Professional Documents
Culture Documents
Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Website: Email:
Issue 01 (2011-07-15)
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury. Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
WARNING
CAUTION
TIP
NOTE
Issue 01 (2011-07-15)
ii
Command Conventions
The command conventions that may be found in this document are defined as follows. Convention Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }* Description The keywords of a command line are in boldface. Command arguments are in italics. Items (keywords or arguments) in brackets [ ] are optional. Optional items are grouped in braces and separated by vertical bars. One item is selected. Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected. The parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments.
[ x | y | ... ]* &<1-n> #
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains all changes made in previous issues.
Issue 01 (2011-07-15)
iii
Contents
Contents
About This Document.....................................................................................................................ii 1 IP Addresses Configuration........................................................................................................1
1.1 Introduction to IP Addresses..............................................................................................................................2 1.2 Features of IP Addresses Supported by the S7700.............................................................................................2 1.3 Configuring IP Addresses for Interfaces............................................................................................................3 1.3.1 Establishing the Configuration Task.........................................................................................................3 1.3.2 Configuring a Primary IP Address for an Interface...................................................................................3 1.3.3 (Optional) Configuring a Secondary IP Address for an Interface.............................................................4 1.3.4 Checking the Configuration.......................................................................................................................4 1.4 Configuring IP Address Unnumbered for Interfaces..........................................................................................5 1.4.1 Establishing the Configuration Task.........................................................................................................5 1.4.2 Configuring the Primary IP Address of the Interface That Lends an IP Address.....................................6 1.4.3 Configuring an Interface That Borrows an IP Address from Another Interface.......................................6 1.4.4 Checking the Configuration.......................................................................................................................7 1.5 Configuration Examples.....................................................................................................................................7 1.5.1 Example for Setting Primary and Secondary IP Addresses......................................................................7 1.5.2 Example for Configuring a Tunnel Interface to Borrow the IP Address of a Loopback Interface...........9
2 ARP Configuration......................................................................................................................12
2.1 Overview of ARP.............................................................................................................................................14 2.2 Features of ARP Supported by the S7700........................................................................................................14 2.3 Configuring Static ARP....................................................................................................................................16 2.3.1 Establishing the Configuration Task.......................................................................................................17 2.3.2 Configuring Common Static ARP Entries...............................................................................................17 2.3.3 Configuring Static ARP Entries in a VLAN...........................................................................................18 2.3.4 Configuring Static ARP Entries in a VPN Instance................................................................................19 2.3.5 Checking the Configuration.....................................................................................................................19 2.4 Optimizing Dynamic ARP................................................................................................................................20 2.4.1 Establishing the Configuration Task.......................................................................................................20 2.4.2 Modify the aging parameters of dynamic ARP.......................................................................................20 2.4.3 Enabling ARP Suppression Function......................................................................................................21 2.4.4 Enabling Layer 2 Topology Detection Function.....................................................................................21 2.4.5 Checking the Configuration.....................................................................................................................22 Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. iv
Contents
2.5 Configuring Routed Proxy ARP.......................................................................................................................22 2.5.1 Establishing the Configuration Task.......................................................................................................22 2.5.2 Configure an IP Addresses for the Interface............................................................................................23 2.5.3 Enabling the Routed Proxy ARP Function..............................................................................................23 2.5.4 Checking the Configuration.....................................................................................................................24 2.6 Configuring Proxy ARP Within a VLAN........................................................................................................24 2.6.1 Establishing the Configuration Task.......................................................................................................24 2.6.2 Configure an IP Addresses for the Interface............................................................................................25 2.6.3 Enabling Proxy ARP Within a VLAN....................................................................................................25 2.6.4 Checking the Configuration.....................................................................................................................26 2.7 Configuring Proxy ARP Between VLANs.......................................................................................................26 2.7.1 Establishing the Configuration Task.......................................................................................................26 2.7.2 Configuring an IP Addresses for the Interface........................................................................................27 2.7.3 Enabling Proxy ARP Between VLANs...................................................................................................27 2.7.4 Checking the Configuration.....................................................................................................................28 2.8 Configuring ARP-Ping IP.................................................................................................................................28 2.8.1 Establishing the Configuration Task.......................................................................................................28 2.8.2 Detecting the IP Address by Using the arp-ping ip Command...............................................................29 2.9 Configuring ARP-Ping MAC...........................................................................................................................29 2.9.1 Establishing the Configuration Task.......................................................................................................29 2.9.2 Detecting the MAC Address by Using the arp-ping mac Command......................................................30 2.10 Maintaining ARP............................................................................................................................................30 2.10.1 Clearing ARP Entries............................................................................................................................31 2.10.2 Monitoring Network Operation Status of ARP.....................................................................................31 2.10.3 Debugging ARP.....................................................................................................................................31 2.11 Configuration Examples.................................................................................................................................32 2.11.1 Example for Configuring ARP..............................................................................................................32 2.11.2 Example for Configuring Routed Proxy ARP.......................................................................................35 2.11.3 Example for Configuring Intra-VLAN Proxy ARP..............................................................................37 2.11.4 Example for Configuring Inter-VLAN Proxy ARP..............................................................................39 2.11.5 Example for Configuring Layer 2 Topology Detection........................................................................42
3 DHCP Configuration..................................................................................................................45
3.1 Introduction to DHCP.......................................................................................................................................46 3.2 DHCP Features Supported by the S7700.........................................................................................................46 3.3 Configuring the DHCP Server Based on the Global Address Pool..................................................................48 3.3.1 Establishing the Configuration Task.......................................................................................................48 3.3.2 Configuring an Interface to Use Global Address Pool............................................................................50 3.3.3 Configuring Address Allocation Mode for Global Address Pool...........................................................51 3.3.4 (Optional) Configuring DNS for Global Address Pool...........................................................................52 3.3.5 (Optional) Configuring NetBIOS for Global Address Pool....................................................................53 3.3.6 (Optional) Configuring the Customized DHCP Option for the Global Address Pool............................54 3.3.7 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................55 Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v
Contents
3.3.8 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................55 3.3.9 Checking the Configuration.....................................................................................................................56 3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool...............................................57 3.4.1 Establishing the Configuration Task.......................................................................................................57 3.4.2 Configuring Address Allocation Mode for Interface Address Pool........................................................59 3.4.3 (Optional) Configuring the DNS Service of the VLANIF Interface Address Pool.................................60 3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF Interface Address Pool..........................61 3.4.5 (Optional) Configuring the Customized DHCP Option of the VLANIF Interface Address Pool...........62 3.4.6 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................62 3.4.7 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................63 3.4.8 Checking the Configuration.....................................................................................................................64 3.5 Configuring the DHCP Relay Agent................................................................................................................65 3.5.1 Establishing the Configuration Task.......................................................................................................65 3.5.2 Configuring DHCP Relay on an Interface...............................................................................................66 3.5.3 Configuring a Destination DHCP Server Group.....................................................................................67 3.5.4 Binding an Interface to a DHCP Server Group.......................................................................................68 3.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCP Release Packet...................................69 3.5.6 Checking the Configuration.....................................................................................................................70 3.6 Maintaining DHCP...........................................................................................................................................71 3.6.1 Clearing DHCP Statistics........................................................................................................................71 3.6.2 Monitoring DHCP Operation..................................................................................................................71 3.7 Configuration Examples...................................................................................................................................72 3.7.1 Example for Configuring a DHCP Server Based on the Global Address Pool.......................................72 3.7.2 Example for Configuring the DHCP Server Based on the Interface Address Pool.................................75 3.7.3 Example for Configuring a DHCP Relay Agent.....................................................................................79 3.7.4 Example for Configuring a DHCP Relay Agent for VPN.......................................................................83
4 IP Session Configuration...........................................................................................................89
4.1 Introduction to the IP Session...........................................................................................................................90 4.2 IP Session Supported by the S7700..................................................................................................................90 4.3 Configuring IP Session.....................................................................................................................................91 4.3.1 Establishing the Configuration Task.......................................................................................................91 4.3.2 Enabling the IP Session Function............................................................................................................92 4.3.3 Binding a User Authentication Domain to a Sub-Interface.....................................................................92 4.3.4 (Optional) Setting the Format of DHCP User Name and the Password..................................................93 4.3.5 (Optional) Configuring the S7700 to Process Option Fields...................................................................94 4.3.6 (Optional) Setting ARP Detection Parameters........................................................................................95 4.3.7 (Optional) Setting the Type of a NAS Interface......................................................................................95 4.3.8 (Optional) Binding a VPN Instance to an Interface.................................................................................96 4.3.9 Checking the Configuration.....................................................................................................................96 4.4 Example for Configuring IP Session................................................................................................................97 4.4.1 Example for Configuring IP Session.......................................................................................................97
5 DHCPv6 Configuration............................................................................................................101
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vi
Contents
5.1 Introduction to DHCPv6.................................................................................................................................102 5.2 DHCPv6 Features Supported by the S7700...................................................................................................103 5.3 Configuring DHCPv6 Relay...........................................................................................................................105 5.3.1 Establishing the Configuration Task.....................................................................................................105 5.3.2 Enabling the DHCPv6 Relay Function..................................................................................................105 5.3.3 (Optional) Configuring the Remote ID.................................................................................................106 5.3.4 (Optional) Configuring Rate Limit of DHCPv6 Messages...................................................................108 5.3.5 Checking the Configuration...................................................................................................................108 5.4 Maintaining DHCPv6.....................................................................................................................................109 5.4.1 Clearing the Statistics About DHCPv6 Messages Passing Through the DHCP Relay Agent..............109 5.4.2 Monitoring the Running Status of the DHCPv6 Relay Agent...............................................................109 5.5 Configuration Examples.................................................................................................................................110 5.5.1 Example for Configuring DHCPv6 Relay.............................................................................................110
6 IP Performance Configuration................................................................................................114
6.1 Introduction to IP Performance......................................................................................................................115 6.2 IP Performance Supported by the S7700........................................................................................................115 6.3 Optimizing IP Performance............................................................................................................................115 6.3.1 Establishing the Configuration Task.....................................................................................................115 6.3.2 Enabling an Interface to Check the Source IP Addresses of Packets....................................................116 6.3.3 Configuring Forcible Fragmentation of Outgoing Packets on an Interface..........................................117 6.3.4 Setting ICMP Parameters......................................................................................................................117 6.3.5 Setting TCP Parameters.........................................................................................................................119 6.3.6 (Optional) Setting the Load Balancing Mode of IP Packet Forwarding...............................................120 6.3.7 Checking the Configuration...................................................................................................................121 6.4 Maintaining IP Performance...........................................................................................................................121 6.4.1 Clearing IP Performance Statistics........................................................................................................122 6.4.2 Monitoring the Running Status of IP Performance...............................................................................122 6.4.3 Debugging IP Performance...................................................................................................................123 6.5 Configuration Examples.................................................................................................................................124 6.5.1 Example for Disabling the Sending of ICMP Redirection Packets.......................................................124 6.5.2 Example for Disabling the Sending of ICMP Host Unreachable Packets.............................................127 6.5.3 Example for Optimizing System Performance by Discarding Certain ICMP Packets..........................130
Contents
7.4.1 Clearing UDP Helper Statistics.............................................................................................................137 7.4.2 Monitoring the Running Status of UDP Helper....................................................................................138 7.5 Configuration Examples.................................................................................................................................138 7.5.1 Example for Configuring UDP Helper..................................................................................................138
8 DNS Configuration...................................................................................................................141
8.1 Introduction to DNS.......................................................................................................................................142 8.2 DNS Supported by the S7700.........................................................................................................................142 8.3 Configuring DNS............................................................................................................................................142 8.3.1 Establishing the Configuration Task.....................................................................................................142 8.3.2 Configuring Static DNS Entries............................................................................................................143 8.3.3 Configuring Dynamic DNS...................................................................................................................143 8.3.4 Checking the Configuration...................................................................................................................144 8.4 Maintaining DNS............................................................................................................................................145 8.4.1 Clearing DNS Entries............................................................................................................................145 8.4.2 Monitoring Network Operation Status of DNS.....................................................................................146 8.4.3 Debugging DNS....................................................................................................................................146 8.5 Configuration Examples.................................................................................................................................147 8.5.1 Example for Configuring DNS..............................................................................................................147
Contents
Contents
11.7.4 Example for Configuring an ISATAP Tunnel.....................................................................................211 11.7.5 Example for Configuring 6PE.............................................................................................................214
Issue 01 (2011-07-15)
1 IP Addresses Configuration
1
About This Chapter
IP Addresses Configuration
By assigning IP addresses to network devices, you can enable data communications between the network devices. 1.1 Introduction to IP Addresses IP is the core of the TCP/IP protocol suite. The packets of the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and Internet Group Membership Protocol (IGMP) are all transmitted in the format of IP datagrams. Devices on different networks communicate with each other using their network layer addresses, namely IP addresses. 1.2 Features of IP Addresses Supported by the S7700 IP addresses can be obtained through static manual configuration or borrowing. 1.3 Configuring IP Addresses for Interfaces Assigning an IP address to a device on a network enables the device to communicate with the other devices on the network. 1.4 Configuring IP Address Unnumbered for Interfaces IP address unnumbered refers to the situation that an interface that is not assigned an IP address obtains an IP address by borrowing an IP address from another interface. 1.5 Configuration Examples This section provides several examples of IP address configuration.
Issue 01 (2011-07-15)
1 IP Addresses Configuration
The S7700 supports the space overlapping of network segment addresses to save the address space. l Different IP addresses in the overlapped network segments but not same can be configured on different interfaces of the same device. For example, after an interface on a device is configured with the IP address 20.1.1.1/16, if another interface is configured with the IP address 20.1.1.2/24, the system prompts a message. However, the configuration is still successful; if another interface is configured with the IP address 20.1.1.2/16, the system prompts an IP address conflict. The configuration fails. The primary IP address and the secondary IP address in the overlapped network segments but not same can be configured on the same interface. For example, after the interface is configured with a primary IP address 20.1.1.1/24, if the secondary IP address is 20.1.1.2/16 sub, the system prompts a message. However, the configuration is still successful. The primary IP address and the secondary IP address in the overlapped network segments but not same can be configured on different interfaces of the same device. However, the primary IP address and the secondary IP address cannot be the same. For example, after an interface on a device is configured with the IP address 20.1.1.1/16, if another interface is configured with the IP address 20.1.1.2/24 sub, the system prompts a message. However, the configuration is still successful.
The S7700 supports 31-bit IP address masks. Therefore, there are only two IP addresses in a network segment, that is, the network address and broadcast address. The two IP addresses can be used as host addresses.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2
1 IP Addresses Configuration
Applicable Environment
To start IP services on an interface, configure the IP address for the interface. You can assign several IP addresses to each interface. Among them, one is the primary IP address and the others are secondary IP addresses. Generally, you need to configure only a primary IP address for an interface. Secondary IP addresses, however, are required in some cases. For instance, when a device connects to a physical network through an interface, and computers on this network belong to two Class C networks, you need to configure a primary IP address and a secondary IP address for this interface to ensure that the device can communication with all computers on this network.
Pre-configuration Tasks
Before configuring an IP addresses for an interface, complete the following tasks: l l Configuring the physical parameters for the interface and ensuring that the physical layer status of the interface is Up Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up
Data Preparation
To configure IP addresses for an interface, you need the following data. No. 1 2 3 Data Interface number Primary IP address and subnet mask of the interface (Optional) Secondary IP address and subnet mask of the interface
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Procedure
Step 1 Run:
system-view
A primary IP address is configured. An interface has only one primary IP address. If the interface already has a primary IP address, the newly configured primary IP address replaces the original one. ----End
Procedure
Step 1 Run:
system-view
A secondary IP address is configured. You can configure a maximum of 255 secondary IP addresses on an interface. ----End
Prerequisite
The configurations of the IP addresses for the interface are complete.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4
1 IP Addresses Configuration
Procedure
l l Run the display ip interface [ brief ] [ interface-type [ interface-number ] ] command to check the IP configuration on the interface. Run the display interface [ interface-type [ interface-number ] ] command to check interface information.
----End
Applicable Environment
To save IP address resources in some cases, configure the IP address unnumbered on the interface. You can also perform this configuration for an interface that is occasionally used rather than making the interface occupy an IP address constantly. Restrictions on configuring IP address unnumbered on an interface are as follows: l l l l l l The interface of IP address borrower can not be an Ethernet interface. The interface of IP address lender cannot be IP address from other. Multiple interfaces can borrow the IP address from the interface of IP address lender. If the interface of IP address lender has multiple IP addresses, the IP address lender can only be the primary IP address. If the interface of IP address borrower borrows an IP address from the interface with no IP address, the IP address borrower gets the IP adderss 0.0.0.0. The IP address of the virtual loopback interface can be borrowed by other interfaces. The loopback interface, however, cannot borrow the IP address from other interfaces.
Pre-configuration Tasks
Before configuring IP address unnumbered on an interface, complete the following tasks: l l Configuring physical attributes for the IP address borrower and lender Configuring link layer protocols for the IP address borrower and lender
Data Preparation
To configure IP address unnumbered on an interface, you need the following data.
Issue 01 (2011-07-15)
1 IP Addresses Configuration
No. 1 2
Data Number, IP address, and mask of the interface that lends the IP address to other interfaces Number of the interface that borrows an IP address from another interface
1.4.2 Configuring the Primary IP Address of the Interface That Lends an IP Address
Only the primary IP address of an interface can be borrowed.
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
The interface is configured to borrow an IP address from the specified interface. ----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6
1 IP Addresses Configuration
Prerequisite
The configurations of IP address unnumbered are complete.
Procedure
l l Run the display ip interface [ brief ] [ interface-type [ interface-number ] ] command to check the IP configuration on the interface. Run the display interface [ interface-type [ interface-number ] ] command to check interface information.
----End
Networking Requirements
As shown in Figure 1-1, GigabitEthernet 1/0/1 of the Switch is connected to a LAN, in which hosts belong to two different network segments, that is 172.16.1.0/24 and 172.16.2.0/24. It is required that the Switch can access the two network segments but the host in 172.16.1.0/24 cannot interconnect with the host in 172.16.2.0/24. Figure 1-1 Networking diagram for setting IP addresses
172.16.1.0/24
Switch
172.16.2.0/24
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Analyze the address of the network segment to which each interface is connected. Set the secondary IP addresses for an interface.
NOTE
Note that the primary and secondary IP addresses of the same interface or different secondary IP addresses of the same interface cannot be in the same network segment.
Data Preparation
To complete the configuration, you need the following data. l l Primary IP address and subnet mask of the interface Secondary IP address and subnet mask of the interface
Procedure
Step 1 Set the IP address for VLANIF 100 where GigabitEthernet 1/0/1 of the Switch belongs.
<Quidway> system-view [Quidway] vlan 100 [Quidway-Vlan100] quit [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface vlanif 100 [Quidway-Vlanif100] ip address 172.16.1.1 24 [Quidway-Vlanif100] ip address 172.16.2.1 24 sub
Step 2 Verify the configuration. # Ping a host on network segment 172.16.2.0 from Switch. The ping succeeds.
<Quidway> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128 Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128 --- 172.16.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/26/27 ms
ms ms ms ms ms
Ping a host on network segment 172.16.2.0 from the Switch. The ping succeeds.
<Quidway> ping 172.16.2.2 PING 172.16.2.2: 56 data bytes, press CTRL_C to break Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25 Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26 Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26 Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26 Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26 --- 172.16.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received
ms ms ms ms ms
Issue 01 (2011-07-15)
1 IP Addresses Configuration
----End
Configuration Files
Configuration file of the Switch
# sysname Quidway # vlan 100 # interface Vlanif100 ip address 172.16.1.1 255.255.255.0 ip address 172.16.2.1 255.255.255.0 sub # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # return
1.5.2 Example for Configuring a Tunnel Interface to Borrow the IP Address of a Loopback Interface
This section provides a configuration example of tunnel interface borrowing the IP address of a Loopback interface.
Networking Requirements
As shown in Figure 1-2, Tunnel 3/0/15 of Switch A is connected to Switch C through a tunnel. Tunnel 3/0/15 of Switch A is rarely used. To save IP addresses, configure Tunnel 3/0/15 of Switch A to borrow the IP address of Loopback0 of Switch A. Tunnel 3/0/15 of Switch C borrows the IP address of Loopback0 of Switch C. Figure 1-2 Networking diagram for configuring a tunnel interface to borrow an IP address of a loopback interface
SwitchB
LoopBack 0 116.116.116.116/32
SwitchC
LoopBack 0 9.9.9.9/32
Tunnel 3/0/15
PC 1
PC 2
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Configuration Roadmap
The configuration roadmap is as follows: l l l l Set addresses of the Loopback0 interfaces of Switch A and Switch C. Configure OSPF. Configure Tunnel 3/0/15 of Switch A to borrow the IP address of Loopback0. Configure Tunnel 3/0/15 of Switch C to borrow the IP address of Loopback0.
Data Preparation
To complete the configuration, you need the following data. l l l l IP address for Loopback0 of Switch A IP address for Loopback0 of Switch C Index for Loopback0 of Switch A Index for Loopback0 of Switch C
Procedure
Step 1 # Configure Switch A. # Set an IP address for Loopback0 of Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] interface loopback 0 [SwitchA-LoopBack0] ip address 116.116.116.116 32 [SwitchA-LoopBack0] quit
Configure OSPF.
[SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 116.116.116.116 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
Step 2 Configure Switch C. The configuration procedure is the same as the configuration procedure of Switch A. Step 3 Verify the configuration. # Ping 9.9.9.9 on Switch A.
[SwitchA] ping 9.9.9.9 PING 9.9.9.9: 56 data bytes, press CTRL_C to break Reply from 9.9.9.9: bytes=56 Sequence=1 ttl=255 time=2 Reply from 9.9.9.9: bytes=56 Sequence=2 ttl=255 time=3 Reply from 9.9.9.9: bytes=56 Sequence=3 ttl=255 time=3 Reply from 9.9.9.9: bytes=56 Sequence=4 ttl=255 time=3 Reply from 9.9.9.9: bytes=56 Sequence=5 ttl=255 time=3 --- 9.9.9.9 ping statistics --5 packet(s) transmitted
ms ms ms ms ms
Issue 01 (2011-07-15)
10
1 IP Addresses Configuration
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # interface LoopBack0 ip address 116.116.116.116 255.255.225.255 # interface Tunnel3/0/15 ip address unnumbered interface LoopBack0 # ospf 1 area 0.0.0.0 network 116.116.116.116 0.0.0.0 # return
Issue 01 (2011-07-15)
11
2 ARP Configuration
2
About This Chapter
ARP Configuration
ARP can map an IP address to a MAC address and implements transmission of Ethernet frames. 2.1 Overview of ARP An Ethernet device must support ARP. ARP implements dynamic mapping between Layer 3 IP addresses and Layer 2 MAC addresses. 2.2 Features of ARP Supported by the S7700 ARP can operate in either of two modes: static and dynamic. The extensions of ARP include proxy ARP, gratuitous ARP, and ARP-Ping. 2.3 Configuring Static ARP Static ARP indicates that there is a fixed mapping between an IP address and a MAC address. Static ARP needs to be configured by an administrator. 2.4 Optimizing Dynamic ARP If dynamic ARP is configured, the system automatically resolutes an IP address into an Ethernet MAC address. 2.5 Configuring Routed Proxy ARP Proxy ARP enables devices whose IP addresses belong to the same network segment but different physical networks to communicate with each other. 2.6 Configuring Proxy ARP Within a VLAN By configuring proxy ARP on a VLAN, you can interconnect isolated hosts on a VLAN. 2.7 Configuring Proxy ARP Between VLANs By configuring inter-VLAN proxy ARP, you can interconnect hosts on different VLANs. 2.8 Configuring ARP-Ping IP ARP-Ping IP is a method of detecting whether an IP address is used by another device on a local area network (LAN) by sending ARP packets. 2.9 Configuring ARP-Ping MAC ARP-Ping MAC is a method of detecting whether a MAC address is used by another device on a LAN by sending ICMP packets. 2.10 Maintaining ARP
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 12
2 ARP Configuration
The operations of ARP maintenance include clearing ARP statistics and monitoring ARP operating status. 2.11 Configuration Examples This section provides several configuration examples of ARP.
Issue 01 (2011-07-15)
13
2 ARP Configuration
Introduction to ARP-Ping
ARP-Ping consists of ARP-Ping IP and ARP-Ping MAC. ARP-Ping is developed to maintain the deployed Layer 2 features.
Introduction to ARP-Ping IP
ARP-Ping IP uses ARP packets to check whether an IP address is used by another device on the LAN. Before configuring an IP address for a device, you need to check that this IP address is not used by another device on the network by sending the ARP packets. Then, you can take appropriate actions. You can also run the ping command to check whether the IP address is used by another device on the network. If enabled with the firewall function that does not reply to Ping packets, the destination host and device do not reply to Ping packets and think that the IP address is not in use. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall. In this way, the preceding situation does not occur.
Principles of ARP-Ping IP
ARP-Ping IP sends ARP Request packets. The following describes how to implement ARP-Ping IP: 1. 2. After setting the specified IP address through command lines, you can send ARP Request packets and start the timeout timer. After receiving an ARP Request packet, each device or host on the LAN replies with an ARP Reply packet.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 14
Issue 01 (2011-07-15)
2 ARP Configuration
3.
After receiving the ARP Reply packet, the source device compares the source IP address contained in the Reply packet with the IP address input in the command line. If they are consistent, the MAC address corresponding to the input IP address is displayed and the timeout timer of ARP Reply packets is disabled. The operation finishes. If the timeout timer of ARP Reply packets times out, it means that the IP address is not in use.
As shown in Figure 2-1, Switch A and Gigabitethernet A are directly connected. You can run the arp-ping ip command on Switch A to check whether the IP address 10.1.1.2 is in use. Figure 2-1 Implementation procedure of ARP-Ping IP
Host B
Host A
SwitchA Gigabitethernet A
Run the arp-ping ip 10.1.1.2 command on Switch A. After receiving the ARP Reply packet from Host A 10.1.1.2 on the network, Switch A displays the MAC address of Host A.Switch A displays the MAC address of Node B. Through the command output, you can know whether the IP address is used by another host on the network.
NOTE
Issue 01 (2011-07-15)
2 ARP Configuration
2. 3.
After receiving an ICMP Echo Request packet, each device or host on the LAN replies with an ICMP Echo Reply packet. After receiving the ICMP Echo Reply packet, the source device compares the source MAC address contained in the Echo Reply packet with the MAC address input in the command line. If they are consistent, the IP address of the Echo Reply packet is displayed. Then the source device prompts you that the MAC address is in use and disables the timeout timer. The operation finishes. If the timeout timer of the ICMP Echo Reply packets times out, it means that the MAC address is not in use.
NOTE
If the system denies the request for replying with the network segment address, the sender cannot receive the ICMP Echo Reply packet.
As shown in Figure 2-2, Switch A and Gigabitethernet A are directly connected. You can run the arp-ping mac command on Switch A to check whether the MAC address 0013-46E7-2EF5 is in use. Figure 2-2 Implementation procedure of ARP-Ping MAC
Host A
0013-46E7-2EF5 GE1/0/0 10.1.1.1/24
SwitchA Gigabitethernet A
The following describes how to implement ARP-Ping MAC on Switch A: Run the arp-ping mac 0013-46E7-2EF5 10.1.1.0 or arp-ping mac 0013-46E7-2EF5 gigabitethernet 1/0/0 command on Switch A. After receiving the ICMP Reply packets replied by all the hosts on the network, Switch A displays the IP address of the host with the MAC address 0013-46E7-2EF5. Through the command output, you can obtain the IP address corresponding to the MAC address.
