:: :: 0 NULL/109568 ? 3000:435::1 :: 0 ? PrefixLen : 64 LocPrf : 100 PrefVal : 0 PrefixLen : 64 LocPrf : PrefVal : 0 PrefixLen : 128 LocPrf : PrefVal : 0
*>
*>
PrefixLen : 128 LocPrf : PrefVal : 0
*>i Network NextHop MED
: 3000:1065:: : ::FFFF:2.2.2.9 : 0
Issue 01 (2011-07-15)
218

Label : 109568/NULL Path/Ogn : ? *> Network NextHop MED Label Path/Ogn : : : : : FE80:: :: 0 ?
PrefixLen : 10 LocPrf : PrefVal : 0
# The IPv6 address of CE2 can be pinged successfully from CE1.

[CE1] ping ipv6 3000:1065::2 PING 3000:1065::2 : 56 data bytes, press CTRL_C to break Reply from 3000:1065::2 bytes=56 Sequence=1 hop limit=63 time = 50 ms Reply from 3000:1065::2 bytes=56 Sequence=2 hop limit=63 time = 1 ms Reply from 3000:1065::2 bytes=56 Sequence=3 hop limit=63 time = 1 ms Reply from 3000:1065::2 bytes=56 Sequence=4 hop limit=63 time = 1 ms Reply from 3000:1065::2 bytes=56 Sequence=5 hop limit=63 time = 1 ms --- 3000:1065::2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/10/50 ms
Configuration Files
l Configuration file of PE1
# sysname PE1 # ipv6 # vlan batch 100 200 # mpls lsr-id 1.1.1.9 mpls lsp-trigger all label advertise non-null # mpls ldp # interface Vlanif100 ipv6 enable ipv6 address 3000:435::1/64 # interface Vlanif200 ip address 4.3.5.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # bgp 65100 peer 2.2.2.9 as-number 65100 peer 2.2.2.9 connect-interface LoopBack0
Issue 01 (2011-07-15)
219

# ipv4-family unicast peer 2.2.2.9 enable # ipv6-family import-route direct import-route static peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 4.3.5.0 0.0.0.255 # return
Configuration file of PE2

# sysname PE2 # ipv6 # vlan batch 100 200 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all label advertise non-null # mpls ldp # interface Vlanif100 ipv6 enable ipv6 address 3000:1065::1/64 # interface Vlanif200 ip address 4.3.5.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # bgp 65100 peer 1.1.1.9 as-number 65100 peer 1.1.1.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv6-family undo synchronization import-route direct import-route static peer 1.1.1.9 enable peer 1.1.1.9 label-route-capability # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0
Issue 01 (2011-07-15)
220

network 4.3.5.0 0.0.0.255 # return
Configuration file of CE1

# sysname CE1 # ipv6 # vlan batch 100 # interface Vlanif100 ipv6 enable ipv6 address 3000:435::2 64 # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ipv6 route-static :: 0 Vlanif100 # return
Configuration file of CE2

# sysname CE2 # ipv6 # interface Vlanif100 ipv6 enable ipv6 address 3000:1065::2 64 # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ipv6 route-static :: 0 Vlanif100 # return
Issue 01 (2011-07-15)
221
12
IPv4 over IPv6 Tunnel Configuration
About This Chapter

The IPv4 over IPv6 tunnel technology is used to interconnect isolated IPv4 networks during the transition from IPv4 Internet into the IPv6 Internet. 12.1 Introduction to IPv4 over IPv6 You can create tunnels on the IPv6 networks to connect IPv4 isolated sites so that IPv4 isolated sites can access other IPv4 networks through the IPv6 Internet. 12.2 IPv4 over IPv6 Supported by the S7700 This section describes how to interconnect IPv4 networks through IPv6 networks. 12.3 Configuring an IPv4 over IPv6 Tunnel This configuration task enables transmission of an IPv4 packet added with an IPv6 header on the device configured with the IPv4/IPv6 dual stack. 12.4 Maintaining IPv4 over IPv6 Tunnels This section describes how to maintain an IPv4 over IPv6 tunnel, including how to monitor an IPv4 over IPv6 tunnel. 12.5 Configuration Examples This section provides configuration examples of IPv4 over IPv6 tunnel.
Issue 01 (2011-07-15)
222
12.1 Introduction to IPv4 over IPv6

