HP FlexFabric 11900 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-4060 Software version: Release 2105 and later Document version: 6W100-20130515
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring ARP ··························································································································································· 1 Overview············································································································································································ 1 ARP message format ·······························································································································
Configuring ARP snooping ········································································································································ 19 Configuration procedure ··············································································································································· 19 Displaying and maintaining ARP snooping ················································································································ 19 Configuring IP addr
Specifying WINS servers and NetBIOS node type for the client ····································································· 40 Specifying BIMS server information for the client ······························································································ 41 Specifying the TFTP server and boot file name for the client ············································································ 41 Specifying a server for the DHCP client ·················································
Troubleshooting DHCP relay agent configuration ······································································································ 61 Symptom ································································································································································· 61 Analysis ·································································································································································· 61 Solution ··
DNS spoofing ························································································································································ 82 DNS configuration task list············································································································································ 83 Configuring the IPv4 DNS client ·································································································································· 84 Config
Optimizing IP performance ···································································································································· 113 Enabling an interface to receive and forward directed broadcasts destined for the directly connected network ······················································································································································································· 113 Configuration procedure ····························
Setting the hop limit ············································································································································ 138 Configuring parameters for RA messages ········································································································ 139 Configuring the maximum number of attempts to send an NS message for DAD ······································· 141 Controlling sending ICMPv6 packets ·············································
Dynamic IPv6 prefix assignment configuration example ················································································ 163 Dynamic IPv6 address assignment configuration example············································································· 166 Configuring the DHCPv6 relay agent ···················································································································· 168 Configuration guidelines ·························································
Configuration prerequisites ································································································································ 202 Configuration procedure ···································································································································· 202 Configuring a GRE over IPv6 tunnel ·························································································································· 204 Configuration prerequisites
Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages. Numbers in the figure refer to field lengths. Figure 1 ARP message format • Hardware type—Hardware address type. The value 1 represents Ethernet.
2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request comprises the following information: { Sender IP address and sender MAC address—Host A's IP address and MAC address { Target IP address—Host B's IP address { Target MAC address—An all-zero MAC address All hosts on this subnet can receive the broadcast request, but only the requested host (Host B) processes the request. 3.
Static ARP entry A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry. Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. Static ARP entries include long, short, and multiport ARP entries. • A long static ARP entry comprises the IP address, MAC address, VLAN, and output interface. It is directly used for forwarding packets.
Step Command Remarks • Configure a long static ARP entry: 2. Configure a static ARP entry. arp static ip-address mac-address vlan-id interface-type interface-number [ vpn-instance vpn-instance-name ] • Configure a short static ARP entry: arp static ip-address mac-address [ vpn-instance vpn-instance-name ] Use either command. By default, no static ARP entry is configured. Configuring a multiport ARP entry A multiport ARP entry comprises an IP address, MAC address, and VLAN ID.
The Layer-2 interface can learn an ARP entry only when both its maximum number and the VLAN interface's maximum number are not reached. To set the maximum number of dynamic ARP entries that an interface can learn: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Set the maximum number of dynamic ARP entries. arp max-learning-num number By default, an interface can learn a maximum of 16384 dynamic ARP entries.
Configuring multicast ARP Microsoft Network Load Balancing (NLB) is a load balancing technology for server clustering developed on Windows Server. In a medium or small data center that uses the Windows Server operating system, the proper cooperation of the switch and NLB is very important. The switch series supports cooperation with NLB by multicast ARP. For more information about NLB, see the related documents of Windows Sever. NLB supports load sharing and redundancy among servers within a cluster.
Task Command Display ARP entries (in standalone mode). display arp [ [ all | dynamic | multiport | static ] [ slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] Display ARP entries (in IRF mode). display arp [ [ all | dynamic | multiport | static ] [ chassis chassis-number slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] Display the ARP entry for a specified IP address (in standalone mode).
Configuration procedure # Create VLAN 10. system-view [Switch] vlan 10 [Switch-vlan10] quit # Add interface Ten-GigabitEthernet 1/0/1 to VLAN 10. [Switch] interface Ten-GigabitEthernet 1/0/1 [Switch-Ten-GigabitEthernet1/0/1] port access vlan 10 [Switch-Ten-GigabitEthernet1/0/1] quit # Create VLAN-interface 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.
Figure 4 Network diagram Configuration procedure # Create VLAN 10. system-view [Switch] vlan 10 [Switch-vlan10] quit # Add Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 to VLAN 10.
Type: S-Static D-Dynamic M-Multiport I-Invalid IP Address MAC Address VLAN Interface Aging Type 192.168.1.1 00e0-fc01-0000 10 N/A N/A M Multicast ARP configuration example (in standalone mode) Network requirements As shown in Figure 5, a small data center uses Microsoft multicast-mode NLB. To enable the switch to cooperate with NLB, perform the following configuration: • Add Ten-GigabitEthernet 4/0/2 and Ten-GigabitEthernet 4/0/3 to VLAN 10, and specify IP address 16.1.1.
[Switch-vlan10] port Ten-GigabitEthernet 4/0/2 [Switch-vlan10] port Ten-GigabitEthernet 4/0/3 [Switch-vlan10] quit [Switch] interface vlan-interface 10 [Switch-Vlan-interface10] ip address 16.1.1.1 255.255.255.0 [Switch-Vlan-interface10] quit # Specify an IP address for VLAN-interface 20. [Switch] vlan 20 [Switch-vlan20] port Ten-GigabitEthernet 3/0/1 [Switch-vlan20] port Ten-GigabitEthernet 3/0/4 [Switch-vlan20] quit [Switch] interface vlan-interface 20 [Switch-Vlan-interface20] ip address 10.0.0.1 255.
Figure 6 Network diagram Configuration procedure This example only describes multicast ARP configuration. For more information about IRF, see the IRF configuration guide for switches. For NLB configuration on the servers, see the related documents for Windows Server. This configuration example assumes that the virtual IP address of Server A and Server B is 16.1.1.100/24, and the virtual MAC address is 03bf-1001-0164. # Specify an IP address for VLAN-interface 10.
Verifying the configuration To verify NLB load sharing, enable the FTP server function of Server A and Server B. Host A and Host B send requests to the virtual IP address, and each of them logs in to a different server. To verify NLB redundancy, disable the network interface card of Server A. Host A and Host B send requests to the virtual IP address, and both log in to the FTP server on Server B.
Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device. If the IP address is already used, the device is informed of the conflict by an ARP reply. • Inform other devices of a MAC address change.
{ { If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router. If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the interface on the master router in the VRRP group.
Configuring proxy ARP Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain. Proxy ARP includes common proxy ARP and local proxy ARP. • Common proxy ARP—Allows communication between hosts that connect to different Layer-3 interfaces and reside in different broadcast domains.
Task Command Display common proxy ARP status. display proxy-arp [ interface interface-type interface-number ] Display local proxy ARP status. display local-proxy-arp [ interface interface-type interface-number ] Common proxy ARP configuration example Network requirements As shown in Figure 7, Host A and Host D have the same IP prefix and mask, but they are located on different subnets separated by the switch (Host A belongs to VLAN 1, and Host D belongs to VLAN 2).
[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 # Enable common proxy ARP on VLAN-interface 2. [Switch-Vlan-interface2] proxy-arp enable After the configuration, Host A and Host D can ping each other.
Configuring ARP snooping ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information in ARP packets. If you enable ARP snooping on a VLAN, ARP packets received by any interface in the VLAN are redirected to the CPU. The CPU uses the sender IP and MAC addresses of the ARP packets, and receiving VLAN and port to create ARP snooping entries. The aging time and valid period of an ARP snooping entry are 25 minutes and 15 minutes.
Configuring IP addressing The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) is beyond the scope of this chapter. Overview This section describes the IP addressing basics. IP addressing uses a 32-bit address to identify each host on an IPv4 network.
Table 1 IP address classes and ranges Class Remarks Address range The IP address 0.0.0.0 is used by a host at startup for temporary communication. This address is never a valid destination address. A 0.0.0.0 to 127.255.255.255 B 128.0.0.0 to 191.255.255.255 N/A C 192.0.0.0 to 223.255.255.255 N/A D 224.0.0.0 to 239.255.255.255 Multicast addresses. E 240.0.0.0 to 255.255.255.255 Reserved for future use, except for the broadcast address 255.255.255.255.
Subnetting increases the number of addresses that cannot be assigned to hosts. Therefore, using subnets means accommodating fewer hosts. For example, a Class B network without subnetting can accommodate 1022 more hosts than the same network subnetted into 512 subnets. Without subnetting—65534 hosts (216 – 2). (The two deducted addresses are the broadcast • address, which has an all-one host ID, and the network address, which has an all-zero host ID.
Configuring IP unnumbered Typically, you assign an IP address to an interface either manually or through DHCP. If the IP addresses are not enough, or the interface is used only occasionally, you can configure an interface to borrow an IP address from other interfaces. This is called IP unnumbered and the interface borrowing the IP address is called IP unnumbered interface.
Task Command Display IP configuration and statistics for the specified or all Layer 3 interfaces. display ip interface [ interface-type interface-number ] Display brief IP configuration information for the specified or all Layer 3 interfaces. display ip interface [ interface-type [ interface-number ] ] brief IP address configuration example Network requirements As shown in Figure 10, a port in VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.
[Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0 [Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub # Set the gateway address to 172.16.1.1 on the PCs attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to subnet 172.16.2.0/24. Verifying the configuration # Ping a host on subnet 172.16.1.0/24 from the switch to check the connectivity. ping 172.16.1.2 PING 172.16.1.2 (172.16.1.2): 56 data bytes 56 bytes from 172.16.1.2: icmp_seq=0 ttl=254 time=7.
DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. Figure 11 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent. For more information about the DHCP relay agent, see "Configuring the DHCP relay agent.
Dynamic IP address allocation process Figure 12 Dynamic IP address allocation process 1. The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. 2. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message. For related information, see "DHCP message format." 3.
returns either a DHCP-ACK unicast confirming that the client's lease duration has been extended, or a DHCP-NAK unicast denying the request. DHCP message format Figure 13 shows the DHCP message format. DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 13 DHCP message format • op—Message type defined in options field. 1 = REQUEST, 2 = REPLY • htype, hlen—Hardware address type and length of the DHCP client.
• file—Boot file (also called system software image) name and path information, defined by the server to the client. • options—Optional parameters field that is variable in length, which includes the message type, lease duration, subnet mask, domain name server IP address, and WINS IP address. DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information to clients.
