Page 1: Configuration Guide
HP A7500 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998- 1 867 Software version: Release 6626 and later Document version: 6W101-201 1 1 130...
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Page 3: Table Of Contents
Contents ARP configuration························································································································································· 1 ARP overview·····································································································································································1 ARP function ······························································································································································1 ARP message format ················································································································································1 Operation of ARP ·····················································································································································2 ARP table···································································································································································3 Configuring ARP································································································································································3 Configuring a static ARP entry ································································································································3 Configuring the maximum number of dynamic ARP entries for an interface·····················································4 Setting the age timer for dynamic ARP entries ······································································································4 Enabling dynamic ARP entry check························································································································5 Configuring ARP quick update································································································································5 Enabling natural mask support for ARP requests ··································································································6...
Page 4 IP address lease extension···································································································································· 29 DHCP message format··················································································································································· 30 DHCP options ································································································································································· 31 Overview································································································································································ 31 Introduction to DHCP options······························································································································· 31 Custom options ······················································································································································ 31 Protocols and standards ················································································································································ 34 DHCP server configuration ········································································································································35 Introduction to DHCP server·········································································································································· 35 Application environment······································································································································· 35 DHCP address pool···············································································································································...
Page 5 Correlating a DHCP server group with a relay agent interface················································································ 58 Configuring the DHCP relay agent security functions ································································································ 59 Configuring address check ·································································································································· 59 Configuring periodic refresh of dynamic client entries ····················································································· 59 Enabling unauthorized DHCP server detection ·································································································· 60 Enabling DHCP starvation attack protection ······································································································...
Page 6 Configuring TCP attributes ············································································································································ 90 Configuring TCP path MTU discovery················································································································· 90 Configuring the TCP send/receive buffer size ··································································································· 91 Configuring TCP timers ········································································································································· 92 Configuring ICMP to send error packets ····················································································································· 92 Introduction ···························································································································································· 92 Configuration procedure ······································································································································ 93 Enabling support for ICMP extensions ························································································································· 94 Introduction ····························································································································································...
Page 7 Address/prefix lease renewal ····································································································································129 Stateless DHCPv6 configuration ·································································································································130 Introduction ··························································································································································130 Operation·····························································································································································131 Protocols and standards ··············································································································································131 DHCPv6 relay agent configuration························································································································ 132 Introduction to the DHCPv6 relay agent ····················································································································132 Application environment·····································································································································132 Operation of DHCPv6 relay agent····················································································································132 Configuring the DHCPv6 relay agent ························································································································133 Configuration prerequisites ································································································································133 Configuration procedure ····································································································································133 Displaying and maintaining the DHCPv6 relay agent·····························································································134...
Page 8 Configuration prerequisites ································································································································163 Configuration guidelines ····································································································································163 Configuration procedure ····································································································································164 Configuration example ·······································································································································164 Configuring an IPv4 over IPv4 tunnel ························································································································167 Configuration prerequisites ································································································································167 Configuration guidelines ····································································································································167 Configuration procedure ····································································································································168 Configuration example ·······································································································································168 Configuring an IPv4 over IPv6 manual tunnel···········································································································171 Configuration prerequisites ································································································································171 Configuration guidelines ····································································································································171 Configuration procedure ····································································································································172 Configuration example ·······································································································································172...
Page 9: Arp Configuration
ARP configuration NOTE: You can use the port link-mode command to set an Ethernet port to operate in bridge (Layer 2) or route Layer 2—LAN Switching Configuration Guide mode (Layer 3) (see ARP overview ARP function The Address Resolution Protocol (ARP) is used to resolve an IP address into a physical address (Ethernet MAC address, for example).
Page 10: Operation Of Arp
Target protocol address: Protocol address of the device the message is being sent to. • Operation of ARP If Host A and Host B are on the same subnet and Host A sends a packet to Host B, as shown in Figure 2, the resolution process is: Host A looks in its ARP table to see whether there is an ARP entry for Host B.
Page 11: Arp Table
ARP table After obtaining a host’s MAC address, the device adds the IP-to-MAC mapping into its own ARP table. This mapping is used for forwarding packets with the same destination in the future. An ARP table contains dynamic and static ARP entries. Dynamic ARP entry A dynamic entry is automatically created and maintained by ARP.
Page 12: Configuring The Maximum Number Of Dynamic Arp Entries For An Interface
To do… Use the command… Remarks arp static ip-address mac-address Configure a vlan-id interface-type long static interface-number [ vpn-instance Configure ARP entry Required vpn-instance-name ] a static Use either command. ARP entry Configure a arp static ip-address mac-address short static [ vpn-instance vpn-instance-name ] ARP entry CAUTION:...
Page 13: Enabling Dynamic Arp Entry Check
Follow these steps to set the age timer for dynamic ARP entries: To do… Use the command… Remarks Enter system view system-view — Optional Set the age timer for dynamic ARP arp timer aging aging-time entries 20 minutes by default. Enabling dynamic ARP entry check The dynamic ARP entry check function controls whether the device supports dynamic ARP entries with multicast MAC addresses.
Page 14: Enabling Natural Mask Support For Arp Requests
Disabled by default. NOTE: HP recommends enabling ARP quick update in WLANs only. Enabling natural mask support for ARP requests This feature enables the device to learn the sender IP and MAC addresses in a received ARP request whose sender IP address is on the same classful network as but a different subnet from the IP address of the receiving interface.
Page 15: Displaying And Maintaining Arp
Internet Group Management Protocol (IGMP) multicast mode: The switch sends packets only out of • the ports that connect to the cluster members rather than all ports. NOTE: A7500 can work with the NLB of Windows Server. • Multicast ARP is applicable to only multicast-mode NLB. •...
Page 16: Arp Configuration Example
To do… Use the command… Remarks display arp vpn-instance vpn-instance-name Display the ARP entries for a [ count ] [ | { begin | exclude | include } Available in any view specified VPN instance regular-expression ] Display the age timer for dynamic display arp timer aging [ | { begin | exclude Available in any view ARP entries...
Page 17: Multicast Arp Configuration Example
# Create VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit # Add interface GigabitEthernet 1/0/1 to VLAN 10. [Switch] interface GigabitEthernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk permit vlan 10 [Switch-GigabitEthernet1/0/1] quit # Create interface VLAN-interface 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.2 24 [Switch-vlan-interface10] quit...
Page 18 Figure 5 Network diagram for multicast ARP configuration I Host B IP:10.0.0.3/24 GE3/0/1 GE3/0/4 Virtual IP : 16.1.1.100/24 GE4/0/2 Switch Virtual MAC:03bf-1001-0164 Host A GE4/0/3 IP:10.0.0.2/24 Server B IP:16.1.1.16/24 Server A IP:16.1.1.18/24 Configuration procedure NOTE: • This example only gives the configurations on the switch. For the NLB configuration on the servers, see related documents for the Windows Server.
Page 19: Multicast Arp Configuration Example Ii
Verification NLB load sharing: Enable the FTP server function of Server A and Server B. Host A and Host B send • requests to the virtual IP address and each of them logs in to a different server. • NLB redundancy: Disable the network interface card of Server A. Host A and Host B send requests to the virtual IP address and both log in to the FTP server on Server B.
Page 20 # Specify an IP address for VLAN-interface 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] port GigabitEthernet 1/4/0/2 [Switch-vlan10] port GigabitEthernet 2/4/0/3 [Switch-vlan10] quit [Switch] interface vlan-interface 10 [Switch-Vlan-interface10] ip address 16.1.1.1 255.255.255.0 [Switch-Vlan-interface10] quit # Specify an IP address for VLAN-interface 20. [Switch] vlan 20 [Switch-vlan20] port GigabitEthernet 2/3/0/1 [Switch-vlan20] port GigabitEthernet 1/3/0/4...
Page 21: Gratuitous Arp Configuration
Gratuitous ARP configuration Introduction to gratuitous ARP In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device, the sender MAC address is the MAC address of the sending device, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.
Page 22: Configuring Gratuitous Arp
If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet takes the virtual MAC address of the virtual router. If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet takes the MAC address of the interface on the master router in the VRRP group.
Page 23: Proxy Arp Configuration
Proxy ARP configuration Proxy ARP overview Proxy ARP includes common proxy ARP and local proxy ARP. Common proxy ARP allows communication when a sending host considers the receiving host to be • on the same subnet, but the receiving host actually resides on a different subnet. •...