You can create tunnels on the IPv6 networks to connect IPv4 isolated sites so that IPv4 isolated sites can access other IPv4 networks through the IPv6 Internet. During the transition from the IPv4 Internet to the IPv6 Internet, IPv6 networks have been widely deployed, whereas IPv4 networks are isolated. The tunnel technology can be adopted to establish tunnels over IPv6 networks to connect isolated IPv4 networks. This is similar to the situation where the tunnel technology is used to deploy VPNs on IP networks. The tunnel used to connect isolated IPv4 networks over IPv6 networks is called an IPv4 over IPv6 tunnel.
12.2 IPv4 over IPv6 Supported by the S7700

This section describes how to interconnect IPv4 networks through IPv6 networks. The S7700 supports the enabling of IPv4 and IPv6 protocol stacks on the devices at the border of IPv6 and IPv4 networks. Figure 12-1 Networking diagram of an IPv4 over IPv6 tunnel
Dual Stack Switch IPv4 network IPv4 Host IPv6 network
Dual Stack Switch IPv4 network IPv4 Host
IPv4 over IPv6 Tunnel

IPv6 Header IPv4 Header IPv4 Payload
IPv4 Header IPv4 Payload
IPv4 Header IPv4 Payload
Figure 12-1 shows the principles of the IPv4 over IPv6 tunnel technology. 1. 2. Enabling IPv4/IPv6 dual stacks Enable IPv4 and IPv6 protocol stacks on the border device. Encapsulating IPv6 packets After receiving a packet from the IPv4 network, the border device takes the received IPv4 packet as the payload, adds an IPv6 packet header before the payload, and encapsulates it into an IPv6 packet if the device finds that the destination of the packet is not itself. 3.
Issue 01 (2011-07-15)
Transmitting the encapsulated packet

In the IPv6 network, the encapsulated packet is transmitted to the peer border device. 4. Decapsulating the packet The peer border device decapsulates the packet, removes the IPv6 packet header, and forwards the decapsulated IPv4 packet to the remote IPv4 network.
12.3 Configuring an IPv4 over IPv6 Tunnel

This configuration task enables transmission of an IPv4 packet added with an IPv6 header on the device configured with the IPv4/IPv6 dual stack.

This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring an IPv6 over IPv4 tunnel.
To implement communication between IPv4 networks over the IPv6 network, configure an IPv4 over IPv6 tunnel on the border device of IPv4 and IPv6 networks.
Before configuring an IPv4 over IPv6 tunnel, complete the following tasks: l l Implementing the IP connectivity between the source and destination interfaces Configuring IPv4 and IPv6 protocol stacks
Data Preparation
To configure an IPv4 over IPv6 tunnel, you need the following data. No. 1 2 3 4 Data Number of the tunnel interface Source IPv6 address or source interface of the tunnel interface Destination IPv6 address of the tunnel interface IPv4 address of the tunnel interface or the interface from which the IPv4 address is borrowed
12.3.2 Configuring a Tunnel Interface

To configure a tunnel interface, you need to configure the source and destination addresses of the tunnel.
Issue 01 (2011-07-15)
224
Procedure
Step 1 Run:
system-view

The tunnel interface is created and the tunnel interface view is displayed. Step 3 Run:
tunnel-protocol ipv4-ipv6
The tunnel is specified as an IPv4 over IPv6 tunnel. Step 4 Run:

source { source-ip-address | interface-type interface-number }
The source IPv6 address or source interface of the tunnel interface is specified. Step 5 Run:
destination ip-address
The destination IPv6 address of the Tunnel interface is configured. Step 6 Run one of the following commands to specify the IP address of the tunnel interface: l Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IPv4 address of the tunnel interface. l Run the ip address unnumbered interface interface-type interface-number command to configure the tunnel interface to borrow an IPv4 address. ----End
12.3.3 Configuring Routes in the Tunnel

