Professional Documents
Culture Documents
This section describes how to assign IPv6 addresses to access users and manage these IPv6
addresses.
Context
NOTE
This section describes how to configure the NE20E to allocate prefixes to the CPE when the
CPE works in unnumbered routing mode. The CPE allocates the prefixes to the attached host
to generate IPv6 addresses.
6.9 Configuring DHCPv6 (IA_NA+IA_PD) Address Allocation
This section describes how to configure the NE20E to use DHCPv6 to allocate IPv6 addresses
and prefixes to the WAN interface on the CPE when the CPE works in numbered routing
mode. The CPE sends the prefixes to the attached hosts for them to generate IPv6 addresses.
6.10 Configuring NDRA Address Allocation
This section describes how to configure the NE20E to use ND to allocate IPv6 addresses
when the CPE works in bridging mode.
6.11 Configuring NDRA+DHCPv6 (IA_PD) Address Allocation
This section describes how to configure the NE20E to use ND to allocate IPv6 addresses to
the WAN interfaces on the CPE and use DHCPv6 (IA_PD) to allocate prefixes to the CPE
when the CPE works in numbered routing mode. The CPE allocates the prefixes to the
attached hosts to generate IPv6 addresses.
6.12 Maintaining IPv6 Address Management
6.13 Configuration Examples for IPv6 Address Management
This section provides several examples of IPv6 address management. Each configuration
example includes the networking requirements, configuration notes, and configuration
roadmap.
The NE20E allows a user to access the network by configuring a fixed IP address, receiving
an IPv6 address from the RADIUS server or obtaining an IP address dynamically.
IP addresses cannot be Do not deploy these services If a user has been online, a
reserved based on MAC at the same time. new user with the same
addresses in scenarios where MAC address as the online
DHCPv6 and PPPoEv6 user cannot go online.
users have the same MAC If the user has been offline,
address and one-to-many the reserved address is
mapping between one MAC occupied by a new user with
address and multiple the same MAC address as
sessions is configured for the offline user.
PPPoEv6 users.
You can run the reserved None Users cannot use reserved
prefix command to prefixes to go online.
configure a reservation type
for the prefixes in a
delegation prefix pool. The
following reservation types
are supported: MAC
address-based reservation,
MAC address and lease-
based reservation, DUID-
based reservation, DUID
and lease-based reservation
l When ND assigns IPv6
prefixes in unshared
mode, MAC-based
reservation does not take
effect for L2TP users
because LNS-side users
have no MAC address.
IPoE and PPPoE support
MAC-based reservation
only.
l When DHCPv6 uses
IA_PD options to assign
IPv6 prefixes to L2TP
users, prefix reservations
based on MAC addresses
and based on MAC
addresses+leases are not
supported.
l IPv6 prefixes delivered
by RADIUS servers
cannot be reserved.
l Prefix reservations are
not supported when one
MAC address maps to
multiple sessions for
PPPoE users.
IP addresses cannot be Do not deploy these services If a user has been online, a
reserved based on MAC at the same time. new user with the same
addresses in scenarios where MAC address as the online
DHCPv6 and PPPoEv6 user cannot go online.
users have the same MAC If the user has been offline,
address and one-to-many the reserved address is
mapping between one MAC occupied by a new user with
address and multiple the same MAC address as
sessions is configured for the offline user.
PPPoEv6 users.
Usage Scenario
When users access the NE20E, it functions as a DHCPv6 relay agent and forwards user
address requests to the remote DHCPv6 servers. Configuring multiple DHCPv6 servers is
recommended to perform redundancy backup and load balancing among the remote servers.
The DHCPv6 server group must be bound to the remote address pool. This binding shields the
interactions between NE20E and DHCPv6 servers from the client.
Figure 6-1 Networking diagram of the NE20E as a DHCPv6 relay agent on user side
DHCPv6 Server
DNS Server
Access Backbone
network network
DHCPv6 Relay
HOST CPE agent
Pre-configuration Tasks
The remote DHCPv6 servers have been deployed.
Configuration Procedures
Figure 6-2 Flowchart for configuring a DHCPv6 relay agent on the user side
Configuring a Remote IPv6 Prefix
Pool
Mandatory
Optional
Context
Perform the following steps on the NE20E.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ipv6 prefix prefix-name remote
A remote IPv6 prefix pool is created and the IPv6 prefix pool view is displayed.
Step 3 Run link-address ipv6-address / prefix-length
The link address is configured.
When the remote server allocates addresses or prefixes, link addresses must be configured on
the relay.
Step 4 (Optional) Run lock
The IPv6 prefix pool is locked.
No prefix in the locked IPv6 prefix pool can be allocated, preventing new users from getting
online using the IPv6 prefix pool.
This command applies to a scenario where the IPv6 prefix pool cannot be deleted because it is
being used by online users. Lock the IPv6 prefix pool first to stop it from allocating prefixes.
The prefixes in the IPv6 prefix pool will be released when the users get offline. Then the IPv6
prefix pool can be deleted.
Step 5 (Optional) Run vpn-instance vpn-instance-name
The VPN instance is configured for the prefix pool.
Step 6 Run remote-ip lease manage
The lease management function is enabled for the remote ipv6 prefix pool.
Step 7 Run commit
The configuration is committed.
----End
Context
Perform the following steps on the NE20E.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ipv6 pool pool-name bas remote
An IPv6 address pool is created, and the IPv6 address pool view is displayed.
Step 3 Run prefix prefix-name
The IPv6 address pool is bound to the IPv6 prefix pool.
Step 4 (Optional) Run preference preference-value
A priority value is set for the IPv6 address pool.
Step 5 Run export host-route
Advertisement of the routes in the remote address pool is enabled.
Step 6 (Optional) Configure the device to assign addresses from IPv6 remote address pools based on
weights of the address pools.
1. Run weight weight-valuecommit
A weight is configured for the IPv6 address pool.
2. Run commit
The configuration is committed.
3. Run quit
Return to the system view.
4. Run ipv6-pool algorithm loading-share remote
The device is configured to assign addresses from IPv6 remote address pools based on
their weights.
NOTE
This function applies only to IPv6 remote address pools and local rui-slave address pools.
----End
Context
Perform the following steps on router:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dhcpv6-server group group-name
A DHCPv6 server group is created and the DHCPv6 server group view is displayed.
Step 3 Run dhcpv6-server { destination ipv6-address [ vpn-instance vpn-instance ] | interface
interface-type interface-number } [ weight weight-value ]
NOTE
– The dhcpv6 relay option-insert mode type1 [ remote-id { neba | vula } ] and dhcpv6 relay
option-insert { interface-id mode { cn-telecom | tr-101 } | remote-id } commands are
mutually exclusive.
– The dhcpv6 relay option-insert mode type1 command takes effect in real time. After the
command is run on an interface, the command configuration takes effect for online users on
the interface.
3. Run quit
Return to the system view.
Step 9 (Optional) Run dhcpv6-server [ ipv6-address [ vpn-instance vpn-instance ] ] { dead-count
dead-count | timeout timeout-value | dead-time dead-time } *
The threshold of status (Up/Down) switchover for a DHCPv6 server are configured.
The rate at which Solicit packets are sent to the DHCPv6 server is configured.
----End
Context
Perform the following steps on NE20E.
Procedure
Step 1 Run system-view
----End
Prerequisites
The address pool to be bound has been created and bound to a prefix pool.
Context
Perform the following steps on router.
Procedure
Step 1 Run system-view
The threshold for the usage of IPv6 addresses and prefixes is configured.
----End
Context
When IPv6 addresses are assigned from a remote IPv6 address pool, you can configure the
device to insert the self-defined Option 18 and Option 37 attributes into Relay-forward
messages to be sent to the DHCPv6 server.
Option 18 identifies the interface on which client messages are received on a DHCP relay
agent, facilitating the forwarding of Relay-reply messages. The DHCP server can also assign
addresses/prefixes based on the Option 18 attribute, which plays a similar role as the circuit-id
sub-attribute carried in the Option 82 attribute of DHCP messages.
A DHCP relay agent inserts additional information about remote users into the Option 37
attribute, which plays a similar role as remote-id sub-attribute carried in the Option 82
attribute of DHCP messages.
Procedure
Step 1 Run system-view
The device is enabled to insert the self-defined Option 18 attribute into a Relay-forward
message to be sent to the DHCPv6 server.
The device is enabled to insert the self-defined Option 37 attribute into a Relay-forward
message to be sent to the DHCPv6 server.
