Professional Documents
Culture Documents
V100R006C01
01
Date
2011-10-26
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2011-10-26)
NM configuration engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 01 (2011-10-26)
TIP
NOTE
ii
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... }*
[ x | y | ... ]*
&<1-n>
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all changes made in previous issues.
Issue 01 (2011-10-26)
iii
Contents
Contents
About This Document.....................................................................................................................ii
1 IP Addresses Configuration........................................................................................................1
1.1 Introduction to IP Addresses..............................................................................................................................2
1.2 Features of IP Addresses Supported by the S5700.............................................................................................2
1.3 Configuring IP Addresses for Interfaces............................................................................................................3
1.3.1 Establishing the Configuration Task.........................................................................................................3
1.3.2 Configuring a Primary IP Address for an Interface...................................................................................3
1.3.3 (Optional) Configuring a Secondary IP Address for an Interface.............................................................4
1.3.4 Checking the Configuration.......................................................................................................................4
1.4 Configuration Examples.....................................................................................................................................5
1.4.1 Example for Setting Primary and Secondary IP Addresses......................................................................5
2 ARP Configuration........................................................................................................................8
2.1 Overview of ARP...............................................................................................................................................9
2.2 ARP Features Supported by the S5700..............................................................................................................9
2.3 Configuring Static ARP....................................................................................................................................10
2.3.1 Establishing the Configuration Task.......................................................................................................10
2.3.2 Configuring Common Static ARP Entries...............................................................................................11
2.3.3 Configuring Static ARP Entries in a VLAN...........................................................................................11
2.3.4 Configuring Static ARP Entries in a VPN Instance................................................................................12
2.3.5 Checking the Configuration.....................................................................................................................13
2.4 Optimizing Dynamic ARP................................................................................................................................13
2.4.1 Establishing the Configuration Task.......................................................................................................13
2.4.2 Modify the aging parameters of dynamic ARP.......................................................................................14
2.4.3 Enabling ARP Suppression Function......................................................................................................14
2.4.4 Enabling Layer 2 Topology Detection Function.....................................................................................15
2.4.5 Checking the Configuration.....................................................................................................................15
2.5 Configuring Routed Proxy ARP.......................................................................................................................15
2.5.1 Establishing the Configuration Task.......................................................................................................16
2.5.2 Configure an IP Addresses for the Interface............................................................................................16
2.5.3 Enabling the Routed Proxy ARP Function..............................................................................................17
2.5.4 Checking the Configuration.....................................................................................................................17
2.6 Configuring Proxy ARP Within a VLAN........................................................................................................17
Issue 01 (2011-10-26)
iv
Contents
3 DHCP Configuration..................................................................................................................36
3.1 Introduction to DHCP.......................................................................................................................................37
3.2 DHCP Features Supported by the S5700.........................................................................................................37
3.3 Configuring the DHCP Server Based on the Global Address Pool..................................................................39
3.3.1 Establishing the Configuration Task.......................................................................................................40
3.3.2 Configuring an Interface to Use Global Address Pool............................................................................41
3.3.3 Configuring Address Allocation Mode for Global Address Pool...........................................................42
3.3.4 (Optional) Configuring DNS for Global Address Pool...........................................................................43
3.3.5 (Optional) Configuring NetBIOS for Global Address Pool....................................................................44
3.3.6 (Optional) Configuring the Customized DHCP Option for the Global Address Pool............................45
3.3.7 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................46
3.3.8 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................47
3.3.9 Checking the Configuration.....................................................................................................................47
3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool...............................................48
3.4.1 Establishing the Configuration Task.......................................................................................................49
3.4.2 Configuring Address Allocation Mode for Interface Address Pool........................................................50
3.4.3 (Optional) Configuring the DNS Service of the VLANIF Interface Address Pool.................................51
3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF Interface Address Pool..........................52
3.4.5 (Optional) Configuring the Customized DHCP Option of the VLANIF Interface Address Pool...........53
3.4.6 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................54
3.4.7 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................54
3.4.8 Checking the Configuration.....................................................................................................................55
3.5 Configuring the DHCP Relay Agent................................................................................................................56
Issue 01 (2011-10-26)
Contents
4 DHCPv6 Configuration..............................................................................................................74
4.1 Introduction to DHCPv6...................................................................................................................................75
4.2 DHCPv6 Features Supported by the S5700.....................................................................................................76
4.3 Configuring DHCPv6 Relay.............................................................................................................................78
4.3.1 Establishing the Configuration Task.......................................................................................................78
4.3.2 Enabling the DHCPv6 Relay Function....................................................................................................78
4.3.3 (Optional) Configuring the Remote ID...................................................................................................79
4.3.4 (Optional) Configuring Rate Limit of DHCPv6 Messages.....................................................................81
4.3.5 Checking the Configuration.....................................................................................................................81
4.4 Maintaining DHCPv6.......................................................................................................................................82
4.4.1 Clearing the Statistics About DHCPv6 Messages Passing Through the DHCP Relay Agent................82
4.4.2 Monitoring the Running Status of the DHCPv6 Relay Agent.................................................................82
4.5 Configuration Examples...................................................................................................................................83
4.5.1 Example for Configuring DHCPv6 Relay...............................................................................................83
5 IP Performance Configuration..................................................................................................87
5.1 Introduction to IP Performance........................................................................................................................88
5.2 IP Performance Supported by the S5700..........................................................................................................88
5.3 Optimizing IP Performance..............................................................................................................................88
5.3.1 Establishing the Configuration Task.......................................................................................................88
5.3.2 Enabling an Interface to Check the Source IP Addresses of Packets......................................................89
5.3.3 Configuring ICMP Attributes..................................................................................................................90
5.3.4 Setting TCP Parameters...........................................................................................................................90
5.3.5 Checking the Configuration.....................................................................................................................91
5.4 Maintaining IP Performance.............................................................................................................................92
5.4.1 Clearing IP Performance Statistics..........................................................................................................92
5.4.2 Monitoring the Running Status of IP Performance.................................................................................93
5.4.3 Debugging IP Performance.....................................................................................................................94
5.5 Configuration Examples...................................................................................................................................94
5.5.1 Example for Disabling the Sending of ICMP Host Unreachable Packets...............................................95
Issue 01 (2011-10-26)
vi
Contents
7 DNS Configuration...................................................................................................................109
7.1 Introduction to DNS.......................................................................................................................................110
7.2 DNS Supported by the S5700.........................................................................................................................110
7.3 Configuring DNS............................................................................................................................................110
7.3.1 Establishing the Configuration Task.....................................................................................................110
7.3.2 Configuring Static DNS Entries............................................................................................................111
7.3.3 Configuring Dynamic DNS...................................................................................................................111
7.3.4 Checking the Configuration...................................................................................................................112
7.4 Maintaining DNS............................................................................................................................................113
7.4.1 Clearing DNS Entries............................................................................................................................113
7.4.2 Monitoring Network Operation Status of DNS.....................................................................................114
7.4.3 Debugging DNS....................................................................................................................................114
7.5 Configuration Examples.................................................................................................................................115
7.5.1 Example for Configuring DNS..............................................................................................................115
vii
Contents
viii
Contents
Issue 01 (2011-10-26)
ix
1 IP Addresses Configuration
IP Addresses Configuration
Issue 01 (2011-10-26)
1 IP Addresses Configuration
The S5700 supports the space overlapping of network segment addresses to save the address
space.
l
Different IP addresses in the overlapped network segments but not same can be configured
on different interfaces of the same device. For example, after an interface on a device is
configured with the IP address 20.1.1.1/16, if another interface is configured with the IP
address 20.1.1.2/24, the system prompts a message. However, the configuration is still
successful; if another interface is configured with the IP address 20.1.1.2/16, the system
prompts an IP address conflict. The configuration fails.
The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on the same interface. For example, after the interface is
configured with a primary IP address 20.1.1.1/24, if the secondary IP address is 20.1.1.2/16
sub, the system prompts a message. However, the configuration is still successful.
The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on different interfaces of the same device. However, the
primary IP address and the secondary IP address cannot be the same. For example, after an
interface on a device is configured with the IP address 20.1.1.1/16, if another interface is
configured with the IP address 20.1.1.2/24 sub, the system prompts a message. However,
the configuration is still successful.
The S5700 supports 31-bit IP address masks. Therefore, there are only two IP addresses in a
network segment, that is, the network address and broadcast address. The two IP addresses can
be used as host addresses.
Issue 01 (2011-10-26)
1 IP Addresses Configuration
Applicable Environment
To start IP services on an interface, configure the IP address for the interface. You can assign
several IP addresses to each interface. Among them, one is the primary IP address and the others
are secondary IP addresses.
Generally, you need to configure only a primary IP address for an interface. Secondary IP
addresses, however, are required in some cases. For instance, when a device connects to a
physical network through an interface, and computers on this network belong to two Class C
networks, you need to configure a primary IP address and a secondary IP address for this interface
to ensure that the device can communication with all computers on this network.
Pre-configuration Tasks
Before configuring an IP addresses for an interface, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the physical layer
status of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IP addresses for an interface, you need the following data.
No.
Data
Interface number
Issue 01 (2011-10-26)
1 IP Addresses Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the IP addresses for the interface are complete.
Issue 01 (2011-10-26)
1 IP Addresses Configuration
Procedure
l
----End
Networking Requirements
As shown in Figure 1-1, GigabitEthernet 0/0/1 of the Switch is connected to a LAN, in which
hosts belong to two different network segments, that is 172.16.1.0/24 and 172.16.2.0/24. It is
required that the Switch can access the two network segments but the host in 172.16.1.0/24
cannot interconnect with the host in 172.16.2.0/24.
Figure 1-1 Networking diagram for setting IP addresses
172.16.1.0/24
Switch
GE 0/0/1
VLANIF 100
172.16.1.1/24
172.16.2.1/24 sub
172.16.2.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Analyze the address of the network segment to which each interface is connected.
2.
Issue 01 (2011-10-26)
1 IP Addresses Configuration
Data Preparation
To complete the configuration, you need the following data.
l
Procedure
Step 1 Set the IP address for VLANIF 100 where GigabitEthernet 0/0/1 of the Switch belongs.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-Vlan100] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ip address 172.16.1.1 24
[Quidway-Vlanif100] ip address 172.16.2.1 24 sub
time=25
time=27
time=26
time=26
time=26
ms
ms
ms
ms
ms
Ping a host on network segment 172.16.2.0 from the Switch. The ping succeeds.
<Quidway> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26
--- 172.16.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
ms
ms
ms
ms
ms
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan 100
#
interface Vlanif100
Issue 01 (2011-10-26)
1 IP Addresses Configuration
Issue 01 (2011-10-26)
2 ARP Configuration
ARP Configuration
Issue 01 (2011-10-26)
2 ARP Configuration
ARP
ARP is classified into the following types: dynamic ARP and static ARP.
l
Static ARP means the mapping between manually configured IP addresses and MAC
addresses.
Dynamic ARP means that the ARP mapping table is dynamically maintained by the ARP
protocol.
proxy ARP
The S5700 supports the following types of proxy ARP:
l
l
Issue 01 (2011-10-26)
2 ARP Configuration
In the scenario where two users belong to the same VLAN but user isolation is configured
in the VLAN, to implement communication between the two users, you need to enable
proxy ARP with a VLAN on the member interface of the VLAN.
The interface enabled with proxy ARP within a VLAN does not directly discard the ARP
Request messages that are not for themselves. Instead, it searches the ARP mappings table
for the corresponding ARP entries. In this case, if the switch is qualified to serve as a proxy,
the interface sends the MAC address of the switch to the sender of the ARP Request
message.
Proxy ARP within a VLAN implements the interworking between isolated users in the
same VLAN.
l
Applicable Environment
Static ARP is used in the following situations:
l
For the packets whose destination IP address is on another network segment, static ARP
can help these packets traverse a gateway of the local network segment so that the gateway
can forward the packets to their destination.
When you need to filter out some packets with illegitimate destination IP addresses, static
ARP can bind these illegitimate addresses to a nonexistent MAC address.
Pre-configuration Tasks
Before configuring ARP, complete the following tasks:
Issue 01 (2011-10-26)
10
2 ARP Configuration
Configuring physical parameters for the interface and ensuring that the status of the physical
layer of the interface is Up
Configuring link layer protocol parameters for the interface and ensuring that the status of
the link layer protocol on the interface is Up
Data Preparation
To configure ARP, you need the following data.
No.
Data
VPN instance name and VLAN ID to which the static ARP entry belongs
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
----End
11
2 ARP Configuration
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLAN
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
----End
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
12
2 ARP Configuration
----End
Prerequisite
The configurations of the ARP function are complete.
Procedure
l
Run the display arp statistics { all } command to check the statistics for ARP entries.
----End
Applicable Environment
Dynamic ARP is one of functions owned by a device or host. You do not need to run a command
to enable dynamic ARP but you can modify some parameters of dynamic ARP.
Pre-configuration Tasks
None
Data Preparation
Optimizing dynamic ARP, you need the following data.
Issue 01 (2011-10-26)
No.
Data
13
2 ARP Configuration
Procedure
Step 1 Run:
system-view
The number of aging detection times of the dynamic ARP entries is configured.
Step 4 Run:
arp expire-time expire-times
The interface is configured to send ARP Aging Detection packets in unicast mode.
By default, an interface sends ARP Aging Detection packets in broadcast mode.
----End
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
14
2 ARP Configuration
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the ARP function are complete.
Procedure
l
Run the display arp statistics { all } command to check the statistics for ARP entries.
----End
Issue 01 (2011-10-26)
15
2 ARP Configuration
Applicable Environment
The two physical networks of an enterprise are in different subnets of the same IP network, and
are separated by a device. You need to enable the proxy ARP on the device interface connected
to the physical networks. This enables communication between the two networks.
Network IDs of subnet hosts must be the same. You need not configure default gateways for
hosts.
Pre-configuration Tasks
Before configuring routed proxy ARP, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure routed proxy ARP, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
16
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the routed proxy ARP function are complete.
Procedure
l
Run the display arp statistics command to check statistics about ARP entries.
