quidway s5300 configuration guide - ip service (v100r003c00_04)

Quidway S5300 Series Ethernet Switches

V100R003C00

Configuration Guide - IP Service

Issue 04

Date 2010-01-25

Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For anyassistance, please contact our local office or company headquarters.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Copyright © Huawei Technologies Co., Ltd. 2010. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

http://www.huawei.com

mailto:[email protected]

Contents

About This Document.....................................................................................................................1

1 IP Addresses Configuration.....................................................................................................1-11.1 Overview.........................................................................................................................................................1-2

1.1.1 Introduction to IP Addresses..................................................................................................................1-21.1.2 Features of IP Addresses Supported by the S-switch.............................................................................1-2

1.2 Configuring IP Addresses for VLAN interfaces.............................................................................................1-21.2.1 Establishing the Configuration Task......................................................................................................1-21.2.2 Configuring a Primary IP Address for an VLAN Interface...................................................................1-31.2.3 (Optional) Configuring a Secondary IP Address for an VLANIF Interface..........................................1-41.2.4 Checking the Configuration...................................................................................................................1-4

1.3 Maintaining.....................................................................................................................................................1-51.3.1 Monitoring Network Operation Status...................................................................................................1-5

1.4 Configuration Examples..................................................................................................................................1-51.4.1 Example for Configuring Primary and Secondary IP Addresses...........................................................1-5

2 ARP Configuration....................................................................................................................2-12.1 Overview.........................................................................................................................................................2-2

2.1.1 Introduction to ARP...............................................................................................................................2-22.1.2 Features of ARP Supported by the S-switch..........................................................................................2-2

2.2 Configuring ARP.............................................................................................................................................2-22.2.1 Establishing the Configuration Task......................................................................................................2-22.2.2 Configuring Static ARP Entries.............................................................................................................2-32.2.3 Optimizing Dynamic ARP.....................................................................................................................2-42.2.4 Checking the Configuration...................................................................................................................2-4

2.3 Configuring Routed Proxy ARP.....................................................................................................................2-62.3.1 Establishing the Configuration Task......................................................................................................2-62.3.2 Configuring an IP Addresses for the VLANIF Interface.......................................................................2-62.3.3 Enabling Routed Proxy ARP Function..................................................................................................2-72.3.4 Checking the Configuration...................................................................................................................2-7

2.4 Configuring Proxy ARP in a VLAN...............................................................................................................2-82.4.1 Establishing the Configuration Task......................................................................................................2-82.4.2 Setting the IP Address of a VLANIF Interface......................................................................................2-82.4.3 Enabling Proxy ARP in a VLAN...........................................................................................................2-9

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service Contents

Issue 04 (2010-01-25) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

2.4.4 Checking the Configuration...................................................................................................................2-92.5 Configuring Proxy ARP Between VLANs...................................................................................................2-10

2.5.1 Establishing the Configuration Task....................................................................................................2-102.5.2 Configuring an IP Addresses for the VLANIF Interface.....................................................................2-112.5.3 Enabling Proxy ARP Between VLANs...............................................................................................2-112.5.4 Checking the Configuration.................................................................................................................2-12

2.6 Maintaining ARP...........................................................................................................................................2-122.6.1 Clearing ARP Statistics........................................................................................................................2-122.6.2 Monitoring Network Operation Status.................................................................................................2-132.6.3 Debugging ARP...................................................................................................................................2-13

2.7 Configuration Examples................................................................................................................................2-142.7.1 Example for Configuring Static ARP...................................................................................................2-142.7.2 Example for Configuring Dynamic ARP.............................................................................................2-162.7.3 Example for Configuring Routed Proxy ARP......................................................................................2-172.7.4 Example for Configuring Proxy ARP in a VLAN...............................................................................2-192.7.5 Example for Configuring Proxy ARP Between VLANs.....................................................................2-22

3 DNS Configuration....................................................................................................................3-13.1 Overview.........................................................................................................................................................3-2

3.1.1 Introduction to DNS...............................................................................................................................3-23.1.2 DNS Supported by the S-switch.............................................................................................................3-2

3.2 Configuring DNS............................................................................................................................................3-23.2.1 Establishing the Configuration Task......................................................................................................3-23.2.2 Configuring Static DNS Entries.............................................................................................................3-33.2.3 Configuring Dynamic DNS....................................................................................................................3-33.2.4 Checking the Configuration...................................................................................................................3-4

3.3 Maintaining DNS............................................................................................................................................3-53.3.1 Clearing DNS Entries.............................................................................................................................3-53.3.2 Monitoring Network Operation Status...................................................................................................3-63.3.3 Debugging DNS.....................................................................................................................................3-6

3.4 Configuration Examples..................................................................................................................................3-63.4.1 Example for Configuring DNS..............................................................................................................3-6

4 DHCP Configuration.................................................................................................................4-14.1 Overview.........................................................................................................................................................4-2

4.1.1 Introduction to DHCP............................................................................................................................4-24.1.2 DHCP Supported by the S-switch..........................................................................................................4-2

4.2 Configuring the Global Address Pool-based DHCP Server............................................................................4-24.2.1 Establishing the Configuration Task......................................................................................................4-24.2.2 Configuring the DHCP Global Address Pool........................................................................................4-34.2.3 Configure Static IP Address Binding.....................................................................................................4-44.2.4 Configuring DNS Services for the DHCP Client...................................................................................4-54.2.5 Configuring NetBIOS Services for the DHCP Client............................................................................4-64.2.6 Configuring Egress Gateway for the DHCP Client...............................................................................4-7

ContentsQuidway S5300 Series Ethernet Switches


ii Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 04 (2010-01-25)

4.2.7 Configuring DHCP Self-Defined Options.............................................................................................4-74.2.8 Assigning IP Addresses in the Global Address Pool to the DHCP Clients on the Specified Interface.........................................................................................................................................................................4-84.2.9 Checking the Configuration...................................................................................................................4-9

4.3 Configuring VLANIF Interface Address Pool-based DHCP Server.............................................................4-114.3.1 Establishing the Configuration Task....................................................................................................4-114.3.2 Enabling Address Pools on VLANIF Interfaces..................................................................................4-124.3.3 Configuring the Address Pool on the VLANIF Interface....................................................................4-144.3.4 Configuring DNS on the Address Pool of the VLANIF Interface.......................................................4-154.3.5 Configuring NetBIOS on the Address Pool of the VLANIF Interface................................................4-154.3.6 Configuring DHCP Self-Defined Options for the Address Pool of the VLANIF Interface................4-174.3.7 Checking the Configuration.................................................................................................................4-18

4.4 Configuring the Security Function for DHCP...............................................................................................4-184.4.1 Establishing the Configuration Task....................................................................................................4-194.4.2 Starting the Detection of the Pseudo DHCP Server on a DHCP Server..............................................4-194.4.3 Avoiding Repetitive IP Address Assignment.......................................................................................4-204.4.4 Saving DHCP Data...............................................................................................................................4-204.4.5 Recovering DHCP Data.......................................................................................................................4-214.4.6 Checking the Configuration.................................................................................................................4-21