----End
Procedure
l Run the display ipv6 pool [ pool-name ] command to check the IPv6 address pool
configurations.
l Run the display ipv6 prefix [ prefix-name [ all | used ] ] command to check the IPv6
prefix pool configurations.
l Run the display dhcpv6-server statistics { ipv6-address [ vpn-instance vpn-instance ]|
interface interface-type interface-number }command to check packet statistics on a
DHCPv6 server.
l Run the display dhcpv6-server item { ipv6-address [ vpn-instance vpn-instance ] |
interface interface-type interface-number } command to check information about the
DHCPv6 server.
l Run the display ipv6-pool max-ratio domain command to check information about
IPv6 address pool or prefix pool usage in all domains on the device.
Usage Scenario
DHCPv6 PD is used to manage and configure IPv6 network segments.
On an IPv4 network, the NE20E uses DHCPv4 to allocate IPv4 addresses to the CPE; the
CPE allocates private IPv4 addresses to home users and forwards IPv4 packets through NAT.
On an IPv6 network, all users can obtain global unicast addresses. The CPE working in
unnumbered mode uses DHCPv6 to obtain the prefixes from the NE20E and allocates IPv6
addresses to the host.
DHCPv6-PD
Access
network
Requesting
Delegating
DeviceA
DeviceB
Pre-configuration Tasks
Before configuring NE20E as a delegating router, enable IPv6 on interfaces
Configuration Procedures
Mandatory
Optional
Context
When the NE20E functions as a DHCPv6 server, DHCPv6 Server DUID should be
configured .
When the NE20E functions as a DHCPv6 relay agent and encapsulates Options 37 to relay-
forward packets, DHCPv6 Server DUID should be configured .
Procedure
Step 1 Run system-view
When a DHCPv6 client interacts with a DHCPv6 server, each of the client and server is
identified by a unique DUID. A DHCPv6 server identifies a DHCPv6 client with a client
DUID and uses the client DUID in the local address allocation; a DHCPv6 client identifies a
DHCPv6 server with a server DUID.
----End
Context
l Prefix configuration
Only one prefix and one mask can be configured for a local prefix pool. The mask length
ranges from 1 bit to 128 bits.
l Prefix locking configuration
After a prefix pool is locked, the leases of prefixes that have been allocated cannot be
extended and new addresses cannot be allocated.
l Address conflict resolution configuration
If an IPv6 address status conflict is resolved, the address can be allocated to another user.
l Binding an IPv6 prefix pool to a VPN instance
After a prefix pool is bound to a VPN instance, prefixes in the prefix pool can be
allocated to VPN users.
l Prefix lease configuration
A preferred prefix lifetime and valid prefix lifetime can be configured. The default value
for the preferred prefix lifetime is 2 days, and the default value for the valid prefix
lifetime is 3 days. The preferred prefix lifetime is used to limit the lease renewal time
and rebinding time. By default, the lease renewal time accounts for 50% of the preferred
prefix lifetime, and rebinding time accounts for 80% of the preferred lifetime. The valid
prefix lifetime specifies the validity period in which an address can be used.
l Address reservation configuration
Addresses in the local prefix pool have four reservation types:
– 1: MAC reservation
– 2: MAC+lease-based reservation
– 3: DUID reservation
– 4: DUID+lease-based reservation
l Address withdrawal
The address of an offline user can be withdrawn using the command.
l Exclusive prefix pool configuration
The delegation prefix pool can be used to allocate unshared prefixes to ND users or
prefixes only to DHCPv6 (IA_PD) users.
l Prefix exclusion
In complex network planning, some IPv6 prefixes cannot be allocated to users.
l Address exclusion
In complex network planning, some IPv6 addresses cannot be allocated to users.
Perform the following steps on the NE20E.
Procedure
Step 1 Run system-view
The delegation prefix pool is configured only for DHCPv6 IA_PD prefix allocation.
Step 10 (Optional) Run dhcpv6-unshare-only
The prefix pool is configured to assign only IPv6 addresses not prefixes to users.
NOTE
NOTE
To enable the NE20E to manage the leases of RADIUS-delivered IPv6 addresses that are not in the supported
address pools, run the access frame-ipv6 lease manage pool-exclude command in the system view.
----End
Context
l Prefix binding
A prefix pool can be bound to only one address pool. Similarly, an address pool can be
bound to only one prefix pool. Table 6-1 shows the binding between address pools and
prefix pools.
l Priority configuration
Among address pools of the same type, the greater the value of pool, the higher its
priority.
In NDRA address allocation mode, BAS local address pools are used to allocate shared
prefixes, while BAS delegation address pools are used to allocate unshared prefixes. A
BAS delegation address pool configured with slaac-unshare-only takes precedence over
other BAS delegation address pools.
l Address pool binding configuration
An IPv6 address pool whose addresses are in use cannot be deleted. To delete an IPv6
address pool, first run the lock command in the IPv6 address pool view to lock the pool
and then delete it after all online users have logged out.
l DNS suffix configuration
Only one domain name suffix can be set for an IPv6 address pool.
l DNS server configuration
A maximum of two DNS servers can be bound to an IPv6 address pool.
l Address lease configuration
If an IPv6 address pool has been bound to a domain, the address lease cannot be
changed.
Procedure
Step 1 Run system-view
An IPv6 address pool is created, and the view of the IPv6 address pool is displayed.
A DNS server is specified for an IPv6 address pool. An IPv6 address is used to specify a DNS
server.
A lease renewal time and rebinding time are set for the IPv6 address pool.
By default, the renewal time for an IPv6 address pool is 50% of the preferred lifetime and the
rebinding time is 80% of the preferred lifetime.
Step 8 (Optional) Run option code { ipv6-address ipv6-address & <1-2> | string string | hex hex-
string | { suboption subcode { ipv6-address ipv6-address | string string | hex hex-string } }
& <1-16> }
A DHCPv6 user-defined option is configured.
Step 9 Run commit
The configuration is committed.
----End
Prerequisites
An IPv6 delegation address pool has been configured.
Context
Perform the following steps on router:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run aaa
The AAA view is displayed.
Step 3 Run domain domain-name
A domain is created and the AAA domain view is displayed.
Step 4 Run ipv6-pool pool-name
An IPv6 delegation address pool is bound to the domain.
Step 5 (Optional) Run ipv6-warning-threshold { upper-limit-value | lower-limit lower-limit-value }
Threshold for the usage of IPv6 addresses and prefixes is configured.
Step 6 (Optional) Run prefix-assign-mode unshared
IPv6 prefix allocation mode is set to unshared mode. IPv6 users do not share the same IPv6
prefix.
Step 7 (Optional) Configure different users of a home connected to the network through a hub to
communicate with each other directly rather than through a BRAS.
NOTE
You must run the dhcpv6-unshare-only command in the IPv6 prefix pool view before performing this
step.
The device is configured to assign IPv6 addresses to users based on the Option 18 or
Option 37 attribute.
2. Run ipv6 nd ra link-prefix
The device is configured to send RA packets carrying the first 64 bits of the addresses
assigned to IPv6 users as on-link prefixes.
Step 8 Run commit
The configuration is committed.
----End
Procedure
l Run the display ipv6 pool [ pool-name ] command to check the IPv6 address pool
configurations.
l Run the display ipv6 prefix [ prefix-name [ all | used | start-ipv6-prefix [ end-ipv6-
prefix ] ] ] command to check the IPv6 prefix pool configurations.
l Run the display dhcpv6 upgrade command to check the lease configuration for
DHCPv6 users to determine the time when the device restarts.
l Run the display dhcpv6-access user-table command to query the detailed information
about online DHCPv6 users.
l Run the display dhcpv6-access statistic command to check statistics about packets
exchanged between users and the DHCPv6 server.
l Run the display ipv6-pool max-ratio domain command to check information about
IPv6 address pool or prefix pool usage in all domains on the device.
l Run the display ipv6-pool pool-usage { upper-threshold | lower-threshold | all-
threshold } command to check information about domains whose IPv6 address pool or
prefix pool usage exceeds a specified threshold.
----End
Example
Run the display ipv6 pool command, you can view brief information about all IPv6 address
pools.
<HUAWEI> display ipv6 pool
----------------------------------------------------------------------
Pool name : lj
Pool No : 3
Pool constant index: -
Pool type : BAS LOCAL
RUI-Flag : -
Preference : 255
Renew time : 50
Rebind time : 80
Status : UNLOCKED
Refresh interval : infinite
Used by domain : 0
Dhcpv6 Unicast : disable
Dhcpv6 rapid-commit: disable
Dns list : -
Dns server master : -
Dns server slave : -
AFTR name : -
Warning Threshold : 10
Warning Exhaust Switch: TRUE
----------------------------------------------------------------------
Prefix-Name Prefix-Type
----------------------------------------------------------------------
lj LOCAL
----------------------------------------------------------------------
Run the display ipv6 prefix command, you can view the configuration of all IPv6 prefix
pools.