----End
17
2 ARP Configuration
Applicable Environment
If two users are in the same VLAN but they are isolated from each other, to ensure the two users
can communicate, you need to enable proxy ARP within the VLAN on the interface associated
with the VLAN.
Pre-configuration Tasks
Before configuring proxy ARP within a VLAN, complete the following tasks:
l
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
Data Preparation
To configure proxy ARP within a VLAN, you need the following data.
No.
Data
VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN
Procedure
Step 1 Run:
system-view
18
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the proxy ARP within a VLAN function are complete.
Procedure
l
Run the display arp statistics command to check statistics about ARP entries.
----End
Issue 01 (2011-10-26)
19
2 ARP Configuration
Applicable Environment
If two users belong to different VLANs and they need to communicate, you need to enable proxy
ARP between VLANs on the sub-interface associated with the VLAN.
IP addresses of hosts in a VLAN must be in the same network segment.
Pre-configuration Tasks
Before configuring proxy ARP between VLANs, complete the following tasks:
l
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
Data Preparation
To configure proxy ARP between VLANs, you need the following data.
No.
Data
VLAN ID associated with the interface to be enabled with proxy ARP between
VLANs
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
20
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of Proxy ARP Between VLANs are complete.
Procedure
l
Run the display arp statistics command to check statistics about ARP entries.
----End
Issue 01 (2011-10-26)
21
2 ARP Configuration
Context
CAUTION
l The mapping between the IP and MAC addresses is deleted after you clear ARP entries. So,
confirm the action before you use the command.
l The static ARP entries cannot restore after you clear it. So, confirm the action before you
use the command.
Procedure
Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | static } command
in the user view to clear the ARP entries in the ARP mapping table.
----End
Context
In routine maintenance, you can run the following command in any view to check the operation
of ARP.
Procedure
l
Run the display arp interface interface-type interface-number command in any view to
check the information about the ARP mapping table based on interfaces.
----End
Issue 01 (2011-10-26)
22
2 ARP Configuration
Context
CAUTION
Debugging affects the performance of the system. Thus, after debugging, run the undo
debugging all command to disable debugging immediately. When the CPU usage is close to
100%, debugging ARP may cause the board resetting. So, confirm the action before you use the
command.
When faults occur during ARP operation, run the following debugging command in the user
view to debug ARP and locate the fault.
For more information, see chapter "Information Center Configuration" in the Quidway S5700
Series Ethernet Switches Configuration Guide-System Management. For descriptions about the
debugging commands, see the Quidway S5700 Series Ethernet Switches Debugging
Reference.
Procedure
l
----End
To adapt to fast changes of the network and ensure correct forwarding of packets, dynamic
ARP parameters should be set on VLANIF 2 of the Switch.
To ensure the security of the server and prevent invalid ARP packets, a static ARP entry
should be created on GE 0/0/2 of the Switch, with the IP address of the router being 10.2.2.3
and the MAC address being 00e0-fc01-0000.
Issue 01 (2011-10-26)
23
2 ARP Configuration
Server
Internet
Router
GE0/0/2
Switch
GE0/0/1
LSW
PC1
PC2
PC2
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
VLANIF 2 with the IP address being 2.2.2.2 and subnet mask being 255.255.255.0, aging
time of ARP entries being 60s, and number of detection times being 2
VLANIF 3 with the IP address being 10.2.2.2 and subnet mask being 255.255.255.0
Interface connecting the router and the Switch, with the IP address being 10.2.2.3, subnet
mask being 255.255.255.0, and MAC address being 00e0-fc01-0000
Procedure
Step 1 Create a VLAN and add an interface to the VLAN.
# Create VLAN 2 and VLAN 3.
Issue 01 (2011-10-26)
24
2 ARP Configuration
<Quidway> system-view
[Quidway] vlan batch 2 3
0/0/1
hybrid tagged vlan 2
0/0/2
hybrid tagged vlan 3
# Create VLANIF 3.
[Quidway] interface vlanif 3
----End
Configuration Files
The following is the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 3
Issue 01 (2011-10-26)
25
2 ARP Configuration
#
interface Vlanif2
ip address 2.2.2.2 255.255.255.0
arp expire-time 60
arp detect-times 2
#
interface Vlanif3
ip address 10.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 3
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2
#
return
Host A
172.16.1.2/16
0000-5e33-ee20
Host B
172.16.2.2/16
0000-5e33-ee10
GE0/0/1
172.16.1.1/24
GE0/0/2
172.16.2.1/24
VLAN 2
VLAN 3
Switch
Ethernet A
Ethernet B
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
26
2 ARP Configuration
Procedure
Step 1 Create VLAN 2 and add GE 0/0/1 to VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type access
[Quidway-GigabitEthernet0/0/1] port default vlan 2
[Quidway-GigabitEthernet0/0/1] quit
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 to 3
#
interface Vlanif2
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Vlanif3
Issue 01 (2011-10-26)
27
2 ARP Configuration
Host A should communicate with host B at Layer 3 through intra-VLAN proxy ARP.
The IP address and subnet mask of the VLANIF interface in Super-VLAN 3 should be 10.10.10.1
and 255.255.255.0.
Figure 2-3 Networking diagram for configuring intra-VLAN proxy ARP
Internet
Switch
GE0/0/2
GE0/0/1
hostB
10.10.10.3/24
00-e0-fc-00-00-03
hostA
10.10.10.2/24
00-e0-fc-00-00-02
sub-VLAN2
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Create a VLANIF interface of the Super-VLAN and assign an IP address to the VLANIF
interface.
Issue 01 (2011-10-26)
28
4.
2 ARP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure the Super-VLAN and Sub-VLAN.
# Configure Sub-VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2
29
2 ARP Configuration
# Run the display current-configuration command. You can view the configurations of the
Super-VLAN, Sub-VLAN, and VLANIF interface. For query results, see the following
configuration file.
# Run the display arp command to view all the ARP entries.
<Quidway> display arp
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------10.10.10.1
0018-2000-0083
I Vlanif3
10.10.10.2
00e0-fc00-0002 19
D-0
GE0/0/1
2
10.10.10.3
00e0-fc00-0003 19
D-0
GE0/0/2
2
-----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
----End
Configuration Files
The following lists the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
port-isolate enable group 1
#
return
Hosts in VLAN 2 and VLAN 3 should be pinged mutually after inter-VLAN proxy ARP
is enabled.
Issue 01 (2011-10-26)
30
2 ARP Configuration
Switch
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Create an VLANIF interface of the super-VLAN and assign an IP address to the VLANIF
interface.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure the super-VLAN and sub-VLAN.
# Configure sub-VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
Issue 01 (2011-10-26)
31
2 ARP Configuration
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port link-type access
[Quidway-GigabitEthernet0/0/2] port default vlan 2
[Quidway-GigabitEthernet0/0/2] quit
# Configure sub-VLAN 3.
<Quidway> system-view
[Quidway] vlan 3
[Quidway-vlan3] quit
0/0/3
link-type access
default vlan 3
0/0/4
link-type access
default vlan 3
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------10.10.10.1
0018-2000-0083
I Vlanif4
10.10.10.2
00e0-fc00-0002 19
D-0
GE0/0/1
2
10.10.10.3
00e0-fc00-0003 19
D-0
GE0/0/2
2
10.10.10.4
00e0-fc00-0004 19
D-0
GE0/0/3
3
10.10.10.5
00e0-fc00-0005 19
D-0
GE0/0/4
3
-----------------------------------------------------------------------------Total:5
Dynamic:4
Static:0
Interface:1
----End
Issue 01 (2011-10-26)
32
2 ARP Configuration
Configuration Files
The following lists the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.10.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
return
Switch
VLANIF100
10.1.1.2/24
PC A
10.1.1.1/24
Issue 01 (2011-10-26)
VLAN100
PC B
10.1.1.3/24
33
2 ARP Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Create VLAN 100 and add the two GE interfaces of the Switch to VLAN 100 in default mode.
# Create VLANIF 100 and assign an IP addresses to VLANIF 100.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-vlan100] quit
[Quidway] interface vlanif 100
[Quidway-vlanif100] ip address 10.1.1.2 24
[Quidway-vlanif100] quit
0/0/1
link-type access
default vlan 100
0/0/2
link-type access
default vlan 100
Step 3 Restart GE 0/0/1 and view changes of the ARP entries and aging time.
# View ARP entries on the Switch. You can find that the Switch has learnt the MAC address of
the PC.
[Quidway] display arp all
IP ADDRESS
MAC ADDRESS
INSTANCE
EXPIRE(M)
TYPE
INTERFACE
VPN-
VLAN
----------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.1
00e0-c01a-4901 20
D-0
GE0/0/1
10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
# Run the shutdown command and then the undoshutdown command on GE 0/0/1 to view the
aging time of ARP entries.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] shutdown
[Quidway-GigabitEthernet0/0/1] undo shutdown
[Quidway-GigabitEthernet0/0/1] display arp all
Issue 01 (2011-10-26)
34
2 ARP Configuration
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 0
D-0
GE0/0/2
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
NOTE
According to the displayed information, the ARP entry learned from GE 0/0/1 is deleted after GE 0/0/1 is
shut down. The aging time of ARP entries learned from GE 0/0/2 becomes 0 after GE0/0/1 is restored and
becomes Up again. When the aging time is 0, the Switch sends an ARP probe packet for updating ARP
entries.
[Quidway-GigabitEthernet0/0/1] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
---------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
NOTE
After the ARP entry is updated, the aging time is restored to the default value, 20 minutes.
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
L2-topolgy detect enable
#
vlan 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
return
Issue 01 (2011-10-26)
35
3 DHCP Configuration
DHCP Configuration
Issue 01 (2011-10-26)
36
3 DHCP Configuration
Overview
Network scales and complexity grow fast, so the network configurations become increasingly
complicated. For example, the locations of hosts such as portable computers and wireless
network terminals frequently change, and the number of hosts often exceeds the number of
available IP addresses. The DHCP is developed to solve the preceding problems.
DHCP works in the client/server model. A DHCP client requests the DHCP server for
configurations, and the DHCP server sends the configurations to the client.
The DHCP protocol requires that the DHCP clients and DHCP server be in the same network
segment; therefore, each network segment needs a DHCP server. This wastes resources. DHCP
relay achieves address allocation between network segments.
Definition
DHCP server
A DHCP server allocates IP addresses to clients. A client sends a packet to the server to request
for configurations such as the IP address, subnet mask, and default gateway. After receiving the
packet, the server replies with a packet carrying the corresponding configurations according to
policies. Both the Request and Reply packets are encapsulated in UDP packets.
DHCP relay agent
A DHCP relay agent transparently transmits DHCP broadcast packets between the DHCP clients
and DHCP server that are on different network segments.
The S5706 does not support the DHCP server or DHCP relay function.
Issue 01 (2011-10-26)
Usage
Scenario
37
3 DHCP Configuration
Usage
Scenario
Using the global address pool: When an interface of the S5700 receives a DHCP packet
from a DHCP client, the S5700 allocates an IP address to the client from the global address
pool. For details about configuring the global address pool, see 3.3 Configuring the DHCP
Server Based on the Global Address Pool.
Using an interface address pool: When an interface of the S5700 receives a DHCP packet
from a DHCP client, the S5700 allocates an IP address to the client from the interface
address pool. If there is no available address in the interface address pool, the S5700 uses
the global address pool that contains the addresses in the interface address pool. For details
about configuring the interface address pool, see 3.4 Configuring the DHCP Server Based
on the VLANIF Interface Address Pool.
NOTE
The S5700 supports the DHCP snooping function. For details about DHCP snooping, see the Quidway
S5700 Series Ethernet Switches Configuration Guide - Security.
Application
The S5700 functions as a DHCP server and is in the same network segment as the DHCP clients.
On this network, the DHCP server can use the global address pool or the interface address pool.
Issue 01 (2011-10-26)
38
3 DHCP Configuration
Figure 3-1 DHCP clients and DHCP server are on the same network segment
100.10.10.3/24
100.10.10.4/24
DHCP Server
100.10.10.1/24
100.10.10.2/24
An S5700 functions as a DHCP server and another one functions as a DHCP relay agent. The
DHCP server and DHCP clients are on different network segments. On this network, the DHCP
server can use only the global address pool.
Figure 3-2 DHCP clients and DHCP server are on different network segments
DHCP Server
100.10.10.1/24
Internet
SwitchA
SwitchB
DHCP Relay
20.20.20.1/24
DHCP
Client
DHCP
Client
DHCP
Client
Issue 01 (2011-10-26)
39
3 DHCP Configuration
Applicable Environment
On an enterprise network, if the computers are connected to the DHCP server through another
network, the global address pool needs to be configured on the S5700 to allocate IP addresses
to computers, as shown in Figure 3-3.
Figure 3-3 Networking diagram for configuring the DHCP server based on the global address
pool
NetBIOS
server
DHCP
client
DHCP
client
DHCP
client
SwtichC
SwtichB
SwtichA
DHCP server
DNS
server
DHCP
client
DHCP
client
DHCP
client
When the S5700 functions as the DHCP server based on the global address pool, it must work
with the DHCP relay agent.
Pre-configuration Tasks
Before configuring the DHCP server based on the global address pool, complete the following
tasks:
l
Ensuring that the link between the DHCP clients and the S5700 works properly and the
DHCP clients can communicate with the S5700
Configuring routes from the S5700 to the DNS server and the NetBIOS server (The routes
are required only when the servers are configured.)
Issue 01 (2011-10-26)
40
3 DHCP Configuration
Data Preparation
Before configuring the DHCP server based on the global address pool, you need the following
data.
No.
Data
Address pool name, IP address range, IP address lease, IP addresses not to be allocated
in the IP address pool (optional), and IP address and MAC address that need to be
statically bound (optional)
(Optional) IP address of the DNS server and domain name of the DHCP clients
(Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP
clients
(Optional) Code of the customized DHCP option and corresponding ASCII character
string, hexadecimal numeral, or IP address
Context
Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view
41
3 DHCP Configuration
If the VLANIF interface is not configured with an IP address or no address pool is on the same
network segment as the interface address, the clients cannot go online.