4.5 Configuring DHCP Relay.............................................................................................................................4-224.5.1 Establishing the Configuration Task....................................................................................................4-224.5.2 Enabling DHCP Relay.........................................................................................................................4-234.5.3 Assigning IP Addresses to the Client Through Relay..........................................................................4-244.5.4 Requesting the DHCP Server to Release IP Addresses of the Client..................................................4-254.5.5 Checking the Configuration.................................................................................................................4-25

4.6 Maintaining DHCP........................................................................................................................................4-264.6.1 Resetting DHCP...................................................................................................................................4-264.6.2 Releasing Conflicting IP Addresses.....................................................................................................4-274.6.3 Clearing DHCP Statistics.....................................................................................................................4-274.6.4 Monitoring Network Operation Status.................................................................................................4-284.6.5 Debugging DHCP................................................................................................................................4-28

4.7 Configuration Examples................................................................................................................................4-294.7.1 Example for Configuring the Global Address Pool-based DHCP Server............................................4-294.7.2 Example for Configuring the VLANIF Interface Address Pool-based DHCP Server.........................4-324.7.3 Example for Configuring DHCP Relay...............................................................................................4-35

5 IP Performance Configuration.................................................................................................5-15.1 Overview.........................................................................................................................................................5-2

5.1.1 Introduction to IP Performance..............................................................................................................5-25.1.2 IP Performance Supported by the S-switch............................................................................................5-2

5.2 Improving IP Performance..............................................................................................................................5-35.2.1 Establishing the Configuration Task......................................................................................................5-35.2.2 Verifying the Source IP Address............................................................................................................5-4



iii

5.2.3 Forwarding Broadcast Packets...............................................................................................................5-45.2.4 Configuring ICMP Attributes.................................................................................................................5-55.2.5 Configuring TCP Attributes...................................................................................................................5-55.2.6 Checking the Configuration...................................................................................................................5-6

5.3 Maintaining IP Performance.........................................................................................................................5-105.3.1 Clearing IP/TCP/UDP Statistics...........................................................................................................5-105.3.2 Monitoring Network Operation Status.................................................................................................5-115.3.3 Debugging IP/TCP/UDP......................................................................................................................5-12

5.4 Configuration Examples................................................................................................................................5-135.4.1 Example for Limiting Transmission of ICMP Host-Unreachable Packets..........................................5-13

6 DHCP Policy VLAN Configuration.......................................................................................6-16.1 Overview.........................................................................................................................................................6-2

6.1.1 Introduction............................................................................................................................................6-26.1.2 DHCP Policy VLAN Supported by the S-switch...................................................................................6-2

6.2 Configuring DHCP Policy VLAN Based on MAC Addresses.......................................................................6-26.2.1 Establishing the Configuration Task......................................................................................................6-26.2.2 Configuration Procedure........................................................................................................................6-36.2.3 Checking the Configuration...................................................................................................................6-4

6.3 Configuring the DHCP Policy VLAN Based on Interfaces............................................................................6-46.3.1 Establishing the Configuration Task......................................................................................................6-46.3.2 Configuration Procedure........................................................................................................................6-56.3.3 Checking the Configuration...................................................................................................................6-5

6.4 Configuring Generic DHCP Policy VLAN.....................................................................................................6-66.4.1 Establishing the Configuration Task......................................................................................................6-66.4.2 Configuration Procedure........................................................................................................................6-66.4.3 Checking the Configuration...................................................................................................................6-7

6.5 Maintaining DHCP Policy VLAN.................................................................................................................. 6-76.5.1 Monitoring the Running Status..............................................................................................................6-8

6.6 Configuration Examples..................................................................................................................................6-86.6.1 Example for Configuring DHCP Policy VLAN Based on MAC Addresses.........................................6-86.6.2 Example for Configuring DHCP Policy VLAN Based on Interfaces..................................................6-10

7 Basic IPv6 Configuration..........................................................................................................7-17.1 Introduction to IPv6........................................................................................................................................ 7-27.2 IPv6 Supported by the S-switch......................................................................................................................7-27.3 Configuring an IPv6 Address for an Interface................................................................................................ 7-3

7.3.1 Establishing the Configuration Task......................................................................................................7-47.3.2 Enabling IPv6 Packet Forwarding Capability........................................................................................7-47.3.3 Configuring an IPv6 Link-Local Address for an Interface.................................................................... 7-47.3.4 Configuring an IPv6 Global Unicast Address for an Interface..............................................................7-57.3.5 Checking the Configuration...................................................................................................................7-6

7.4 Configuring IPv6 Neighbor Discovery...........................................................................................................7-67.4.1 Establishing the Configuration Task......................................................................................................7-6



iv Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 04 (2010-01-25)

7.4.2 Configuring Static Neighbors.................................................................................................................7-77.4.3 Enabling RA Message Advertising........................................................................................................7-77.4.4 Setting the Interval for Advertising RA Messages.................................................................................7-87.4.5 Enabling Stateful Auto Configuration....................................................................................................7-87.4.6 Configuring the Address Prefixes to Be Advertised..............................................................................7-97.4.7 Configuring Other Information to Be Advertised..................................................................................7-97.4.8 Checking the Configuration.................................................................................................................7-11

7.5 Configuring PMTU.......................................................................................................................................7-117.5.1 Establishing the Configuration Task....................................................................................................7-117.5.2 Creating Static PMTU Entries..............................................................................................................7-127.5.3 Configuring PMTU Aging Time..........................................................................................................7-127.5.4 Checking the Configuration.................................................................................................................7-13

7.6 Configuring TCP6.........................................................................................................................................7-137.6.1 Establishing the Configuration Task....................................................................................................7-137.6.2 Configuring TCP6 Timers....................................................................................................................7-147.6.3 Configuring the Size of the TCP6 Sliding Window.............................................................................7-147.6.4 Checking the Configuration.................................................................................................................7-15

7.7 Maintaining IPv6...........................................................................................................................................7-167.7.1 Resetting IPv6......................................................................................................................................7-167.7.2 Monitoring Network Operation Status of IPv6....................................................................................7-177.7.3 Debugging IPv6....................................................................................................................................7-17

7.8 Configuration Examples................................................................................................................................7-187.8.1 Example for Configuring an IPv6 Address for an Interface................................................................7-18

8 IPv6 over IPv4 Tunnel Configuration....................................................................................8-18.1 Introduction to IPv6 over IPv4........................................................................................................................8-28.2 IPv6 over IPv4 Supported by the S-switch.....................................................................................................8-28.3 Configuring IPv4/IPv6 Dual Stacks................................................................................................................8-6

8.3.1 Establishing the Configuration Task......................................................................................................8-68.3.2 Enabling IPv6 Packet Forwarding..........................................................................................................8-78.3.3 Configuring IPv4 and IPv6 Addresses for the Interface........................................................................8-7