Packets can be normally forwarded only when routes exist on both the source device and destination device of the tunnel. Do as follows on the devices on both ends of the tunnel.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Choose one of the following methods to configure the route with the outgoing interface as the tunnel interface: l Run the ip route-static ip-address { mask | mask-length } tunnel interface-number command to configure static routes. When configuring the static routes, you must configure the both ends of the tunnel. Note that the destination address is the destination IPv4 address of the packet to be encapsulated with the IPv4 over IPv6 tunnel; the next hop is the local tunnel interface. l Configure dynamic routes. You can use the Border Gateway Protocol (BGP) or the Interior Gateway Protocol (IGP), excluding Intermediate System-to-Intermediate System (IS-IS). Detailed configurations are not mentioned here.
When configuring a dynamic routing protocol, you must enable it on the tunnel interface and the interface on the link through which the IPv4 network is connected to the IPv6 network. ----End

You can view the configuration of an IPv4 over IPv6 tunnel.
Prerequisite
The configurations of the IPv4 over IPv6 Tunnel function are complete.
Procedure
l l Run the display interface tunnel [ interface-number ] command to check the working status of the tunnel interface. Run the display ip routing-table command to check the routing table.
----End
Example
Run the display interface tunnel command. If the status of the tunnel interface is Up, it means that the configuration succeeds. For example:
<Quidway> display interface tunnel 2/0/0 Tunnel2/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2010-06-22, 19:33:19 Description : HUAWEI, Quidway Series, Tunnel2/0/0 Interface, Route Port Route Port,The Maximum Transmit Unit is 1452 bytes Internet Address is 10.1.1.1/30 Encapsulation is TUNNEL6, loopback not set Tunnel protocol/transport (IPv6 or IPV4) over IPv6 Tunnel Source 2001::1 (Pos2/0/0) Tunnel Destination 2002::2 Tunnel Encapsulation limit 4 Tunnel Traffic class not set Tunnel Flow label not set Tunnel Hop limit 64 5 minutes input rate 10 bits/sec, 0 packets/sec 5 minutes output rate 14 bits/sec, 0 packets/sec 493 packets input, 38480 bytes 0 input error 447 packets output, 53144 bytes 0 output error
Run the display ip routing-table command. If the route with the outgoing interface as the tunnel interface is displayed in the IPv4 routing table, it means that the configuration succeeds. For example:
<Quidway> display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost NextHop 10.1.1.0/24 Direct 0 0 10.1.1.2 10.1.1.2/32 Direct 0 0 127.0.0.1 10.2.1.0/24 Static 60 0 40.1.1.1 20.1.1.0/24 Direct 0 0 20.1.1.1 20.1.1.1/32 Direct 0 0 127.0.0.1 20.1.1.2/32 Direct 0 0 20.1.1.2 30.1.1.0/24 OSPF 10 3124 20.1.1.2
Interface GigabitEthernet2/0/0 InLoopBack0 Tunnel2/0/0 Pos2/0/0 InLoopBack0 Pos1/0/0 Pos1/0/0
Issue 01 (2011-07-15)
226

40.1.1.0/24 40.1.1.1/32 127.0.0.0/8 127.0.0.1/32 Direct Direct Direct Direct 0 0 0 0 0 0 0 0

40.1.1.1 127.0.0.1 127.0.0.1 127.0.0.1 Tunnel2/0/0 InLoopBack0 InLoopBack0 InLoopBack0
Run the ping -a source-ipv4-address dest-ipv4-address command. The local tunnel interface can ping through the destination tunnel interface.
12.4 Maintaining IPv4 over IPv6 Tunnels

This section describes how to maintain an IPv4 over IPv6 tunnel, including how to monitor an IPv4 over IPv6 tunnel.
12.4.1 Monitoring the Operation Status of IPv4 over IPv6 Tunnel

This section describes how to monitor an IPv4 over IPv6 tunnel.
Context
In routine maintenance, you can run the following command in any view to check the operation of IPv4 over IPv6 tunnel.
Procedure
l l Run the display interface tunnel [ interface-number ] command in any view to check the operation status of the tunnel interface. Run the display interface tunnel interface-number command in any view to check the IPv4 attributes of the tunnel interface.
----End
12.4.2 Debugging IPv4 over IPv6 Tunnel