• Option 150—TFTP server IP address option. It specifies the TFTP server IP address to be assigned to the client. For more information about DHCP options, see RFC 2132 and RFC 3442. Custom DHCP options Some options, such as Option 43, Option 82, and Option 184, have no standard definitions in RFC 2132. Vendor-specific option (Option 43) DHCP servers and clients use Option 43 to exchange vendor-specific configuration information.
Figure 16 ACS parameter sub-option value field { Service provider identifier sub-option value field—Contains the service provider identifier. { PXE server address sub-option value field—Contains the PXE server type that can only be 0, the server number that indicates the number of PXE servers contained in the sub-option and server IP addresses, as shown in Figure 17. Figure 17 PXE server address sub-option value field Relay agent option (Option 82) Option 82 is the relay agent option.
• Sysname padding format—Contains the system name of the device. To set the system name for the device, use the sysname command in system view. Option 184 Option 184 is a reserved option. You can define the parameters in the option as needed. The device supports Option 184 carrying voice related parameters, so a DHCP client with voice functions can get voice parameters from the DHCP server.
Configuring the DHCP server Overview The DHCP server is well suited to networks where: • Manual configuration and centralized management are difficult to implement. • IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users must acquire IP addresses dynamically. • Most hosts do not need fixed IP addresses.
d. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command. If the address range has no assignable IP addresses or it is not configured, the address allocation fails. NOTE: All address ranges must belong to the primary subnet. If an address range does not reside in the primary subnet, DHCP cannot assign the addresses in the address range.
2. IP address that was ever assigned to the client. 3. IP address designated by the Option 50 field in the DHCP-DISCOVER message sent by the client. Option 50 is the Requested IP Address option. The client uses this option to specify the wanted IP address in a DHCP-DISCOVER message. The content of Option 50 is user defined. 4. First assignable IP address found in the way discussed in "DHCP address pool." 5. IP address that was a conflict or passed its lease duration.
Creating a DHCP address pool Step Command Remarks 1. Enter system view. system-view N/A 2. Create a DHCP address pool and enter its view. dhcp server ip-pool pool-name By default, no DHCP address pool is created. Specifying IP address ranges for a DHCP address pool You can configure both static and dynamic address allocation mechanisms in a DHCP address pool.
Step Command Remarks 5. Enter address pool view. dhcp server ip-pool pool-name N/A 6. Specify the primary subnet for the address pool. network network-address [ mask-length | mask mask ] By default, no primary subnet is specified. 7. (Optional.) Specify the common address range. address range start-address end-address By default, no IP address range is specified. By default, no IP address range is specified for a user class. 8. 9. (Optional.
• You can specify a maximum of 32 secondary subnets in each address pool. • IP addresses specified by the forbidden-ip command are not assignable in the current address pool, but are assignable in other address pools. IP addresses specified by the dhcp server forbidden-ip command are not assignable in any address pool. To specify a primary subnet and secondary subnets for a DHCP address pool: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter address pool view.
• The IP address of a static binding cannot be the address of the DHCP server interface. Otherwise, an IP address conflict occurs and the bound client cannot obtain an IP address correctly. • To configure a static binding for a DHCP client whose interfaces use the same MAC address, you must specify the client ID, rather than the MAC address to identify a requesting interface. Otherwise, the IP address allocation will fail. To configure a static binding: Step Command Remarks 1. Enter system view.
Specifying a domain name suffix for the client You can specify a domain name suffix in a DHCP address pool on the DHCP server. With this suffix assigned, the client only needs to input part of a domain name, and the system adds the domain name suffix for name resolution. For more information about DNS, see "Configuring DNS." To configure a domain name suffix in the DHCP address pool: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter DHCP address pool view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter DHCP address pool view. dhcp server ip-pool pool-name N/A 3. Specify WINS servers. nbns-list ip-address&<1-8> By default, no WINS server is specified. 4. Specify the NetBIOS node type. netbios-type { b-node | h-node | m-node | p-node } By default, no NetBIOS node type is specified. This step is optional for b-node.
Step Command Remarks • Specify the IP address of the TFTP 3. server: tftp-server ip-address ip-address Specify the IP address or the name of a TFTP server. • Specify the name of the TFTP server: By default, no TFTP server is specified. tftp-server domain-name domain-name 4. Specify the boot file name. bootfile-name bootfile-name By default, no boot file name is specified.
Step Command Remarks 5. (Optional.) Configure the voice VLAN. voice-config voice-vlan vlan-id { disable | enable } By default, no voice VLAN is configured. 6. (Optional.) Specify the failover IP address and dialer string. voice-config fail-over ip-address dialer-string By default, no failover IP address or dialer string is specified. Configuring self-defined DHCP options IMPORTANT: Use caution when configuring self-defined DHCP options because the configuration might affect DHCP operation.
Option Option name Corresponding command Recommended option command parameters 66 TFTP server name tftp-server ascii 67 Boot file name bootfile-name ascii 43 Vendor Specific Information N/A hex Enabling DHCP You must enable DHCP to validate other DHCP configurations. To enable DHCP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DHCP. dhcp enable By default, DHCP is disabled.
Step Command Apply an address pool on the interface. 3. dhcp server apply ip-pool pool-name Remarks By default, no address pool is applied on an interface. If the applied address pool does not exist, the DHCP server fails to perform address allocation. Configuring IP address conflict detection Before assigning an IP address, the DHCP server pings that IP address. • If the server receives a response within the specified period, it selects and pings another IP address.
Configuring DHCP server compatibility Perform this task to enable the DHCP server to support DHCP clients that are incompliant with RFC. Configuring the DHCP server to broadcast all responses Typically, the DHCP server broadcasts a response only when the broadcast flag in the DHCP request is set to 1. To work with DHCP clients that set the broadcast flag to 0 but do not accept unicast responses, configure the DHCP server to ignore the broadcast flag and always broadcast a response.
Step 1. Enter system view. 2. Enable the DHCP server to send BOOTP responses in RFC 1048 format to the RFC 1048-incompatible BOOTP requests for statically bound addresses. Command Remarks system-view N/A dhcp server bootp reply-rfc-1048 By default, the DHCP server directly copies the Vend field of such requests into the responses. Displaying and maintaining the DHCP server IMPORTANT: A restart of the DHCP server or execution of the reset dhcp server ip-in-use command deletes all lease information.
Static IP address assignment configuration example Network requirements As shown in Figure 18, Switch B (DHCP client) and Switch C (BOOTP client) obtain the static IP address, DNS server address, and gateway address from Switch A (DHCP server). The client ID of VLAN-interface 2 on Switch B is: 0030-3030-662e-6532-3439-2e38-3035-302d-566c-616e-2d69-6e74-6572-6661-6365-32. The MAC address of VLAN-interface 2 on Switch C is 000f-e249-8050. Figure 18 Network diagram Configuration procedure 1.
[SwitchA-dhcp-pool-0] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-0] quit Verifying the configuration After the preceding configuration is complete, Switch B can obtain IP address 10.1.1.5 and other network parameters, and Switch C can obtain IP address 10.1.1.6 and other network parameters from Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients.
[SwitchA-Vlan-interface20] quit # Exclude IP addresses (addresses of the DNS server, WINS server, and gateways). [SwitchA] dhcp server forbidden-ip 10.1.1.2 [SwitchA] dhcp server forbidden-ip 10.1.1.4 [SwitchA] dhcp server forbidden-ip 10.1.1.126 [SwitchA] dhcp server forbidden-ip 10.1.1.254 # Configure DHCP address pool 1 to assign IP addresses and other configuration parameters to clients in subnet 10.1.1.0/25. [SwitchA] dhcp server ip-pool 1 [SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.
Figure 20 Network diagram Configuration procedure 1. Specify IP addresses for interfaces on DHCP server and DHCP relay agent. (Details not shown.) 2. Configure DHCP services: # Enable DHCP and configure the DHCP server to handle Option 82. system-view [SwitchB] dhcp enable [SwitchB] dhcp server relay information enable # Enable DHCP server on VLAN-interface10.
Self-defined option configuration example Network requirements As shown in Figure 21, the DHCP client (Switch B) obtains an IP address and PXE server addresses from the DHCP server (Switch A). The IP address belongs to subnet 10.1.1.0/24. The PXE server addresses are 1.2.3.4 and 2.2.2.2. The DHCP server assigns PXE server addresses to DHCP clients through Option 43, a self-defined option. The format of Option 43 and that of the PXE server address sub-option are shown in Figure 15 and Figure 17.
Analysis Another host on the subnet might have the same IP address. Solution 1. Disable the client's network adapter or disconnect the client's network cable. Ping the IP address of the client from another host to check whether there is a host using the same IP address. 2. If a ping response is received, the IP address has been manually configured on a host. Execute the dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic allocation. 3.
Configuring the DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 22 shows a typical application of the DHCP relay agent.
Figure 23 DHCP relay agent operation DHCP relay agent support for Option 82 Option 82 records the location information of the DHCP client. It enables the administrator to locate the DHCP client for security and accounting purposes, and to assign IP addresses in a specific range to clients. For more information, see "Relay agent option (Option 82)." If the DHCP relay agent supports Option 82, it handles DHCP requests by following the strategies described in Table 3.
Tasks at a glance (Optional.) Configuring Option 82 Enabling DHCP You must enable DHCP to validate other DHCP relay agent settings. To enable DHCP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DHCP. dhcp enable By default, DHCP is disabled. Enabling the DHCP relay agent on an interface With the DHCP relay agent enabled, an interface forwards incoming DHCP requests to a DHCP server.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Specify a DHCP server address on the relay agent. dhcp relay server-address ip-address By default, no DHCP server address is specified on the relay agent.
Step Configure the refresh interval. 3. Command Remarks dhcp relay client-information refresh [ auto | interval interval ] By default, the refresh interval is auto, which is calculated based on the number of total relay entries. Enabling DHCP starvation attack protection A DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests using different MAC addresses in the chaddr field to a DHCP server.
Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the DHCP relay agent to release an IP address. dhcp relay release ip client-ip [ vpn-instance vpn-instance-name ] This command can release only the IP addresses in the recorded relay entries. Configuring Option 82 Follow these guidelines when you configure Option 82: • To support Option 82, you must perform related configuration on both the DHCP server and relay agent.
Task Command Display relay entries on the DHCP relay agent. display dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ] Display packet statistics on the DHCP relay agent. display dhcp relay statistics [ interface interface-type interface-number ] Clear relay entries on the DHCP relay agent.