Page 24: Local Proxy Arp
Local proxy ARP As shown in Figure 8, Host A and Host B belong to VLAN 2, but are isolated at Layer 2. Host A connects to GigabitEthernet 1/0/3 while Host B connects to GigabitEthernet 1/0/1. Enable local proxy ARP on Switch A to allow Layer 3 communication between the two hosts.
Page 25: Displaying And Maintaining Proxy Arp
To do… Use the command… Remarks Required local-proxy-arp enable [ ip-range Enable local proxy ARP startIP to endIP ] Disabled by default. Displaying and maintaining proxy ARP To do… Use the command… Remarks display proxy-arp [ interface interface-type Display whether proxy ARP is interface-number ] [ | { begin | exclude | Available in any view enabled...
Page 26: Local Proxy Arp Configuration Example In Case Of Port Isolation
Configuration procedure # Create VLAN 2. <Switch> system-view [Switch] vlan 2 [Switch-vlan2] quit # Specify the IP address of interface VLAN-interface 1. [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 # Enable proxy ARP on interface VLAN-interface 1. [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit # Specify the IP address of interface VLAN-interface 2.
Page 27: Local Proxy Arp Configuration Example In Super Vlan
# Add GigabitEthernet 1/0/3, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to VLAN 2. Configure port isolation on Host A and Host B. <SwitchB> system-view [SwitchB] vlan 2 [SwitchB-vlan2] port GigabitEthernet 1/0/3 [SwitchB-vlan2] port GigabitEthernet 1/0/1 [SwitchB-vlan2] port GigabitEthernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] port-isolate enable [SwitchB-GigabitEthernet1/0/3] quit...
Page 28: Local Proxy Arp Configuration Example In Isolate-User-Vlan
Figure 11 Network diagram for configuring local proxy ARP in super VLAN Switch GE1/0/1 GE1/0/2 VLAN 10 Super VLAN Vlan-int10 192.168.10.100/16 VLAN 3 VLAN 2 Sub VLAN Sub VLAN Host A Host B 192.168.10.99/16 192.168.10.200/16 Configuration Procedure # Create the super VLAN and the sub-VLANs. Add GigabitEthernet 1/0/2 to VLAN 2 and GigabitEthernet 1/0/1 to VLAN 3.
Page 29 Figure 12 Network diagram for local proxy ARP configuration in isolate-user-VLAN Configuration procedure Configure Switch B # Create VLAN 2, VLAN 3, and VLAN 5 on Switch B. Add GigabitEthernet 1/0/3 to VLAN 2, GigabitEthernet 1/0/1 to VLAN 3, and GigabitEthernet 1/0/2 to VLAN 5. Configure VLAN 5 as the isolate-user-VLAN, and VLAN 2 and VLAN 3 as secondary VLANs.
Page 30 [SwtichA-vlan5] port GigabitEthernet 1/0/2 [SwitchA-vlan5] quit [SwtichA] interface vlan-interface 5 [SwtichA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0 From Host A, ping Host B. The ping operation is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to implement Layer 3 communication between Host A and Host B. [SwtichA-Vlan-interface5] local-proxy-arp enable From Host A, ping Host B.
Page 31: Ip Addressing Configuration
IP addressing configuration NOTE: interface The term in this document refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port Layer 2—LAN Switching Configuration Guide link-mode route command (see IP addressing overview...
Page 32: Special Ip Addresses
Class Address range Remarks 192.0.0.0 to –– 223.255.255.255 224.0.0.0 to Multicast addresses. 239.255.255.255 240.0.0.0 to Reserved for future use except for the broadcast address 255.255.255.255 255.255.255.255. Special IP addresses The following IP addresses are for special use, so they cannot be used as host IP addresses. IP address with an all-zero net ID: Identifies a host on the local network.
Page 33: Configuring Ip Addresses
With subnetting: Using the first 9 bits of the host-id for subnetting provides 512 (2 ) subnets. • However, only 7 bits remain available for the host ID. This allows 126 (2 – 2) hosts in each subnet, a total of 64,512 hosts (512 × 126). Configuring IP addresses An interface must have an IP address to communicate with other hosts.
Page 34 Assign a primary IP address and a secondary IP address to VLAN-interface 1 on the switch. • Set the primary IP address of VLAN-interface 1 as the gateway address of the hosts on subnet • 172.16.1.0/24, and the secondary IP address of VLAN-interface 1 as the gateway address of the hosts on subnet 172.16.2.0/24.
Page 35: Displaying And Maintaining Ip Addressing
# From the switch, ping a host on subnet 172.16.2.0/24 to verify the connectivity. <Switch> ping 172.16.2.2 PING 172.16.2.2: 56 data bytes, press CTRL_C to break Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms...
Page 36: Dhcp Overview
DHCP overview NOTE: interface The term in the DHCP features refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the Layer 2—LAN Switching Configuration Guide port link-mode route command (see the Introduction to DHCP The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration...
Page 37: Dynamic Ip Address Allocation Process
Dynamic IP address allocation process Figure 17 Dynamic IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. A DHCP server offers configuration parameters such as an IP address to the client, in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.
Page 38: Dhcp Message Format
DHCP message format Figure 18 shows the DHCP message format, which is based on the BOOTP message format although DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 18 DHCP message format •...
Page 39: Dhcp Options
DHCP options Overview DHCP uses the same message format as BOOTP, but DHCP uses the Option field to carry information for dynamic address allocation and to provide additional configuration information to clients. Figure 19 shows the DHCP option format. Figure 19 DHCP option format Introduction to DHCP options Common DHCP options: •...
Page 40 Vendor-specific option (Option 43) DHCP servers and clients use Option 43 to exchange vendor-specific configuration information. The DHCP client can obtain the following information through Option 43: Auto-Configuration Server (ACS) parameters, including the ACS URL, username, and password. • • Service provider identifier, which is acquired by the Customer Premises Equipment (CPE) from the DHCP server and sent to the ACS for selecting vender-specific configurations and parameters.
Page 41 contained in the sub-option. The server IP addresses field contains the IP addresses of the PXE servers. Figure 22 Format of the value field of the PXE server address sub-option Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information of the DHCP client.
Page 42: Protocols And Standards
Verbose padding format • Sub-option 1: Padded with the user-specified access node identifier (ID of the device that adds Option 82 in DHCP messages), and the type, number, and VLAN ID of the interface that received the client’s request. Figure 25 Sub-option 1 in verbose padding format NOTE: The VLAN ID field has a fixed length of 2 bytes.
Page 43: Dhcp Server Configuration
DHCP server configuration Introduction to DHCP server Application environment The DHCP server is well suited to networks where: Manual configuration and centralized management are difficult to implement. • • Many hosts need to acquire IP addresses dynamically. This may be because the number of hosts exceeds the number of assignable IP addresses, so it is impossible to assign a fixed IP address to each host.
Page 44: Ip Address Allocation Sequence
NOTE: The extended address pools on a DHCP server are independent of each other and no inheritance • relationship exists among them. IP address lease durations are not inherited. • Principles for selecting an address pool The DHCP server observes the following principles to select an address pool when assigning an IP address to a client: If there is an address pool where an IP address is statically bound to the MAC address or ID of the client, the DHCP server will select this address pool and assign the statically bound IP address to...
Page 45: Dhcp Server Configuration Task List
NOTE: Option 50 is the requested IP address field in DHCP-DISCOVER messages. It is padded by the client to specify the IP address that the client wants to obtain. The contents to be padded depend on the client. DHCP server configuration task list Complete the following tasks to configure the DHCP server: Task Remarks...
Page 46: Creating A Dhcp Address Pool
Task Remarks Specifying a server’s IP address for the DHCP client Configuring self-defined DHCP options Creating a DHCP address pool When creating a DHCP address pool, specify it as a common address pool or an extended address pool. Follow these steps to create a DHCP address pool: To do…...
Page 47 To do… Use the command… Remarks Required static-bind ip-address ip-address Specify the IP address No IP addresses are statically [ mask-length | mask mask ] bound by default. Specify the MAC static-bind mac-address Required to configure either of Specify the address mac-address the two...
Page 48: Configuring Dynamic Address Allocation For An Extended Address Pool
To do… Use the command… Remarks expired { day day [ hour hour Optional Specify the address lease duration [ minute minute ] [ second One day by default. second ] ] | unlimited } Return to system view quit —...