This section describes how to debug an IPv4 over IPv6 tunnel.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. If an operation fault occurs on the IPv4 tunnel, run the following debugging commands in the user view to debug the IPv4 tunnel. View information about debugging, locate the fault, and analyze the cause. For the procedure of displaying the debugging information, refer to the chapter "Information Center Configuration" in the S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the S7700 Smart Routing Switch Debugging Reference.
Procedure
Step 1 Run the debugging tunnel { all | control | error | keepalive | packet | timer } [ interface tunnel interface-type interface-number ] command in the user view to debug tunnel information. ----End

This section provides configuration examples of IPv4 over IPv6 tunnel.
12.5.1 Example for Configuring an IPv6 over IPv4 Tunnel

This section provides a configuration example of IPv6 over IPv4 tunnel.
Figure 12-2 Networking diagram for configuring the IPv4 over IPv6 tunnel
IPv4
GE1/0/0 GE1/0/0 VLANIF 100 VLANIF 200 10.1.2.1/30 2001::2/64
IPv6
GE 1/0/0 VLANIF 100 2002::2/64
SwitchC SwitchD
GE 1/0/0 SwitchA VLANIF 100 10.1.2.2/30 SwitchB
GE 2/0/0 VLANIF 200 2001::1/64 GE 2/0/0 VLANIF 100 2002::1/64
GE2/0/0 VLANIF 200 10.1.3.1/30 GE1/0/0 VLANIF 200 10.1.3.2/30 SwitchE

IPv4
As shown in Figure 12-2, two IPv4 networks are connected to an IPv6 network through Switch A and Switch E. The border devices on the IPv6 network Switch B and Switch D support IPv4/IPv6 stack. An IPv4 over IPv6 tunnel needs to be set up between Switch B and Switch D to enable the interconnection of the two IPv4 networks that are isolated physically.
The configuration roadmap is as follows: 1.
Issue 01 (2011-07-15)
Set an IPv4 over IPv6 tunnel on the border devices at both ends of the IPv6 network.
2.
Configure the route that is forwarded through the tunnel interface.
Data Preparation
To complete the configuration, you need the following data. l l l Routing protocols used on the IPv6 network and IPv4 network Source and destination IPv6 addresses at both ends of the tunnel IPv4 address of the tunnel interface
Configuration Procedure
1. Set the IPv6 address and the IPv6 feature of IS-IS for the physical interface of the IPv6 network to implement IP connectivity of the IPv6 network. # Configure Switch B.
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] ipv6 [SwitchB] vlan batch 100 200 [SwitchB] interface gigabitethernet 2/0/0 [SwitchB-GigabitEthernet2/0/0] port hybrid pvid vlan 200 [SwitchB-GigabitEthernet2/0/0] port hybrid untagged vlan 200 [SwitchB-GigabitEthernet2/0/0] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] ipv6 enable [SwitchB-Vlanif200] ipv6 address 2001::1 64 [SwitchB-Vlanif200] quit [SwitchB] isis 1 [SwitchB-isis-1] network-entity 10.0000.0000.0001.00 [SwitchB-isis-1] ipv6 enable topology standard [SwitchB-isis-1] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] isis ipv6 enable 1 [SwitchB-Vlanif200] quit
# Configure Switch C.
<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] ipv6 [SwitchC] vlan batch 100 200 [SwitchC] interface gigabitethernet 1/0/0 [SwitchC-GigabitEthernet1/0/0] port hybrid pvid vlan 200 [SwitchC-GigabitEthernet1/0/0] port hybrid untagged vlan 200 [SwitchC-GigabitEthernet1/0/0] quit [SwitchC] interface gigabitethernet 2/0/0 [SwitchC-GigabitEthernet2/0/0] port hybrid pvid vlan 100 [SwitchC-GigabitEthernet2/0/0] port hybrid untagged vlan 100 [SwitchC-GigabitEthernet2/0/0] quit [SwitchC] interface vlanif 100 [SwitchC-Vlanif100] ipv6 enable [SwitchC-Vlanif100] ipv6 address 2002::1 64 [SwitchC-Vlanif100] quit [SwitchC] interface vlanif 200 [SwitchC-Vlanif200] ipv6 enable [SwitchC-Vlanif200] ipv6 address 2001::2 64 [SwitchC-Vlanif200] quit [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0002.00 [SwitchC-isis-1] ipv6 enable topology standard [SwitchC-isis-1] quit [SwitchC] interface vlanif 100 [SwitchC-Vlanif100] isis ipv6 enable 1 [SwitchC-Vlanif100] quit [SwitchC] interface vlanif 200
Issue 01 (2011-07-15)
229