NOTE
The arp-ping mac command is applicable to the outgoing interface in one of the following types: the Ethernet interface, Gigabit Ethernet interface, Eth-Trunk interface, and VLANIF interface.
Issue 01 (2011-07-15)
16
2 ARP Configuration
Applicable Environment
Static ARP is used in the following situations: l For the packets whose destination IP address is on another network segment, static ARP can help these packets traverse a gateway of the local network segment so that the gateway can forward the packets to their destination. When you need to filter out some packets with illegitimate destination IP addresses, static ARP can bind these illegitimate addresses to a nonexistent MAC address.
Pre-configuration Tasks
Before configuring ARP, complete the following tasks: l l l Configuring physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring link layer protocol parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Configuring the network layer protocol for the interface
Data Preparation
To configure ARP, you need the following data. No. 1 2 Data IP address and MAC address of the static ARP entry VPN instance name and VLAN ID to which the static ARP entry belongs
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
17
2 ARP Configuration
----End
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device simultaneously, the virtual IP address of the VRRP backup group configured on the VLAN interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and thus packets cannot be normally forwarded.
NOTE
To configure static ARP for the packets with double tags, run the arp static cevid command. For details, see the Quidway S7700 Smart Routing Switch Command Reference - Ethernet.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Configure static ARP entries in a Virtual Local Area Network (VLAN). To configure static ARP entries in a VLAN, do as follows: l Run the arp static ip-address mac-address [ vid vlan-id interface interface-type interfacenumber ] command. To configure static ARP entries for VLANIF interfaces, if an ARP entry contains only the IP address and MAC address, and the VLAN ID and outbound interface of the ARP packet are not specified, the system selects the outbound interface automatically. If the VLAN ID and outbound interface are specified, the system forwards the packet from the specified outbound interface. If the interface corresponding to the VLAN is bound to a Virtual Private Network (VPN), the device can automatically associate the configured static ARP entry with the VPN. This command is applicable to port-based VLANs. l Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlanid command.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 18
2 ARP Configuration
----End
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the ARP function are complete.
Procedure
l l l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics { all } command to check the statistics for ARP entries. Run the display arp trackcommand to check the ARP entries learned by VLANIF interfaces and view detailed information about the change of outbound interfaces.
----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 19
2 ARP Configuration
Applicable Environment
Dynamic ARP is one of functions owned by a device or host. You do not need to run a command to enable dynamic ARP but you can modify some parameters of dynamic ARP.
Pre-configuration Tasks
None
Data Preparation
Optimizing dynamic ARP, you need the following data. No. 1 2 Data Aging detection times of the dynamic ARP entry Aging time of the dynamic ARP entry
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
20
2 ARP Configuration
The number of aging detection times of the dynamic ARP entries is configured. Step 4 Run:
arp expire-time expire-times
The timeout period for aging dynamic ARP entries is configured. By default, the aging detection times of the dynamic ARP entries is three, and the aging timeout period is 1200 seconds. Step 5 Run:
arp detect-mode unicast
The interface is configured to send ARP Aging Detection packets in unicast mode. By default, an interface sends ARP Aging Detection packets in broadcast mode. ----End
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
2 ARP Configuration
Prerequisite
The configurations of the ARP function are complete.
Procedure
l l l l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check information about ARP mapping tables based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics { all } command to check the statistics for ARP entries. Run the display arp trackcommand to check the ARP entries learned by VLANIF interfaces and view detailed information about the change of outbound interfaces.
----End
Applicable Environment
The two physical networks of an enterprise are in different subnets of the same IP network, and are separated by a device. You need to enable the proxy ARP on the device interface connected to the physical networks. This enables communication between the two networks. Network IDs of subnet hosts must be the same. You need not configure default gateways for hosts.
Pre-configuration Tasks
Before configuring routed proxy ARP, complete the following tasks: l l Configuring the physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 22
Issue 01 (2011-07-15)
2 ARP Configuration
Data Preparation
To configure routed proxy ARP, you need the following data. No. 1 2 Data Number of the interface to be enabled with routed proxy ARP IP address of the interface to be enabled with routed proxy ARP
Procedure
Step 1 Run:
system-view
The VLANIF interface view is displayed. Routed proxy ARP can be enabled only on the VLANIF interface of the S7700. Step 3 Run:
ip address ip-address { mask | mask-length }
The interface is configured with an IP address. The IP address configured for the interface must be in the same network segment with that of hosts in the LAN connected with this interface. ----End
Procedure
Step 1 Run:
system-view
2 ARP Configuration
Step 3 Run:
arp-proxy enable
By default, the routed proxy ARP function is disabled on the interface. After routed proxy ARP is enabled, you must reduce the aging time of ARP entries in the deviece so that the number of packets received but cannot be forwarded by the device is decreased. To configure the aging time of ARP entries. ----End
Prerequisite
The configurations of the routed proxy ARP function are complete.
Procedure
l l l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check information about ARP mapping tables based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics command to check statistics about ARP entries.
----End
Applicable Environment
If two users are in the same VLAN but they are isolated from each other, to ensure the two users can communicate, you need to enable proxy ARP within the VLAN on the interface associated with the VLAN.
Pre-configuration Tasks
Before configuring proxy ARP within a VLAN, complete the following tasks: l l l
Issue 01 (2011-07-15)
Configuring physical attributes for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the VLAN Configuring user isolation in the VLAN
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 24
2 ARP Configuration
Data Preparation
To configure proxy ARP within a VLAN, you need the following data. No. 1 2 3 Data Number of the interface to be enabled with proxy ARP in a VLAN IP address of the interface to be enabled with proxy ARP in a VLAN VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN
Procedure
Step 1 Run:
system-view
The VLANIF interface view is displayed. Intra-VLAN proxy ARP can be enabled on only the VLANIF interface of the S7700. Step 3 Run:
ip address ip-address { mask | mask-length }
The interface is configured with an IP address. The IP address configured for the interface must be in the same network segment with that of hosts in the VLAN associated with this interface. ----End
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
25
2 ARP Configuration
Prerequisite
The configurations of the proxy ARP within a VLAN function are complete.
Procedure
l l l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check information about ARP mapping tables based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics command to check statistics about ARP entries.
----End
Applicable Environment
If two users belong to different VLANs and they need to communicate, you need to enable proxy ARP between VLANs on the sub-interface associated with the VLAN. IP addresses of hosts in a VLAN must be in the same network segment.
Pre-configuration Tasks
Before configuring proxy ARP between VLANs, complete the following tasks: l l Configuring physical attributes for the interface and ensuring that the status of the physical layer of the interface is Up Configuring VLAN aggregation
Data Preparation
To configure proxy ARP between VLANs, you need the following data.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 26
2 ARP Configuration
No. 1 2 3
Data Number of the interface to be enabled with proxy ARP between VLANs IP address of the interface to be enabled with proxy ARP between VLANs VLAN ID associated with the interface to be enabled with proxy ARP between VLANs
Procedure
Step 1 Run:
system-view
The VLANIF interface view is displayed. Inter-VLAN proxy ARP can be enabled only on the VLANIF interface of the S7700. Step 3 Run:
ip address ip-address { mask | mask-length }
The interface is configured with an IP address. The IP address configured for the interface must be in the same network segment with that of hosts in the VLAN associated with this interface. ----End
Procedure
Step 1 Run:
system-view
2 ARP Configuration
Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable
Prerequisite
The configurations of Proxy ARP Between VLANs are complete.
Procedure
l l l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check information about ARP mapping tables based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances. Run the display arp statistics command to check statistics about ARP entries.
----End
Applicable Environment
In the LAN, to configure an IP address for a device, you need to use the arp-ping ip command to check whether this IP address is used by another device in the network. You can also run the ping command to check whether the IP address is used by another device on the network. If enabled with the firewall function that does not reply to Ping packets, the destination host and device do not reply to Ping packets and think that the IP address is not in use. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall. In this way, the preceding situation does not occur.
Pre-configuration Tasks
Before configuring ARP-Ping IP, complete the following tasks: l Configuring parameters of the link layer protocol and IP addresses for the interfaces and ensuring that the status of the link layer protocol on the interfaces is Up.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 28
Issue 01 (2011-07-15)
2 ARP Configuration
Data Preparation
To configure ARP-Ping IP, you need the following data. No. 1 Data IP address to be checked
Procedure
Step 1 Run: Check whether the IP address is in use. The following information is displayed: l If the following information is displayed, it means that the IP address is not in use.
[Quidway] arp-ping ip 110.1.1.2 ARP-Pinging 110.1.1.2: Request timed out Request timed out Request timed out The IP address is not used by anyone!
----End
Applicable Environment
To check whether a MAC address is in use or query the IP address through the MAC address, you can use the arp-ping mac command.
Pre-configuration Tasks
Before configuring ARP-Ping MAC, complete the following tasks:
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 29
2 ARP Configuration
Configuring parameters of the link layer protocol and IP addresses for the interfaces and ensuring that the status of the link layer protocol on the interfaces is Up.
Data Preparation
To configure ARP-Ping MAC, you need the following data. No. 1 Data MAC address to be checked
2.9.2 Detecting the MAC Address by Using the arp-ping mac Command
ARP-Ping MAC detects whether an IP address is used by a device on a LAN by sending ICMP packets.
Procedure
Step 1 Run:
arp-ping mac mac-address { ip-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number }
Check whether the MAC address is in use. Alternatively, you can query the IP address through the MAC address. The following information is displayed: l If the following information is displayed, it means that the MAC address is not in use.
[Quidway] arp-ping mac 00e0-517d-f201 interface gigabitethernet 1/0/0 OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-01], press CTRL_C to break Request timed out Request timed out Request timed out ----- ARP-Ping MAC statistics ----3 packet(s) transmitted 0 packet(s) received MAC[00-E0-51-7D-F2-01] not be used
l If the following information is displayed, it means that the MAC address is in use.
[Quidway] arp-ping mac 00e0-517d-f202 interface gigabitethernet 1/0/0 OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-02], press CTRL_C to break ----- ARP-Ping MAC statistics ----1 packet(s) transmitted 1 packet(s) received IP ADDRESS MAC ADDRESS 128.1.1.1 00-E0-51-7D-F2-02
----End
2 ARP Configuration
Context
CAUTION
l The mapping between the IP and MAC addresses is deleted after you clear ARP entries. So, confirm the action before you use the command. l The static ARP entries cannot restore after you clear it. So, confirm the action before you use the command.
Procedure
Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | static } command in the user view to clear the ARP entries in the ARP mapping table. ----End
Context
In routine maintenance, you can run the following command in any view to check the operation of ARP.
Procedure
l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command in any view to check the information about the ARP mapping table based on interfaces. Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command in any view to check the information about ARP mapping tables based on VPN instances. Run the display arp track command in any view to check the information about the outbound interfaces change of ARP entries learned by VLANIF interfaces.
l l
----End
Issue 01 (2011-07-15)
31
2 ARP Configuration
Context
CAUTION
Debugging affects the performance of the system. Thus, after debugging, run the undo debugging all command to disable debugging immediately. When the CPU usage is close to 100%, debugging ARP may cause the board resetting. So, confirm the action before you use the command. When faults occur during ARP operation, run the following debugging command in the user view to debug ARP and locate the fault. For more information, see chapter "Information Center Configuration" in the Quidway S7700 Smart Routing Switch Configuration Guide-System Management. For descriptions about the debugging commands, see the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
l l Run the debugging arp packet [ interface interface-type interface-number | slot slot-id ] command in the user view to debug ARP. Run the debugging arp-proxy [ inner-sub-vlan-proxy | inter-sub-vlan-proxy ] [ interface interface-type interface-number ] command in the user view to debug proxy ARP. Run the debugging arp process [slot slot-id | interface interface-type interface-number ] command in the user view to debug the processing of ARP packets.
----End
Issue 01 (2011-07-15)
32
2 ARP Configuration
Server Internet
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Create a VLAN and add an interface to the VLAN. Set dynamic ARP parameters on a VLANIF interface at the user side. Create a static ARP entry.
Data Preparation
To complete the configuration, you need the following data: l l l l GE 1/0/1 added to VLAN 2 and GE 1/0/2 added to VLAN 3 VLANIF 2 with the IP address being 2.2.2.2 and subnet mask being 255.255.255.0, aging time of ARP entries being 60s, and number of detection times being 2 LSW with the IP address being 2.2.2.1 and subnet mask being 255.255.255.0 Interface connecting the router and the Switch, with the IP address being 10.2.2.3, subnet mask being 255.255.255.0, and MAC address being 00e0-fc01-0000
Procedure
Step 1 Create a VLAN and add an interface to the VLAN. # Create VLAN 2 and VLAN 3.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 33
2 ARP Configuration
# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN ID 3, and outgoing interface GE 1/0/2.
[Quidway] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface gigabitethernet 1/0/2 [Quidway] quit
Step 4 Verify the configuration. # Run the display current-configuration command. You can view the aging time of ARP entries, the number of detection times before deleting ARP entries, and the ARP mapping table.
<Quidway> display current-configuration | include arp arp expire-time 60 arp detect-times 2 arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2
----End
Configuration Files
The following is the configuration file of the Switch.
# sysname Quidway # vlan batch 2 to 3
Issue 01 (2011-07-15)
34
2 ARP Configuration
# interface Vlanif2 ip address 2.2.2.2 255.255.255.0 arp expire-time 60 arp detect-times 2 # interface Vlanif3 ip address 10.2.2.2 255.255.255.0 # interface GigabitEthernet 1/0/1 port hybrid tagged vlan 2 # interface GigabitEthernet 1/0/2 port hybrid tagged vlan 3 # arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2 # return
Ethernet B
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Assign an IP Address to an interface. Enable routed proxy ARP on the interface. Configure the default route.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 35
2 ARP Configuration
l l l
Procedure
Step 1 Create VLAN 2 and add GE 1/0/0 to VLAN 2.
<Quidway> system-view [Quidway] vlan 2 [Quidway-vlan2] quit [Quidway] interface gigabitethernet 1/0/0 [Quidway-GigabitEthernet1/0/0] port link-type access [Quidway-GigabitEthernet1/0/0] port default vlan 2 [Quidway-GigabitEthernet1/0/0] quit
Step 7 Configure the hosts. # Assign IP address 172.16.1.2/16 to Host A. # Assign IP address 172.16.2.2/16 to Host B. Step 8 Verify the configuration. # Ping Host B from Host A. The ping operation is successful. ----End
Configuration Files
Configuration file of the Switch
# sysname Quidway # vlan batch 2 to 3 # interface Vlanif2 ip address 172.16.1.1 255.255.255.0
Issue 01 (2011-07-15)
36
2 ARP Configuration
The IP address and subnet mask of the VLANIF interface in super-VLAN 3 should be 10.10.10.1 and 255.255.255.0. Figure 2-5 Networking diagram for configuring intra-VLAN proxy ARP
Internet
Switch GE1/0/1 hostB 10.10.10.3/24 00-e0-fc-00-00-03 sub-VLAN2 GE1/0/0 hostA 10.10.10.2/24 00-e0-fc-00-00-02
Configuration Roadmap
The configuration roadmap is as follows: 1. 2.
Issue 01 (2011-07-15)
Create and configure a super-VLAN and a sub-VLAN. Add an interface to the sub-VLAN.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 37
2 ARP Configuration
3. 4.
Create a VLANIF interface of the super-VLAN and assign an IP address to the VLANIF interface. Enable intra-VLAN proxy ARP on the VLANIF interface of the super-VLAN.
Data Preparation
To complete the configuration, you need the following data: l l l VLAN IDs of the super-VLAN and sub-VLAN GE 1/0/1 and GE 1/0/0 belonging to sub-VLAN 2 IP address and subnet mask of VLANIF 3 of super-VLAN 3 being 10.10.10.1 and 255.255.255.0
Procedure
Step 1 Configure the super-VLAN and sub-VLAN. # Configure sub-VLAN 2.
<Quidway> system-view [Quidway] vlan 2 [Quidway-vlan2] quit
2 ARP Configuration
# Run the display current-configuration command. You can view the configurations of the super-VLAN, sub-VLAN, and VLANIF interface. For query results, see the following configuration file. # Run the display arp command to view all the ARP entries.
<Quidway> display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN -----------------------------------------------------------------------------10.10.10.1 0018-2000-0083 I Vlanif3 10.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0 2/10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1 2/-----------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1
----End
Configuration Files
The following lists the configuration file of the Switch.
# sysname Quidway # vlan batch 2 to 3 # vlan 3 aggregate-vlan access-vlan 2 # interface Vlanif3 ip address 10.10.10.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable # interface GigabitEthernet1/0/0 port link-type access port default vlan 2 port-isolate enable group 1 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 port-isolate enable group 1 # return
Issue 01 (2011-07-15)
39
2 ARP Configuration
Switch
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure a super-VLAN and a sub-VLAN. Add an interface to the sub-VLAN. Create an VLANIF interface of the super-VLAN and assign an IP address to the VLANIF interface. Enable inter-VLAN proxy ARP.
Data Preparation
To complete the configuration, you need the following data: l l l l VLAN IDs of the super-VLAN and sub-VLAN GE 1/0/1 and GE 1/0/0 belonging to sub-VLAN 2 GE 2/0/0 and GE 2/0/1 belonging to sub-VLAN 3 IP address and subnet mask of VLANIF 4 in super-VLAN 4 being 10.10.10.1 and 255.255.255.0
Procedure
Step 1 Configure the super-VLAN and sub-VLAN. # Configure sub-VLAN 2.
<Quidway> system-view [Quidway] vlan 2 [Quidway-vlan2] quit
Issue 01 (2011-07-15)
40
2 ARP Configuration
# Configure sub-VLAN 3.
<Quidway> system-view [Quidway] vlan 3 [Quidway-vlan3] quit
Step 4 Verify the configuration. # Run the display current-configuration command. You can view the configurations of the super-VLAN, sub-VLAN, and VLANIF interface. For query results, see the following configuration file. # Run the display arp command to view all the ARP entries.
<Quidway> display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN -----------------------------------------------------------------------------10.10.10.1 0018-2000-0083 I Vlanif4 10.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0 2/10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1 2/10.10.10.4 00e0-fc00-0004 19 D-0 GE2/0/0 3/10.10.10.5 00e0-fc00-0005 19 D-0 GE2/0/1 3/-----------------------------------------------------------------------------Total:5 Dynamic:4 Static:0 Interface:1
----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 41
2 ARP Configuration
Configuration Files
The following lists the configuration file of the Switch.
# sysname Quidway # vlan batch 2 to 4 # vlan 4 aggregate-vlan access-vlan 2 to 3 # interface Vlanif4 ip address 10.10.10.1 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable # interface GigabitEthernet1/0/0 port link-type access port default vlan 2 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 # interface GigabitEthernet2/0/0 port link-type access port default vlan 3 # interface GigabitEthernet2/0/1 port link-type access port default vlan 3 # return
Switch
PC A 10.1.1.1/24
VLAN100
Issue 01 (2011-07-15)
42
2 ARP Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Add two GE interfaces to VLAN 100 in default mode. Enable Layer 2 topology detection and view changes of ARP entries.
Data Preparation
To complete the configuration, you need the following data: l l Types and numbers of the interfaces to be added to a VLAN IP addresses of the VLANIF interface and the PCs
Procedure
Step 1 Create VLAN 100 and add the two GE interfaces of the Switch to VLAN 100 in default mode. # Create VLANIF 100 and assign an IP addresses to VLANIF 100.
<Quidway> system-view [Quidway] vlan 100 [Quidway-vlan100] quit [Quidway] interface vlanif 100 [Quidway-vlanif100] ip address 10.1.1.2 24 [Quidway-vlanif100] quit
Step 3 Restart GE 1/0/1 and view changes of the ARP entries and aging time. # View ARP entries on the Switch. You can find that the Switch has learnt the MAC address of the PC.
[Quidway] display arp all IP ADDRESS MAC ADDRESS INSTANCE EXPIRE(M) TYPE INTERFACE VPN-
VLAN/CEVLAN ----------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I Vlanif100 10.1.1.1 00e0-c01a-4901 20 D-0 GE1/0/1 10.1.1.3 00e0-de24-bf04 20 D-0 GE1/0/2 ----------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1
# Run the shutdown command and then the undoshutdown command on GE 1/0/1 to view the aging time of ARP entries.
[Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] shutdown [Quidway-GigabitEthernet1/0/1] undo shutdown [Quidway-GigabitEthernet1/0/1] display arp all
Issue 01 (2011-07-15)
43
2 ARP Configuration
EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN ---------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I Vlanif100 10.1.1.3 00e0-de24-bf04 0 D-0 GE1/0/2 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1
NOTE
According to the displayed information, the ARP entry learned from GE 1/0/1 is deleted after GE 1/0/1 is shut down. The aging time of ARP entries learned from GE 1/0/2 becomes 0 after GE1/0/1 is restored and becomes Up again. When the aging time is 0, the Switch sends an ARP probe packet for updating ARP entries.
[Quidway-GigabitEthernet1/0/1] display arp all IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN ---------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I Vlanif100 10.1.1.3 00e0-de24-bf04 20 D-0 GE1/0/2 ---------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1
NOTE
After the ARP entry is updated, the aging time is restored to the default value, 20 minutes.
----End
Configuration Files
Configuration file of the Switch
# sysname Quidway # L2-topolgy detect enable # vlan 100 # interface Vlanif100 ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type access port default vlan 100 # interface GigabitEthernet1/0/2 port link-type access port default vlan 100 # return
Issue 01 (2011-07-15)
44
3 DHCP Configuration
3
About This Chapter
DHCP Configuration
The DHCP technology is applicable to a variety of networks. It ensures proper IP address allocation and saves IP addresses on networks. 3.1 Introduction to DHCP Dynamic Host Configuration Protocol (DHCP) enables a client to dynamically obtain a valid IP address. 3.2 DHCP Features Supported by the S7700 The S7700 can be used as a DHCP server or a DHCP relay agent. 3.3 Configuring the DHCP Server Based on the Global Address Pool A DHCP server can allocate IP addresses to clients by using the global address pool. 3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool If a DHCP server based on a VLANIF interface address pool is configured, all the users going online through this interface obtain IP addresses from the VLANIF interface address pool. 3.5 Configuring the DHCP Relay Agent By using a DHCP relay agent, the DHCP clients on a local area network (LAN) can communicate with the DHCP servers on other network segments, and obtain IP addresses from them. The DHCP clients on different network segments can also use one DHCP server. This reduces costs and achieves centralized device management. 3.6 Maintaining DHCP After DHCP configurations are complete, you can clear DHCP statistics and monitor DHCP operation. 3.7 Configuration Examples DHCP configuration examples explain the networking requirements, networking diagram, configuration notes, configuration roadmap, and configuration procedure. The configuration examples involve various usage scenarios of DHCP.
Issue 01 (2011-07-15)
45
3 DHCP Configuration
Overview
Network scales and complexity grow fast, so the network configurations become increasingly complicated. For example, the locations of hosts such as portable computers and wireless network terminals frequently change, and the number of hosts often exceeds the number of available IP addresses. The DHCP is developed to solve the preceding problems. DHCP works in the client/server model. A DHCP client requests the DHCP server for configurations, and the DHCP server sends the configurations to the client. The DHCP protocol requires that the DHCP clients and DHCP server be in the same network segment; therefore, each network segment needs a DHCP server. This wastes resources. DHCP relay achieves address allocation between network segments.
Definition
DHCP server A DHCP server allocates IP addresses to clients. A client sends a packet to the server to request for configurations such as the IP address, subnet mask, and default gateway. After receiving the packet, the server replies with a packet carrying the corresponding configurations according to policies. Both the Request and Reply packets are encapsulated in UDP packets. DHCP relay agent A DHCP relay agent transparently transmits DHCP broadcast packets between the DHCP clients and DHCP server that are on different network segments.
Issue 01 (2011-07-15)
46
3 DHCP Configuration
The S7700 supports the DHCP snooping function. For details about DHCP snooping, see the Quidway S7700 Smart Routing Switch Configuration Guide - Security.
Application
The S7700 functions as a DHCP server and is in the same network segment as the DHCP clients. On this network, the DHCP server can use the global address pool or the interface address pool. Figure 3-1 DHCP clients and DHCP server are on the same network segment
100.10.10.3/24
100.10.10.2/24
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 47
3 DHCP Configuration
An S7700 functions as a DHCP server and another one functions as a DHCP relay agent. The DHCP server and DHCP clients are on different network segments. On this network, the DHCP server can use only the global address pool. Figure 3-2 DHCP clients and DHCP server are on different network segments
Internet
SwitchB
DHCP Client
DHCP Client
DHCP Client
3.3 Configuring the DHCP Server Based on the Global Address Pool
A DHCP server can allocate IP addresses to clients by using the global address pool.
Applicable Environment
On an enterprise network, if the computers are connected to the DHCP server through another network, the global address pool needs to be configured on the S7700 to allocate IP addresses to computers, as shown in Figure 3-3.
Issue 01 (2011-07-15)
48
3 DHCP Configuration
Figure 3-3 Networking diagram for configuring the DHCP server based on the global address pool
NetBIOS server
DHCP client
DHCP client
DHCP client
SwtichC
DNS server
DHCP client
DHCP client
DHCP client
When the S7700 functions as the DHCP server based on the global address pool, it must work with the DHCP relay agent.
Pre-configuration Tasks
Before configuring the DHCP server based on the global address pool, complete the following tasks: l l l l l Ensuring that the link between the DHCP clients and the S7700 works properly and the DHCP clients can communicate with the S7700 (Optional) Configuring the DNS server (Optional) Configuring the NetBIOS server Configuring routes from the S7700 to the DNS server and the NetBIOS server (The routes are required only when the servers are configured.) (Optional) Configuring the customized DHCP option
Data Preparation
Before configuring the DHCP server based on the global address pool, you need the following data. No. 1 Data Address pool name, IP address range, IP address lease, IP addresses not to be allocated in the IP address pool (optional), and IP address and MAC address that need to be statically bound (optional) Egress gateway of the DHCP clients (Optional) IP address of the DNS server and domain name of the DHCP clients
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 49
2 3
Issue 01 (2011-07-15)
3 DHCP Configuration
No. 4 5
Data (Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP clients (Optional) Code of the customized DHCP option and corresponding ASCII character string, hexadecimal numeral, or IP address
Context
Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view
An IP address is allocated to the VLANIF interface. If there is no DHCP relay agent between the DHCP clients and S7700, the S7700 allocates IP addresses that are in the same network segment as the interface address to the clients connected to this interface. If the VLANIF interface is not configured with an IP address or no address pool is on the same network segment as the interface address, the clients cannot go online. If there is a DHCP relay agent between the DHCP clients and S7700, the S7700 parses the gateway address in the received DHCP packets forwarded by the DHCP relay agent. If the gateway address does not match an entry in the address pool, the clients cannot go online. Step 5 Run:
dhcp select global
Issue 01 (2011-07-15)
50
3 DHCP Configuration
The DHCP function is enabled on the interface and the DHCP server allocates IP addresses to clients by using the global address pool. ----End
Context
Up to 256 address pools can be configured on the S7700, including the global address pools and interface address pools. The number of address pools of each type is not limited. To use the dynamic allocation mode, you must specify the range of addresses to be allocated; to use the static binding mode, only one address can be allocated to a client. The global address pool attributes include the IP address range, IP address lease, IP addresses not to be automatically allocated, and IP addresses to be statically bound to MAC addresses. Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view
The global address pool view is displayed. By default, no global address pool exists on the S7700. Step 3 Run:
network ip-address [ mask { mask | mask-length } ]
The range of IP addresses in the address pool is set. An address pool can contain only one address segment. The address range of the address pool is set by the mask, and must be within the network segment where the gateway is located. Step 4 Run:
lease { day day [ hour hour [ minute minute ] ] | unlimited }
The lease of IP addresses is set. By default, the IP address lease is one day. Different address pools on a DHCP server can be set with different IP address leases, but the IP addresses in one address pool must be set with the same lease. Step 5 (Optional) Run:
excluded-ip-address start-ip-address [ end-ip-address ]
Issue 01 (2011-07-15)
51
3 DHCP Configuration
The IP addresses that cannot be automatically allocated in the DHCP address pool are configured. Some IP addresses are reserved for other services, for example, the IP address of the DNS server cannot be allocated to clients. You can run the excluded-ip-address command to configure the IP addresses that are not allocated in the DHCP address pool. If you run the excluded-ipaddress command multiple times, you can set multiple IP address ranges that cannot be automatically allocated in the DHCP address pool. Step 6 (Optional) Run:
static-bind ip-address ip-address mac-address mac-address
An IP address in the address pool is bound to a MAC address. When a client requires a fixed IP address, bind an idle IP address in the address pool to the MAC address of the client. Step 7 Run:
gateway-list ip-address &<1-8>
To load balance the traffic and improve the reliability of the network, you can configure multiple egress gateways. An IP address pool can be configured with up to eight gateway addresses. The gateway address cannot be a broadcast address of a subnet. When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress gateway address is the same as the egress gateway address of the DHCP relay agent.