8.4 Configuring an IPv6 over IPv4 Tunnel...........................................................................................................8-88.4.1 Establishing the Configuration Task......................................................................................................8-98.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface....................................................8-98.4.3 Configuring an IPv6 over IPv4 Manual Tunnel...................................................................................8-108.4.4 Configuring a 6to4 Tunnel...................................................................................................................8-118.4.5 Configuring an ISATAP Tunnel..........................................................................................................8-128.4.6 Configuring Routes in the Tunnel........................................................................................................8-138.4.7 Checking the Configuration.................................................................................................................8-13

8.5 Configuration Examples................................................................................................................................8-148.5.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel..............................................................8-148.5.2 Example for Configuring a 6to4 Tunnel..............................................................................................8-18



v

8.5.3 Example for Configuring an ISATAP Tunnel.....................................................................................8-22



vi Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 04 (2010-01-25)

Figures

Figure 1-1 Configuring primary and secondary IP addresses for a VLANIF interface.......................................1-6Figure 2-1 Networking diagram for configuring static ARP..............................................................................2-14Figure 2-2 Networking diagram for configuring dynamic ARP........................................................................2-16Figure 2-3 Networking diagram of configuring proxy ARP..............................................................................2-18Figure 2-4 Networking diagram of proxy ARP in a VLAN...............................................................................2-20Figure 2-5 Networking diagram of configuring proxy ARP between VLANs..................................................2-23Figure 3-1 Networking diagram of DNS..............................................................................................................3-7Figure 4-1 Networking diagram of the DHCP server and the client that are in the same network segment.....4-30Figure 4-2 Networking diagram of the DHCP server based on the address pool on the VLANIF interface.....4-33Figure 4-3 Networking diagram for configuring DHCP relay...........................................................................4-36Figure 5-1 Networking diagram of configuring ICMP host unreachable packets.............................................5-13Figure 6-1 Networking for configuring DHCP policy VLAN based on MAC addresses....................................6-8Figure 6-2 Networking for configuring DHCP policy VLAN based on interfaces...........................................6-10Figure 7-1 Networking diagram of configuring an IPv6 address for an interface.............................................7-18Figure 8-1 Single stack and dual stack structures (Ethernet)...............................................................................8-2Figure 8-2 Schematic diagram of IPv6 over IPv4 tunnel.....................................................................................8-3Figure 8-3 6to4 tunnel and 6to4 relay..................................................................................................................8-4Figure 8-4 ISATAP tunnel...................................................................................................................................8-6Figure 8-5 Networking diagram of the IPv6 over IPv4 manual tunnel..............................................................8-15Figure 8-6 Networking diagram of the 6to4 tunnel............................................................................................8-19Figure 8-7 Networking diagram of the ISATAP tunnel.....................................................................................8-22

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service Figures


vii

About This Document

PurposeThis document provides configuration procedures and examples for the IP Service features ofthe S-switch.

This document covers the following topics:

l Feature description

l Data preparations

l Pre-configuration tasks

l Configuration procedures

l Checking the configuration

l Configuration examples

This document helps you grasp the configuration procedures and application scenarios of the IPService features of the S-switch.

Related VersionsThe following table lists the product versions related to this document.

Product Name Version

S5300 V100R003C00

Intended AudienceThis document is intended for:

l Commissioning engineers

l Data configuration engineers

l Network administrators

l System maintenance engineers

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service About This Document


1

OrganizationThis document is organized as follows.

Chapter Description

1 IP Addresses Configuration This chapter describes the basics, methodsand examples for configuring IP Address.

2 ARP Configuration This chapter describes the basics, methodsand examples for configuring ARP.

3 DNS Configuration This chapter describes the basics, methodsand examples for configuring DNS.

4 DHCP Configuration This chapter describes the basics, methodsand examples for configuring DHCP.

5 IP Performance Configuration This chapter describes the basics, methodsand examples for configuring IP performance.

6 DHCP Policy VLAN Configuration This chapter describes the basics, methodsand examples for configuring DHCP policyVLAN.

7 Basic IPv6 Configuration This chapter describes the basics, methodsand examples for configuring IPv6.

8 IPv6 over IPv4 Tunnel Configuration This chapter describes the basics, methodsand examples for configuring IPv6 over IPv4tunnel.

Conventions

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

DANGERIndicates a hazard with a high level of risk, which ifnot avoided, will result in death or serious injury.

WARNINGIndicates a hazard with a medium or low level of risk,which if not avoided, could result in minor ormoderate injuries.

CAUTIONIndicates a potentially hazardous situation, which ifnot avoided, could result in equipment damage, dataloss, performance degradation, or unexpectedresults.

About This DocumentQuidway S5300 Series Ethernet Switches


2 Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 04 (2010-01-25)

Symbol Description

TIP Indicates a tip that may help you address a problemor save your time.

NOTE Provides additional information to emphasize orsupplement important points of the main text.

General ConventionsConvention Description

Times New Roman Normal paragraphs are in Times New Roman.

Boldface Names of files, directories, folders, and users are in Boldface.For example, log in as user Root.

Italic Book titles are in Italics.

Courier New Examples of information displayed on the screen are in CourierNew.

Command ConventionsConvention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Alternative items are grouped in braces and separated by verticalbars. One is selected.

[ x | y | ... ] Optional alternative items are grouped in square brackets andseparated by vertical bars. One or none is selected.

{ x | y | ... } * Optional items are grouped in braces and separated by verticalbars. A minimum of one item or a maximum of all items can beselected.

[ x | y | ... ] * Optional alternative items are grouped in square brackets andseparated by vertical bars. Several or none is selected.

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.



3

GUI Conventions

Convention Description

boldface Buttons, menus, parameters, tabs, windows, and dialog titles arein boldface. For example, click OK.

> Multi-level menus are in boldface and separated by the ">" signs.For example, choose File > Create > Folder.

Keyboard Operations


Key Press the key. For example, press Enter and press Tab.

Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt+A means the three keys should be pressed concurrently.

Key 1, Key 2 Press the keys in turn. For example, pressing Alt, F means thetwo keys should be pressed in turn.

Mouse Operations


Click Select and release the primary mouse button without moving thepointer.

Double-click Press the primary mouse button twice continuously and quicklywithout moving the pointer.

Drag Press and hold the primary mouse button and move the pointerto a certain position.

Update HistoryUpdates between document versions are cumulative. Therefore, the latest document versioncontains all updates made to previous versions.

Updates in Issue 04 (2010-01-25)

Fourth commercial release. The document is updated as follows:

l ACL Configuration and ACL6 Configuration are moved from Quidway S5300 SeriesEthernet Switches Configuration - IP Service to Quidway S5300 Series EthernetSwitches Configuration - Security.

About This DocumentQuidway S5300 Series Ethernet Switches


4 Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 04 (2010-01-25)

Updates in Issue 03 (2009-11-25)Third commercial release. The document is updated as follows:

The following information is added:

l ARP Configuration: 2.4 Configuring Proxy ARP in a VLAN

l ARP Configuration: 2.7.4 Example for Configuring Proxy ARP in a VLAN

The following information is modified:l IP Performance Configuration: 5.2.4 Configuring ICMP Attributes

Updates in Issue 02 (2009-08-14)Second commercial release. The document is updated as follows:l Bugs are fixed.

l The manual version is updated.