[SwitchC-Vlanif200] isis ipv6 enable 1 [SwitchC-Vlanif200] quit
# Configure Switch D.
<Quidway> system-view [Quidway] sysname SwitchD [SwitchD] ipv6 [SwitchD] vlan batch 100 200 [SwitchD] interface gigabitethernet 1/0/0 [SwitchD-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchD-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchD-GigabitEthernet1/0/0] quit [SwitchD] interface vlanif 100 [SwitchD-Vlanif100] ipv6 enable [SwitchD-Vlanif100] ipv6 address 2002::2 64 [SwitchD-Vlanif100] quit [SwitchD] isis 1 [SwitchD-isis-1] network-entity 10.0000.0000.0003.00 [SwitchD-isis-1] ipv6 enable topology standard [SwitchD-isis-1] quit [SwitchD] interface vlanif 100 [SwitchD-Vlanif100] isis ipv6 enable 1 [SwitchD-Vlanif100] quit
2.
Set the IPv4 address and OSPF for the physical interface of the IPv4 network to implement IP connectivity of the IPv4 network. # Configure Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan batch 100 [SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/0] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 10.1.2.2 30 [SwitchA-Vlanif100] quit [SwitchA] ospf 1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
<SwitchB> system-view [SwitchB] vlan batch 100 200 [SwitchB] interface gigabitethernet 1/0/0 [SwitchB-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/0] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ip address 10.1.2.1 30 [SwitchB-Vlanif100] quit [SwitchB] ospf 1 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit
<SwitchD> system-view [SwitchD] vlan batch 100 200 [SwitchD] interface gigabitethernet 2/0/0 [SwitchD-GigabitEthernet2/0/0] port hybrid pvid vlan 200 [SwitchD-GigabitEthernet2/0/0] port hybrid untagged vlan 200 [SwitchD-GigabitEthernet2/0/0] quit [SwitchD] interface vlanif 200 [SwitchD-Vlanif200] ip address 10.1.3.1 30
Issue 01 (2011-07-15)
230
[SwitchD-Vlanif200] quit [SwitchD] ospf 1 [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit
# Configure Switch E.
<Quidway> system-view [Quidway] sysname SwitchE [SwitchE] vlan batch 200 [SwitchE] interface gigabitethernet 1/0/0 [SwitchE-GigabitEthernet1/0/0] port hybrid pvid vlan 200 [SwitchE-GigabitEthernet1/0/0] port hybrid untagged vlan 200 [SwitchE-GigabitEthernet1/0/0] quit [SwitchE] interface vlanif 200 [SwitchE-Vlanif200] ip address 10.1.3.2 30 [SwitchE-Vlanif200] quit [SwitchE] ospf 1 [SwitchE-ospf-1] area 0 [SwitchE-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3 [SwitchE-ospf-1-area-0.0.0.0] quit [SwitchE-ospf-1] quit
3.
Configure tunnel interfaces. # Create a tunnel interface, set the IPv4 address, source IPv6 address (or source interface), destination IPv6 interface for the tunnel interface. # Configure Switch B.
[SwitchB] interface tunnel 2/0/0 [SwitchB-Tunnel2/0/0] tunnel-protocol ipv4-ipv6 [SwitchB-Tunnel2/0/0] ip address 10.1.1.1 30 [SwitchB-Tunnel2/0/0] source vlanif 200 [SwitchB-Tunnel2/0/0] destination 2002::2 [SwitchB-Tunnel2/0/0] quit
[SwitchD] interface tunnel 1/0/0 [SwitchD-Tunnel1/0/0] tunnel-protocol ipv4-ipv6 [SwitchD-Tunnel1/0/0] ip address 10.1.1.2 30 [SwitchD-Tunnel1/0/0] source vlanif 100 [SwitchD-Tunnel1/0/0] destination 2001::1 [SwitchD-Tunnel1/0/0] quit
4.
Configure static routes. # Configure a static route between Switch A and Switch E. # Configure Switch A.
[SwitchA] ip route-static 10.1.3.2 255.255.255.252 vlanif 100 10.1.2.1
Configure Switch E.
[SwitchE] ip route-static 10.1.2.2 255.255.255.252 vlanif 200 10.1.3.1
# Configure a static route through the tunnel. # Configure Switch B.