If there is a DHCP relay agent between the DHCP clients and S5700, the S5700 parses the
gateway address in the received DHCP packets forwarded by the DHCP relay agent. If the
gateway address does not match an entry in the address pool, the clients cannot go online.
Step 5 Run:
dhcp select global
The DHCP function is enabled on the interface and the DHCP server allocates IP addresses to
clients by using the global address pool.
----End
Context
Up to 128 address pools can be configured on the S5700, including the global address pools and
interface address pools. The number of address pools of each type is not limited. To use the
dynamic allocation mode, you must specify the range of addresses to be allocated; to use the
static binding mode, only one address can be allocated to a client. The global address pool
attributes include the IP address range, IP address lease, IP addresses not to be automatically
allocated, and IP addresses to be statically bound to MAC addresses.
Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
42
3 DHCP Configuration
The IP addresses that cannot be automatically allocated in the DHCP address pool are configured.
Some IP addresses are reserved for other services, for example, the IP address of the DNS server
cannot be allocated to clients. You can run the excluded-ip-address command to configure the
IP addresses that are not allocated in the DHCP address pool. If you run the excluded-ipaddress command multiple times, you can set multiple IP address ranges that cannot be
automatically allocated in the DHCP address pool.
Step 6 (Optional) Run:
static-bind ip-address ip-address mac-address mac-address
To load balance the traffic and improve the reliability of the network, you can configure multiple egress
gateways. An IP address pool can be configured with up to eight gateway addresses. The gateway address
cannot be a broadcast address of a subnet.
When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress
gateway address is the same as the egress gateway address of the DHCP relay agent.
----End
Context
On the DHCP server, the domain-name command specifies a domain name for each global
address pool. When allocating IP addresses to clients, the DHCP server also sends the domain
names to the clients. During domain name resolution, users only need to enter a part of the
domain name, and then the system uses a complete domain name for resolution.
Perform the following steps on the DHCP server.
Issue 01 (2011-10-26)
43
3 DHCP Configuration
Procedure
Step 1 Run:
system-view
The IP address of the DNS server is configured for the DHCP client.
To load balance the traffic and improve the reliability of the network, configure multiple DNS
servers. Each address pool can be configured with a maximum of eight DNS servers.
----End
Context
Perform the following steps on the DHCP server.
NOTE
When a DHCP client uses the NetBIOS protocol for communication, the host names must be
mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified
into the following types:
l
b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast
mode.
p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by
communicating with the NetBIOS server.
m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast
features.
h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end
communication mechanism.
Issue 01 (2011-10-26)
44
3 DHCP Configuration
Procedure
Step 1 Run:
system-view
Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP
Reply packet containing the option field.
NOTE
The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address
lease. The system also provides commands to configure these functions separately. These commands take
precedence over the option command. If no configuration command of these functions is run, the related
options configured by using the option command take effect.
Related commands:
l
Lease: lease
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
45
3 DHCP Configuration
Context
Perform the following steps on the DHCP server.
After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP
address allocation. The DHCP server pings an IP address to be allocated. If there is no response
to the ping packet within a certain period, the DHCP server continues to send ping packets to
this IP address until the number of ping packets reaches the maximum value. If there is still no
response, this IP address is not in use, and the DHCP server allocates the IP address to a client.
Procedure
Step 1 Run:
system-view
The period in which the S5700 waits for the response is set.
By default, the period in which the S5700 waits for the response is 500 ms.
----End
Issue 01 (2011-10-26)
46
3 DHCP Configuration
Context
Perform the following steps on the DHCP server.
When the S5700 functions as the DHCP server, you can enable the function of saving DHCP
data so that IP address information is saved to the storage device periodically.
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the DHCP server based on the global address pool are complete.
Issue 01 (2011-10-26)
47
3 DHCP Configuration
Procedure
l
Run the display dhcp server statistics command to view the statistics about the DHCP
server.
----End
Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics
Server Statistics:
Client Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Dhcp Inform:
Server Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:
6
1
4
0
1
0
4
1
3
0
0
Run the display ip pool name ip-pool-name command to view the IP address pool named
huawei. The similar information is displayed.
<Quidway> display ip pool name huawei
Pool-Name
: huawei
Pool-No
: 2
Lease
: 3 Days 0 Hours 0 Minutes
Domain-name
: DNS-Server0
: 10.10.10.5
DNS-Server1
: 10.10.10.6
NBNS-Server0
: 20.20.20.5
Netbios-type
: Position
: Local
Status
: Unlocked
Gateway-0
: 10.10.10.10
Mask
: 255.255.255.0
Vpn instance
: --------------------------------------------------------------------------Start
End Total
Used
Idle(Expired)
Conflict
Disable
-------------------------------------------------------------------------10.10.10.1
10.10.10.254
253
0
253
0
0
--------------------------------------------------------------------------
Issue 01 (2011-10-26)
48
3 DHCP Configuration
Applicable Environment
If the DHCP clients and the DHCP server are on the same network segment, the interface address
pool needs to be configured on the S5700 to allocate IP addresses for the clients, as shown in
Figure 3-4.
Figure 3-4 Networking diagram for configuring the DHCP server based on the interface address
pool
Client
Client
DHCP Server
Client
The interface address pool takes precedence over the global address pool. If an address pool is
configured on an interface, the clients connected to the interface obtain IP addresses from the
interface address pool even if a global address pool is configured. On an S5700, only VLANIF
interfaces can be configured with address pools.
Pre-configuration Tasks
Before configuring the DHCP server based on the VLANIF interface address pool, complete
the following tasks:
l
Ensuring that the link between the DHCP clients and the S5700 works properly and the
DHCP clients can communicate with the S5700
Configuring routes from the S5700 to the DNS server and the NetBIOS server (The routes
are required only when the servers are configured.)
Data Preparation
Before configuring the DHCP server based on the VLANIF interface address pool, you need the
following data.
Issue 01 (2011-10-26)
49
3 DHCP Configuration
No.
Data
Number of the VLANIF interface configured with an address pool, IP address range,
IP address lease, IP addresses not to be allocated in the IP address pool (optional),
and IP address and MAC address that need to be statically bound (optional)
(Optional) IP address of the DNS server and domain name of the DHCP clients
(Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP
clients
(Optional) Code of the customized DHCP option and corresponding ASCII character
string, hexadecimal numeral, or IP address
Context
The interface address pool takes precedence over the global address pool.
Procedure
Step 1 Run:
system-view
50
3 DHCP Configuration
The interface address pool is actually the network segment to which the interface belongs, and
such an interface address pool takes effect only on this interface.
Step 6 Run:
dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }
The IP addresses that cannot be automatically allocated in the DHCP address pool are configured.
Some IP addresses are reserved for other services, for example, the IP address of the DNS server
cannot be allocated to clients. You can run the dhcp server excluded-ip-address command to
exclude these IP addresses. If you run the dhcp server excluded-ip-address command multiple
times, you can set multiple IP address ranges that cannot be automatically allocated in the DHCP
address pool.
Step 8 (Optional) Run:
dhcp server static-bind ip-address ip-address mac-address mac-address
Context
On the DHCP server, the dhcp server domain-name command specifies a domain name for
each interface address pool. When allocating IP addresses to clients, the DHCP server also sends
the domain names to the clients. During domain name resolution, users only need to enter a part
of the domain name, and then the system uses a complete domain name for resolution.
Perform the following steps on the DHCP server.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
51
3 DHCP Configuration
Context
Perform the following steps on the DHCP server.
When a DHCP client uses the NetBIOS protocol for communication, the host names must be
mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified
into the following types:
l
b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast
mode.
p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by
communicating with the NetBIOS server.
m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast
features.
h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end
communication mechanism.
Procedure
Step 1 Run:
system-view
52
3 DHCP Configuration
Each IP address pool can be configured with up to eight NetBIOS server addresses.
Step 4 Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP
Reply packet containing the option field.
NOTE
The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address
lease. The system also provides commands to configure these functions separately. These commands take
precedence over the option command.
Related commands:
l
Procedure
Step 1 Run:
system-view
53
3 DHCP Configuration
Context
Perform the following steps on the DHCP server.
After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP
address allocation. The DHCP server pings an IP address to be allocated. If there is no response
to the ping packet within a certain period, the DHCP server continues to send ping packets to
this IP address until the number of ping packets reaches the maximum value. If there is still no
response, this IP address is not in use, and the DHCP server allocates the IP address to a client.
Procedure
Step 1 Run:
system-view
The period in which the S5700 waits for the response is set.
By default, the period in which the S5700 waits for the response is 500 ms.
----End
Context
Perform the following steps on the DHCP server.
When the S5700 functions as the DHCP server, you can enable the function of saving DHCP
data so that IP address information is saved to the storage device periodically.
Procedure
Step 1 Run:
system-view
54
3 DHCP Configuration
Step 2 Run:
dhcp server database enable
Prerequisite
The configurations of the DHCP server based on the VLANIF interface address pool are
complete.
Procedure
l
Run the display dhcp server statistics command to view the statistics about the DHCP
server.
----End
Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics
Server Statistics:
Client Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Issue 01 (2011-10-26)
6
1
4
0
1
55
3 DHCP Configuration
0
4
1
3
0
0
Run the display ip pool interface ip-pool-name command to view interface address pool on
VLANIF 10. The similar information is displayed.
<Quidway> display ip pool interface vlanif10
Pool-name
: vlanif10
Pool-No
: 2
Lease
: 1 Days 0 Hours 0 Minutes
Domain-name
: DNS-server0
: NBNS-server0
: Netbios-type
: Position
: Interface
Status
: Unlocked
Gateway-0
: 192.168.10.2
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------192.168.10.1 192.168.10.254
253
0
253
0
0
0
-----------------------------------------------------------------------------
Applicable Environment
If no DHCP server is configured on the local network, the DHCP relay function can be enabled
on an S5700 to forward DHCP Request packets to the DHCP servers on other networks. To
ensure that the DHCP clients obtain IP addresses, the DHCP server must use a global address
pool, and no address pool can be configured on the interface connected to the DHCP relay agent.
Issue 01 (2011-10-26)
56
3 DHCP Configuration
DHCP Server
100.10.10.1/24
Internet
SwitchA
SwitchB
DHCP Relay
20.20.20.1/24
DHCP
Client
DHCP
Client
DHCP
Client
Pre-configuration Tasks
Before configuring the DHCP relay agent, complete the following tasks:
l
Data Preparation
To configure the DHCP relay agent, you need the following data.
No.
Data
Number and IP address of the interface enabled with the DHCP relay function
Issue 01 (2011-10-26)
57
3 DHCP Configuration
Context
NOTE
A DHCP packet is forwarded between a DHCP client and a DHCP server at most 16 times, and then the
DHCP packet is discarded.
Procedure
Step 1 Run:
system-view
When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress
gateway address is the same as the egress gateway address of the DHCP relay agent.
Step 5 Run:
dhcp select relay
Follow-up Procedure
When functioning as a DHCP relay agent, the S5700 forwards the DHCP Request packets from
DHCP clients to the DHCP server. After the DHCP relay function is enabled on the VLANIF
interface, set the DHCP server address on the VLANIF interface in either of the following ways:
l
Configure a destination DHCP server group and bind the group to the interface. For details,
see 3.5.3 Configuring a Destination DHCP Server Group and 3.5.4 Binding an
Interface to a DHCP Server Group.
Run the dhcp relay server-ip ip-address command in the VLANIF interface view to
configure the destination DHCP server address.
58
3 DHCP Configuration
Context
Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view
A DHCP server group is created and the DHCP server group view is displayed.
A maximum of 32 DHCP server groups can be configured globally.
Step 3 Run:
dhcp-server ip-address [ ip-address-index ]
----End
Context
Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view
59
3 DHCP Configuration
Step 3 Run:
dhcp relay server-select group-name
Context
When the IP address of a user expires, the DHCP server renews the IP address for the user if it
does not receive the DHCP Release packet. You can configure the DHCP relay agent to actively
send DHCP Release packets to the DHCP server. The DHCP server then releases the expired
IP addresses.
Perform the following steps on the DHCP relay agent.
Procedure
Step 1 Run:
system-view
The DHCP relay agent is configured to send DHCP Release packets to the DHCP server.
l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ]
command in the system view:
If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets
to the servers in all DHCP server groups bound to the DHCP relay interfaces.
If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to
the specified DHCP server.
l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ]
command in the VLANIF interface view:
If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets
to all the servers in the DHCP server group bound to this VLANIF interface.
If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to
the specified DHCP server.
----End
Issue 01 (2011-10-26)
60
3 DHCP Configuration
Prerequisite
The DHCP relay configurations are complete.
Procedure
l
Run the display dhcp relay { all | interface interface-type interface-number } command
to view the DHCP server group on a VLANIF interface and the servers in the DHCP server
group.
Run the display dhcp relay statistics command to view packet statistics on the DHCP
relay agent.
Run the display dhcp server group group-name command to view the DHCP server group
configuration.
----End
Example
Run the display dhcp relay interface interface-type interface-number command to view the
DHCP server group on VLANIF 100 and the servers in the DHCP server group. If the similar
information is displayed, the configuration succeeds.
<Quidway> display dhcp relay interface vlanif 100
DHCP relay agent running information of interface Vlanif100 :
Server IP address [01] : 10.2.2.3
Gateway address in use : 10.2.2.2
Run the display dhcp relay statistics command. If the similar information is displayed, the
configuration succeeds.
<Quidway> display dhcp relay statistics
The statistics of DHCP RELAY:
DHCP packets received from clients
DHCP DISCOVER packets received
DHCP REQUEST packets received
DHCP RELEASE packets received
DHCP INFORM packets received
DHCP DECLINE packets received
DHCP packets sent to clients
Unicast packets sent to clients
Broadcast packets sent to clients
DHCP packets received from servers
DHCP OFFER packets received
DHCP ACK packets received
DHCP NAK packets received
DHCP packets sent to servers
DHCP Bad packets received
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Run the display dhcp server group group-name command to view the configuration of DHCP
server group group1. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp server group group1
Group-name
: group1
(0) Server-IP
: 100.10.10.1
(1) Server-IP
: 100.10.10.2
Gateway
: -VPN instance
: --
Issue 01 (2011-10-26)
61
3 DHCP Configuration
Context
CAUTION
DHCP statistics cannot be restored after they are cleared. Exercise caution when running the
reset commands.