[SwitchA-Vlan-interface10] dhcp select relay # Specify the IP address of the DHCP server on the relay agent. [SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1 After the preceding configuration is complete, DHCP clients can obtain IP addresses and other network parameters from the DHCP server through the DHCP relay agent. You can use the display dhcp relay statistics command to view the statistics of DHCP packets forwarded by the DHCP relay agent.
Solution To locate the problem, enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information. Check that: • DHCP is enabled on the DHCP server and relay agent. • The DHCP server has an address pool on the same subnet as the DHCP clients. • The DHCP server and DHCP relay agent can reach each other. • The DHCP server address specified on the DHCP relay agent interface connected to the DHCP clients is correct.
Configuring the DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters such as an IP address from the DHCP server. The DHCP client configuration is supported only on Layer 3 Ethernet interfaces and VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be a Windows Server 2000 or Windows Server 2003.
Step 3. Configure a DHCP client ID for the interface. Command Remarks dhcp client identifier { ascii string | hex string | mac interface-type interface-number } By default, an interface generates the DHCP client ID based on its MAC address. If the interface has no MAC address, it uses the MAC address of the first Ethernet interface to generate its client ID. DHCP client ID includes ID type and type value. Each ID type has a fixed type value.
DHCP client configuration example Network requirements As shown in Figure 26, on a LAN, Switch B contacts the DHCP server through VLAN-interface 2 to obtain an IP address, DNS server address, and static route information. The DHCP client IP address resides on network 10.1.1.0/24. The DNS server address is 20.1.1.1. The next hop of the static route to network 20.1.1.0/24 is 10.1.1.2. The DHCP server uses Option 121 to assign static route information to DHCP clients. Figure 25 shows the Option 121 format.
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] expired day 10 [SwitchA-dhcp-pool-0] dns-list 20.1.1.1 [SwitchA-dhcp-pool-0] option 121 hex 18 14 01 01 0A 01 01 02 2. Configure Switch B: # Configure VLAN-interface 2 to use DHCP for IP address acquisition.
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.
Configuring DHCP snooping DHCP snooping works between the DHCP client and server, or between the DHCP client and relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes. DHCP snooping does not work between the DHCP server and DHCP relay agent.
Figure 27 Trusted and untrusted ports In a cascaded network as shown in Figure 28, configure each DHCP snooping device's ports connected to other DHCP snooping devices as trusted ports. To save system resources, you can disable the untrusted ports that are not directly connected to DHCP clients from generating DHCP snooping entries.
Table 4 Handling strategies If a DHCP request has… Option 82 No Option 82 Handling strategy DHCP snooping… Drop Drops the message. Keep Forwards the message without changing Option 82. Replace Forwards the message after replacing the original Option 82 with the Option 82 padded according to the configured padding format, padding content, and code type. N/A Forwards the message after adding the Option 82 padded according to the configured padding format, padding content, and code type.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DHCP snooping. dhcp snooping enable By default, DHCP snooping is disabled. 3. Enter interface view. interface interface-type interface-number This interface is connected to the DHCP server. 4. Specify the port as a trusted port. dhcp snooping trust By default, all ports are untrusted ports after DHCP snooping is enabled. 5. Return to system view. quit N/A 6. Enter interface view.
Step Command Remarks (Optional.) Configure a handling strategy for DHCP requests containing Option 82. dhcp snooping information strategy { drop | keep | replace } By default, the handling strategy is replace. 5. (Optional.) Configure the padding content and code type for the circuit ID sub-option.
Step Command Remarks The default interval is 300 seconds. (Optional.) Set the amount of time to wait after a DHCP snooping entry changes before updating the database file. 4. dhcp snooping binding database update interval seconds When a DHCP snooping entry is learned or removed, the device does not update the database file until after the specified waiting period. All changed entries during that period will be updated.
To prevent such attacks, you can enable DHCP-REQUEST check. This feature uses DHCP snooping entries to check incoming DHCP-REQUEST messages. If a matching entry is found for a message, this feature compares the entry with the message information. If they are consistent, the message is considered as valid and forwarded to the DHCP server. If they are different, the message is considered as a forged message and is discarded.
Task Command Remarks Display DHCP snooping entries. display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ] Available in any view. Display Option 82 configuration information on the DHCP snooping device. display dhcp snooping information { all | interface interface-type interface-number } Available in any view. Display DHCP packet statistics on the DHCP snooping device (in standalone mode). display dhcp snooping packet statistics [ slot slot-number ] Available in any view.
Figure 29 Network diagram Configuration procedure # Enable DHCP snooping. system-view [SwitchB] dhcp snooping enable # Configure Ten-GigabitEthernet 1/0/1 as a trusted port. [SwitchB] interface Ten-GigabitEthernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-Ten-GigabitEthernet1/0/1] quit # Enable DHCP snooping to record clients' IP-MAC bindings on Ten-GigabitEthernet 1/0/2.
Figure 30 Network diagram Configuration procedure # Enable DHCP snooping. system-view [SwitchB] dhcp snooping enable # Configure Ten-GigabitEthernet 1/0/1 as a trusted port. [SwitchB] interface Ten-GigabitEthernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-Ten-GigabitEthernet1/0/1] quit # Configure Option 82 on Ten-GigabitEthernet 1/0/2.
Configuring the BOOTP client BOOTP client configuration only applies to Layer 3 Ethernet interfaces and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application An interface that acts as a BOOTP client can use BOOTP to get information (such as IP address) from the BOOTP server.
Configure an interface to use BOOTP for IP address acquisition Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure an interface to use BOOTP for IP address acquisition. ip address bootp-alloc By default, an interface does not use BOOTP for IP address acquisition. Displaying and maintaining BOOTP client Execute display command in any view. Task Command Display BOOTP client information.
Configuring DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. The domain name-to-IP address mapping is called a DNS entry. DNS services can be static or dynamic. After a user specifies a name, the device checks the local static name resolution table for an IP address.
Figure 31 Dynamic domain name resolution User program Request Request Resolver Response Response DNS server Read Save Cache DNS client Figure 31 shows the relationship between the user program, DNS client, and DNS server. The DNS client is made up of the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices.
DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 32, a DNS client sends a DNS request to the DNS proxy, which forwards the request to the designated DNS server, and conveys the reply from the DNS server to the client. The DNS proxy simplifies network management. When the DNS server address is changed, you can change the configuration on only the DNS proxy instead of on each DNS client.
• The device serves as a DNS proxy and is specified as a DNS server on the hosts. After the dial-up connection is established through the dial-up interface, the device dynamically obtains the DNS server address through DHCP or other autoconfiguration mechanisms. Figure 33 DNS spoofing application DNS spoofing enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach the DNS server.
Tasks at a glance Perform one of the following tasks: • Configuring the IPv4 DNS client • Configuring the IPv6 DNS client (Optional.) Configuring the DNS proxy (Optional.) Configuring DNS spoofing (Optional.) Specifying the source interface for DNS packets (Optional.) Configuring the DNS trusted interface Configuring the IPv4 DNS client Configuring static domain name resolution Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv4 addresses.
In addition, you can configure a DNS suffix that the system automatically adds to the provided domain name for resolution. A DNS suffix manually configured takes precedence over the one dynamically obtained through DHCP, and a DNS suffix configured earlier takes precedence. The DNS resolver first uses the suffix that has the highest priority. If the name resolution fails, the DNS resolver uses the suffix that has the second highest priority, and thus in turn.
For the public network or a VPN, each host name maps to only one IPv6 address. The last • configuration for a host name takes effect. You can configure host name-to-IPv6 address mappings for the public network and up to 1024 • VPNs, and configure a maximum of 1024 host name-to-IPv6 address mappings for the public network or each VPN. To configure static domain name resolution: Step Command Remarks 1. Enter system view. system-view N/A 2.
Step Enter system view. 1. Command Remarks system-view N/A • Specify a DNS server IPv4 address: 2. 3. dns server ip-address [ vpn-instance vpn-instance-name ] Specify a DNS server IP address. • Specify a DNS server IPv6 address: (Optional.) Configure a DNS suffix. dns domain domain-name [ vpn-instance vpn-instance-name ] ipv6 dns server ipv6-address [ interface-type interface-number ] [ vpn-instance vpn-instance-name ] Use at least one command.
You can configure only one replied IPv4 address and one replied IPv6 address for the public • network or a VPN. If you use the command multiple times, the most recent configuration takes effect. You can configure DNS spoofing for the public network and a maximum of 1024 VPNs. • To configure DNS spoofing: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DNS proxy. dns proxy enable By default, DNS proxy is disabled. • Specify a translated IPv4 address: 3.
Step 2. Command Specify the source interface for DNS packets. Remarks dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] By default, no source interface for DNS packets is specified. If you specify the vpn-instance vpn-instance-name option, make sure the source interface is on the specified VPN. Configuring the DNS trusted interface By default, an interface obtains DNS suffix and domain name server information from DHCP.
IPv4 DNS configuration examples Static domain name resolution configuration example Network requirements As shown in Figure 34, the device wants to access the host by using an easy-to-remember domain name rather than an IP address. Configure static domain name resolution on the device so that the device can use the domain name host.com to access the host whose IP address is 10.1.1.2. Figure 34 Network diagram Configuration procedure # Configure a mapping between host name host.com and IP address 10.1.1.2.
Configure dynamic domain name resolution and the domain name suffix com on the device that serves as a DNS client so that the device can use domain name host to access the host with the domain name host.com and the IP address 3.1.1.1/16. Figure 35 Network diagram Configuration procedure Before performing the following configuration, make sure the device and the host can reach each other, and that the IP addresses of the interfaces are configured as shown in Figure 35.
Figure 37 Adding a host d. On the page that appears, enter host name host and IP address 3.1.1.1 e. Click Add Host. The mapping between the IP address and host name is created.
Figure 38 Adding a mapping between domain name and IP address 2. Configure the DNS client: # Specify the DNS server 2.1.1.2. system-view [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 3.1.1.1. [Sysname] ping host PING host.com (3.1.1.
DNS proxy configuration example Network requirements When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function. As shown in Figure 39: • Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. • Configure the IP address of the DNS proxy on Device B.
3. Configure the DNS client: system-view # Specify the DNS server 2.1.1.2. [DeviceB] dns server 2.1.1.2 Verifying the configuration # Use the ping host.com command on Device B to verify the connection between the device and the host is normal and that the translated destination IP address is 3.1.1.1. [DeviceB] ping host.com PING host.com (3.1.1.1): 56 data bytes 56 bytes from 3.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 3.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms 56 bytes from 3.1.1.
