HP FlexFabric 11900 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-5258 Software version: Release 2111 and later Document version: 6W100-20140110
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring ARP ··························································································································································· 1 Overview············································································································································································ 1 ARP message format ·······························································································································
Configuration procedure ······································································································································ 22 Verifying the configuration ··································································································································· 23 DHCP overview ·························································································································································· 24 DHCP address a
DHCP relay agent support for Option 82 ·········································································································· 54 DHCP relay agent configuration task list ····················································································································· 54 Enabling DHCP ······························································································································································ 55 Enabling the DHCP relay a
Network requirements ··········································································································································· 79 Configuration procedure ······································································································································ 79 Configuring DNS ······················································································································································· 80 Overview······
Configuring load sharing ······································································································································· 112 Configuration procedure ············································································································································· 112 Load sharing configuration example ························································································································· 112 Network requirem
Configuring a customer-side port ······························································································································· 142 Controlling sending ICMPv6 messages ····················································································································· 143 Configuring the rate limit for ICMPv6 error messages ···················································································· 143 Enabling replying to multicast echo requests ··
DHCPv6 relay agent configuration example ············································································································ 173 Network requirements ········································································································································· 173 Configuration procedure ···································································································································· 173 Verifying the configuration ······
Configuring a GRE over IPv4 tunnel ·························································································································· 212 Configuring a GRE over IPv6 tunnel ·························································································································· 214 Displaying and maintaining GRE ······························································································································· 216 GRE configuration example
Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages. Numbers in the figure refer to field lengths. Figure 1 ARP message format • Hardware type—Hardware address type. The value 1 represents Ethernet.
2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request contains the following information: { Sender IP address and sender MAC address—Host A's IP address and MAC address. { Target IP address—Host B's IP address. { Target MAC address—An all-zero MAC address. All hosts on this subnet can receive the broadcast request, but only the requested host (Host B) processes the request. 3.
Static ARP entry A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry. Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. The device supports the following types of static ARP entries. • Long static ARP entry—It contains the IP address, MAC address, VLAN, and output interface. It is directly used for forwarding packets.
Step 1. Enter system view. Command Remarks system-view N/A • Configure a long static ARP entry: 2. Configure a static ARP entry. arp static ip-address mac-address vlan-id interface-type interface-number [ vpn-instance vpn-instance-name ] • Configure a short static ARP entry: arp static ip-address mac-address [ vpn-instance vpn-instance-name ] Use either command. By default, no static ARP entry is configured.
Setting the maximum number of dynamic ARP entries for a device A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn. When the maximum number is reached, the device stops learning ARP entries. If you set a value lower than the number of existing dynamic ARP entries, the device does not remove the existing entries unless they are aged out.
Setting the aging timer for dynamic ARP entries Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. A dynamic ARP entry that is not updated before its aging timer expires is deleted from the ARP table. To set the aging timer for dynamic ARP entries: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the aging timer for dynamic ARP entries.
Displaying and maintaining ARP IMPORTANT: Clearing ARP entries from the ARP table might cause communication failures. Make sure the entries to be cleared do not affect current communications. Execute display commands in any view and reset commands in user view. Task Command Display ARP entries (in standalone mode). display arp [ [ all | dynamic | multiport | static ] [ slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] Display ARP entries (in IRF mode).
Figure 3 Network diagram Configuration procedure # Create VLAN 10. system-view [Switch] vlan 10 [Switch-vlan10] quit # Add interface Ten-GigabitEthernet 1/0/1 to VLAN 10. [Switch] interface Ten-GigabitEthernet 1/0/1 [Switch-Ten-GigabitEthernet1/0/1] port access vlan 10 [Switch-Ten-GigabitEthernet1/0/1] quit # Create VLAN-interface 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.
Figure 4 Network diagram Configuration procedure # Create VLAN 10. system-view [Switch] vlan 10 [Switch-vlan10] quit # Add Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 to VLAN 10.
IP address MAC address VLAN Interface Aging Type 192.168.1.
Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device. If the IP address is already used, the device is informed of the conflict by an ARP reply. • Inform other devices of a MAC address change.
{ { If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router. If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the interface on the master router in the VRRP group.
To enable IP conflict notification: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable IP conflict notification. arp ip-conflict log prompt By default, IP conflict notification is disabled.
Configuring proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP. • Common proxy ARP—Allows communication between hosts that connect to different Layer-3 interfaces and reside in different broadcast domains.
Task Command Display common proxy ARP status. display proxy-arp [ interface interface-type interface-number ] Display local proxy ARP status. display local-proxy-arp [ interface interface-type interface-number ] Common proxy ARP configuration example Network requirements As shown in Figure 5, Host A and Host D have the same IP prefix and mask, but they are located on different subnets separated by the switch (Host A belongs to VLAN 1, and Host D belongs to VLAN 2).
# Configure the IP address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 # Enable common proxy ARP on VLAN-interface 2. [Switch-Vlan-interface2] proxy-arp enable After the configuration, Host A and Host D can ping each other.
Configuring ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. If you enable ARP snooping on a VLAN, ARP packets received by any interface in the VLAN are redirected to the CPU. The CPU uses the sender IP and MAC addresses of the ARP packets, and receiving VLAN and port to create ARP snooping entries. The aging time and valid period of an ARP snooping entry are 25 minutes and 15 minutes.
Configuring IP addressing This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (DHCP) is beyond the scope of this chapter. The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. NOTE: The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces.
Table 1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at startup for temporary communication. This address is never a valid destination address. A 0.0.0.0 to 127.255.255.255 B 128.0.0.0 to 191.255.255.255 N/A C 192.0.0.0 to 223.255.255.255 N/A D 224.0.0.0 to 239.255.255.255 Multicast addresses. E 240.0.0.0 to 255.255.255.255 Reserved for future use, except for the broadcast address 255.255.255.255.
For example, a Class B network without subnetting can accommodate 1022 more hosts than the same network subnetted into 512 subnets. • Without subnetting—65534 hosts (216 – 2). (The two deducted addresses are the broadcast address, which has an all-one host ID, and the network address, which has an all-zero host ID.) • With subnetting—Using the first nine bits of the host-id for subnetting provides 512 (29) subnets. However, only seven bits remain available for the host ID.
IP address from other interfaces. This is called IP unnumbered and the interface borrowing the IP address is called IP unnumbered interface. You can use IP unnumbered to save IP addresses either when available IP addresses are inadequate or when an interface is brought up only for occasional use. Configuration guidelines Follow these guidelines when you configure IP unnumbered: • An interface cannot borrow an IP address from an unnumbered interface.
Task Command Display brief IP configuration information for the specified or all Layer 3 interfaces. display ip interface [ interface-type [ interface-number ] ] brief IP address configuration example Network requirements As shown in Figure 8, a port in VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.
Verifying the configuration # Ping a host on subnet 172.16.1.0/24 from the switch to check the connectivity. ping 172.16.1.2 Ping 172.16.1.2 (172.16.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 172.16.1.2: icmp_seq=0 ttl=254 time=7.000 ms 56 bytes from 172.16.1.2: icmp_seq=1 ttl=254 time=0.000 ms 56 bytes from 172.16.1.2: icmp_seq=2 ttl=254 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 172.16.1.2: icmp_seq=4 ttl=254 time=2.
DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 9 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent. For more information about the DHCP relay agent, see "Configuring the DHCP relay agent.
IP address allocation process Figure 10 IP address allocation process 1. The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. 2. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message. For related information, see "DHCP message format." 3.
DHCP message format Figure 11 shows the DHCP message format. DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 11 DHCP message format • op—Message type defined in options field. 1 = REQUEST, 2 = REPLY • htype, hlen—Hardware address type and length of the DHCP client. • hops—Number of relay agents a request message traveled.
DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information to clients. Figure 12 DHCP option format Common DHCP options The following are common DHCP options: • Option 3—Router option. It specifies the gateway address. • Option 6—DNS server option. It specifies the DNS server's IP address. • Option 33—Static route option.
The DHCP client can obtain the following information through Option 43: • ACS parameters, including the ACS URL, username, and password. • Service provider identifier, which is acquired by the CPE from the DHCP server and sent to the ACS for selecting vender-specific configurations and parameters. • PXE server address, which is used to obtain the boot file or other control information from the PXE server. 1.
Relay agent option (Option 82) Option 82 is the relay agent option. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server. The administrator can use Option 82 to locate the DHCP client and further implement security control and accounting. The DHCP server can use Option 82 to provide individual configuration policies for the clients.
• RFC 3046, DHCP Relay Agent Information Option • RFC 3442, The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4 30
Configuring the DHCP server Overview The DHCP server is well suited to networks where: • Manual configuration and centralized management are difficult to implement. • IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users must acquire IP addresses dynamically. • Most hosts do not need fixed IP addresses.
a. DHCP matches the client against DHCP user classes in the order they are configured. b. If the client matches a user class, the DHCP server selects an IP address from the address range of the user class. c. If the matching user class has no assignable addresses, the DHCP server matches the client against the next user class. If all the matching user classes have no assignable addresses, the DHCP server selects an IP address from the common address range. d.
NOTE: To make sure correct address allocation, keep the IP addresses used for dynamic allocation in the subnet where the interface of the DHCP server or DHCP relay agent resides as possible as you can. IP address allocation sequence The DHCP server selects an IP address for a client in the following sequence: 1. IP address statically bound to the client's MAC address or ID. 2. IP address that was ever assigned to the client. 3.
Tasks at a glance Perform at least one of the following tasks: • • • • • • • • • • Specifying IP address ranges for a DHCP address pool Specifying gateways for the client Specifying a domain name suffix for the client Specifying DNS servers for the client Specifying WINS servers and NetBIOS node type for the client Specifying BIMS server information for the client Specifying the TFTP server and boot file name for the client Specifying a server for the DHCP client Configuring Option 184 parameters for the
Step 1. Enter system view. 2. Create a DHCP user class and enter DHCP user class view. Command Remarks system-view N/A dhcp class class-name Required for client classification. By default, no DHCP user class exists. Required for client classification. 3. Configure the match rule for the DHCP user class. if-match option option-code [ hex hex-string [ offset offset length length | mask mask ] ] 4. Return to system view. quit N/A 5. Enter address pool view.
request, the DHCP server selects an address from the primary subnet. If no assignable address is found, the server selects an address from the secondary subnets in the order they are configured. In scenarios where the DHCP server and the DHCP clients reside on different subnets and the DHCP clients obtain IP addresses through a DHCP relay agent, the DHCP server needs to use the same address pool to assign IP addresses to clients in different subnets.