Procedure
l
To clear DHCP server statistics, run the reset dhcp server statistics command in the user
view.
To clear DHCP relay agent statistics, run the reset dhcp relay statistics command in the
user view.
----End
Procedure
l
Run the display dhcp relay { all | interface interface-type interface-number } command
to view the DHCP server group on a VLANIF interface and the servers in the DHCP server
group.
Run the display dhcp relay statistics command to view packet statistics on the DHCP
relay agent.
Run the display dhcp server group [ group-name ] command to view the servers in the
DHCP server group.
----End
62
3 DHCP Configuration
Networking Requirements
An enterprise has two offices that are in the same network segment. To reduce network
construction cost, the enterprise uses one DHCP server to allocate IP addresses for the computers
in the two offices.
As shown in Figure 3-6, SwitchA functions as the DHCP server, and SwitchB and SwitchC are
user access switches. A global address pool or an interface address pool can be configured on
SwitchA. This section describes how to configure a global address pool. Address pool
10.1.1.0/24 consists of two network segments: 10.1.1.0/25 and 10.1.1.128/25. The IP addresses
of the VLANIF interfaces on the DHCP server are 10.1.1.1/25 and 10.1.1.129/25.
There are a few computers in network segment 10.1.1.0/25 and the computer locations are fixed.
The lease of an IP address in 10.1.1.0/25 is 10 days, the DNS address is 10.1.1.2, no NetBIOS
address is set, and the IP address of the egress gateway is 10.1.1.126.
There are many computers in network segment 10.1.1.128/25 and the computers are often moved
from one place to another. The lease of an IP address in 10.1.1.128/25 is 2 days, the DNS address
is 10.1.1.2, the NetBIOS address is 10.1.1.4, and the IP address of the egress gateway is
10.1.1.254.
Figure 3-6 Networking diagram for configuring the DHCP server based on the global address
pool
NetBIOS
server
DHCP
client
DHCP
client
GE 0/0/1
VLANIF10
10.1.1.1/25
DHCP
client
GE 0/0/2
VLANIF20
10.1.1.129/25
SwtichC
SwtichB
SwtichA
DHCP server
DNS
server
DHCP
client
Network: 10.1.1.0/25
Issue 01 (2011-10-26)
DHCP
client
DHCP
client
Network: 10.1.1.128/25
63
3 DHCP Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Create a global address pool on SwitchA and set the attributes of the address pool, including
the range of the address pool, egress gateway, NetBIOS address, and address lease.
3.
Configure VLANIF interfaces to use the global address pool to allocate IP addresses.
Data Preparation
To complete the configuration, you need the following data:
Number and range of the global address pool on SwitchA
NOTE
Procedure
Step 1 Enable DHCP.
<Quidway> system-view
[Quidway] dhcp enable
Step 2 Create address pools and set the attributes of the address pools.
# Set the attributes of IP address pool 1, including the address pool range, DNS address, egress
gateway address, and address lease.
[Quidway] ip pool 1
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
# Set the attributes of IP address pool 2, including the address pool range, DNS address, egress
gateway address, NetBIOS address, and address lease.
[Quidway] ip pool 2
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
Issue 01 (2011-10-26)
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20
64
3 DHCP Configuration
# Configure the clients on VLANIF 10 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] ip address 10.1.1.1 255.255.255.128
[Quidway-Vlanif10] dhcp select global
[Quidway-Vlanif10] quit
# Configure the clients on VLANIF 20 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 20
[Quidway-Vlanif20] ip address 10.1.1.129 255.255.255.128
[Quidway-Vlanif20] dhcp select global
[Quidway-Vlanif20] quit
Idle
Conflict
:248
:0
Disable
:2
----End
Configuration Files
Configuration file of the SwitchA
#
sysname Quidway
#
vlan batch 10 20
#
dhcp enable
#
ip pool 1
ip pool 2
#
ip pool 1
gateway-list 10.1.1.126
network 10.1.1.0 mask 255.255.255.128
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.4
dns-list 10.1.1.2
lease day 10 hour 0 minute 0
#
ip pool 2
gateway-list 10.1.1.254
Issue 01 (2011-10-26)
65
3 DHCP Configuration
Networking Requirements
A campus has two equipment rooms, which are in different network segments. A switch needs
to be configured as a DHCP server to allocate IP addresses for the computers in the two
equipment rooms.
The DHCP server is connected to the access switches of the two equipment rooms, and allocates
IP addresses for the computers by using two interface address pools.
As shown in Figure 3-7, SwitchA functions as the DHCP server, and SwitchB and SwitchC are
the access switches. The two VLANIF interface address pools need to be configured on GE
0/0/1 and GE 0/0/2 of SwitchA.
Issue 01 (2011-10-26)
66
3 DHCP Configuration
Figure 3-7 Networking diagram for configuring a DHCP server based on a VLANIF interface
address pool
NetBIOS Server
10.1.1.3/24
DHCP
Client
DNS Server
10.1.1.2/24
VLANIF10
10.1.1.1/24
GE0/0/1
SwitchB
GE0/0/2
VLANIF11
10.1.2.1/24
SwitchC
DHCP
Client
DHCP
Client
SwitchA
DHCP
Server
DHCP
Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Set the address pool attributes, including the DNS server address, NetBIOS server address,
and IP address lease.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Enable DHCP.
<Quidway> system-view
[Quidway] dhcp enable
67
3 DHCP Configuration
# Configure the clients on VLANIF 11 to obtain IP addresses from the interface address pool.
[Quidway] interface vlanif 11
[Quidway-Vlanif11] dhcp select interface
[Quidway-Vlanif11] quit
Step 5 Configure the DNS service and NetBIOS services of the address pool.
# Configure the DNS service and NetBIOS service of VLANIF 10 address pool.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
domain-name huawei.com
dns-list 10.1.1.2
nbns-list 10.1.1.3
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.3
netbios-type b-node
68
3 DHCP Configuration
Run the display ip pool interface command on SwitchA to view the configuration of the
interface address pool.
[Quidway] display ip pool interface vlanif10
Pool-Name
: vlanif10
Pool-No
: 0
Lease
: 30 Days 0 Hours 0 Minutes
Domain-name
: huawei.com
DNS-Server0
: 10.1.1.2
NBNS-Server0
: 10.1.1.3
Netbios-type
: b-node
Position
: Interface
Status
: Unlocked
Gateway-0
: 10.1.1.1
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------10.1.1.1
10.1.1.254
253
0
251
0
0
2
----------------------------------------------------------------------------[Quidway] display ip pool interface vlanif11
Pool-Name
: vlanif11
Pool-No
: 1
Lease
: 20 Days 0 Hours 0 Minutes
Domain-name
: DNS-Server0
: NBNS-Server0
: Netbios-type
: Position
: Interface
Status
: Unlocked
Gateway-0
: 10.1.2.1
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------10.1.2.1
10.1.2.254
253
0
253
0
0
0
-----------------------------------------------------------------------------
----End
Configuration Files
Configuration file of SwitchA
#
sysname Quidway
#
vlan batch 10 to 11
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.1.1.2 10.1.1.3
dhcp server dns-list 10.1.1.2
dhcp server netbios-type b-node
dhcp server nbns-list 10.1.1.3
dhcp server lease day 30 hour 0 minute 0
dhcp server domain-name huawei.com
#
interface Vlanif11
ip address 10.1.2.1 255.255.255.0
dhcp select interface
dhcp server lease day 20 hour 0 minute 0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
Issue 01 (2011-10-26)
69
3 DHCP Configuration
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
return
Networking Requirements
An enterprise has multiple offices, which are distributed in different office buildings. The offices
in a building belong to the same local area network (LAN), and the buildings belong to different
LANs. The enterprise uses a DHCP server to allocate IP addresses to all clients.
As shown in Figure 3-8, the DHCP clients are in the network segment 20.20.20.0/24 and the
DHCP server is in the network segment 100.10.10.0/24. A Switch enabled with DHCP relay is
required between the clients and server. By using the DHCP relay agent, the DHCP clients can
obtain IP addresses from the DHCP server.
The DHCP server and the clients are in different network segments, and an interface-based
address pool cannot allocate IP addresses to the clients in different network segments. A global
address pool in the network segment 20.20.20.0/24 is required, and the DHCP server must have
a reachable route to the network segment 20.20.20.0/24.
Figure 3-8 DHCP relay agent networking diagram
SwitchB
GE0/0/1
DHCP Server
Internet
VLANIF20
100.10.10.1/24
SwitchA
DHCP Relay
GE0/0/1
DHCP
Client
VLANIF100
20.20.20.1/24
DHCP
Client
DHCP
Client
VLAN100
Issue 01 (2011-10-26)
70
3 DHCP Configuration
Configuration Roadmap
Configure SwitchA as a DHCP relay agent. The configuration roadmap is as follows:
1.
Configure a DHCP server group on SwitchA and add SwitchB to the DHCP server group.
2.
3.
Bind the DHCP server group to VLANIF 100 and specify the DHCP server for the DHCP
relay agent.
Configure a reachable route from the DHCP server to GE 0/0/1 of the DHCP relay agent.
2.
Enable the DHCP function on the server. Configure the clients connected to GE 0/0/1 of
the server to obtain IP addresses from the global address pool.
3.
Create a global address pool on the DHCP server to allocate IP addresses to clients.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Create a DHCP server group and add DHCP servers to the DHCP server group.
# Create a DHCP server group.
<Quidway> system-view
[Quidway] dhcp server group dhcpgroup1
# Enable DHCP globally, and then enable DHCP Relay on the VLANIF 100 interface.
[Quidway] dhcp enable
[Quidway] interface vlanif 100
[Quidway-Vlanif100] dhcp select relay
[Quidway-Vlanif100] quit
Issue 01 (2011-10-26)
71
3 DHCP Configuration
# Enable the DHCP function and configure the clients connected to VLANIF 20 to obtain IP
addresses from the global address pool.
<Quidway> system-view
[Quidway] dhcp enable
[Quidway] interface vlanif 20
[Quidway-Vlanif20] ip address 100.10.10.1 24
[Quidway-Vlanif20] dhcp select global
[Quidway-Vlanif20] quit
Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static route
from the DHCP server to the Switch. Ensure that the route between the DHCP server and network
segment 20.20.20.0/24 is reachable.
[Quidway] ip pool 1
[Quidway-ip-pool-1] network 20.20.20.0 mask 24
[Quidway-ip-pool-1] quit
# Configure a static route from the address pool to the DHCP relay agent to ensure that the DHCP
server has a reachable route to the network segment 20.20.20.0/24.(The configuration procedure
is not provided here.)
Step 5 Verify the configuration.
# Run the display dhcp relay command on SwitchA to view the DHCP relay configuration on
the interface.
[Quidway] display dhcp relay interface vlanif100
DHCP relay agent running information of interface Vlanif100 :
Server group name
: dhcpgroup1
Gateway address in use : 100.10.10.1
# Run the display ip pool command on SwitchB to view the address pool configuration.
[Quidway] display ip pool
----------------------------------------------------------------------Pool-Name
: 1
Pool-No
: 0
Position
: Local
Status
: Unlocked
Gateway-0
: Mask
: 255.255.255.0
Vpn instance
: -IP address Statistic
Total
:250
Used
:0
Idle
:248
Expired
:0
Conflict
:0
Disable
:2
----End
Issue 01 (2011-10-26)
72
3 DHCP Configuration
Configuration Files
Configuration file of SwitchA
#
sysname Quidway
#
vlan 100
#
dhcp enable
#
dhcp server group dhcpgroup1
dhcp-server 100.10.10.1
#
interface Vlanif100
ip address 20.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
return
Issue 01 (2011-10-26)
73
4 DHCPv6 Configuration
DHCPv6 Configuration
Issue 01 (2011-10-26)
74
4 DHCPv6 Configuration
Controls address allocation better. The device enabled with DHCPv6 can record the address
allocated to the host and allocate a special address to the specified host. This facilitates
network management.
Provides network configuration parameters including the IP address of the DNS server and
the domain name for hosts in addition to IPv6 addresses.
Multicast address
In DHCPv6, the client does not need to be configured with the IP address of the DHCPv6
server. Instead, the client locates the DHCPv6 server by sending Solicit messages whose
destination address is a multicast address.
DHCPv6 uses the following multicast addresses:
FF02::1:2 (All_DHCP_Relay_Agents_and_Servers): indicates the multicast address of
all the DHCP servers and relay agents. The address is the link-scoped multicast address
and is used for communication between a DHCP client and its neighboring server or
relay agent on the link. All the DHCP servers and relay agents are members of the
multicast group.
FF05::1:3 (All_DHCP_Servers): indicates the multicast address of all the DHCP
servers. The address is the site-scoped address and is used for communication between
DHCP relay agents and DHCP servers within a site. All DHCP servers within a site are
members of this multicast group.
DUID
The DHCP Unique Identifier (DUID) identifies a DHCPv6-enabled device including the
DHCPv6 client and is used for verification between DHCPv6-enabled devices.
The S5700 uses the DUID Based on hardware type, Link-layer Address and Time (DUIDLLT) to identify DHCPv6-enabled devices.
Figure 4-1 shows the format of the DUID-LLT.
Issue 01 (2011-10-26)
75
4 DHCPv6 Configuration
15
0
DUID type
31
Hardware type
Time
Link layer address
Issue 01 (2011-10-26)
76
4 DHCPv6 Configuration
DHCPv6 client
DHCPv6 client
IPv6 network
DHCPv6 relay agent
DHCPv6 client
DHCPv6 client
DHCPv6 server
NOTE
Currently, the S5700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 server
or client.
Issue 01 (2011-10-26)
77
4 DHCPv6 Configuration
Applicable Environment
When the DHCPv6 client applies to the DHCPv6 server on a different link for the IP address,
you need to deploy relay agents between the DHCPv6 client and the DHCPv6 server. In this
manner, the relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client
and the DHCPv6 server.