Page 49: Configuring A Domain Name Suffix For The Client
To do… Use the command… Remarks Optional Except IP addresses of the DHCP Exclude IP addresses from forbidden-ip ip-address&<1-8> server interfaces, all addresses in dynamic allocation the DHCP address pool are assignable by default. NOTE: Excluded IP addresses specified with the forbidden-ip command in DHCP address pool view are not assignable in the current extended address pool, but are assignable in other address pools.
Page 50: Configuring Bims Server Information For The Client
You can specify up to eight WINS servers in a DHCP address pool. You must also specify a NetBIOS node type in a DHCP address pool. There are four NetBIOS node types: b (broadcast)-node: The b-node client sends the destination name in a broadcast message. The •...
Page 51: Configuring Option 184 Parameters For The Client With Voice Service
Follow these steps to configure the gateways in the DHCP address pool: To do… Use the command… Remarks Enter system view system-view — dhcp server ip-pool pool-name Enter DHCP address pool view — [ extended ] Required Specify gateways gateway-list ip-address&<1-8> No gateway is specified by default.
Page 52: Specifying A Server's Ip Address For The Dhcp Client
When a switch starts up without loading any configuration file, the system sets an active interface (such as the interface of the default VLAN ) as the DHCP client to request from the DHCP server for parameters, such as an IP address and name of a TFTP server, and the bootfile name. After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization.
Page 53: Enabling Dhcp
Extend existing DHCP options. When the current DHCP options cannot meet the customers’ • requirements (for example, you cannot use the dns-list command to configure more than eight DNS server addresses), you can configure a self-defined option for extension. Follow these steps to configure a self-defined DHCP option in the DHCP address pool: To do…...
Page 54: Applying An Extended Address Pool On An Interface
To do… Use the command… Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Optional Enable the DHCP server on an dhcp select server global-pool [ subaddress ] interface Enabled by default. NOTE: If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of whether the subaddress keyword is used, will select an IP address from the address pool containing the primary IP address of the DHCP relay agent’s interface (connected to the client) for a requesting client.
Page 55: Configuring The Dhcp Server Security Functions
To do… Use the command… Remarks Optional By default, the DHCP server has no Apply an extended address dhcp server apply ip-pool extended address pool applied on its pool on the interface pool-name interface, and assigns an IP address from a common address pool to a requesting client.
Page 56: Enabling Client Offline Detection
To do… Use the command… Remarks Enter system view system-view — Optional Specify the number of ping dhcp server ping packets One ping packet by default. packets number The value 0 indicates that no ping operation is performed. Optional Configure a timeout waiting for dhcp server ping timeout 500 ms by default.
Page 57: Specifying The Threshold For Sending Trap Messages
To do… Use the command… Remarks Optional Enable the server to handle Option dhcp server relay information enable Enabled by default. NOTE: To support Option 82 requires configuring both the DHCP server and relay agent (or the device enabled with DHCP snooping). For more information, see the chapters “DHCP relay agent configuration” and “DHCP snooping configuration.
Page 58: Dhcp Server Configuration Examples
To do… Use the command… Remarks display dhcp server conflict { all | ip Display information about IP address ip-address } [ | { begin | exclude | include } Available in any view conflicts regular-expression ] display dhcp server expired { all | ip Display information about lease ip-address | pool [ pool-name ] } [ | { begin | Available in any view...
Page 59: Dynamic Ip Address Assignment Configuration Example
Figure 26 Network diagram for static IP address assignment Configuration procedure Configure the IP address of VLAN-interface 2 on Switch A. <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit Configure the DHCP server # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2.
Page 60 The IP addresses of VLAN-interfaces 1 and 2 on Switch A are 10.1.1.1/25 and 10.1.1.129/25 • respectively. • In address pool 10.1.1.0/25, configure the address lease duration as ten days and twelve hours, domain name suffix aabbcc.com, DNS server address 10.1.1.2/25, gateway 10.1.1.126/25, and WINS server 10.1.1.4/25.
Page 61: Self-Defined Option Configuration Example
[SwitchA-dhcp-pool-0] domain-name aabbcc.com [SwitchA-dhcp-pool-0] dns-list 10.1.1.2 [SwitchA-dhcp-pool-0] quit # Configure DHCP address pool 1 (subnet, gateway, lease duration, and WINS server). [SwitchA] dhcp server ip-pool 1 [SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128 [SwitchA-dhcp-pool-1] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-1] expired day 10 hour 12 [SwitchA-dhcp-pool-1] nbns-list 10.1.1.4 [SwitchA-dhcp-pool-1] quit # Configure DHCP address pool 2 (subnet, gateway, and lease duration).
Page 62: Troubleshooting Dhcp Server Configuration
[SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server global-pool [SwitchA-Vlan-interface2] quit # Configure DHCP address pool 0. [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] option 43 hex 80 0B 00 00 02 01 02 03 04 02 02 02 02 Verification After the preceding configuration is complete, Switch B can obtain its IP address on 10.1.1.0/24 and PXE server addresses from the Switch A.
Page 63: Dhcp Relay Agent Configuration
DHCP relay agent configuration NOTE: The DHCP relay agent configuration is supported only on Layer 3 Ethernet ports (or subinterfaces), VLAN interfaces, and Layer 3 aggregate interfaces. Introduction to DHCP relay agent Application environment Via a relay agent, DHCP clients can communicate with a DHCP server on another subnet to obtain configuration parameters.
Page 64: Dhcp Relay Agent Support For Option 82
Figure 30 DHCP relay agent work process After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode. Based on the giaddr field, the DHCP server returns an IP address and other configuration parameters to the relay agent, and the relay agent conveys them to the client.
Page 65: Dhcp Relay Agent Configuration Task List
If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Forward the message after adding the — normal Option 82 padded in normal format. Forward the message after adding the no Option 82 — verbose Option 82 padded in verbose format.
Page 66: Correlating A Dhcp Server Group With A Relay Agent Interface
To do… Use the command… Remarks Required Enable the DHCP relay agent on dhcp select relay With DHCP enabled, interfaces the current interface work in the DHCP server mode. NOTE: The IP address pool containing the IP address of the DHCP relay agent enabled interface must be configured on the DHCP server.
Page 67: Configuring The Dhcp Relay Agent Security Functions
Configuring the DHCP relay agent security functions Configuring address check Address check can block illegal hosts from accessing external networks. With this feature enabled, the DHCP relay agent can dynamically record clients’ IP-to-MAC bindings after they obtain IP addresses through DHCP. This feature also supports static bindings. You can also configure static IP-to-MAC bindings on the DHCP relay agent, so users can access external networks using fixed IP addresses.
Page 68: Enabling Unauthorized Dhcp Server Detection
If the server returns a DHCP-ACK message or does not return any message within a specified • interval, the DHCP relay agent ages out the entry. • If the server returns a DHCP-NAK message, the relay agent keeps the entry. Follow these steps to configure periodic refresh of dynamic client entries: To do…...
Page 69: Enabling Offline Detection
address field of the frame. If they are the same, the DHCP relay agent decides this request as valid and forwards it to the DHCP server; if not, it discards the DHCP request. Follow these steps to enable MAC address check: To do…...
Page 70: Configuring The Dhcp Relay Agent To Support Option 82
Follow these steps to configure the DHCP relay agent to send DHCP-RELEASE messages: To do… Use the command… Remarks Enter system view system-view — Configure the DHCP relay agent to release an dhcp relay release ip client-ip Required IP address NOTE: The IP address to be released must be available in a dynamic client entry.
Page 71: Displaying And Maintaining The Dhcp Relay Agent
To do… Use the command… Remarks dhcp relay information format Configure the { normal | verbose Optional padding format for [ node-identifier { mac | normal by default. Option 82 sysname | user-defined node-identifier } ] } Optional By default, the code type depends on the padding format Configure the code dhcp relay information...
Page 72: Dhcp Relay Agent Configuration Examples
To do… Use the command… Remarks Display information about the display dhcp relay server-group { group-id Available in any configuration of a specified DHCP | all } [ | { begin | exclude | include } view server group or all DHCP server groups regular-expression ] display dhcp relay statistics [ server-group Available in any...
Page 73: Dhcp Relay Agent Option 82 Support Configuration Example
[SwitchA-Vlan-interface1] dhcp select relay # Correlate VLAN-interface 1 to DHCP server group 1. [SwitchA-Vlan-interface1] dhcp relay server-select 1 After the preceding configuration is complete, DHCP clients can obtain IP addresses and other network parameters through the DHCP relay agent from the DHCP server. You can use the display dhcp relay statistics command to view statistics of DHCP packets forwarded by DHCP relay agents.