Step Command (Optional.) Exclude the specified IP addresses from dynamic allocation globally. 9. dhcp server forbidden-ip start-ip-address [ end-ip-address ] Remarks Except for the IP address of the DHCP server interface, IP addresses in all address pools are assignable by default. To exclude multiple address ranges globally, repeat this step. Configuring a static binding in a DHCP address pool Some DHCP clients, such as a WWW server, need fixed IP addresses.
If you specify gateways in both address pool view and secondary subnet view, DHCP assigns the gateway addresses in the secondary subnet view to the clients on the secondary subnet. If you specify gateways in address pool view but not in secondary subnet view, DHCP assigns the gateway addresses in address pool view to the clients on the secondary subnet. To configure gateways in the DHCP address pool: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter DHCP address pool view.
Specifying WINS servers and NetBIOS node type for the client A Microsoft DHCP client using NetBIOS protocol must contact a WINS server for name resolution. You can specify up to eight WINS servers for such clients in a DHCP address pool. In addition, you must specify a NetBIOS node type for the clients to approach name resolution. There are four NetBIOS node types: • b (broadcast)-node—A b-node client sends the destination name in a broadcast message.
Specifying the TFTP server and boot file name for the client To implement client auto-configuration, you must specify the IP address or name of a TFTP server and the boot file name for the clients, and there is no need to perform any configuration on the DHCP clients. A DHCP client obtains these parameters from the DHCP server, and uses them to contact the TFTP server to get the configuration file used for system initialization. Auto-configuration operates as follows: 1.
Configuring Option 184 parameters for the client To assign calling parameters to DHCP clients with voice service, you must configure Option 184 on the DHCP server. For more information about Option 184, see "Option 184." To configure option 184 parameters in a DHCP address pool: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter DHCP address pool view. dhcp server ip-pool pool-name N/A By default, no primary network calling processor is specified.
Step Command Remarks 2. Enter DHCP address pool view. dhcp server ip-pool pool-name N/A 3. Customize a DHCP option. option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> } By default, no DHCP option is customized.
Step Enable the DHCP server on the interface. 3. Command Remarks dhcp select server By default, the DHCP server on the interface is enabled. Applying an address pool on an interface Perform this task to apply a DHCP address pool on an interface. Upon receiving a DHCP request from the interface, the DHCP server assigns the statically bound IP address and configuration parameters from the address pool that contains the static binding.
Enabling handling of Option 82 Perform this task to enable the DHCP server to handle Option 82. Upon receiving a DHCP request that contains Option 82, the DHCP server adds Option 82 into the DHCP response. If you disable the DHCP to handle Option 82, it does not add Option 82 into the response message. You must enable handling of Option 82 on both the DHCP server and the DHCP relay agent to ensure correct processing for Option 82.
To configure the DHCP server to ignore BOOTP requests: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the DHCP server to ignore BOOTP requests. dhcp server bootp ignore By default, the DHCP server processes BOOTP requests. Configuring the DHCP server to send BOOTP responses in RFC 1048 format Not all BOOTP clients can send requests that are compatible with RFC 1048.
Displaying and maintaining the DHCP server IMPORTANT: A restart of the DHCP server or execution of the reset dhcp server ip-in-use command deletes all lease information. The DHCP server denies any DHCP request for lease extension, and the client must request an IP address again. Execute display commands in any view and reset commands in user view. Task Command Display information about IP address conflicts.
0030-3030-662e-6532-3439-2e38-3035-302d-566c-616e-2d69-6e74-6572-6661-6365-32. Figure 16 Network diagram Configuration procedure 1. Specify an IP address for VLAN-interface 2 on Switch A: system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 25 [SwitchA-Vlan-interface2] quit 2. Configure the DHCP server: # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2.
Dynamic IP address assignment configuration example Network requirements • As shown in Figure 17, the DHCP server (Switch A) assigns IP addresses to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25. • The IP addresses of VLAN-interfaces 10 and 20 on Switch A are 10.1.1.1/25 and 10.1.1.129/25. • In address pool 10.1.1.0/25, configure the address lease duration as ten days and twelve hours, domain name suffix aabbcc.com, DNS server address 10.1.1.2/25, gateway 10.1.1.
# Configure DHCP address pool 1 to assign IP addresses and other configuration parameters to clients in subnet 10.1.1.0/25. [SwitchA] dhcp server ip-pool 1 [SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128 [SwitchA-dhcp-pool-1] expired day 10 hour 12 [SwitchA-dhcp-pool-1] domain-name aabbcc.com [SwitchA-dhcp-pool-1] dns-list 10.1.1.2 [SwitchA-dhcp-pool-1] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-1] nbns-list 10.1.1.
Configuration procedure 1. Specify IP addresses for interfaces on DHCP server and DHCP relay agent. (Details not shown.) 2. Configure DHCP services: # Enable DHCP and configure the DHCP server to handle Option 82. system-view [SwitchB] dhcp enable [SwitchB] dhcp server relay information enable # Enable DHCP server on VLAN-interface10.
Figure 19 Network diagram Configuration procedure 1. Specify IP addresses for the interfaces. (Details not shown.) 2. Configure the DHCP server: # Enable DHCP. system-view [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server [SwitchA-Vlan-interface2] quit # Configure DHCP address pool 0. [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.
3. Enable the network adapter or connect the network cable, release the IP address, and obtain another one on the client. For example, to release the IP address and obtain another one on a Windows XP DHCP client: a. In Windows environment, execute the cmd command to enter the DOS environment. b. Enter ipconfig /release to relinquish the IP address. c. Enter ipconfig /renew to obtain another IP address.
Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 20 shows a typical application of the DHCP relay agent.
Figure 21 DHCP relay agent operation DHCP relay agent support for Option 82 Option 82 records the location information about the DHCP client. It enables the administrator to locate the DHCP client for security and accounting purposes, and to assign IP addresses in a specific range to clients. For more information, see "Relay agent option (Option 82)." If the DHCP relay agent supports Option 82, it handles DHCP requests by following the strategies described in Table 3.
Tasks at a glance (Optional.) Configuring the DHCP relay agent to release an IP address (Optional.) Configuring Option 82 (Optional.) Setting the DSCP value for DHCP packets sent by the DHCP relay agent Enabling DHCP You must enable DHCP to validate other DHCP relay agent settings. To enable DHCP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DHCP. dhcp enable By default, DHCP is disabled.
To specify a DHCP server address on a relay agent: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify a DHCP server address on the relay agent. dhcp relay server-address ip-address By default, no DHCP server address is specified on the relay agent.
Step Command Remarks 2. Enable periodic refresh of dynamic relay entries. dhcp relay client-information refresh enable By default, periodic refresh of dynamic relay entries is enabled. 3. Configure the refresh interval. dhcp relay client-information refresh [ auto | interval interval ] By default, the refresh interval is auto, which is calculated based on the number of total relay entries.
Configuring the DHCP relay agent to release an IP address Configure the relay agent to release the IP address for a relay entry. The relay agent sends a DHCP-RELEASE message to the server and meanwhile deletes the relay entry. Upon receiving the DHCP-RELEASE message, the DHCP server releases the IP address. To configure the DHCP relay agent to release an IP address: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the DHCP relay agent to release an IP address.
Setting the DSCP value for DHCP packets sent by the DHCP relay agent The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. To set the DSCP value for DHCP packets sent by the DHCP relay agent: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the DSCP value for DHCP packets sent by the DHCP relay agent. dhcp dscp dscp-value By default, the DSCP value in DHCP packets sent by the DHCP relay agent is 56.
The DHCP relay agent and server are on different subnets, so configure static or dynamic routing to make them reachable to each other. Perform the configuration on the DHCP server to guarantee the client-server communication. For DHCP server configuration information, see "DHCP server configuration examples." Figure 22 Network diagram DHCP client DHCP client Vlan-int10 10.10.1.1/24 Vlan-int20 10.1.1.2/24 Vlan-int20 10.1.1.
Configuration procedure # Specify IP addresses for the interfaces. (Details not shown.) # Enable DHCP. system-view [SwitchA] dhcp enable # Enable the DHCP relay agent on VLAN-interface 10. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] dhcp select relay # Specify the IP address of the DHCP server. [SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1 # Configure the handling strategies and padding content of Option 82.
Configuring the DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address. The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (including management Ethernet interfaces) and VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be a Windows Server 2000 or Windows Server 2003.
Step 2. 3. Command Remarks Enter interface view. interface interface-type interface-number N/A Configure a DHCP client ID for the interface. dhcp client identifier { ascii string | hex string | mac interface-type interface-number } By default, an interface generates the DHCP client ID based on its MAC address. If the interface has no MAC address, it uses the MAC address of the first Ethernet interface to generate its client ID. DHCP client ID includes ID type and type value.
Step 2. Set the DSCP value for DHCP packets sent by the DHCP client. Command Remarks dhcp dscp dscp-value By default, the DSCP value in DHCP packets sent by the DHCP client is 56. Displaying and maintaining the DHCP client Execute display command in any view. Task Command Display DHCP client information.
Configuration procedure 1. Configure Switch A: # Specify the IP address of VLAN-interface 2. system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 24 [SwitchA-Vlan-interface2] quit # Enable the DHCP service. [SwitchA] dhcp enable # Exclude an IP address from dynamic allocation. [SwitchA] dhcp server forbidden-ip 10.1.1.2 # Configure DHCP address pool 0 and specify the subnet, lease duration, DNS server address, and a static route to subnet 20.1.1.0/24.
T1 will timeout in 3 days 19 hours 48 minutes 43 seconds # Use the display ip routing-table command to display the route information on Switch B. The output shows that a static route to network 20.1.1.0/24 is added to the routing table. [SwitchB] display ip routing-table Destinations : 11 Routes : 11 Destination/Mask Proto 10.1.1.0/24 10.1.1.3/32 Pre Cost NextHop Interface Direct 0 0 10.1.1.3 Vlan2 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 Static 70 0 10.1.1.2 Vlan2 10.1.1.
Configuring DHCP snooping DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes. DHCP snooping does not work between the DHCP server and DHCP relay agent.