Pre-configuration Tasks
Before configuring DHCPv6 relay, complete the following tasks:
l
Data Preparation
To configure DHCPv6 relay, you need the following data.
No.
Data
Type and number of the interface where DHCPv6 relay is enabled (the interface type
is VLANIF)
Type and number of the interface where the function of appending the remote ID to
DHCPv6 relay messages is enabled (the interface type can be GE, or XGE)
Issue 01 (2011-10-26)
78
4 DHCPv6 Configuration
Procedure
Step 1 Run:
system-view
DHCP is enabled.
Step 3 Run:
ipv6
The DHCPv6 relay function is enabled on the VLANIF interface, the IPv6 address of the
DHCPv6 server or the next hop relay agent is set, and the outbound interface of relay messages
is specified.
By default, the DHCPv6 relay function is disabled on a VLANIF interface.
l If the configured IPv6 address is a global address or a site address, the outbound interface
does not need to be specified. The DHCPv6 server sends the relay messages to the IPv6
address by searching for a route.
l If the configured IPv6 address is a local address or a multicast address, the outbound interface
of the DHCPv6 server or the next hop relay agent needs to be specified.
On the S5700, up to eight interfaces can be enabled with the DHCPv6 relay function and each
interface can be configured with up to eight destination addresses.
----End
Context
The DHCPv6 server can make decisions about address allocation, parameter setting, and prefix
agent according to the remote ID. The format of the remote ID is defined by the vendor. Usually,
Issue 01 (2011-10-26)
79
4 DHCPv6 Configuration
the remote ID carries the phone number and user name in a dial-up connection, or the peer IP
address and access interface in a point-to-point connection. Currently, a remote ID can contain
a maximum of 247 bytes.
When the S5700 functions as the DHCPv6 relay agent, it processes the remote ID as follows:
l
The S5700 directly receives messages from DHCPv6 clients. When constructing a RelayForward message, the S5700 adds the remote ID to the Relay-Forward message according
to the configuration.
If the Relay-Reply message received by the S5700 from the DHCPv6 server contains the
remote ID, the S5700 removes the remote ID from the Relay-Reply message before
forwarding it to DHCPv6 clients or other relay agents.
Procedure
Step 1 Run:
system-view
The function of forcibly appending the remote ID to DHCPv6 relay messages is enabled.
l After the dhcpv6 remote-id insert enable command is used, if the original DHCPv6
messages do not carry the remote ID, the S5700 appends the remote ID to the DHCPv6
messages. If the original DHCPv6 messages carry the remote ID, the S5700 sends the DHCP
messages directly.
l After the dhcpv6 remote-id rebuild enable command is used, if the original DHCPv6
messages do not carry the remote ID, the S5700 appends the remote ID to the DHCPv6
messages. If the original DHCPv6 messages carry the remote ID, the S5700 deletes the
original remote ID from the DHCP messages and appends a new remote ID to the DHCP
messages.
If you run the dhcpv6 remote-id insert enable and dhcpv6 remote-id rebuild enable
commands simultaneously on an interface, the command that you run later takes effect.
----End
Issue 01 (2011-10-26)
80
4 DHCPv6 Configuration
Context
After rate limit of DHCPv6 messages is enabled, excessive DHCPv6 messages are discarded
when the rate of DHCPv6 messages exceeds the limit. When the number of discarded DHCPv6
messages exceeds the threshold, the S5700 supports the log function.
Procedure
Step 1 Run:
system-view
DHCP is enabled.
Step 3 Run:
dhcpv6 packet-rate packet-rate
Rate limit of DHCPv6 messages is enabled and the maximum transmission rate of DHCPv6
messages is set.
By default, rate limit of DHCPv6 messages is disabled on the S5700.
Step 4 Run:
dhcpv6 packet-rate drop-alarm enable
The alarm function for DHCPv6 messages discarded when the rate of DHCPv6 messages
exceeds rate limit.
After the log function is enabled, if the number of DHCPv6 messages that pass through the
S5700 every second exceeds the rate limit, they are discarded. By default, S5700 sends logs
when the number of discarded DHCPv6 messages exceeds 100.
Step 5 Run:
dhcpv6 packet-rate drop-alarm threshold threshold
The log threshold for DHCPv6 messages discarded is set when the rate of DHCPv6 messages
exceeds rate limit.
----End
Prerequisite
The configurations of DHCPv6 relay are complete.
Issue 01 (2011-10-26)
81
4 DHCPv6 Configuration
Procedure
l
----End
Context
CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you use the
command.
Procedure
l
----End
82
4 DHCPv6 Configuration
Procedure
l
----End
Networking Requirements
As shown in Figure 4-3, the DHCPv6 client address is 2000::/64 and the DHCPv6 server address
is 3000::3/64. The DHCPv6 client and the DHCPv6 server are on different links; therefore, a
DHCPv6 relay agent is required to forward DHCPv6 messages.
It is required that the Switch should function as the DHCPv6 relay agent to forward DHCPv6
messages exchanged between the DHCPv6 client and the DHCPv6 server. In addition, the
Switch functions as the gateway device of the network at 2000::/64. By specifying the M flag
bit and O flag bit in RA messages, hosts on the network are enabled to obtain IPv6 addresses
and other network configuration parameters through DHCPv6.
Figure 4-3 Networking for configuring DHCPv6 relay
DHCPv6 client
DHCPv6 client
GE0/0/2
GE0/0/1
Switch
VLANIF20
VLANIF10
3000::1/64
2000::1/64
3000::3/64
DHCPv6 server
DHCPv6 client
DHCPv6 client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 01 (2011-10-26)
Enable DHCP.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
83
4 DHCPv6 Configuration
2.
Create VLANIF interfaces and set IPv6 addresses of the VLANIF interfaces.
3.
Enable the DHCPv6 relay function and set the DHCPv6 server address.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Enable DHCP.
<Quidway> system-view
[Quidway] dhcp enable
84
4 DHCPv6 Configuration
# Configure the Switch to send RA messages and configure M and O flag bits.
[Quidway-Vlanif10]
[Quidway-Vlanif10]
[Quidway-Vlanif10]
[Quidway-Vlanif10]
Run the display dhcpv6 relay statistics on the Switch, and you can view the statistics about
DHCP messages passing through the DHCPv6 relay agent.
[Quidway] display dhcpv6 relay statistics
MessageType
Receive
Send
Solicit
0
0
Advertise
0
0
Request
0
0
Confirm
0
0
Renew
0
0
Rebind
0
0
Reply
0
0
Release
0
0
Decline
0
0
Reconfigure
0
0
Information-request
0
0
Relay-forward
0
0
Relay-reply
0
0
UnknownType
0
0
Error
0
0
0
0
0
0
0
0
0
0
0
0
0
0
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 10 20
#
ipv6
#
dhcp enable
#
interface Vlanif10
ipv6 enable
ipv6 address 2000::1/64
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
dhcpv6 relay destination 3000::3
#
interface Vlanif20
ipv6 enable
ipv6 address 3000::1/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
Issue 01 (2011-10-26)
85
4 DHCPv6 Configuration
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return
Issue 01 (2011-10-26)
86
5 IP Performance Configuration
IP Performance Configuration
Issue 01 (2011-10-26)
87
5 IP Performance Configuration
Pre-configuration Tasks
Before optimizing IP performance, complete the following tasks:
l
Issue 01 (2011-10-26)
Connecting interfaces and setting physical parameters of the interfaces to ensure that the
physical layer of the interfaces is in the Up state
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
88
5 IP Performance Configuration
Setting parameters of the link layer protocol for the interfaces to ensure that the status of
the link layer protocol on the interfaces is Up
Data Preparation
To optimize IP performance, you need the following data.
No.
Data
Number of the interface which needs to forward broadcast packets and ACL number
which is used to specify the broadcast packets
SYN-WAIT timer, FIN-WAIT timer, receiving and sending buffer size of the socket
Procedure
Step 1 Run:
system-view
A VLAN is created.
Step 3 Run:
quit
Issue 01 (2011-10-26)
89
5 IP Performance Configuration
CAUTION
l If the transmission of ICMP host unreachable messages is disabled, the device no longer
sends the ICMP host unreachable message.
Do as follows on the S5700:
Procedure
Step 1 Run:
system-view
SYN-Wait timer: When sending packets with the SYN flag, TCP starts the SYN-Wait timer.
If no response is received before the SYN-Wait timer expires, the TCP connection ends.
The timeout interval of the TCP SYN-Wait timer is an integer that ranges from 2 to 600,
in seconds. By default, the value is 75s.
FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer is enabled. If no packet with the FIN flag is received
before the FIN-Wait timer expires, the TCP connection ends. The timeout interval of the
Issue 01 (2011-10-26)
90
5 IP Performance Configuration
TCP FIN-Wait timer is an integer that ranges from 76 to 3600, in seconds. By default, the
value is 675s.
l
Size of the packet receive or transmit buffer: The value is an integer that ranges from 1 to
32, in Kbytes. By default, the value is 8 Kbytes.
If you run the tcp window command repeatedly in the same system view, the latest configuration
overrides the previous configuration.
Do as follows on the S5700.
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status.
Run the display tcp statistics command to check the statistics on TCP traffic.
Run the display udp statistics command to check the statistics on UDP traffic.
Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
socket-type ] command to check information about the created IPv4 socket.
Run the display icmp statistics command to check the statistics on ICMP traffic.
Issue 01 (2011-10-26)
91
5 IP Performance Configuration
Run the display rawlink statistics command to check the Rawlink statistics.
Run the display fib [ slot-id ] command to check the Forwarding Information Base (FIB)
table on the Line Processing Unit (LPU).
Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface
as a specified interface.
----End
CAUTION
The statistics on IP, TCP, or UDP traffic cannot be restored after you clear them. So, confirm
the action before you use the command.
Procedure
l
Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the
user view to clear the information about the socket monitor.
Run the reset tcp statistics command in the user view to clear the statistics on TCP traffic.
Run the reset udp statistics command in the user view to clear the statistics on UDP traffic.
Issue 01 (2011-10-26)
92
5 IP Performance Configuration
Run the reset rawlink statistics command in the user view to clear the Rawlink statistics.
----End
Procedure
l
Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status.
Run the display tcp statistics command to check the statistics on TCP traffic.
Run the display udp statistics command to check the statistics on UDP traffic.
Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
socket-type ] command to check information about the created IPv4 socket.
Run the display icmp statistics command to check the statistics on ICMP traffic.
Run the display rawlink statistics command to check the Rawlink statistics.
Run the display fib [ slot-id ] command to check the FIB table on the LPU.
Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface
as a specified interface.
----End
Issue 01 (2011-10-26)
93
5 IP Performance Configuration
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When an IP, TCP, UDP, RAWIP, or RAWLINK fault occurs, run the following debugging
commands in the user view to locate the fault.
For details on debugging commands, see the Quidway S5700 Series Ethernet Switches
Debugging Reference.
Procedure
l
Run the debugging ip packet [ error ] [ acl acl-number ] [ verbose ] command in the user
view to debug IP packets.
Run the debugging ip icmp [ verbose ] command in the user view to debug ICMP packets.
Run the debugging udp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging udp packet [ task-id task-id ] [ socket-id
socket-id ] command in the user view to debug UDP packets.
Run the debugging tcp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] [ flag flag-number ] or debugging tcp packet [ task-id
task-id ] [ socket-id socket-id ] [ flag flag-number ] command in the user view to debug
UDP packets.
Run the debugging tcp event [ local-ip local-address ] [ local-port local-port ] [ remoteip remote-address ] [ remote-port remote-port ] or debugging tcp event [ task-id taskid ] [ socket-id socket-id ] command in the user view to debug TCP events.
Run the debugging tcp md5 [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging tcp md5 [ task-id task-id ] [ socket-id
socket-id ] command in the user view to debug TCP Message Digest Algorithm 5 (MD5)
authentication.
----End
94
5 IP Performance Configuration
Networking Requirements
As shown in Figure 5-1, to limit the sending of ICMP redirection packets, Switch A, Switch B,
and Switch C are required and these devices are connected through their GigabitEthernet
interfaces.
Figure 5-1 Networking diagram for disabling the sending of ICMP host unreachable packets
GE0/0/2
VLANIF11
2.2.2.2/24
GE0/0/2
VLANIF11
2.2.2.1/24
SwitchB
GE0/0/1
SwitchC
GE0/0/1
VLANIF10
1.1.1.2/24
VLANIF10
1.1.1.1/24
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Enable the sending of ICMP host unreachable packets in the system view.
4.
Enable the sending of ICMP host unreachable packets in the interface view.
NOTE
By default, the sending of ICMP host unreachable packets is enabled on the system view and on the
interface view. If the configuration is not changed, you can skip this configuration.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
95
5 IP Performance Configuration
Procedure
Step 1 Configure Switch A.
# Assign an IP address to VLANIF 10.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-Vlan10] quit
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
Issue 01 (2011-10-26)
96
5 IP Performance Configuration
# Run the ping 2.2.2.3 command on Switch A. According to the received packet captured by
the tester on Switch A, Switch B sends host unreachable packets.
[SwitchA] ping 2.2.2.3
----End
Configuration Files
l
Issue 01 (2011-10-26)
97
Issue 01 (2011-10-26)
98
6.1 Introduction
When the policy for VLANs is configured on the S5700, the VLAN to which each host connects
to the interface on the S5700 belongs is determined by the network segment to which the IP
address of the host belongs. When a host that accesses the network for the first time is connected
to an interface, the host cannot be added to its associated VLAN because it has no valid IP
address.
DHCP policy VLAN is thus introduced. With DHCP policy VLAN, hosts that access the network
for the first time can obtain valid IP addresses from the DHCP server and then be added to the
VLANs whose network segments the IP addresses belong to.
Pre-configuration Tasks
Before configuring DHCP policy VLAN based on MAC addresses, complete the following
tasks:
l
Configuring the default VLAN for the interface on the S5700 that connects to the newly
added hosts
Data Preparation
To configure DHCP policy VLAN based on MAC addresses, you need the following data.
Issue 01 (2011-10-26)
99
No.