Updates in Issue 01 (2009-06-30)This is the first release.



5

1 IP Addresses Configuration

About This Chapter

This chapter describes the fundamentals of IP address, including its classes, methods andimportant characteristics. It also describes the steps for IP address configuration, along withtypical examples.

1.1 OverviewThis section describes the principle and concepts of the IP address.

1.2 Configuring IP Addresses for VLAN interfacesThis section describes how to configure IP addresses for VLAN interfaces.

1.3 MaintainingThis section describes how to view configurations about IP addresses.

1.4 Configuration ExamplesThis section provides several configuration examples of IP addresses.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 1 IP Addresses Configuration


1-1

1.1 OverviewThis section describes the principle and concepts of the IP address.

1.1.1 Introduction to IP Addresses

1.1.2 Features of IP Addresses Supported by the S-switch

1.1.1 Introduction to IP Addresses

To communicate with each other in an IP network, each host in the network must be assignedan IP address.

An IP address is a 32-bit number, composed of two parts, network ID and host ID.

The network ID identifies a network and the host ID identifies a host on the network. If thenetwork IDs of hosts are the same, it indicates that the hosts are in the same network regardlessof their physical location.

1.1.2 Features of IP Addresses Supported by the S-switch

The S-switch supports IP address configuration through the following methods:

l Manually configuring an IP address for an interface

l Get IP address by DHCP

1.2 Configuring IP Addresses for VLAN interfacesThis section describes how to configure IP addresses for VLAN interfaces.

1.2.1 Establishing the Configuration Task

1.2.2 Configuring a Primary IP Address for an VLAN Interface

1.2.3 (Optional) Configuring a Secondary IP Address for an VLANIF Interface

1.2.4 Checking the Configuration


Applicable EnvironmentTo start the IP services on S-switch, configure the IP address on the VLANIF interface. You canassign several IP addresses to each interface. Among them, one is the primary IP address andthe others are secondary IP addresses.

Pre-configuration TasksBefore configuring an IP address for an VLANIF interface, complete the following tasks:

1 IP Addresses ConfigurationQuidway S5300 Series Ethernet Switches


1-2 Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 04 (2010-01-25)

l Configuring the physical parameters for the interface and ensuring that the status of thephysical layer of the interface is Up

l Configuring the link layer parameters for the interface and ensuring that the status of thelink layer protocol on the interface is Up

l Configuring the corresponding VLAN

Data Preparation

To configure IP addresses for an VLANIF interface, you need the following data.

No. Data

1 VLANIF interface number

2 Primary IP address and subnet mask for the VLANIF interface

3 (Optional) Secondary IP address and subnet mask for the VLANIF interface

Subordinate IP addresses are required when an VLANIF interface needs multiple addresses.

1.2.2 Configuring a Primary IP Address for an VLAN Interface

Context

Do as follows on the S-switch:

Procedure

Step 1 Run:system-view

The system view is displayed.

Step 2 Run:interface vlanif vlan-id

The VLANIF interface view is displayed.

Step 3 Run:ip address ip-address { mask | mask-length }

Or

ip address dhcp-alloc

A primary IP address is configured.

An VLANIF interface has only one primary IP address. If the VLANIF interface already has aprimary IP address, the newly configured primary IP address replaces the original one.

----End



1-3

1.2.3 (Optional) Configuring a Secondary IP Address for anVLANIF Interface

ContextDo as follows on the S-switch:

Procedure





Step 3 Run:ip address ip-address { mask | mask-length } sub

A secondary IP address is configured.

----End


Run the following commands to check the pervious configuration.

Action Command

View the IP configuration on theinterface.

display ip interface[ brief ] [ interface-type interface-number ]

View interface information. display interface[ interface-type [ interface-number ] ][ verbose ] [ | { begin| exclude | include } regular-expression ]

Run the display ip interface command. If the physical status and link protocol status of theinterface are Up, it means that the configuration succeeds.

<Quidway> display ip interface brief vlanif 1*down: administratively down(l): loopback(s): spoofingInterface IP Address Physical Protocol DescriptionVlanif1 192.168.32.22 up up Huawei,Quidway

Run the display interface command. If information about the IP address and mask of theinterface is displayed, it means that the configuration succeeds. For example:

<Quidway> display interface vlanif 1Vlanif1 current state : UPLine protocol current state : UP




Issue 04 (2010-01-25)

Description : Huawei, Quidway Series, Vlanif1 Interface, Route PortThe Maximum Transmit Unit is 1500 bytesInternet Address is 192.168.32.22/16IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0010-8300-0026

Last 300 seconds input rate: 1 packets/secLast 300 seconds output rate: 1 packets/sec

Input: 60281 Packets, 21941 Unicasts 29097 Broadcasts, 9243 Multicasts

Output: 22637 Packets, 22637 Unicasts 0 Broadcasts, 0 Multicasts

1.3 MaintainingThis section describes how to view configurations about IP addresses.

1.3.1 Monitoring Network Operation Status


To obtain configurations about IP addresses in routine maintenance, run the followingcommands.

Action Command

View configurations about theIP address of the interface.

display ip interface[ brief ] [ interface-type interface-number ]

View information about theinterface.

display interface [ interface-type [ interface-number ] ][ verbose ] [ | { begin | exclude | include } regular-expression ]

1.4 Configuration ExamplesThis section provides several configuration examples of IP addresses.

1.4.1 Example for Configuring Primary and Secondary IP Addresses

1.4.1 Example for Configuring Primary and Secondary IP Addresses

Networking RequirementsAs shown in Figure 1-1, GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 of the S-switch areconnected to two PCs and added to VLAN 1. The IP addresses of PC1 and PC2 are 172.16.1.1/24and 172.16.2.1/24.



1-5

Figure 1-1 Configuring primary and secondary IP addresses for a VLANIF interface

S-switch

GE 0/0/1 GE 0/0/2

PC 1172.16.1.1/24

PC 2172.16.2.1/24

Configuration RoadmapThe configuration roadmap is as follows:

1. Analyze the network segment where the interface locates.2. Configure a primary IP address for the VLANIF interface and then configure a secondary

IP address for the interface.

Data PreparationTo complete the configuration, you need the following data:

l Primary IP address and subnet mask of the VLANIF interface

l Secondary IP address and subnet mask of the VLANIF interface

Configuration ProcedureIf you assign only one IP address to the VLANIF interface on the S-switch, you can accesscertain hosts through the S-switch. To access all the hosts in the network through the S-switch,you need to assign a secondary IP address to the VLANIF interface.