----End
Context
On the DHCP server, the domain-name command specifies a domain name for each global address pool. When allocating IP addresses to clients, the DHCP server also sends the domain names to the clients. During domain name resolution, users only need to enter a part of the domain name, and then the system uses a complete domain name for resolution. Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view
3 DHCP Configuration
Step 3 Run:
domain-name domain-name
The DNS domain name to be allocated to the DHCP client is configured. On the DHCP server, you can specify a DNS domain name for each address pool. If the DNS domain name is configured, the DNS server used by the DHCP client is also specified. Step 4 Run:
dns-list ip-address &<1-8>
The IP address of the DNS server is configured for the DHCP client. To load balance the traffic and improve the reliability of the network, configure multiple DNS servers. Each address pool can be configured with a maximum of eight DNS servers. ----End
Context
Perform the following steps on the DHCP server.
NOTE
When a DHCP client uses the NetBIOS protocol for communication, the host names must be mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified into the following types: l l l l b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast mode. p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by communicating with the NetBIOS server. m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast features. h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end communication mechanism.
Procedure
Step 1 Run:
system-view
3 DHCP Configuration
Step 3 Run:
nbns-list ip-address &<1-8>
The NetBIOS server address of the DHCP client is configured. Each IP address pool can be configured with up to eight NetBIOS server addresses. Step 4 Run:
netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS type is set for DHCP clients. By default, the NetBIOS node type is not specified for DHCP clients. ----End
3.3.6 (Optional) Configuring the Customized DHCP Option for the Global Address Pool
DHCP provides various options. To use these options, add them to the attribute list of the DHCP server manually.
Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP Reply packet containing the option field.
NOTE
The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address lease. The system also provides commands to configure these functions separately. These commands take precedence over the option command. If no configuration command of these functions is run, the related options configured by using the option command take effect. Related commands: l l l DNS service: domain-name and dns-list NetBIOS service: nbns-list and netbios-type Lease: lease
Procedure
Step 1 Run:
system-view
3 DHCP Configuration
After the option command is used, the specified option is carried by the DHCP Reply packet returned by the DHCP server. Before using this command, ensure that you know the functions of the option to be configured. For details on the DHCP options, see RFC 2132. ----End
Context
Perform the following steps on the DHCP server. After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP address allocation. The DHCP server pings an IP address to be allocated. If there is no response to the ping packet within a certain period, the DHCP server continues to send ping packets to this IP address until the number of ping packets reaches the maximum value. If there is still no response, this IP address is not in use, and the DHCP server allocates the IP address to a client.
Procedure
Step 1 Run:
system-view
The maximum number of ping packets is set. By default, the maximum number of ping packets to be sent by the S7700 is 0. That is, the S7700 does not ping the IP addresses to be allocated. Step 3 Run:
dhcp server ping timeout milliseconds
The period in which the S7700 waits for the response is set. By default, the period in which the S7700 waits for the response is 500 ms. ----End
Context
Perform the following steps on the DHCP server. When the S7700 functions as the DHCP server, you can enable the function of saving DHCP data so that IP address information is saved to the storage device periodically.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 55
3 DHCP Configuration
Procedure
Step 1 Run:
system-view
The S7700 automatically saves DHCP data to the CF card. After the dhcp server database enable command is executed, the system generates the lease.txt and conflict.txt files in the CF card. The two files save the address lease information and address conflict information. Step 3 Run:
dhcp server database write-delay interval
The interval for saving DHCP data is set. By default, DHCP data is not automatically saved to CF card. After the S7700 is configured to automatically save DHCP data, the S7700 saves data every 7200 seconds by default and the latest data overwrites the previous data. Step 4 Run:
dhcp server database recover
The DHCP data in the storage device is restored. After the dhcp server database recover command is executed, the S7700 restores the DHCP data in the CF card. ----End
Prerequisite
The configurations of the DHCP server based on the global address pool are complete.
Procedure
l l Run the display dhcp server statistics command to view the statistics about the DHCP server. Run the display ip pool name ip-pool-name [ low-ip-address high-ip-address | all | expired | conflict | used ] command to view information about the global address pool.
----End
Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics Server Statistics:
Issue 01 (2011-07-15)
56
3 DHCP Configuration
Client Request: Dhcp Discover: Dhcp Request: Dhcp Decline: Dhcp Release: Dhcp Inform: Server Reply: Dhcp Offer: Dhcp Ack: Dhcp Nak: Bad Messages:
6 1 4 0 1 0 4 1 3 0 0
Run the display ip pool name ip-pool-name command to view the IP address pool named huawei. The similar information is displayed.
<Quidway> display ip pool name huawei Pool-Name : huawei Pool-No : 2 Lease : 3 Days 0 Hours 0 Minutes Domain-name : DNS-Server0 : 10.10.10.5 DNS-Server1 : 10.10.10.6 NBNS-Server0 : 20.20.20.5 Netbios-type : Position : Local Status : Unlocked Gateway-0 : 10.10.10.10 Mask : 255.255.255.0 Vpn instance : --------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable -------------------------------------------------------------------------10.10.10.1 10.10.10.254 253 0 253 0 0 --------------------------------------------------------------------------
3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool
If a DHCP server based on a VLANIF interface address pool is configured, all the users going online through this interface obtain IP addresses from the VLANIF interface address pool.
Applicable Environment
If the DHCP clients and the DHCP server are on the same network segment, the interface address pool needs to be configured on the S7700 to allocate IP addresses for the clients, as shown in Figure 3-4.
Issue 01 (2011-07-15)
57
3 DHCP Configuration
Figure 3-4 Networking diagram for configuring the DHCP server based on the interface address pool
Client
Client
The interface address pool takes precedence over the global address pool. If an address pool is configured on an interface, the clients connected to the interface obtain IP addresses from the interface address pool even if a global address pool is configured. On an S7700, only VLANIF interfaces can be configured with address pools.
Pre-configuration Tasks
Before configuring the DHCP server based on the VLANIF interface address pool, complete the following tasks: l l l l Ensuring that the link between the DHCP clients and the S7700 works properly and the DHCP clients can communicate with the S7700 (Optional) Configuring the DNS server (Optional) Configuring the NetBIOS server Configuring routes from the S7700 to the DNS server and the NetBIOS server (The routes are required only when the servers are configured.)
Data Preparation
Before configuring the DHCP server based on the VLANIF interface address pool, you need the following data. No. 1 Data Number of the VLANIF interface configured with an address pool, IP address range, IP address lease, IP addresses not to be allocated in the IP address pool (optional), and IP address and MAC address that need to be statically bound (optional) (Optional) Egress gateway of the DHCP clients (Optional) IP address of the DNS server and domain name of the DHCP clients (Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP clients
2 3 4
Issue 01 (2011-07-15)
58
3 DHCP Configuration
No. 5
Data (Optional) Code of the customized DHCP option and corresponding ASCII character string, hexadecimal numeral, or IP address
Context
The interface address pool takes precedence over the global address pool.
Procedure
Step 1 Run:
system-view
The S7700 is configured to use the interface address pool. The interface address pool is actually the network segment to which the interface belongs, and such an interface address pool takes effect only on this interface. Step 6 Run:
dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }
The lease of IP addresses is set. By default, the IP address lease is one day. Step 7 (Optional) Run:
dhcp server excluded-ip-address start-ip-address [ end-ip-address ]
Issue 01 (2011-07-15)
59
3 DHCP Configuration
The IP addresses that cannot be automatically allocated in the DHCP address pool are configured. Some IP addresses are reserved for other services, for example, the IP address of the DNS server cannot be allocated to clients. You can run the dhcp server excluded-ip-address command to exclude these IP addresses. If you run the dhcp server excluded-ip-address command multiple times, you can set multiple IP address ranges that cannot be automatically allocated in the DHCP address pool. Step 8 (Optional) Run:
dhcp server static-bind ip-address ip-address mac-address mac-address
An IP address in the address pool is bound to a MAC address. When a client requires a fixed IP address, bind an idle IP address in the address pool to the MAC address of the client. ----End
3.4.3 (Optional) Configuring the DNS Service of the VLANIF Interface Address Pool
Each client has a domain name. To enable DHCP clients to communicate by using their domain names and prevent IP address conflicts, the DHCP server needs to specify domain names for these clients when allocating IP addresses to them.
Context
On the DHCP server, the dhcp server domain-name command specifies a domain name for each interface address pool. When allocating IP addresses to clients, the DHCP server also sends the domain names to the clients. During domain name resolution, users only need to enter a part of the domain name, and then the system uses a complete domain name for resolution. Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view
The DNS domain name is configured for the DHCP client. Step 4 Run:
dhcp server dns-list ip-address &<1-8>
3 DHCP Configuration
To load balance the traffic and improve the reliability of the network, configure multiple DNS servers. Each address pool can be configured with a maximum of eight DNS servers. ----End
3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF Interface Address Pool
DHCP clients running on the Microsoft Windows operating system use the Network Basic Input Output System (NetBIOS) protocol for communication. The NetBIOS server translates host names to IP addresses for the clients.
Context
Perform the following steps on the DHCP server. When a DHCP client uses the NetBIOS protocol for communication, the host names must be mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified into the following types: l l l l b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast mode. p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by communicating with the NetBIOS server. m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast features. h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end communication mechanism.
Procedure
Step 1 Run:
system-view
The NetBIOS server address is configured for the DHCP client. Each IP address pool can be configured with up to eight NetBIOS server addresses. Step 4 Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS type is set for DHCP clients. By default, the NetBIOS node type is not specified for DHCP clients. ----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 61
3 DHCP Configuration
3.4.5 (Optional) Configuring the Customized DHCP Option of the VLANIF Interface Address Pool
DHCP provides various options. To use these options, add them to the attribute list of the DHCP server manually.
Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP Reply packet containing the option field.
NOTE
The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address lease. The system also provides commands to configure these functions separately. These commands take precedence over the option command. Related commands: l l l DNS service: dhcp server domain-name and dhcp server dns-list NetBIOS service: dhcp server nbns-list and dhcp server netbios-type Lease: dhcp server lease
Procedure
Step 1 Run:
system-view
The DHCP option is configured. After the dhcp server option command is run, the specified option is carried by the DHCP Reply packet returned by the DHCP server. Before using this command, ensure that you know the functions of the option to be configured. For details on the DHCP options, see RFC 2132. ----End
Context
Perform the following steps on the DHCP server.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 62
3 DHCP Configuration
After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP address allocation. The DHCP server pings an IP address to be allocated. If there is no response to the ping packet within a certain period, the DHCP server continues to send ping packets to this IP address until the number of ping packets reaches the maximum value. If there is still no response, this IP address is not in use, and the DHCP server allocates the IP address to a client.
Procedure
Step 1 Run:
system-view
The maximum number of ping packets is set. By default, the maximum number of ping packets to be sent by the S7700 is 0. That is, the S7700 does not ping the IP addresses to be allocated. Step 3 Run:
dhcp server ping timeout milliseconds
The period in which the S7700 waits for the response is set. By default, the period in which the S7700 waits for the response is 500 ms. ----End
Context
Perform the following steps on the DHCP server. When the S7700 functions as the DHCP server, you can enable the function of saving DHCP data so that IP address information is saved to the storage device periodically.
Procedure
Step 1 Run:
system-view
The S7700 automatically saves DHCP data to the CF card. After the dhcp server database enable command is executed, the system generates the lease.txt and conflict.txt files in the CF card. The two files save the address lease information and address conflict information.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 63
3 DHCP Configuration
Step 3 Run:
dhcp server database write-delay interval
The interval for saving DHCP data is set. By default, DHCP data is not automatically saved to CF card. After the S7700 is configured to automatically save DHCP data, the S7700 saves data every 7200 seconds by default and the latest data overwrites the previous data. Step 4 Run:
dhcp server database recover
The DHCP data in the storage device is restored. After the dhcp server database recover command is executed, the S7700 restores the DHCP data in the CF card. ----End
Prerequisite
The configurations of the DHCP server based on the VLANIF interface address pool are complete.
Procedure
l l Run the display dhcp server statistics command to view the statistics about the DHCP server. Run the display ip pool interface interface-name [ start-ip-address high-ip-address | all | expired | conflict | used ] command to view information about the interface address pool.
----End
Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics Server Statistics: Client Request: Dhcp Discover: Dhcp Request: Dhcp Decline: Dhcp Release: Dhcp Inform: Server Reply: Dhcp Offer: Dhcp Ack: Dhcp Nak: Bad Messages: 6 1 4 0 1 0 4 1 3 0 0
Run the display ip pool interface ip-pool-name command to view interface address pool on VLANIF 10. The similar information is displayed.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 64
3 DHCP Configuration
<Quidway> display ip pool interface vlanif10 Pool-name : vlanif10 Pool-No : 2 Lease : 1 Days 0 Hours 0 Minutes Domain-name : DNS-server0 : NBNS-server0 : Netbios-type : Position : Interface Status : Unlocked Gateway-0 : 192.168.10.2 Mask : 255.255.255.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------192.168.10.1 192.168.10.254 253 0 253 0 0 0 -----------------------------------------------------------------------------
Applicable Environment
If no DHCP server is configured on the local network, the DHCP relay function can be enabled on an S7700 to forward DHCP Request packets to the DHCP servers on other networks. To ensure that the DHCP clients obtain IP addresses, the DHCP server must use a global address pool, and no address pool can be configured on the interface connected to the DHCP relay agent.
Issue 01 (2011-07-15)
65
3 DHCP Configuration
Internet
SwitchB
DHCP Client
DHCP Client
DHCP Client
Pre-configuration Tasks
Before configuring the DHCP relay agent, complete the following tasks: l l Configuring the DHCP server Configuring a route from the S7700 to the DHCP server
Data Preparation
To configure the DHCP relay agent, you need the following data. No. 1 2 3 Data Name of the DHCP server group IP addresses of the DHCP servers in a DHCP server group Number and IP address of the interface enabled with the DHCP relay function
Issue 01 (2011-07-15)
66
3 DHCP Configuration
Context
NOTE
A DHCP packet is forwarded between a DHCP client and a DHCP server at most 16 times, and then the DHCP packet is discarded. If DHCP relay is enabled in a super-VLAN, DHCP snooping cannot be enabled in this super-VLAN.
Procedure
Step 1 Run:
system-view
When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress gateway address is the same as the egress gateway address of the DHCP relay agent.
Step 5 Run:
dhcp select relay
The DHCP relay function is enabled for the VLANIF interface. ----End
Follow-up Procedure
When functioning as a DHCP relay agent, the S7700 forwards the DHCP Request packets from DHCP clients to the DHCP server. After the DHCP relay function is enabled on the VLANIF interface, set the DHCP server address on the VLANIF interface in either of the following ways: l Configure a destination DHCP server group and bind the group to the interface. For details, see 3.5.3 Configuring a Destination DHCP Server Group and 3.5.4 Binding an Interface to a DHCP Server Group. Run the dhcp relay server-ip ip-address command in the VLANIF interface view to configure the destination DHCP server address.
3 DHCP Configuration
Context
Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view
A DHCP server group is created and the DHCP server group view is displayed. A maximum of 64 DHCP server groups can be configured globally. Step 3 Run:
dhcp-server ip-address [ ip-address-index ]
A DHCP server is added to the DHCP server group. Up to 20 DHCP servers can be added to a DHCP server group. If you do not specify the server index, the system allocates an idle index to the server. Step 4 (Optional) Run:
vpn-instance vpn-instance-name
Context
Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view
3 DHCP Configuration
You can also run dhcp relay server-ip command to specify a server for the VLANIF interface. Step 4 (Optional) Run:
ip binding vpn-instance vpn-instance-name
A VPN instance is bound to the VLANIF interface. If a user connected to the S7700 interface is in a private network, bind the interface to a VPN instance. The bound VPN instance must be the same as the VPN instance bound to the DHCP server group. For details on binding a VPN instance to a DHCP server group, see 3.5.3 Configuring a Destination DHCP Server Group. ----End
3.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCP Release Packet
If a user is forcibly disconnected, the IP address of the user needs to be released manually on the DHCP server.
Context
When the IP address of a user expires, the DHCP server renews the IP address for the user if it does not receive the DHCP Release packet. You can configure the DHCP relay agent to actively send DHCP Release packets to the DHCP server. The DHCP server then releases the expired IP addresses. Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view
The DHCP relay agent is configured to send DHCP Release packets to the DHCP server. l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ] command in the system view: If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets to the servers in all DHCP server groups bound to the DHCP relay interfaces. If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to the specified DHCP server. l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ] command in the VLANIF interface view:
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 69
3 DHCP Configuration
If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets to all the servers in the DHCP server group bound to this VLANIF interface. If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to the specified DHCP server. ----End
Prerequisite
The DHCP relay configurations are complete.
Procedure
l Run the display dhcp relay { all | interface interface-type interface-number } command to view the DHCP server group on a VLANIF interface and the servers in the DHCP server group. Run the display dhcp relay statistics command to view packet statistics on the DHCP relay agent. Run the display dhcp server group group-name command to view the DHCP server group configuration.
l l
----End
Example
Run the display dhcp relay interface interface-type interface-number command to view the DHCP server group on VLANIF 100 and the servers in the DHCP server group. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp relay interface vlanif 100 DHCP relay agent running information of interface Vlanif100 : Server IP address [01] : 10.2.2.3 Gateway address in use : 10.2.2.2
Run the display dhcp relay statistics command. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp relay statistics The statistics of DHCP RELAY: DHCP packets received from clients DHCP DISCOVER packets received DHCP REQUEST packets received DHCP RELEASE packets received DHCP INFORM packets received DHCP DECLINE packets received DHCP packets sent to clients Unicast packets sent to clients Broadcast packets sent to clients DHCP packets received from servers DHCP OFFER packets received DHCP ACK packets received DHCP NAK packets received DHCP packets sent to servers DHCP Bad packets received
: : : : : : : : : : : : : : :
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Issue 01 (2011-07-15)
70
3 DHCP Configuration
Run the display dhcp server group group-name command to view the configuration of DHCP server group group1. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp server group group1 Group-name : group1 (0) Server-IP : 100.10.10.1 (1) Server-IP : 100.10.10.2 Gateway : -VPN instance : --
Context
CAUTION
DHCP statistics cannot be restored after they are cleared. Exercise caution when running the reset commands.
Procedure
l l To clear DHCP server statistics, run the reset dhcp server statistics command in the user view. To clear DHCP relay agent statistics, run the reset dhcp relay statistics command in the user view.
----End
Procedure
l Run the display dhcp relay { all | interface interface-type interface-number } command to view the DHCP server group on a VLANIF interface and the servers in the DHCP server group. Run the display dhcp relay statistics command to view packet statistics on the DHCP relay agent.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 71
Issue 01 (2011-07-15)
3 DHCP Configuration
Run the display dhcp server group [ group-name ] command to view the servers in the DHCP server group.
----End
3.7.1 Example for Configuring a DHCP Server Based on the Global Address Pool
This section describes how to configure a global address pool to allocate IP addresses for clients when the clients and DHCP server are in the same network segment.
Networking Requirements
An enterprise has two offices that are in the same network segment. To reduce network construction cost, the enterprise uses one DHCP server to allocate IP addresses for the computers in the two offices. As shown in Figure 3-6, SwitchA functions as the DHCP server, and SwitchB and SwitchC are user access switches. A global address pool or an interface address pool can be configured on SwitchA. This section describes how to configure a global address pool. Address pool 10.1.1.0/24 consists of two network segments: 10.1.1.0/25 and 10.1.1.128/25. The IP addresses of the VLANIF interfaces on the DHCP server are 10.1.1.1/25 and 10.1.1.129/25. There are a few computers in network segment 10.1.1.0/25 and the computer locations are fixed. The lease of an IP address in 10.1.1.0/25 is 10 days, the DNS address is 10.1.1.2, no NetBIOS address is set, and the IP address of the egress gateway is 10.1.1.126. There are many computers in network segment 10.1.1.128/25 and the computers are often moved from one place to another. The lease of an IP address in 10.1.1.128/25 is 2 days, the DNS address is 10.1.1.2, the NetBIOS address is 10.1.1.4, and the IP address of the egress gateway is 10.1.1.254.
Issue 01 (2011-07-15)
72
3 DHCP Configuration
Figure 3-6 Networking diagram for configuring the DHCP server based on the global address pool
NetBIOS server
DHCP client
SwtichC
DNS server
DHCP client
DHCP client
DHCP client
Network: 10.1.1.0/25
Network: 10.1.1.128/25
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Enable the DHCP server function on SwitchA. Create a global address pool on SwitchA and set the attributes of the address pool, including the range of the address pool, egress gateway, NetBIOS address, and address lease. Configure VLANIF interfaces to use the global address pool to allocate IP addresses.
Data Preparation
To complete the configuration, you need the following data: Number and range of the global address pool on SwitchA
NOTE
Procedure
Step 1 Enable DHCP.
<Quidway> system-view [Quidway] dhcp enable
Step 2 Create address pools and set the attributes of the address pools. # Set the attributes of IP address pool 1, including the address pool range, DNS address, egress gateway address, and address lease.
[Quidway] ip pool 1 [Quidway-ip-pool-1] network 10.1.1.0 mask 255.255.255.128 [Quidway-ip-pool-1] dns-list 10.1.1.2
Issue 01 (2011-07-15)
73
3 DHCP Configuration
# Set the attributes of IP address pool 2, including the address pool range, DNS address, egress gateway address, NetBIOS address, and address lease.
[Quidway] ip pool 2 [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] [Quidway-ip-pool-2] network 10.1.1.128 mask 255.255.255.128 dns-list 10.1.1.2 nbns-list 10.1.1.4 gateway-list 10.1.1.254 lease day 2 quit
Step 3 Set the address allocation mode on the VLANIF interfaces. # Add GE 1/0/1 to VLAN 10 and GE 1/0/2 to VLAN 20.
[Quidway] vlan batch 10 20 [Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/1] port [Quidway-GigabitEthernet1/0/1] port [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface gigabitethernet [Quidway-GigabitEthernet1/0/2] port [Quidway-GigabitEthernet1/0/2] port [Quidway-GigabitEthernet1/0/2] quit 1/0/1 hybrid pvid vlan 10 hybrid untagged vlan 10 1/0/2 hybrid pvid vlan 20 hybrid untagged vlan 20
# Configure the clients on VLANIF 10 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] ip address 10.1.1.1 255.255.255.128 [Quidway-Vlanif10] dhcp select global [Quidway-Vlanif10] quit
# Configure the clients on VLANIF 20 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 20 [Quidway-Vlanif20] ip address 10.1.1.129 255.255.255.128 [Quidway-Vlanif20] dhcp select global [Quidway-Vlanif20] quit
Step 4 Verify the configuration. Run the display ip pool command on the S7700, and you can view the configuration of the IP address pool.
[Quidway] display ip pool ----------------------------------------------------------------------Pool-name : 2 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : 10.1.1.254 Mask : 255.255.255.128 VPN instance : -----------------------------------------------------------------------Pool-name : 1 Pool-No : 2 Position : Local Status : Unlocked Gateway-0 : 10.1.1.126 Mask : 255.255.255.128 VPN instance : -IP address Statistic
Issue 01 (2011-07-15)
74
3 DHCP Configuration
Idle Conflict
:248 :0
Disable
:2
----End
Configuration Files
Configuration file of the SwitchA
# sysname Quidway # vlan batch 10 20 # dhcp enable # ip pool 1 ip pool 2 # ip pool 1 gateway-list 10.1.1.126 network 10.1.1.0 mask 255.255.255.128 excluded-ip-address 10.1.1.2 excluded-ip-address 10.1.1.4 dns-list 10.1.1.2 lease day 10 hour 0 minute 0 # ip pool 2 gateway-list 10.1.1.254 network 10.1.1.128 mask 255.255.255.128 dns-list 10.1.1.2 nbns-list 10.1.1.4 lease day 5 hour 0 minute 0 # interface Vlanif10 ip address 10.1.1.1 255.255.255.128 dhcp select global # interface Vlanif20 ip address 10.1.1.129 255.255.255.128 dhcp select global # interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 # return
3.7.2 Example for Configuring the DHCP Server Based on the Interface Address Pool
A DHCP server can allocate IP addresses for the clients in the same network segment by using an interface address pool.
Networking Requirements
A campus has two equipment rooms, which are in different network segments. A switch needs to be configured as a DHCP server to allocate IP addresses for the computers in the two equipment rooms.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 75
3 DHCP Configuration
The DHCP server is connected to the access switches of the two equipment rooms, and allocates IP addresses for the computers by using two interface address pools. As shown in Figure 3-7, SwitchA functions as the DHCP server, and SwitchB and SwitchC are the access switches. The two VLANIF interface address pools need to be configured on GE 1/0/1 and GE 1/0/2 of SwitchA. Figure 3-7 Networking diagram for configuring a DHCP server based on a VLANIF interface address pool
DHCP Client
SwitchB
SwitchC
DHCP Client
DHCP Client
DHCP Client
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure SwitchA as a DHCP server. Create VLANIF interfaces and allocate IP addresses to VLANIF interfaces to determine the range of address pools. Enable the VLANIF interface address pools. Set the address pool attributes, including the DNS server address, NetBIOS server address, and IP address lease.
Data Preparation
To complete the configuration, you need the following data: l l l
Issue 01 (2011-07-15)
IP addresses of the interfaces DNS server address and NetBIOS server address Address lease in the address pool
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 76
3 DHCP Configuration
Procedure
Step 1 Enable DHCP.