Page 74: Troubleshooting Dhcp Relay Agent Configuration
NOTE: Configurations on the DHCP server are also required to make the Option 82 configurations function normally. Troubleshooting DHCP relay agent configuration Symptom DHCP clients cannot obtain any configuration parameters via the DHCP relay agent. Analysis Problems may occur with the DHCP relay agent or server configuration. Solution To locate the problem, enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information.
Page 75: Dhcp Client Configuration
DHCP client configuration NOTE: The DHCP client configuration is supported only on Layer 3 Ethernet ports (or subinterfaces), VLAN • interfaces, and Layer 3 aggregate interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a •...
Page 76: Dhcp Client Configuration Example
DHCP client configuration example Network requirements As shown in Figure 32, on a LAN, Switch B contacts the DHCP server via VLAN-interface 2 to obtain an IP address, DNS server address, and static route information. The IP address resides on network 10.1.1.0/24.
Page 77 [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ip address dhcp-alloc Verification # Use the display dhcp client command to view the IP address and other network parameters assigned to Switch B. [SwitchB-Vlan-interface2] display dhcp client verbose Vlan-interface2 DHCP client information: Current machine state: BOUND Allocated IP: 10.1.1.3 255.255.255.0 Allocated lease: 864000 seconds, T1: 432000 seconds, T2: 756000 seconds Lease from 2009.02.20 11:06:35...
Page 78: Dhcp Snooping Configuration
DHCP snooping configuration NOTE: The DHCP snooping-enabled device must be either between the DHCP client and relay agent, or between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. DHCP snooping overview Functions of DHCP snooping DHCP snooping can:...
Page 79: Application Environment Of Trusted Ports
Application environment of trusted ports Configuring a trusted port connected to a DHCP server Figure 33 Configure trusted and untrusted ports As shown in Figure 33, the DHCP snooping device port that is connected to an authorized DHCP server should be configured as a trusted port. The trusted port forwards reply messages from the authorized DHCP server to the client, but the untrusted port does not forward reply messages from the unauthorized DHCP server.
Page 80: Dhcp Snooping Support For Option 82
Table 4 describes the roles of the ports shown in Figure Table 4 Roles of ports Trusted port disabled from Trusted port enabled to Device Untrusted port recording binding entries record binding entries Switch A GigabitEthernet 1/0/1 GigabitEthernet 1/0/3 GigabitEthernet 1/0/2 GigabitEthernet 1/0/3 and Switch B GigabitEthernet 1/0/1...
Page 81: Dhcp Snooping Configuration Task List
NOTE: The handling strategy and padding format for Option 82 on the DHCP snooping device are the same as those on the relay agent. DHCP snooping configuration task list Complete the following tasks to configure DHCP snooping: Task Remarks Configuring DHCP snooping basic functions Required Configuring DHCP snooping to support Option 82 Optional...
Page 82: Configuring Dhcp Snooping To Support Option 82
To do… Use the command… Remarks — interface interface-type Enter Ethernet interface view The interface connects to the DHCP interface-number server. Required Specify the port as a trusted port that records the IP-to-MAC dhcp-snooping trust After DHCP snooping is enabled, a bindings of clients port is an untrusted port by default Return to system view...
Page 83: Configuring Dhcp Snooping Entries Backup
To do… Use the command… Remarks Enter interface view interface interface-type interface-number — Required Enable DHCP snooping to support dhcp-snooping information enable Option 82 Disabled by default. Optional Configure the handling strategy for dhcp-snooping information strategy requests containing Option 82 { drop | keep | replace } replace by default.
Page 84: Enabling Dhcp Starvation Attack Protection
Follow these steps to configure DHCP snooping entries backup To do… Use the command… Remarks Enter system view system-view — Required Not specified by default. DHCP snooping entries are stored Specify the name of the file for dhcp-snooping binding immediately after this command is storing DHCP snooping entries database filename filename used and then updated at the...
Page 85: Enabling Dhcp-Request Message Attack Protection
To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Required Enable MAC address check dhcp-snooping check mac-address Disabled by default. NOTE: You can enable MAC address check only on Layer 2 Ethernet ports and Layer 2 aggregate interfaces. Enabling DHCP-REQUEST message attack protection Attackers may forge DHCP-REQUEST messages to renew the IP address leases for legitimate DHCP...
Page 86: Displaying And Maintaining Dhcp Snooping
To identify DHCP packets from unauthorized DHCP servers, DHCP snooping delivers all incoming • DHCP packets to the CPU. If a malicious user sends a large number of DHCP requests to the DHCP snooping device, the CPU of the device will be overloaded, and the device may even crash. To solve this problem, you can configure DHCP packet rate limit on relevant interfaces.
Page 87: Dhcp Snooping Configuration Examples
DHCP snooping configuration examples DHCP snooping configuration example Network requirements As shown in Figure 35, Switch B is connected to a DHCP server through GigabitEthernet 1/0/1, and to two DHCP clients through GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. GigabitEthernet 1/0/1 forwards DHCP server responses while the other two do not. Switch B records clients’...
Page 88: Enable Dhcp Snooping
Configuration procedure # Enable DHCP snooping. <SwitchB> system-view [SwitchB] dhcp-snooping # Specify GigabitEthernet 1/0/1 as trusted. [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 to support Option 82. [SwitchB] interface GigabitEthernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information enable [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information strategy replace [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information circuit-id string company001 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information remote-id string device001...
Page 89: Ipv4 Dns Configuration
IPv4 DNS configuration DNS overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into corresponding IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. DNS services can be static or dynamic.
Page 90: Configuring The Ipv4 Dns Client
The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices. Dynamic domain name resolution allows the DNS client to store latest mappings between domain names and IP addresses in the dynamic domain name cache.
Page 91: Configuring Dynamic Domain Name Resolution
Configuring dynamic domain name resolution To send DNS queries to a correct server for resolution, dynamic domain name resolution needs to be enabled and a DNS server needs to be configured. In addition, you can configure a DNS suffix that the system will automatically add to the provided domain name for resolution.
Page 92: Ipv4 Dns Configuration Examples
To do… Use the command… Remarks Display the information of the display dns host ip [ | { begin | dynamic IPv4 domain name exclude | include } Available in any view cache regular-expression ] Clear the information of the dynamic IPv4 domain name reset dns host ip Available in user view...
Page 93: Dynamic Domain Name Resolution Configuration Example
Dynamic domain name resolution configuration example Network requirements As shown in Figure 38, the device wants to access the host by using an easy-to-remember domain name rather than an IP address, and to request the DNS server on the network for an IP address by using dynamic domain name resolution.
Page 94 Figure 39 Create a zone # Create a mapping between host name and IP address. Figure 40 Add a host Figure 40, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 41.
Page 95 Figure 41 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Use the ping host command on the device to verify that the communication between the device and the...
Page 96: Troubleshooting Ipv4 Dns Configuration
Troubleshooting IPv4 DNS configuration Symptom After enabling dynamic domain name resolution, the user cannot get the correct IP address. Solution Use the display dns host ip command to verify that the specified domain name is in the cache. • If the specified domain name does not exist, check that dynamic domain name resolution is enabled •...
Page 97: Ip Performance Optimization Configuration
IP performance optimization configuration NOTE: interface The term in this document refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port Layer 2—LAN Switching Configuration Guide link-mode route command (see Enabling receiving and forwarding of directed...
Page 98: Configuration Example
NOTE: If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL can • be forwarded. If you repeatedly execute the ip forward-broadcast command on an interface, only the last executed • acl-number command takes effect. If the command executed last does not include acl , the ACL configured previously is removed.
Page 99: Configuring The Tcp Send/Receive Buffer Size
Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection. The TCP source device sends subsequent TCP segments that each are smaller than the MSS (MSS =path MTU–IP header length–TCP header length). NOTE: If the TCP source device still receives ICMP error messages when the MSS is smaller than 32 bytes, the •...
Page 100: Configuring Tcp Timers
Configuring TCP timers You can configure the following TCP timers: synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packet is • received within the synwait timer interval, the TCP connection cannot be created. •...
Page 101: Configuration Procedure
ICMP timeout packets If the device receives an IP packet with a timeout error, it drops the packet and sends an ICMP timeout packet to the source. The device sends an ICMP timeout packet under the following conditions: • If the device finds that the destination of a packet is not itself and the TTL field of the packet is 1, it will send a “TTL timeout”...