1. Add GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 of the S-switch to VLAN 1.2. Configure the device.

# Configure the primary and secondary IP addresses for VLANIF 1 of the device.<Quidway> system-view[Quidway] interface vlanif 1[Quidway-Vlanif1] ip address 172.16.1.2 255.255.255.0[Quidway-Vlanif1] ip address 172.16.2.2 255.255.255.0 sub

3. Verify the configuration.# Ping the host PC1 from the device. The ping succeeds.[Quidway] ping 172.16.1.1 PING 172.16.1.1: 56 data bytes, press CTRL_C to break Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=128 time=25 ms Reply from 172.16.1.1: bytes=56 Sequence=2 ttl=128 time=27 ms Reply from 172.16.1.1: bytes=56 Sequence=3 ttl=128 time=26 ms Reply from 172.16.1.1: bytes=56 Sequence=4 ttl=128 time=26 ms Reply from 172.16.1.1: bytes=56 Sequence=5 ttl=128 time=26 ms




Issue 04 (2010-01-25)

--- 172.16.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/26/27 ms# Ping the host PC2 from the device. The ping succeeds.[Quidway] ping 172.16.2.1 PING 172.16.2.1: 56 data bytes, press CTRL_C to break Reply from 172.16.2.1: bytes=56 Sequence=1 ttl=128 time=25 ms Reply from 172.16.2.1: bytes=56 Sequence=2 ttl=128 time=26 ms Reply from 172.16.2.1: bytes=56 Sequence=3 ttl=128 time=26 ms Reply from 172.16.2.1: bytes=56 Sequence=4 ttl=128 time=26 ms Reply from 172.16.2.1: bytes=56 Sequence=5 ttl=128 time=26 ms --- 172.16.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/25/26 ms# The hosts PC1 and PC2 cannot ping each other.

Configuration FilesThe configuration file of the device is as follows:

#interface Vlanif1 ip address 172.16.1.2 255.255.255.0 ip address 172.16.2.2 255.255.255.0 sub#



1-7

2 ARP Configuration

About This Chapter

This chapter describes the static and dynamic ARP, ARP proxy concepts and their configurationsteps, along with typical examples.

2.1 OverviewThis section describes the basic principle and concepts of the Address Resolution Protocol(ARP).

2.2 Configuring ARPThis section describes how to configure static ARP, and dynamic ARP.

2.3 Configuring Routed Proxy ARPThis section describes how to configure routed proxy ARP to make different sub-networkscommunicate with each other.

2.4 Configuring Proxy ARP in a VLANThis section describes how to configure proxy ARP in a VLAN to enable hosts that are isolatedat Layer 2 in a VLAN to communicate with each other.

2.5 Configuring Proxy ARP Between VLANsThis section describes how to implement communication between hosts in different VLANs.

2.6 Maintaining ARPThis section describes how to display ARP configurations, clear ARP statistics and debug ARP.

2.7 Configuration ExamplesThis section provides several configuration examples of ARP, proxy ARP in a VLAN, and proxyARP between VLANs.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 2 ARP Configuration


2-1

2.1 OverviewThis section describes the basic principle and concepts of the Address Resolution Protocol(ARP).

2.1.1 Introduction to ARP

2.1.2 Features of ARP Supported by the S-switch

2.1.1 Introduction to ARP

Each host or device in the Local Area Network (LAN) has a 32-bit IP address to communicatewith others. In an Ethernet, a host or a device transmits Ethernet frames based on 48-bit MediumAccess Control (MAC) addresses. A MAC address is also called physical address or hardwareaddress. It is assigned to an Ethernet interface when a device is produced. IP addresses areindependent of hardware addresses. Therefore, mappings between MAC addresses and IPaddresses must be created through a certain address resolution mechanism.

The Address Resolution Protocol (ARP) emerges. It provides a mapping between an IP addressand a MAC address.

2.1.2 Features of ARP Supported by the S-switch

ARP is classified into dynamic ARP and static ARP. The S-switch supports the dynamic ARP,static ARP, and proxy ARP.

2.2 Configuring ARPThis section describes how to configure static ARP, and dynamic ARP.


2.2.2 Configuring Static ARP Entries

2.2.3 Optimizing Dynamic ARP



Applicable Environment

Dynamic ARP is one of functions owned by a device or host. To enable this function, you modifysome parameters of dynamic ARP actions instead of running the related command.

Static ARP is used in the following situations:

l The packets whose destination IP address is in another network segment traverse a gatewayof the segment so that the gateway can forward the packets to their destination.

2 ARP ConfigurationQuidway S5300 Series Ethernet Switches



Issue 04 (2010-01-25)

l When users need to filter out some packets with illegal destination IP addresses, static ARPcan bind these illegal addresses to a nonexistent MAC address.

Pre-configuration Tasks

Before configuring ARP, complete the following tasks:



l Configuring the network layer parameters for the interface

Data Preparation

To configure ARP, you need the following data.

No. Data

1 IP address and MAC address of the static ARP entry

2 ID of the VLANIF interface to which the dynamic ARP entry belongs

3 Aging detection times of the dynamic ARP entry

4 Aging time of the dynamic ARP entry

2.2.2 Configuring Static ARP Entries

Context


Procedure



Step 2 Perform the following as required to add static ARP entries:l To configure common static ARP entries, run the arp static ip-address mac-address

command.l To configure static ARP entries in a Virtual Local Area Network (VLAN), do as follows:

– Run the arp static ip-address mac-address vid vlan-id interface interface-type interface-number command.

– Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlan-id command.



2-3

This command is applied to the sub-interface that supports VLAN and can be bound tothe VPN.

l To configure static ARP entries in a VPN instance, run the arp static ip-address mac-address vpn-instance vpn-instance-name command.

NOTE

Static ARP entries keep valid when a device works normally.

----End

2.2.3 Optimizing Dynamic ARP

Context


Procedure




The VLAN interface view is displayed.

Step 3 Run:arp detect-times detect-times

The aging detection times of the dynamic ARP entries are configured.

Step 4 Run:arp expire-time expire-times

The timeout period for aging dynamic ARP entries is configured.

Step 5 Run:quit

Back to the system view.

Step 6 Run:arp-suppress enable

ARP suppression is enabled on the current device.