<Quidway> system-view [Quidway] dhcp enable
Step 4 Enable the VLANIF interface address pool. # Configure the clients on VLANIF 10 to obtain IP addresses from the interface address pool.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] dhcp select interface [Quidway-Vlanif10] quit
# Configure the clients on VLANIF 11 to obtain IP addresses from the interface address pool.
[Quidway] interface vlanif 11 [Quidway-Vlanif11] dhcp select interface [Quidway-Vlanif11] quit
Step 5 Configure the DNS service and NetBIOS services of the address pool. # Configure the DNS service and NetBIOS service of VLANIF 10 address pool.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server [Quidway-Vlanif10] dhcp server domain-name huawei.com dns-list 10.1.1.2 nbns-list 10.1.1.3 excluded-ip-address 10.1.1.2 excluded-ip-address 10.1.1.3 netbios-type b-node
Step 6 Set IP address leases of IP address pools. # Set the IP address lease of VLANIF 10 address pool to 30 days.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 77
3 DHCP Configuration
Step 7 Verify the configuration. Run the display ip pool interface command on SwitchA to view the configuration of the interface address pool.
[Quidway] display ip pool interface vlanif10 Pool-Name : vlanif10 Pool-No : 0 Lease : 30 Days 0 Hours 0 Minutes Domain-name : huawei.com DNS-Server0 : 10.1.1.2 NBNS-Server0 : 10.1.1.3 Netbios-type : b-node Position : Interface Status : Unlocked Gateway-0 : 10.1.1.1 Mask : 255.255.255.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------10.1.1.1 10.1.1.254 253 0 251 0 0 2 ----------------------------------------------------------------------------[Quidway] display ip pool interface vlanif11 Pool-Name : vlanif11 Pool-No : 1 Lease : 20 Days 0 Hours 0 Minutes Domain-name : DNS-Server0 : NBNS-Server0 : Netbios-type : Position : Interface Status : Unlocked Gateway-0 : 10.1.2.1 Mask : 255.255.255.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------10.1.2.1 10.1.2.254 253 0 253 0 0 0 -----------------------------------------------------------------------------
----End
Configuration Files
Configuration file of SwitchA
# sysname Quidway # vlan batch 10 to 11 # dhcp enable # interface Vlanif10 ip address 10.1.1.1 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 10.1.1.2 10.1.1.3 dhcp server dns-list 10.1.1.2 dhcp server netbios-type b-node
Issue 01 (2011-07-15)
78
3 DHCP Configuration
Networking Requirements
An enterprise has multiple offices, which are distributed in different office buildings. The offices in a building belong to the same local area network (LAN), and the buildings belong to different LANs. The enterprise uses a DHCP server to allocate IP addresses to all clients. As shown in Figure 3-8, the DHCP clients are in the network segment 20.20.20.0/24 and the DHCP server is in the network segment 100.10.10.0/24. A Switch enabled with DHCP relay is required between the clients and server. By using the DHCP relay agent, the DHCP clients can obtain IP addresses from the DHCP server. The DHCP server and the clients are in different network segments, and an interface-based address pool cannot allocate IP addresses to the clients in different network segments. A global address pool in the network segment 20.20.20.0/24 is required, and the DHCP server must have a reachable route to the network segment 20.20.20.0/24.
Issue 01 (2011-07-15)
79
3 DHCP Configuration
SwitchB GE1/0/0 Internet DHCP Server VLANIF20 100.10.10.1/24 DHCP Relay GE1/0/1 SwitchA VLANIF100 20.20.20.1/24
DHCP Client
DHCP Client
Configuration Roadmap
Configure SwitchA as a DHCP relay agent. The configuration roadmap is as follows: 1. 2. 3. Configure a DHCP server group on SwitchA and add SwitchB to the DHCP server group. Enable DHCP relay on VLANIF 100. Bind the DHCP server group to VLANIF 100 and specify the DHCP server for the DHCP relay agent.
Configure SwitchB as the DHCP server. The configuration roadmap is as follows: 1. 2. 3. Configure a reachable route from the DHCP server to GE 1/0/1 of the DHCP relay agent. Enable the DHCP function on the server. Configure the clients connected to GE 1/0/0 of the server to obtain IP addresses from the global address pool. Create a global address pool on the DHCP server to allocate IP addresses to clients.
Data Preparation
To complete the configuration, you need the following data: l l l Name of the DHCP server group IP address of the DHCP server in the DHCP server group Number and IP address of the interface enabled with DHCP relay
Issue 01 (2011-07-15)
80
3 DHCP Configuration
Procedure
Step 1 Create a DHCP server group and add DHCP servers to the DHCP server group. # Create a DHCP server group.
<Quidway> system-view [Quidway] dhcp server group dhcpgroup1
Step 2 Enable DHCP relay on the VLANIF interface. # Create a VLAN and add GE 1/0/1 to the VLAN.
[Quidway] vlan 100 [Quidway-Vlan100] quit [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port link-type trunk [Quidway-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [Quidway-GigabitEthernet1/0/1] quit
# Enable DHCP globally, and then enable DHCP Relay on the VLANIF 100 interface.
[Quidway] dhcp enable [Quidway] interface vlanif 100 [Quidway-Vlanif100] dhcp select relay [Quidway-Vlanif100] quit
Step 3 Bind a VLANIF interface to a specified DHCP server group. # Assign an IP address to the VLANIF interface.
[Quidway] interface vlanif 100 [Quidway-Vlanif100] ip address 20.20.20.1 24
Step 4 Configure the DHCP server. # Create a VLAN and add GE 1/0/0 to the VLAN.
[Quidway] vlan 20 [Quidway-Vlan20] quit [Quidway] interface gigabitethernet 1/0/0 [Quidway-GigabitEthernet1/0/0] port link-type trunk [Quidway-GigabitEthernet1/0/0] port trunk allow-pass vlan 20 [Quidway-GigabitEthernet1/0/0] quit
# Enable the DHCP function and configure the clients connected to VLANIF 20 to obtain IP addresses from the global address pool.
<Quidway> system-view [Quidway] dhcp enable [Quidway] interface vlanif 20 [Quidway-Vlanif20] ip address 100.10.10.1 24 [Quidway-Vlanif20] dhcp select global [Quidway-Vlanif20] quit
Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static route from the DHCP server to the Switch. Ensure that the route between the DHCP server and network segment 20.20.20.0/24 is reachable.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 81
3 DHCP Configuration
# Configure a static route from the address pool to the DHCP relay agent to ensure that the DHCP server has a reachable route to the network segment 20.20.20.0/24.(The configuration procedure is not provided here.) Step 5 Verify the configuration. # Run the display dhcp relay command on SwitchA to view the DHCP relay configuration on the interface.
[Quidway] display dhcp relay interface vlanif100 DHCP relay agent running information of interface Vlanif100 : Server group name : dhcpgroup1 Gateway address in use : 100.10.10.1
# Run the display ip pool command on SwitchB to view the address pool configuration.
[Quidway] display ip pool ----------------------------------------------------------------------Pool-Name : 1 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : Mask : 255.255.255.0 Vpn instance : -IP address Statistic Total :250 Used :0 Idle :248 Expired :0 Conflict :0 Disable :2
----End
Configuration Files
Configuration file of SwitchA
# sysname Quidway # vlan 100 # dhcp enable # dhcp server group dhcpgroup1 dhcp-server 100.10.10.1 # interface Vlanif100 ip address 20.20.20.1 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 100 # return
Issue 01 (2011-07-15)
82
3 DHCP Configuration
Networking Requirements
An enterprise establishes a VPN for employees to communicate with each other. The DHCP server is not in the VPN. Users in the VPN need to obtain IP addresses from the DHCP server. As shown in Figure 3-9, the DHCP clients are located in VPNA, which is in network segment 20.20.20.0/24; the DHCP server is located in network segment 10.10.10.0/24. The DHCP packets need to be relayed by the Switch enabled with the DHCP relay function. The DHCP clients on the VPN then can apply for IP addresses from the DHCP server. An address pool containing network segment 20.20.20.0/24 is configured on the DHCP server. The DHCP server has a reachable route to 20.20.20.0/24. Figure 3-9 Networking diagram for configuring the DHCP relay for a VPN
Loopback1 2.2.2.2/32 Internet PE GE1/0/0 VLANIF101 10.10.10.2/24 Loopback1 1.1.1.1/32 Swtich DHCP Relay GE1/0/0 VLANIF100 20.20.20.1/24 vpna DHCP Server 10.10.10.1/24
DHCP Client
Issue 01 (2011-07-15)
83
3 DHCP Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Create a DHCP server group and add a DHCP server to the group. Enable DHCP relay on VLANIF 100 so that the Switch functions as the DHCP relay agent. Create a VPN instance and bind the DHCP server group and VLANIF interface to the VPN instance. Bind the specified DHCP server group to VLANIF 100 so that the packets passing VLANIF 100 are forwarded to the specified server.
Data Preparation
To complete the configuration, you need the following data: l l l l Name of the DHCP server group IP addresses of the DHCP servers Number and IP address of the interface enabled with the DHCP relay function Name of the VPN instance that the client belongs to
Procedure
Step 1 Create a DHCP server group and add DHCP server to the group. # Create a DHCP server group.
<Quidway> system-view [Quidway] sysname Switch [Switch] dhcp server group dhcpgroup1
Step 2 Enable the DHCP relay function on the VLANIF interface. # Create a VLAN and add GE 1/0/0 to the VLAN.
[Switch] vlan 100 [Switch-Vlan100] quit [Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] port link-type trunk [Switch-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 [Switch-GigabitEthernet1/0/0] quit
# Enable global DHCP and enable the DHCP relay function on the VLANIF interface.
[Switch] dhcp enable [Switch] interface vlanif 100 [Switch-Vlanif100] dhcp select relay [Switch-Vlanif100] quit
Step 3 Create a VPN instance and bind the DHCP server group and VLANIF interface to the VPN instance.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 84
3 DHCP Configuration
The following lists how to create a VPN instance and bind the VPN instance on the Switch in Figure 3-9. The configuration procedure is not mentioned here. For details, see the Quidway S7700 Smart Routing Switch Configuration Guide - VPN.
Step 4 Bind the VLANIF interface to the specified DHCP server group. # Set the IP address of the VLANIF interface.
[Switch] interface vlanif 100 [Switch-Vlanif100] ip address 20.20.20.1 24
Step 5 Configure the DHCP server and PE. # Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static route from the DHCP server to the Switch. Ensure that the route between the DHCP server and network segment 20.20.20.0/24 is reachable.
<Quidway> system-view [Quidway] sysname SERVER [SERVER] ip pool 1 [SERVER-ip-pool-1] network 20.20.20.0 mask 255.255.255.0 [SERVER-ip-pool-1] gateway-list 20.20.20.1 [SERVER-ip-pool-1] quit [SERVER] ip route-static 20.20.20.0 255.255.255.0 10.10.10.2
# Configure the PE connected to the DHCP server and the Switch in Figure 3-9 to be in the same VPN instance and ensure that the VPN target of the DHCP server corresponds to the VPN target of the Switch.
<Quidway> system-view [Quidway] sysname PE [PE] vlan 101 [PE-Vlan101] quit [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] port link-type trunk [PE-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 [PE-GigabitEthernet1/0/0] quit [PE] ip vpn-instance vpna [PE-vpn-instance-vpna] route-distinguisher 1:1 [PE-vpn-instance-vpna] vpn-target 2:2 both [PE-vpn-instance-vpna] quit [PE] interface vlanif 101 [PE-Vlanif101] ip binding vpn-instance vpna
Issue 01 (2011-07-15)
85
3 DHCP Configuration
After configuring the routing and MPLS capability between the PE and Switch, configure MP-IBGP to exchange VPN routing information.
After the configuration, run the display bgp peer command on the PE, and you can see that the BGP peer relationship between the PEs is in Established state.
[PE] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 1 Peer PrefRcv 1.1.1.1 0 V 4 AS 100 MsgRcvd 12 MsgSent 6
0 00:02:21
Step 7 Verify the configuration. Run the display dhcp relay command on the Switch to view the DHCP relay configuration on the interface.
[Switch] display dhcp relay interface vlanif100 DHCP relay agent running information of interface Vlanif100 : DHCP server group name : dhcpgroup1 DHCP server IP [0] :10.10.10.1 DHCP server IP [1] :255.255.255.255 DHCP server IP [2] :255.255.255.255 DHCP server IP [3] :255.255.255.255 DHCP server IP [4] :255.255.255.255 DHCP server IP [5] :255.255.255.255 DHCP server IP [6] :255.255.255.255 DHCP server IP [7] :255.255.255.255 DHCP server IP [8] :255.255.255.255 DHCP server IP [9] :255.255.255.255 DHCP server IP [10] :255.255.255.255 DHCP server IP [11] :255.255.255.255 DHCP server IP [12] :255.255.255.255 DHCP server IP [13] :255.255.255.255 DHCP server IP [14] :255.255.255.255 DHCP server IP [15] :255.255.255.255 DHCP server IP [16] :255.255.255.255
Issue 01 (2011-07-15)
86
3 DHCP Configuration
----End
Configuration Files
Configuration file of the Switch
# sysname Switch # vlan 100 # dhcp enable # ip vpn-instance vpna route-distinguisher 1:1 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # dhcp server group dhcpgroup1 dhcp-server 10.10.10.1 0 vpn-instance vpna # interface Vlanif100 ip binding vpn-instance vpna ip address 20.20.20.1 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 100 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface loopback 1 ipv4-family vpnv4 peer 2.2.2.2 enable # return
Issue 01 (2011-07-15)
87
3 DHCP Configuration
Issue 01 (2011-07-15)
88
4 IP Session Configuration
4
About This Chapter
IP Session Configuration
This chapter describes the basic principle and configuration of the IP session function and provides configuration examples. 4.1 Introduction to the IP Session This section describes the concepts related to the IP session. 4.2 IP Session Supported by the S7700 The S7700 supports the access of IP sessions to Layer 3 sub-interfaces, but does not support the access to main interfaces. 4.3 Configuring IP Session This section describes how to create an IP session and set related parameters. 4.4 Example for Configuring IP Session This section provides an example for configuring the IP Session function.
Issue 01 (2011-07-15)
89
4 IP Session Configuration
DHCP server
SwitchB
DHCP clients
As shown in Figure 4-1, SwitchB is the access device of DHCP users, the IP session service is run on the aggregation switch SwitchA. SwitchA allocates IP addresses to users through the DHCP server, and the AAA server authenticates and authorizes users. Thus the users can be online once they power on the computer. The DHCP server can be a remote server or a local server. If a local server is used, it indicates that the S7700 functions as the DHCP server.
NOTE
For the configurations of AAA and user management function on the S7700, see the Quidway S7700 Smart Routing Switch Configuration Guide - Security.
At present, the IP session function is only supported on the G48VA, S24XA, T24XA, G24CFAT. A board supporting Layer 3 interfaces can be configured with a maximum of 4096 sessions. Trunk sub-interfaces support IP sessions. The member interfaces of a trunk interface cannot be located on different boards or subcards.
Issue 01 (2011-07-15)
90
4 IP Session Configuration
The S7700 can terminate DHCP packets on sub-interfaces. You can configure a remote DHCP server or a local DHCP server to allocate IP addresses. You need to configure the IP session access function on the Layer 3 sub-interface. This indicates that the sub-interface can terminate DHCP packets. In addition, you need to configure the access domain and authentication mode for the users on this sub-interface. After the IP session function is enabled on the interface, the default values of other parameters are generated automatically. You can change the parameter values through commands. l l l l l l The IP sessions can access sub-interfaces. The DHCP packets can be sent to the CPU. The DHCP packets can be processed, for example, parsed and encapsulated. The users can be authenticated. The users can be charged based on the online duration. The ARP probe can be performed for online users. If a user goes offline abnormally (that is, the user does not request the server to release the address), the S7700 can detect this user by performing ARP probe on online users. Then the S7700 deletes the data of the offline user to ensure the effective resource usage. l Users can join multicast groups. After a DHCP user, maybe IPTV terminal, joins a multicast group, the user can receive the video data normally.
Applicable Environment
When a user connects to the S7700, the S7700 authenticates the user, performs lease management, and forwards data.
NOTE
To make access users go online successfully, you must configure a static route between the egress gateway and the DHCP server on the S7700. The address of the egress gateway is set according to the actual situation and the configuration of the static route is described in IP Static Route Configuration.
Pre-configuration Tasks
Before configuring IP session, complete the following tasks: l l Setting physical parameters of a sub-interface Creating a VPN instance
Data Preparation
To configure IP session, you need the following data.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 91
4 IP Session Configuration
No. 1 2 3
Data User name and password Name of the user authentication domain VLAN ID on the interface, which cannot be an existing one
Procedure
Step 1 Run:
system-view
The sub-interface view is displayed. Currently, the IP session function can be enabled only in other sub-interfaces view except for the XGE sub-interface. Step 4 Run:
ip-session enable
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
92
4 IP Session Configuration
A user authentication domain is bound to the sub-interface. When a user goes online, the S7700 selects the bound domain to authenticate and authorize the user. By default, the user authentication domain bound to a sub-interface is the global default domain. You can change the domain by running the domain command in the system view. ----End
4.3.4 (Optional) Setting the Format of DHCP User Name and the Password
The format of the DHCP user name needs to be set in server authentication.
Procedure
Step 1 Run:
system-view
The format of the DHCP user name and the sequence of elements in the user name are specified. By default, the DHCP user name is in the following format: system name + "-" + slot ID (two digits, prefixed 0 if it contains only one digit) + subcard ID (one digit, set to 0 if the subcard does not exist) + port number (two digits, prefixed 0 if it contains only one digit) + outer VLAN ID (four digits, prefixed 0 if it contains less than four digits) + inner VLAN ID (five digits, prefixed 0 if it contains less than five digits) + @ + access domain name, for example, Quidway-02024000000768@domain1.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 93
4 IP Session Configuration
If the user name is generated according to the Option 82 field and the user name contains nonASCII characters, the non-ASCII characters are displayed as "..." for example, ...session1@domain1. Step 3 Run:
dhcp user-password { cipher cipher-password | simple simple-password }
The password of DHCP user is set. By default, the DHCP password is vlan in plain text mode. ----End
Procedure
Step 1 Run:
system-view
The function of appending the Option 82 field to DHCP messages is enabled. Or, run:
dhcp option82 rebuild enable
The function of forcibly appending the Option 82 field to DHCP messages is enabled. By default, the S7700 does not process the Option 82 field of DHCP messages. After the dhcp option82 insert enable or dhcp option82 rebuild enable command is used, the S7700 replaces the Option 82 field of DHCP messages of the online IP session user. The Option 82 field is generated according to the configuration and is used for sending DHCP messages to the remote DHCP server. Step 4 Run:
dhcp service-policy option60
The service policy associated with the service scheme for users going online is configured. By default, users connected to a sub-interface go online through the service scheme in the domain bound to the sub-interface. After the dhcp service-policy option60 command is used, the S7700 selects the related service policy according to the Option 60 field in DHCP messages. ----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 94
4 IP Session Configuration
Context
By using the DHCP protocol, a server leases IP addresses to clients. The clients then need to apply for new IP addresses when the leases expire. In actual applications, the situation that a client that already has a leased IP address is abnormally disconnected but no release packet is sent to the DHCP server is often encountered. In this case, the S7700 needs to regularly send ARP detection packets to check whether users remain online. Upon the timeout of the ARP detection, users are disconnected. In addition, DHCP Release packets are constructed and sent to the DHCP server to enable the DHCP server to release the IP address.
Procedure
Step 1 Run:
system-view
The interval and number of detection times are set. By default, the detection interval is 30 seconds and the number of detection timeout times is 5. ----End
Procedure
Step 1 Run:
system-view
4 IP Session Configuration
dhcp nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }
The NAS interface type is set. By default, the NAS interface type is ethernet. ----End
Procedure
Step 1 Run:
system-view
Prerequisite
All configurations of IP session are complete.
Procedure
l Run the display session-interface [ interface-type interface-number ] command to check information about the sub-interface enabled with IP session.
----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 96
4 IP Session Configuration
Networking Requirements
As shown in Figure 4-2, STB-A is connected to GE 1/0/1.100 of the Switch; STB-B is connected to GE 1/0/2.100 of the Switch. You need to configure IP session on the Switch so that STB-A and STB-B users can be online once they power on STB-A and STB-B. Figure 4-2 Networking diagram of IPTV
Multicast server
STB-A
STB-B
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4.
Issue 01 (2011-07-15)
Enable global DHCP. Enable the IP session function. Bind the user authentication domain to a sub-interface. Set IP session-related parameters for the sub-interface.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 97
4 IP Session Configuration
5. 6. 7.
Configure a DHCP server group. Configure an egress gateway. Configure a static route.
Data Preparation
To complete the configuration, you need the following data: l l l l l l l Physical parameters on the sub-interface VLAN ID of the interface Type of the NAS interface ARP detection parameter Name of the DHCP server group: dhcp-group Gateway address: 20.20.20.20 IP address of the DHCP server: 10.10.10.10
Context
NOTE
Only IP session-related configurations are involved in this example. The AAA configurations, RADIUS configurations, multicast-related configurations, and router-related configurations are not described in this example.
Procedure
Step 1 Enable DHCP globally.
<Quidway> system-view [Quidway] dhcp enable
Step 2 Enable the IP session function on sub-interfaces. # Enable the IP session function on GE1/0/1.100.
[Quidway] interface gigabitethernet 1/0/1.100 [Quidway-GigabitEthernet1/0/1.100] ip-session enable [Quidway-GigabitEthernet1/0/1.100] quit
Step 3 Bind user authentication domains to sub-interfaces. # Bind the user authentication domain stb-a to GE 1/0/1.100.
[Quidway] aaa [Quidway-aaa] domain stb-a [Quidway-aaa-domain-stb-a] quit [Quidway-aaa] quit [Quidway] interface gigabitethernet 1/0/1.100 [Quidway-GigabitEthernet1/0/1.100] authentication-domain stb-a [Quidway-GigabitEthernet1/0/1.100] quit
Issue 01 (2011-07-15)
98
4 IP Session Configuration
[Quidway-aaa-domain-stb-b] quit [Quidway-aaa] quit [Quidway] interface gigabitethernet 1/0/2.100 [Quidway-GigabitEthernet1/0/2.100] authentication-domain stb-b [Quidway-GigabitEthernet1/0/2.100] quit
Step 4 Set sub-interface-related parameters on the S7700. # Set the detection interval to 60s and number of detection times to 8 for GE 1/0/1.100.
[Quidway] interface gigabitethernet 1/0/1.100 [Quidway-GigabitEthernet1/0/1.100] control-vid 100 dot1q-termination [Quidway-GigabitEthernet1/0/1.100] dot1q termination vid 100 [Quidway-GigabitEthernet1/0/1.100] dhcp user-detect retransmit 8 interval 60 [Quidway-GigabitEthernet1/0/1.100] quit
# Set the detection interval to 60s and number of detection times to 8 for GE 1/0/2.100.
[Quidway] interface gigabitethernet 1/0/2.100 [Quidway-GigabitEthernet1/0/2.100] control-vid 100 dot1q-termination [Quidway-GigabitEthernet1/0/2.100] dot1q termination vid 100 [Quidway-GigabitEthernet1/0/2.100] dhcp user-detect retransmit 8 interval 60 [Quidway-GigabitEthernet1/0/2.100] quit
Step 5 Set the format of the DHCP user name to mac-address and the password in simple mode to stb.
[Quidway] dhcp user-name format-include mac-address [Quidway] dhcp user-password simple stb
Issue 01 (2011-07-15)
99
4 IP Session Configuration
----End
Configuration Files
Configuration file of the Switch
# sysname Quidway # dhcp enable # dhcp server group dhcp-group # dhcp user-name format-include mac-address dhcp user-password simple stb # dhcp server group dhcp-group dhcp-server 10.10.10.10 0 gateway 20.20.20.20 # aaa domain stb-a domain stb-b # interface GigabitEthernet1/0/1.100 ip-session enable authentication-domain stb-a dhcp user-detect retransmin 8 interval 60 control-vid 100 dot1q-termination dot1q termination vid 100 # interface GigabitEthernet1/0/2.100 ip-session enable authentication-domain stb-b dhcp user-detect retransmin 8 interval 60 control-vid 100 dot1q-termination dot1q termination vid 100 # interface NULL0 # interface LoopBacl0 ip address 20.20.20.20 255.255.255.255 # ip route-static 10.10.10.0 255.255.255.0 NULL0 # return
Issue 01 (2011-07-15)
100
5 DHCPv6 Configuration
5
About This Chapter
DHCPv6 Configuration
Currently, the S7700 can function as only the DHCP relay agent on IPv6 networks. This document describes how to configure Dynamic Host Configuration Protocol for IPv6 (DHCPv6) relay. 5.1 Introduction to DHCPv6 DHCPv6 is designed for IPv6 addressing and is used to allocate IPv6 addresses and other network configuration parameters to hosts. 5.2 DHCPv6 Features Supported by the S7700 Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 server or client. 5.3 Configuring DHCPv6 Relay When the DHCPv6 client and the DHCPv6 server are on different links, you need to deploy DHCPv6 relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, the DHCPv6 relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client and the DHCPv6 server. 5.4 Maintaining DHCPv6 This section describes how to clear the statistics about DHCPv6 messages passing through the DHCPv6 relay agent and monitor the running status of the DHCPv6 relay agent. 5.5 Configuration Examples This section provides a configuration example of DHCPv6 relay.
Issue 01 (2011-07-15)
101
5 DHCPv6 Configuration
Issue 01 (2011-07-15)
102
5 DHCPv6 Configuration
0 DUID type
31
DUID type: The value of the DUID type is 0x0001. Hardware type: The hardware type supported by the device is Ethernet and the value is 0x0006. Time: time when the DUID is generated. Before the DUID is generated, the system time must be configured or the clock source is available. Link layer address: The value is the link layer address of any interface. The interface has a unique link layer address. The link layer address is the MAC address.
Issue 01 (2011-07-15)
103
5 DHCPv6 Configuration
DHCPv6 client
DHCPv6 client
DHCPv6 client
DHCPv6 client
DHCPv6 server
NOTE
Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 server or client.
Issue 01 (2011-07-15)
104
5 DHCPv6 Configuration
Applicable Environment
When the DHCPv6 client applies to the DHCPv6 server on a different link for the IP address, you need to deploy relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, the relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client and the DHCPv6 server.
Pre-configuration Tasks
Before configuring DHCPv6 relay, complete the following tasks: l l Configuring the DHCPv6 server Configuring the route between the S7700 and DHCPv6 server
Data Preparation
To configure DHCPv6 relay, you need the following data. No. 1 2 Data Type and number of the interface where DHCPv6 relay is enabled (the interface type is VLANIF) Type and number of the interface where the function of appending the remote ID to DHCPv6 relay messages is enabled (the interface type can be Ethernet, GE, or XGE) (Optional) Maximum transmission rate of DHCPv6 messages and alarm threshold of the number of DHCPv6 messages discarded
5 DHCPv6 Configuration
Procedure
Step 1 Run:
system-view
The DHCPv6 relay function is enabled on the VLANIF interface, the IPv6 address of the DHCPv6 server or the next hop relay agent is set, and the outbound interface of relay messages is specified. By default, the DHCPv6 relay function is disabled on a VLANIF interface. l If the configured IPv6 address is a global address or a site address, the outbound interface does not need to be specified. The DHCPv6 server sends the relay messages to the IPv6 address by searching for a route. l If the configured IPv6 address is a local address or a multicast address, the outbound interface of the DHCPv6 server or the next hop relay agent needs to be specified. On the S7700, up to eight interfaces can be enabled with the DHCPv6 relay function and each interface can be configured with up to eight destination addresses. ----End
Context
The DHCPv6 server can make decisions about address allocation, parameter setting, and prefix agent according to the remote ID. The format of the remote ID is defined by the vendor. Usually,
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 106
5 DHCPv6 Configuration
the remote ID carries the phone number and user name in a dial-up connection, or the peer IP address and access interface in a point-to-point connection. Currently, a remote ID can contain a maximum of 247 bytes. When the S7700 functions as the DHCPv6 relay agent, it processes the remote ID as follows: l The S7700 directly receives messages from DHCPv6 clients. When constructing a RelayForward message, the S7700 adds the remote ID to the Relay-Forward message according to the configuration. If the Relay-Reply message received by the S7700 from the DHCPv6 server contains the remote ID, the S7700 removes the remote ID from the Relay-Reply message before forwarding it to DHCPv6 clients or other relay agents.