Figure 25 Trusted and untrusted ports In a cascaded network as shown in Figure 26, configure each DHCP snooping device's ports connected to other DHCP snooping devices as trusted ports. To save system resources, you can disable the untrusted ports that are not directly connected to DHCP clients from generating DHCP snooping entries.
Table 4 Handling strategies If a DHCP request has… Option 82 No Option 82 Handling strategy DHCP snooping… Drop Drops the message. Keep Forwards the message without changing Option 82. Replace Forwards the message after replacing the original Option 82 with the Option 82 padded according to the configured padding format, padding content, and code type. N/A Forwards the message after adding the Option 82 padded according to the configured padding format, padding content, and code type.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DHCP snooping. dhcp snooping enable By default, DHCP snooping is disabled. 3. Enter interface view of a layer 2 Ethernet interface or a layer 2 aggregate interface. interface interface-type interface-number This interface must connect to the DHCP server. 4. Specify the port as a trusted port. dhcp snooping trust By default, all ports are untrusted ports after DHCP snooping is enabled. 5. Return to system view.
Step Command Remarks 3. Enable DHCP snooping to support Option 82. dhcp snooping information enable By default, DHCP snooping does not support Option 82. 4. (Optional.) Configure a handling strategy for DHCP requests that contain Option 82. dhcp snooping information strategy { drop | keep | replace } By default, the handling strategy is replace. 5. (Optional.) Configure the padding content and code type for the Circuit ID sub-option.
Step Command Remarks By default, no file is specified. 2. Specify a file to save DHCP snooping entries. dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } key ] ] } 3. (Optional.) Manually save DHCP snooping entries to the file. dhcp snooping binding database update now 4. (Optional.) Set the amount of time to wait after a DHCP snooping entry changes before updating the database file.
Step 2. 3. Command Remarks Enter interface view of a layer 2 Ethernet interface or a layer 2 aggregate interface. interface interface-type interface-number N/A Enable MAC address check. dhcp snooping check mac-address By default, MAC address check is disabled. Enabling DHCP-REQUEST attack protection DHCP-REQUEST messages include DHCP lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view of a layer 2 Ethernet interface or a layer 2 aggregate interface. interface interface-type interface-number N/A Set the maximum number of DHCP snooping entries that the interface can learn. dhcp snooping max-learning-num number By default, the number of DHCP snooping entries for an interface to learn is not limited. 3.
Task Command Remarks Display Option 82 configuration information on the DHCP snooping device. display dhcp snooping information { all | interface interface-type interface-number } Available in any view. Display DHCP packet statistics on the DHCP snooping device (in standalone mode). display dhcp snooping packet statistics [ slot slot-number ] Available in any view. Display DHCP packet statistics on the DHCP snooping device (in IRF mode).
Figure 27 Network diagram Configuration procedure # Enable DHCP snooping. system-view [SwitchB] dhcp snooping enable # Configure Ten-GigabitEthernet1/0/1 as a trusted port. [SwitchB] interface Ten-GigabitEthernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-Ten-GigabitEthernet1/0/1] quit # Enable DHCP snooping to record clients' IP-MAC bindings on Ten-GigabitEthernet1/0/2.
Figure 28 Network diagram Configuration procedure # Enable DHCP snooping. system-view [SwitchB] dhcp snooping enable # Configure Ten-GigabitEthernet 1/0/1 as a trusted port. [SwitchB] interface Ten-GigabitEthernet1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-Ten-GigabitEthernet1/0/1] quit # Configure Option 82 on Ten-GigabitEthernet 1/0/2.
Configuring the BOOTP client BOOTP client configuration only applies to Layer 3 Ethernet interfaces (including management Ethernet interfaces) and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application An interface that acts as a BOOTP client can use BOOTP to get information (such as IP address) from the BOOTP server.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure an interface to use BOOTP for IP address acquisition. ip address bootp-alloc By default, an interface does not use BOOTP for IP address acquisition. Displaying and maintaining BOOTP client Execute display command in any view. Task Command Display BOOTP client information.
Configuring DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. The domain name-to-IP address mapping is called a DNS entry. DNS services can be static or dynamic. After a user specifies a name, the device checks the static name resolution table for an IP address.
Figure 29 shows the relationship between the user program, DNS client, and DNS server. The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices. Dynamic domain name resolution allows the DNS client to store latest DNS entries in the dynamic domain name cache.
Figure 30 DNS proxy application A DNS proxy operates as follows: 1. A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy. 2. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution cache after receiving the request. If the requested information is found, the DNS proxy returns a DNS reply to the client. 3.
Figure 31 DNS spoofing application DNS spoofing enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach the DNS server. Without DNS spoofing, the proxy does not answer or forward a DNS request if it cannot find a matching DNS entry and it cannot reach the DNS server. In the network as shown in Figure 31, a host accesses the HTTP server in following these steps: 1.
Tasks at a glance (Optional.) Configuring the DNS trusted interface (Optional.) Specifying the DSCP value for outgoing DNS packets Configuring the IPv4 DNS client Configuring static domain name resolution Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses. Follow these guidelines when you configure static domain name resolution: • On the public network or a VPN, each host name maps to only one IPv4 address.
• You can specify DNS server IPv6 addresses for the public network and up to 1024 VPNs, and specify a maximum of six DNS server IPv6 addresses for the public network or each VPN. • An IPv4 name query is first sent to the DNS server IPv4 addresses. If no reply is received, it is sent to the DNS server IPv6 addresses. • You can specify domain name suffixes for the public network and up to 1024 VPNs, and specify a maximum of 16 domain name suffixes for the public network or each VPN.
Configuring dynamic domain name resolution To send DNS queries to a correct server for resolution, you must enable dynamic domain name resolution and configure DNS servers. A DNS server manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS server configured earlier takes precedence. A name query is first sent to the DNS server that has the highest priority. If no reply is received, it is sent to the DNS server that has the second highest priority, and thus in turn.
A DNS proxy forwards an IPv4 name query first to IPv4 DNS servers, and if no reply is received, it forwards the request to IPv6 DNS servers. The DNS proxy forwards an IPv6 name query first to IPv6 DNS servers, and if no reply is received, it forwards the request to IPv4 DNS servers. To configure the DNS proxy: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DNS proxy. dns proxy enable By default, DNS proxy is disabled.
DNS servers. In some scenarios, the DNS server only responds to DNS requests sourced from a specific IP address. In such cases, you must specify the source interface for the DNS packets so that the device can always uses the primary IP address of the specified source interface as the source IP address of DNS packets. When sending IPv4 DNS request, the device uses the primary IPv4 address of the source interface as the source IP address of the DNS request.
Specifying the DSCP value for outgoing DNS packets The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. To specify the DSCP value for outgoing DNS packets: Step 1. Enter system view. 2. Specify the DSCP value for outgoing DNS packets. Command Remarks system-view N/A • DSCP value for IPv4 DNS packets: By default, the DSCP value for outgoing DNS packets is 0.
Figure 32 Network diagram Configuration procedure # Configure a mapping between host name host.com and IP address 10.1.1.2. system-view [Sysname] ip host host.com 10.1.1.2 # Use the ping host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2. [Sysname] ping host.com Ping host.com (10.1.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 10.1.1.
Configuration procedure Before performing the following configuration, make sure the device and the host can reach each other, and that the IP addresses of the interfaces are configured as shown in Figure 33. 1. Configure the DNS server: The configuration might vary with DNS servers. The following configuration is performed on a PC running Windows Server 2000. a. Select Start > Programs > Administrative Tools > DNS. The DNS server configuration page appears, as shown in Figure 34. b.
Figure 35 Adding a host d. On the page that appears, enter host name host and IP address 3.1.1.1. e. Click Add Host. The mapping between the IP address and host name is created. Figure 36 Adding a mapping between domain name and IP address 2.
# Specify the DNS server 2.1.1.2. system-view [Sysname] dns server 2.1.1.2 # Specify com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 3.1.1.1. [Sysname] ping host Ping host.com (3.1.1.1): 56 data bytes, press CTRL_C to break 56 bytes from 3.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 3.1.1.
Figure 37 Network diagram Configuration procedure Before performing the following configuration, ,make sure Device A, the DNS server, and the host can reach each other and the IPv6 addresses of the interfaces are configured as shown in Figure 37. 1. Configure the DNS server: The configuration might vary with DNS servers. When a PC running Windows Server 2000 acts as the DNS server, see "Dynamic domain name resolution configuration example" for configuration information. 2.
round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms IPv6 DNS configuration examples Static domain name resolution configuration example Network requirements As shown in Figure 38, the device wants to access the host by using an easy-to-remember domain name rather than an IPv6 address. Configure static domain name resolution on the device so that the device can use the domain name host.com to access the host whose IPv6 address is 1::2.
Figure 39 Network diagram Configuration procedure Before performing the following configuration, make sure the device and the host can reach each other, and the IPv6 addresses of the interfaces are configured, as shown Figure 39. 1. Configure the DNS server: The configuration might vary with DNS servers. The following configuration is performed on a PC running Windows Server 2003.
Figure 41 Creating a record d. On the page that appears, select IPv6 Host (AAAA) as the resource record type.
Figure 42 Selecting the resource record type e. Type host name host and IPv6 address 1::1. f. Click OK. The mapping between the IPv6 address and host name is created.
Figure 43 Adding a mapping between domain name and IPv6 address 2. Configure the DNS client: # Specify the DNS server 2::2. system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 1::1.
DNS proxy configuration example Network requirements When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function. As shown in Figure 44: • Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IP address of the real DNS server is 4000::1. • Configure the IP address of the DNS proxy on Device B.
Verifying the configuration # Use the ping host.com command on Device B to verify that the connection between the device and the host is normal and that the translated destination IP address is 3000::1. [DeviceB] ping host.com Ping6(56 data bytes) 2000::1 --> 3000::1, press CTRL_C to break 56 bytes from 3000::1, icmp_seq=0 hlim=128 time=1.000 ms 56 bytes from 3000::1, icmp_seq=1 hlim=128 time=0.000 ms 56 bytes from 3000::1, icmp_seq=2 hlim=128 time=1.000 ms 56 bytes from 3000::1, icmp_seq=3 hlim=128 time=1.
Configuring DDNS Overview DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails. Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers to direct you to the latest IP address mapping to a domain name. DDNS is supported by only IPv4 DNS, and is used to update the mappings between domain names and IPv4 addresses.