Page 102: Enabling Support For Icmp Extensions
To do… Use the command… Remarks Required Enable sending of ICMP redirect packets ip redirects enable Disabled by default. Required Enable sending of ICMP timeout packets ip ttl-expires enable Disabled by default. Required Enable sending of ICMP destination ip unreachables enable unreachable packets Disabled by default.
Page 103: Configuration Procedure
Table 6 Handling ICMP messages Device mode ICMP messages sent ICMP messages received Remarks Extension information in Common mode Common ICMP messages Common ICMP messages extended ICMP messages will not be processed. Extended ICMP messages Common ICMP messages Common ICMP messages without a length field are Compliant mode Extended ICMP messages...
Page 104 To do… Use the command… Remarks display ip statistics [ chassis chassis-number Display statistics of IP packets (in IRF slot slot-number ] [ | { begin | exclude | Available in any view mode) include } regular-expression ] display icmp statistics [ slot slot-number ] [ | Display ICMP statistics (in { begin | exclude | include } Available in any view...
Page 105: Udp Helper Configuration
UDP Helper configuration NOTE: interface The term in this document refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port Layer 2—LAN Switching Configuration Guide link-mode route command (see Introduction to UDP Helper...
Page 106: Displaying And Maintaining Udp Helper
CAUTION: The receiving of directed broadcasts to a directly connected network is disabled by default on the switch. • As a result, UDP Helper is available only when the ip forward-broadcast command is configured in system view. For more information about reception and forwarding of directed broadcasts to a directly connected network, see the chapter “IP performance optimization configuration.”...
Page 107 # Enable Switch A to receive directed broadcasts. <SwitchA> system-view [SwitchA] ip forward-broadcast # Enable UDP Helper. [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1...
Page 108: Ipv6 Basics Configuration
IPv6 basics configuration NOTE: interface The term in this document refers to Layer 3 interfaces, including VLAN interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port Layer 2—LAN Switching Configuration Guide link-mode route command (see IPv6 overview...
Page 109: Ipv6 Addresses
Hierarchical address structure IPv6 uses hierarchical address structure to speed up route lookups and reduce the IPv6 routing table size through route aggregation. Address autoconfiguration To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration. Stateful address autoconfiguration enables a host to acquire an IPv6 address and other •...
Page 110 CAUTION: A double colon may appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents, and correctly convert it to zeros to restore a 128-bit IPv6 address.
Page 111 Link-local addresses are used for communication among link-local nodes for neighbor discovery • and stateless autoconfiguration. Packets with link-local source or destination addresses are not forwarded to other links. • Site-local unicast addresses are similar to private IPv4 addresses. Packets with site-local source or destination addresses are not forwarded out of the local site (or a private network).
Page 112: Ipv6 Neighbor Discovery Protocol
Figure 45 Convert a MAC address into an EUI-64 address-based interface identifier On a tunnel interface • The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros.
Page 113 ICMPv6 message Type Function Informs the source host of a better next hop on the path to a Redirect message particular destination when certain conditions are satisfied. Address resolution This function is similar to the ARP function in IPv4. An IPv6 node acquires the link-layer addresses of neighboring nodes on the same link through NS and NA message exchanges.
Page 114 Figure 47 Duplicate address detection Host A sends an NS message whose source address is the unspecified address and whose destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected. The NS message contains the IPv6 address. If Host B uses this IPv6 address, Host B returns an NA message.
Page 115: Ipv6 Pmtu Discovery
The selected route itself is not created or modified by an ICMPv6 Redirect message. • • The selected route is not the default route. The IPv6 packet to be forwarded does not contain any routing header. • IPv6 PMTU discovery The links that a packet passes from a source to a destination may have different MTUs.
Page 116: Protocols And Standards
Tunneling Tunneling is an encapsulation technology that utilizes one network protocol to encapsulate packets of another network protocol and transfer them over the network. For more information about tunneling, see the chapter “Tunneling configuration.” Protocols and standards Protocols and standards related to IPv6 include: RFC 1881, IPv6 Address Allocation Management •...
Page 117: Configuring Basic Ipv6 Functions
Task Remarks Configuring a static PMTU for a specified IPv6 address Optional Configuring PMTU discovery Configuring the aging time for dynamic PMTUs Optional Configuring IPv6 TCP properties Optional Configuring the maximum ICMPv6 error packets sent in an Optional interval Enabling replying to multicast echo requests Optional Configuring ICMPv6 packet sending Enabling sending of ICMPv6 time exceeded messages...
Page 118: Manual Configuration
EUI-64 IPv6 addressing Follow these steps to configure an interface to generate an EUI-64 IPv6 address: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Configure the interface to ipv6 address generate an EUI-64 IPv6 By default, no IPv6 global unicast ipv6-address/prefix-length eui-64...
Page 119: Configuring An Ipv6 Link-Local Address
configured on an IEEE 802 interface, the system can generate two addresses, public IPv6 address and temporary IPv6 address. • Public IPv6 address: Comprises an address prefix provided by the RA message, and a fixed interface ID generated based on the MAC address of the interface. Temporary IPv6 address: Comprises an address prefix provided by the RA message, and a random •...
Page 120 NOTE: An interface can have only one link-local address. To avoid link-local address conflicts, use the • automatic generation method. Manual assignment takes precedence over automatic generation. If you first use automatic generation • and then manual assignment, the manually assigned link-local address will overwrite the automatically generated one.
Page 121: Configure An Ipv6 Anycast Address
Configure an IPv6 anycast address Follow these steps to configure an IPv6 anycast address for an interface: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional ipv6 address By default, no IPv6 anycast Configure an IPv6 anycast address ipv6-address/prefix-length anycast address is configured on an...
Page 122: Configuring The Maximum Number Of Neighbors Dynamically Learned
Configuring the maximum number of neighbors dynamically learned The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table. A large table can reduce the forwarding performance of the device.
Page 123 Parameters Description Prefix Information After receiving the prefix information, the hosts on the same link can perform options stateless autoconfiguration. Ensure that all nodes on a link use the same MTU value. Determines whether hosts use the stateful autoconfiguration to acquire IPv6 addresses.
Page 124 To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Optional By default, no prefix information is ipv6 nd ra prefix { ipv6-prefix configured for RA messages, and the prefix-length | IPv6 address of the interface sending RA Configure the prefix information ipv6-prefix/prefix-length } messages is used as the prefix...
Page 125: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad
NOTE: The maximum interval for sending RA messages should be less than (or equal to) the router lifetime in • RA messages, so the router can be updated through an RA message before expiration. The values of the NS retransmission timer and the reachable time configured for an interface are sent to •...
Page 126: Configuring The Aging Time For Dynamic Pmtus
Configuring the aging time for dynamic PMTUs After the path MTU from a source host to a destination host is dynamically determined (see “IPv6 PMTU discovery”), the source host sends subsequent packets to the destination host based on this MTU. After the aging time expires, the dynamic PMTU is removed and the source host re-determines a dynamic path MTU through the PMTU mechanism.
Page 127: Configuring Icmpv6 Packet Sending
Configuring ICMPv6 packet sending Configuring the maximum ICMPv6 error packets sent in an interval If too many ICMPv6 error packets are sent within a short time in a network, network congestion may occur. To avoid network congestion, you can control the maximum number of ICMPv6 error packets sent within a specified time by adopting the token bucket algorithm.
Page 128: Enabling Sending Of Icmpv6 Destination Unreachable Messages
Upon receiving the first fragment of an IPv6 datagram with the destination IP address being the • local address, the device starts a timer. If the timer expires before all the fragments arrive, an ICMPv6 Fragment Reassembly Timeout message is sent to the source. If large quantities of malicious packets are received, the performance of a device degrades greatly because it must send back ICMP Time Exceeded messages.
Page 129: Displaying And Maintaining Ipv6 Basics Configuration
Displaying and maintaining IPv6 basics configuration To do… Use the command… Remarks display ipv6 fib [ vpn-instance vpn-instance-name ] [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] Display the IPv6 FIB entries Available in any view [ | { begin | exclude | include } regular-expression ] Display the IPv6 FIB entry of a display ipv6 fib [ vpn-instance vpn-instance-name ]...