Procedure
Step 1 Run:
system-view
The format of the remote ID in DHCPv6 messages is set. By default, the default format of the remote ID in DHCPv6 messages is used. Step 3 Run:
interface interface-type interface-number
The interface view is displayed. The interface can be an Ethernet interface, a GE interface or an XGE interface. Step 4 Run:
dhcpv6 remote-id insert enable
The function of appending the remote ID to DHCPv6 relay messages is enabled. Or, run:
dhcpv6 remote-id rebuild enable
The function of forcibly appending the remote ID to DHCPv6 relay messages is enabled. l After the dhcpv6 remote-id insert enable command is used, if the original DHCPv6 messages do not carry the remote ID, the S7700 appends the remote ID to the DHCPv6 messages. If the original DHCPv6 messages carry the remote ID, the S7700 sends the DHCP messages directly. l After the dhcpv6 remote-id rebuild enable command is used, if the original DHCPv6 messages do not carry the remote ID, the S7700 appends the remote ID to the DHCPv6 messages. If the original DHCPv6 messages carry the remote ID, the S7700 deletes the original remote ID from the DHCP messages and appends a new remote ID to the DHCP messages. If you run the dhcpv6 remote-id insert enable and dhcpv6 remote-id rebuild enable commands simultaneously on an interface, the command that you run later takes effect. ----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 107
5 DHCPv6 Configuration
Context
After rate limit of DHCPv6 messages is enabled, excessive DHCPv6 messages are discarded when the rate of DHCPv6 messages exceeds the limit. When the number of discarded DHCPv6 messages exceeds the threshold, the S7700 supports the log function.
Procedure
Step 1 Run:
system-view
Rate limit of DHCPv6 messages is enabled and the maximum transmission rate of DHCPv6 messages is set. By default, rate limit of DHCPv6 messages is disabled on the S7700. Step 4 Run:
dhcpv6 packet-rate drop-alarm enable
The alarm function for DHCPv6 messages discarded when the rate of DHCPv6 messages exceeds rate limit. After the log function is enabled, if the number of DHCPv6 messages that pass through the S7700 every second exceeds the rate limit, they are discarded. By default, S7700 sends logs when the number of discarded DHCPv6 messages exceeds 100. Step 5 Run:
dhcpv6 packet-rate drop-alarm threshold threshold
The log threshold for DHCPv6 messages discarded is set when the rate of DHCPv6 messages exceeds rate limit. ----End
Prerequisite
The configurations of DHCPv6 relay are complete.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 108
5 DHCPv6 Configuration
Procedure
l Run the display dhcpv6 relay [ interface interface-type interface-number ] command to check the configuration about the interface enabled with the DHCPv6 relay function. Currently, the interface type can only be the VLANIF interface. l Run the display dhcpv6 relay statistics [ interface interface-type interface-number ] command to check the statistics about DHCPv6 messages passing through the DHCPv6 relay agent. Currently, the interface type can only be the VLANIF interface. ----End
5.4.1 Clearing the Statistics About DHCPv6 Messages Passing Through the DHCP Relay Agent
If the S7700 is enabled with the DHCPv6 relay function, the system collects statistics about DHCPv6 messages passing through the DHCP relay agent. To clear the statistics about DHCPv6 messages passing through the DHCPv6 relay agent, you can use the command in the user view or system view.
Context
CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you use the command.
Procedure
l Run the reset dhcpv6 relay statistics [ interface interface-type interface-number ] command to clear the statistics about DHCPv6 messages passing through the DHCPv6 relay agent. The interface must be the VLANIF interface. If no interface is specified, all the statistics about DHCPv6 messages are cleared. If the interface is specified, the statistics about DHCPv6 messages on the specified interface are cleared. ----End
5 DHCPv6 Configuration
Procedure
l l Run the display dhcpv6 relay [ interface interface-type interface-number ] command to check the configuration about the interface enabled with the DHCPv6 relay function. Run the display dhcpv6 relay statistics [ interface interface-type interface-number ] command to check the statistics about DHCPv6 messages passing through the DHCPv6 relay agent.
----End
Networking Requirements
As shown in Figure 5-3, the DHCPv6 client address is 2000::/64 and the DHCPv6 server address is 3000::3/64. The DHCPv6 client and the DHCPv6 server are on different links; therefore, a DHCPv6 relay agent is required to forward DHCPv6 messages. It is required that the Switch should function as the DHCPv6 relay agent to forward DHCPv6 messages exchanged between the DHCPv6 client and the DHCPv6 server. In addition, the Switch functions as the gateway device of the network at 2000::/64. By specifying the M flag bit and O flag bit in RA messages, hosts on the network are enabled to obtain IPv6 addresses and other network configuration parameters through DHCPv6. Figure 5-3 Networking for configuring DHCPv6 relay
DHCPv6 client
DHCPv6 client GE1/0/2 GE1/0/1 Switch VLANIF20 VLANIF10 3000::1/64 2000::1/64 3000::3/64 DHCPv6 server
Configuration Roadmap
The configuration roadmap is as follows: 1.
Issue 01 (2011-07-15)
Enable DHCP.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 110
5 DHCPv6 Configuration
2. 3. 4.
Create VLANIF interfaces and set IPv6 addresses of the VLANIF interfaces. Enable the DHCPv6 relay function and set the DHCPv6 server address. Configure the Switch as the gateway.
Data Preparation
To complete the configuration, you need the following data: l l IPv6 addresses of the interfaces IP address of the DHCPv6 server
Procedure
Step 1 Enable DHCP.
<Quidway> system-view [Quidway] dhcp enable
Step 3 Set IPv6 addresses of VLANIF interfaces. # Enable the IPv6 packet forwarding function.
[Quidway] ipv6
Step 4 Enable the DHCPv6 relay function. # Enable the DHCPv6 relay function on VLANIF 10 and set the IP address of the DHCPv6 server.
[Quidway] interface vlanif 10 [Quidway-Vlanif10] dhcpv6 relay destination 3000::3
5 DHCPv6 Configuration
# Configure the Switch to send RA messages and configure M and O flag bits.
[Quidway-Vlanif10] [Quidway-Vlanif10] [Quidway-Vlanif10] [Quidway-Vlanif10] undo ipv6 nd ra halt ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag quit
Step 6 Verify the configuration. Run the display dhcpv6 relay command on the Switch, and you can view the configuration of DHCPv6 relay.
[Quidway] display dhcpv6 relay Interface Mode Destination -----------------------------------------------------------------Vlanif10 Relay 3000::3 ------------------------------------------------------------------
Run the display dhcpv6 relay statistics on the Switch, and you can view the statistics about DHCP messages passing through the DHCPv6 relay agent.
[Quidway] display dhcpv6 relay statistics MessageType Receive Send Solicit 0 0 Advertise 0 0 Request 0 0 Confirm 0 0 Renew 0 0 Rebind 0 0 Reply 0 0 Release 0 0 Decline 0 0 Reconfigure 0 0 Information-request 0 0 Relay-forward 0 0 Relay-reply 0 0 UnknownType 0 0 Error 0 0 0 0 0 0 0 0 0 0 0 0 0 0
----End
Configuration Files
Configuration file of the Switch
# sysname Quidway # vlan batch 10 20 # ipv6 # dhcp enable # interface Vlanif10 ipv6 enable ipv6 address 2000::1/64 undo ipv6 nd ra halt ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag dhcpv6 relay destination 3000::3 # interface Vlanif20 ipv6 enable ipv6 address 3000::1/64 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 #
Issue 01 (2011-07-15)
112
5 DHCPv6 Configuration
Issue 01 (2011-07-15)
113
6 IP Performance Configuration
6
About This Chapter
IP Performance Configuration
This chapter describes the basic concepts of IP performance, and provides configuration procedures and examples of IP performance. 6.1 Introduction to IP Performance On certain networks, you need to change IP parameters to optimize the performance of networks. Here, IP performance parameters supported by the S7700 are described. 6.2 IP Performance Supported by the S7700 This section describes the IP Performance features supported by the S7700. 6.3 Optimizing IP Performance This section describes how to optimize IP performance of a certain network by setting IP performance parameters. 6.4 Maintaining IP Performance This section describes how to maintain IP performance. 6.5 Configuration Examples This section provides several configuration examples of IP performance.
Issue 01 (2011-07-15)
114
6 IP Performance Configuration
On the S7700, you can set the load balancing mode for only the packets sent by the CPU.
l l l l l
Timeout interval of the TCP FIN-Wait timer Timeout interval of the TCP SYN-Wait timer Size of the packet receive or transmit buffer of the connection-oriented socket Forcible fragmentation of packets on an interface at the outbound direction Statistics on Transmission Control Protocol (TCP), IP, User Datagram Protocol (UDP), and socket monitor traffic
Pre-configuration Tasks
Before optimizing IP performance, complete the following tasks: l Connecting interfaces and setting physical parameters of the interfaces to ensure that the physical layer of the interfaces is in the Up state
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 115
Issue 01 (2011-07-15)
6 IP Performance Configuration
l l l
Setting parameters of the link layer protocol for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Assigning IP addresses to interfaces Configuring access control lists (ACLs)
Data Preparation
To optimize IP performance, you need the following data. No. 1 2 3 Data Number of the interface on which the Don't Fragment (DF) field of packets needs to be deleted Number of the interface on which ICMP redirection and ICMP host unreachable need to be configured Timeout interval of the TCP SYN-Wait timer, timeout interval of the TCP FIN-Wait timer, receive or transmit buffer of the socket
Procedure
Step 1 Run:
system-view
6 IP Performance Configuration
The S7700 only checks the source IP addresses of the packets sent from the interface to the CPU. ----End
Procedure
Step 1 Run:
system-view
The DF field is deleted from the packet sent from an interface; therefore, you need to configure this function on an outgoing interface.
Step 5 Run:
clear ip df
The interface is configured to delete the DF field. By default, outgoing packets are not fragmented forcibly on an interface. ----End
6 IP Performance Configuration
CAUTION
l If the S7700 is disabled from sending ICMP redirection packets, the S7700 does not send ICMP redirection packets in any case. l If the S7700 is disabled from sending ICMP host unreachable packets, the S7700 does not send ICMP host unreachable packets in any case. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view
After the fast ICMP reply function is enabled on the S7700, the S7700 can respond to ICMP Echo request packets quickly in the following situations: l The S7700 does not have the ARP entry of the device that initiates the ping. However, the S7700 cannot learn the ARP entry of this device in this case. l The S7700 does not have a route to the device that initiates the ping. l The checksum of the received ICMP Echo request packet is incorrect.
Step 3 Run:
icmp ttl-exceeded drop { slot slot-id | all }
The LPU is configured to discard the ICMP packets whose TTL values are 1. Step 4 Run:
icmp with-options drop { slot slot-id | all }
The LPU is configured to discard the ICMP packets that carry options. Step 5 Run:
icmp unreachable drop
The S7700 is configured to discard the ICMP Destination Unreachable packets. Step 6 Run:
icmp port-unreachable send
The S7700 is configured to send ICMP Port Unreachable packets. Step 7 Run:
icmp host-unreachable send
6 IP Performance Configuration
The relationship between the icmp host-unreachable send (system view) and the icmp host-unreachable send (interface view) commands are as follows: l When the S7700 is disabled from sending ICMP Host Unreachable packets, all the interfaces of the S7700 do not send the ICMP Host Unreachable packets even if you run the undo icmp host-unreachable send (interface view) command in the interface view. l When the S7700 is enabled to send ICMP Host Unreachable packets, all the interfaces of the S7700 can send ICMP Host Unreachable packets, which conforms to the default setting. In this case, you can run the undo icmp host-unreachable send (interface view) command to disable a specified interface from sending the ICMP Host Unreachable packets.
Step 8 Run:
interface vlanif vlan-id
If you run the tcp window command repeatedly in the same system view, the latest configuration overrides the previous configuration. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
119
6 IP Performance Configuration
The timeout interval of the TCP SYN-Wait timer is set. Step 3 Run:
tcp timer fin-timeout interval
The timeout interval of the TCP FIN-Wait timer (FIN_WAIT_2) is set. Step 4 Run:
tcp window window-size
When flow-based load balancing mode is adopted, the S7700 performs the Hash algorithm based on the protocol type, source IP address and mask, destination IP address and mask, source port number, and destination port number, and then selects a route for forwarding packets according to the Hash value. By default, the flow-based load balancing mode is adopted. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view
The value of slot-id can only be 0. That is, on the S7700, you can set the load balancing mode for only the packets sent by the CPU.
----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 120
6 IP Performance Configuration
Procedure
l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status. Run the display tcp statistics command to check the statistics on TCP traffic. Run the display udp statistics command to check the statistics on UDP traffic. Run the display ip statistics command to check the statistics on IP traffic. Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type socket-type ] command to check information about the created IPv4 socket. Run the display icmp statistics command to check the statistics on ICMP traffic. Run the display rawlink statistics command to check the Rawlink statistics. Run the display fib [ slot-id ] command to check the Forwarding Information Base (FIB) table on the Line Processing Unit (LPU). Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] command to check information about the FIB table. Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ] command to check information about the FIB entries that match ACL rules in a certain format. Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface as a specified interface. Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name [ verbose ] command to check information about the FIB entries that match a specified IP prefix list. Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1 [ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIB entries that match destination IP addresses in a specified range. Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address command to check information about the FIB entries that match the specified next hop address. Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command to check the total number of FIB entries.
l l l l l l l l l
l l
----End
Issue 01 (2011-07-15)
121
6 IP Performance Configuration
CAUTION
The statistics on IP, TCP, or UDP traffic cannot be restored after you clear them. So, confirm the action before you use the command.
Procedure
l l l l l Run the reset ip statistics [ interface interface-type interface-number ] command in the user view to clear the statistics on IP traffic. Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the user view to clear the information about the socket monitor. Run the reset tcp statistics command in the user view to clear the statistics on TCP traffic. Run the reset udp statistics command in the user view to clear the statistics on UDP traffic. Run the reset rawlink statistics command in the user view to clear the Rawlink statistics.
----End
Procedure
l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status. Run the display tcp statistics command to check the statistics on TCP traffic. Run the display udp statistics command to check the statistics on UDP traffic. Run the display ip statistics command to check the statistics on IP traffic. Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type socket-type ] command to check information about the created IPv4 socket. Run the display icmp statistics command to check the statistics on ICMP traffic. Run the display rawlink statistics command to check the Rawlink statistics. Run the display fib [ slot-id ] command to check the FIB table on the LPU. Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] command to check information about the FIB table. Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ] command to check information about the FIB entries that match ACL rules in a certain format.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 122
l l l l l l l l l
Issue 01 (2011-07-15)
6 IP Performance Configuration
Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface as a specified interface. Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name [ verbose ] command to check information about the FIB entries that match a specified IP prefix list. Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1 [ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIB entries that match destination IP addresses in a specified range. Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address command to check information about the FIB entries that match the specified next hop address. Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command to check the total number of FIB entries.
l l
----End
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. When an IP, TCP, UDP, RAWIP, or RAWLINK fault occurs, run the following debugging commands in the user view to locate the fault. For details on debugging commands, see the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
l l l Run the debugging ip packet [ error ] [ acl acl-number ] [ verbose ] command in the user view to debug IP packets. Run the debugging ip icmp [ verbose ] command in the user view to debug ICMP packets. Run the debugging udp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging udp packet [ task-id task-id ] [ socket-id socket-id ] command in the user view to debug UDP packets. Run the debugging tcp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] [ flag flag-number ] or debugging tcp packet [ task-id task-id ] [ socket-id socket-id ] [ flag flag-number ] command in the user view to debug UDP packets. Run the debugging tcp event [ local-ip local-address ] [ local-port local-port ] [ remoteip remote-address ] [ remote-port remote-port ] or debugging tcp event [ task-id taskid ] [ socket-id socket-id ] command in the user view to debug TCP events. Run the debugging tcp md5 [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging tcp md5 [ task-id task-id ] [ socket-id
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 123
Issue 01 (2011-07-15)
6 IP Performance Configuration
socket-id ] command in the user view to debug TCP Message Digest Algorithm 5 (MD5) authentication. l Run the debugging rawip packet [ src-ip src-address ] [ dest-ip dest-address ] [ protocol protocol-number ] [ verbose verbose-number ] or debugging rawip packet [ task-id task-id ] [ socket-id socket-id ] [ verbose verbose-number ] command in the user view to debug RAWIP packets. Run the debugging rawlink packet [ src-mac src-mac ] [ dest-mac dest-mac ] [ verbose verbose-number ] or debugging rawlink packet [ task-id task-id ] [ socket-id socket-id ] [ verbose verbose-number ] command in the user view to debug RAWLINK packets.
----End
Networking Requirements
As shown in Figure 6-1, to limit the sending of ICMP redirection packets, Switch A, Switch B, and Switch C are required and these devices are connected through their GE interfaces. Figure 6-1 Networking diagram for disabling the sending of ICMP redirection packets
SwitchA
VLANIF10 1.1.1.1/24
GE1/0/0
GE1/0/0
VLANIF10 2.2.2.2/24
Internet
GE1/0/0
VLANIF10 1.1.1.2/24
SwitchC
SwitchB
Issue 01 (2011-07-15)
124
6 IP Performance Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Assign IP addresses to interfaces on routing devices. Configure static routes to indirectly connected devices. Disable the sending of ICMP redirection packets on an interface.
Data Preparation
To complete the configuration, you need the following data: l l Static routes to indirectly connected devices IP address of the interface
Procedure
Step 1 Assign IP addresses to VLANIF interfaces. # Configure Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 10 [SwitchA-Vlan10] quit [SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] port hybrid tagged vlan 10 [SwitchA-GigabitEthernet1/0/0] quit [SwitchA] interface vlanif 10 [SwitchA-Vlanif10] ip address 1.1.1.1 24 [SwitchA-Vlanif10] quit
# Configure Switch B.
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] vlan 10 [SwitchB-Vlan10] quit [SwitchB] interface gigabitethernet 1/0/0 [SwitchB-GigabitEthernet1/0/0] port hybrid tagged vlan 10 [SwitchB-GigabitEthernet1/0/0] quit [SwitchB] interface vlanif 10 [SwitchB-Vlanif10] ip address 1.1.1.2 24 [SwitchB-Vlanif10] quit
# Configure Switch C.
<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] vlan 10 [SwitchC-Vlan10] quit [SwitchC] interface gigabitethernet 1/0/0 [SwitchC-GigabitEthernet1/0/0] port hybrid tagged vlan 10 [SwitchC-GigabitEthernet1/0/0] quit [SwitchC] interface vlanif 10 [SwitchC-Vlanif10] ip address 2.2.2.2 24 [SwitchC-Vlanif10] quit
Issue 01 (2011-07-15)
125
6 IP Performance Configuration
# Configure Switch B.
[SwitchB] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
# Run the ping command on Switch A. You can view that Switch B does not send host redirection packets. No ICMP redirection packet is displayed in the output of the debugging command.
[SwitchA] ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=3 Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=3 --- 2.2.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms
ms ms ms ms ms
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # vlan batch 10 # interface vlanif 10 ip address 1.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 port hybrid tagged vlan 10 # ip route-static 2.2.2.0 255.255.255.0 1.1.1.2 # return
Issue 01 (2011-07-15)
126
6 IP Performance Configuration
6.5.2 Example for Disabling the Sending of ICMP Host Unreachable Packets
This section provides a configuration example of disabling the sending of ICMP host unreachable packets.
Networking Requirements
As shown in Figure 6-2, to limit the sending of ICMP redirection packets, Switch A, Switch B, and Switch C are required and these devices are connected through their GigabitEthernet interfaces. Figure 6-2 Networking diagram for disabling the sending of ICMP host unreachable packets
GE1/0/2
VLANIF11 2.2.2.2/24 SwitchC
GE1/0/2
VLANIF11 2.2.2.1/24
SwitchB
GE1/0/1 GE1/0/1
VLANIF10 1.1.1.1/24
VLANIF10 1.1.1.2/24
SwitchA
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3.
Issue 01 (2011-07-15)
Assign IP addresses to interfaces on Switches. Configure static routes to indirectly connected devices. Enable the sending of ICMP host unreachable packets in the interface view.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 127
6 IP Performance Configuration
By default, the sending of ICMP host unreachable packets is enabled on the interface view. If the configuration is not changed, you can skip this configuration.
Data Preparation
To complete the configuration, you need the following data: l l Static routes to indirectly connected devices IP address of the interface
Procedure
Step 1 Configure Switch A. # Assign an IP address to VLANIF 10.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 10 [SwitchA-Vlan10] quit [SwitchA] interface gigabitethernet1/0/1 [SwitchA-GigabitEthernet1/0/1] port hybrid tagged vlan 10 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface vlanif 10 [SwitchA-Vlanif10] ip address 1.1.1.1 24 [SwitchA-Vlanif10] quit
Step 2 Configure Switch B. # Assign an IP address to VLANIF 10 on Switch B and disable the sending of ICMP host unreachable packets.
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] vlan 10 [SwitchB-Vlan10] quit [SwitchB] interface gigabitethernet1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid tagged vlan 10 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface vlanif 10 [SwitchB-Vlanif10] ip address 1.1.1.2 24 [SwitchB-Vlanif10] quit [SwitchB] vlan 11 [SwitchB-Vlan11] quit [SwitchB] interface gigabitethernet1/0/2 [SwitchB-GigabitEthernet1/0/2] port hybrid tagged vlan 11 [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface vlanif 11 [SwitchB-Vlanif11] ip address 2.2.2.1 24 [SwitchB-Vlanif11] icmp host-unreachable send [SwitchB-Vlanif11] quit
Issue 01 (2011-07-15)
128
6 IP Performance Configuration
[SwitchC] interface gigabitethernet1/0/2 [SwitchC-GigabitEthernet1/0/2] port hybrid tagged vlan 11 [SwitchC-GigabitEthernet1/0/2] quit [SwitchC] interface vlanif 11 [SwitchC-Vlanif11] ip address 2.2.2.2 24 [SwitchC-Vlanif11] quit
# Run the ping 2.2.2.3 command on Switch A. According to the received packet captured by the tester on Switch A, Switch B sends host unreachable packets.
[SwitchA] ping 2.2.2.3
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # vlan 10 # interface vlanif 10 ip address 1.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/1 port hybrid tagged vlan 10 # ip route-static 2.2.2.0 255.255.255.0 1.1.1.2 # return
Issue 01 (2011-07-15)
129
6 IP Performance Configuration
6.5.3 Example for Optimizing System Performance by Discarding Certain ICMP Packets
This section provides a configuration example of optimizing system performance by discarding certain ICMP packets.
Networking Requirement
As shown in Figure 6-3, the Switch functions as the convergence device. The enterprise users, individual users, and DSLAMs are attached to the Switch. The Switch is connected to the Internet through a BRAS. To reduce the workload on the Switch, you need to configure the Switch to discard certain ICMP packets. The ICMP packets to be discarded have any of the following characteristics: l l l The TTL values of the packets are 1. The packets carry options. The destination addresses of the packets are unreachable.
Internet
BRAS
S9300
Enterprise user
Individual user
Issue 01 (2011-07-15)
130
6 IP Performance Configuration
Configuration Roadmap
Perform the configurations in the system view of the Switch. The configuration roadmap is as follows: l l l Configure the Switch to discard the ICMP packets whose TTL values are 1. Configure the Switch to discard the ICMP packets that carry options. Configure the Switch to discard the ICMP packets whose destination addresses are unreachable.
Data Preparation
None
Procedure
Step 1 Configure the Switch to discard certain ICMP packets. # Configure the Switch to discard the ICMP packets whose TTL values are 1.
<Quidway> system-view [Quidway] icmp ttl-exceeded drop all
# Configure the Switch to discard the ICMP packets that carry options.
[Quidway] icmp with-options drop all
# Configure the Switch to discard the ICMP packets whose destination addresses are unreachable.
[Quidway] icmp unreachable drop
Step 2 Verify the configuration. # Run the display this command in the system view to display the configuration of the ICMP security function.
[Quidway] display this # icmp unreachable drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop
1 1 2 2 3 3
----End
Configuration Files
# sysname Quidway # icmp unreachable drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop icmp ttl-exceeded drop icmp with-options drop
1 1 2 2 3 3
Issue 01 (2011-07-15)
131
6 IP Performance Configuration
Issue 01 (2011-07-15)
132
7
About This Chapter
This chapter describes the principle of UDP helper, and provides configuration procedures and examples of UDP helper. 7.1 Introduction to UDP Helper This section describes the principle of UDP helper. 7.2 UDP Helper Features Supported by the S7700 This section describes the UDP Helper features supported by the S7700. 7.3 Configuring UDP Helper This section describes how to configure UDP helper to forward IP broadcast packets of a specified UDP port. 7.4 Maintaining UDP Helper This section describes how to maintain UDP helper. 7.5 Configuration Examples This section provides several configuration examples of UDP helper.
Issue 01 (2011-07-15)
133
138
49
Issue 01 (2011-07-15)
134
The UDP helper function cannot be used to send DHCP messages, that is, the number of the UDP port cannot be 67 or 68. To forward Dynamic Host Configuration Protocol (DHCP) messages, you need to enable the DHCP relay function.
Pre-configuration Tasks
Before configuring the UDP helper function, complete the following task: l Configuring a reachable route between the S7700 and the server
Data Preparation
To configure the UDP helper function, you need the following data. No. 1 2 Data UDP port on which packets are forwarded VLANIF interface and IP address of the destination server that sends packets of UDP ports
Issue 01 (2011-07-15)
Procedure
Step 1 Run:
system-view
Context
After the UDP helper function is enabled, the S7700 forwards broadcast packets of UDP ports 37 (Time), 49 (TACACS), 53 (DNS), 69 (TFTP), 137 (NetBIOS-NS), and 138 (NetBIOS-DS) by default. If the port number that needs to be configured is in the range of default UDP port numbers, you can skip this configuration procedure. The S7700 does not forward DHCP messages of UDP ports 67 and 68. Do as follows on the S7700.
Procedure
Step 1 Run:
system-view
The UDP port on which packets need to be forwarded are configured. ----End
7.3.4 Configuring the Destination Server to Which Packets of the UDP Port Need to Be Forwarded
Context
Do as follows on the S7700.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 136
Procedure
Step 1 Run:
system-view
The destination server to which UDP packets are forwarded is configured. After the UDP Helper function is enabled, if the destination UDP port of the packet received by the VLANIF interface is the same as the UDP port for packet relay, the packet is forwarded to the destination server configured on the VLANIF interface. ----End
Procedure
l Run the display udp-helper server [ interface vlanif vlan-id ] command to check information about UDP packets forwarded on the interface
----End
Example
Run the display udp-helper server command to check the number of the VLANIF interface that relays UDP packets, the IP address of the destination server, and the number of forwarded UDP packets.