56 bytes from 1::2, icmp_seq=0 hlim=128 time=1.000 ms 56 bytes from 1::2, icmp_seq=1 hlim=128 time=0.000 ms 56 bytes from 1::2, icmp_seq=2 hlim=128 time=1.000 ms 56 bytes from 1::2, icmp_seq=3 hlim=128 time=1.000 ms 56 bytes from 1::2, icmp_seq=4 hlim=128 time=0.000 ms --- host.com ping6 statistics --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.
Figure 42 Creating a zone c. On the DNS server configuration page, right-click zone com, and select Other New Records. Figure 43 Creating a record d. On the page that appears, select IPv6 Host (AAAA) as the resource record type.
Figure 44 Selecting the resource record type e. Type host name host and IPv6 address 1::1. f. Click OK. The mapping between the IPv6 address and host name is created.
Figure 45 Adding a mapping between domain name and IPv6 address 2. Configure the DNS client: # Specify the DNS server 2::2. system-view [Device] ipv6 dns server 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device and the host is normal and that the translated destination IP address is 1::1.
round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms DNS proxy configuration example Network requirements When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function. As shown in Figure 46: • Specify Device A as the DNS server of Device B (the DNS client). Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1.
[DeviceA] dns proxy enable 3. Configure the DNS client: # Specify the DNS server 2000::2. system-view [DeviceB] ipv6 dns server 2000::2 Verifying the configuration # Use the ping host.com command on Device B to verify that the connection between the device and the host is normal and that the translated destination IP address is 3000::1. [DeviceB] ping host.com PING6(104=40+8+56 bytes) 2000::1 --> 3000::1 56 bytes from 3000::1, icmp_seq=0 hlim=128 time=1.
Solution 1. Use the display dns host ipv6 command to verify that the specified domain name is in the cache. 2. If the specified domain name does not exist, check that dynamic domain name resolution is enabled, and that the DNS client can communicate with the DNS server. 3. If the specified domain name is in the cache, but the IPv6 address is incorrect, check that the DNS client has the correct IPv6 address of the DNS server. 4.
Configuring DDNS Overview DNS provides only the static mappings between domain names and IP addresses. When the IP address of a node changes, your access to the node fails. Dynamic Domain Name System (DDNS) can dynamically update the mappings between domain names and IP addresses for DNS servers to direct you to the latest IP address mapping to a domain name. DDNS is supported by only IPv4 DNS, and is used to update the mappings between domain names and IPv4 addresses.
Figure 47 DDNS application DNS server IP network HTTP server DDNS client HTTP client DDNS server With the DDNS client configured, a device can dynamically update the latest mapping between its domain name and IP address on the DNS server through DDNS servers. NOTE: The DDNS update process does not have a unified standard but depends on the DDNS server that the DDNS client contacts. DDNS client configuration task list Tasks at a glance (Required.) Configuring a DDNS policy (Required.
DDNS server URL addresses for DDNS update requests ZONEEDIT http://dynamic.zoneedit.com/auth/dynamic.html?host=&dnsto= TZO http://cgi.tzo.com/webclient/signedon.html?TZOName=IPAddress= EASYDNS http://members.easydns.com/dyn/ez-ipupdate.php?action=edit&myip=&host_id = HEIPV6TB http://dyn.dns.he.net/nic/update?hostname=&myip= CHANGE-IP http://nic.changeip.com/nic/update?hostname=&offline=1 NO-IP http://dynupdate.no-ip.
Configuration prerequisites Visit the website of a DDNS service provider, register an account, and apply for a domain name for the DDNS client. When the DDNS client updates the mapping between the domain name and the IP address through the DDNS server, the DDNS server checks whether the account information is correct and whether the domain name to be updated belongs to the account. Configuration procedure To configure a DDNS policy: Step Command Remarks 1. Enter system view. system-view N/A 2.
Configure static or dynamic domain name resolution to translate the domain name of the DDNS • server into the IPv4 address. For more information, see "Configuring the IPv4 DNS client." To apply the DDNS policy to an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3.
Figure 48 Network diagram Configuration procedure Before configuring DDNS on Switch, register with username steven and password nevets at http://www.3322.org/, add Switch's host name-to-IP address mapping to the DNS server, and make sure the devices can reach each other. # Create a DDNS policy named 3322.org, and enter its view. system-view [Switch] ddns policy 3322.org # Specify for DDNS update requests the URL address with the login ID steven and plaintext password nevets.
DDNS configuration example with PeanutHull server Network requirements As shown in Figure 49, Switch is a Web server with domain name whatever.gicp.cn. Switch acquires the IP address through DHCP. Through the PeanutHull server, Switch informs the DNS server of the latest mapping between its domain name and IP address. The IP address of the DNS server is 1.1.1.1. Switch uses the DNS server to translate www.oray.cn into the corresponding IP address.
[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ddns apply policy oray.cn fqdn whatever.gicp.cn After the preceding configuration is completed, Switch notifies the DNS server of its new domain name-to-IP address mapping through the PeanutHull server, whenever the IP address of Switch changes. Therefore, Switch can always provide Web service at whatever.gicp.cn.
Basic IP forwarding on the device Upon receiving a packet, the device uses the destination IP address of the packet to find a match from the forwarding information base (FIB) table, and then uses the matching entry to forward the packet. FIB table A device selects optimal routes from the routing table, and puts them into the FIB table. Each FIB entry specifies the next-hop IP address and output interface for packets destined for a specific subnet or host.
Displaying FIB table entries Execute display commands in any view. Task Command Display FIB entries.
Optimizing IP performance A customized configuration can help optimize overall IP performance. This chapter describes various techniques you can use to customize your installation. Enabling an interface to receive and forward directed broadcasts destined for the directly connected network A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
Configuration example Network requirements As shown in Figure 50, the default gateway of the host is the IP address 1.1.1.2/24 of VLAN-interface 3 of the switch. Configure receiving and forwarding of directed broadcasts on the switch so that the server can receive directed broadcasts from the host to IP address 2.2.2.255. Figure 50 Network diagram Configuration procedure # Enable VLAN-interface 3 to receive directed broadcasts.
Step Command Remarks By default, no MTU is configured. Configure an MTU for the interface. 3. Set an appropriate MTU to avoid fragmentation. The MTU for the interface applies to only packets that are sent to the CPU for forwarding by software, for example, the packets that are sourced from or destined to the interface. ip mtu mtu-size Configuring TCP MSS for an interface The maximum segment size (MSS) option informs the receiver of the largest segment that the sender can accept.
2. A router that fails to forward the packet because it exceeds the MTU on the outgoing interface discards the packet and returns an ICMP error message, which contains the MTU of the outgoing interface. 3. Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection. 4. The TCP source device sends subsequent TCP segments that each are smaller than the MSS (MSS = path MTU – IP header length – TCP header length).
3. The sender receives the SYN ACK packet and replies with an ACK packet. A TCP connection is established. An attacker can exploit this mechanism to mount SYN Flood attacks. The attacker sends a large number of SYN packets, but does not respond to the SYN ACK packets from the server. As a result, the server establishes a large number of TCP semi-connections and can no longer handle normal services. SYN Cookie can protect the server from SYN Flood attacks.
Enabling sending ICMP error packets Perform this task to enable sending ICMP error packets, including redirect, time-exceeded, and destination unreachable packets. • ICMP redirect packets A host that has only one default route sends all packets to the default gateway. The default gateway sends an ICMP redirect packet to inform the host of a correct next hop by following these rules: { The receiving and sending interfaces are the same.
Step 1. Enter system view. Command Remarks system-view N/A • Enable sending ICMP redirect packets: ip redirects enable 2. Enable sending ICMP error packets. • Enable sending ICMP time-exceeded packets: ip ttl-expires enable The default settings are disabled. • Enable sending ICMP destination unreachable packets: ip unreachables enable Sending ICMP error packets facilitates network management, but sending excessive ICMP packets increases network traffic.
Task Command Display detailed information about RawIP connections (in IRF mode). display rawip verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Display brief information about TCP connections (in standalone mode). display tcp [ slot slot-number ] Display brief information about TCP connections (in IRF mode). display tcp [ chassis chassis-number slot slot-number ] Display detailed information about TCP connections (in standalone mode).
Configuring UDP helper Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain. Upon receiving a UDP broadcast packet (the destination address is 255.255.255.
Step Command Remarks 4. Enter interface view. interface interface-type interface-number N/A 5. Specify a destination server. udp-helper server ip-address By default, no destination server is specified. Displaying and maintaining UDP helper Execute display command in any view and reset command in user view. Task Command Display information about packets forwarded by UDP helper. display udp-helper interface interface-type interface-number Clear UDP helper statistics.
# Enable UDP helper to forward broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1 # Enable the interface to receive directed broadcasts destined for the directly connected network.
Configuring basic IPv6 settings Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits. IPv6 features Simplified header format IPv6 removes several IPv4 header fields or moves them to the IPv6 extension headers to reduce the length of the basic IPv6 packet header.
Address autoconfiguration To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration. • Stateful address autoconfiguration enables a host to acquire an IPv6 address and other configuration information from a server (for example, a DHCPv6 server). For more information about DHCPv6 server, see "Configuring the DHCPv6 server.
• If an IPv6 address contains two or more consecutive groups of zeros, they can be replaced by a double colon (::). For example, the above address can be represented in the shortest format as 2001:0:130F::9C0:876A:130B. IMPORTANT: A double colon can appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents and correctly convert it to zeros to restore a 128-bit IPv6 address.
Unicast addresses Unicast addresses comprise global unicast addresses, link-local unicast addresses, the loopback address, and the unspecified address. • Global unicast addresses—Equivalent to public IPv4 addresses, are provided for Internet service providers. This type of address allows for prefix aggregation to restrict the number of global routing entries. • Link-local addresses—Used for communication among link-local nodes for neighbor discovery and stateless autoconfiguration.
Figure 53 Converting a MAC address into an EUI-64 address-based interface identifier • On a tunnel interface—The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros. For more information about tunnels, see "Configuring tunneling.
Figure 54 Address resolution The address resolution procedure is as follows: 1. Host A multicasts an NS message. The source address of the NS message is the IPv6 address of the sending interface of Host A and the destination address is the solicited-node multicast address of Host B. The NS message body contains the link-layer address of Host A and the target IPv6 address. 2. After receiving the NS message, Host B determines whether the target address of the packet is its IPv6 address.