Data
Procedure
Step 1 Run:
system-view
The view of the interface on the S5700 that connects to multiple hosts is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan-id
The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
dhcp policy-vlan mac-address
priority ]
Issue 01 (2011-10-26)
Action
Command
display this
100
Run the display this command in the VLAN view of the S5700 where DHCP policy VLAN
based on MAC addresses is configured, you can view that the configuration of DHCP policy
VLAN based on MAC addresses is correct.
[Quidway-vlan2] display this
#
vlan 2
dhcp policy-vlan mac-address 0002-0002-0002 priority 2
#
Pre-configuration Tasks
Before configuring DHCP policy VLAN based on interfaces, complete the following tasks:
l
Configuring the default VLAN for the interface that connects to the newly added host on
the S5700
Configuring the interface that connects to the newly added host on the S5700 as a hybrid
interface
Data Preparation
To configure DHCP policy VLAN based on interfaces, you need the following data.
No.
Data
Number of the interface that connects to the newly added host on the S5700
101
Procedure
Step 1 Run:
system-view
The view of the interface that connects to the newly added host on the S5700 is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan-id
The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
dhcp policy-vlan port interface-type interface-number1 [ to interface-number2 ]
[ priority priority ]
Command
display this
Run the display this command in the VLAN view of the S5700 where DHCP policy VLAN
based on interfaces is configured, you can view that the configuration of DHCP policy VLAN
based on interfaces is correct.
[Quidway-vlan2] display this
#
vlan 2
dhcp policy-vlan port GigabitEthernet 0/0/2 priority 2
#
Issue 01 (2011-10-26)
102
Pre-configuration Tasks
Before configuring generic DHCP policy VLAN, complete the following tasks:
l
Configuring the default VLAN for the interface that connects to the newly added host on
the S5700
Data Preparation
To configure generic DHCP policy VLAN, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
The view of the interface that connects to the newly added host on the S5700 is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan-id
The view of the VLAN to which the DHCP server belongs is displayed.
Issue 01 (2011-10-26)
103
Step 5 Run:
dhcp policy-vlan generic [ priority priority ]
Command
display this
Run the display this command in the VLAN view of the S5700 where generic DHCP policy
VLAN is configured, you can view that the configuration of generic DHCP policy VLAN is
correct.
[Quidway-vlan2] display this
#
vlan 2
dhcp policy-vlan generic priority 2
#
Command
display this
104
Networking Requirements
As shown in Figure 6-1, on the S5700, GE 0/0/2 connects to PC1 and PC2 that access the network
for the first time; GE 0/0/4 connects to the DHCP server that belongs to VLAN 100. The MAC
address of PC1 is 001E-9089-C65A; the MAC address of PC2 is 00E0-4C84-0B44.
Figure 6-1 Networking for configuring DHCP policy VLAN based on MAC addresses
PC1
001E-9089-C65A
S-switch
GE 0/0/4
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
PC2
00E0-4C84-0B44
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
1.
Issue 01 (2011-10-26)
105
2.
from
from
from
from
192.168.31.251:
192.168.31.251:
192.168.31.251:
192.168.31.251:
bytes=32
bytes=32
bytes=32
bytes=32
time=126ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
Configuration Files
The following lists the configuration file of the S5700.
#
dhcp enable
interface GigabitEthernet0/0/2
port hybrid pvid vlan 2
port hybrid untagged vlan 2 to 100
interface GigabitEthernet0/0/4
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
vlan 100
dhcp policy-vlan mac-address 001e-9089-c65a priority 5
dhcp policy-vlan mac-address 00e0-4c84-0b44 priority 5
#
return
Issue 01 (2011-10-26)
106
Figure 6-2 Networking for configuring DHCP policy VLAN based on interfaces
S-switch
GE 0/0/1
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
...
PC1
PC10
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
Number of the S5700 interface that connects to the downstream access switch
Configuration Procedure
1.
2.
Issue 01 (2011-10-26)
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10 to 100
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20 to 100
107
<Quidway> system-view
[Quidway] vlan 100
[Quidway-vlan100] dhcp policy-vlan port gigabitethernet 0/0/2 priority 5
Configuration Files
The following lists the configuration file of the S5700.
#
dhcp enable
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10 to 100
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20 to 100
#
vlan 100
dhcp policy-vlan port GigabitEthernet 0/0/2 priority 5
#
return
Issue 01 (2011-10-26)
108
7 DNS Configuration
DNS Configuration
Issue 01 (2011-10-26)
109
7 DNS Configuration
Applicable Environment
If local users accessing devices need to communicate with other devices by using domain names,
you can configure DNS on the device. An DNS entry is an mapping between a domain name
and an IP address.
If local users communicate with other devices hardly through the domain name or if the DNS
server is unavailable, configure static DNS. Prior to configuring static DNS, you must know the
mapping between the domain name and the IP address. In case of a change in the mapping, you
must modify the DNS entry manually.
You can configure dynamic DNS on the device if local users frequently use domain names for
communicating with other devices and the DNS server is available.
Pre-configuration Tasks
Before configuring DNS, complete the following tasks:
Issue 01 (2011-10-26)
110
7 DNS Configuration
Configuring physical attributes of the interface and ensuring that the physical layer status
of the interface is Up
Configuring parameters of the link layer protocol of the interface and ensuring that the link
layer protocol status of the interface is Up
Configuring routes between the local device and the DNS server
Data Preparation
To configure DNS, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
111
7 DNS Configuration
Procedure
Step 1 Run:
system-view
Follow-up Procedure
The system supports the configuration of a maximum of 6 domain name servers, 1 source
address, and 10 domain name suffixes.
To configure more than one domain name server, repeat Step 3.
To configure more than one domain name suffix, repeat Step 5.
Prerequisite
The configurations of the DNS function are complete.
Procedure
l
Run the display ip host command to check the information about the static DNS entry
table.
Run the display dns server command to check the configurations about DNS servers.
Run the display dns domain command to check the configurations about domain name
suffixes.
Issue 01 (2011-10-26)
112
7 DNS Configuration
Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.
----End
Example
Run the display ip host command. If static DNS entries including the mappings between host
names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ip host
Host
Age
Flags
hw
0
static
gww
0
static
Address
10.1.1.1
192.168.1.1
Run the display dns server command. If IP addresses of all domain servers are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
172.16.1.1
2
172.16.1.2
IPv6 Dns Servers :
No configured servers.
Run the display dns domain command. If the list of suffixes of domain names is displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns domain
No
Domain-name
1
com
2
net
Run the display dns dynamic-host command. If information about the dynamic domain name
cache is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns dynamic-host
No Domain-name
IpAddress
1
www.huawei.com
91.1.1.1
2
www.huawei.com.cn
87.1.1.1
TTL
3521
3000
Alias
Context
CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this
command.
Issue 01 (2011-10-26)
113
7 DNS Configuration
Procedure
Step 1 Run the reset dns dynamic-host command in the user view to clear dynamic DNS entries
statistics in the domain name cache.
----End
Context
In routine maintenance, you can run the following command in any view to check the operation
of DNS.
Procedure
l
Run the display ip host command to check the information about the static DNS entry
table.
Run the display dns server command to check configurations about DNS servers.
Run the display dns domain command to check configurations about domain name
suffixes.
Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.
----End
Context
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging
all command to disable it immediately.
Run the following debugging command in the user view to debug DNS and locate the fault.
For more information, refer to the chapter "Information Center Configuration" in the Quidway
S5700 Series Ethernet Switches Configuration Guide - System Management. For descriptions
about the debugging commands, refer to the Quidway S5700 Series Ethernet Switches
Debugging Reference.
Procedure
Step 1 Run the debugging dns command in the user view to debug dynamic DNS.
----End
Issue 01 (2011-10-26)
114
7 DNS Configuration
Networking Requirements
As shown in Figure 7-1, Switch A acts as a DNS client, being required to access the host
2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes
"com" and "net".
On Switch A, configure static DNS entries of Switch B and Switch C so that Switch A can
communicate with them by using domain names.
Figure 7-1 Networking diagram of DNS
Loopback0
4.1.1.1/32
GE0/0/1
VLANIF 100 SwitchB
1.1.1.2/16
DNS Client
SwitchA
GE0/0/2
VLANIF 101
1.1.1.1/16
Loopback0
4.1.1.2/32
SwitchC
GE0/0/1
VLANIF 100
2.1.1.1/16
GE0/0/2
VLANIF 101
3.1.1.1/16
GE0/0/1
VLANIF 100 DNS Server
2.1.1.2/16
3.1.1.2/16
huawei.com
2.1.1.3/16
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
115
7 DNS Configuration
Procedure
Step 1 Configure Switch A.
# Configure static DNS entries.
<SwitchA> system-view
[SwitchA] ip host SwitchB 4.1.1.1
[SwitchA] ip host SwitchC 4.1.1.2
To complete DNS resolution, configuring routes from Switch A to the DNS server is mandatory. For
procedures for configuring routes, refer to the Quidway S5700 Series Ethernet Switches Configuration
Guide - IP Routing.
# Run the display ip host command on Switch A to view static DNS entries, including mappings
between host names and IP addresses.
<SwitchA> display ip host
Host
Age
SwitchB
0
SwitchC
0
Flags Address
static 4.1.1.1
static 4.1.1.2
# Run the display dns dynamic-host command on Switch A to view dynamic DNS entries in
the domain name cache.
Issue 01 (2011-10-26)
116
7 DNS Configuration
TTL
3579
Alias
NOTE
TTL value in the above display indicates the lifetime of an entry. It is in seconds.
----End
Configuration Files
l
Issue 01 (2011-10-26)
117
7 DNS Configuration
Issue 01 (2011-10-26)
118
Issue 01 (2011-10-26)
119
Basic Concepts
Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network
protocol of 2nd generation. It is designed by Internet Engineering Task Force as an upgraded
version of IPv4. The major feature of IPv6 is the larger address space: addresses in IPv6 are 128
bits long versus 32 bits in IPv4.
X:X:X:X:X:X:X:X
In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group
are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are
separated by ":". Every "X" represents four hexadecimal characters.
X:X:X:X:X:X:d.d.d.d
Addresses in this format are classified into two types:
IPv4-compatible IPv6 addresses
IPv4-mapped IPv6 addresses
IPv4-compatible IPv6 addresses are used to configure the IPv6 over IPv4 tunnel.
Each "X" stands for 16 bits that are represented by four hexadecimal characters. Each "d"
stands for 8 bits that are represented by decimal numbers. "d.d.d.d" is a standard IPv4
address.
Interface identifier: 128-n bits, equivalent to the host ID in the IPv4 address.
120
address for an interface. The link-local address manually set must be a valid link-local address
(FE80::/10).
Automatically generated link-local addresses are recommended because link-local addresses are
used only for communications between link-local nodes usually to satisfy the communication
request of protocols and irrelevant to communications between users.
A global unicast address is equal to an IP address on the IPv4 public network, which is used to
forward data on the public network and mandatory for communications between users.
An EUI-64 address is equivalent to a global unicast address in view of functions. For an EUI-64
address, however, only the network bits need to be specified. Its host bits are transformed from
the MAC address of the interface. For a global unicast address, complete 128 bits of the address
have to be specified.
IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing
protocols. This brings about Routing Information Base (RIB). The RIB is a base of the FIB.
Guided by route management policies, the S5700 obtains minimum necessary forwarding
information from the RIB and adds the information to the FIB. Through the route management
module, you can also add static routes into the FIB.
Forwarding Information Base (FIB) contains minimum necessary information needed by an
S5700 to forward packets. An FIB entry usually contains the destination address, prefix length,
transport port, next-hop address, route flag, time stamp. An S5700 forwards packets according
to FIB entries.
The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB
container (used on the forwarding plane). The control plane (FibAgent) is responsible for
interacting with the RM module and downloading the FIB to the forwarding engine. For a
distributed system, the FIB needs to be downloaded to the I/O board.
A FIB contains the following information:
l
Prefix length: indicates the length of the destination address prefix. From the prefix length,
you can infer that the destination address is a network address or a host address.
Nexthop: indicates the address of the next hop through which the packet reaches the
destination.
Issue 01 (2011-10-26)
121
Applicable Environment
When a device communicates with an IPv6 device, you need to configure IPv6 address for the
interface.
An EUI-64 address has the same function as an global unicast address. The difference is that
only the network bits need to be specified for the EUI-64 address and the host bits are transformed
from the MAC addresses of the interface while a complete 128-bit address need to be specified
for the global unicast address. Note that the prefix length of the network bits in an EUI-64 address
must not be longer than 64 bits.
The EUI-64 address and the global unicast address can be configured simultaneously or
alternatively. However, the IP addresses configured for one interface cannot be in the same
network segment.
Pre-configuration Tasks
Before configuring IPv6 addresses, complete the following tasks:
l
Configuring the physical features of the interface and ensuring that the status of the physical
layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IPv6 addresses for an interface, you need the following data.
Issue 01 (2011-10-26)
No.
Data
122
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l
If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The IPv6 function, however, is not enabled on the interface
and hence you cannot perform any IPv6 configurations.
If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the IPv6 protocol status on the interface is Down.
Therefore, the device cannot forward IPv6 data.
Procedure
Step 1 Run:
system-view
The view of the VLANIF interface to be enabled with the IPv6 capability is displayed.
Step 4 Run:
ipv6 enable
123
address of a link is valid only for the link. A packet with a link-local address as the source or
destination address is forwarded only along the local link.
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
124
Procedure
l
Run the display ipv6 statistics command to view statistics on IPv6 packets.
----End
Applicable Environment
Most of the ND configurations are implemented based on the interfaces.
Pre-configuration Tasks
Before configuring IPv6 neighbor discovery, complete the following tasks:
l
Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
Issue 01 (2011-10-26)
125
No.
Data
Hop limit of ND
Interface MTU
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
126
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
127
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
128
Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can
configure the number of DAD messages which are sent continuously.
Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS
re-transmitting time interval is 1000ms.
Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. By default,
NUD value is 30000ms.
The MTU of the interface determines whether to fragment IP packets on the interface. Default
MTUs vary with interface types. The MTU on an GigabitEthernet interface defaults to be 1500
bytes.
Procedure
Step 1 Run:
system-view
129
NOTE
l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval must
be less than or equal to the life duration.
l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.
l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration
is still 1800 seconds.