<Quidway> display udp-helper server interface Vlanif 100 vlan-interface Server-Ip packet-num Vlanif100 10.10.10.10 20
Context
CAUTION
The UDP helper statistics cannot be restored after you clear them. So, confirm the action before you use the command.
Procedure
Step 1 Run the reset udp-helper packet command in the user view to clear the UDP helper statistics. ----End
Procedure
Step 1 Run the display udp-helper server [ interface vlanif vlan-id ] command to check the number of the VLANIF interface that forwards UDP packets, the IP address of the destination server, and the number of forwarded UDP packets. ----End
Networking Requirements
As shown in Figure 7-1, the IP address of VLANIF 100 on the Switch is 10.110.1.1/16; the IP address of the NetBIOS-NS name server is 10.2.1.1/16. The Switch and the NetBIOS-NS name server are on different network segments, but the route between the Switch and the NetBIOSNS name server is reachable. The Switch is configured to forward broadcast packets with the destination UDP port number as 137 and the destination IP address as 255.255.255.255 and broadcast packets with the destination IP address as 10.110.255.255 to the NetBIOS-NS name server.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 138
When receiving broadcast packets of NetBIOS-NS Register, the Switch changes the packets whose destination IP address is the IP address of the NetBIOS-NS name server. Then, the Switch forwards the packets to the specified NetBIOS-NS name server. Figure 7-1 Networking diagram for configuring UDP helper
VLANIF100 10.110.1.1/16
Switch
PC1
PC2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Enable the UDP helper function on the Switch. After the UDP helper function is enabled on the Switch, the Switch forwards broadcast packets with the destination UDP port as 137 by default. The UDP port number, therefore, does not need to be configured here. Create a VLAN, assign the IP address and configure the destination server to which packets of UDP ports are forwarded on the VLANIF interface.
3.
Data Preparation
To complete the configuration, you need the following data: l l VLANIF interface of the destination server to which packets of UDP ports are forwarded IP address of the destination server
Procedure
Step 1 Enable the UDP helper function.
<Quidway> system-view [Quidway] udp-helper enable
Step 2 Configure the destination server to which packets of UDP ports are forwarded.
[Quidway] vlan 100 [Quidway-Vlan100] quit [Quidway] interface vlanif 100
Issue 01 (2011-07-15)
139
Step 3 Verify the configuration. The destination server to which packets of UDP ports are forwarded on VLANIF 100 is the NetBIOS-NS name server.
<Quidway> display udp-helper server interface Vlanif 100 vlan-interface Server-Ip packet-num Vlanif100 10.2.1.1 0
----End
Configuration Files
Configuration file of the Switch
# sysname Quidway # vlan batch 100 # udp-helper enable # interface Vlanif100 ip address 10.110.1.1 255.255.0.0 udp-helper server 10.2.1.1 # return
Issue 01 (2011-07-15)
140
8 DNS Configuration
8
About This Chapter
DNS Configuration
By configuring the Domain Name System (DNS), you can enable network devices to communicate with other through their domain names. 8.1 Introduction to DNS After each host on the Internet is assigned a domain name, you can set up a mapping between the domain name and IP address of a host through. In this manner, you can use domain names, which are easy to memorize and are of significance, instead of complicated IP addresses. 8.2 DNS Supported by the S7700 Domain name resolution can be performed in either dynamic mode or static mode. 8.3 Configuring DNS By configuring the DNS, you can set up a mapping between a domain name and an IP address. In this manner, you can enable the device to communicate with other devices. 8.4 Maintaining DNS The operations of DNS maintenance include clearing DNS statistics and monitoring the DNS operating status. 8.5 Configuration Examples This section provides a configuration example of DNS.
Issue 01 (2011-07-15)
141
8 DNS Configuration
Applicable Environment
If local users accessing devices need to communicate with other devices by using domain names, you can configure DNS on the device. An DNS entry is an mapping between a domain name and an IP address. If local users communicate with other devices hardly through the domain name or if the DNS server is unavailable, configure static DNS. Prior to configuring static DNS, you must know the mapping between the domain name and the IP address. In case of a change in the mapping, you must modify the DNS entry manually. You can configure dynamic DNS on the device if local users frequently use domain names for communicating with other devices and the DNS server is available.
Pre-configuration Tasks
Before configuring DNS, complete the following tasks:
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 142
8 DNS Configuration
l l l l
Configuring physical attributes of the interface and ensuring that the physical layer status of the interface is Up Configuring parameters of the link layer protocol of the interface and ensuring that the link layer protocol status of the interface is Up Configuring routes between the local device and the DNS server Configuring the DNS server
Data Preparation
To configure DNS, you need the following data. No. 1 2 3 Data Domain name and the corresponding IP address in a static DNS entry IP address of a DNS server Domain name or the domain name list of a dynamic DNS entry
Procedure
Step 1 Run:
system-view
The IP address corresponding to the host name is configured. A host name corresponds to only one IP address. When you configure an IP address for a host for several times, only the IP address configured at the latest is valid. To resolve several host names, repeat Step 2. You can configure a maximum of 50 static DNS entries. ----End
8 DNS Configuration
Procedure
Step 1 Run:
system-view
The IP address of the local device is specified. The local device uses the specified IP address to communicate with the DNS server, which ensures communication security. Step 5 Run:
dns domain domain-name
Follow-up Procedure
The system supports the configuration of a maximum of 6 domain name servers, 1 source address, and 10 domain name suffixes. To configure more than one domain name server, repeat Step 3. To configure more than one domain name suffix, repeat Step 5.
Prerequisite
The configurations of the DNS function are complete.
Procedure
l l l Run the display ip host command to check the information about the static DNS entry table. Run the display dns server command to check the configurations about DNS servers. Run the display dns domain command to check the configurations about domain name suffixes.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 144
Issue 01 (2011-07-15)
8 DNS Configuration
Run the display dns dynamic-host command to check the information about dynamic DNS entries in the domain name cache.
----End
Example
Run the display ip host command. If static DNS entries including the mappings between host names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ip host Host Age Flags hw 0 static gww 0 static Address 10.1.1.1 192.168.1.1
Run the display dns server command. If IP addresses of all domain servers are displayed, it means that the configuration succeeds. For example:
<Quidway> display dns server IPv4 Dns Servers : Domain-server IpAddress 1 172.16.1.1 2 172.16.1.2 IPv6 Dns Servers : No configured servers.
Run the display dns domain command. If the list of suffixes of domain names is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns domain No Domain-name 1 com 2 net
Run the display dns dynamic-host command. If information about the dynamic domain name cache is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns dynamic-host No Domain-name IpAddress 1 www.huawei.com 91.1.1.1 2 www.huawei.com.cn 87.1.1.1 TTL 3521 3000 Alias
Context
CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this command.
Issue 01 (2011-07-15)
145
8 DNS Configuration
Procedure
Step 1 Run the reset dns dynamic-host command in the user view to clear dynamic DNS entries statistics in the domain name cache. ----End
Context
In routine maintenance, you can run the following command in any view to check the operation of DNS.
Procedure
l l l l Run the display ip host command to check the information about the static DNS entry table. Run the display dns server command to check configurations about DNS servers. Run the display dns domain command to check configurations about domain name suffixes. Run the display dns dynamic-host command to check the information about dynamic DNS entries in the domain name cache.
----End
Context
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging all command to disable it immediately. Run the following debugging command in the user view to debug DNS and locate the fault. For more information, refer to the chapter "Information Center Configuration" in the Quidway S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
Step 1 Run the debugging dns command in the user view to debug dynamic DNS. ----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 146
8 DNS Configuration
Networking Requirements
As shown in Figure 8-1, Switch A acts as a DNS client, being required to access the host 2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes "com" and "net". On Switch A, configure static DNS entries of Switch B and Switch C so that Switch A can communicate with them by using domain names. Figure 8-1 Networking diagram of DNS
Loopback0 4.1.1.2/32
SwitchC
GE1/0/1 VLANIF 100 2.1.1.1/16
GE1/0/2 VLANIF 101 3.1.1.1/16 GE1/0/1 VLANIF 100 DNS Server 2.1.1.2/16 3.1.1.2/16
huawei.com
2.1.1.3/16
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure static DNS entries. Enable DNS resolution. Configure an IP address for the DNS server. Configure suffixes of domain names.
Data Preparation
To complete the configuration, you need the following data: l l
Issue 01 (2011-07-15)
8 DNS Configuration
Procedure
Step 1 Configure Switch A. # Configure static DNS entries.
<SwitchA> system-view [SwitchA] ip host SwitchB 4.1.1.1 [SwitchA] ip host SwitchC 4.1.1.2
To complete DNS resolution, configuring routes from Switch A to the DNS server is mandatory. For procedures for configuring routes, refer to the Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
Step 2 Verify the configuration. # Run the ping huawei.com command on Switch A to ping the IP address 2.1.1.3. The ping succeeds.
<SwitchA> ping huawei.com Trying DNS server (3.1.1.2) PING huawei.com (2.1.1.3): 56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56 Reply from 2.1.1.3: bytes=56
data bytes, press CTRL_C to break Sequence=1 ttl=126 time=6 ms Sequence=2 ttl=126 time=4 ms Sequence=3 ttl=126 time=4 ms Sequence=4 ttl=126 time=4 ms Sequence=5 ttl=126 time=4 ms
--- huawei.com ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/6 ms
# Run the display ip host command on Switch A to view static DNS entries, including mappings between host names and IP addresses.
<SwitchA> display ip host Host Age SwitchB 0 SwitchC 0 Flags Address static 4.1.1.1 static 4.1.1.2
# Run the display dns dynamic-host command on Switch A to view dynamic DNS entries in the domain name cache.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 148
8 DNS Configuration
TTL 3579
Alias
TTL value in the above display indicates the lifetime of an entry. It is in seconds.
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # vlan batch 100 # ip host SwitchB 4.1.1.1 ip host SwitchC 4.1.1.2 # dns resolve dns server 3.1.1.2 dns domain net dns domain com # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface vlanif100 ip address 1.1.1.2 255.255.0.0 # rip 1 network 1.0.0.0 # return
Issue 01 (2011-07-15)
149
8 DNS Configuration
Issue 01 (2011-07-15)
150
9
About This Chapter
Context
NOTE
The IPv6 functions of the S7700 are restricted through the license. Generally, the IPv6 commands can be run on a new device, but the corresponding IPv6 functions cannot take effect. To make the IPv6 functions effective on the S7700, contact local office of Huawei to buy the license.
9.1 Introduction to IPv6 This section describes the basic principle of IPv6. 9.2 IPv6 Features Supported by the S7700 The S7700 supports the IPv6 protocol suite and TCP6 protocol suite. 9.3 Configuring an IPv6 Address for an Interface Assigning an IPv6 address to a device on a network enables the device to communicate with the other devices on the network. 9.4 Configuring IPv6 Neighbor Discovery IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship between neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the Address Resolution Protocol (ARP), ICMP Device Discovery messages, and ICMP Redirect messages, and introduces neighbor reachability detection. 9.5 Maintaining IPv6 This section describes how to maintain IPv6. Detailed operations include deleting information about IPv6 operation and monitoring IPv6 operation. 9.6 Configuration Examples This section provides a configuration example of IPv6 addresses.
Issue 01 (2011-07-15)
151
Basic Concepts
Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network protocol of 2nd generation. It is designed by Internet Engineering Task Force as an upgraded version of IPv4. The major feature of IPv6 is the larger address space: addresses in IPv6 are 128 bits long versus 32 bits in IPv4.
address for an interface. The link-local address manually set must be a valid link-local address (FE80::/10). Automatically generated link-local addresses are recommended because link-local addresses are used only for communications between link-local nodes usually to satisfy the communication request of protocols and irrelevant to communications between users. A global unicast address is equal to an IP address on the IPv4 public network, which is used to forward data on the public network and mandatory for communications between users. An EUI-64 address is equivalent to a global unicast address in view of functions. For an EUI-64 address, however, only the network bits need to be specified. Its host bits are transformed from the MAC address of the interface. For a global unicast address, complete 128 bits of the address have to be specified.
IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing protocols. This brings about Routing Information Base (RIB). The RIB is a base of the FIB. Guided by route management policies, the S7700 obtains minimum necessary forwarding information from the RIB and adds the information to the FIB. Through the route management module, you can also add static routes into the FIB. Forwarding Information Base (FIB) contains minimum necessary information needed by an S7700 to forward packets. An FIB entry usually contains the destination address, prefix length, transport port, next-hop address, route flag, time stamp. An S7700 forwards packets according to FIB entries. The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB container (used on the forwarding plane). The control plane (FibAgent) is responsible for interacting with the RM module and downloading the FIB to the forwarding engine. For a distributed system, the FIB needs to be downloaded to the I/O board. A FIB contains the following information: l l l l l l Destination address: indicates the network or host a packet is destined for. Prefix length: indicates the length of the destination address prefix. From the prefix length, you can infer that the destination address is a network address or a host address. Nexthop: indicates the address of the next hop through which the packet reaches the destination. Flag(s): identifies route characteristics. Interface: indicates the outgoing interface of the packet. Timestamp: time when an FIB entry is generated.
Issue 01 (2011-07-15)
153
Applicable Environment
When a device communicates with an IPv6 device, you need to configure IPv6 address for the interface. An EUI-64 address has the same function as an global unicast address. The difference is that only the network bits need to be specified for the EUI-64 address and the host bits are transformed from the MAC addresses of the interface while a complete 128-bit address need to be specified for the global unicast address. Note that the prefix length of the network bits in an EUI-64 address must not be longer than 64 bits. The EUI-64 address and the global unicast address can be configured simultaneously or alternatively. However, the IP addresses configured for one interface cannot be in the same network segment.
Pre-configuration Tasks
Before configuring IPv6 addresses, complete the following tasks: l l Configuring the physical features of the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up
Data Preparation
To configure IPv6 addresses for an interface, you need the following data. No. 1 2 3 Data Number of the interface Link-local address configured manually Global unicast address and prefix length
Issue 01 (2011-07-15)
154
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the system view and the interface view. This is because: l If you run the ipv6 command only in the system view, only the IPv6 packet forwarding capability is enabled on a device. The IPv6 function, however, is not enabled on the interface and hence you cannot perform any IPv6 configurations. If you run the ipv6 enable command only in the interface view, the IPv6 capability is enabled only on an interface but the IPv6 protocol status on the interface is Down. Therefore, the device cannot forward IPv6 data.
Procedure
Step 1 Run:
system-view
The IPv6 packet forwarding capability is enabled. By default, the IPv6 packet forwarding capability is disabled. To enable a device to forward IPv6 packets, you must run this command in the system view; otherwise, the IPv6 protocol status of the interface is Down and the device cannot forward IPv6 packets although you enable IPv6 on the interface. Step 3 Run:
interface interface-type interface-number
The view of the VLANIF interface to be enabled with the IPv6 capability is displayed. Step 4 Run:
ipv6 enable
The IPv6 capability is enabled on the interface. Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability in the interface view. By default, the IPv6 capability is disabled on the interface. ----End
address of a link is valid only for the link. A packet with a link-local address as the source or destination address is forwarded only along the local link.
Procedure
Step 1 Run:
system-view
The interface view is displayed. Step 3 Perform the following as required. Run:
ipv6 address auto link-local
The IPv6 link-local address is manually configured. Besides configuring a link-local address through the preceding two commands, you can also configure a global unicast IPv6 address for auto generating a link-local address. For details, see Configuring an IPv6 Global Unicast Address for an Interface. ----End
Procedure
Step 1 Run:
system-view
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } or ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64
Procedure
l l Run the display ipv6 interface [ interface-type interface-number | brief ] command to check IPv6 information about the interface. Run the display ipv6 statistics command to view statistics on IPv6 packets.
----End
Applicable Environment
Most of the ND configurations are implemented based on the interfaces.
Pre-configuration Tasks
Before configuring IPv6 neighbor discovery, complete the following tasks: l l l Configuring the physical features for the interface and ensuring that the status of the physical layer of the interface is Up Configuring link layer parameters for the interface Configuring the IPv6 address for the interface
Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 157
No. 1 2 3 4 5 6 7 8 9
Data Number of interface which needs to be configured with IPv6 ND IPv6 address and MAC address of the static neighbor Intervals, prefix, and life duration of RA messages Flag bit of automatic configuration Hop limit of ND Sending times of DAD Intervals for re-transmitting NS messages NUD reachable time Interface MTU
Procedure
Step 1 Run:
system-view
You can enable the IPv6 capability. Step 4 Run one of the following commands as required: l To configure a static neighbor entry on a common Layer 3 interface, run the ipv6 neighbor ipv6-address mac-address command. l To configure a static neighbor entry on a VLANIF interface, run the ipv6 neighbor ipv6address mac-address vid vlan-id interface-type interface-number command. Static neighbors can be configured for VLANIF interfaces. You can configure up to 300 neighbors on each interface. ----End
Issue 01 (2011-07-15)
158
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
The interval for advertising RA messages is configured. By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds. The maximum interval can not be shorter than the minimum interval.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 159
When the maximum interval is less than 9 seconds, the minimum interval is set to the same value as the maximum interval. ----End
Procedure
Step 1 Run:
system-view
The flag bit for stateful auto configuration addresses is set. If this flag is set, hosts use the stateful protocol for address auto-configuration in addition to any addresses auto-configured using stateless address auto-configuration. Step 5 Run:
ipv6 nd autoconfig other-flag
The flag bit for other stateful configurations is set. When this flag is set, hosts use the stateful protocol for auto-configuration of other (non-address) information. ----End
Procedure
Step 1 Run:
system-view
Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can configure the number of DAD messages which are sent continuously. Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS re-transmitting time interval is 1000ms. Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. By default, NUD value is 30000ms. The MTU of the interface determines whether to fragment IP packets on the interface. Default MTUs vary with interface types. The MTU on an GigabitEthernet interface defaults to be 1500 bytes.
Procedure
Step 1 Run:
system-view
ND hop limit is configured. The value of limit ranges from 1 to 255. By default, it is 64. Step 3 Run:
interface vlanif vlan-id
Issue 01 (2011-07-15)
161
l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval must be less than or equal to the life duration. l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds. l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration is still 1800 seconds.
Step 6 Run:
ipv6 nd dad attempts value
Follow-up Procedure
If the IPv6 MTU value is changed, run the shutdown command and the undo shudown command orderly in the interface view to validate the configuration.
Prerequisite
The configurations of the IPv6 neighbor discovery function are complete.
Procedure
l l Run the display ipv6 neighbors [ ipv6-address | [ vid vlan-id ] interface-type interfacenumber ] command to check the neighbor information in the cache. Run the display ipv6 interface [ interface-type interface-number | brief ] command to check the IPv6 information of an interface.
----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 162
Example
Run the display ipv6 neighbors command. If the cache of the neighbor information contains neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.
<Quidway> display ipv6 neighbors VLANIF10 -------------------------------------------------------IPv6 Address : 3003::2 Link-layer : 00e0-fc89-fe6e State : STALE Interface : VLANIF10 Age : 7 VPN name : vpn1 VLAN : Is Router :TRUE IPv6 Address : FE80::2E0:FCFF:FE89:FE6E Link-layer : 00e0-fc89-fe6e State : STALE Interface : VLANIF10 Age : 7 VPN name : vpn1 VLAN : Is Router :TRUE--------------------------------------------------------Total: 2 Dynamic: 2 Static: 0
Run the display ipv6 interface brief command. If information about the IPv6 address on the interface and interface status are displayed, it means that the configuration succeeds.
<Quidway> display ipv6 interface brief *down: administratively down (l): loopback (s): spoofing Interface Physical VLANIF20 up up [IPv6 Address] 2030::101:101 VLANIF30 up up [IPv6 Address] 2001::1 LoopBack0 up [IPv6 Address] Unassigned
Protocol
up(s)
CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you run the command.
Procedure
l l To clear statistics about processing IPv6 packets, run the reset ipv6 statistics command in the user view. To clear the IPv6 neighbor cache entry, run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interface-number] | interface-type interface-number } command in the user view.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 163
Issue 01 (2011-07-15)
l l
To clear statistics about TCP6, run the reset tcp ipv6 statistics command in the user view. To clear statistics about UDP6, run the reset udp ipv6 statistics command in the user view.
----End
Procedure
l l l l l l l l Run the display ipv6 interface [ interface-type interface-number | brief ] command in any view to view information about IPv6 on an interface. Run the display ipv6 statistics command in any view to view statistics on IPv6 packets. Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ] command in any view to view the cache content of neighbors. Run the display tcp ipv6 statistics command in any view to view statistics on TCP6 packets. Run the display tcp ipv6 status command in any view to view the status of a TCP6 connection. Run the display udp ipv6 statistics command in any view to view statistics on UDP6 packets. Run the display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] command in any view to view information about the specified socket. Run the display ipv6 fib [ existing-slot-id ] command in any view to view information about FIB.
----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, execute the undo debugging all command to disable it immediately. Run the following debugging commands in the user view to debug IPv6 and locate the fault. For the procedures of displaying the debugging information, refer to the chapter "Information Center Configuration" in the S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the S7700 Smart Routing Switch Debugging Reference.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 164
Procedure
l l l l l l Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6. Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and ND messages. Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to debug IPv6 packet. Run the debugging ipv6 pathmtu command in the user view to debug PMTU. Run the debugging tcp ipv6 { event | packet } [ task-id task id | socket-id socket id ] command in the user view to debug TCP6. Run the debugging udp ipv6 packet [ task-id task id | socket-id socket id ] command in the user view to debug UDP6.
----End
Networking Requirements
As shown in Figure 9-1, two Switches are connected through GE 1/0/1. The GE 1/0/1 interfaces of Switch A and Switch B correspond to their VLANIF 100 interfaces. You need to set IPv6 global unicast addresses for the VLANIF 100 interfaces and check the Layer 3 interconnection between them. The IPv6 global unicast addresses for the interfaces are 3001::1/64 and 3001::2/64. Figure 9-1 Networking diagram for setting IPv6 addresses SwitchA SwitchB
Configuration Roadmap
The configuration roadmap is as follows: 1. 2.
Issue 01 (2011-07-15)
Enable the IPv6 forwarding capability on the Switch. Set IPv6 global unicast addresses for the interfaces.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 165
Data Preparation
To complete the configuration, you need the following data. l Global unicast address of an interface
Procedure
Step 1 Enable the IPv6 forwarding capability on the Switch. # Configure Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] ipv6
# Configure Switch B.
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] ipv6
Step 2 Configure the IPv6 global unicast address for the interfaces. # Configure Switch A.
[SwitchA] vlan 100 [SwitchA-Vlan100] quit [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ipv6 enable [SwitchA-Vlanif100] ipv6 address 3001::1/64 [SwitchA-Vlanif100] quit
# Configure Switch B.
[SwitchB] vlan 100 [SwitchB-Vlan100] quit [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ipv6 enable [SwitchB-Vlanif100] ipv6 address 3001::2/64 [SwitchB-Vlanif100] quit
Step 3 Verify the configuration. If the configuration succeeds, you can view the configured global unicast addresses. The status of the interface and the IPv6 protocol are Up. # Display information about the interface on Switch A.
[SwitchA] display ipv6 interface vlanif 100 Vlanif100 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::218:20FF:FE00:83 [TENTATIVE] Global unicast address(es): 3001::1, subnet is 3001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF00:1 FF02::1:FF00:83 FF02::2
Issue 01 (2011-07-15)
166
# On Switch A, ping the link-local address of Switch B. Note that you need to use the parameter -i to specify the interface of the link-local address.
[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100 PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=1 hop limit=64 time = 7 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=3 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=4 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=5 hop limit=64 time = 3 ms --- FE80::2E0:FCFF:FE33:11 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/7 ms
----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 167
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # ipv6 # vlan 100 # interface Vlanif100 ipv6 enable ipv6 address 3001::1/64 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # return
Issue 01 (2011-07-15)
168
10
About This Chapter
By configuring the IPv6 Domain Name System (DNS), you can enable network devices to communicate with other through their domain names. 10.1 Introduction to IPv6 DNS After each host on the Internet is assigned a domain name, you can set up mapping between the domain name and IP address of a host. In this manner, you can use domain names, which are easy to memorize and are of significance, instead of complicated IP addresses. 10.2 IPv6 DNS Supported by the S7700 IPv6 domain name resolution can be performed in either dynamic mode or static mode. 10.3 Configuring IPv6 DNS By configuring the IPv6 DNS, you can set up a mapping between a domain name and an IPv6 address. In this manner, you can enable the device to communicate with other devices. 10.4 Maintaining IPv6 DNS This section describes how to maintain the IPv6 DNS. Detailed operations include deleting IPv6 DNS entries and monitoring IPv6 DNS operation. 10.5 Configuration Examples This section provides several configuration examples of IPv6 DNS.
Issue 01 (2011-07-15)
169
Applicable Environment
DNS needs to be configured if the local users log on to a device using domain names to communicate with other devices. The IPv6 DNS entries show the mapping between domain names and IPv6 addresses. If users seldom use the domain name to access other devices, or if the DNS server is unavailable, a static DNS needs to be configured. To configure a static IPv6 DNS, the network administrator needs to know the relation between domain names and IPv6 addresses, and manually modify the IPv6 DNS entry when the relation changes. If the users need to use the domain name to access many devices, and the DNS server is available, a dynamic DNS can be configured. The dynamic DNS needs to be supported by a DNS server.
Pre-configuration Tasks
Before configuring IPv6 DNS, configure the route between a local device and a DNS server.
Data Preparation
To configure IPv6 DNS, you need the following data.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 170
No. 1 2 3
Data Domain name of the static IPv6 DNS entry and the corresponding IPv6 address IPv6 address of the IPv6 DNS server Domain name of the dynamic IPv6 DNS or the domain name list
Procedure
Step 1 Run:
system-view
The host name and the corresponding IPv6 address are configured. If the same host is configured with IPv6 addresses for several times (the maximum times is 8 IPv6 addresses), the IPv6 address configured earliest is used when needing to find the host with the IPv6 address, such as ping this host. ----End
Context
If the IPv6 DNS server is configured with a link-local address, the interface name should also be configured with the IPv6 address. Figure 10-1 DNS server connecting IPv4 and IPv6 networks
DNS server
IPv4 link
Issue 01 (2011-07-15)
CAUTION
If multiple DNS servers are configured, the servers are queried in the order of configuration till proper response is received. If both IPv4 and IPv6 servers are configured, the A query is first sent to the IPv4 server, while AAAA query packets are first sent to the IPv6 server. The DNS domains are configured on a device and the domain names can be searched. If the DNS fails in searching for a host name, it appends a domain name to the host name following a "." and continues the DNS search. You can configure some commonly used domain names like "com", and "net". For example, if the search for the host name "huawei" fails, the system then searches for "huawei.com" or "huawei.net". Do as follows on the switch:
Procedure
Step 1 Run:
system-view
The IPv6 address of the local device is specified. After the source IPv6 address is specified for the local device, the local device uses the specified source IPv6 address to communicate with the IPv6 DNS server to ensure the security of check. Step 5 Run:
dns domain domain-name
Prerequisite
The configurations of the IPv6 DNS function are complete.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 172
Procedure
l l l l Run the display ipv6 host command to check the static IPv6 DNS table. Run the display dns server command to check the configuration of the DNS server. Run the display dns domain command to check the configuration of the suffix list of the domain name. Run the display dns ipv6 dynamic-host command to check the cache of the dynamic domain name.