<HUAWEI> display ipv6 prefix
-------------------------------------------------------------------------------
Index Name Address/Length Type
Constant-index
-------------------------------------------------------------------------------
0 dg 2021::/46 DELEGATION
-
1 dl - REMOTE
-
2 dpc 2011::/64 LOCAL
-
3 god6 2012::/64 LOCAL
-
4 prefix1 - LOCAL
-
5 tt 1000::/64 LOCAL
-
6 wm 1111::/64 LOCAL
-
7 ww 2222::/46 DELEGATION
-
-------------------------------------------------------------------------------
Total created prefix pool(s): 8
Run the display dhcpv6 upgrade command, you can view leases of DHCPv6 users.
<HUAWEI> display dhcpv6 upgrade
DHCPv6 upgrade: enable.
Preferred lifetime: 0days 0hours 30minutes
Valid lifetime: 0days 1hours 0minutes
Renew time percent: 50%
Rebind time percent:80%
Renew time: 0days 0hours 15minutes
Rebind time: 0days 0hours 24minutes
Access DHCPv6 user count of new lifetime: 100
Access DHCPv6 user count of old lifetime: 100
Access DHCPv6 user count of infinite lifetime: 10
Max interval from current for old lifetime DHCPv6 user renew: 0days 0hours
15minutes
Run the display dhcpv6-access user-table command, you can view detailed information
about the DHCPv6 user with user-id set to 2.
<HUAWEI> display dhcpv6-access user-table user-id 2
-------------------------------------------------------------------
Interface : GigabitEthernet0/1/0.3
SVLAN/CVLAN : 3/0
User Link-Local Address : FE80::202:1FF:FE01:10C
User Address Type : IA_NA
DNS search list : -
AFTR name : -
Option15 : 01 02 03 04 05 06 07 08 09
User DUID : 00 03 00 01 00 02 01 01 01 0C
User MAC Address : 0002-0101-010C
User-ID : 2
Index : 1
User State : ONLINE
VPN Instance : -
Session ID : 2147483649
Client DUID to Remote Server : 00 02 00 00 07 DB FF FF 80 00 00 01 01 01 01 01
01 01 00 00
Run the display dhcpv6-access statistic command, you can view statistics about packets
exchanged between users and DHCPv6 server.
<HUAWEI> display dhcpv6-access statistic
-------------------------------------------------------------------------
Received Packets
-------------------------------------------------------------------------
Total Packets : 40
-------------------------------------------------------------------------
Sent Packets
-------------------------------------------------------------------------
Total Packets : 18
Sent to Clients : 18
Advertise Packets : 8
Reply Packets : 10
Sent to Servers : 0
Solicit Packets : 0
Request Packets : 0
Renew Packets : 0
Rebind Packets : 0
Confirm Packets : 0
Release Packets : 0
Decline Packets : 0
-------------------------------------------------------------------------
Run the display ipv6-pool max-ratio domain command to view information about IPv6
address pool or prefix pool usage in all domains on the device.
<BASE_VNFC1> display ipv6-pool max-ratio domain
----------------------------------------------------------------------------
Domain name:
Address Current Max Time
NDRA Unshared Prefix Current Max Time
Delegation Prefix Current Max Time
----------------------------------------------------------------------------
isp2
10% 40% 2012-08-07 15:31:50
0 0 -
0 0 -
----------------------------------------------------------------------------
Context
l Transparent transmission of DHCPv6 packets and the speed threshold at which solicit
packets are sent
When receiving the DHCPv6 Solicit packet that the online user terminal, the NE20E
forces the user to go offline and waits until the user sends a DHCPv6 Solicit packet to
obtain the address through DHCPv6.
If a user terminal that does not support retransmission of DHCP Solicit packets is
restarted immediately after a user logout, the NE20E is unable to detect the logout event.
In this case, run the dhcpv6 through-packet command to enable transparent
transmission of DHCPv6 packets so that the user can normally log in to the NE20E.
The dhcpv6 solicit-speed-threshold command is used when the speed at which users go
online needs to be limited.
l DHCPv6 server unicast mode and two-message exchange between a DHCPv6 client and
a DHCPv6 server
The dhcpv6 unicast-option command must be run if the DHCPv6 server needs to
communicate with DHCPv6 clients in unicast mode.
In certain situations, for example, when a DHCPv6 client retains the last IP address it
was allocated, the client can obtain an IP address through a rapid two-message exchange
if the Solicit packet sent from the client contains the Rapid Commit option and the server
also supports this option.
Procedure
l Configure transparent transmission of DHCPv6 packets.
a. Run system-view
The more solicit packets are sent within a specified time period, the faster users go
online.
l Configure DHCPv6 server unicast mode and two-message exchange between a DHCPv6
client and a DHCPv6 server.
a. Run system-view
This command run in the system view allows all DHCPv6 clients with the Rapid
Commit option to obtain IP addresses through a rapid two-message exchange.
Without this command run in the system view, the dhcpv6 rapid-commit
command configured in the view of the IPv6 address pool allocated by the client
determines whether to use a rapid two-message exchange.
c. Run ipv6 pool pool-name { bas { local | delegation | relay } }
An IPv6 address pool is created, and the IPv6 address pool view is displayed.
d. (Optional) Run dhcpv6 unicast-option
Unicast mode is configured on the DHCPv6 server.Then, the DHCPv6 server can
receive unicast DHCPv6 messages and instruct the DHCPv6 clients to
communicate with the DHCPv6 server in unicast mode.
e. (Optional) Run dhcpv6 rapid-commit
----End
Context
In DHCPv6 scenarios, Layer 2 relay agents insert Option 37 to the relay header of Relay-
forward messages. When the NE20E receives the Relay-forward messages, the NE20E can
parse Option 37. However, if Layer 2 relay agents insert Option 37 to DHCPv6 Solicit or
Request messages instead of the relay header of Relay-forward messages, the NE20E can
parse Option 37 only if it is 10 or 16 bytes in length. In this case, configure the NE20E to
parse Option 37 of any format in DHCPv6 Solicit or Request messages.
Procedure
Step 1 Run system-view
The NE20E is enabled to parse Option 37 of any format in DHCPv6 Solicit or Request
messages.
----End
Context
When the NE20E is being upgraded, DHCPv6 users cannot detect that the link goes Down
and dial-up again like PPP users. Therefore, these users do not redial to get online. Instead,
the terminal must be restarted to trigger a DHCPv6 request so that the users can obtain IP
addresses to get online again. In the current upgrade solution, the address pool lease time is
shortened at the lease renewal time before the upgrade date. This solution ensures that the
terminal can send lease renewal packets in a shorter period of time after the device is
upgraded to allow DHCPv6 users to get online again.
Using the dhcpv6 upgrade command in the system view to change the address lease for all
DHCP users attached to the device solves these problems.
Procedure
Step 1 Run system-view
Step 2 Run dhcpv6 upgrade preferred-lifetime day [ hour [ minute ] ] valid-lifetime day [ hour
[ minute ] ] [ renew-time-percent renew-time-percent ] [ rebind-time-percent rebind-time-
percent ]
The address lease for all DHCPv6 users attached to the device is configured.
After the dhcpv6 upgrade command is used, the lease configured in the system view takes
effect for new users, online users that need to renew the lease, users using addresses/prefixes
in local and Delegation address pools, and users using addresses/prefixes delivered by a
RADIUS server.
No configuration file will be generated after the dhcpv6 upgrade command is used. To view
the configuration result, run the display dhcpv6 upgrade command. The dhcpv6 upgrade
command becomes invalid after the device restarts.
If a short lease is configured, a large number of users will renew their lease at the same time,
causing high CPU usage. Therefore, configuring a short lease is not recommended unless the
device needs to be upgraded.
----End
Context
After the ip-pool constant-index enable command is used, the index of the IPv4 address
pool, IPv6 prefix pool, or IPv6 address pool does not change after the device restarts. The
constant-index index command is automatically generated in the views of all the IPv4
address pools, IPv6 prefix pools, and IPv6 address pools configured on the device for users to
check the constant value. But the constant-index command cannot be used to change the
automatically generated constant index for an IPv6 prefix pool or IPv6 address pool.