Figure 45 DDNS application DNS server IP network HTTP server DDNS client HTTP client DDNS server With the DDNS client configured, a device can dynamically update the latest mapping between its domain name and IP address on the DNS server through DDNS servers. NOTE: The DDNS update process does not have a unified standard but depends on the DDNS server that the DDNS client contacts. DDNS client configuration task list Tasks at a glance (Required.) Configuring a DDNS policy (Required.
DDNS server URL addresses for DDNS update requests ZONEEDIT http://dynamic.zoneedit.com/auth/dynamic.html?host=&dnsto= TZO http://cgi.tzo.com/webclient/signedon.html?TZOName=IPAddress= EASYDNS http://members.easydns.com/dyn/ez-ipupdate.php?action=edit&myip=&host_id = HEIPV6TB http://dyn.dns.he.net/nic/update?hostname=&myip= CHANGE-IP http://nic.changeip.com/nic/update?hostname=&offline=1 NO-IP http://dynupdate.no-ip.
Configuration prerequisites Visit the website of a DDNS service provider, register an account, and apply for a domain name for the DDNS client. When the DDNS client updates the mapping between the domain name and the IP address through the DDNS server, the DDNS server checks whether the account information is correct and whether the domain name to be updated belongs to the account. Configuration procedure To configure a DDNS policy: Step Command Remarks 1. Enter system view. system-view N/A 2.
To apply the DDNS policy to an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Apply the DDNS policy to the interface to update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update.
DDNS configuration examples DDNS configuration example with www.3322.org Network requirements As shown in Figure 46, Switch is a Web server with the domain name whatever.3322.org. Switch acquires the IP address through DHCP. Through DDNS service provided by www.3322.org, Switch informs the DNS server of the latest mapping between its domain name and IP address. Switch uses the DNS server to translate www.3322.org into the corresponding IP address.
# Apply DDNS policy 3322.org to VLAN-interface 2 to enable DDNS update and dynamically update the mapping between domain name whatever.3322.org and the primary IP address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy 3322.org fqdn whatever.3322.org After the preceding configuration is completed, Switch notifies the DNS server of its new domain name-to-IP address mapping through the DDNS server provided by www.3322.
[Switch-ddns-policy-oray.cn] quit # Specify the IP address of the DNS server as 1.1.1.1. [Switch] dns server 1.1.1.1 # Apply the DDNS policy oray.cn to VLAN-interface 2 to enable DDNS update and to dynamically update the mapping between whatever.gicp.cn and the primary IP address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy oray.cn fqdn whatever.gicp.
Basic IP forwarding on the device Upon receiving a packet, the device uses the destination IP address of the packet to find a match from the forwarding information base (FIB) table, and then uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table. Each FIB entry specifies the next hop IP address and output interface for packets destined for a specific subnet or host.
Task Command Display FIB entries.
Configuring load sharing If a routing protocol finds multiple equal-cost best routes to the same destination, the device forwards packets over the equal-cost routes to implement load sharing. Configuration procedure Load sharing can be implemented in one of the following ways: • Per-packet—The device forwards packets over equal-cost routes. • Per-flow—The device forwards flows over equal-cost routes. Packets of one flow travel along the same routes.
Figure 48 Network diagram Configuration procedure # On Switch A, assign Ten-GigabitEthernet 1/0/5 to VLAN 10, and Ten-GigabitEthernet 1/0/6 to VLAN 20. system-view [SwitchA] vlan 10 [SwitchA-vlan10] port Ten-GigabitEthernet 1/0/5 [SwitchA-vlan10] quit [SwitchA] vlan 20 [SwitchA-vlan20] port Ten-GigabitEthernet 1/0/6 [SwitchA-vlan20] quit # On Switch A, configure IP addresses for VLAN-interface 10 and VLAN-interface 20.
# On Switch A, display FIB entries matching the destination IP address 1.2.3.4. dis fib 1.2.3.4 Destination count: 1 FIB entry count: 2 Flag: U:Useable G:Gateway R:Relay F:FRR H:Host B:Blackhole D:Dynamic S:Static Destination/Mask Nexthop Flag OutInterface/Token Label 1.2.3.0/24 10.1.1.2 USGR Vlan10 Null 1.2.3.0/24 20.1.1.2 USGR Vlan20 Null # On Switch A, configure per-flow load sharing based on the source IP address and destination IP address.
Optimizing IP performance A customized configuration can help optimize overall IP performance. This chapter describes various techniques you can use to customize your installation. NOTE: The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
Configuration example Network requirements As shown in Figure 49, the default gateway of the host is the IP address 1.1.1.2/24 of VLAN-interface 3 of the switch. Enable VLAN-interface 2 to forward directed broadcasts destined for the directly connected network. The server can receive directed broadcasts from the host to IP address 2.2.2.255. Figure 49 Network diagram Configuration procedure # Specify an IP address for VLAN-interface 3.
Configuring TCP MSS for an interface The maximum segment size (MSS) option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, it fragments the segment according to the receiver's MSS.
32000, and 65535 bytes. Because the minimum TCP MSS specified by the system is 32 bytes, the actual minimum MTU is 72 bytes. After you enable TCP path MTU discovery, all new TCP connections will detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation. The path MTU uses the following aging mechanism to make sure that the source device can increase the path MTU when the minimum link MTU on the path increases.
Configuring the TCP buffer size Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the size of TCP receive/send buffer. tcp window window-size The default buffer size is 64 KB. Configuring TCP timers You can configure the following TCP timers: • SYN wait timer—TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection.
A device sends ICMP time-exceeded messages by following these rules: { { If a received packet is not destined for the device and the TTL field of the packet is 1, the device sends an ICMP TTL Expired in Transit message to the source. When the device receives the first fragment of an IP datagram destined for it, it starts a timer. If the timer expires before all the fragments of the datagram are received, the device sends an ICMP Fragment Reassembly Timeout message to the source.
Disabling forwarding ICMP fragments Disabling forwarding ICMP fragments can protect your device from ICMP fragments attacks. To disable forwarding ICMP fragments: Step Command Remarks 1. Enter system view. system-view N/A 2. Disable forwarding ICMP fragments. ip icmp fragment discarding By default, forwarding ICMP fragments is enabled.
Step 2. Specify the source address for outgoing ICMP packets. Command Remarks ip icmp source [ vpn-instance vpn-instance-name ] ip-address By default, the device uses the IP address of the sending interface as the source IP address for outgoing ICMP packets. Displaying and maintaining IP performance optimization Execute display commands in any view and reset commands in user view. Task Command Display brief information about RawIP connections (in standalone mode).
Task Command Display UDP traffic statistics (in standalone mode). display udp statistics [ slot slot-number ] Display UDP traffic statistics (in IRF mode). display udp statistics [ chassis chassis-number slot slot-number ] Display ICMP statistics (in standalone mode). display icmp statistics [ slot slot-number ] Display ICMP statistics (in IRF mode). display icmp statistics [ chassis chassis-number slot slot-number ] Clear IP packet statistics (in standalone mode).
Configuring UDP helper Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain. Upon receiving a UDP broadcast packet (the destination address is 255.255.255.
Step Command Remarks 3. Specify a UDP port. udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } By default, no UDP port is specified. 4. Enter interface view. interface interface-type interface-number N/A 5. Specify a destination server. udp-helper server ip-address By default, no destination server is specified. Displaying and maintaining UDP helper Execute display command in any view and reset command in user view.
# Enable UDP helper to forward broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1 # Enable the interface to receive directed broadcasts destined for the directly connected network.
Configuring basic IPv6 settings Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits. NOTE: The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces.
Hierarchical address structure IPv6 uses a hierarchical address structure to speed up route lookup and reduce the IPv6 routing table size through route aggregation. Address autoconfiguration To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration. • Stateful address autoconfiguration enables a host to acquire an IPv6 address and other configuration information from a server (for example, a DHCPv6 server).
NOTE: A double colon can appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents and correctly convert it to zeros to restore a 128-bit IPv6 address. An IPv6 address consists of an address prefix and an interface ID, which are equivalent to the network ID and the host ID of an IPv4 address.
• A loopback address—0:0:0:0:0:0:0:1 (or ::1). It has the same function as the loopback address in IPv4. It cannot be assigned to any physical interface. A node uses this address to send an IPv6 packet to itself. • An unspecified address—0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets. The unspecified address cannot be used as a destination IPv6 address.
interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros. For more information about tunnels, see "Configuring tunneling." On an interface of another type (such as a serial interface)—The EUI-64 address-based interface identifier is generated randomly by the device.
2. After receiving the NS message, Host B determines whether the target address of the packet is its IPv6 address. If yes, Host B learns the link-layer address of Host A, and then unicasts an NA message containing its link-layer address. 3. Host A acquires the link-layer address of Host B from the NA message. Neighbor reachability detection After Host A acquires the link-layer address of its neighbor Host B, Host A can use NS and NA messages to test reachability of Host B as follows: 1.
After the preferred lifetime expires, the node cannot use the generated IPv6 address to establish new connections, but can receive packets destined for the IPv6 address. The preferred lifetime cannot be greater than the valid lifetime.
• RFC 3307, Allocation Guidelines for IPv6 Multicast Addresses • RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture • RFC 4191, Default Router Preferences and More-Specific Routes • RFC 4861, Neighbor Discovery for IP Version 6 (IPv6) • RFC 4862, IPv6 Stateless Address Autoconfiguration IPv6 basics configuration task list Tasks at a glance (Required.
You can configure multiple IPv6 global unicast addresses on an interface. Manually configured global unicast addresses (including EUI-64 IPv6 addresses) take precedence over automatically generated ones. If you manually configure a global unicast address with the same address prefix as an existing global unicast address on an interface, the manually configured one takes effect, but it does not overwrite the automatically generated address.
an Ethernet interface or a VLAN interface), the interface ID is generated based on the MAC address of the interface and is globally unique. An attacker can exploit this rule to identify the sending device easily. To fix the vulnerability, you can configure the temporary address function. With this function, an IEEE 802 interface generates the following addresses: • Public IPv6 address—Includes the address prefix in the RA message and a fixed interface ID generated based on the MAC address of the interface.