----End






Issue 04 (2010-01-25)

Action Command

View information aboutARP mapping tables basedon interfaces.

display arp [ statistics ] interface vlanif vlan-id [ | { begin |exclude | include } regular-expression ]

View statistics about ARPentries.

display arp statistics

Run the display arp interface command. If all the ARP entries of the interface are displayed,it means that the configuration succeeds. For example:

<Quidway> display arp interface vlanif 1IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN------------------------------------------------------------------------------192.168.32.22 0010-8300-0026 I - Vlanif1192.168.1.255 Incomplete 0 D-0 Vlanif1192.168.29.1 000e-4540-04b7 5 DF0 GE0/0/1 1192.168.29.3 e000-0af0-e492 7 DF0 GE0/0/1 1192.168.29.7 e000-0af0-cb68 7 DF0 GE0/0/1 1192.168.29.2 e000-0af0-e497 7 DF0 GE0/0/1 1192.168.29.4 e000-0af0-e090 7 DF0 GE0/0/1 1192.168.29.6 e000-0af0-cb67 7 DF0 GE0/0/1 1192.168.1.239 0018-8236-f110 9 DF0 GE0/0/1 1192.168.1.232 0200-000a-1d34 10 DF0 GE0/0/1 1192.168.1.220 0018-8261-2507 11 DF0 GE0/0/1 1192.168.31.99 0019-21df-dd7c 17 DF0 GE0/0/1 1192.168.32.171 0019-e00a-a8fc 17 DF0 GE0/0/1 1192.168.31.181 001e-9089-c65a 17 DF0 GE0/0/1 1192.168.31.253 000d-88f7-5fee 19 DF0 GE0/0/1 1192.168.29.126 e000-0af0-cbba 19 DF0 GE0/0/1 1192.168.1.145 0200-0016-0319 19 DF0 GE0/0/1 1192.168.3.169 0018-8261-652c 20 DF0 GE0/0/1 1192.168.1.143 0200-0016-0331 20 DF0 GE0/0/1 1192.168.225.2 4e74-6300-0422 20 DF0 GE0/0/1 1192.168.32.108 0018-8241-e376 20 DF0 GE0/0/1 1------------------------------------------------------------------------------Total:21 Dynamic:20 Static:0 Interface:1

Run the display arp statistics command. If statistics about ARP entries are displayed, it meansthat the configuration succeeds. For example:

<Quidway> display arp statisticsTotal:27 Dynamic:20 Static:0 Interface:7



2-5

2.3 Configuring Routed Proxy ARPThis section describes how to configure routed proxy ARP to make different sub-networkscommunicate with each other.


2.3.2 Configuring an IP Addresses for the VLANIF Interface

2.3.3 Enabling Routed Proxy ARP Function




When two hosts are located in different network segments without gateways configured, youcan use the arp-proxy enable command to enable routed proxy ARP on the S-switch connectingthese hosts. In this manner, IP addresses between these two hosts can be resolved through theS-switch.


Before configuring routed proxy ARP, complete the following tasks:



Data Preparation

To configure routed proxy ARP, you need the following data.

No. Data

1 Number of the VLANIF interface enabled with routed proxy ARP

2 IP address of the VLANIF interface enabled with routed proxy ARP


Context





Issue 04 (2010-01-25)

Procedure






The VLANIF interface is configured with an IP address.

----End

2.3.3 Enabling Routed Proxy ARP Function


Procedure





Step 3 Run:arp-proxy enable

The routed proxy ARP function is enabled on the VLANIF interface.

----End



Action Command

Check if the Proxy ARPfunction is enabled onVLANIF interfaces

display this



2-7

Run the display thiscommand. You can check if the Proxy ARP function is enabled oninterfaces. For example:

<Quidway> interface vlanif 1[Quidway-Vlanif1] display this#interface Vlanif1 ip address 100.1.1.235 255.255.255.0 arp-proxy enable#

2.4 Configuring Proxy ARP in a VLANThis section describes how to configure proxy ARP in a VLAN to enable hosts that are isolatedat Layer 2 in a VLAN to communicate with each other.


2.4.2 Setting the IP Address of a VLANIF Interface

2.4.3 Enabling Proxy ARP in a VLAN




Users in a VLAN are in the same broadcast domain; therefore, they must be isolated on Layer2 to prevent broadcast storms. To enable these users to communicate with each other, you needto enable proxy ARP in the VLAN.


Before configuring proxy ARP in a VLAN, complete the following tasks:

l Connecting interfaces and setting the physical parameters of each interface to make thephysical layer in Up state

l Configuring Layer-2 isolation of users in the VLAN

Data Preparation

To configure proxy ARP in a VLAN, you need the following data.

No. Data

1 Number of the interface where proxy ARP in the VLAN is enabled

2 IP address of the interface where proxy ARP in the VLAN is enabled

2.4.2 Setting the IP Address of a VLANIF Interface




Issue 04 (2010-01-25)

Procedure





You can enable proxy ARP in a VLAN only on VLANIF interfaces of the S-switch.


The IP address of the interface is configured.

The IP address of the VLANIF interface must be on the same network segment as the LANconnected to the VLANIF interface.

----End

2.4.3 Enabling Proxy ARP in a VLAN

Context

If proxy ARP in a VLAN is enabled on an interface of the S-switch, the interface does not directlydiscard the ARP Request packet that is not destined for it. Instead, it searches the ARP mappingstable for the corresponding ARP entry. If the interface can function as the proxy, the interfacesends the MAC address of the S-switch to the sender of the ARP request.

Procedure





Step 3 Run:arp-proxy inner-sub-vlan-proxy enable

Proxy ARP in the VLAN is enabled.

----End




2-9

Procedurel Run the display this command in the VLANIF interface view to check whether proxy ARP

in a VLAN is enabled on the interface.

----End

Example# Run the display this on a VLANIF interface to check whether proxy ARP in a VLAN isenabled on the interface.

<Quidway> system-view[Quidway] interface vlanif 10[Quidway-Vlanif10] display this#interface Vlanif10 ip address 10.1.1.10 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable#return

2.5 Configuring Proxy ARP Between VLANsThis section describes how to implement communication between hosts in different VLANs.



2.5.3 Enabling Proxy ARP Between VLANs



Applicable EnvironmentIf two users belong to different VLANs and they need to communicate, you need to enable proxyARP between VLANs on the sub-interface associated with the VLAN.

If vlan aggregation is configured on the device, the sub-VLANs in a super-VLAN cannotcommunicate with each other. To solve this problem, enable proxy ARP between VLANs onthe VLANIF interface corresponding to the super-VLAN.

Implementing communication between VLANs through proxy ARP occupies fewer resourcesthan through configuring a VLANIF interface for each sub-VLAN.

IP addresses of hosts in a VLAN must be in the same network segment.

Pre-configuration TasksBefore configuring proxy ARP between VLANs, complete the following tasks:

l Configuring physical attributes for the interface and ensuring that the status of the physicallayer of the interface is Up




Issue 04 (2010-01-25)

l Configuring VLAN aggregation

Data Preparation

To configure proxy ARP between VLANs, you need the following data.

No. Data

1 Number of the VLANIF interface to be enabled with proxy ARP between VLANs

2 IP address of the VLANIF interface to be enabled with proxy ARP between VLANs

3 VLAN ID associated with the VLANIF interface to be enabled with proxy ARPbetween VLANs


Context


Procedure






The VLANIF interface is configured with an IP address.

The IP address configured for the VLANIF interface must be in the same network segment withthat of hosts in the VLAN associated with this interface.

----End

2.5.3 Enabling Proxy ARP Between VLANs

Context




2-11

Procedure





Step 3 Run:arp-proxy inter-sub-vlan-proxy enable

Proxy ARP between VLANs is enabled.