Procedure
Step 1 Run system-view
The constant index function is enabled for IPv4 address pools, IPv6 prefix pools, and IPv6
address pools.
----End
Context
If the mapping between the vendor-class attribute and a DHCPv6 option code is configured in
both system and BAS interface views, the configuration in the BAS interface view takes
effect.
Procedure
l Configure a mapping between the vendor-class attribute and a DHCPv6 option code in
the system view.
a. Run system-view
The mapping between the vendor-class attribute and a DHCPv6 option code as well
as the offset value are configured. After the configuration is complete, the BRAS
uses the offset value to obtain the desired contents in the Value field of the DHCPv6
option.
l Configure a mapping between the vendor-class attribute and a DHCPv6 option code in
the BAS interface view.
a. Run system-view
You can configure an interface as the BAS interface by running the bas command
in the interface view. You can configure an Ethernet interface or its sub-interface, a
VE interface or its sub-interface, an ATM interface or its sub-interface, or an Eth-
Trunk interface or its sub-interface as a BAS interface.
d. Run access-type layer2-subscriber [ default-domain { [ authentication [ force |
replace ] dname ] [ pre-authentication predname ] } ]
The access type is set to Layer 2 subscriber access and the attributes of this access
type are configured.
The access type is set to Layer 3 subscriber access and the attributes of this access
type are configured.
When setting the access type on the BAS interface, you can set the service attributes
of the access users at the same time. You can also set these attributes in later
configurations.
The access type cannot be configured on the Ethernet interface that is added to an
Eth-Trunk interface. You can configure the access type of such an Ethernet interface
only on the associated Eth-Trunk interface.
e. Run vendor-class dhcpv6 [ option-code option-code | offset offset-length ]*
The mapping between the vendor-class attribute and a DHCPv6 option code as well
as the offset value are configured. After the configuration is complete, the BRAS
uses the offset value to obtain the desired contents in the Value field of the DHCPv6
option.
----End
Context
To implement authentication, authorization, and accounting for users separately, users must
use different IPv6 addresses to go online. This requires the NE20E to detect whether the IPv6
address assigned to a new user conflicts with that of an online user. By default, if the NE20E
detects that the IPv6 address assigned to a new user is the same as the IPv6 address of an
online user, it sends a DHCPv6 Decline message to the DHCPv6 server. Then the new user
cannot go online, but the online user is not affected.
In scenarios in which IPv6 addresses are assigned based on the Option 82 field that carries
physical location information of users and ARP probe is not configured, the online user is
required to go offline to allow the new user to go online. For example, if a CPE is replaced,
users attached to the old CPE will switch to the new CPE to go online. As their physical
location information remains the same, they will be assigned the same IPv6 addresses as
before. However, if the previous IPv6 address lease has not expired, the user information is
retained. Therefore, the NE20E considers that the users are already online and discards the
user packets sent from the new CPE. Subsequently, the users fail to go online through the new
CPE. To allow the users to go online through the new CPE, configure the NE20E to delete the
previous user information and deny new user access so that the users can be triggered to go
online again.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dhcpv6 conflict-ip-address offline user [ include framed-ipv6 ]
The NE20E is configured to log out an online user and deny access of a new user if it detects
that the IPv6 address assigned to the new user from a remote address pool or by the RADIUS
server is the same as the IPv6 address of the online user.
Step 3 Run commit
The configuration is committed.
----End
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dhcpv6 option-priority radius domain pool
The highest, medium, and lowest priorities are configured for the DHCPv6 Option delivered
by the RADIUS server, configured in the domain view, and configured in the address pool
view, respectively.
Step 3 Run commit
----End
Usage Scenario
In DHCPv6(IA_NA) address allocation mode, IA_NA options are used to carry IA addresses
to be allocated.
DHCPv 6(IA_NA)
Access Backbone
network network
HOST CPE
Device
The host initiates a connection request and the CPE transparently forwards the connection
request packet. The NE20E uses DHCPv6 (IA_NA) to allocate IPv6 addresses to the host.
Pre-configuration Tasks
Before configuring DHCPv6 address allocation, enable IPv6.
Configuration Procedures
Mandatory
Optional
Context
When a device acts as a DHCPv6 relay agent, refer to the configuration of 6.4 Configuring a
DHCPv6 Relay Agent on the User Side.
When a device acts as a DHCPv6 server, perform the following operations to allow Layer 3
DHCPv6 users to request for IPv6 addresses from an IPv6 relay address pool.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ipv6 prefix prefix-name local
An IPv6 prefix pool is created, and the IPv6 prefix pool view is displayed.
The address pool is of the relay type, and the prefix pool must be configured as the local
mode.
Step 3 Run prefix prefix-address/prefix-length
An IPv6 address prefix is configured.
Step 4 Run quit
The system view is displayed.
Step 5 Run ipv6 pool pool-name bas relay
An IPv6 address pool is created, and the IPv6 address pool view is displayed.
Step 6 Run prefix prefix-name
The IPv6 address pool is bound to the IPv6 prefix pool.
----End
Context
Stateful address allocation (M=1) should be configured for IA_NA and IA_NA+IA_PD
address allocation modes.
If the M flag is 1, the clients need to obtain IPv6 addresses and other configuration
information in stateful mode.
NOTE
l For PPPoE users, the domain configuration determines whether stateful or stateless configuration
should be adopted.
l For IPoE users, the interface configuration determines whether stateful or stateless address
configuration should be adopted.
Procedure
l Configure the state of address allocation on an interface.
a. Run system-view
a. Run bas
The router is enabled to send RA packets that carry unicast destination IP addresses
in response to IPoEv6 user access requests.
l Configure the state of address allocation in a domain.
a. Run system-view
The IPv6 prefix allocation mode is set to unshared mode. After the configuration,
IPv6 users do not share the same IP prefix.
g. (Optional) Run dhcpv6-follow-ipv6cp wait-delay { time-value| infinity }
The timeout period for waiting for a DHCPv6 connection request is set.
h. (Optional) Run ipv6 nd ra unicast
The router is enabled to send RA packets that carry unicast destination IP addresses
in response to PPPv6 user access requests.
l Run commit
----End
Procedure
l Run the display ipv6 pool [ pool-name ] command to check the IPv6 address pool
configurations.
l Run the display ipv6 prefix [ prefix-name [ all | used ] ] command to check the IPv6
prefix pool configurations.
l Run the display domain [ domain-name ] command to check the domain configurations.
l Run the display ipv6-pool pool-usage [ domain domain-name | pool-name [ pool-
name ] ] command to check information about the usage of the address pool.
l Run the display ipv6-pool max-usage { pool [ pool-name ] | domain [ domain-name ] }
command in any view to check the historical maximum usage of addresses in an IPv6
address pool.
l Run the display ipv6-pool max-ratio domain command to check information about
IPv6 address pool or prefix pool usage in all domains on the device.
l Run the display ipv6-pool pool-usage { upper-threshold | lower-threshold | all-
threshold } command to check information about domains whose IPv6 address pool or
prefix pool usage exceeds a specified threshold.
----End
Usage Scenario
In DHCPv6 prefix allocation, the IA_PD option is used to carry IA prefixes.
IA-PD
Access Backbone
network network
HOST CPE
unnumbered Device
The CPE initiates a connection request, and the NE20E uses DHCPv6 (IA_PD) to allocate
prefixes to the CPE and the CPE allocates the prefixes to the attached host for the host to
generate IPv6 addresses.
Pre-configuration Tasks
Before configuring PD (IA_PD) prefix allocation, enable IPv6.
Context
PD(IA_PD) prefix allocation is used, and NE20E acts as a delegating router. For details, refer
to the configuration of 6.5 Configuring a Delegating Router.
When NE20E acts as a DHCPv6 relay agent, refer to the configuration of 6.4 Configuring a
DHCPv6 Relay Agent on the User Side.
Procedure
l Run the display ipv6 pool [ pool-name ] command to check the IPv6 address pool
configurations.
l Run the display ipv6 prefix [ prefix-name [ all | used ] ] command to check the IPv6
prefix pool configurations.
l Run the display domain [ domain-name ] command to check the domain configurations.
l Run the display ipv6-pool pool-usage [ domain domain-name | pool-name [ pool-
name ] ] command to check information about the usage of the address pool.
l Run the display ipv6-pool max-ratio domain command to check information about
IPv6 address pool or prefix pool usage in all domains on the device.
l Run the display ipv6-pool pool-usage { upper-threshold | lower-threshold | all-
threshold } command to check information about domains whose IPv6 address pool or
prefix pool usage exceeds a specified threshold.