1. Host A sends an NS message whose source address is the unspecified address and whose destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected. The NS message body contains the detected IPv6 address. 2. If Host B uses this IPv6 address, Host B returns an NA message that contains its IPv6 address. 3. Host A knows that the IPv6 address is being used by Host B after receiving the NA message from Host B.
Figure 56 Path MTU discovery process 1. The source host sends a packet no larger than its MTU to the destination host. 2. If the MTU of a device's output interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error packet containing the interface MTU to the source host. 3. After receiving the ICMPv6 error packet, the source host uses the returned MTU to limit the packet size, performs fragmentation, and sends the packets to the destination host. 4.
• RFC 1881, IPv6 Address Allocation Management • RFC 1887, An Architecture for IPv6 Unicast Address Allocation • RFC 1981, Path MTU Discovery for IP version 6 • RFC 2375, IPv6 Multicast Address Assignments • RFC 2460, Internet Protocol, Version 6 (IPv6) Specification • RFC 2463, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification • RFC 2464, Transmission of IPv6 Packets over Ethernet Networks • RFC 2526, Reserved IPv6 Subnet Anycast Addresses •
Assigning IPv6 addresses to interfaces This section describes how to configure an IPv6 global unicast address, an IPv6 link-local address, and an IPv6 anycast address. Configuring an IPv6 global unicast address Use one of the following methods to configure an IPv6 global unicast address for an interface: EUI-64 IPv6 address—The IPv6 address prefix of the interface is manually configured, and the • interface identifier is generated automatically by the interface.
Step Configure an IPv6 global unicast address for the interface. 3. Command Remarks ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } By default, no IPv6 global unicast address is configured on an interface. Stateless address autoconfiguration To configure an interface to generate an IPv6 address through stateless address autoconfiguration: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view.
{ The valid lifetime of the address prefix. { The valid lifetime configured for temporary IPv6 addresses. To configure the temporary address function: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the temporary address function. ipv6 prefer temporary-address [ valid-lifetime preferred-lifetime ] By default, the system does not generate or use a temporary IPv6 address. To generate a temporary address, an interface must be enabled with stateless address autoconfiguration.
Manually specifying an IPv6 link-local address for an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Manually specify an IPv6 link-local address for the interface. ipv6 address ipv6-address link-local By default, no link-local address is configured on an interface. After an IPv6 global unicast address is configured on the interface, a link-local address is generated automatically.
The device uniquely identifies a static neighbor entry by the IPv6 address and the local Layer 3 interface number of the neighbor. You can configure a static neighbor entry by using one of the following methods: Method 1—Associate a neighbor's IPv6 address and link-layer address with the local Layer 3 • interface. If you use Method 1, the device automatically finds the Layer 2 port connected to the neighbor.
changes to the probe state, and the device sends an NS message three times. If no response is received, the device removes the ND entry. To set the aging timer for ND entries in stale state: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the aging timer for ND entries in stale state. ipv6 neighbor stale-aging aging-time The default setting is four hours. Minimizing link-local ND entries Perform this task to minimize link-local ND entries assigned to the driver.
Configuring parameters for RA messages You can enable an interface to send RA messages, and configure the interval for sending RA messages and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations. Table 9 describes the configurable parameters in an RA message. Table 9 Parameters in an RA message and their descriptions Parameter Description Hop Limit Maximum number of hops in RA messages.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable sending of RA messages. undo ipv6 nd ra halt The default setting is disabled. By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. 4. Configure the maximum and minimum intervals for sending RA messages.
Step Command Remarks ipv6 nd ra router-lifetime value By default, the router lifetime is 1800 seconds. ipv6 nd ns retrans-timer value By default, an interface sends NS messages every 1000 milliseconds, and the value of the Retrans Timer field in RA messages is 0. 10. Set the router preference in RA messages. ipv6 nd router-preference { high | low | medium } By default, the router preference is medium. 11. Set the reachable time.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable replying to multicast echo requests. ipv6 icmpv6 multicast-echo-reply enable By default, this function is not enabled. Enabling sending ICMPv6 destination unreachable messages The device sends ICMPv6 destination unreachable messages as follows: If a packet does not match any route, the device sends a No Route to Destination ICMPv6 error • message to the source.
If the device receives large numbers of malicious packets, its performance degrades greatly because it must send back ICMP Time Exceeded messages. To prevent such attacks, disable sending ICMPv6 Time Exceeded messages. To enable sending ICMPv6 time exceeded messages: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable sending ICMPv6 time exceeded messages. ipv6 hoplimit-expires enable The default setting is disabled.
Task Command Display neighbor information (in standalone mode). display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ verbose ] Display neighbor information (in IRF mode).
Task Command Display ICMPv6 traffic statistics (in IRF mode). display ipv6 icmp statistics [ chassis chassis-number slot slot-number ] Display IPv6 TCP traffic statistics (in standalone mode). display tcp statistics [ slot slot-number ] Display IPv6 TCP traffic statistics (in IRF mode). display tcp statistics [ chassis chassis-number slot slot-number ] Display IPv6 UDP traffic statistics (in standalone mode).
# Specify a global unicast address for VLAN-interface 2. system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 3001::1/64 [SwitchA-Vlan-interface2] quit # Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default).
FF02::1:FF00:1 FF02::1:FF00:2 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 25829 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 47 OutRequests: 89 OutForwD
ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 600 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 272 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 I
ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 117 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 117 OutRequests: 83 OutForwDatagrams: 0 InNoRoutes: 0 InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastP
round-trip min/avg/max/std-dev = 5.404/5.404/5.404/0.000 ms The output shows that Switch B can ping Switch A and the host. The host can also ping Switch B and Switch A. Troubleshooting IPv6 basics configuration Symptom An IPv6 address cannot be pinged. Solution 1. Use the display ipv6 interface command in any view to verify that the IPv6 address of the output interface is correct and the interface is up. 2.
DHCPv6 overview DHCPv6 provides a framework to assign IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. DHCPv6 address/prefix assignment An address/prefix assignment process involves two or four messages. Rapid assignment involving two messages As shown in Figure 58, rapid assignment operates in the following steps: 1. The DHCPv6 client sends a Solicit message that contains a Rapid Commit option to prefer rapid assignment. 2.
4. The DHCPv6 server sends a Reply message to the client, confirming that the address/prefix and other configuration parameters are assigned to the client. Figure 59 Assignment involving four messages Address/prefix lease renewal An IPv6 address/prefix assigned by a DHCPv6 server has a valid lifetime. After the valid lifetime expires, the DHCPv6 client cannot use the IPv6 address/prefix. To use the IPv6 address/prefix, the DHCPv6 client must renew the lease time.
lifetime elapses). The DHCPv6 server responds with a Reply message, informing the client about whether or not the lease is renewed. If the DHCPv6 client receives no response from any DHCPv6 server before the valid lifetime expires, the client stops using the address/prefix. For more information about the valid lifetime and the preferred lifetime, see "Configuring basic IPv6 settings.
• RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) • RFC 2462, IPv6 Stateless Address Autoconfiguration • RFC 3633, IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 154
Configuring the DHCPv6 server Overview A DHCPv6 server can assign IPv6 addresses or IPv6 prefixes to DHCPv6 clients. IPv6 address assignment As shown in Figure 63, the DHCPv6 server assigns IPv6 addresses, domain name suffixes, DNS server addresses, and other configuration parameters to DHCPv6 clients. The IPv6 addresses assigned to the clients include the following types: • Temporary IPv6 addresses—Internally used and frequently changed without lease renewal.
Figure 64 IPv6 prefix assignment Concepts Multicast addresses used by DHCPv6 DHCPv6 uses the multicast address FF05::1:3 to identify all site-local DHCPv6 servers, and uses the multicast address FF02::1:2 to identify all link-local DHCPv6 servers and relay agents. DUID A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent). A DHCPv6 device adds its DUID in a sent packet.
PD The DHCPv6 server creates a prefix delegation (PD) for each assigned prefix to record the IPv6 prefix, client DUID, IAID, valid lifetime, preferred lifetime, lease expiration time, and IPv6 address of the requesting client. DHCPv6 address pool The DHCP server selects IPv6 addresses, IPv6 prefixes, and other parameters from an address pool, and assigns them to the DHCP clients.
client against the subnets of all address pools, and selects the address pool with the longest-matching subnet. To avoid wrong address allocation, keep the subnet used for dynamic assignment consistent with the subnet where the interface of the DHCPv6 server or DHCPv6 relay agent resides. IPv6 address/prefix allocation sequence The DHCPv6 server selects an IPv6 address/prefix for a client in the following sequence: 1.
• Only one prefix pool can be applied to an address pool. You cannot modify prefix pools that have been applied. To change the prefix pool for an address pool, you must remove the prefix pool application first. • You can apply a prefix pool that has not been created to an address pool. The setting takes effect after the prefix pool is created. Configuration procedure To configure IPv6 prefix assignment: Step 1. 2. Enter system view. (Optional.
If you only bind a DUID to an IPv6 address, the DUID in a request must match the DUID in the binding before the DHCPv6 server can assign the IPv6 address to the requesting client. Specify a subnet and address ranges in an address pool: • { { Non-temporary address assignment—The server selects addresses from the non-temporary address range specified by the address range command. If no non-temporary address range is specified, the server selects addresses on the subnet specified by the network command.
Step Command Remarks By default, no IPv6 address subnet is specified. 4. Specify an IPv6 subnet for dynamic assignment. network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] 5. (Optional.) Specify a non-temporary IPv6 address range.
Configuring the DHCPv6 server on an interface Enable the DHCP server and configure one of the following address/prefix assignment methods on an interface: • Apply an address pool on the interface—The DHCPv6 server selects an IPv6 address/prefix from the applied address pool for a requesting client. If there is no assignable IPv6 address/prefix in the address pool, the DHCPv6 server cannot to assign an IPv6 address/prefix to a client.
Task Command Display the DUID of the local device. display ipv6 dhcp duid Display DHCPv6 address pool information. display ipv6 dhcp pool [ pool-name ] Display prefix pool information. display ipv6 dhcp prefix-pool [ prefix-pool-number ] Display DHCPv6 server information on an interface. display ipv6 dhcp server [ interface interface-type interface-number ] Display information about IPv6 address conflicts.
Figure 66 Network diagram Configuration procedure # Configure the IPv6 address of VLAN-interface 2. system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1::1/64 [Switch-Vlan-interface2] quit # Create prefix pool 1, and specify the prefix 2001:0410::/32 with the assigned prefix length being 48. [Switch] ipv6 dhcp prefix-pool 1 prefix 2001:0410::/32 assign-len 48 # Create address pool 1.