An interface can have only one link-local address. To avoid link-local address conflicts, use the automatic generation method. Manual assignment takes precedence over automatic generation. If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated one.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure an IPv6 anycast address. ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast By default, no IPv6 anycast address is configured on an interface. Configuring IPv6 ND This section describes how to configure IPv6 ND.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Set the maximum number of dynamic neighbor entries that the interface can learn. ipv6 neighbors max-learning-num number By default, an interface can learn a maximum of 65536 dynamic neighbor entries. Setting the aging timer for ND entries in stale state ND entries in stale state have an aging timer.
If you use the undo ipv6 nd ra hop-limit unspecified command, the device sets the hop limit value configured by this task in a sent RA message. A host receiving the RA message fills the value into the Hop Limit field of sent IPv6 packets. • To set the hop limit: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the Hop Limit field in the IP header. ipv6 hop-limit value The default setting is 64.
The maximum interval for sending RA messages should be less than (or equal to) the router lifetime in RA messages so the router can be updated by an RA message before expiration. The values of the NS retransmission timer and the reachable time configured for an interface are sent in RA messages to hosts. This interface sends NS messages at the interval of the NS retransmission timer and considers a neighbor reachable within the reachable time. Enabling sending of RA messages Step Command Remarks 1.
Step 6. Set the M flag bit to 1. Command Remarks ipv6 nd autoconfig managed-address-flag By default, the M flag bit is set to 0 and hosts acquire IPv6 addresses through stateless autoconfiguration. 7. Set the O flag bit to 1. ipv6 nd autoconfig other-flag By default, the O flag bit is set to 0 and hosts acquire other configuration information through stateless autoconfiguration. 8. Configure the router lifetime in RA messages.
To configure a customer-side port: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a VLAN interface and enter its view. interface vlan-interface vlan-interface-id If the VLAN interface exists, you directly enter its view. 3. Specify the VLAN interface as a customer-side port. ipv6 nd mode uni By default, a port operates as a network-side port. Controlling sending ICMPv6 messages This section describes how to configure ICMPv6 message sending.
Enabling sending ICMPv6 destination unreachable messages The device sends ICMPv6 destination unreachable messages as follows: • If a packet does not match any route, the device sends a No Route to Destination ICMPv6 error message to the source. • If the device fails to forward the packet because of administrative prohibition (such as a firewall filter or an ACL), the device sends the source a Destination Network Administratively Prohibited ICMPv6 error message.
Enabling sending ICMPv6 redirect messages Upon receiving a packet from a host, the device sends an ICMPv6 redirect message to inform a better next hop to the host when the following conditions are met: • The interface receiving the packet is the interface forwarding the packet. • The selected route is not created or modified by any ICMPv6 redirect message. • The selected route is not a default route. • The forwarded packet does not contain the routing extension header.
Task Command Display IPv6 information about the interface. display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] Display IPv6 prefix information about the interface. display ipv6 interface interface-type interface-number prefix Display neighbor information (in standalone mode). display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ verbose ] Display neighbor information (in IRF mode).
Task Command Display detailed information about IPv6 UDP connections (in IRF mode). display ipv6 udp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Display ICMPv6 traffic statistics (in standalone mode). display ipv6 icmp statistics [ slot slot-number ] Display ICMPv6 traffic statistics (in IRF mode). display ipv6 icmp statistics [ chassis chassis-number slot slot-number ] Display IPv6 TCP traffic statistics (in standalone mode).
Configuration procedure This example assumes that the VLAN interfaces have been created on the switches. 1. Configure Switch A: # Specify a global unicast address for VLAN-interface 2. system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 3001::1/64 [SwitchA-Vlan-interface2] quit # Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default).
Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF00:2 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 25829 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 I
MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 600 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 272 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 I
FF02::1:FF00:1234 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 117 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 117 OutRequests: 83 OutForwDatagrams: 0
--- Ping6 statistics for 2001::15B:E0EA:3524:E791 --1 packet(s) transmitted, 1 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 5.404/5.404/5.404/0.000 ms The output shows that Switch B can ping Switch A and the host. The host can also ping Switch B and Switch A. Troubleshooting IPv6 basics configuration Symptom An IPv6 address cannot be pinged. Solution 1.
DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 56, rapid assignment operates in the following steps: 1. The DHCPv6 client sends a Solicit message that contains a Rapid Commit option to prefer rapid assignment. 2.
Figure 57 Assignment involving four messages Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time. Figure 58 Using the Renew message for address/prefix lease renewal As shown in Figure 58, at T1, the DHCPv6 client sends a Renew message to the DHCPv6 server.
Stateless DHCPv6 Stateless DHCPv6 enables a device that has obtained an IPv6 address/prefix to get other configuration parameters from a DHCPv6 server. The device decides whether to perform stateless DHCP according to the managed address configuration flag (M flag) and the other stateful configuration flag (O flag) in the RA message received from the router during stateless address autoconfiguration.
Configuring the DHCPv6 server Overview A DHCPv6 server can assign IPv6 addresses or IPv6 prefixes to DHCPv6 clients. NOTE: The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
Figure 62 IPv6 prefix assignment Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers, and uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent). A DHCPv6 device adds its DUID in a sent packet.
PD The DHCPv6 server creates a prefix delegation (PD) for each assigned prefix to record the IPv6 prefix, client DUID, IAID, valid lifetime, preferred lifetime, lease expiration time, and IPv6 address of the requesting client. DHCPv6 address pool The DHCP server selects IPv6 addresses, IPv6 prefixes, and other parameters from an address pool, and assigns them to the DHCP clients.
client against the subnets of all address pools, and selects the address pool with the longest-matching subnet. To avoid wrong address allocation, keep the subnet used for dynamic assignment consistent with the subnet where the interface of the DHCPv6 server or DHCPv6 relay agent resides. IPv6 address/prefix allocation sequence The DHCPv6 server selects an IPv6 address/prefix for a client in the following sequence: 1.
Configuration guidelines • An IPv6 prefix can be bound to only one DHCPv6 client. You cannot modify bindings that have been created. To change the binding for a DHCPv6 client, you must delete the existing binding first. • Only one prefix pool can be applied to an address pool. You cannot modify prefix pools that have been applied. To change the prefix pool for an address pool, you must remove the prefix pool application first. • You can apply a prefix pool that has not been created to an address pool.
Configuring IPv6 address assignment Use one of the following methods to configure IPv6 address assignment: Configure a static IPv6 address binding in an address pool: • If you bind a DUID and an IAID to an IPv6 address, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client.
Step 2. Command (Optional.) Specify the IPv6 addresses excluded from dynamic assignment. ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] Remarks By default, all IPv6 addresses except for the DHCPv6 server's IP address in a DHCPv6 address pool are assignable. If the excluded IPv6 address is in a static binding, the address still can be assigned to the client. To exclude multiple IPv6 prefix ranges, repeat this step. Create a DHCPv6 address pool and enter its view.
Step Command Remarks 3. Specify an IPv6 subnet for dynamic assignment. network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] By default, no IPv6 subnet is specified. 4. (Optional.) Specify a DNS server address. dns-server ipv6-address By default, no DNS server address is specified. 5. (Optional.) Specify a domain name suffix. domain-name domain-name By default, no domain name suffix is specified. 6. (Optional.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Enable the DHCPv6 server on the interface. ipv6 dhcp select server By default, the interface discards DHCPv6 packets from DHCPv6 clients. • Configure global address assignment: 4. Configure an address/prefix assignment method. ipv6 dhcp server { allow-hint | preference preference-value | rapid-commit } * Use one of the commands.
Task Command Display information about IPv6 address bindings. display ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ] Display information about IPv6 prefix bindings. display ipv6 dhcp server pd-in-use [ pool pool-name | prefix prefix/prefix-len ] Display packet statistics on the DHCPv6 server. display ipv6 dhcp server statistics [ pool pool-name ] Clear information about IPv6 address conflicts.
Configuration procedure # Specify an IPv6 address for VLAN-interface 2. system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1::1/64 [Switch-Vlan-interface2] quit # Create prefix pool 1, and specify the prefix 2001:0410::/32 with the assigned prefix length 48. [Switch] ipv6 dhcp prefix-pool 1 prefix 2001:0410::/32 assign-len 48 # Create address pool 1. [Switch] ipv6 dhcp pool 1 # In address pool 1, configure subnet 1::/64 where VLAN interface-2 resides.
Prefix pool: 1 Preferred lifetime 86400, valid lifetime 259200 Static bindings: DUID: 00030001ca0006a40000 IAID: Not configured Prefix: 2001:410:201::/48 Preferred lifetime 86400, valid lifetime 259200 DNS server addresses: 2:2::3 Domain name: aaa.com SIP server addresses: 2:2::4 SIP server domain names: bbb.com # Display information about prefix pool 1.
Figure 65 Network diagram Configuration procedure 1. Specify the IPv6 addresses for the interfaces on the DHCPv6 server. (Details not shown.) 2. Enable DHCPv6: # Enable DHCPv6 server on VLAN-interface 10 and VLAN-interface 20.
can use the display ipv6 dhcp server ip-in-use command to display IPv6 addresses assigned to the DHCPv6 clients.
Configuring the DHCPv6 relay agent The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Overview A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters.
Figure 67 Operating process of a DHCPv6 relay agent DHCPv6 client DHCPv6 relay agent DHCPv6 server (1) Solicit (contains a Rapid Commit option) (2) Relay-forward (3) Relay-reply (4) Reply DHCPv6 relay agent configuration task list Tasks at a glance (Required.) Enabling the DHCPv6 relay agent on an interface (Required.) Specifying DHCPv6 servers on the relay agent (Optional.
Step 2. Enter interface view. Command Remarks interface interface-type interface-number N/A By default, no DHCPv6 server is specified. 3. Specify a DHCPv6 server. ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ] If a DHCPv6 server address is a link-local address or multicast address, you must specify an outgoing interface by using the interface keyword in this command. Otherwise, DHCPv6 packets might fail to reach the DHCPv6 server.
DHCPv6 relay agent configuration example Network requirements As shown in Figure 68, configure the DHCPv6 relay agent on Switch A to relay DHCPv6 packets between DHCPv6 clients and the DHCPv6 server. Switch A acts as the gateway of network 1::/64. It sends RA messages to notify the hosts to obtain IPv6 addresses and other configuration parameters through DHCPv6. For more information about RA messages, see "Configuring basic IPv6 settings." Figure 68 Network diagram Configuration procedure 1.
[SwitchA-Vlan-interface3] display ipv6 dhcp relay server-address Interface: Vlan-interface3 Server address Outgoing Interface 2::2 # Display packet statistics on the DHCPv6 relay agent.