----End
Usage Scenario
The NE20E uses DHCPv6 to allocate addresses to the WAN interfaces on the CPE and uses
PD to allocate the prefixes to the CPE working in numbered mode. The CPE sends the
prefixes to Home LANs.
IA-PD
Access Backbone
network network
HOST CPE
numbered Device
The CPE initiates a connection request, and the NE20E uses DHCPv6 (IA_NA) to allocate
IPv6 addresses to the WAN interfaces on the CPE and uses DHCPv6 (IA_PD) to allocate
prefixes to the CPE and the CPE allocates the prefixes to the attached host for the host to
generate IPv6 addresses.
Pre-configuration Tasks
Before configuring DHCPv6(IA_NA+IA_PD) address allocation, complete the following
tasks:
Context
When IA_NA is used to allocate addresses to the WAN interfaces on the CPE, refer to the
configuration of 6.7 Configuring DHCPv6 (IA_NA) Address Allocation.
When DHCPv6 (IA_PD) is used to allocate prefixes to the CPE, refer to the configuration of
6.8 Configuring DHCPv6 (IA_PD) Prefix Allocation.
NOTE
In IA_NA+IA_PD address allocation, a DNS server must be configured for both the address pool for
IA_NA address allocation and the address pool for IA_PD address allocation.
Context
Stateful address allocation (M=1) should be configured for IA_NA and IA_NA+IA_PD
address allocation modes.
If the M flag is 1, the clients need to obtain IPv6 addresses and other configuration
information in stateful mode.
NOTE
l For PPPoE users, the domain configuration determines whether stateful or stateless configuration
should be adopted.
l For IPoE users, the interface configuration determines whether stateful or stateless address
configuration should be adopted.
Procedure
l Configure the state of address allocation on an interface.
a. Run system-view
a. Run bas
The router is enabled to send RA packets that carry unicast destination IP addresses
in response to IPoEv6 user access requests.
l Configure the state of address allocation in a domain.
a. Run system-view
b. Run aaa
The IPv6 prefix allocation mode is set to unshared mode. After the configuration,
IPv6 users do not share the same IP prefix.
g. (Optional) Run dhcpv6-follow-ipv6cp wait-delay { time-value| infinity }
The timeout period for waiting for a DHCPv6 connection request is set.
h. (Optional) Run ipv6 nd ra unicast
The router is enabled to send RA packets that carry unicast destination IP addresses
in response to PPPv6 user access requests.
l Run commit
----End
Procedure
l Run the display ipv6 pool [ pool-name ] command to check the IPv6 address pool
configurations.
l Run the display ipv6 prefix [ prefix-name [ all | used ] ] command to check the IPv6
prefix pool configurations.
l Run the display domain [ domain-name ] command to check the domain configurations.
l Run the display ipv6-pool pool-usage [ domain domain-name | pool-name [ pool-
name ] ] command to check information about the usage of the address pool.
l Run the display ipv6-pool max-ratio domain command to check information about
IPv6 address pool or prefix pool usage in all domains on the device.
l Run the display ipv6-pool pool-usage { upper-threshold | lower-threshold | all-
threshold } command to check information about domains whose IPv6 address pool or
prefix pool usage exceeds a specified threshold.
----End
Usage Scenario
NDRA address allocation is implemented using Stateless Address Autoconfiguration
(SLAAC).
The NE20E allocates only the 64-bit IPv6 prefixes. The 64-bit interface ID is generated by the
client itself.
NDRA
Access Backbone
network network
HOST CPE
Device
The host initiates a connection request, and the CPE transparently forwards the connection
request packet. The NE20E uses NDRA to allocate IPv6 addresses to the host.
NOTE
If NDRA address allocation is configured for IPoXv6 users, only unshared IPv6 prefixes support to
allocate .
Pre-configuration Tasks
Before configuring NDRA address allocation, complete the following tasks:
Configuring the CPE working mode as bridging mode
Enabling IPv6
Configuration Procedures
Context
l Prefix configuration
Only one prefix and one mask can be configured for a local prefix pool. The mask length
ranges from 1 bit to 128 bits.
l Prefix locking configuration
After a prefix pool is locked, the leases of prefixes that have been allocated cannot be
extended and new addresses cannot be allocated.
l Address conflict resolution configuration
If an IPv6 address status conflict is resolved, the address can be allocated to another user.
l Binding an IPv6 prefix pool to a VPN instance
After a prefix pool is bound to a VPN instance, prefixes in the prefix pool can be
allocated to VPN users.
l Prefix lease configuration
A preferred prefix lifetime and valid prefix lifetime can be configured. The default value
for the preferred prefix lifetime is 2 days, and the default value for the valid prefix
lifetime is 3 days. The preferred prefix lifetime is used to limit the lease renewal time
and rebinding time. By default, the lease renewal time accounts for 50% of the preferred
prefix lifetime, and rebinding time accounts for 80% of the preferred lifetime. The valid
prefix lifetime specifies the validity period in which an address can be used.
l Address reservation configuration
Addresses in the local prefix pool have four reservation types:
– 1: MAC reservation
– 2: MAC+lease-based reservation
– 3: DUID reservation
– 4: DUID+lease-based reservation
l Address withdrawal
The address of an offline user can be withdrawn using the command.
l Exclusive prefix pool configuration
The delegation prefix pool can be used to allocate unshared prefixes to ND users or
prefixes only to DHCPv6 (IA_PD) users.
l Prefix exclusion
In complex network planning, some IPv6 prefixes cannot be allocated to users.
l Address exclusion
In complex network planning, some IPv6 addresses cannot be allocated to users.
Perform the following steps on the NE20E.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ipv6 prefix prefix-name [ local | delegation ]
An IPv6 prefix pool is created and the IPv6 prefix pool view is displayed.
l The local prefix pool is used to allocate shared prefixes to ND users.
l The delegation prefix pool can allocate unshared prefixes to ND users. The delegation
prefix pool configured with slaac-unshare-only enjoys a higher priority.
Step 3 (Optional) Run slaac-unshare-only
The delegation prefix pool can be used only in stateless address allocation mode.
After this command is run, the delegation prefix pool no longer allocates prefixes when
receiving a DHCPv6 IAPD packet from the clients applying for addresses. In addition, the
delegation prefix pool configured with this command takes precedence over those without this
configuration.
Step 4 Run prefix prefix-address/prefix-length [ delegating-prefix-length delegating-prefix-length ]
IPv6 prefixes are configured.
The assignable prefix length is the length of the IPv6 prefix that a delegating router allocates
to the requesting router. The assignable prefix length in a prefix pool must be greater than or
equal to the prefix length configured in the prefix pool. Otherwise, the prefix pool cannot
allocate prefixes to users.
Step 5 (Optional) Run excluded-ipv6-address start-ipv6-address [ end-ipv6-address ]
A specified IPv6 address is prohibited.
The prohibited IPv6 address must be in the assignable range of the prefix pool. When the end
IPv6 address is not specified, only the start IPv6 address is prohibited.
Step 6 (Optional) Run excluded-ipv6-prefix start-ipv6-prefix/prefix-length [ end-ipv6-prefix/prefix-
length ]
A specified IPv6 prefix is prohibited.
The prohibited IPv6 prefix must be in the assignable range of the prefix pool. When the end
IPv6 prefix is not specified, only the start IPv6 prefix is prohibited.
No prefix in the locked IPv6 prefix pool can be allocated, preventing new users from getting
online using the IPv6 prefix pool.
This command applies to a scenario where the IPv6 prefix pool cannot be deleted because it is
being used by online users. Lock the IPv6 prefix pool first to stop it from allocating prefixes.
The prefixes in the IPv6 prefix pool will be released when the users get offline. Then the IPv6
prefix pool can be deleted.
Step 9 (Optional) Run lifetime preferred-lifetime { days days-value [ hours hours-value [ minutes
minutes-value ] ] | infinite } valid-lifetime { days days-value [ hours hours-value [ minutes
minutes-value ] ] | infinite }
The preferred lifetime and valid lifetime of IPv6 prefixes are configured.
preferred-lifetime of the IPv6 prefixes in the command is used by the system to calculate the
lease renewal time and rebinding time of the IPv6 prefix pool. The time must be no less than
1 minute. The default value is 2 days.
valid-lifetime specifies the validity period of the prefixes. The users using the prefixes will be
logged off after the validity period expires. The valid-lifetime must be no less than 1 minute,
nor less than the preferred prefix lifetime. The default value is 3 days.