Page 130: Ipv6 Basics Configuration Example
To do… Use the command… Remarks Display the statistics of IPv6 display ipv6 statistics [ slot slot-number ] [ | { begin packets and ICMPv6 packets (in Available in any view | exclude | include } regular-expression ] standalone mode) Display the statistics of IPv6 display ipv6 statistics [ chassis chassis-number slot packets and ICMPv6 packets (in...
Page 131 Figure 49 Network diagram for IPv6 address configuration NOTE: The VLAN interfaces have been created on the switch. Configuration procedure Configure Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Specify a global unicast address for VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 3001::1/64 [SwitchA-Vlan-interface2] quit # Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no...
Page 132 Verification # Display the IPv6 interface settings on Switch A. All of the IPv6 global unicast addresses configured on the interface are displayed. [SwitchA] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:2 Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es):...
Page 133 Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1:FF00:0 FF02::1:FF00:1 FF02::1:FF00:1C0 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds...
Page 134 # Display the IPv6 interface settings on Switch B. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es):...
Page 135: Troubleshooting Ipv6 Basics Configuration
CAUTION: When you ping a link-local address, you should use the -i parameter to specify an interface for the link-local address. [SwitchB] ping ipv6 -c 1 3001::1 PING 3001::1 : 56 data bytes, press CTRL_C to break Reply from 3001::1 bytes=56 Sequence=1 hop limit=64 time = 2 ms --- 3001::1 ping statistics ---...
Page 136: Dhcpv6 Overview
DHCPv6 overview Introduction to DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) was designed based on IPv6 addressing scheme and is used for assigning IPv6 prefixes, IPv6 addresses and other configuration parameters to hosts. Compared with other IPv6 address allocation methods (such as manual configuration and stateless address autoconfiguration), DHCPv6 can: •...
Page 137: Assignment Involving Four Messages
Assignment involving four messages Figure 51 shows the process of IPv6 address/prefix assignment involving four messages. Figure 51 Assignment involving four messages The assignment involving four messages operates in the following steps. The DHCPv6 client sends out a Solicit message, requesting an IPv6 address/prefix and other configuration parameters.
Page 138: Stateless Dhcpv6 Configuration
Figure 53 Using the Rebind message for address/prefix lease renewal As shown in Figure 53, if the DHCPv6 client receives no response from the DHCPv6 server after sending out a Renew message at T1, it multicasts a Rebind message to all DHCPv6 servers at T2 (that is, when 80% preferred lifetime expires).
Page 139: Operation
Operation Figure 54 Operation of stateless DHCPv6 As shown in Figure 54, stateless DHCPv6 operates in the following steps. The DHCPv6 client multicasts an Information-request message to the multicast address of all DHCPv6 servers and DHCPv6 relay agents. The Information-request message contains an Option Request option, specifying the configuration parameters that the client requests from the DHCPv6 server.
Page 140: Dhcpv6 Relay Agent Configuration
DHCPv6 relay agent configuration Introduction to the DHCPv6 relay agent Application environment Figure 55 Typical DHCPv6 relay agent application A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. As shown in Figure 55, if the DHCPv6 server resides on another subnet, the DHCPv6 client can contact the server via a DHCPv6 relay agent, so you...
Page 141: Configuring The Dhcpv6 Relay Agent
After you remove all the specified DHCPv6 servers from an interface with the undo ipv6 dhcp relay • server-address command, DHCPv6 relay agent is disabled on the interface. HP does not recommend enabling the DHCPv6 relay agent and DHCPv6 client on the same interface. •...
Page 142: Displaying And Maintaining The Dhcpv6 Relay Agent
Displaying and maintaining the DHCPv6 relay agent To do… Use the command… Remarks display ipv6 dhcp duid [ | { begin | exclude | Display the DUID of the local device Available in any view include } regular-expression ] display ipv6 dhcp relay server-address { all | Display DHCPv6 server addresses interface interface-type interface-number } [ | Available in any view...
Page 143 [SwitchA-Vlan-interface2] ipv6 address 2::1 64 [SwitchA-Vlan-interface2] quit [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ipv6 address 1::1 64 # Enable DHCPv6 relay agent and specify the DHCPv6 server address on VLAN-interface 3. [SwitchA-Vlan-interface3] ipv6 dhcp relay server-address 2::2 Configure Switch A as a gateway # Enable Switch A to send RA messages and turn on the M and O flags.
Page 144: Dhcpv6 Client Configuration
• For more information about the ipv6 address auto command, see the Reference HP does not recommend enabling the DHCPv6 client and DHCPv6 relay agent on the same interface at • the same time. Displaying and maintaining the DHCPv6 client To do…...
Page 145: Stateless Dhcpv6 Configuration Example
To do… Use the command… Remarks display ipv6 dhcp client statistics [ interface Display DHCPv6 client statistics interface-type interface-number ] [ | { begin | Available in any view exclude | include } regular-expression ] Display the DUID of the local display ipv6 dhcp duid [ | { begin | exclude | Available in any view device...
Page 146 [SwitchA-Vlan-interface2] ipv6 address auto With this command executed, if VLAN-interface 2 has no IPv6 address configured, Switch A will automatically generate a link-local address, and send an RS message, requesting the gateway (Switch B) to reply with an RA message immediately. Verification After receiving an RA message with the M flag set to 0 and the O flag set to 1, Switch A automatically enables the stateless DHCPv6 function.
Page 147: Ipv6 Dns Configuration
IPv6 DNS configuration Introduction to IPv6 DNS IPv6 Domain Name System (DNS) is responsible for translating domain names into IPv6 addresses. Like IPv4 DNS, IPv6 DNS includes static domain name resolution and dynamic domain name resolution. The functions and implementations of the two types of domain name resolution are the same as those of IPv4 DNS.
Page 148: Displaying And Maintaining Ipv6 Dns
To do… Use the command… Remarks Required Not specified by default. Specify a DNS dns server ipv6 ipv6-address If the IPv6 address of a DNS server is a server [ interface-type interface-number ] link-local address, you must specify the interface-type and interface-number arguments. Optional Configure a DNS dns domain domain-name...
Page 149: Dynamic Domain Name Resolution Configuration Example
Figure 59 Network diagram for static domain name resolution Configuration procedure # Configure a mapping between host name host.com and IPv6 address 1::2. <Device> system-view [Device] ipv6 host host.com 1::2 # Enable IPv6 packet forwarding. [Device] ipv6 # Use the ping ipv6 host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IPv6 address 1::2.
Page 150 Figure 60 Network diagram of dynamic domain name resolution Configuration procedure NOTE: Before performing the following configuration, make sure that the device and the host are accessible to • each other via available routes, and the IPv6 addresses of the interfaces are configured as shown Figure •...
Page 151 Figure 62 Create a record Figure 62, select Other New Records to bring up a dialog box as shown in Figure 63. Select IPv6 Host (AAA) as the resource record type.
Page 152 Figure 63 Select the resource record type As shown in Figure 64, type host name host and IPv6 address 1::1, and then click OK.
Page 153 Figure 64 Add a mapping between domain name and IPv6 address Configure the DNS client # Enable dynamic domain name resolution. <Device> system-view [Device] dns resolve # Specify the DNS server 2::2. [Device] dns server ipv6 2::2 # Configure com as the DNS suffix. [Device] dns domain com Configuration verification # Use the ping ipv6 host command on the device to verify that the communication between the device...
Page 154 Reply from 1::1 bytes=56 Sequence=3 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=4 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=5 hop limit=126 time = 1 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms...
Page 155: Tunneling Configuration
Tunneling configuration NOTE: You can set an Ethernet port to operate in route mode (Layer 3) or bridge mode (Layer 2) by using the port Layer 2—LAN Switching Configuration Guide link-mode route command (see Tunneling overview Tunneling is an encapsulation technology: one network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection.
Page 156 Figure 65 IPv6 over IPv4 tunnel The IPv6 over IPv4 tunnel processes packets in the following ways. A host in the IPv6 network sends an IPv6 packet to Device A at the tunnel source. After determining from the routing table that the packet needs to be forwarded through the tunnel, Device A encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel.
Page 157 Tunnel source/destination Tunnel interface Tunnel type Tunnel mode address address type The source IP address is a 6to4 address, in the manually configured IPv4 format of 6to4 tunneling address. The destination IP 2002:IPv4-source-addr address does not need to be ess::/48 configured.