Configuring DHCPv6 snooping DHCPv6 snooping works between the DHCPv6 client and server, or between the DHCPv6 client and DHCPv6 relay agent. It guarantees that DHCPv6 clients obtain IP addresses from authorized DHCPv6 servers. Also, it records IP-to-MAC bindings of DHCPv6 clients (called DHCPv6 snooping entries) for security purposes. DHCPv6 snooping does not work between the DHCPv6 server and DHCPv6 relay agent.
Figure 69 Trusted and untrusted ports HP implementation of Option 18 and Option 37 Option 18 for DHCPv6 snooping Option 18, also called the interface-ID option, is used by the DHCPv6 relay agent to determine the interface to use to forward RELAY-REPLY message. In HP implementation, the DHCPv6 snooping device adds Option 18 to the received DHCPv6 request message before forwarding it to the DHCPv6 server. The server then assigns IP address to the client based on the client information in Option 18.
NOTE: The Second VLAN ID field is optional. If the received DHCPv6 request does not contain a second VLAN, Option 18 also does not contain it. DHCPv6 snooping support for Option 37 Option 37, also called the remote-ID option, is used to identify the client. In HP implementation, the DHCPv6 snooping device adds Option 37 to the received DHCPv6 request message before forwarding it to the DHCPv6 server. This option provides client information about address allocation.
Tasks at a glance (Optional. ) Configuring DHCPv6 packet rate limit (Optional.) Enabling DHCPv6-REQUEST check Configuring basic DHCPv6 snooping Follow these guidelines when you configure basic DHCPv6 snooping: • To make sure DHCPv6 clients can obtain valid IPv6 addresses, specify the ports connected to authorized DHCPv6 servers as trusted ports. The trusted ports and the ports connected to DHCPv6 clients must be in the same VLAN.
Step Command Remarks • Enter Layer 2 Ethernet interface 2. view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate N/A interface view: interface bridge-aggregation interface-number 3. Enable support for Option 18. ipv6 dhcp snooping option interface-id enable By default, Option 18 is not supported. 4. (Optional.) Specify the content as the interface ID.
Step 3. (Optional.) Manually save DHCPv6 snooping entries to the database file. 4. (Optional.) Set the amount of time to wait to update the database file after DHCPv6 snooping entry changes. Command Remarks ipv6 dhcp snooping binding database update now DHCPv6 snooping entries are saved to the database file each time this command is executed. The default setting is 300 seconds.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable DHCPv6-REQUEST check. ipv6 dhcp snooping check request-message By default, DHCPv6-REQUEST check is disabled. You can enable the function only on Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.
Task Command Display information about the file that stores DHCPv6 snooping entries. display ipv6 dhcp snooping binding database Display DHCPv6 packet statistics for DHCPv6 snooping (in standalone mode). display ipv6 dhcp snooping packet statistics [ slot slot-number ] Display DHCPv6 packet statistics for DHCPv6 snooping (in IRF mode). display ipv6 dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Clear DHCPv6 snooping entries.
[SwitchB]interface Ten-GigabitEthernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] ipv6 dhcp snooping binding record [SwitchB-Ten-GigabitEthernet1/0/2] quit Verifying the configuration The DHCPv6 client obtains an IPv6 address and other configuration parameters from the authorized DHCPv6 server. You can use the display ipv6 dhcp snooping binding command to display DHCPv6 snooping entries on the authorized DHCPv6 server.
Configuring tunneling Overview Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end. Tunneling refers to the whole process from data encapsulation to data transfer to data de-encapsulation.
physical interface of the tunnel. In the IPv4 header, the source IPv4 address is the IPv4 address of the tunnel source, and the destination IPv4 address is the IPv4 address of the tunnel destination. 3. Upon receiving the packet, Device B de-encapsulates the packet. 4. If the destination address of the IPv6 packet is itself, Device B forwards it to the upper-layer protocol. If not, Device B forwards it according to the routing table.
hexadecimal notation. For example, 1.1.1.1 can be represented by 0101:0101. The IPv4 address identifies a 6to4 network (an IPv6 network where all hosts use 6to4 addresses). The border router of a 6to4 network must have the IPv4 address abcd:efgh configured on the interface connected to the IPv4 network. The subnet number identifies a subnet in the 6to4 network. The subnet number::interface ID uniquely identifies a host in the 6to4 network. 6to4 tunneling uses an IPv4 address to identify a 6to4 network.
Figure 76 IPv4 over IPv4 tunnel Packets traveling through a tunnel undergo encapsulation and de-encapsulation, as shown in Figure 76. • Encapsulation: a. Device A receives an IP packet from an IPv4 host and submits it to the IP protocol stack. b. The IPv4 protocol stack determines how to forward the packet according to the destination address in the IP header. If the packet is destined for the IPv4 host connected to Device B, Device A delivers the packet to the tunnel interface. c.
Figure 77 IPv4 over IPv6 tunnel Packets traveling through a tunnel undergo encapsulation and de-encapsulation, as shown in Figure 77. • Encapsulation: a. Upon receiving an IPv4 packet, Device A delivers it to the IPv4 protocol stack. b. The IPv4 protocol stack uses the destination address of the packet to determine the egress interface. If the egress interface is the tunnel interface, the IPv4 protocol stack delivers the packet to the tunnel interface. c.
Figure 78 Principle of IPv6 over IPv6 tunneling Figure 78 shows the encapsulation and de-encapsulation processes. • Encapsulation: a. After receiving an IPv6 packet, Device A submits it to the IPv6 protocol stack. b. The IPv6 protocol stack uses the destination IPv6 address of the packet to find the egress interface. If the egress interface is the tunnel interface, the stack delivers it to the tunnel interface. c.
Tasks at a glance Perform one of the following tasks: • Configuring an IPv6 over IPv4 tunnel: { Configuring an IPv6 over IPv4 manual tunnel { Configuring a 6to4 tunnel { Configuring an ISATAP tunnel • Configuring an IPv4 over IPv4 tunnel • Configuring an IPv4 over IPv6 tunnel • Configuring an IPv6 over IPv6 tunnel Configuring a tunnel interface Configure a Layer 3 virtual tunnel interface on each device on a tunnel so that devices at both ends can send, identify, and process packets from the tunnel.
Step 5. (Optional.) Specify a service card for forwarding the traffic on the tunnel interface (in IRF mode). Command Remarks service chassis chassis-number slot slot-number By default, no IRF member device or service card is specified. The default MTU is 64000 bytes. 6. Set the MTU of the tunnel interface. mtu mtu-size Set an appropriate MTU to avoid fragmentation. The MTU for the tunnel interface applies only to unicast packets.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 over IPv4 manual tunnel interface view. interface tunnel number [ mode ipv6-ipv4 ] N/A 3. Specify an IPv6 address for the tunnel interface. For configuration details, see "Configuring basic IPv6 settings." No IPv6 address is configured for the tunnel interface by default. 4. Configure a source address or source interface for the tunnel interface.
Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. • Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101.
[SwitchB-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchB-Ten-GigabitEthernet1/0/3] quit # Configure an IPv6 over IPv4 manual tunnel interface tunnel 0. [SwitchB] interface tunnel 0 mode ipv6-ipv4 # Specify an IPv6 address for the tunnel interface. [SwitchB-Tunnel0] ipv6 address 3001::2/64 # Specify VLAN-interface 100 as the source interface of the tunnel interface.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter 6to4 tunnel interface view. interface tunnel number [ mode ipv6-ipv4 6to4 ] N/A 3. Specify an IPv6 address for the tunnel interface. For configuration details, see "Configuring basic IPv6 settings." No IPv6 address is configured for the tunnel interface by default. By default, no source address or source interface is configured for the tunnel interface. Configure a source address or source interface for the tunnel interface.
• The IPv4 address of VLAN-interface 100 on Switch B is 5.1.1.1/24, and the corresponding 6to4 prefix is 2002:0501:0101::/48. Host B must use this prefix. Configuration procedure Before configuring a 6to4 tunnel, make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. • Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 2.1.1.
[SwitchB-Ten-GigabitEthernet1/0/3] quit # Create a 6to4 tunnel interface tunnel 0. [SwitchB] interface tunnel 0 mode ipv6-ipv4 6to4 # Specify an IPv6 address for the tunnel interface. [SwitchA-Tunnel0] ipv6 address 3002::1/64 # Specify the source interface as VLAN-interface 100 for the tunnel interface. [SwitchB-Tunnel0] source vlan-interface 100 [SwitchB-Tunnel0] quit # Configure a static route destined for 2002::/16 through the tunnel interface.
Step 3. Specify an IPv6 address for the tunnel interface. Command Remarks For configuration details, see "Configuring basic IPv6 settings." By default, no IPv6 address is configured for the tunnel interface. By default, no source address or source interface is configured for the tunnel interface. Configure a source address or source interface for the tunnel interface. source { ip-address | interface-type interface-number } 5. (Optional.) Set the DF bit for tunneled packets.
# Create service loopback group 1 and specify its service type as tunnel. [Switch] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1. [Switch] interface Ten-GigabitEthernet 1/0/3 [Switch-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [Switch-Ten-GigabitEthernet1/0/3] quit # Configure an ISATAP tunnel interface tunnel 0. [Switch] interface tunnel 0 mode ipv6-ipv4 isatap # Specify an EUI-64 IPv6 address for the tunnel interface tunnel 0.
routing preference 1 EUI-64 embedded IPv4 address: 1.1.1.2 router link-layer address: 1.1.1.1 preferred global 2001::5efe:1.1.1.2, life 29d23h59m46s/6d23h59m46s (public) preferred link-local fe80::5efe:1.1.1.
• If the destination IPv4 network is not on the same subnet as the IPv4 address of the local tunnel interface, you must configure a route destined for the destination IPv4 network through the tunnel interface. You can configure a static route, and specify the local tunnel interface as the egress interface or specify the IPv4 address of the peer tunnel interface as the next hop. Alternatively, you can enable a dynamic routing protocol on both tunnel interfaces to achieve the same purpose.
Figure 82 Network diagram Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. • Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv4 address for VLAN-interface 101, which is the physical interface of the tunnel.
[SwitchB-Vlan-interface100] ip address 10.1.3.1 255.255.255.0 [SwitchB-Vlan-interface100] quit # Specify an IPv4 address for VLAN-interface 101, which is the physical interface of the tunnel. [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 3.1.1.1 255.255.255.0 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1.