Verifying the configuration # Display DHCPv6 server configuration on VLAN-interface 2. [Switch-Vlan-interface2] display ipv6 dhcp server interface vlan-interface 2 Using pool: global Preference value: 255 Allow-hint: Enabled Rapid-commit: Enabled # Display information about address pool 1.
2001:410::/48 Auto(C) Jul 10 20:44:05 2009 Dynamic IPv6 address assignment configuration example Network requirements As shown in Figure 67, Switch A serves as a DHCPv6 server to assign IPv6 addresses to the clients in subnets 1::1:0:0:0/96 and 1::2:0:0:0/96. On Switch A, configure the IPv6 address for VLAN-interface 10 and 1::2:0:0:1/96 for VLAN-interface 20.
[SwitchA-dhcp6-pool-1] quit # Configure the DHCPv6 address pool 2 to assign IPv6 addresses and other configuration parameters to clients in subnet 1::2:0:0:0/96. [SwitchA] ipv6 dhcp pool 2 [SwitchA-dhcp6-pool-2] network 1::2:0:0:0/96 preferred-lifetime 432000 valid-lifetime 864000 [SwitchA-dhcp6-pool-2] domain-name aabbcc.
Configuring the DHCPv6 relay agent A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. As shown in Figure 68, if the DHCPv6 server resides on another subnet, the DHCPv6 clients need a DHCPv6 relay agent to contact the server. The relay agent feature avoids deploying a DHCP server on each subnet.
Figure 69 Operating process of a DHCPv6 relay agent DHCPv6 client DHCPv6 relay agent DHCPv6 server (1) Solicit (contains a Rapid Commit option) (2) Relay-forward (3) Relay-reply (4) Reply Configuration guidelines You can use the ipv6 dhcp relay server-address command to specify a maximum of eight DHCPv6 • servers on the DHCP relay agent interface. The DHCPv6 relay agent forwards DHCP requests to all the specified DHCPv6 servers.
Task Command Display the DUID of the local device. display ipv6 dhcp duid Display DHCPv6 server addresses specified on the DHCPv6 relay agent. display ipv6 dhcp relay server-address [ interface interface-type interface-number ] Display packet statistics on the DHCPv6 relay agent. display ipv6 dhcp relay statistics [ interface interface-type interface-number ] Clear packets statistics on the DHCPv6 relay agent.
# Enable the DHCPv6 relay agent on VLAN-interface 3 and specify the DHCPv6 server on the relay agent. [SwitchA-Vlan-interface3] ipv6 dhcp select relay [SwitchA-Vlan-interface3] ipv6 dhcp relay server-address 2::2 2. Enable Switch A to send RA messages, and turn on the M and O flags.
Configuring tunneling Overview Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end. Tunneling refers to the whole process from data encapsulation to data transfer to data de-encapsulation.
1. A host in the IPv6 network sends an IPv6 packet to Device A at the tunnel source. 2. After determining according to the routing table that the packet needs to be forwarded through the tunnel, Device A encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel. In the IPv4 header, the source IPv4 address is the IPv4 address of the tunnel source, and the destination IPv4 address is the IPv4 address of the tunnel destination. 3.
• IPv6 over IPv4 manual tunneling—A point-to-point link and its source and destination IPv4 addresses are manually configured. You can establish an IPv6 over IPv4 manual tunnel to connect isolated IPv6 networks over an IPv4 network, or connect an IPv6 network to an IPv4/IPv6 dual-stack host over an IPv4 network. • 6to4 tunneling—A point-to-multipoint automatic tunnel. It is used to connect multiple isolated IPv6 networks over an IPv4 network.
IPv4 over IPv4 tunneling IPv4 over IPv4 tunneling (RFC 1853) enables isolated IPv4 networks to communicate. For example, an IPv4 over IPv4 tunnel can connect isolated private IPv4 networks over a public IPv4 network. Figure 74 Principle of IPv4 over IPv4 tunneling Packets traveling through a tunnel undergo encapsulation and de-encapsulation, as shown in Figure 74. • Encapsulation: a. Device A receives an IP packet from an IPv4 host and submits it to the IP protocol stack. b.
Figure 75 Principle of IPv4 over IPv6 tunneling The encapsulation and de-encapsulation processes illustrated in Figure 75 are described as follows: • Encapsulation: a. Upon receiving an IPv4 packet, Device A delivers it to the IPv4 protocol stack. b. The IPv4 protocol stack uses the destination address of the packet to determine the egress interface. If the egress interface is the tunnel interface, the IPv4 protocol stack delivers the packet to the tunnel interface. c.
Figure 76 Principle of IPv6 over IPv6 tunneling Figure 76 shows the encapsulation and de-encapsulation processes. • Encapsulation: a. After receiving an IPv6 packet, Device A submits it to the IPv6 protocol stack. b. The IPv6 protocol stack uses the destination IPv6 address of the packet to find the egress interface. If the egress interface is the tunnel interface, the stack delivers it to the tunnel interface. c.
Tasks at a glance (Required.
Step Command Remarks By default, the MTU is 64000 bytes. Set the MTU of the tunnel interface. 4. mtu mtu-size Set an appropriate MTU to avoid fragmentation. The MTU for the tunnel interface applies to only unicast packets. An MTU set on any tunnel interface is effective on all existing tunnel interfaces. The default setting is 64 kbps. This command sets a bandwidth for dynamical routing protocols to calculate the cost of the tunnel and does not affect the actual interface bandwidth.
Step Command Remarks 2. Enter IPv6 over IPv4 manual tunnel interface view. interface tunnel number [ mode ipv6-ipv4 ] N/A 3. Specify an IPv6 address for the tunnel interface. For configuration details, see "Configuring basic IPv6 settings." No IPv6 address is configured for the tunnel interface by default. 4. Configure a source address or source interface for the tunnel interface. By default, no source address or source interface is configured for the tunnel interface.
Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4. • Configure Switch A: # Specify an IPv4 address for VLAN-interface 100. system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101.
[SwitchB] interface Ten-GigabitEthernet 1/0/3 [SwitchB-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchB-Ten-GigabitEthernet1/0/3] quit # Configure an IPv6 over IPv4 manual tunnel interface tunnel 0. [SwitchB] interface tunnel 0 mode ipv6-ipv4 # Specify VLAN-interface 100 as the source interface for the tunnel interface. [SwitchB-Tunnel0] source vlan-interface 100 # Specify the IP address of VLAN-interface 100 on Switch A as the destination address for the tunnel interface.
To configure a 6to4 tunnel: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter 6to4 tunnel interface view. interface tunnel number [ mode ipv6-ipv4 6to4 ] N/A 3. Specify an IPv6 address for the tunnel interface. For configuration details, see "Configuring basic IPv6 settings." No IPv6 address is configured for the tunnel interface by default. By default, no source address or source interface is configured for the tunnel interface.
Configuration considerations To enable communication between 6to4 networks, configure 6to4 addresses for 6to4 switches and hosts in the 6to4 networks. • The IPv4 address of VLAN-interface 100 on Switch A is 2.1.1.1/24, and the prefix is 2002:0201:0101::/48 after it is translated to a 6to4 address. Host A must use this prefix. • The IPv4 address of VLAN-interface 100 on Switch B is 5.1.1.1/24, and the prefix is 2002:0501:0101::/48 after it is translated to a 6to4 address. Host B must use this prefix.
# Specify a 6to4 address for VLAN-interface 101. [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2002:0501:0101:1::1/64 [SwitchB-Vlan-interface101] quit # Create service loopback group 1 and specify its service type as tunnel. [SwitchB] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1.
interface of the route or specify the IPv6 address of the peer tunnel interface as the next hop of the route. For the detailed configuration, see Layer 3—IP Routing Configuration Guide. The automatic tunnel interfaces using the same encapsulation protocol cannot use the same source • IP address. To configure an ISATAP tunnel: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter ISATAP tunnel interface view. interface tunnel number [ mode ipv6-ipv4 isatap ] N/A 3.
Configuration procedure Make sure the corresponding VLAN interfaces have been created on the switch. Make sure VLAN-interface 101 on the ISATAP switch and the ISATAP host can reach each other through IPv4. • Configure the switch: # Specify an IPv6 address for VLAN-interface 100. system-view [Switch] interface vlan-interface 100 [Switch-Vlan-interface100] ipv6 address 3001::1/64 [Switch-Vlan-interface100] quit # Specify an IPv4 address for VLAN-interface 101.
Interface 2: Automatic Tunneling Pseudo-Interface Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} does not use Neighbor Discovery does not use Router Discovery routing preference 1 EUI-64 embedded IPv4 address: 0.0.0.0 router link-layer address: 0.0.0.0 preferred link-local fe80::5efe:2.1.1.
Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Reply from 2001::5efe:1.1.1.1: time=1ms Ping statistics for 2001::5efe:1.1.1.
Step Command Remarks By default, no destination address is configured for the tunnel interface. 5. 6. Configure a destination address for the tunnel interface. destination ip-address (Optional.) Set the DF bit for tunneled packets. tunnel dfbit enable The tunnel destination address must be the IP address of the receiving interface on the tunnel peer. It is used as the destination IP address of tunneled packets. The DF bit is not set for tunneled packets by default.
[SwitchA] interface Ten-GigabitEthernet 1/0/3 [SwitchA-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-Ten-GigabitEthernet1/0/3] quit # Create an IPv4 over IPv4 tunnel interface tunnel 1. [SwitchA] interface tunnel 1 mode ipv4-ipv4 # Specify an IPv4 address for the tunnel interface. [SwitchA-Tunnel1] ip address 10.1.2.1 255.255.255.0 # Specify the IP address of VLAN-interface 101 as the source address for the tunnel interface. [SwitchA-Tunnel1] source 2.1.1.
[SwitchB] ip route-static 10.1.1.0 255.255.255.0 tunnel 2 Verifying the configuration # Use the display interface tunnel command to display the status of the tunnel interfaces on Switch A and Switch B. The output shows that the tunnel interfaces are up. (Details not shown.) # Ping the IPv4 address of the peer interface VLAN-interface 100 from each switch. The following shows the output on Switch A. [SwitchA] ping -a 10.1.1.1 10.1.3.1 PING 10.1.3.1 (10.1.3.1) from 10.1.1.1: 56 data bytes 56 bytes from 10.1.