----End



Action Command

Check if the Proxy ARPBetween VLANs is enabledon VLANIF interfaces

display this

Run the display thiscommand. You can check if the Proxy ARP Between VLANs is enabledon interfaces. For example:

<Quidway> interface vlanif 1[Quidway-Vlanif1] display this#interface Vlanif1 ip address 100.1.1.235 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable#return

2.6 Maintaining ARPThis section describes how to display ARP configurations, clear ARP statistics and debug ARP.

2.6.1 Clearing ARP Statistics


2.6.3 Debugging ARP

2.6.1 Clearing ARP Statistics




Issue 04 (2010-01-25)

CAUTIONThe mapping between the IP and MAC addresses is deleted after you clear ARP statistics.

To clear the ARP statistics, run the following reset command in the user view.

Action Command

Clear the ARP entries in the ARPmapping table.

reset arp [ all | dynamic | interface vlanif vlan-id |static ]


To obtain configurations about ARP in routine maintenance, run the following command.

Action Command

View information about theARP mapping table basedon interfaces.

display arp [ statistics ] interface vlanif vlan-id [ | { begin |exclude | include } regular-expression ]

2.6.3 Debugging ARP

CAUTIONDebugging affects the performance of the system. So, after debugging, run the undo debuggingall command to disable it immediately.

When faults occur during ARP operation, run the following debugging command in the userview to debug ARP and locate the fault.

Action Command

Enable ARP debugging. debugging arp packet

Enable proxy ARP debugging. debugging arp-proxy [ inner-sub-vlan-proxy |inter-sub-vlan-proxy ] [ interface interface-typeinterface-number ]



2-13

2.7 Configuration ExamplesThis section provides several configuration examples of ARP, proxy ARP in a VLAN, and proxyARP between VLANs.

2.7.1 Example for Configuring Static ARP

2.7.2 Example for Configuring Dynamic ARP

2.7.3 Example for Configuring Routed Proxy ARP

2.7.4 Example for Configuring Proxy ARP in a VLAN

2.7.5 Example for Configuring Proxy ARP Between VLANs

2.7.1 Example for Configuring Static ARP

Networking RequirementsAs shown in Figure 2-1, the S-switch-A connected to the hosts also connects the S-switch-Bthrough Ethernet 0/0/1. It is required that a static ARP entry be added on Ethernet 0/0/1. The IPaddress and MAC address of the S-switch-B are 10.2.2.3 and 00e0-fc01-0000 respectively;Ethernet 0/0/1 belongs to VLAN 3.

Figure 2-1 Networking diagram for configuring static ARP

Eth 0/0/1

S-switch-B

S-switch-A


1. Create a VLAN and add the interface in the VLAN.2. Create a static ARP entry.




Issue 04 (2010-01-25)


l Ethernet 0/0/1 belonging to VLAN 3

l IP address 10.2.2.3 and MAC address 00e0-fc01-0000 of the S-switch-B

Configuration ProcedureThe procedure for configuring the S-switch-A is as follows:

1. Create a VLAN and add the interface in the VLAN.# Create VLAN 3.<Quitway> system-view[Quidway] sysname S-switch-A[S-switch-A] vlan 3[S-switch-A-vlan3] quit

# Add Ethernet 0/0/1 in VLAN 3.[S-switch-A] interface ethernet 0/0/1[S-switch-A-Ethernet0/0/1] port trunk allow-pass vlan 3[S-switch-A-Ethernet0/0/1] quit

2. Create a static ARP entry.# Create VLANIF 3.[S-switch-A] interface vlanif 3

# Assign an IP address to VLANIF 3.[S-switch-A-Vlanif3] ip address 10.2.2.2 255.0.0.0[S-switch-A-Vlanif3] quit

# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLANID 3, and outbound interface Ethernet 0/0/1.[S-switch-A] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface ethernet 0/0/1

3. Verify the configuration.# Run the display arp command to view the ARP mapping table.<S-switch-A>display arp staticIP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN------------------------------------------------------------------------------10.2.2.3 00e0-fc01-0000 S-- Ethernet 0/0/1 3------------------------------------------------------------------------------Total:1 Dynamic:0 Static:1 Interface:0

Configuration Filesl The following is the configuration file of the S-switch-A.# sysname S-switch-A#vlan batch 3#arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface ethernet 0/0/1#interface Vlanif3 ip address 10.2.2.2 255.0.0.0#interface Ethernet0/0/1 port trunk allow-pass vlan 3



2-15

#return

2.7.2 Example for Configuring Dynamic ARP

Networking RequirementsAs shown in Figure 2-2, a host logs in to the S-switch through Telnet. It is required that theaging time of dynamic ARP entries be 60s and the S-switch delete the expired dynamic ARPentries after detecting them twice.

Figure 2-2 Networking diagram for configuring dynamic ARP

Host A S-switch

Eth0/0/110.2.2.2/8

10.2.2.3/8


1. Create a VLAN.2. Create a VLANIF interface and assign an IP address to the VLANIF interface.3. Add the interface in the VLAN.4. Configure ARP attributes for the VLANIF interface.


l VLAN ID: 10

l IP address of the VLANIF interface: 10.2.2.2

l Aging time of the dynamic ARP entries of VLANIF 10: 60s, and number of detections: 2

Configuration Procedure1. # Create a VLAN.

<Quidway> system-view[Quidway] vlan 10[Quidway-vlan10] quit

2. # Create a VLANIF interface.[Quidway] interface vlanif 10

3. # Assign an IP address to the VLANIF interface.[Quidway-Vlanif10] ip address 10.2.2.2 255.0.0.0[Quidway-Vlanif10] quit




Issue 04 (2010-01-25)

4. # Add the interface in the VLAN.[Quidway] interface ethernet 0/0/1[Quidway-Ethernet0/0/1] port default vlan 10

5. # Configure ARP attributes for the VLANIF interface.[Quidway] interface vlanif 10[Quidway-Vlanif10] arp expire-time 60[Quidway-Vlanif10] arp detect-times 2

6. # Verify the configuration.Host A telnets S-switch successfully through the VLANIF interface with IP address10.2.2.2.Run the display arp interface vlanif command. You can view the following informationabout the ARP mapping table:[Quidway] display arp interface vlanif 10IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VLAN------------------------------------------------------------------------------10.2.2.2 000b-0922-d8a3 I - Vlanif1010.2.2.3 0000-fc33-0011 20 D-0 Eth0/0/1 10------------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1

Configuration FilesConfiguration file of S-switch

# sysname Quidway#vlan batch 10#interface Vlanif10 ip address 10.2.2.2 255.0.0.0 arp expire-time 60 arp detect-times 2#interface Ethernet0/0/1 port default vlan 10#return

2.7.3 Example for Configuring Routed Proxy ARP

Networking RequirementsAs shown in Figure 2-3, two S-switches are directly connected. One Ethernet interface on eachS-switch is connected to a LAN. Network numbers of the two LANs are 172.16.0.0/16. Thedefault gateway is not configured on PC 1 or PC 2. Routed proxy ARP must be configured onthe S-switch and hosts in the two LANs can access each other.