• The destination address specified for the local tunnel interface must be the source address specified for the peer tunnel interface, and vice versa. • The source/destination addresses of local tunnels of the same tunnel mode cannot be the same. • If the destination IPv4 network is not on the same subnet as the IPv4 address of the local tunnel interface, you must configure a route destined for the destination IPv4 network through the tunnel interface.
Figure 83 Network diagram Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv6. • Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 30.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel.
[SwitchB-Vlan-interface100] ip address 30.1.3.1 255.255.255.0 [SwitchB-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel. [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2002::2:1 64 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1.
• The destination address specified for the local tunnel interface must be the source address specified for the peer tunnel interface, and vice versa. • The source/destination addresses of local tunnels of the same tunnel mode cannot be the same. • The IPv6 address of the tunnel interface must not be on the same subnet as the destination address configured for the tunnel interface.
Configuration example Network requirements As shown in Figure 84, configure an IPv6 over IPv6 tunnel between Switch A and Switch B so the two IP networks can reach each other without disclosing their IPv6 addresses.
[SwitchA] ipv6 route-static 2002:3:: 64 tunnel 1 • Configure Switch B: # Specify an IPv6 address for VLAN-interface 100. system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 2002:3::1 64 [SwitchB-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel.
Displaying and maintaining tunneling configuration Execute display commands in any view and the reset command in user view. Task Display information about tunnel interfaces. Command display interface [ tunnel ] [ brief [ down ] ] display interface [ tunnel [ number ] ] [ brief [ description ] ] Display IPv6 information on tunnel interfaces. display ipv6 interface [ tunnel [ number ] ] [ brief ] Clear statistics on tunnel interfaces.
Configuring GRE Overview Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate any network layer protocol (such as IPv6) into a virtual point-to-point tunnel over an IP network (such as an IPv4 network). Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end. The network layer protocol of the packets before encapsulation and after encapsulation can be the same or different.
GRE tunnel operating principle Figure 86 IPv6 networks interconnected through a GRE tunnel As shown in Figure 86, an IPv6 protocol packet traverses an IPv4 network through a GRE tunnel as follows: 1. After receiving an IPv6 packet from the interface connected to IPv6 network 1, Device A looks up the routing table to determine that the outgoing interface is a GRE tunnel interface (Tunnel 0 in this example), and then submits the IPv6 packet to the tunnel interface Tunnel 0. 2.
• You must configure the tunnel source address and destination address at both ends of a tunnel, and the tunnel source or destination address at one end must be the tunnel destination or source address at the other end. • HP recommends not configuring the same tunnel source and destination addresses for local tunnel interfaces that use the same GRE encapsulation protocol.
Step Command Remarks By default, no source address or interface is configured for a tunnel interface. 4. Configure a source address or source interface for the tunnel interface. source { ip-address | interface-type interface-number } If you configure a source address for a tunnel interface, the tunnel interface uses the source address as the source address of the encapsulated packets.
• You must configure the tunnel source address and destination address at both ends of a tunnel, and the tunnel source or destination address at one end must be the tunnel destination or source address at the other end. • HP recommends not configuring the same tunnel source and destination addresses for local tunnel interfaces that use the same GRE encapsulation protocol.
Step Command Remarks By default, no source IPv6 address or interface is configured for a tunnel interface. 4. Configure a source IPv6 address or source interface for the tunnel interface. source { ipv6-address | interface-type interface-number } If you configure a source IPv6 address for a tunnel interface, the tunnel interface uses the source IPv6 address as the source IPv6 address of the encapsulated packets.
Task Command Remarks For more information about this command, see Layer 3—IP Services Command Reference. Display IPv6 information about tunnel interface. display ipv6 interface [ tunnel [ number ] ] [ brief ] Clear tunnel interface statistics. reset counters interface [ tunnel [ number ] ] Support for the display ipv6 interface tunnel command depends on the device model. For more information about this command, see Layer 3—IP Services Command Reference.
[SwitchA-Tunnel1] ip address 10.1.2.1 255.255.255.0 # Configure the source address of tunnel interface as the IP address of VLAN-interface 101 on Switch A. [SwitchA-Tunnel1] source vlan-interface 101 # Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch B. [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] quit # Configure a static route from Switch A through the tunnel interface to Group 2. [SwitchA] ip route-static 10.1.3.0 255.255.255.
GRE key disabled Checksumming of GRE packets disabled Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Display tunnel interface information on Switch B.
Figure 88 Network diagram Configuration procedure Before the following configurations, configure an IP address for each interface, and make sure Switch A and Switch B can reach each other. 1. Configure Switch A: # Create service loopback group 1, and configure the service type as tunnel. system-view [SwitchA] service-loopback group 1 type tunnel # Add port Ten-GigabitEthernet 1/0/3 to service loopback group 1.
# Configure an IP address for the tunnel interface. [SwitchB-Tunnel0] ip address 10.1.2.2 255.255.255.0 # Configure the source address of tunnel interface as the IPv6 address of VLAN-interface 101 on Switch B. [SwitchB-Tunnel0] source 2001::2:1 # Configure the destination address of the tunnel interface as the IPv6 address of VLAN-interface 101 on Switch A. [SwitchB-Tunnel0] destination 2002::1:1 [SwitchB-Tunnel0] quit # Configure a static route from Switch B through the tunnel interface to Group 1.
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # From Switch B, ping the IP address of VLAN-interface 100 on Switch A. [SwitchB] ping -a 10.1.3.1 10.1.1.1 Ping 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes, press CTRL_C to break 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=2.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=1.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index Numerics IP services DHCPv6 address pool selection, 158 6to4 IP services DHCPv6 address/prefix assignment, 153 relay, 185 IP services DHCPv6 address/prefix lease renewal, 154 tunnel, 185 tunnel configuration, 194, 195 IP services DHCPv6 IA, 157 A IP services DHCPv6 IAID, 157 IP services DHCPv6 IPv6 address assignment, 156 address BOOTP client address acquisition (on interface), 78 IP services DHCPv6 IPv6 address/prefix allocation sequence, 159 ICMP packet source address, 121 IP services D
IP services DHCPv6 snooping untrusted port, 175 IP services DHCPv6 server dynamic IPv6 prefix assignment (on switch), 165 common proxy ARP configuration, 15 IP services DHCPv6 server IPv6 address assignment, 161 ARP IP services DHCPv6 server IPv6 prefix assignment, 159 common proxy ARP enable, 14 configuration, 1, 7 IP services DHCPv6 server network parameters assignment, 162 configuration (multiport entry), 8 displaying, 7 displaying snooping, 17 dynamic entry aging timer configuration, 6 IPv6 int
BOOTP configuration, 78, 79 ICMP error message rate limit, 121 IP services DHCP client BIMS server information, 39 interface TCP MSS, 117 IP services DHCP client boot file name, 40 IP addressing IP unnumbered, 20 IP addressing, 18, 22 IP services DHCP client DNS server, 38 IP forwarding load sharing, 112, 112 IP services DHCP client domain name suffix, 38 IP performance optimization interface MTU, 116 IP services DHCP client enable on interface, 62 IP services 6to4 tunnel, 194, 195 IP services
IPv6 DNS, 95 IP services DHCP voice client Option 184 parameters, 41 IPv6 DNS client, 85 IP services DHCPv6 relay agent, 170, 171 IPv6 DNS client dynamic domain name resolution, 86, 95 IP services DHCPv6 relay agent (on switch), 173 IP services DHCPv6 server (on switch), 165 IPv6 DNS client static domain name resolution, 85, 95 IP services DHCPv6 server dynamic IPv6 address assignment (on switch), 167 IPv6 DNS proxy, 100 IPv6 EUI-64 address, 135 IP services DHCPv6 server dynamic IPv6 prefix assignm
IP services common proxy ARP configuration, 15 configuration (PeanutHull server)(on switch), 108 IP services DHCP overview, 24 displaying, 106 outgoing packet DSCP value, 106 IP services DHCP relay agent packet DSCP value, 59 server, 102 IP services DHCP server configuration, 31, 33 IP services DHCP server packet DSCP value, 45 de-encapsulating IP services DHCP snooping entry max number, 73 IPv4/IPv6 tunneling, 187 destination unreachable message (ICMPv6), 144 IP services DHCPv6 DUID, 157 detecti
Option 43 (vendor-specific);Option 043 (vendor-specific), 27, 27 address pool static binding, 37 BOOTP application, 78 BOOTP client address acquisition (on interface), 78 Option 51;Option 051, 27 BOOTP client configuration, 78, 79 Option 55;Option 055, 27 BOOTP client dynamic IP address acquisition, 78 Option 6;Option 006, 27 BOOTP protocols and standards, 78 Option 66;Option 066, 27 Option 53;Option 053, 27 Option 60;Option 060, 27 client BIMS server information, 39 Option 67;Option 067, 27 cl
server user class configuration, 49 protocols and standards, 155 snooping.
IP services DHCP client, 64 static domain name resolution, 80 IP services DHCP relay agent, 59 suffixes, 81 IP services DHCP server, 46 troubleshooting IPv4 DNS configuration, 101 IP services DHCP snooping, 74 troubleshooting IPv4 DNS incorrect IP address, 101 IP services DHCPv6 relay agent, 172 troubleshooting IPv6 DNS configuration, 101 IP services DHCPv6 server, 164 troubleshooting IPv6 DNS incorrect IP address, 101 IP services DHCPv6 snooping, 181 trusted interface, 88 IP services GRE, 216
IPv4 DNS client dynamic domain name resolution, 84, 90 IP services GRE/IPv4 configuration, 217 IPv6 DNS client dynamic domain name resolution, 86, 95 IP services tunneling configuration, 184, 189 Dynamic Domain Name System. Use DDNS Dynamic Host Configuration Protocol.