Step 4. Command Configure the source address or interface for the tunnel interface. Remarks By default, no source address or interface is configured for the tunnel. source { ipv6-address | interface-type interface-number } The specified source address or the primary IPv6 address of the specified source interface is used as the source IPv6 address of tunneled packets. By default, no destination address is configured for the tunnel. 5. Configure the destination address for the tunnel interface.
# Create service loopback group 1 and specify its service type as tunnel. [SwitchA] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1. [SwitchA] interface Ten-GigabitEthernet 1/0/3 [SwitchA-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-Ten-GigabitEthernet1/0/3] quit # Create an IPv6 tunnel interface tunnel 1. [SwitchA] interface tunnel 1 mode ipv6 # Configure an IPv4 address for the tunnel interface. [SwitchA-Tunnel1] ip address 30.1.2.
[SwitchB-Tunnel2] destination 2001::1:1 [SwitchB-Tunnel2] quit # Configure a static route destined for IPv4 network 1 through the tunnel interface. [SwitchB] ip route-static 30.1.1.0 255.255.255.0 tunnel 2 Verifying the configuration # Use the display interface tunnel command to display the status of the tunnel interfaces on Switch A and Switch B. The output shows that the tunnel interfaces are up. (Details not shown.) # Ping the IPv4 address of the peer interface from each switch.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IPv6 tunnel interface view. interface tunnel number [ mode ipv6 ] N/A 3. Configure an IPv6 address for the tunnel interface. For configuration details, see "Configuring basic IPv6 settings." No IPv6 address is configured for the tunnel interface by default. 4. Configure the source address or source interface for the tunnel interface. By default, no source address or interface is configured for the tunnel.
Configuration procedure Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv6. • Configure Switch A: # Specify an IPv6 address for VLAN-interface 100. system-view [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ipv6 address 2002:1::1 64 [SwitchA-Vlan-interface100] quit # Specify an IPv6 address for VLAN-interface 101, which is the physical interface of the tunnel.
[SwitchB] service-loopback group 1 type tunnel # Assign Ten-GigabitEthernet 1/0/3 to service loopback group 1. [SwitchB] interface Ten-GigabitEthernet 1/0/3 [SwitchB-Ten-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchB-Ten-GigabitEthernet1/0/3] quit # Create an IPv6 tunnel interface tunnel 2. [SwitchB] interface tunnel 2 mode ipv6 # Configure an IPv6 address for the tunnel interface.
Troubleshooting tunneling configuration Symptom A tunnel interface configured with related parameters such as tunnel source address, tunnel destination address, and tunnel mode cannot go up. Analysis The physical interface of the tunnel does not go up, or the tunnel destination is unreachable. Solution 1. Use the display interface or display ipv6 interface commands to check whether the physical interface of the tunnel is up. If the physical interface is down, check the network connection. 2.
Configuring GRE Overview Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate multiple network layer protocols into virtual point-to-point tunnels over an IP network. Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end. GRE encapsulation format Figure 83 GRE encapsulation format As shown in Figure 83, a GRE-tunneled packet comprises the following parts: • Payload packet—Original packet.
• GRE over IPv4—The transport protocol is IPv4, and the passenger protocol is any network layer protocol. • GRE over IPv6—The transport protocol is IPv6, and the passenger protocol is any network layer protocol. GRE encapsulation and de-encapsulation Figure 85 X protocol networks interconnected through a GRE tunnel The following takes the network shown in Figure 85 as an example to describe how an X protocol packet traverses an IP network through a GRE tunnel: Encapsulation process 1.
• RFC 1702, Generic Routing Encapsulation over IPv4 networks • RFC 2784, Generic Routing Encapsulation (GRE) Configuring a GRE over IPv4 tunnel Follow these guidelines when you configure a GRE over IPv4 tunnel: You must configure the tunnel source address and destination address at both ends of a tunnel, and • the tunnel source or destination address at one end must be the tunnel destination or source address at the other end.
Step 3. Command Configure an IPv4 or IPv6 address for the tunnel interface. Remarks For information about how to assign an IPv4 address to an interface, see "Configuring IP addressing." For information about how to assign an IPv6 address to an interface, see "Configuring basic IPv6 settings." By default, no IPv4 or IPv6 address is configured for a tunnel interface. When the passenger protocol is IPv4, configure an IPv4 address for the tunnel interface.
For information about tunnel interfaces and more configuration commands on a tunnel interface, see "Configuring tunneling.." For more information about the interface tunnel, source, destination, tunnel dfbit enable, and tunnel discard ipv4-compatible-packet commands, see Layer 3—IP Services Command Reference.
Step Command Remarks By default, the device has no tunnel interface. 2. 3. Create a GRE over IPv6 tunnel interface and enter its view. Configure an IPv4 or IPv6 address for the tunnel interface. interface tunnel interface-number mode gre ipv6 You must configure the same tunnel mode on both ends of a tunnel. Otherwise, packet delivery may fail. For information about how to assign an IPv4 address to an interface, see ".
Step 8. (Optional.) Configure the device to discard IPv6 packets with IPv4-compatible IPv6 addresses Command Remarks tunnel discard ipv4-compatible-packet By default, the device does not discard such IPv6 packets. For information about tunnel interfaces and more configuration commands on a tunnel interface, see "Configuring tunneling.." For more information about the interface tunnel, source, destination, and tunnel discard ipv4-compatible-packet commands, see Layer 3—IP Services Command Reference.
Configuration procedure Before the configuration, make sure Switch A and Switch B can reach each other. 1. Configure Switch A: # Configure interface VLAN-interface 100. system-view [SwitchA] vlan 100 [SwitchA-vlan100] port Ten-GigabitEthernet 1/0/1 [SwitchA-vlan100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] quit # Configure interface VLAN-interface 101.
[SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 10.1.3.1 255.255.255.0 [SwitchB-Vlan-interface100] quit # Configure interface VLAN-interface 101. [SwitchB] vlan 101 [SwitchB-vlan101] port Ten-GigabitEthernet 1/0/2 [SwitchB-vlan101] quit [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 2.2.2.2 255.255.255.0 [SwitchB-Vlan-interface101] quit # Create service loopback group 1, and configure the service type as tunnel.
Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops [SwitchB] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1476 Internet Address is 10.1.2.2/24 Primary Tunnel source 2.2.2.2, destination 1.1.1.
Figure 87 Network diagram Switch A XGE1/0/2 Vlan-int101 2002::1:1/64 XGE1/0/3 XGE1/0/1 Vlan-int100 10.1.1.1/24 XGE1/0/2 Switch B Vlan-int101 2001::2:1/64 IPv6 network GRE tunnel Tunnel0 10.1.2.2/24 Tunnel0 10.1.2.1/24 IPv4 Group 1 Service loopback port XGE1/0/3 XGE1/0/1 Vlan-int100 10.1.3.1/24 IPv4 Group 2 Configuration procedure Before the configuration, make sure Switch A and Switch B can reach each other. 1. Configure Switch A: # Configure interface VLAN-interface 100.
# Configure the destination address of the tunnel interface as the IPv6 address of VLAN-interface 101 on Switch B. [SwitchA-Tunnel0] destination 2001::2:1 [SwitchA-Tunnel0] quit # Configure a static route from Switch A through the tunnel interface to Group 2. [SwitchA] ip route-static 10.1.3.0 255.255.255.0 tunnel 0 2. Configure Switch B: # Configure interface VLAN-interface 100.
[SwitchA] display interface tunnel 0 Tunnel0 current state: UP Line protocol current state: UP Description: Tunnel0 Interface The Maximum Transmit Unit is 1456 Internet Address is 10.1.2.
The output shows that Switch B can successfully ping Switch A. Troubleshooting GRE The key to configuring GRE is to keep the configurations consistent. Most faults can be located by using the debugging gre or debugging tunnel command. This section analyzes one type of fault for illustration, with the scenario shown in Figure 88. Figure 88 Network diagram Symptom The interfaces at both ends of the tunnel are configured correctly and can ping each other, but Host A and Host B cannot ping each other.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
• HP manuals http://www.hp.com/support/manuals • HP download drivers and software http://www.hp.com/support/downloads • HP software depot http://www.software.hp.com • HP Education http://www.hp.com/learn Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values.
Convention Description An alert that provides helpful information. TIP Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch.
Index 6to4 DHCPv6 server dynamic IPv6 address assignment, tunnel configuration, 182, 183 166 6to4 tunnel DHCPv6 server IPv6 address assignment, 159 IPv6/IPv4 tunneling, 173 IP address classes, 20 address IP addressing configuration, 20, 24 BOOTP client address acquisition (on interface), IP addressing interface IP address, 22 79 IPv6 addresses, 125 DHCP address assignment, 33 special IP addresses, 21 DHCP address pool, 33 stateless DHCPv6, 153 DHCP address pool application on interface, 44
gratuitous ARP configuration, 14, 15 DHCP address pool static binding, 38 gratuitous ARP packet learning, 14 booting gratuitous ARP periodic packet send, 14 DHCP client boot file name, 41 local proxy ARP enable, 16 BOOTP maintaining, 6 client address acquisition (on interface), 79 maintaining snooping, 19 client configuration, 78, 79 max number dynamic entry configuration, 4 client dynamic IP address acquisition, 78 message format, 1 DHCP application, 78 multicast ARP, 6 DHCP server BOOTP r
common DHCP snooping Option 82, 76 DHCP options, 29 DHCP snooping Option 82 configuration, 71 configuring DHCP snooping packet rate limit, 74 6to4 tunnel, 182, 183 DHCP voice client Option 184 parameters, 42 ARP, 1 DHCPv6 relay agent, 168, 170 ARP (multiport entry), 8 DHCPv6 server, 155, 158, 163 ARP (static), 7 DHCPv6 server dynamic IPv6 address assignment, ARP dynamic entry aging timer, 5 166 ARP multiport entry, 4 DHCPv6 server dynamic IPv6 prefix assignment, ARP snooping, 19 163 ARP
IPv6 DNS client dynamic domain name resolution, configuration (DNS server), 107 86, 96 displaying, 107 IPv6 DNS client static domain name resolution, 85, server, 103 95 de-encapsulation IPv6 DNS proxy, 100 IPv4/IPv6 tunneling, 175 IPv6 EUI-64 address, 133 destination unreachable message (ICMPv6), 142 IPv6 global unicast address, 133 detecting IPv6 global unicast address manually, 133 DHCP client duplicated address detection, 64 IPv6 DHCP IP address conflict detection, 45 interface link-lo
DNS spoofing configuration, 87 client duplicated address detection, 64 DNS trusted interface, 89 client enable on interface, 63 GRE configuration, 206 client gateway specification, 39 GRE/IPv4 configuration, 206 client ID configuration for interface, 63 GRE/IPv6 configuration, 209 client NetBIOS node type, 40 ICMP error packet send, 117 client server specification, 42 ICMP fragment forwarding disable, 119 client TFTP server, 41 interface MTU configuration, 114 client WINS server configuration
options (common), 29 snooping untrusted port, 68 options (custom), 30 troubleshooting relay agent configuration, 61 overview, 26 troubleshooting server configuration, 52 protocols and standards, 32, 78 troubleshooting server IP address conflicts, 52 relay agent configuration, 54, 55, 60 voice client Option 184 parameters, 42 relay agent enable on interface, 56 DHCP-REQUEST message attack protection, 73 relay agent IP address release, 58 DHCPv6 relay agent operation, 54 address allocation, 157
ARP snooping, 19 spoofing, 82 BOOTP client, 79 spoofing configuration, 87 DDNS, 107 static domain name resolution, 80 DHCP client, 64 suffixes, 81 DHCP relay agent, 59 troubleshooting IPv4 DNS configuration, 101 DHCP server, 47 troubleshooting IPv4 DNS incorrect IP address, DHCP snooping, 74 101 DHCPv6 relay agent, 169 troubleshooting IPv6 DNS configuration, 101 DHCPv6 server, 162 troubleshooting IPv6 DNS incorrect IP address, FIB table entries, 112 101 GRE, 206 trusted interface, 89 I
common proxy ARP, 16 DHCP server configuration, 33, 35, 47 DHCP, 44 DHCP server dynamic IP address assignment, 49 DHCP client duplicated address detection, 64 DHCP server self-defined option configuration, 52 DHCP client on interface, 63 DHCP server static IP address assignment, 48 DHCP Option 82 handling, 45 DHCP server user class configuration, 50 DHCP relay agent on interface, 56 DHCP snooping basic configuration, 75 DHCP relay agent relay entry periodic refresh, 57 DHCP snooping configurati
GRE.