The reservation type for the IPv6 addresses in a local address pool is configured.
----End
Context
l Prefix binding
A prefix pool can be bound to only one address pool. Similarly, an address pool can be
bound to only one prefix pool. Table 6-2 shows the binding between address pools and
prefix pools.
l Priority configuration
Among address pools of the same type, the greater the value of pool, the higher its
priority.
In NDRA address allocation mode, BAS local address pools are used to allocate shared
prefixes, while BAS delegation address pools are used to allocate unshared prefixes. A
BAS delegation address pool configured with slaac-unshare-only takes precedence over
other BAS delegation address pools.
l Address pool binding configuration
An IPv6 address pool whose addresses are in use cannot be deleted. To delete an IPv6
address pool, first run the lock command in the IPv6 address pool view to lock the pool
and then delete it after all online users have logged out.
l DNS suffix configuration
Only one domain name suffix can be set for an IPv6 address pool.
l DNS server configuration
A maximum of two DNS servers can be bound to an IPv6 address pool.
l Address lease configuration
If an IPv6 address pool has been bound to a domain, the address lease cannot be
changed.
Procedure
Step 1 Run system-view
The timeout period for a router to wait for a Request message from a client in response to an
Advertise message sent to the client is set.
An IPv6 address pool is created and the IPv6 address pool view is displayed.
NOTE
The parameter remote is controlled by the PAF file. It is disabled by default. That is, the ipv6 pool bas
remote cannot be configured by default.
A DNS server is specified for an IPv6 address pool. An IPv6 address is used to specify a DNS
server.
A lease renewal time and rebinding time are set for the IPv6 address pool.
By default, the renewal time for an IPv6 address pool is 50% of the preferred lifetime and the
rebinding time is 80% of the preferred lifetime.
IPv6 address pool statistics include those about users sharing the prefix pool.
The timeout period for a router to wait for a Request message from a client in response to an
Advertise message sent to the client is set.
NOTE
The wait-request-time time-value command is run in the IP address pool view whereas the access wait-
request-time dhcpv6 time-value command is run in the system view. If the two commands are both run,
the wait-request-time time-value command takes effect.
----End
Prerequisites
The address pool to be bound has been created and bound to a prefix pool.
Context
Perform the following steps on router.
Procedure
Step 1 Run system-view
The IPv6 local address pool or the delegation address pool is bound to the domain.
----End
Context
Stateless address allocation (M=0) should be configured for NDRA and NDRA+IA_PD
address allocation modes. By default, the M flag is 0, you need not configuration.
NOTE
l For PPPoE users, the domain configuration determines whether stateful or stateless configuration
should be adopted.
l For IPoE users, the interface configuration determines whether stateful or stateless address
configuration should be adopted.
If the M flag is 0, and the O flag is 1, the clients need to obtain other configuration
information except IPv6 addresses in stateful mode.
Perform the following steps on router.
Procedure
l State of the interface
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run undo ipv6 nd autoconfig managed-address-flag
Stateless address allocation mode is enabled.
d. Run ipv6 nd autoconfig other-flag
The O flag is set to 1 to enable stateful mode.
l State of the domain
a. Run system-view
The system view is displayed.
b. Run aaa
The AAA view is displayed.
c. Run domain domain-name
A domain is created and the AAA view is displayed.
d. Run undo ipv6 nd autoconfig managed-address-flag
Stateless address allocation is configured for PPPoX users.
e. Run ipv6 nd autoconfig other-flag { ndra | dhcpv6 }
The O flag is set.
f. Run prefix-assign-mode unshared
The IPv6 prefix allocation mode is set to unshared mode. After the configuration,
IPv6 users do not share the same IP prefix.
g. Run dhcpv6-follow-ipv6cp wait-delay time-value
The timeout period for waiting for a DHCPv6 connection request is set.
l Run commit
The configuration is committed.
----End
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ip-pool constant-index enable
The constant index function is enabled for IPv4 address pools, IPv6 prefix pools, and IPv6
address pools.
Step 3 Run commit
The configuration is committed.
----End
Context
An IPv6 address pool with an in-use IPv6 address cannot be deleted. Therefore, configure the
drain function to lock the IPv6 address pool before you delete the address pool. After an IPv6
address pool is locked using the lock drain command, DHCP Renew or Rebind messages
from online users will be discarded. The IPv6 address pool can be deleted after all online
users using the address pool go offline upon lease expiry. If you only need to disable an IPv6
address pool so that the address pool will not be used to assign IPv6 addresses to new users
but online users can still use assigned IPv6 addresses, configure the lock function to lock the
address pool using the lock command.
Perform the following steps on the router.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ipv6 pool pool-name [ bas { local | remote | delegation | relay } ]
The IPv6 address pool view is displayed.
This command does not take effect for ND users in remote address pool scenarios.
b. Run commit
The configuration is committed.
l Configure the lock function to lock the IPv6 address pool.
a. Run lock
The IPv6 address pool is locked so that the address pool cannot be used to assign
IPv6 addresses to new users but Renew or Rebind messages from online users can
still be processed.
b. Run commit
The configuration is committed.
----End
Procedure
l Run the display ipv6 pool [ pool-name ] command to check information about the IPv6
address pool.
l Run the display ipv6 prefix [ prefix-name [ all | used ] ] command to check information
about the prefix pool.
l Run the display domain [ domain-name ] command to check information about the
domain.
l Run the display ipv6-pool pool-usage [ domain domain-name | pool-name [ pool-
name ] ] command to check information about the usage of the address pool.
l Run the display ipv6-pool max-usage { pool [ pool-name ] | domain [ domain-name ] }
command in any view to check the historical maximum usage of addresses in an IPv6
address pool.
l Run the display ipv6-pool max-ratio domain command to check information about
IPv6 address pool or prefix pool usage in all domains on the device.
l Run the display ipv6-pool pool-usage { upper-threshold | lower-threshold | all-
threshold } command to check information about domains whose IPv6 address pool or
prefix pool usage exceeds a specified threshold.
----End
Usage Scenario
The CPE sends a DHCPv6 packet only carrying the IA_PD option to allocate IPv6 prefixes to
Home LANs; the NE20E uses an RA packet to send the IPv6 prefixes allocated to the WAN
interfaces on the CPE to the CPE to generate IPv6 addresses.
NDRA+IA-PD
Access Backbone
network network
HOST CPE
numbered Device
The CPE initiates a connection request, and the NE20E uses NDRA to allocate IPv6
addresses to the WAN interfaces on the CPE and uses DHCPv6 (IA_PD) to allocate prefixes
to the CPE and the CPE allocates the prefixes to the attached host for the host to generate
IPv6 addresses.
Pre-configuration Tasks
Before configuring NDRA+DHCPv6 (IA_PD) address allocation, complete the following
tasks:
Setting the CPE working mode to numbered routing mode
Enabling IPv6 on interfaces
Context
When NDRA is used to allocate addresses to the WAN interfaces on the CPE, refer to the
configuration of 6.10 Configuring NDRA Address Allocation.
When DHCPv6(IA_PD) is used to allocate prefixes to the CPE, refer to the configuration of
6.8 Configuring DHCPv6 (IA_PD) Prefix Allocation.
NOTE
In NDRA+IA_PD address allocation, a DNS server must be configured for both the address pool for
NDRA address allocation and the address pool for IA_PD address allocation.
Context
Stateless address allocation (M=0) should be configured for NDRA and NDRA+IA_PD
address allocation modes. By default, the M flag is 0, you need not configuration.
NOTE
l For PPPoE users, the domain configuration determines whether stateful or stateless configuration
should be adopted.
l For IPoE users, the interface configuration determines whether stateful or stateless address
configuration should be adopted.
If the M flag is 0, and the O flag is 1, the clients need to obtain other configuration
information except IPv6 addresses in stateful mode.
Perform the following steps on router.
Procedure
l State of the interface
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run undo ipv6 nd autoconfig managed-address-flag
Stateless address allocation mode is enabled.
d. Run ipv6 nd autoconfig other-flag
The O flag is set to 1 to enable stateful mode.
l State of the domain
a. Run system-view
The system view is displayed.
b. Run aaa
The AAA view is displayed.
c. Run domain domain-name
A domain is created and the AAA view is displayed.