----End
Example
Run the display ipv6 host command. If the static IPv6 DNS entries, including the host name and the IPv6 address, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ipv6 host Host Age RTB 0 RTA 0 Flags static static IPv6Address (es) 20::1 20::2
Run the display dns server command. If the IPv6 addresses of all DNS servers are displayed, it means that the configuration succeeds. For example:
<Quidway> display dns server IPv4 Dns Servers : Domain-server IpAddress 1 169.254.65.125 IPv6 Dns Servers: Domain-server Ipv6Address 1 3001::2 2 FE80::2
Run the display dns domain command. If the suffixes of the domain names are displayed, it means that the configuration succeeds. For example:
<Quidway> display dns domain No Domain-name 1 com 2 net
Run the display dns ipv6 dynamic-host command. If information about the cache of the dynamic domain name is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns ipv6 dynamic-host No Domain-name Ipv6address TTL 1 huawei6 3001::2 6
Context
CAUTION
IPv6 DNS entries cannot be restored after being cleared. So, confirm the action before you use this command.
Procedure
Step 1 Run the reset dns ipv6 dynamic-host command in the user view to clear dynamic IPv6 DNS entries statistics in the domain name cache. ----End
Context
In routine maintenance, you can run the following commands in any view to check the operation of IPv6 DNS.
Procedure
l Run:
display dns domain
Contents about the cache of the IPv6 dynamic domain names are checked. l Run:
display ipv6 host
Networking Requirements
As shown in Figure 10-2, Switch A, functioning as the IPv6 DNS client and working jointly whose IPv6 DNS server, can access the host with the IP address as 2002::1/64 based on the domain name huawei.com. On Switch A, the static IPv6 DNS entries of Switch B and Switch C are configured. This ensures that Switch A can manage both the routers based on the domain names Switch B and Switch C. Figure 10-2 Networking diagram of IPv6 DNS configurations
Loopback0 4.1.1.2/32
SwitchC
GE1/0/2 VLANIF100 2002::2/64
huawei.com
2002::1/64
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure static IPv6 DNS entries. Enable the DNS resolution function. Configure IPv6 address of the IPv6 DNS server. Set the domain name suffix.
Data Preparation
To complete the configuration, you need the following data: l l l Domain names of Switch B and Switch C IPv6 address of the IPv6 DNS server Domain name suffix
Procedure
Step 1 Configure Switch A. # Configure static IPv6 DNS entries.
<SwitchA> system-view
Issue 01 (2011-07-15)
175
To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server. For details of how to configure the route, see Configuration example of IP static route in the Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
Step 2 Verify the configuration. # Run the ping ipv6 huawei.com command on Switch A. You can find that the Ping operation succeeds, and the destination IP address is 2002::1.
<SwitchA> ping ipv6 huawei.com Resolved Host ( huawei.com -> 2002::1) PING huawei.com : 56 data bytes, press CTRL_C to Reply from 2002::1: bytes=56 Sequence=1 ttl=126 Reply from 2002::1: bytes=56 Sequence=2 ttl=126 Reply from 2002::1: bytes=56 Sequence=3 ttl=126 Reply from 2002::1: bytes=56 Sequence=4 ttl=126 Reply from 2002::1: bytes=56 Sequence=5 ttl=126 --- huawei.com ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/6 ms
ms ms ms ms ms
# Run the display ipv6 host command on SwitchA. You can view the mapping relationships between the host names in static IPv6 DNS entries and the IPv6 addresses.
<SwitchA> display ipv6 host Host Age SwitchB 0 SwitchC 0 Flags static static IPv6Address (es) 2001::2 2002::3
Run the display dns ipv6 dynamic-host command on SwitchA. You can view information about dynamic IPv6 DNS entries in the dynamic cache.
<SwitchA> display dns ipv6 dynamic-host No Domain-name Ipv6address 1 huawei.com 2002::1
NOTE
TTL 3579
TTL in the command output indicates the life time of the entry, in seconds.
----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 176
Configuration Files
l l Configuration file of Switch A
# sysname SwitchA # vlan batch 100 # ipv6 # ipv6 host SwitchB 2001::2 ipv6 host SwitchC 2002::3 # dns resolve dns server ipv6 2003::2 dns domain net dns domain com # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface vlanif100 ipv6 enable ipv6 address 2001::1/64 # return
Issue 01 (2011-07-15)
177
Issue 01 (2011-07-15)
178
11
Issue 01 (2011-07-15)
179
Dual Stacks
The simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve a complete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure 11-1 shows a single stack structure and a dual stack structure. Figure 11-1 Single stack and dual stack structures (Ethernet)
IPv6 Protocol ID: Protocol ID: 0x86DD 0x0800 Ethernet Dual Stack
The characteristics of the dual-stack structure are as follows: l Supported by multiple link layer protocols Multiple link layer protocols, such as Ethernet, support dual stacks. The link layer in the above diagram is the Ethernet. For an Ethernet frame with the protocol ID field value of 0x0800 indicates that the network layer has IPv4 packets. The ID field value of 0x86DD indicates that the network has IPv6 packets.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 180
Supported by multiple applications Multiple applications such as DNS, FTP and Telnet support dual stacks. The upper application, such as DNS, can select TCP or UDP as its transport layer protocol. However, it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.
IPv4
Tunnel
IPv6 Header
IPv6 Data
The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 over IPv4 tunnel. Tunnels can be classified according to their setup modes. The common IPv6 over IPv4 tunnel modes include: l l l l IPv6 over IPv4 manual tunnels 6to4 tunnels Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnels 6PE
A manual tunnel is equivalent to a permanent link between two IPv6 networks over an IPv4 backbone network. It is the fixed channel for regular and secure communication between the two border devices. The manual tunnel can be used between isolated IPv6 networks. It can also be used between a border device and a host. In this case, the host and the device on both ends of the tunnel must support the IPv4 and the IPv6 protocol stacks.
6to4 Tunnel
A 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over an IPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6 network and the IPv4 network. The border device on both the ends of the 6to4 tunnel must support the IPv4 and the IPv6 dual protocol stacks at the same time. The key difference between the 6to4 tunnel and the manual tunnel is that the former can be a point-to-multipoint connection, and the latter is only a point-to-point connection. Hence, the devices of the 6to4 tunnel are not configured in pairs. The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. You need not specify the IPv4-compatible IPv6 address for it. The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the following format: 2002:IPv4 address: subnet ID:interface ID The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4 address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address must be configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4 network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both the subnet ID and the interface ID are allocated in the isolated IPv6 domains. As shown in Figure 11-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4 network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address of the host or device in Site1 is the IPv4 address of the interface through which Switch A accesses the IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or device in Site2 is the IPv4 address of the interface through which Switch B accesses the IPv4 network. Switch A and Switch B are both 6to4 devices. Figure 11-3 6to4 tunnel and 6to4 relay
SwitchB SwitchC
IPv6 Internet Site3
SwitchA
6to4 Relay
Issue 01 (2011-07-15)
182
When the host in Site1 accesses the host in Site2, the process concerned is as follows: 1. 2. 3. The IPv6 packet is transmitted to Switch A. Switch A checks the destination address of the IPv6 packet and finds that the address is the 6to4 address, from which Switch A obtains the remote IPv4 address of the 6to4 tunnel. Switch A encapsulates this IPv6 packet into the IPv4 packet. The destination address of IPv4 packet header is the remote IPv4 address of the tunnel, and its source address is the local IPv4 address of the tunnel. Switch A forwards the IPv4 packet in the IPv4 network to Switch B. Switch B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6 packet to the destination host in Site2.
4. 5.
The above process implements the communication between the 6to4 networks. To implement the communication between the 6to4 network and native IPv6 network, a 6to4 relay device is needed. The so-called native IPv6 network means that both its internal host and device are not configured with the 6to4 address. The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network. One side of the 6to4 relay device is connected to the native IPv6 network; the other side is connected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device. As shown in Figure 11-3, when the host in the 6to4 network accesses the IPv6 Internet, the process concerned is as follows: 1. 2. 3. 4. The IPv6 packet is routed to Switch A. A 6to4 tunnel is created between Switch A and Switch C. The IPv6 packet is encapsulated into the IPv4 packet and is sent to Switch C. Switch C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends the IPv6 packet to the destination host in the IPv6 Internet.
ISATAP Tunnel
The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6 network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device. The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows: Prefix (64bit)::5EFE:IPv4-Address When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in a same IPv4 network), the IPv4 address embedded into the ISATAP address can be either a public network address or a private network address. As shown in Figure 11-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as follows: 1. The IPv4/IPv6 host sends a request message to a device. The IPv4/IPv6 host uses the link-local address in the ISATAP format to send a router request message to the ISATAP device. It encapsulates the message into the IPv4 packet. 2.
Issue 01 (2011-07-15)
The ISATAP device uses a router notification message to respond to the request. The router notification message contains the ISATAP prefix, which is manually configured on the device. 3. The IPv4/IPv6 host obtains its IPv6 address. The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with 5EFE:IPv4-Address, and uses this address to access the IPv6 host. Figure 11-4 ISATAP tunnel
IPv6 Host
The principle of an IPv4 or IPv6 host accessing an IPv6 network is as follows: 1. 2. 3. The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps given above. The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host in the IPv6 network. An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6 host.
6PE
On an IPv4 backbone network where the MPLS is deployed, the ISP can use the IPv6 Provider Edge (6PE) technology to provide the interconnection capacity for the IPv6 networks of dispersed users. 6PE is the PE with the IPv6 capacity. Figure 11-5 shows the principle of interconnecting isolated IPv6 domains through 6PE. 1. When the 6PE device receives an IPv6 packet from the CE, it directly labels the packet to translate the packet into an MPLS packet that can be transmitted over the IPv4 backbone network. The MPLS packet is forwarded to the remote 6PE through the LSP. The remote 6PE removes the label and finds the IPv6 routing table according to the destination address in the resulting IPv6 packet header. The remote 6PE then sends the packet to the destination host in the remote IPv6 network through the remote CE.
2. 3. 4.
Issue 01 (2011-07-15)
184
6PE Router
IPv4/MPLS IBGP
6PE Router
CE PE
Customer site
CE IPv6
IPv6
Customer site
Note the following points when you connect isolated IPv6 sites through a 6PE tunnel: l l l l Enable IPv4, MPLS and IPv6 on 6PE. MP-BGP also needs to be enabled between 6PEs to receive or send IPv6 routes from/to the remote 6PE. The IGP over ISP's IPv4 backbone network can be OSPF or IS-IS. Static routing protocol, IGP or EBGP can work between CE and 6PE.
When ISPs tend to extend their IPv4 or MPLS networks with IPv6 traffic exchange capability on MPLS, they only need to update their PE devices.
Applicable Environment
If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to be enabled on the device. Enabling the IPv4/IPv6 dual protocol stacks on the S7700 is a simple process. Enable the IPv6 packet forwarding capacity in the system view and configure an IPv4 address or IPv6 address on the corresponding interface. The device can then forward IPv4 and IPv6 packets on the corresponding interface.
Pre-configuration Tasks
Before configuring IPv6 tunnels, complete the following tasks:
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 185
l l
Configuring the physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer parameters for the interface
Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data. No. 1 2 3 4 Data Type and number of the interface connected with the IPv4 network IPv4 address and mask of the interface connected with the IPv4 network Type and number of the interface connected with the IPv6 network IPv6 address and prefix of the interface connected with the IPv6 network
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the system view and the interface view. This is because: l If you run the ipv6 command only in the system view, only the IPv6 packet forwarding capability is enabled on a device. The interface on the device is not of the IPv6 capability and hence you cannot perform any IPv6 configurations. If you run the ipv6 enable command only in the interface view, the IPv6 capability is enabled only on an interface but the IPv6 protocol status on the interface is Down and the device cannot forward IPv6 data.
Procedure
Step 1 Run:
system-view
The IPv6 packet forwarding capability is enabled. To enable a device to forward IPv6 packets, you must run this command in the system view; otherwise, the IPv6 protocol status on the interface is Down and the device cannot forward IPv6 packets although the interface is configured with an IPv6 address. By default, the IPv6 packet forwarding capability is disabled.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 186
Step 3 Run:
interface vlanif vlan-id
The view of the interface to be enabled with the IPv6 capability is displayed. Step 4 Run:
ipv6 enable
The IPv6 capability is enabled on the interface. Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability in the interface view. By default, the IPv6 capability is disabled on the interface. ----End
Procedure
Step 1 Run:
system-view
The interface view of the IPv6 network is displayed. Step 6 Perform the following configuration as required. l Run:
ipv6 address auto link-local
Issue 01 (2011-07-15)
187
Procedure
Step 1 Run the display ipv6 interface command to view the IPv6 information about the interface. ----End
Applicable Environment
To enable communication between two IPv6 networks over the IPv4 network, configure an IPv6 over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.
Pre-configuration Tasks
Before configuring an IPv6 over IPv4 tunnel, complete the following tasks: l l l Configuring the physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up Configuring the link layer protocol for the interface and ensuring that the status of the link layer protocol on the interface is Up Configuring the IPv4/IPv6 dual-protocol stacks
Data Preparation
To configure an IPv6 over IPv4 tunnel, you need the following data.
Context
Before enabling the service loopback function on an Eth-Trunk interface, note the following: l l Before enabling the service loopback function, create an Eth-Trunk, add member interfaces to the Eth-Trunk and keep it in the Up state. Only one interface enabled with the service loopback function is needed on a device.
Procedure
Step 1 Run:
system-view
The Eth-Trunk interface is enabled with the service loopback function. Step 4 Run:
interface interface-type interface-number
Context
Note the following when configuring an IPv6 over IPv4 manual tunnel: l l l Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface. When the specified source interface of the tunnel is a physical interface, it is recommended to set the tunnel ID to be the same as the number of the physical interface. You need to conduct the following configurations on the devices on both the ends of the tunnel. During the configuration, note that the source address of the local tunnel end is the
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 189
Issue 01 (2011-07-15)
destination address set for the remote tunnel end; the destination address of the local tunnel end is the source address set for the remote tunnel end.
Procedure
Step 1 Run:
system-view
The tunnel is specified be an IPv6 over IPv4 manual tunnel. Step 4 Run:
source { ip-address | interface-type interface-number }
The source address or source interface of the tunnel is specified. Step 5 Run:
destination dest-ip-address
The destination address of the tunnel can be the address of a physical interface or the address of a loopback interface.
Step 6 Run:
ipv6 enable
Context
Note the following when configuring a 6to4 tunnel: l l Before configuring other parameters of the tunnel, create a tunnel interface. When the specified source interface of the tunnel is a physical interface, it is recommended to set the tunnel ID to be the same as the number of the physical interface.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 190
Issue 01 (2011-07-15)
When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. The destination address of the tunnel is automatically obtained from the destination IP address field carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnel must be unique. On the border device, configure a 6to4 address on the interface that is connected with the 6to4 network, and configure an IPv4 address on the interface that is connected with the IPv4 network. To make the tunnel support the routing protocol, configure an IP address for the tunnel interface.
Procedure
Step 1 Run:
system-view
The source address or source interface of the tunnel is specified. Step 5 Run:
ipv6 enable
Follow-up Procedure
The configuration of 6to4 relay needed to access the IPv6 network, is similar to the 6to4 tunnel. For the configuration example, see "Example for Configuring 6to4 Relay."
Context
Note the following when configuring an ISATAP tunnel:
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 191
l l l
Before configuring other parameters of the tunnel, create a tunnel interface. When the specified source interface of the tunnel is a physical interface, it is recommended to set the tunnel ID to be the same as the number of the physical interface. When configuring an ISATAP tunnel, you need to specify only the source address of the tunnel. The destination address of the tunnel is automatically obtained from the destination IP address field carried in the original IPv6 packet. Note that the source interface of the ISATAP tunnel must be unique. The IPv6 address configured on the tunnel interface is an ISATAP address with a prefix length of 64 bits.
Procedure
Step 1 Run:
system-view
The source address or source interface of the tunnel is specified. Step 5 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
Context
Configuring routes in the tunnel comprises configuring static routes and dynamic routes.
NOTE
Currently, the tunnel interface of the S7700 cannot be configured with routing protocols.
When configuring a static route, you need to run the ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-number nexthop-ipv6-address | nexthop-ipv6Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 192
Issue 01 (2011-07-15)
address } command to configure a route destined for the destination address (the destination address specified before the packet encapsulation, rather than the destination address of the tunnel). In addition, you need to set the next hop address to the address of the interface on the remote end of the tunnel.
Procedure
Step 1 Run the display ipv6 interface tunnel interface-number command to view the IPv6 attribute of the tunnel interface. ----End
Applicable Environment
To interconnect IPv6 networks over the existing MPLS network, 6PE must be configured on the PE devices.
Pre-configuration Tasks
Before configuring 6PE, complete the following tasks: l l l l Configuring the physical features of interfaces and ensuring that the status of the physical layer of the interface is Up Configuring the link layer protocols on interface and ensuring that the status of the link layer protocol on the interface is Up Configuring routes from 6PE to CE Configuring routes to the backbone network
Data Preparation
To configure 6PE, you need the following data. No. 1
Issue 01 (2011-07-15)
Data Interface number and IPv6 address of the 6PE's interface connected with CE devices
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 193
No. 2 3 4 5
Data Interface number and IPv4 address of the 6PE's interface Interface number and IPv4 address of the loopback interface to be created LSP triggering policy IPv4 address of the peer of the 6PE
Procedure
Step 1 Run:
system-view
Or
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
Issue 01 (2011-07-15)
194
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
195
Procedure
Step 1 Run:
system-view
The IP address and the AS number of a specified BGP peer are specified. Step 4 Run:
peer ipv4-address connect-interface interface-type interface-number
Procedure
Step 1 Run the display mpls lsp command to view information about LSP.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 196
Step 2 Run the display bgp ipv6 routing-table command to view information about IPv6 BGP routes. ----End
Context
In routine maintenance, you can run the following command in any view to check the operation of IPv6 over IPv4 tunnel.
Procedure
Step 1 Run the display ipv6 interface tunnel { interface-number } command in any view to check the operation status of the tunnel interface. ----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. If an operation fault occurs on the IPv6 tunnel, run the following debugging commands in the user view to debug the IPv6 tunnel. View information about debugging, locate the fault, and analyze the cause. For the procedure of displaying the debugging information, refer to the chapter "Information Center Configuration" in the S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the S7700 Smart Routing Switch Debugging Reference.
Procedure
Step 1 Run the debugging tunnel { all | control | error | keepalive | packet | timer } [ interface tunnel interface-type interface-number ] command in the user view to debug tunnel information. ----End
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 197
Networking Requirements
As shown in Figure 11-6, two IPv6 networks are connected to Switch B on the IPv4 backbone network respectively through Switch A and Switch C. To enable the communication between two IPv6 networks, manually configure an IPv6 over IPv4 tunnel between Switch A and Switch C. Figure 11-6 Networking diagram for configuring the IPv6 over IPv4 tunnel manually
IPv4 network
SwitchA
SwitchC
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enabling the service loopback function on an Eth-Trunk interface. Set the IP address for the VLANIF interface mapping with the physical interface. Configure IPv6 addresses, source interface, and destination addresses for the tunnel interfaces. Set the tunnel protocol to IPv6-IPv4.
Data Preparation
To complete the configuration, you need the following data. l
Issue 01 (2011-07-15)
IP addresses of interfaces
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 198
Procedure
Step 1 Configure Switch A. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view [Quidway] interface eth-trunk 1 [Quidway-Eth-Trunk1] service type tunnel [Quidway-Eth-Trunk1] quit [Quidway] interface gigabitethernet 1/0/3 [Quidway-GigabitEthernet1/0/3] eth-trunk 1 [Quidway-GigabitEthernet1/0/3] quit
# Set IPv6 address and destination address for the tunnel interface.
[SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] [SwitchA-Tunnel1/0/1] ipv6 enable ipv6 address 3001::1/64 source vlanif 100 destination 192.168.51.2 quit
Issue 01 (2011-07-15)
199
[SwitchB-Vlan100] quit [SwitchB] vlan 200 [SwitchB-Vlan200] quit [SwitchB] interface gigabitethernet1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet1/0/2 [SwitchB-GigabitEthernet1/0/2] port hybrid pvid vlan 200 [SwitchB-GigabitEthernet1/0/2] port hybrid untagged vlan 200 [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ip address 192.168.50.1 255.255.255.0 [SwitchB-Vlanif100] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] ip address 192.168.51.1 255.255.255.0 [SwitchB-Vlanif200] quit
Step 3 Configure Switch C. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view [Quidway] interface eth-trunk 1 [Quidway-Eth-Trunk1] service type tunnel [Quidway-Eth-Trunk1] quit [Quidway] interface gigabitethernet1/0/1 [Quidway-GigabitEthernet1/0/3] eth-trunk 1 [Quidway-GigabitEthernet1/0/3] quit
# Set IPv6 address and destination address for the tunnel interface.
[SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] [SwitchC-Tunnel1/0/1] ipv6 enable ipv6 address 3001::2/64 source vlanif 200 destination 192.168.50.2 quit
Issue 01 (2011-07-15)
200
Step 4 Verify the configuration. # On Switch C, ping the IPv4 address of VLANIF 100 of Switch A. Switch C can receive the response packet from Switch A.
[SwitchC] ping 192.168.50.2 PING 192.168.50.2: 56 data bytes, press CTRL_C to break Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=84 ms Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=25 ms Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=3 ms Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=24 ms --- 192.168.50.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/32/84 ms
# On Switch C, ping the IPv6 address of Tunnel 1/0/1 of Switch A. Switch C can receive the response packet from Switch A.
[SwitchC] ping ipv6 3001::1 PING 3001::1 : 56 data bytes, press Reply from 3001::1 bytes=56 Sequence=1 hop limit=255 Reply from 3001::1 bytes=56 Sequence=2 hop limit=255 Reply from 3001::1 bytes=56 Sequence=3 hop limit=255 Reply from 3001::1 bytes=56 Sequence=4 hop limit=255 Reply from 3001::1 bytes=56 Sequence=5 hop limit=255 --- 3001::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 26/26/28 ms CTRL_C to break time = 28 ms time = 27 ms time = 26 ms time = 27 ms time = 26 ms
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # ipv6 # vlan batch 100 # interface Vlanif100 192.168.50.2 255.255.255.0 # interface Eth-Trunk1 service type tunnel # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/3 eth-trunk 1
Issue 01 (2011-07-15)
201
# interface Tunnel1/0/1 ipv6 enable ipv6 address 3001::1/64 tunnel-protocol ipv6-ipv4 source Vlanif100 destination 192.168.51.2 # ip route-static 192.168.51.0 255.255.255.0 192.168.50.1 # return
Issue 01 (2011-07-15)
202
Networking Requirements
As shown in Figure 11-7, Switch A and Switch B are connected to a 6to4 network and an IPv4 backbone network respectively. To enable communication between two 6to4 network hosts, you need to manually configure an 6to4 tunnel between Switch A and Switch B. To enable communication between 6to4 networks, configure 6to4 addresses for the hosts on the 6to4 network. A 6to4 address has a 48-bit prefix, which is in the format 2002:IPv4 address. As shown in Figure 11-7, the IPv4 address of the interface through which Switch A is connected to the IPv4 network is 2.1.1.1. Therefore, the 6to4 address prefix of the 6to4 network where Switch A is located is 2002:0201:0101::. Figure 11-7 Networking diagram for configuring a 6to4 tunnel
IPv4
PC1 IPv6
PC2 IPv6
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enabling the service loopback function on an Eth-Trunk interface. Configure the IPv4/IPv6 stack on the Switch. Configure a 6to4 tunnel on the Switch. Configure related routes on the Switch.
Data Preparation
To complete the configuration, you need the following data. l l
Issue 01 (2011-07-15)
Procedure
Step 1 # Configure Switch A. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view [Quidway] interface eth-trunk 1 [Quidway-Eth-Trunk1] service type tunnel [Quidway-Eth-Trunk1] quit [Quidway] interface gigabitethernet 1/0/3 [Quidway-GigabitEthernet1/0/3] eth-trunk 1 [Quidway-GigabitEthernet1/0/3] quit
Step 2 # Configure Switch B. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
Issue 01 (2011-07-15)
204
There must be a reachable route between SwitchA and SwitchB. In this example, the routing protocol needs to be configured on GigabitEthernet1/0/1 of SwitchA and SwitchB to ensure a reachable route between SwitchA and SwitchB. For the configuration procedure, see the Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
Step 3 Verify the configuration. # View the IPv6 status of Tunnel 1/0/1 on Switch A, and you can find that the status is Up.
[SwitchA] display ipv6 interface tunnel 1/0/1 Tunnel1/0/1 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::201:101 [TENTATIVE] Global unicast address(es): 2002:201:101::1, subnet is 2002:201:101::/64 [TENTATIVE] Joined group address(es): FF02::1:FF01:101 FF02::1:FF00:1 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses
Issue 01 (2011-07-15)
205
# On Switch A, ping the 6to4 address of VLANIF 200 of Switch B. Switch A can receive the response packet from Switch B.
[SwitchA] ping ipv6 2002:0201:0102:1::1 PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break Reply from 2002:201:102:1::1 bytes=56 Sequence=1 hop limit=255 time = 8 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=2 hop limit=255 time = 25 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=3 hop limit=255 time = 4 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=4 hop limit=255 time = 5 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=5 hop limit=255 time = 5 ms --- 2002:0201:0102:1::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/9/25 ms
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # ipv6 # vlan batch 100 200 # interface Vlanif100 ip address 2.1.1.1 255.0.0.0 # interface Vlanif200 ipv6 enable ipv6 address 2002:201:101:1::1/64 # interface Eth-Trunk1 service type tunnel # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # GigabitEthernet1/0/3 eth-trunk 1 # interface Tunnel1/0/1 eth-trunk 1 ipv6 enable ipv6 address 2002:201:101:1::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100 # ipv6 route-static 2002:: 16 Tunnel 0/0/1 # return
l
Issue 01 (2011-07-15)
Networking Requirements
As shown in Figure 11-8, Switch A is a 6to4 device and is connected to an IPv6 network. Switch B is a 6to4 relay device and is connected to the IPv6 Internet (2001::/64). Switch A and Switch B are connected through an IPv4 backbone network. To enable communication between the 6to4 network and the IPv6 network, you need to configure a 6to4 tunnel between Switch A and Switch B. The configuration of a tunnel between a 6to4 relay device and a common 6to4 device is similar to configuration of a tunnel between common 6to4 devices. A static route to the IPv6 network must be configured on the common 6to4 device so that the 6to4 network and the IPv6 network can communicate with each other.
Issue 01 (2011-07-15)
207
IPv4 GE 1/0/0 GE 1/0/0 VLANIF 100 VLANIF 100 2.1.1.1 2.1.1.2 SwitchA SwitchB GE 2/0/0 GE 2/0/0 VLANIF 200 VLANIF 200 2001::1/64 2002:201:101:1::1/64 Tunnel 1/0/0 Tunnel 1/0/0 2002:201:101::1/64 2002:201:102::1/64 PC1 IPv6 2002:201:101:1::2 2001::2/64 PC2 IPv6
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure IPv4/IPv6 stacks on devices. Configure a 6to4 tunnel on devices. Configure related static routes on devices.