DHCP server address pool IP address range IPv6 ICMPv6 destination unreachable message, (primary subnet/multiple secondary subnets), 142 37 IPv6 ICMPv6 packet send, 141 DHCP server dynamic IP address assignment, 49 IPv6 ICMPv6 redirect message, 143 DHCP server self-defined option configuration, 52 IPv6 ICMPv6 time exceeded message, 142 DHCP server static IP address assignment, 48 IPv6 interface address assignment, 133 DHCP server user class configuration, 50 IPv6 link-local address configuration
directed broadcast receive/forward configuration, DHCP server static IP address assignment, 48 114 DHCP server user class configuration, 50 directed broadcast receive/forward enable, 113 DHCP snooping basic configuration, 75 displaying, 119 DHCP snooping configuration, 75 ICMP error packet send, 117 DHCP snooping entry save, 72 ICMP fragment forwarding disable, 119 DHCP snooping Option 82 configuration, 71 interface MTU configuration, 114 DHCP snooping Option 82 support, 69 interface TCP MSS c
IP addressing subnetting, 21 interface link-local address automatic generation IPv4/IPv4 tunnel configuration, 189, 190 configuration, 135 IPv4/IPv4 tunneling, 175 IPv4/IPv6 de-encapsulation, 175 IPv4/IPv6 encapsulation, 175 IPv4/IPv6 tunnel configuration, 192, 193 IPv4/IPv6 tunnel configuration, 192, 193 IPv4/IPv6 tunneling, 175 IPv4/IPv6 tunneling, 175 IPv6/IPv4 manual tunnel configuration, 179, 180 IPv6/IPv4 manual tunnel configuration, 179, 180 IPv6/IPv4 tunneling, 172 IPv6/IPv4 tunneling,
IRF IPv6 EUI-64 address-based interface identifiers, DHCP overview, 26 127 ISATAP proxy ARP configuration, 16 IPv6 tunneling, 173 maintaining ISATAP tunnel ARP, 6 configuration, 185, 186 ARP snooping, 19 LAN BOOTP client, 79 IP performance optimization, 113 DHCP relay agent, 59 Layer 3 DHCP server, 47 BOOTP client configuration, 78, 79 DHCP snooping, 74 DHCP client configuration, 63, 65 DHCPv6 relay agent, 169 DHCP overview, 26 DHCPv6 server, 162 DHCP relay agent configuration, 54, 5
TCP path MTU discovery, 115 IPv6 ND stale state entry aging timer configuration, multicast 137 DHCPv6 address, 156 IPv6 ND static neighbor entry configuration, 136 IPv6 address type, 126 IPv6 neighbor reachability detection, 129 IPv6 multicast echo request reply, 141 IPv6 redirection, 130 IPv6 reserved addresses, 127 IPv6 router/prefix discovery, 130 multiport ARP entry, 4 IPv6 stateless address autoconfiguration, 130 name NetBIOS DDNS client configuration, 104 DHCP client node type, 40 DD
DHCP snooping untrusted port, 68 IPv6 anycast address configuration, 136 DHCPv6 address allocation, 157 IPv6 DNS client configuration, 85 DHCPv6 address pool, 157 IPv6 DNS proxy configuration, 100 DHCPv6 address pool selection, 157 IPv6 dual stack technology, 131 DHCPv6 address/prefix assignment, 151 IPv6 global unicast address, 133 DHCPv6 IPv6 address assignment, 155 IPv6 ICMPv6 destination unreachable message, DHCPv6 IPv6 address/prefix allocation sequence, 142 158 IPv6 ICMPv6 packet send,
TCP timer, 117 IPv6 basic settings configuration, 124, 132, 145 tunneling Layer 3 virtual tunnel interface, 178 IPv6 DNS configuration, 95 network management proxy ARP configuration, 16 ARP configuration, 1 tunneling configuration, 172, 177 ARP configuration (multiport entry), 8 UDP helper configuration, 121, 122 ARP snooping configuration, 19 NLB ARP static configuration, 7 multicast ARP, 6 BOOTP client configuration, 78, 79 node common proxy ARP configuration, 17 DHCP client NetBIOS node
Option 67 (DHCP), 29 IPv6 ND duplicate address detection, 129 Option 82 (DHCP) IPv6 ND hop limit, 138 handling enable, 45 IPv6 ND link-local entry minimization, 138 relay agent, 30, 31 IPv6 ND max number dynamic neighbor entries, relay agent configuration, 59 137 relay agent configuration (on router), 61 IPv6 ND neighbor reachability detection, 129 relay agent support, 55 IPv6 ND protocol address resolution, 128 snooping configuration, 71, 76 IPv6 ND redirection, 130 snooping support, 69 IP
DHCPv6 IPv6 address assignment, 155 configuring DHCP server address pool, 35 DHCPv6 IPv6 address/prefix allocation sequence, configuring DHCP server BOOTP response format, 158 46 DHCPv6 IPv6 prefix assignment, 155 configuring DHCP server compatibility, 46 DHCPv6 server dynamic IPv6 prefix assignment, configuring DHCP server dynamic IP address 163 assignment, 49 DHCPv6 server IPv6 prefix assignment, 158 configuring DHCP server response broadcast, 46 DHCPv6 static prefix allocation, 157 configu
configuring IP addressing IP unnumbered, 23 configuring IPv6 ND stale state entry aging timer, configuring IP performance optimization directed 137 broadcast receive/forward, 114 configuring IPv6 ND static neighbor entry, 136 configuring IP performance optimization interface configuring IPv6 RA message parameters, 139, MTU, 114 140 configuring IP performance optimization interface configuring TCP MSS, 115 IPv6 stateless address with autoconfiguration, 134 configuring IP performance optimiz
enabling DHCP client duplicated address saving DHCP snooping entries, 72 detection, 64 setting IPv6 ND hop limit, 138 enabling DHCP client on interface, 63 specifying DHCP client BIMS server information, enabling DHCP Option 82 handling, 45 41 enabling DHCP relay agent on interface, 56 specifying DHCP client boot file name, 41 enabling DHCP relay agent relay entry periodic specifying DHCP client DNS server, 40 refresh, 57 specifying DHCP client domain name suffix, 40 enabling DHCP relay ag
DNS spoofing, 82 resolving DNS spoofing configuration, 87 DDNS client configuration, 104 IPv4 DNS proxy configuration, 94 DDNS configuration, 103 IPv6 DNS proxy configuration, 100 DDNS configuration (DDNS server), 109 proxy ARP DDNS configuration (DNS server), 107 common proxy ARP configuration, 17 DNS configuration, 80, 83 common proxy ARP enable, 16 DNS dynamic domain name resolution, 80 configuration, 16 DNS static domain name resolution, 80 displaying, 16 IPv4 DNS client dynamic domain
GRE/IPv6 tunnel configuration, 204 self-defined option (DHCP), 43, 52 ICMP error packet send, 117 sending ICMP fragment forwarding disable, 119 DHCP server BOOTP response format, 46 interface MTU configuration, 114 server interface TCP MSS configuration, 115 DHCP address pool configuration, 35 IP address classes, 20 DHCP address pool creation, 36 IP addressing configuration, 20, 24 DHCP address pool IP address range, 36 IP addressing interface IP address, 22 DHCP address pool IP address range
IPv6 ND stale state entry aging timer, 137 static ARP table entry, 3 snooping subnetting DHCP snooping Option 82 configuration, 76 DHCP address pool IP address range (primary DHCP snooping Option 82 support, 69 subnet/multiple ranges), 36 special IP addresses, 21 DHCP address pool IP address range (primary specifying subnet/multiple secondary subnets), 37 DHCP client BIMS server information, 41 DHCPv6 relay agent configuration, 168, 170 DHCP client boot file name, 41 IP addressing, 21 DHCP c
IPv6 ND stale state entry aging timer configuration, IPv6 tunneling technology, 131 137 IPv6/IPv4 manual tunnel configuration, 179, 180 TCP FIN wait timer, 117 IPv6/IPv4 tunneling, 172 TCP SYN wait timer, 117 IPv6/IPv6 tunnel configuration, 195, 196 traffic engineering IPv6/IPv6 tunneling, 176 tunneling configuration, 172, 177 ISATAP tunnel configuration, 185, 186 tunneling Layer 3 virtual tunnel interface, 178 ISATAP tunneling, 173 transition technologies, 131 Layer 3 virtual tunnel interfac
Windows DHCP client WINS server, 40 BOOTP client configuration, 78, 79 Internet Naming Service.