The IPv6 prefix allocation mode is set to unshared mode. After the configuration,
IPv6 users do not share the same IP prefix.
g. Run dhcpv6-follow-ipv6cp wait-delay time-value
The timeout period for waiting for a DHCPv6 connection request is set.
l Run commit
----End
Procedure
l Run the display ipv6 pool [ pool-name ] command to check the IPv6 address pool
configurations.
l Run the display ipv6 prefix [ prefix-name [ all | used ] ] command to check the IPv6
prefix pool configurations.
l Run the display domain [ domain-name ] command to check the domain configurations.
l Run the display ipv6-pool pool-usage [ domain domain-name | pool-name [ pool-
name ] ] command to check information about the usage of the address pool.
l Run the display ipv6-pool max-ratio domain command to check information about
IPv6 address pool or prefix pool usage in all domains on the device.
l Run the display ipv6-pool pool-usage { upper-threshold | lower-threshold | all-
threshold } command to check information about domains whose IPv6 address pool or
prefix pool usage exceeds a specified threshold.
----End
Context
IPv6 address statistics cannot be restored after they are cleared. Exercise caution when
running the reset ipv6-pool max-ratio domain command.
Procedure
l Run the reset ipv6-pool max-ratio domain command in the user view to clear statistics
about IPv6 address pool usage in all domains on the device.
----End
Networking Requirements
The CPE obtains IPv6 address or prefixes in NDRA+DHCPv6(IA_PD) mode from the
NE20E, and the LAN users attached to the CPE use the prefixes and the interface IDs to
generate IPv6 addresses.
Figure 6-11 Networking diagram of assigning IPv6 prefixes to users from the local delegation
address pool on the user side
NOTE
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VT.
2. Configure the AAA scheme.
3. Configure a RADIUS server group.
4. Configure a prefix pool, an address pool (with the IP address of the DNS server
specified), and the binding between the two.
5. Configure a domain named isp1.
6. Configure a DUID for the DHCPv6 server.
7. Configure interfaces.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Only the configuration procedure for the NE20E is provided.
# Check information about the prefix pool named pre2. You can see that the prefix pool is a
delegation prefix pool with the prefix address being 2011:2022::/62.
<HUAWEI> display ipv6 prefix pre2
-------------------------------------------------------------
Prefix Name : pre2
Prefix Index : 5
Prefix constant index: -
Prefix Type : DELEGATION
Prefix Address : 2011:2022::
Prefix Length : 62
Valid Lifetime : 3 Days 0 Hours 0 Minutes
Preferred Lifetime : 2 Days 0 Hours 0 Minutes
IfLocked : Unlocked
Vpn instance : -
PD Prefix Len : 64
PD Prefix/C-DUID : -
slaac-unshare-only : FALSE
Conflict address : -
Free Prefix Count : 4
Used Prefix Count : 0
Binded Prefix Count (Free): 0
Binded Prefix Count (Used): 0
Reserved Prefix Count: 0
-------------------------------------------------------------
# Check information about the address pool named pool1. You can see that the address pool is
a local address pool at the user side and the address pool is bound to the prefix pool named
pre1.
<HUAWEI> display ipv6 pool pool1
----------------------------------------------------------------------
Pool name : pool1
Pool No : 4
Pool-constant-index :-
Pool type : BAS LOCAL
Preference : 0
Renew time : 50
Rebind time : 80
Status : UNLOCKED
Refresh interval : 0 Days 0 Hours 0 Minutes
Used by domain : 1
Dhcpv6 Unicast : disable
Dhcpv6 rapid-commit: disable
Dns list : -
Dns server master : 3002:3101::2:2
Dns server slave : -
AFTR name : -
----------------------------------------------------------------------
Prefix-Name Prefix-Type
----------------------------------------------------------------------
pre1 LOCAL
----------------------------------------------------------------------
# Check information about the address pool named pool2. You can see that the address pool is
a user-side delegation address pool and the address pool is bound to the local prefix pool
named pre2.
<HUAWEI> display ipv6 pool pool2
----------------------------------------------------------------------
Pool name : pool2
Pool No : 5
Pool-constant-index :-
# Check configurations of the domain isp1. You can see that the domain is bound to IPv6
address pools pool1 and pool2.
<HUAWEI> display domain isp1
------------------------------------------------------------------------------
Domain-name : isp1
Domain-state : Active
Authentication-scheme-name : auth1
Accounting-scheme-name : acct1
Authorization-scheme-name :
Primary-DNS-IP-address : -
Second-DNS-IP-address : -
Web-server-URL-parameter : No
Portal-server-URL-parameter : No
Primary-NBNS-IP-address : -
Second-NBNS-IP-address : -
User-group-name : -
Idle-data-attribute (time,flow) : 0, 60
Install-BOD-Count : 0
Report-VSM-User-Count : 0
Value-added-service : COPS
User-access-limit : 279552
Online-number : 0
Web-IP-address : -
Web-URL : -
Slave Web-IP-address : -
Slave Web-URL : -
Slave Web-auth-server : -
Slave Web-auth-state : -
Portal-server-IP : -
Portal-URL : -
Portal-force-times : 2
PPPoE-user-URL : Disable
IPUser-ReAuth-Time(second) : 300
mscg-name-portal-key : -
Portal-user-first-url-key : -
Ancp auto qos adapt : Disable
RADIUS-server-template : rd1
Two-acct-template : -
HWTACACS-server-template : -
Bill Flow : Disable
Tunnel-acct-2867 : Disabled
Flow Statistic:
Flow-Statistic-Up : Yes
Flow-Statistic-Down : Yes
Source-IP-route : Disable
IP-warning-threshold : -
IPv6-warning-threshold : -
Multicast Forwarding : Yes
Multicast Virtual : No
Multicast-profile ipv6 : -
Max-multilist num : 4
Multicast-profile : -
IPv6-Pool-name : pool1
IPv6-Pool-name : pool2
Quota-out : Offline
Service-type : -
User-basic-service-ip-type : -/-/-
PPP-ipv6-address-protocol : Ndra
IPv6-information-protocol : Stateless dhcpv6
IPv6-PPP-assign-interfaceid : Disable
Trigger-packet-wait-delay : 60s
Peer-backup : enable
------------------------------------------------------------------------------
----End
Configuration Files
l router Configuration Files
#
sysname HUAWEI
#
ipv6
#
dhcpv6 duid 006735f300188253a56a
#
radius-server group rd1
radius-server authentication 10.6.55.55 1550 weight 0
radius-server accounting 10.6.55.55 1551 weight 0
radius-server shared-key-cipher %^%#vS%796FO7%C~pB%CR=q;j}gSCqR-X6+P!.DYI@)%^%
#
interface Virtual-Template1
ppp authentication-mode pap
#
ipv6 prefix pre1 local
prefix 2010:2021::/64
#
ipv6 prefix pre2 delegation
prefix 2011:2022::/62
delegating-prefix-length 63
#
ipv6 pool pool1 bas local
prefix pre1
#
ipv6 pool pool2 bas delegation
prefix pre2
dns-server 3002:3101::2:2
#
aaa
authentication-scheme default0
authentication-scheme default1
authentication-scheme auth1
authentication-mode radius
#
accounting-scheme default0
accounting-scheme default1
accounting-scheme acct1
accounting-mode radius
#
domain isp1
authentication-scheme auth1
accounting-scheme acct1
radius-server group rd1
ipv6-pool pool1
ipv6-pool pool2
#
interface GigabitEthernet0/1/1.1
Networking Requirements
When a DHCPv6 server and clients reside on different links, the Device can function as a
Layer 2 access device to relay user requests for IPv6 addresses or prefixes to the DHCPv6
server.
On the network in Figure 6-12, the requirements are as follows:
l The user accesses the Device in IPoE mode, and the user belongs to the domain isp1.
l The user is assigned an address on the network segment 2660:2321::/64.
l RADIUS authentication and accounting are used.
l The IP address of the RADIUS server is 10.6.55.55. The authentication port number is
1550, and the accounting port number is 1551. The standard RADIUS protocol is used,
with the password it-is-my-secret1.
l The IP address of the DHCPv6 server is 3002:3101::2:2.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure AAA schemes.
2. Configure a RADIUS server group.
3. Configure a DHCPv6 server group.
4. Configure a remote IPv6 prefix pool.
5. Configure a user-side remote address pool and bind the DHCPv6 server group and IPv6
prefix pool to the address pool.
6. Configure an AAA domain to be used as the default authentication domain.
7. Configure a BAS interface.
Data Preparation
To complete the configuration, you need the following data:
l Remote IPv6 prefix pool name
l Remote address pool name
l Assignable IPv6 prefixes and prefix lengths
Procedure
Step 1 Configure AAA schemes on the Device.