Page 158: Ipv4 Over Ipv4 Tunneling
Figure 66 Principle of ISATAP tunneling IPv4 over IPv4 tunneling Introduction IPv4 over IPv4 tunneling (specified in RFC 1853) is developed for IP data packet encapsulation so that data can be transferred from one IPv4 network to another IPv4 network. Encapsulation and de-encapsulation Figure 67 Principle of IPv4 over IPv4 tunneling Packets traveling through a tunnel undergo encapsulation and de-encapsulation processes, as shown in...
Page 159: Ipv4 Over Ipv6 Tunneling
IPv4 over IPv6 tunneling Introduction IPv4 over IPv6 tunneling adds an IPv6 header to IPv4 packets so that the IPv4 packets can traverse an IPv6 network and reach another IPv4 network. Encapsulation and de-encapsulation Figure 68 Principle of IPv4 over IPv6 tunneling The encapsulation and de-encapsulation processes illustrated in Figure 69 are described as follows:...
Page 160: Ipv6 Over Ipv6 Tunneling
NOTE: The encapsulation and de-encapsulation of the IPv4-over-IPv6 GRE tunnel is slightly different from “Encapsulation and de-encapsulation.” For more information about GRE, see the chapter “GRE configuration.” IPv6 over IPv6 tunneling Introduction IPv6 over IPv6 tunneling (specified in RFC 2473) is developed for IPv6 data packet encapsulation so that encapsulated packets can be transmitted over an IPv6 network.
Page 161: Protocols And Standards
NOTE: GRE can realize the IPv6 over IPv6 tunnel function. For more information about related configurations, see the chapter “GRE configuration.” Protocols and standards RFC 1853, IP in IP Tunneling • • RFC 2473, Generic Packet Tunneling in IPv6 Specification RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers •...
Page 162: Configuration Procedure
transmitted over the tunnel. For creation and configuration of a service loopback group, see Layer 2—LAN Switching Configuration Guide. • In standalone mode, when active/standby switchover occurs or the standby card is removed, tunnels configured on the active or standby card still exist. To delete tunnels, use the undo interface tunnel command.
Page 163: Configuring An Ipv6 Manual Tunnel
To do… Use the command… Remarks Optional Shut down the tunnel interface shutdown By default, the interface is up. Configuring an IPv6 manual tunnel Configuration prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication.
Page 164: Configuration Example
To do… Use the command… Remarks Optional ipv6 address auto link-local Configure a By default, a link-local address will link-local IPv6 automatically be created when an ipv6 address ipv6-address address IPv6 global unicast address or link-local site-local address is configured. Required GRE over IPv4 tunnel by default.
Page 165 Configuration on Switch A • # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 3002::1 64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 to support the tunnel service.
Page 166 # Create service loopback group 1 to support the tunnel service. [SwitchB] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP and LLDP. [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] undo stp enable [SwitchB-GigabitEthernet1/0/3] undo lldp enable [SwitchB-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchB-GigabitEthernet1/0/3] quit # Configure an IPv6 manual tunnel.
Page 167: Configuring A 6To4 Tunnel
3001::2, subnet is 3001::/64 Joined group address(es): FF02::1:FF00:0 FF02::1:FF00:1 FF02::1:FFA8:3201 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: # Ping the IPv6 address of VLAN-interface 101 at the peer end from Switch A. [SwitchA] ping ipv6 3003::1 PING 3003::1 : 56 data bytes, press CTRL_C to break...
Page 168: Configuration Procedure
To encapsulate and forward IPv6 packets whose destination address does not belong to the subnet • where the receiving tunnel interface resides, configure a static route to reach the destination IPv6 address through this tunnel interface on the device. Because automatic tunnels do not support dynamic routing, you can configure a static route to that destination IPv6 address with this tunnel interface as the outbound interface or the peer tunnel interface address as the next hop.
Page 169: 6To4 Tunnel Configuration Example
6to4 tunnel configuration example Network requirements As shown in Figure 71, two 6to4 networks are connected to an IPv4 network through two 6to4 switches (Switch A and Switch B) respectively. Configure a 6to4 tunnel to make Host A and Host B reachable to each other.
Page 170 [SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64 [SwitchA-Vlan-interface101] quit # Create service loopback group 1 to support the tunnel service. [SwitchA] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP and LLDP on the interface. [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] undo stp enable [SwitchA-GigabitEthernet1/0/3] undo lldp enable...
Page 171: Configuring An Isatap Tunnel
[SwitchB-Tunnel0] ipv6 address 2002:0501:0101::1/64 [SwitchB-Tunnel0] source vlan-interface 100 [SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4 6to4 # Reference service loopback group 1 on the tunnel. [SwitchB-Tunnel0] service-loopback-group 1 [SwitchB-Tunnel0] quit # Configure a static route whose destination address is 2002::/16 and the next hop is the tunnel interface.
Page 172: Configuration Procedure
The automatic tunnel interfaces using the same encapsulation protocol cannot share the same • source IP address. Configuration procedure Follow these steps to configure an ISATAP tunnel: To do… Use the command… Remarks Enter system view — system-view Required Enable IPv6 ipv6 By default, the IPv6 forwarding function is disabled.
Page 173 Figure 72 Network diagram for an ISATAP tunnel Switch ISATAP switch Vlan-int100 Vlan-int101 3001::1/64 1.1.1.1/8 IPv6 network IPv4 network ISATAP tunnel GE1/0/3 Tunnel0 ISATAP host IPv6 host 2001::5EFE:0101:0101/64 3002::2/64 IPv4 address:2.1.1.2/32 IPv6 address: FE80::5EFE:0201:0102 2001::5EFE:0201:0102 Service loopack port Configuration procedure NOTE: Before configuring an ISATAP tunnel, make sure that the corresponding VLAN interfaces have been •...
Page 174 # Reference service loopback group 1 on the tunnel. [Switch-Tunnel0] service-loopback-group 1 [Switch-Tunnel0] quit # Configure a static route to the ISATAP host. [Switch] ipv6 route-static 2001:: 16 tunnel 0 Configuration on the ISATAP host • The specific configuration on the ISATAP host is related to its operating system. The following example shows the configuration of the host running the Windows XP.
Page 175: Configuring An Ipv4 Over Ipv4 Tunnel
DAD transmits 0 default site prefix length 48 # By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch.
Page 176: Configuration Procedure
If you specify a source interface instead of a source address for the tunnel, the source address of the • tunnel is the primary IP address of the source interface. Configuration procedure Follow these steps to configure an IPv4 over IPv4 tunnel: To do…...
Page 177 Configuration on Switch A • # Configure an IPv4 address for VLAN-interface 100. <SwitchA> system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Configure an IPv4 address for VLAN-interface 101 (configured on the physical interface of the tunnel). [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ip address 2.1.1.1 255.255.255.0 [SwitchA-Vlan-interface101] quit...
Page 178 [SwitchB-Vlan-interface101] ip address 3.1.1.1 255.255.255.0 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 to support the tunnel service. [SwitchB] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/3 to service loopback group 1, and disable STP and LLDP on the interface.
Page 179: Configuring An Ipv4 Over Ipv6 Manual Tunnel
[SwitchB] display interface tunnel 2 Tunnel2 current state: UP Line protocol current state: UP Description: Tunnel2 Interface The Maximum Transmit Unit is 1480 Internet Address is 10.1.2.2/24 Primary Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source 3.1.1.1(Vlan-interface101), destination 2.1.1.1 Tunnel protocol/transport IP/IP Last 300 seconds input: 0 bytes/sec, 0 packets/sec...
Page 180: Configuration Procedure
destination IPv4 address, specify this tunnel interface as the outbound interface, or the peer tunnel interface address as the next hop. A similar configuration is required at the other tunnel end. If you configure dynamic routing at both ends, enable the dynamic routing protocol on both tunnel interfaces.
Page 181 Figure 74 Network diagram for an IPv4 over IPv6 manual tunnel Configuration procedure NOTE: Before configuring an IPv4 over IPv6 tunnel, make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A •...
Page 182 # Configure the destination address of interface Tunnel 1 (IP address of VLAN-interface 101 of Switch B). [SwitchA-Tunnel1] destination 2002::2:1 # Reference service loopback group 1 on the tunnel. [SwitchA-Tunnel1] service-loopback-group 1 [SwitchA-Tunnel1] quit # Configure a static route from Switch A through interface Tunnel 1 to Group 2. [SwitchA] ip route-static 30.1.3.0 255.255.255.0 tunnel 1 Configuration on Switch B •...
Page 183 [SwitchB] ip route-static 30.1.1.0 255.255.255.0 tunnel 2 Verification After the configuration, display the status of the tunnel interfaces on Switch A and Switch B, respectively. [SwitchA] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1460 Internet Address is 30.1.2.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID is 1.