Step 6 Run:
ipv6 nd dad attempts value
Follow-up Procedure
If the IPv6 MTU value is changed, run the shutdown command and the undo shudown
command orderly in the interface view to validate the configuration.
Prerequisite
The configurations of the IPv6 neighbor discovery function are complete.
Procedure
l
----End
Example
Run the display ipv6 neighbors command. If the cache of the neighbor information contains
neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.
<Quidway> display ipv6 neighbors VLANIF10
Issue 01 (2011-10-26)
130
Run the display ipv6 interface brief command. If information about the IPv6 address on the
interface and interface status are displayed, it means that the configuration succeeds.
<Quidway> display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface
Physical
VLANIF20
up
up
[IPv6 Address] 2030::101:101
VLANIF30
up
up
[IPv6 Address] 2001::1
LoopBack0
up
[IPv6 Address] Unassigned
Protocol
up(s)
CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you run the
command.
Procedure
l
To clear statistics about processing IPv6 packets, run the reset ipv6 statistics command in
the user view.
To clear the IPv6 neighbor cache entry, run the reset ipv6 neighbors { all | dynamic |
static | vid vlan-id [ interface-type interface-number] | interface-type interface-number }
command in the user view.
To clear statistics about TCP6, run the reset tcp ipv6 statistics command in the user view.
To clear statistics about UDP6, run the reset udp ipv6 statistics command in the user view.
----End
Issue 01 (2011-10-26)
131
Procedure
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command in any
view to view information about IPv6 on an interface.
Run the display ipv6 statistics command in any view to view statistics on IPv6 packets.
Run the display tcp ipv6 statistics command in any view to view statistics on TCP6
packets.
Run the display tcp ipv6 status command in any view to view the status of a TCP6
connection.
Run the display udp ipv6 statistics command in any view to view statistics on UDP6
packets.
Run the display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] command in any
view to view information about the specified socket.
Run the display ipv6 fib [ existing-slot-id ] command in any view to view information
about FIB.
----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, execute the undo
debugging all command to disable it immediately.
Run the following debugging commands in the user view to debug IPv6 and locate the fault.
For the procedures of displaying the debugging information, refer to the chapter "Information
Center Configuration" in the S5700 Ethernet Switches Configuration Guide - System
Management. For descriptions about the debugging commands, refer to the S5700 Ethernet
Switches Debugging Reference.
Procedure
l
Issue 01 (2011-10-26)
Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
132
Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and
ND messages.
Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to
debug IPv6 packet.
Run the debugging ipv6 pathmtu command in the user view to debug PMTU.
Run the debugging tcp ipv6 { event | packet } [ task-id task id | socket-id socket id ]
command in the user view to debug TCP6.
Run the debugging udp ipv6 packet [ task-id task id | socket-id socket id ] command in
the user view to debug UDP6.
----End
Networking Requirements
As shown in Figure 8-1, two Switches are connected through GE 0/0/1. The GE 0/0/1 interfaces
of Switch A and Switch B correspond to their VLANIF 100 interfaces. You need to set IPv6
global unicast addresses for the VLANIF 100 interfaces and check the Layer 3 interconnection
between them.
The IPv6 global unicast addresses for the interfaces are 3001::1/64 and 3001::2/64.
Figure 8-1 Networking diagram for setting IPv6 addresses
SwitchA
SwitchB
GE 0/0/1
VLANIF 100
3001::1/64
GE 0/0/1
VLANIF 100
3001::2/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data.
Issue 01 (2011-10-26)
133
Procedure
Step 1 Enable the IPv6 forwarding capability on the Switch.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6
# Configure Switch B.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6
Step 2 Configure the IPv6 global unicast address for the interfaces.
# Configure Switch A.
[SwitchA] vlan 100
[SwitchA-Vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ipv6 enable
[SwitchA-Vlanif100] ipv6 address 3001::1/64
[SwitchA-Vlanif100] quit
# Configure Switch B.
[SwitchB] vlan 100
[SwitchB-Vlan100] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ipv6 enable
[SwitchB-Vlanif100] ipv6 address 3001::2/64
[SwitchB-Vlanif100] quit
Issue 01 (2011-10-26)
134
# On Switch A, ping the link-local address of Switch B. Note that you need to use the parameter
-i to specify the interface of the link-local address.
[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100
PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=1 hop limit=64 time = 7 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- FE80::2E0:FCFF:FE33:11 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/7 ms
----End
Issue 01 (2011-10-26)
135
Configuration Files
l
Issue 01 (2011-10-26)
136
Issue 01 (2011-10-26)
137
Applicable Environment
DNS needs to be configured if the local users log on to a device using domain names to
communicate with other devices. The IPv6 DNS entries show the mapping between domain
names and IPv6 addresses.
If users seldom use the domain name to access other devices, or if the DNS server is unavailable,
a static DNS needs to be configured. To configure a static IPv6 DNS, the network administrator
needs to know the relation between domain names and IPv6 addresses, and manually modify
the IPv6 DNS entry when the relation changes.
If the users need to use the domain name to access many devices, and the DNS server is available,
a dynamic DNS can be configured. The dynamic DNS needs to be supported by a DNS server.
Pre-configuration Tasks
Before configuring IPv6 DNS, configure the route between a local device and a DNS server.
Data Preparation
To configure IPv6 DNS, you need the following data.
Issue 01 (2011-10-26)
138
No.
Data
Domain name of the static IPv6 DNS entry and the corresponding IPv6 address
Domain name of the dynamic IPv6 DNS or the domain name list
Procedure
Step 1 Run:
system-view
The host name and the corresponding IPv6 address are configured.
If the same host is configured with IPv6 addresses for several times (the maximum times is 8
IPv6 addresses), the IPv6 address configured earliest is used when needing to find the host with
the IPv6 address, such as ping this host.
----End
Context
If the IPv6 DNS server is configured with a link-local address, the interface name should also
be configured with the IPv6 address.
Figure 9-1 DNS server connecting IPv4 and IPv6 networks
DNS server
IPv4 link
Issue 01 (2011-10-26)
139
CAUTION
If multiple DNS servers are configured, the servers are queried in the order of configuration till
proper response is received. If both IPv4 and IPv6 servers are configured, the A query is first
sent to the IPv4 server, while AAAA query packets are first sent to the IPv6 server.
The DNS domains are configured on a device and the domain names can be searched. If the
DNS fails in searching for a host name, it appends a domain name to the host name following a
"." and continues the DNS search. You can configure some commonly used domain names like
"com", and "net". For example, if the search for the host name "huawei" fails, the system then
searches for "huawei.com" or "huawei.net".
Do as follows on the switch:
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the IPv6 DNS function are complete.
Issue 01 (2011-10-26)
140
Procedure
l
Run the display ipv6 host command to check the static IPv6 DNS table.
Run the display dns server command to check the configuration of the DNS server.
Run the display dns domain command to check the configuration of the suffix list of the
domain name.
Run the display dns ipv6 dynamic-host command to check the cache of the dynamic
domain name.
----End
Example
Run the display ipv6 host command. If the static IPv6 DNS entries, including the host name
and the IPv6 address, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ipv6 host
Host
Age
RTB
0
RTA
0
Flags
static
static
IPv6Address (es)
20::1
20::2
Run the display dns server command. If the IPv6 addresses of all DNS servers are displayed,
it means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
169.254.65.125
IPv6 Dns Servers:
Domain-server Ipv6Address
1
3001::2
2
FE80::2
(Interface Name)
GigabitEthernet6/0/0
Run the display dns domain command. If the suffixes of the domain names are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns domain
No
Domain-name
1
com
2
net
Run the display dns ipv6 dynamic-host command. If information about the cache of the
dynamic domain name is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
TTL
1
huawei6
3001::2
6
141
Context
CAUTION
IPv6 DNS entries cannot be restored after being cleared. So, confirm the action before you use
this command.
Procedure
Step 1 Run the reset dns ipv6 dynamic-host command in the user view to clear dynamic IPv6 DNS
entries statistics in the domain name cache.
----End
Context
In routine maintenance, you can run the following commands in any view to check the operation
of IPv6 DNS.
Procedure
l
Run:
display dns domain
Run:
display dns server
Run:
display dns ipv6 dynamic-host
Contents about the cache of the IPv6 dynamic domain names are checked.
l
Run:
display ipv6 host
142
Networking Requirements
As shown in Figure 9-2, Switch A, functioning as the IPv6 DNS client and working jointly
whose IPv6 DNS server, can access the host with the IP address as 2002::1/64 based on the
domain name huawei.com.
On Switch A, the static IPv6 DNS entries of Switch B and Switch C are configured. This ensures
that Switch A can manage both the routers based on the domain names Switch B and Switch C.
Figure 9-2 Networking diagram of IPv6 DNS configurations
Loopback0
4.1.1.1/32
GE0/0/1
VLANIF100 SwitchB
2001::1/64
DNS client
SwitchA
GE0/0/1
VLANIF101
2001::2/64
Loopback0
4.1.1.2/32
GE0/0/1
VLANIF101
2003::1/64
SwitchC
GE0/0/2
VLANIF100
2002::2/64
GE0/0/2
VLANIF100 DNS server
2002::3/64 2003::2/64
huawei.com
2002::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure Switch A.
# Configure static IPv6 DNS entries.
<SwitchA> system-view
Issue 01 (2011-10-26)
143
To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server.
For details of how to configure the route, see Configuration example of IP static route in the Quidway
S5700 Series Ethernet Switches Configuration Guide - IP Routing.
break
time=6
time=4
time=4
time=4
time=4
ms
ms
ms
ms
ms
# Run the display ipv6 host command on SwitchA. You can view the mapping relationships
between the host names in static IPv6 DNS entries and the IPv6 addresses.
<SwitchA> display ipv6 host
Host
Age
SwitchB
0
SwitchC
0
Flags
static
static
IPv6Address (es)
2001::2
2002::3
Run the display dns ipv6 dynamic-host command on SwitchA. You can view information about
dynamic IPv6 DNS entries in the dynamic cache.
<SwitchA> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
1
huawei.com
2002::1
TTL
3579
NOTE
TTL in the command output indicates the life time of the entry, in seconds.
----End
Issue 01 (2011-10-26)
144
Configuration Files
l
#
sysname SwitchA
#
vlan batch 100
#
ipv6
#
ipv6 host SwitchB 2001::2
ipv6 host SwitchC 2002::3
#
dns resolve
dns server ipv6 2003::2
dns domain net
dns domain com
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface vlanif100
ipv6 enable
ipv6 address 2001::1/64
#
return
Issue 01 (2011-10-26)
145
#
interface vlanif100
ipv6 enable
ipv6 address 2002::3/64
#
interface vlanif101
ipv6 enable
ipv6 address 2003::1/64
#
return
Issue 01 (2011-10-26)
146
10
Context
The S5706 does not support this function.
10.1 Introduction to IPv6 over IPv4
An IPv6 packet is transparently transmitted after being encapsulated into an IPv4 packet.
10.2 IPv6 over IPv4 Supported by the S5700
You can configure manual IPv6 over IPv4 tunnels or 6to4 tunnels to interconnect IPv6 networks.
10.3 Configuring IPv4/IPv6 Dual Stacks
To establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite and
the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.
10.4 Configuring an IPv6 over IPv4 Tunnel
You can interconnect IPv6 networks by using IPv4 networks.
10.5 Configuration Examples
This section provides configuration examples of IPv6 over IPv4 tunnel.
Issue 01 (2011-10-26)
147
Dual Stacks
The simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve a
complete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure
10-1 shows a single stack structure and a dual stack structure.
Figure 10-1 Single stack and dual stack structures (Ethernet)
IPv4 Application
UDP
TCP
IPv4
Protocol ID:
0x0800
Ethernet
IPv4/IPv6 Application
TCP
UDP
IPv6
Protocol ID: Protocol ID:
0x86DD
0x0800
Ethernet
IPv4 Stack
Dual Stack
Issue 01 (2011-10-26)
148
2.
3.
4.
Dual Stack
Router
IPv6
IPv4
Tunnel
Dual Stack
Router
IPv6
IPv6 host
IPv6 host
IPv6 Header
IPv6 Header
IPv6 Data
IPv4 Header
IPv6 Header
IPv6 Data
IPv6 Data
The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 over
IPv4 tunnel. Tunnels can be classified according to their setup modes.
The common IPv6 over IPv4 tunnel modes include:
l
6to4 tunnels
149
The manual tunnel can be used between isolated IPv6 networks. It can also be used between a
border device and a host. In this case, the host and the device on both ends of the tunnel must
support the IPv4 and the IPv6 protocol stacks.
6to4 Tunnel
A 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over an
IPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6
network and the IPv4 network. The border device on both the ends of the 6to4 tunnel must
support the IPv4 and the IPv6 dual protocol stacks at the same time.
The key difference between the 6to4 tunnel and the manual tunnel is that the former can be a
point-to-multipoint connection, and the latter is only a point-to-point connection. Hence, the
devices of the 6to4 tunnel are not configured in pairs.
The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. You
need not specify the IPv4-compatible IPv6 address for it.
The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the following
format:
2002:IPv4 address: subnet ID:interface ID
The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4
address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address must
be configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4
network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both the
subnet ID and the interface ID are allocated in the isolated IPv6 domains.
As shown in Figure 10-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4
network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address of
the host or device in Site1 is the IPv4 address of the interface through which Switch A accesses
the IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or device
in Site2 is the IPv4 address of the interface through which Switch B accesses the IPv4 network.
Switch A and Switch B are both 6to4 devices.
Figure 10-3 6to4 tunnel and 6to4 relay
6to4
Router
6to4
Network
Site1
6to4
Router
6to4
Network
Site2
SwitchB
IPv4
Network
SwitchA
6to4
Relay
SwitchC
IPv6
Internet
Site3
When the host in Site1 accesses the host in Site2, the process concerned is as follows:
Issue 01 (2011-10-26)
150
1.
2.
Switch A checks the destination address of the IPv6 packet and finds that the address is the
6to4 address, from which Switch A obtains the remote IPv4 address of the 6to4 tunnel.
3.