# Configure an authentication scheme.
[*Device] aaa
[*Device-aaa] authentication-scheme auth1
[*Device-aaa-authen-auth1] authentication-mode radius
[*Device-aaa-authen-auth1] commit
[~Device-aaa-authen-auth1] quit
Step 4 Configure a remote IPv6 prefix pool named pre1 on the Device.
[*Device] ipv6 prefix pre1 remote
Info:Create a prefix pool
[*Device-ipv6-prefix-pre1] link-address 2660:2321::1/64
[*Device-ipv6-prefix-pre1] dhcpv6-only
[*Device-ipv6-prefix-pre1] commit
[~Device-ipv6-prefix-pre1] quit
NOTE
The dhcpv6-only command allows the IPv6 prefix pool to be used for IPv6 address or prefix assignment only
for DHCPv6 users. If the dhcpv6-only command is not run, the IPv6 prefix pool can be used for both ND and
DHCPv6 users.
Step 5 Configure a user-side remote address pool named pool1 on the Device.
[*Device] ipv6 pool pool1 bas remote
[*Device-ipv6-pool-pool1] prefix pre1
[*Device-ipv6-pool-pool1] dhcpv6-server group server1
[*Device-ipv6-pool-pool1] commit
[~Device-ipv6-pool-pool1] quit
NOTE
l In bind authentication, the user name is automatically generated based on the NE20E's location and
domain name. Therefore, configure a user name based on the generation rule and configure the
password vlan on the RADIUS server.
l For details on the user name generation rule used in bind authentication, see vlanpvc-to-username
in HUAWEI NE20E-S2 Universal Service Router Command Reference.
# Display information about the address pool named pool1. The command output shows that
the address pool is a user-side remote address pool and the address pool is bound to the
remote prefix pool named pre1.
<Device> display ipv6 pool pool1
---------------------------------------------------------------
Pool name : pool1
Pool No : 3
Pool constant index: -
Pool type : BAS REMOTE
RUI-Flag : -
Preference : 255
Renew time : 50
Rebind time : 80
Status : UNLOCKED
Refresh interval : infinite
Used by domain : 1
Dhcpv6 Unicast : disable
Dhcpv6 rapid-commit: disable
Dns list : -
Dns server master : -
Dns server slave : -
AFTR name : -
State : UP
Server down times : 0
----------------------------------------------------------------------
Prefix-Name Prefix-Type
----------------------------------------------------------------------
pre1 REMOTE
---------------------------------------------------------------
----End
Configuration Files
#
ipv6
#
radius-server group rd1
radius-server authentication 10.6.55.55 1550 weight 0
radius-server accounting 10.6.55.55 1551 weight 0
radius-server shared-key-cipher %^%#vS%796FO7%C~pB%CR=q;j}gSCqR-X6+P!.DYI@)%^%
#
dhcpv6-server group server1
dhcpv6-server destination 3002:3101::2:2
#
ipv6 prefix pre1 remote
link-address 2660:2321::1/64
#
ipv6 pool pool1 bas remote
prefix pre1
dhcpv6-server group server1
#
aaa
authentication-scheme default0
authentication-scheme default1
authentication-scheme auth1
authentication-mode radius
#
accounting-scheme default0
accounting-scheme default1
accounting-scheme acct1
accounting-mode radius
#
domain isp1
authentication-scheme auth1
accounting-scheme acct1
radius-server group rd1
ipv6-pool pool1
#
interface GigabitEthernet0/1/1.1
user-vlan 1 20
ipv6 enable
ipv6 address auto link-local
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
bas
#
access-type layer2-subscriber default-domain authentication isp1
authentication-method-ipv6 bind
#
return
Networking Requirements
On the network in Figure 6-13, the Device is a DHCPv6 relay agent, and the remote DHCPv6
server assigns ND prefixes to users. The requirements are as follows:
l The user accesses the Device in IPoE mode through GE 1/0/1.1, and the user belongs to
the domain isp1 and uses bind authentication.
l The user is assigned an address on the network segment 2660:2321::/64.
l RADIUS authentication and accounting are used.
l The IP address of the RADIUS server is 10.6.55.55. The authentication port number is
1550, and the accounting port number is 1551. The standard RADIUS protocol is used,
with the password it-is-my-secret1.
l The IP address of the DHCPv6 server is 3002:3101::2:2.
Figure 6-13 Configuring a remote address pool for ND users' IPv6 address assignment
NOTE
Interface1
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IPv6 packet forwarding on the Device.
2. Configure AAA schemes.
3. Configure a RADIUS server group.
4. Configure a DHCPv6 server group.
5. Configure a remote IPv6 prefix pool.
6. Configure a user-side remote address pool and bind the DHCPv6 server group and IPv6
prefix pool to the address pool.
7. Configure an AAA domain to be used as the default authentication domain.
8. Configure a BAS interface.
Data Preparation
To complete the configuration, you need the following data:
l Remote IPv6 prefix pool name
l Remote address pool name
l Next-hop relay agent's IPv6 address
l Link-address in the prefix pool
NOTE
The remote DHCPv6 server selects an address pool based on the link-address option in packets sent by the
relay agent.
Procedure
Step 1 Configure a DHCPv6 server group.
<Device> system-view
[*Device] dhcpv6-server group group1
[*Device-dhcpv6-server-group-group1] dhcpv6-server destination 3002:3101::2:2
[*Device-dhcpv6-server-group-group1] commit
[~Device-dhcpv6-server-group-group1] quit
NOTE
l In bind authentication, the user name is automatically generated based on the NE20E's location and
domain name. Therefore, configure a user name based on the generation rule and configure the
password vlan on the RADIUS server.
l For details on the user name generation rule used in bind authentication, see vlanpvc-to-username
in HUAWEI NE20E-S2 Universal Service Router Command Reference.
l The interface configurations determine whether IPoE access users use the stateless address
autoconfiguration (M=0) or stateful address autoconfiguration (M=1) mode. If the M flag is 0 and
the O flag is 1, the client uses the stateless address autoconfiguration mode to obtain an IP address
and uses the stateful address autoconfiguration mode to obtain other configuration parameters.
# Display information about the prefix pool named pre1. The command output shows that the
prefix pool is a remote prefix pool.
<Device> display ipv6 prefix pre1
-------------------------------------------------------------
Prefix Name : pre1
Prefix Index : 5
Prefix constant index: -
Prefix Type : REMOTE
Link-Address : 2660:2321::1
Prefix Length : 64
Reserved Type : NONE
IfLocked : Unlocked
Vpn instance : -
Lease manage : false
Reserved Prefix Count: 0
Excluded Prefix Count: 0
-------------------------------------------------------------
# Display information about the address pool named pool1. The command output shows that
the address pool is a user-side remote address pool and the address pool is bound to the
remote prefix pool named pre1.
<Device> display ipv6 pool pool1
---------------------------------------------------------------
Pool name : pool1
Pool No : 3
Pool constant index: -
Pool type : BAS REMOTE
RUI-Flag : -
Preference : 255
Renew time : 50
Rebind time : 80
Status : UNLOCKED
Refresh interval : infinite
Used by domain : 1
Dhcpv6 Unicast : disable
Dhcpv6 rapid-commit: disable
Dns list : -
Dns server master : -
Dns server slave : -
AFTR name : -
State : UP
Server down times : 0
----------------------------------------------------------------------
Prefix-Name Prefix-Type
----------------------------------------------------------------------
pre1 REMOTE
---------------------------------------------------------------
----End
Configuration Files
#
ipv6
#
radius-server group rd1
radius-server authentication 10.6.55.55 1550 weight 0
radius-server accounting 10.6.55.55 1551 weight 0
radius-server shared-key-cipher %^%#vS%796FO7%C~pB%CR=q;j}gSCqR-X6+P!.DYI@)%^%
#
dhcpv6-server group group1
dhcpv6-server destination 3002:3101::2:2
#
ipv6 prefix pre1 remote
link-address 2660:2321::1/64
#
ipv6 pool pool1 bas remote
prefix pre1
dhcpv6-server group group1
#
aaa
authentication-scheme default0
authentication-scheme default1
authentication-scheme auth1
authentication-mode radius
#
accounting-scheme default0
accounting-scheme default1
accounting-scheme acct1
accounting-mode radius
#
domain isp1
authentication-scheme auth1
accounting-scheme acct1
radius-server group rd1
ipv6-pool pool1
prefix-assign-mode unshared
#
interface GigabitEthernet0/1/1.1
user-vlan 1 20
ipv6 enable
ipv6 address auto link-local
bas
#
access-type layer2-subscriber default-domain authentication isp1
authentication-method-ipv6 bind
#
return