[SwitchB] ip route-static 10.1.1.2 255.255.255.252 tunnel 1/0/0
[SwitchD] ip route-static 10.1.2.2 255.255.255.252 10.1.1.2
5.
Verify the configuration. After the preceding configurations are complete, view the tunnel interface on Switch B and Switch D. You can find that the protocol status of the tunnel interface is Up.
[SwitchB] display interface tunnel 2/0/0 Tunnel2/0/0 current state : UP Line protocol current state : UP
Issue 01 (2011-07-15)
231
Description : HUAWEI, Quidway Series, Tunnel2/0/0 Interface, Route Port Route Port,The Maximum Transmit Unit is 1500 Internet Address is 10.1.1.1/30 Encapsulation is TUNNEL6, loopback not set Tunnel protocol/transport (IPv6 or IPV4) over IPv6 Tunnel Source 2001::1 (Vlanif200) Tunnel Destination 2002::2 Tunnel Encapsulation limit 4 Tunnel Traffic class not set Tunnel Flow label not set QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 5 minutes input rate 10 bits/sec, 0 packets/sec 5 minutes output rate 14 bits/sec, 0 packets/sec 493 packets input, 38480 bytes 0 input error 447 packets output, 53144 bytes 0 output error
View the IPv4 routing table on Switch B and Switch D. You can find that the routing outbound interface directing at the remote end of the IPv4 network is a tunnel interface.
[SwitchB] display ip routing-table Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask 1.1.1.1/32 10.1.1.0/30 10.1.1.1/32 10.1.2.0/30 10.1.2.1/32 10.1.2.2/32 127.0.0.0/8 127.0.0.1/32 Proto Direct Direct Direct Direct Direct Direct Direct Direct Pre 0 0 0 0 0 0 0 0 Cost 0 0 0 0 0 0 0 0 Flags NextHop D 127.0.0.1 D 10.1.1.1 D 127.0.0.1 D 10.1.2.1 D 127.0.0.1 D 10.1.2.2 D 127.0.0.1 D 127.0.0.1 Interface InLoopBack0 Tunnel2/0/0 InLoopBack0 Vlanif100 InLoopBack0 Vlanif100 InLoopBack0 InLoopBack0
# On Switch A, ping the IPv4 address of VLANIF 200 of Switch E. Switch A can receive the response packet from Switch E.
[SwitchA] ping 10.1.3.2 PING 10.1.3.2: 56 data bytes, press CTRL_C to break Reply from 10.1.3.2: bytes=56 Sequence=1 ttl=254 time=20 ms Reply from 10.1.3.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=5 ttl=254 time=1 ms --- 10.1.3.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/4/20 ms
Configuration Files
# sysname SwitchA # vlan batch 100 # interface Vlanif100 ip address 10.1.2.2 255.255.255.252 # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100
Issue 01 (2011-07-15)
232
port hybrid untagged vlan 100 # ip route-static 10.1.3.2 255.255.255.252 vlanif 100 10.1.2.1 # ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.3 # return