Switch A encapsulates this IPv6 packet into the IPv4 packet. The destination address of
IPv4 packet header is the remote IPv4 address of the tunnel, and its source address is the
local IPv4 address of the tunnel.
4.
5.
Switch B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6 packet
to the destination host in Site2.
The above process implements the communication between the 6to4 networks. To implement
the communication between the 6to4 network and native IPv6 network, a 6to4 relay device is
needed. The so-called native IPv6 network means that both its internal host and device are not
configured with the 6to4 address.
The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network.
One side of the 6to4 relay device is connected to the native IPv6 network; the other side is
connected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device.
As shown in Figure 10-3, when the host in the 6to4 network accesses the IPv6 Internet, the
process concerned is as follows:
1.
2.
3.
The IPv6 packet is encapsulated into the IPv4 packet and is sent to Switch C.
4.
Switch C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends the
IPv6 packet to the destination host in the IPv6 Internet.
ISATAP Tunnel
The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6
network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device.
The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows:
Prefix (64bit)::5EFE:IPv4-Address
When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in a
same IPv4 network), the IPv4 address embedded into the ISATAP address can be either a public
network address or a private network address.
As shown in Figure 10-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as
follows:
1.
2.
3.
Issue 01 (2011-10-26)
151
The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with
5EFE:IPv4-Address, and uses this address to access the IPv6 host.
Figure 10-4 ISATAP tunnel
IPv4
Network
ISATAP Tunnel
IPv6
Network
IPv6 Host
ISATAP
Switch
IPv4/IPv6 Host
2.1.1.1
FE80::5EFE:0201:0101
3FFE::5EFE:0201:0101
The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps given
above.
2.
The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host in
the IPv6 network.
3.
An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6
host.
Applicable Environment
If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to be
enabled on the device.
Enabling the IPv4/IPv6 dual protocol stacks on the S5700 is a simple process. Enable the IPv6
packet forwarding capacity in the system view and configure an IPv4 address or IPv6 address
on the corresponding interface. The device can then forward IPv4 and IPv6 packets on the
corresponding interface.
Pre-configuration Tasks
Before configuring IPv6 tunnels, complete the following tasks:
Issue 01 (2011-10-26)
152
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data.
No.
Data
Type and number of the interface connected with the IPv4 network
IPv4 address and mask of the interface connected with the IPv4 network
Type and number of the interface connected with the IPv6 network
IPv6 address and prefix of the interface connected with the IPv6 network
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l
If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The interface on the device is not of the IPv6 capability
and hence you cannot perform any IPv6 configurations.
If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the IPv6 protocol status on the interface is Down and the
device cannot forward IPv6 data.
Procedure
Step 1 Run:
system-view
153
Step 3 Run:
interface vlanif vlan-id
The view of the interface to be enabled with the IPv6 capability is displayed.
Step 4 Run:
ipv6 enable
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
154
Procedure
Step 1 Run the display ipv6 interface command to view the IPv6 information about the interface.
----End
Applicable Environment
To enable communication between two IPv6 networks over the IPv4 network, configure an IPv6
over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.
Pre-configuration Tasks
Before configuring an IPv6 over IPv4 tunnel, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer protocol for the interface and ensuring that the status of the link
layer protocol on the interface is Up
Data Preparation
To configure an IPv6 over IPv4 tunnel, you need the following data.
155
Context
Before enabling the service loopback function on an Eth-Trunk interface, note the following:
l
Before enabling the service loopback function, create an Eth-Trunk, add member interfaces
to the Eth-Trunk and keep it in the Up state.
Only one interface enabled with the service loopback function is needed on a device.
Procedure
Step 1 Run:
system-view
Context
Note the following when configuring an IPv6 over IPv4 manual tunnel:
l
Create only one interface enabled with the service loopback function on a device first, and
keep it in the Up state.
Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface.
You need to conduct the following configurations on the devices on both the ends of the
tunnel. During the configuration, note that the source address of the local tunnel end is the
Issue 01 (2011-10-26)
156
destination address set for the remote tunnel end; the destination address of the local tunnel
end is the source address set for the remote tunnel end.
l
To support dynamic routing protocol, you also need to configure the tunnel interface with
a network address.
Procedure
Step 1 Run:
system-view
The destination address of the tunnel can be the address of a physical interface or the address of a loopback
interface.
Step 6 Run:
ipv6 enable
Context
Note the following when configuring a 6to4 tunnel:
l
Issue 01 (2011-10-26)
157
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. The
destination address of the tunnel is automatically obtained from the destination IP address
field carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnel
must be unique.
On the border device, configure a 6to4 address on the interface that is connected with the
6to4 network, and configure an IPv4 address on the interface that is connected with the
IPv4 network. To make the tunnel support the routing protocol, configure an IP address for
the tunnel interface.
Procedure
Step 1 Run:
system-view
Follow-up Procedure
The configuration of 6to4 relay needed to access the IPv6 network, is similar to the 6to4 tunnel.
For the configuration example, see "Example for Configuring 6to4 Relay."
158
Context
Note the following when configuring an ISATAP tunnel:
l
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
When configuring an ISATAP tunnel, you need to specify only the source address of the
tunnel. The destination address of the tunnel is automatically obtained from the destination
IP address field carried in the original IPv6 packet. Note that the source interface of the
ISATAP tunnel must be unique.
The IPv6 address configured on the tunnel interface is an ISATAP address with a prefix
length of 64 bits.
Procedure
Step 1 Run:
system-view
Context
Configuring routes in the tunnel comprises configuring static routes and dynamic routes.
Issue 01 (2011-10-26)
159
When configuring a static route, you need to run the ipv6 route-static dest-ipv6-address
prefix-length { interface-type interface-number nexthop-ipv6-address | nexthop-ipv6address } command to configure a route destined for the destination address (the destination
address specified before the packet encapsulation, rather than the destination address of the
tunnel). In addition, you need to set the next hop address to the address of the interface on
the remote end of the tunnel.
You can enable dynamic routing protocol on the tunnel interface connected to the private
networks and on the device interface.
Procedure
Step 1 Run the display ipv6 interface tunnel interface-number command to view the IPv6 attribute
of the tunnel interface.
----End
Networking Requirements
As shown in Figure 10-5, two IPv6 networks are connected to Switch B on the IPv4 backbone
network respectively through Switch A and Switch C. To enable the communication between
two IPv6 networks, manually configure an IPv6 over IPv4 tunnel between Switch A and
Switch C.
Figure 10-5 Networking diagram for configuring the IPv6 over IPv4 tunnel manually
GE 0/0/1
VLANIF 100
192.168.50.1/24
GE 0/0/1
VLANIF 100
192.168.50.2/24
IPv6
GE 0/0/2
VLANIF 200
192.168.51.1/24
GE 0/0/1
VLANIF 200
192.168.51.2/24
SwitchB
Dual
stack
SwitchA
Issue 01 (2011-10-26)
IPv4
network
Dual
stack
IPv6
SwitchC
160
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Set the IP address for the VLANIF interface mapping with the physical interface.
3.
Configure IPv6 addresses, source interface, and destination addresses for the tunnel
interfaces.
4.
Data Preparation
To complete the configuration, you need the following data.
l
IP addresses of interfaces
Procedure
Step 1 Configure Switch A.
# Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
161
[SwitchA-Tunnel0/0/1] eth-trunk 1
# Set IPv6 address and destination address for the tunnel interface.
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
ipv6 enable
ipv6 address 3001::1/64
source vlanif 100
destination 192.168.51.2
quit
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet0/0/1
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
Issue 01 (2011-10-26)
162
# Set IPv6 address and destination address for the tunnel interface.
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]
ipv6 enable
ipv6 address 3001::2/64
source vlanif 200
destination 192.168.50.2
quit
# On Switch C, ping the IPv6 address of Tunnel 0/0/1 of Switch A. Switch C can receive the
response packet from Switch A.
[SwitchC] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press
Reply from 3001::1
bytes=56 Sequence=1 hop limit=255
Reply from 3001::1
bytes=56 Sequence=2 hop limit=255
Reply from 3001::1
bytes=56 Sequence=3 hop limit=255
Reply from 3001::1
bytes=56 Sequence=4 hop limit=255
Reply from 3001::1
bytes=56 Sequence=5 hop limit=255
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/28 ms
CTRL_C to break
time = 28 ms
time = 27 ms
time = 26 ms
time = 27 ms
time = 26 ms
----End
Issue 01 (2011-10-26)
163
Configuration Files
l
Issue 01 (2011-10-26)
164
Networking Requirements
As shown in Figure 10-6, Switch A and Switch B are connected to a 6to4 network and an IPv4
backbone network respectively. To enable communication between two 6to4 network hosts, you
need to manually configure an 6to4 tunnel between Switch A and Switch B.
To enable communication between 6to4 networks, configure 6to4 addresses for the hosts on the
6to4 network. A 6to4 address has a 48-bit prefix, which is in the format 2002:IPv4 address. As
shown in Figure 10-6, the IPv4 address of the interface through which Switch A is connected
to the IPv4 network is 2.1.1.1. Therefore, the 6to4 address prefix of the 6to4 network where
Switch A is located is 2002:0201:0101::.
Figure 10-6 Networking diagram for configuring a 6to4 tunnel
GE 0/0/1
VLANIF 100
2.1.1.1
SwitchA
IPv4
GE 0/0/2
VLANIF 200
2002:201:101:1::1/64
PC1
IPv6
Issue 01 (2011-10-26)
Tunnel 0/0/1
2002:201:101::1/64
2002:201:101:1::2
GE 0/0/1
VLANIF 100
2.1.1.2
SwitchB
GE 0/0/2
VLANIF 200
2002:201:102:1::1/64
Tunnel 0/0/1
2002:201:102::1/64
2002:201:102:1::2
PC2
IPv6
165
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data.
l
Procedure
Step 1 # Configure Switch A.
# Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
Issue 01 (2011-10-26)
166
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
Issue 01 (2011-10-26)
167
NOTE
There must be a reachable route between SwitchA and SwitchB. In this example, the routing protocol needs
to be configured on GigabitEthernet0/0/1 of SwitchA and SwitchB to ensure a reachable route between
SwitchA and SwitchB. For the configuration procedure, see the Quidway S5700 Series Ethernet Switches
Configuration Guide - IP Routing.
# On Switch A, ping the 6to4 address of VLANIF 200 of Switch B. Switch A can receive the
response packet from Switch B.
[SwitchA] ping ipv6 2002:0201:0102:1::1
PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break
Reply from 2002:201:102:1::1
bytes=56 Sequence=1 hop limit=255 time = 8 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=2 hop limit=255 time = 25 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=3 hop limit=255 time = 4 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=4 hop limit=255 time = 5 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=5 hop limit=255 time = 5 ms
--- 2002:0201:0102:1::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/9/25 ms
----End
Configuration Files
l
Issue 01 (2011-10-26)
168
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
GigabitEthernet0/0/13
eth-trunk 1
#
interface Tunnel0/0/1
eth-trunk 1
ipv6 enable
ipv6 address 2002:201:101:1::1/64
tunnel-protocol ipv6-ipv4 6to4
source vlanif100
#
ipv6 route-static 2002:: 16 Tunnel 0/0/1
#
return
169
Network Requirements
As shown in Figure 10-7, an IPv6 host in the IPv4 network running the Windows XP system
needs to access the IPv6 network through a border device. Both the IPv6 host and the border
device support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host and
the border device.
Figure 10-7 Networking diagram of the ISATAP tunnel
IPv6
network
IPv6 host
3001::2
ISATAP
IPv4
network
Switch
ISATAP host
GE0/0/2
GE0/0/1
FE80::5EFE:0201:0102
VLANIF 100 VLANIF 200
2.1.1.2
3001::1/64 2.1.1.1/8
2001::5EFE:0201:0102
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Configure static routes from the IPv6 host to the ISATAP host.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure the ISATAP device.
# Enabling the service loopback function on an Eth-Trunk interface.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
Issue 01 (2011-10-26)
170
# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.
<Quidway> system-view
[Quidway] ipv6
[Quidway] vlan batch 100 200
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[Quidway-GigabitEthernet0/0/2] quit
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ipv6 enable
[Quidway-Vlanif100] ipv6 address 3001::1/64
[Quidway-Vlanif100] quit
[Quidway] interface vlanif 200
[Quidway-Vlanif200] ip address 2.1.1.1 255.0.0.0
[Quidway-Vlanif200] quit
The ISATAP host needs to run IPv6 and needs to be enabled with the IPv6 function.
# Configure a static route to the border device. (The pseudo interface number of the host is 2.
You can run the ipv6 if command to view the interface corresponding to the automatic tunneling
pseudo interface.)
C:\> netsh interface ipv6 isatap set router 2.1.1.1
Issue 01 (2011-10-26)
171
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses
# On the ISATAP device, ping the global unicast IP address of the tunnel interface on the
ISATAP host.
[Quidway] ping ipv6 2001::5efe:2.1.1.2
PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from 2001::5EFE:201:102
bytes=56 Sequence=1 hop limit=64 time = 4 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=3 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=5 hop limit=64 time = 2 ms
--- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/4 ms
# On the ISATAP host, ping the global unicast IP address of the ISATAP device.
C:\> ping6 2001::5efe:2.1.1.1
Pinging 2001::5efe:2.1.1.1
from 2001::5efe:2.1.1.2 with 32 bytes of data:
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Ping statistics for 2001::5efe:2.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
from
from
from
from
3001::2:
3001::2:
3001::2:
3001::2:
time<1ms
time<1ms
time<1ms
time<1ms
----End
Issue 01 (2011-10-26)
172
Configuration Files
The configuration file of the ISATAP device is as follows:
#
sysname Quidway
#
vlan batch 100 200
#
ipv6
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::1/64
#
interface Vlanif200
ip address 2.1.1.1 255.0.0.0
#
interface Eth-Trunk1
service-type tunnel
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/2
eth-trunk 1
ipv6 enable
ipv6 address 2001::/64 eui-64
undo ipv6 nd ra halt
tunnel-protocol ipv6-ipv4 isatap
source Vlanif200
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
return
Issue 01 (2011-10-26)
173