Data Preparation
To complete the configuration, you need the following data. l l l IPv4 and IPv6 addresses of interfaces Source tunnel interface Static route to an indirectly connected device
Procedure
Step 1 # Configure Switch A. # Configure the IPv4/IPv6 stack.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] ipv6 [SwitchA] vlan batch 100 200 [SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/0] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 2.1.1.1 255.0.0.0 [SwitchA-Vlanif100] quit [SwitchA] interface gigabitethernet 2/0/0 [SwitchA-GigabitEthernet2/0/0] port hybrid pvid vlan 200
Issue 01 (2011-07-15)
208
[SwitchA-GigabitEthernet2/0/0] port hybrid untagged vlan 200 [SwitchA-GigabitEthernet2/0/0] quit [SwitchA] interface vlanif 200 [SwitchA-Vlanif200] ipv6 enable [SwitchA-Vlanif200] ipv6 address 2002:0201:0101:1::1/64 [SwitchA-Vlanif200] quit
Step 3 Verify the configuration. # On Switch A, the IPv6 address of VLANIF 200 on Switch B can be successfully pinged.
[SwitchA] ping ipv6 2001::1 PING 2001::1 : 56 data bytes, press CTRL_C to break Reply from 2001::1 bytes=56 Sequence=1 hop limit=255 time = 29 ms Reply from 2001::1
Issue 01 (2011-07-15)
209
--- 2001::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 5/14/29 ms
----End
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # ipv6 # vlan batch 100 200 # interface Vlanif100 ip address 2.1.1.1 255.0.0.0 #interface Vlanif200 ipv6 enable ipv6 address 2002:201:101:1::1/64 # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface Tunnel 1/0/0 ipv6 enable ipv6 address 2002:201:101::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100 # ipv6 route-static :: 0 2002:201:102::1 # ipv6 route-static 2002:: 16 Tunnel 1/0/0 # return
Issue 01 (2011-07-15)
210
Network Requirements
As shown in Figure 11-9, an IPv6 host in the IPv4 network running the Windows XP system needs to access the IPv6 network through a border device. Both the IPv6 host and the border device support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host and the border device. Figure 11-9 Networking diagram of the ISATAP tunnel
ISATAP
IPv4 network
Switch ISATAP host GE1/0/2 GE1/0/1 FE80::5EFE:0201:0102 VLANIF 100 VLANIF 200 2.1.1.2 3001::1/64 2.1.1.1/8 2001::5EFE:0201:0102
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enabling the service loopback function on an Eth-Trunk interface. Configure IPv4/IPv6 dual protocol stacks. Configure an ISATAP tunnel. Configure static routes from the IPv6 host to the ISATAP host.
Data Preparation
To complete the configuration, you need the following data: l
Issue 01 (2011-07-15)
l l
Source interface of the tunnel VLAN that the physical interface of the Switch belongs to
Procedure
Step 1 Configure the ISATAP device. # Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view [Quidway] interface eth-trunk 1 [Quidway-Eth-Trunk1] service type tunnel [Quidway-Eth-Trunk1] quit [Quidway] interface gigabitethernet 1/0/3 [Quidway-GigabitEthernet1/0/3] eth-trunk 1 [Quidway-GigabitEthernet1/0/3] quit
# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.
<Quidway> system-view [Quidway] ipv6 [Quidway] vlan batch 100 200 [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface gigabitethernet 1/0/2 [Quidway-GigabitEthernet1/0/2] port hybrid pvid vlan 200 [Quidway-GigabitEthernet1/0/2] port hybrid untagged vlan 200 [Quidway-GigabitEthernet1/0/2] quit [Quidway] interface vlanif 100 [Quidway-Vlanif100] ipv6 enable [Quidway-Vlanif100] ipv6 address 3001::1/64 [Quidway-Vlanif100] quit [Quidway] interface vlanif 200 [Quidway-Vlanif200] ip address 2.1.1.1 255.0.0.0 [Quidway-Vlanif200] quit
The ISATAP host needs to run IPv6 and needs to be enabled with the IPv6 function.
# Configure a static route to the border device. (The pseudo interface number of the host is 2. You can run the ipv6 if command to view the interface corresponding to the automatic tunneling pseudo interface.)
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 212
Step 3 Configure the IPv6 host. # Configure a static route on the IPv6 host to the border device, so hosts in different networks can communicate through the ISATAP tunnel.
C:\> netsh interface ipv6 set route 2001::/64 3001::1
Step 4 Verify the configuration. Check the status of the Tunnel 1/0/2 on the ISATAP device and find it is Up.
[Quidway] display ipv6 interface tunnel 1/0/2 Tunnel1/0/2 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::5EFE:201:101 [TENTATIVE] Global unicast address(es): 2001::5EFE:201:101, subnet is 2001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF01:101 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisement max interval 600 seconds, min interval 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses
# On the ISATAP device, ping the global unicast IP address of the tunnel interface on the ISATAP host.
[Quidway] ping ipv6 2001::5efe:2.1.1.2 PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break Reply from 2001::5EFE:201:102 bytes=56 Sequence=1 hop limit=64 time = 4 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=3 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=4 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=5 hop limit=64 time = 2 ms --- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/4 ms
# On the ISATAP host, ping the global unicast IP address of the ISATAP device.
C:\> ping6 2001::5efe:2.1.1.1 Pinging 2001::5efe:2.1.1.1 from 2001::5efe:2.1.1.2 with 32 bytes of data: Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms Ping statistics for 2001::5efe:2.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
Issue 01 (2011-07-15)
213
Ping statistics for 3001::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
----End
Configuration Files
The configuration file of the ISATAP device is as follows:
# sysname Quidway # vlan batch 100 200 # ipv6 # interface Vlanif100 ipv6 enable ipv6 address 3001::1/64 # interface Vlanif200 ip address 2.1.1.1 255.0.0.0 # interface Eth-Trunk1 service-type tunnel # interface GigabitEthernet1/0/3 eth-trunk 1 # interface Tunnel1/0/2 ipv6 enable ipv6 address 2001::/64 eui-64 undo ipv6 nd ra halt tunnel-protocol ipv6-ipv4 isatap source Vlanif200 # interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # return
Issue 01 (2011-07-15)
214
Networking Requirements
NOTE
As shown in Figure 11-10, PE1 and PE2 support the 6PE feature, and CE1 and CE2 support the IPv6 protocol. Between PE devices is the IPv4/MPLS network of carriers. IBGP connections of IPv4 need to be set up between PEs. IGP adopts the OSPF routing protocol. The CE device is located on an IPv6 network. The PE device and CE device exchange routing information in static routing mode through the IPv6 address. Use the 6PE feature to connect IPv6 networks of users through the IPv4/MPLS network of carriers. Figure 11-10 Networking diagram for configuring the 6PE
IPv4/MPLS
GE 1/0/0 GE 1/0/0 VLANIF 100 VLANIF 100 CE 2 3000:435::2/64 3000:1065::2/64 IPv6 Customer site
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the 6PE to enable the IPv6 capability and configure an IPv4/IPv6 stack. Configure the 6PE to enable the MPLS capability. Configure a peer of the 6PE. Set the IPv6 address and static route for the CE interface.
Data Preparation
To complete the configuration, you need the following data. l l
Issue 01 (2011-07-15)
Configuration Procedure
1. Configure the 6PE to enable the IPv6 capability and configure an IPv4/IPv6 stack. # Configure PE1 to enable the IPv6 capability.
<Quidway> system-view [Quidway] sysname PE1 [PE1] ipv6
# Set the IPv6 address for VLANIF 100 of PE1 and the IP address for Loopback0.
[PE1] vlan batch 100 200 [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [PE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [PE1-GigabitEthernet1/0/0] quit [PE1] interface vlanif 100 [PE1-Vlanif100] ipv6 enable [PE1-Vlanif100] ipv6 address 3000:435::1 64 [PE1-Vlanif100] quit [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255 [PE1-LoopBack0] quit
# Set the IPv6 address for VLANIF 100 of PE2 and the IP address for Loopback0.
[PE2] vlan batch 100 200 [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [PE2-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [PE2-GigabitEthernet1/0/0] quit [PE2] interface vlanif 100 [PE2-Vlanif100] ipv6 enable [PE2-Vlanif100] ipv6 address 3000:1065::1 64 [PE2-Vlanif100] quit [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 255.255.255.255 [PE2-LoopBack0] quit
2.
The PE devices are directly connected in this example, you need to run the label advertise command to enable the egress node to assign labels normally to the penultimate hop.
# Set the IP address for VLANIF 200 of PE1 and enable MPLS and LDP.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] port hyrbid pvid vlan 200 [PE1-GigabitEthernet2/0/0] port hyrbid untagged vlan 200 [PE1-GigabitEthernet2/0/0] quit [PE1] interface vlanif 200 [PE1-Vlanif200] ip address 4.3.5.1 255.255.255.0 [PE1-Vlanif200] mpls [PE1-Vlanif200] mpls ldp [PE1-Vlanif200] quit
# Set the IP address for VLANIF 200 of PE2 and enable MPLS and LDP.
[PE2] mpls lsr-id 2.2.2.9 [PE2] mpls
Issue 01 (2011-07-15)
216
[PE2-mpls] lsp-trigger all [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] port hyrbid pvid vlan 200 [PE2-GigabitEthernet2/0/0] port hyrbid untagged vlan 200 [PE2-GigabitEthernet2/0/0] quit [PE2] interface vlanif 200 [PE2-Vlanif200] ip address 4.3.5.2 255.255.255.0 [PE2-Vlanif200] mpls [PE2-Vlanif200] mpls ldp [PE2-Vlanif200] quit
3.
Configure a peer of the 6PE. # Configure IBGP on PE1, enable the peer 6PE capability, and import the direct and static routes of IPv6.
[PE1] bgp 65100 [PE1-bgp] peer 2.2.2.9 as-number 65100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv6-family [PE1-bgp-af-ipv6] import-route direct [PE1-bgp-af-ipv6] import-route static [PE1-bgp-af-ipv6] peer 2.2.2.9 enable [PE1-bgp-af-ipv6] peer 2.2.2.9 label-route-capability [PE1-bgp-af-ipv6] quit [PE1-bgp] quit
# Configure IBGP on PE2, enable the peer 6PE capability, and import the direct and static routes of IPv6.
[PE2] bgp 65100 [PE2-bgp] peer 1.1.1.9 as-number 65100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv6-family [PE2-bgp-af-ipv6] import-route direct [PE2-bgp-af-ipv6] import-route static [PE2-bgp-af-ipv6] peer 1.1.1.9 enable [PE2-bgp-af-ipv6] peer 1.1.1.9 label-route-capability [PE2-bgp-af-ipv6] quit [PE2-bgp] quit
4.
Set the IPv6 address and static route for the CE interface. # Configure CE1 to set up the connection between the IPv6 and PE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] ipv6 [CE1] vlan batch 100 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [CE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100
Issue 01 (2011-07-15)
217
5.
*>
*>
: 3000:1065:: : ::FFFF:2.2.2.9 : 0
Issue 01 (2011-07-15)
218
Configuration Files
l Configuration file of PE1
# sysname PE1 # ipv6 # vlan batch 100 200 # mpls lsr-id 1.1.1.9 mpls lsp-trigger all label advertise non-null # mpls ldp # interface Vlanif100 ipv6 enable ipv6 address 3000:435::1/64 # interface Vlanif200 ip address 4.3.5.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # bgp 65100 peer 2.2.2.9 as-number 65100 peer 2.2.2.9 connect-interface LoopBack0
Issue 01 (2011-07-15)
219
Issue 01 (2011-07-15)
220
Issue 01 (2011-07-15)
221
12
Issue 01 (2011-07-15)
222
Figure 12-1 shows the principles of the IPv4 over IPv6 tunnel technology. 1. 2. Enabling IPv4/IPv6 dual stacks Enable IPv4 and IPv6 protocol stacks on the border device. Encapsulating IPv6 packets After receiving a packet from the IPv4 network, the border device takes the received IPv4 packet as the payload, adds an IPv6 packet header before the payload, and encapsulates it into an IPv6 packet if the device finds that the destination of the packet is not itself. 3.
Issue 01 (2011-07-15)
In the IPv6 network, the encapsulated packet is transmitted to the peer border device. 4. Decapsulating the packet The peer border device decapsulates the packet, removes the IPv6 packet header, and forwards the decapsulated IPv4 packet to the remote IPv4 network.
Applicable Environment
To implement communication between IPv4 networks over the IPv6 network, configure an IPv4 over IPv6 tunnel on the border device of IPv4 and IPv6 networks.
Pre-configuration Tasks
Before configuring an IPv4 over IPv6 tunnel, complete the following tasks: l l Implementing the IP connectivity between the source and destination interfaces Configuring IPv4 and IPv6 protocol stacks
Data Preparation
To configure an IPv4 over IPv6 tunnel, you need the following data. No. 1 2 3 4 Data Number of the tunnel interface Source IPv6 address or source interface of the tunnel interface Destination IPv6 address of the tunnel interface IPv4 address of the tunnel interface or the interface from which the IPv4 address is borrowed
Issue 01 (2011-07-15)
224
Procedure
Step 1 Run:
system-view
The tunnel interface is created and the tunnel interface view is displayed. Step 3 Run:
tunnel-protocol ipv4-ipv6
The source IPv6 address or source interface of the tunnel interface is specified. Step 5 Run:
destination ip-address
The destination IPv6 address of the Tunnel interface is configured. Step 6 Run one of the following commands to specify the IP address of the tunnel interface: l Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IPv4 address of the tunnel interface. l Run the ip address unnumbered interface interface-type interface-number command to configure the tunnel interface to borrow an IPv4 address. ----End
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Choose one of the following methods to configure the route with the outgoing interface as the tunnel interface: l Run the ip route-static ip-address { mask | mask-length } tunnel interface-number command to configure static routes. When configuring the static routes, you must configure the both ends of the tunnel. Note that the destination address is the destination IPv4 address of the packet to be encapsulated with the IPv4 over IPv6 tunnel; the next hop is the local tunnel interface. l Configure dynamic routes. You can use the Border Gateway Protocol (BGP) or the Interior Gateway Protocol (IGP), excluding Intermediate System-to-Intermediate System (IS-IS). Detailed configurations are not mentioned here.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 225
When configuring a dynamic routing protocol, you must enable it on the tunnel interface and the interface on the link through which the IPv4 network is connected to the IPv6 network. ----End
Prerequisite
The configurations of the IPv4 over IPv6 Tunnel function are complete.
Procedure
l l Run the display interface tunnel [ interface-number ] command to check the working status of the tunnel interface. Run the display ip routing-table command to check the routing table.
----End
Example
Run the display interface tunnel command. If the status of the tunnel interface is Up, it means that the configuration succeeds. For example:
<Quidway> display interface tunnel 2/0/0 Tunnel2/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2010-06-22, 19:33:19 Description : HUAWEI, Quidway Series, Tunnel2/0/0 Interface, Route Port Route Port,The Maximum Transmit Unit is 1452 bytes Internet Address is 10.1.1.1/30 Encapsulation is TUNNEL6, loopback not set Tunnel protocol/transport (IPv6 or IPV4) over IPv6 Tunnel Source 2001::1 (Pos2/0/0) Tunnel Destination 2002::2 Tunnel Encapsulation limit 4 Tunnel Traffic class not set Tunnel Flow label not set Tunnel Hop limit 64 5 minutes input rate 10 bits/sec, 0 packets/sec 5 minutes output rate 14 bits/sec, 0 packets/sec 493 packets input, 38480 bytes 0 input error 447 packets output, 53144 bytes 0 output error
Run the display ip routing-table command. If the route with the outgoing interface as the tunnel interface is displayed in the IPv4 routing table, it means that the configuration succeeds. For example:
<Quidway> display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost NextHop 10.1.1.0/24 Direct 0 0 10.1.1.2 10.1.1.2/32 Direct 0 0 127.0.0.1 10.2.1.0/24 Static 60 0 40.1.1.1 20.1.1.0/24 Direct 0 0 20.1.1.1 20.1.1.1/32 Direct 0 0 127.0.0.1 20.1.1.2/32 Direct 0 0 20.1.1.2 30.1.1.0/24 OSPF 10 3124 20.1.1.2
Issue 01 (2011-07-15)
226
Run the ping -a source-ipv4-address dest-ipv4-address command. The local tunnel interface can ping through the destination tunnel interface.
Context
In routine maintenance, you can run the following command in any view to check the operation of IPv4 over IPv6 tunnel.
Procedure
l l Run the display interface tunnel [ interface-number ] command in any view to check the operation status of the tunnel interface. Run the display interface tunnel interface-number command in any view to check the IPv4 attributes of the tunnel interface.
----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. If an operation fault occurs on the IPv4 tunnel, run the following debugging commands in the user view to debug the IPv4 tunnel. View information about debugging, locate the fault, and analyze the cause. For the procedure of displaying the debugging information, refer to the chapter "Information Center Configuration" in the S7700 Smart Routing Switch Configuration Guide - System Management. For descriptions about the debugging commands, refer to the S7700 Smart Routing Switch Debugging Reference.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 227
Procedure
Step 1 Run the debugging tunnel { all | control | error | keepalive | packet | timer } [ interface tunnel interface-type interface-number ] command in the user view to debug tunnel information. ----End
Networking Requirements
Figure 12-2 Networking diagram for configuring the IPv4 over IPv6 tunnel
IPv4
IPv6
SwitchC SwitchD
As shown in Figure 12-2, two IPv4 networks are connected to an IPv6 network through Switch A and Switch E. The border devices on the IPv6 network Switch B and Switch D support IPv4/IPv6 stack. An IPv4 over IPv6 tunnel needs to be set up between Switch B and Switch D to enable the interconnection of the two IPv4 networks that are isolated physically.
Configuration Roadmap
The configuration roadmap is as follows: 1.
Issue 01 (2011-07-15)
Set an IPv4 over IPv6 tunnel on the border devices at both ends of the IPv6 network.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 228
2.
Data Preparation
To complete the configuration, you need the following data. l l l Routing protocols used on the IPv6 network and IPv4 network Source and destination IPv6 addresses at both ends of the tunnel IPv4 address of the tunnel interface
Configuration Procedure
1. Set the IPv6 address and the IPv6 feature of IS-IS for the physical interface of the IPv6 network to implement IP connectivity of the IPv6 network. # Configure Switch B.
<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] ipv6 [SwitchB] vlan batch 100 200 [SwitchB] interface gigabitethernet 2/0/0 [SwitchB-GigabitEthernet2/0/0] port hybrid pvid vlan 200 [SwitchB-GigabitEthernet2/0/0] port hybrid untagged vlan 200 [SwitchB-GigabitEthernet2/0/0] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] ipv6 enable [SwitchB-Vlanif200] ipv6 address 2001::1 64 [SwitchB-Vlanif200] quit [SwitchB] isis 1 [SwitchB-isis-1] network-entity 10.0000.0000.0001.00 [SwitchB-isis-1] ipv6 enable topology standard [SwitchB-isis-1] quit [SwitchB] interface vlanif 200 [SwitchB-Vlanif200] isis ipv6 enable 1 [SwitchB-Vlanif200] quit
# Configure Switch C.
<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] ipv6 [SwitchC] vlan batch 100 200 [SwitchC] interface gigabitethernet 1/0/0 [SwitchC-GigabitEthernet1/0/0] port hybrid pvid vlan 200 [SwitchC-GigabitEthernet1/0/0] port hybrid untagged vlan 200 [SwitchC-GigabitEthernet1/0/0] quit [SwitchC] interface gigabitethernet 2/0/0 [SwitchC-GigabitEthernet2/0/0] port hybrid pvid vlan 100 [SwitchC-GigabitEthernet2/0/0] port hybrid untagged vlan 100 [SwitchC-GigabitEthernet2/0/0] quit [SwitchC] interface vlanif 100 [SwitchC-Vlanif100] ipv6 enable [SwitchC-Vlanif100] ipv6 address 2002::1 64 [SwitchC-Vlanif100] quit [SwitchC] interface vlanif 200 [SwitchC-Vlanif200] ipv6 enable [SwitchC-Vlanif200] ipv6 address 2001::2 64 [SwitchC-Vlanif200] quit [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0002.00 [SwitchC-isis-1] ipv6 enable topology standard [SwitchC-isis-1] quit [SwitchC] interface vlanif 100 [SwitchC-Vlanif100] isis ipv6 enable 1 [SwitchC-Vlanif100] quit [SwitchC] interface vlanif 200
Issue 01 (2011-07-15)
229
# Configure Switch D.
<Quidway> system-view [Quidway] sysname SwitchD [SwitchD] ipv6 [SwitchD] vlan batch 100 200 [SwitchD] interface gigabitethernet 1/0/0 [SwitchD-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchD-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchD-GigabitEthernet1/0/0] quit [SwitchD] interface vlanif 100 [SwitchD-Vlanif100] ipv6 enable [SwitchD-Vlanif100] ipv6 address 2002::2 64 [SwitchD-Vlanif100] quit [SwitchD] isis 1 [SwitchD-isis-1] network-entity 10.0000.0000.0003.00 [SwitchD-isis-1] ipv6 enable topology standard [SwitchD-isis-1] quit [SwitchD] interface vlanif 100 [SwitchD-Vlanif100] isis ipv6 enable 1 [SwitchD-Vlanif100] quit
2.
Set the IPv4 address and OSPF for the physical interface of the IPv4 network to implement IP connectivity of the IPv4 network. # Configure Switch A.
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan batch 100 [SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/0] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 10.1.2.2 30 [SwitchA-Vlanif100] quit [SwitchA] ospf 1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
# Configure Switch B.
<SwitchB> system-view [SwitchB] vlan batch 100 200 [SwitchB] interface gigabitethernet 1/0/0 [SwitchB-GigabitEthernet1/0/0] port hybrid pvid vlan 100 [SwitchB-GigabitEthernet1/0/0] port hybrid untagged vlan 100 [SwitchB-GigabitEthernet1/0/0] quit [SwitchB] interface vlanif 100 [SwitchB-Vlanif100] ip address 10.1.2.1 30 [SwitchB-Vlanif100] quit [SwitchB] ospf 1 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit
# Configure Switch D.
<SwitchD> system-view [SwitchD] vlan batch 100 200 [SwitchD] interface gigabitethernet 2/0/0 [SwitchD-GigabitEthernet2/0/0] port hybrid pvid vlan 200 [SwitchD-GigabitEthernet2/0/0] port hybrid untagged vlan 200 [SwitchD-GigabitEthernet2/0/0] quit [SwitchD] interface vlanif 200 [SwitchD-Vlanif200] ip address 10.1.3.1 30
Issue 01 (2011-07-15)
230
[SwitchD-Vlanif200] quit [SwitchD] ospf 1 [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit
# Configure Switch E.
<Quidway> system-view [Quidway] sysname SwitchE [SwitchE] vlan batch 200 [SwitchE] interface gigabitethernet 1/0/0 [SwitchE-GigabitEthernet1/0/0] port hybrid pvid vlan 200 [SwitchE-GigabitEthernet1/0/0] port hybrid untagged vlan 200 [SwitchE-GigabitEthernet1/0/0] quit [SwitchE] interface vlanif 200 [SwitchE-Vlanif200] ip address 10.1.3.2 30 [SwitchE-Vlanif200] quit [SwitchE] ospf 1 [SwitchE-ospf-1] area 0 [SwitchE-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3 [SwitchE-ospf-1-area-0.0.0.0] quit [SwitchE-ospf-1] quit
3.
Configure tunnel interfaces. # Create a tunnel interface, set the IPv4 address, source IPv6 address (or source interface), destination IPv6 interface for the tunnel interface. # Configure Switch B.
[SwitchB] interface tunnel 2/0/0 [SwitchB-Tunnel2/0/0] tunnel-protocol ipv4-ipv6 [SwitchB-Tunnel2/0/0] ip address 10.1.1.1 30 [SwitchB-Tunnel2/0/0] source vlanif 200 [SwitchB-Tunnel2/0/0] destination 2002::2 [SwitchB-Tunnel2/0/0] quit
# Configure Switch D.
[SwitchD] interface tunnel 1/0/0 [SwitchD-Tunnel1/0/0] tunnel-protocol ipv4-ipv6 [SwitchD-Tunnel1/0/0] ip address 10.1.1.2 30 [SwitchD-Tunnel1/0/0] source vlanif 100 [SwitchD-Tunnel1/0/0] destination 2001::1 [SwitchD-Tunnel1/0/0] quit
4.
Configure static routes. # Configure a static route between Switch A and Switch E. # Configure Switch A.
[SwitchA] ip route-static 10.1.3.2 255.255.255.252 vlanif 100 10.1.2.1
Configure Switch E.
[SwitchE] ip route-static 10.1.2.2 255.255.255.252 vlanif 200 10.1.3.1
# Configure Switch D.
[SwitchD] ip route-static 10.1.2.2 255.255.255.252 10.1.1.2
5.
Verify the configuration. After the preceding configurations are complete, view the tunnel interface on Switch B and Switch D. You can find that the protocol status of the tunnel interface is Up.
[SwitchB] display interface tunnel 2/0/0 Tunnel2/0/0 current state : UP Line protocol current state : UP
Issue 01 (2011-07-15)
231
Description : HUAWEI, Quidway Series, Tunnel2/0/0 Interface, Route Port Route Port,The Maximum Transmit Unit is 1500 Internet Address is 10.1.1.1/30 Encapsulation is TUNNEL6, loopback not set Tunnel protocol/transport (IPv6 or IPV4) over IPv6 Tunnel Source 2001::1 (Vlanif200) Tunnel Destination 2002::2 Tunnel Encapsulation limit 4 Tunnel Traffic class not set Tunnel Flow label not set QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 5 minutes input rate 10 bits/sec, 0 packets/sec 5 minutes output rate 14 bits/sec, 0 packets/sec 493 packets input, 38480 bytes 0 input error 447 packets output, 53144 bytes 0 output error
View the IPv4 routing table on Switch B and Switch D. You can find that the routing outbound interface directing at the remote end of the IPv4 network is a tunnel interface.
[SwitchB] display ip routing-table Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask 1.1.1.1/32 10.1.1.0/30 10.1.1.1/32 10.1.2.0/30 10.1.2.1/32 10.1.2.2/32 127.0.0.0/8 127.0.0.1/32 Proto Direct Direct Direct Direct Direct Direct Direct Direct Pre 0 0 0 0 0 0 0 0 Cost 0 0 0 0 0 0 0 0 Flags NextHop D 127.0.0.1 D 10.1.1.1 D 127.0.0.1 D 10.1.2.1 D 127.0.0.1 D 10.1.2.2 D 127.0.0.1 D 127.0.0.1 Interface InLoopBack0 Tunnel2/0/0 InLoopBack0 Vlanif100 InLoopBack0 Vlanif100 InLoopBack0 InLoopBack0
# On Switch A, ping the IPv4 address of VLANIF 200 of Switch E. Switch A can receive the response packet from Switch E.
[SwitchA] ping 10.1.3.2 PING 10.1.3.2: 56 data bytes, press CTRL_C to break Reply from 10.1.3.2: bytes=56 Sequence=1 ttl=254 time=20 ms Reply from 10.1.3.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=5 ttl=254 time=1 ms --- 10.1.3.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/4/20 ms
Configuration Files
l Configuration file of Switch A
# sysname SwitchA # vlan batch 100 # interface Vlanif100 ip address 10.1.2.2 255.255.255.252 # interface GigabitEthernet1/0/0 port hybrid pvid vlan 100
Issue 01 (2011-07-15)
232
port hybrid untagged vlan 100 # ip route-static 10.1.3.2 255.255.255.252 vlanif 100 10.1.2.1 # ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.3 # return
Issue 01 (2011-07-15)
233
Issue 01 (2011-07-15)
234
interface GigabitEthernet1/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200 # ip route-static 10.1.2.2 255.255.255.252 vlanif 200 10.1.3.1 # ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.3 # return
Issue 01 (2011-07-15)
235