# sysname SwitchB # ipv6 # vlan batch 100 200 isis 1 network-entity 10.0000.0000.0001.00 # ipv6 enable topology standard # # interface Vlanif100 ip address 10.1.2.1 255.255.255.252 # interface Vlanif200 ipv6 enable ipv6 address 2001::1/64 isis ipv6 enable 1 # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface Tunnel2/0/0 ip address 10.1.1.1 255.255.255.252 tunnel-protocol ipv4-ipv6 source Vlanif200 destination 2002::2 # ip route-static 10.1.1.2 255.255.255.252 tunnel 1/0/0 # ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.3 # return

# sysname SwitchC # ipv6 # vlan batch 100 200 isis 1 network-entity 10.0000.0000.0002.00 # ipv6 enable topology standard # # interface Vlanif100 ivp6 enable ipv6 address 2002::1/64 isis ipv6 enable 1
Issue 01 (2011-07-15)
233

# interface Vlanif200 ivp6 enable ipv6 address 2001::2/64 isis ipv6 enable 1 # inteface GigabitEthernet1/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # return
Configuration file of Switch D

# sysname SwitchD # ipv6 # vlan batch 100 200 # isis 1 network-entity 10.0000.0000.0003.00 # ipv6 enable topology standard # # interface Vlanif100 ipv6 enable ipv6 address 2002::2/64 isis ipv6 enable 1 # interface Vlanif200 ip address 10.1.3.1 255.255.255.252 undo shutdown # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface Tunnel1/0/0 ip address 10.1.1.2 255.255.255.252 tunnel-protocol ipv4-ipv6 source Vlanif100 destination 2001::1 # ip route-static 10.1.2.2 255.255.255.252 10.1.1.2 # ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.3 # return
Configuration file of Switch E

# sysname SwitchE # vlan batch 200 # interface Vlanif200 ip address 10.1.3.2 255.255.255.252 #
Issue 01 (2011-07-15)
234
interface GigabitEthernet1/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # ip route-static 10.1.2.2 255.255.255.252 vlanif 200 10.1.3.1 # ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.3 # return
Issue 01 (2011-07-15)
235

Configuration Guide - IP Service (V100R006C00 - 01) Huawei

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuration Guide - IP Service (V100R006C00 - 01) Huawei

Uploaded by

Copyright:

Available Formats

Quidway S7700 Smart Routing Switch V100R006C00

Configuration Guide - IP Service

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

About This Document

About This Document

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

About This Document

Changes in Issue 01 (2011-07-15)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

7 UDP Helper Configuration......................................................................................................133

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

9 Basic Configurations of IPv6...................................................................................................151

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

10 IPv6 DNS Configuration........................................................................................................169

11 IPv6 over IPv4 Tunnel Configuration................................................................................. 179

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

12 IPv4 over IPv6 Tunnel Configuration.................................................................................222

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

1.1 Introduction to IP Addresses

1.2 Features of IP Addresses Supported by the S7700

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

1.3 Configuring IP Addresses for Interfaces

1.3.1 Establishing the Configuration Task

1.3.2 Configuring a Primary IP Address for an Interface

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

The system view is displayed. Step 2 Run:

The VLANIF interface view is displayed. Step 3 Run:

1.3.3 (Optional) Configuring a Secondary IP Address for an Interface

The system view is displayed. Step 2 Run:

The VLANIF interface view is displayed. Step 3 Run:

1.3.4 Checking the Configuration

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

1.4 Configuring IP Address Unnumbered for Interfaces

1.4.1 Establishing the Configuration Task

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

The system view is displayed. Step 2 Run:

The VLANIF interface view is displayed. Step 3 Run:

The primary IP address of the interface is configured. ----End

1.4.3 Configuring an Interface That Borrows an IP Address from Another Interface

The system view is displayed. Step 2 Run:

The TUNNEL interface view is displayed. Step 3 Run:

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service

1.4.4 Checking the Configuration

1.5 Configuration Examples

1.5.1 Example for Setting Primary and Secondary IP Addresses

GE 1/0/1 VLANIF 100 172.16.1.1/24 172.16.2.1/24 sub

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S7700 Smart Routing Switch Configuration Guide - IP Service