IP services DHCP message, 26 IPv6 ND duplicate address detection, 132 IP services DHCP server BOOTP response format, 45 IPv6 ND protocol, 131 IP services GRE encapsulation format, 211 IPv6 ND protocol address resolution, 131 IPv6 ND neighbor reachability detection, 132 IPv6 addresses, 128 IPv6 ND redirection, 133 fragment IPv6 ND router/prefix discovery, 132 IP performance optimization ICMP fragment forwarding, 121 IPv6 ND stateless address autoconfiguration, 132 packet source address, 145 G r
IP services ARP dynamic entry max number (for interface), 5 DHCP relay agent IP address release, 58 DHCP server address pool IP address range, 34 DHCP server address pool IP address range (primary subnet/multiple ranges), 34 IP services ARP dynamic table entry, 2 DHCP server address pool IP address range (primary subnet/multiple secondary subnets), 35 IP services ARP multiport entry configuration, 4 DHCP server configuration, 46 IP services ARP static configuration, 7 IP services ARP message format,
IPv6 ND protocol address resolution, 131 DHCP address pool, 31 IPv6 ND redirection, 133 DHCP address pool application on interface, 43 IPv6 ND router/prefix discovery, 132 DHCP client BIMS server information, 39 IPv6 ND stale state entry aging timer, 139 DHCP client DNS server, 38 IPv6 ND stateless address autoconfiguration, 132 DHCP client domain name suffix, 38 DHCP client gateway, 37 IPv6 ND static neighbor entry configuration, 138 DHCP client NetBIOS node type, 39 IPv6 RA message parameter c
DHCPv6 address/prefix allocation sequence, 159 GRE/IPv4 configuration, 217 GRE/IPv4 tunnel configuration, 212 DHCPv6 address/prefix assignment, 153 GRE/IPv6 configuration, 219 DHCPv6 address/prefix lease renewal, 154 GRE/IPv6 tunnel configuration, 214 DHCPv6 configuration, 156 ICMPv6 error message rate limit, 143 DHCPv6 IPv6 address assignment, 156 IPv4/IPv4 tunnel configuration, 200, 201 DHCPv6 IPv6 prefix assignment, 156 IPv4/IPv4 tunneling, 186 DHCPv6 overview, 153 IPv4/IPv6 manual tunnel co
maintaining UDP helper, 125 ISATAP tunneling, 185 stateless DHCPv6, 155 special IP addresses, 19 troubleshooting DHCP server configuration, 51 tunneling configuration, 189 troubleshooting GRE, 222 IPv6, 127, See also IPng troubleshooting GRE hosts cannot ping each other, 222 6to4 tunnel configuration, 194, 195 troubleshooting IPv6 address cannot be pinged, 152 address type, 129 address formats, 128 addresses, 128 troubleshooting IPv6 basics configuration, 152 anycast address configuration, 137
IP services DHCP relay agent configuration, 53, 54, 59 maintaining basics, 145 manual interface link-local address specification, 137 IP services DHCP relay agent Option 82, 60 max number NS message sent attempts, 142 IP services DHCP server configuration, 31, 33, 46 multicast address type, 130 IP services DHCP server IP address dynamic assignment, 48 multicast echo request reply, 143 IP services DHCP server IP address static assignment, 46 ND configuration, 138 ND duplicate address detection, 132
IP services gratuitous ARP periodic packet send, 11 IPv6 ICMPv6 error message rate limit, 143 IPv6 ICMPv6 message send, 143 IP services proxy ARP configuration, 14 IPv6 EUI-64 address-based interface identifiers, 130 maintaining BOOTP client, 79 IP performance optimization, 122 IPv6 ND protocol, 131 minimizing IPv6 ND link-local entries, 139 MSS interface TCP MSS configuration, 117 MTU IP services ARP, 7 IP performance optimization interface MTU configuration, 116 IP services ARP snooping, 17 TCP pat
IP services 6to4 tunnel configuration, 194, 195 IP services DHCP client domain name suffix, 38 IPv6 duplicate address detection, 132 IP services ARP dynamic entry aging timer configuration, 6 IPv6 ND address resolution, 131 IP services ARP dynamic entry check enable, 6 neighbor discovery IP services ARP dynamic entry max number (for device), 5 IPv6 ND configuration, 138 IPv6 ND hop limit, 139 IP services ARP dynamic entry max number (for interface), 5 IPv6 ND link-local entry minimization, 139 IPv6
IP services tunneling Layer 3 virtual tunnel interface, 190 IP services DHCPv6 address allocation, 158 IP services DHCPv6 address pool, 158 IP services DHCPv6 address pool selection, 158 IPv4 DNS client configuration, 84 IP services DHCPv6 address/prefix assignment, 153 IPv4/IPv4 tunnel configuration, 200, 201 IPv4 DNS proxy configuration, 93 IP services DHCPv6 IPv6 address assignment, 156 IPv4/IPv4 tunneling, 186 IPv4/IPv6 manual tunnel configuration, 203, 204 IP services DHCPv6 IPv6 address/prefix
IP services DHCPv6 relay agent configuration, 170, 171 special IP addresses, 19 TCP buffer size, 119 IP services DHCPv6 relay agent configuration (on switch), 173 TCP path MTU discovery, 117 TCP SYN cookie, 118 IP services DHCPv6 server configuration, 156, 159 TCP timer, 119 IP services DHCPv6 server configuration (on switch), 165 network management BOOTP client configuration, 78, 79 IP services DHCPv6 server dynamic IPv6 address assignment (on switch), 167 DDNS client configuration, 103 DDNS confi
IP performance, 115 packet IP performance optimization directed broadcasts, 115 DDNS outgoing packet DSCP value, 106 DNS packet source interface, 87 IP performance optimization ICMP error messages, 119 ICMP error message rate limit, 121 ICMP error message sending, 119 IP performance optimization ICMP fragment forwarding, 121 ICMP fragment forwarding disable, 121 ICMP packet source address, 121 IP performance optimization interface MTU, 116 IP addressing configuration, 18, 22 IP performance optimiz
IP services DHCPv6 address/prefix lease renewal, 154 IPv6 ND redirection, 133 IPv6 ND router/prefix discovery, 132 IP services DHCPv6 dynamic prefix allocation, 158 IPv6 ND stale state entry aging timer, 139 IP services DHCPv6 IPv6 address assignment, 156 IPv6 ND stateless address autoconfiguration, 132 IP services DHCPv6 IPv6 address/prefix allocation sequence, 159 IPv6 ND static neighbor entry configuration, 138 IP services DHCPv6 IPv6 prefix assignment, 156 IPv6 RA message parameter configuratio
configuring IP performance optimization TCP timer, 119 configuring IP services DHCP server to ignore BOOTP requests, 44 configuring IP services 6to4 tunnel, 194, 195 configuring IP services DHCP server user class, 49 configuring IP services ARP, 7 configuring IP services DHCP snooping, 69, 75 configuring IP services ARP (multiport entry), 8 configuring IP services DHCP snooping basics, 69, 75 configuring IP services ARP (static), 7 configuring IP services DHCP snooping Option 82, 70, 76 configurin
configuring IP services tunneling, 189 creating IP services DHCP server address pool, 34 configuring IP services tunneling Layer 3 virtual tunnel interface, 190 customizing IP services DHCP options, 41 configuring IP services UDP helper, 124, 125 disabling IP performance optimization ICMP fragment forwarding, 121 configuring IPv4 DNS, 89 displaying BOOTP client, 79 configuring IPv4 DNS client, 84 displaying DDNS, 106 configuring IPv4 DNS client dynamic domain name resolution, 84, 90 displaying DH
enabling IP services DHCP snooping starvation attack protection, 72 setting IP services DHCP relay agent packet DSCP value, 59 enabling IP services DHCP-REQUEST message attack protection, 73 setting IP services DHCP server packet DSCP value, 45 enabling IP services DHCPv6 relay agent on interface, 171 setting IP services DHCP snooping entry max number, 73 enabling IP services DHCPv6-REQUEST check, 180 setting IP services DHCPv6 packet DSCP value, 164 setting IP services DHCPv6 relay agent packet DSCP
troubleshooting IP services GRE hosts cannot ping each other, 222 troubleshooting IPv4 DNS configuration, 101 IPv6 ND, 133 relay agent displaying, 59 troubleshooting IPv4 DNS incorrect IP address, 101 displaying DHCPv6, 172 IP address release, 58 troubleshooting IPv6 address cannot be pinged, 152 IP services DHCP configuration, 53, 54, 59 IP services DHCP enable, 55 troubleshooting IPv6 DNS configuration, 101 IP services DHCP enable on interface, 55 troubleshooting IPv6 DNS incorrect IP address, 101
DNS configuration, 80, 83 IP forwarding, 110 DNS dynamic domain name resolution, 80 IP forwarding optimal route selection, 110 DNS static domain name resolution, 80 IP performance optimization, 115 IPv4 DNS client dynamic domain name resolution, 84, 90 IP performance optimization interface MTU configuration, 116 IPv4 DNS client static domain name resolution, 84, 89 IP services DHCP snooping configuration, 67 IP services DHCP snooping trusted port, 67 IPv4 DNS configuration, 89 IP services DHCP sn
IP services DHCP server BOOTP request ignore, 44 IP services DHCP snooping starvation attack protection, 72 IP services DHCP server BOOTP response format, 45 IP services DHCP-REQUEST message attack protection, 73 IP services DHCP server configuration, 46 IP services DHCPv6 snooping basic configuration, 178 IP services DHCP server IP address dynamic assignment, 48 IP services DHCPv6 snooping configuration, 175, 177, 182 IP services DHCP server IP address static assignment, 46 IP services DHCPv6 snoo
IP services DHCP relay agent protection, 57 IP services DHCPv6 relay agent packet DSCP value, 172 IP services DHCPv6 snooping max number entries, 180 IPv6 ND hop limit, 139 IP services DHCP snooping protection, 72 stateless DHCPv6, 155 static DNS domain name resolution, 80 IPv6 ND max number dynamic neighbor entries, 138 IP services ARP static configuration, 7 IP services ARP table entry, 3 IPv6 ND stale state entry aging timer, 139 IP services DHCP address allocation, 24, 31 snooping IP services DH
troubleshooting SYN TCP SYN cookie enable, 118 IP services DHCP relay agent configuration, 61 wait timer, 119 IP services DHCP server configuration, 51 IP services GRE, 222 T IP services GRE hosts cannot ping each other, 222 table IP services tunneling configuration, 210 IP forwarding FIB table entries, 110 IPv4 DNS configuration, 101 IP services ARP multiport entry configuration, 4 IPv4 DNS incorrect IP address, 101 IP services ARP static entry configuration, 3 IPv6 address cannot be pinged,
configuration, 124, 124, 125 W displaying, 125 Windows IP performance optimization, 115 BOOTP client configuration, 78, 79 maintaining, 125 Internet Naming Service.