Page 184: Configuring An Ipv6 Over Ipv6 Tunnel
round-trip min/avg/max = 15/21/46 ms Configuring an IPv6 over IPv6 tunnel NOTE: Only EB and SD cards support configuring IPv4 over IPv6 manual tunnels. Configuration prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication.
Page 185: Configuration Example
To do… Use the command… Remarks interface or site-local By default, no IPv6 address is ipv6 address address configured for the tunnel interface. ipv6-address/prefix-length eui-64 ipv6 address auto link-local Configure an IPv6 link-local ipv6 address ipv6-address address link-local Optional GRE over IPv4 tunnel by default. Specify the IPv6 over IPv6 tunnel tunnel-protocol ipv6-ipv6 The same tunnel mode should be...
Page 186 NOTE: Before configuring an IPv6 over IPv6 tunnel, make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A • # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv6 address for VLAN-interface 100.
Page 187 <SwitchB> system-view [SwitchB] ipv6 # Configure an IPv6 address for VLAN-interface 100. [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 2002:3::1 64 [SwitchB-Vlan-interface100] quit # Configure an IPv6 address for VLAN-interface 101 (the physical interface of the tunnel). [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2002::22:1 64 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 to support the tunnel service.
Page 188 Joined group address(es): FF02::1:FF13:1 FF02::1:FF01:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1460 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: [SwitchB] display ipv6 interface tunnel 2 Tunnel2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::2024:1 Global unicast address(es):...
Page 189: Displaying And Maintaining Tunneling Configuration
round-trip min/avg/max = 1/19/31 ms Displaying and maintaining tunneling configuration To do… Use the command… Remarks display interface [ tunnel ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about tunnel Available in any view interfaces display interface tunnel number [ brief ] [ |...
Page 190: Gre Configuration
GRE configuration GRE overview Generic Routing Encapsulation (GRE) is a protocol designed for encapsulating and carrying the packets of one network layer protocol (for example, IP or IPX) over another network layer protocol (for example, IP). The path that transfers the encapsulated packets is referred to as a GRE tunnel. A GER tunnel is a virtual point-to-point (P2P) connection.
Page 191: Gre Encapsulation And De-Encapsulation Processes
GRE over IPv4—The transport protocol is IPv4, and the passenger protocol is any network layer • protocol. • GRE over IPv6—The transport protocol is IPv6, and the passenger protocol is any network layer protocol. GRE encapsulation and de-encapsulation processes Figure 78 X protocol networks interconnected through a GRE tunnel The following takes the network shown in Figure 78 as an example to describe how an X protocol packet...
Page 192: Protocols And Standards
Protocols and standards RFC 1701, Generic Routing Encapsulation (GRE) • RFC 1702, Generic Routing Encapsulation over IPv4 networks • RFC 2784, Generic Routing Encapsulation (GRE) • Configuring a GRE over IPv4 tunnel NOTE: Only EB and SD cards support this feature. Configuration prerequisites •...
Page 193: Configuring A Gre Over Ipv6 Tunnel
To do… Use the command… Remarks Required Create a tunnel interface and enter interface tunnel interface-number By default, a device has no tunnel tunnel interface view interface. Required Configure an IPv4 address for the ip address ip-address { mask | By default, a tunnel interface has tunnel interface mask-length }...
Page 194: Configuration Prerequisites
Configuration prerequisites On each of the peer devices, configure an IP address for the interface to be used as the source • interface of the tunnel interface (which can be a, for example, VLAN interface or loopback interface), and make sure that this interface can normally communicate with the interface used as the source interface of the tunnel interface on the peer device.
Page 195: Displaying And Maintaining Gre
To do… Use the command… Remarks Required By default, the tunnel is a GRE over IPv4 tunnel. Set the tunnel mode to GRE over tunnel-protocol gre ipv6 You must configure the same tunnel IPv6 mode on both ends of a tunnel. Otherwise, packet delivery will fail.
Page 196: Gre Over Ipv4 Tunnel Configuration Example
NOTE: Layer For information about commands display interface tunnel and display ipv6 interface tunnel, see 3—IP Services Command Reference GRE over IPv4 tunnel configuration example Network requirements Switch A and Switch B are interconnected through the Internet. Two private IPv4 subnets Group 1 and Group 2 are interconnected through a GRE tunnel between the two switches.
Page 197 [SwitchA-GigabitEthernet1/0/3] undo stp enable [SwitchA-GigabitEthernet1/0/3] undo lldp enable [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Create a tunnel interface Tunnel 1. [SwitchA] interface tunnel 1 # Configure an IPv4 address for interface Tunnel 1. [SwitchA-Tunnel1] ip address 10.1.2.1 255.255.255.0 # Configure the tunnel encapsulation mode as GRE over IPv4.
Page 198 [SwitchB-GigabitEthernet1/0/3] quit # Create a tunnel interface Tunnel 1. [SwitchB] interface tunnel 1 # Configure an IPv4 address for interface Tunnel 1. [SwitchB-Tunnel1] ip address 10.1.2.2 255.255.255.0 # Configure the tunnel encapsulation mode as GRE over IPv4. [SwitchB-Tunnel1] tunnel-protocol gre # Configure the source address for interface Tunnel 1 (IP address of the VLAN interface to which GigabitEthernet 1/0/2 belongs).
Page 199: Gre Over Ipv6 Tunnel Configuration Example
Encapsulation is TUNNEL, service-loopback-group ID is 1. Tunnel source 2.2.2.2, destination 1.1.1.1 Tunnel bandwidth 64 (kbps) Tunnel protocol/transport GRE/IP GRE key disabled Checksumming of GRE packets disabled Last clearing of counters: Never Last 300 seconds input: 2 bytes/sec, 0 packets/sec Last 300 seconds output: 2 bytes/sec, 0 packets/sec 10 packets input,...
Page 200 NOTE: Before the configuration, make sure that Switch A and Switch B are reachable to each other. Configure Switch A <SwitchA> system-view # Enable IPv6. [SwitchA] ipv6 # Configure interface VLAN-interface 100. [SwitchA] vlan 100 [SwitchA-vlan100] port GigabitEthernet 1/0/1 [SwitchA-vlan100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit...
Page 201 # Configure a static route from Switch A through interface Tunnel 0 to Group 2. [SwitchA] ip route-static 10.1.3.0 255.255.255.0 tunnel 0 Configure Switch B <SwitchB> system-view # Enable IPv6. [SwitchB] ipv6 # Configure interface VLAN-interface 100. [SwitchB] vlan 100 [SwitchB-vlan100] port GigabitEthernet 1/0/1 [SwitchB-vlan100] quit [SwitchB] interface vlan-interface 100...
Page 202: Verify The Configuration
[SwitchB] ip route-static 10.1.1.0 255.255.255.0 tunnel 0 Verify the configuration # After the configuration, view the tunnel interface status on Switch A and Switch B respectively. [SwitchA] display interface Tunnel 0 Tunnel0 current state: UP Line protocol current state: UP Description: Tunnel0 Interface The Maximum Transmit Unit is 1456 Internet Address is 10.1.2.1/24 Primary...
Page 203: Troubleshooting Gre
--- 10.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms Troubleshooting GRE The key to configuring GRE is to keep the configurations consistent. Most faults can be located by using the debugging gre or debugging tunnel command. This section analyzes one type of fault for illustration, with the scenario shown in Figure Figure 81 Troubleshoot GRE...
Page 204: Index
Index A C D E G I M N P S T U Configuring the DHCPv6 client,136 Configuring the DHCPv6 relay agent,133 Address/prefix lease renewal,129 Configuring the IPv4 DNS client,82 Applying an extended address pool on an Configuring the IPv6 DNS client,139 interface,46 Configuring UDP...
Page 205 Displaying and maintaining tunneling Introduction to the DHCPv6 relay agent,132 configuration,181 Introduction to UDP Helper,97 Displaying and maintaining UDP Helper,98 IP addressing overview,23 overview,81 IPv4 DNS configuration examples,84 IPv6 basics configuration example,122 IPv6 basics configuration task list,108 Enabling DHCP,45 IPv6 DNS configuration examples,140 Enabling DHCP,57...
Page 206: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 207: Command Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 208 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

HP A7500 Series Configuration Manual

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for HP A7500 Series

Summary of Contents for HP A7500 Series