2-17

Figure 2-3 Networking diagram of configuring proxy ARP

S-switch-BS-switch-A

PC1172.16.1.2/16

0000-5e33-ee20

PC2172.16.2.2/16

0000-5e33-ee10

VLANIF1172.16.1.1/24

00e0-fc39-80aa

VLANIF2172.17.3.1/16

VLANIF2172.17.3.2/16 VLANIF1

172.16.2.1/2400e0-fc39-80bb


1. Configure IP addresses for VLANIF interfaces.2. Enable proxy ARP on VLANIF interfaces.3. Configure the default routes.


l IP address for related interfaces

l Default routes

l IP address of the host

Configuration Procedure1. Configure S-switch-A.

# Configure an IP address for VLANIF1 and VLANIF2.<Quidway> system-view[Quidway] sysname S-switch-A[S-switch-A] interface vlanif 1[S-switch-A-Vlanif1] ip address 172.16.1.1 255.255.255.0[S-switch-A-Vlanif1] quit[S-switch-A] interface vlanif 2[S-switch-A-Vlanif2] ip address 172.17.3.1 255.255.0.0[S-switch-A-Vlanif2] quit# Enable proxy ARP on VLANIF1.[S-switch-A] interface vlanif 1[S-switch-A-Vlanif1] arp-proxy enable[S-switch-A-Vlanif1] quit# Configure a static route.[S-switch-A] ip route-static 0.0.0.0 0 172.17.3.2

2. Configure S-switch-B.# Configure an IP address for VLANIF1 and VLANIF2.<Quidway> system-view




Issue 04 (2010-01-25)

[Quidway] sysname S-switch-B[S-switch-B] interface vlanif 1[S-switch-B-Vlanif1] ip address 172.16.2.1 255.255.255.0[S-switch-B-Vlanif1] quit[S-switch-B] interface vlanif 2[S-switch-B-Vlanif2] ip address 172.17.3.2 255.255.0.0# Enable routed proxy ARP on VLANIF1.[S-switch-B] interface vlanif 1[S-switch-B-Vlanif1] arp-proxy enable[S-switch-B-Vlanif1] quit# Configure a static route.[S-switch-B] ip route-static 0.0.0.0 0 172.17.3.1

3. Configure the host.Configure the IP address of PC1 to 172.16.1.2/16.Configure the IP address of PC2 to 172.16.2.2/16.

4. Verify the configuration.# PC1 can ping through PC2.# The ARP table of PC1 shows that the MAC address of PC2 is the MAC address ofVLANIF1 on S-switch-A.

Configuration Filesl Configuration file of S-switch-A

#sysname S-switch-A#interface Vlanif1 ip address 172.16.1.1 255.255.255.0 arp-proxy enable#interface Vlanif2 ip address 172.17.3.1 255.255.0.0#ip route-static 0.0.0.0 0 172.17.3.2#return

l Configuration file of S-switch-B#sysname S-switch-B#interface Vlanif1 ip address 172.16.2.1 255.255.255.0 arp-proxy enable#interface Vlanif2 ip address 172.17.3.2 255.255.0.0#ip route-static 0.0.0.0 0 172.17.3.1#return

2.7.4 Example for Configuring Proxy ARP in a VLAN

Networking RequirementsAs shown in Figure 2-4, GE 0/0/1 and GE 0/0/2 of the S-switch belong to sub-VLAN 2. VLAN2 is a sub-VLAN of super-VLAN 3. The requirements are as follows:



2-19

l Host A and host B in VLAN 2 are isolated at Layer 2.

l Host A and host B can communicate with each other at Layer 3 through proxy ARP in aVLAN.

The IP address of the VLANIF interface corresponding to the super-VLAN is 10.10.10.1 andthe mask is 255.255.255.0.

Figure 2-4 Networking diagram of proxy ARP in a VLAN

S-switch

HostA10.10.10.2/2400-e0-fc-00-00-02

HostB10.10.10.3/24

00-e0-fc-00-00-03

GE0/0/2GE0/0/1

Internet

sub-VLAN2

Configuration Roadmap

The configuration roadmap is as follows:

1. Create and configure the super-VLAN and sub-VLAN.

2. Add GE 0/0/1 and GE 0/0/2 to the sub-VLAN.

3. Create the VLANIF interface of the super-VLAN and assign an IP address to the VLANIFinterface.

4. Enable proxy ARP in a VLAN on the VLANIF interface.

Data Preparation

To complete the configuration, you need the following data:

l IDs of the super-VLAN and sub-VLAN: VLAN 3 and VLAN 2

l VLAN that GE 0/0/1 and GE 0/0/2 belong to: VLAN 2

l IP address and mask of the VLANIF interface corresponding to the super-VLAN:10.10.10.1/255.255.255.0




Issue 04 (2010-01-25)

Procedure

Step 1 Create and configure the super-VLAN and sub-VLAN.

# Create sub-VLAN 2.<Quidway> system-view[Quidway] vlan 2[Quidway-Vlan2] quit

# Enable port isolation on GE 0/0/1 and GE 0/0/2.[Quidway] interface gigabitethernet 0/0/1[Quidway-GigabitEthernet0/0/1] port-isolate enable[Quidway-GigabitEthernet0/0/1] quit[Quidway] interface gigabitethernet 0/0/2[Quidway-GigabitEthernet0/0/2] port-isolate enable[Quidway-GigabitEthernet0/0/2] quit

# Add GE 0/0/1 and GE 0/0/2 to sub-VLAN 2.[Quidway] interface gigabitethernet 0/0/1[Quidway-GigabitEthernet0/0/1] port link-type access[Quidway-GigabitEthernet0/0/1] port default vlan 2[Quidway-GigabitEthernet0/0/1] quit[Quidway] interface gigabitethernet 0/0/2[Quidway-GigabitEthernet0/0/2] port link-type access[Quidway-GigabitEthernet0/0/2] port default vlan 2[Quidway-GigabitEthernet0/0/2] quit

# Configure super-VLAN 3 and add sub-VLAN 2 to super-VLAN 3.[Quidway] vlan 3[Quidway-vlan3] aggregate-vlan[Quidway-vlan3] access-vlan 2[Quidway-vlan3] quit

Step 2 Create and configure the VLANIF interface VLANIF 3.

# Create VLANIF 3.

[Quidway] interface vlanif 3

# Assign an IP address to VLANIF 3.

[Quidway-Vlanif3] ip address 10.10.10.1 24

Step 3 Enable proxy ARP in a VLAN on VLANIF 3.

[Quidway-Vlanif3] arp-proxy inner-sub-vlan-proxy enable[Quidway-Vlanif3] quit

Step 4 Verify the configuration

# Run the display current-configuration command to view the configuration of the super-VLAN, sub-VLAN, and VLANIF interface. The output of the command is displayed in thefollowing configuration file.

# Run the display arp command to view all the ARP entries.

<Quidway> display arpIP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN------------------------------------------------------------------------------10.10.10.1 0018-8245-6321 I - Vlanif310.10.10.2 00e0-fc00-0002 17 DF0 GE0/0/2 110.10.10.3 00e0-fc00-0003 17 DF0 GE0/0/1 1



2-21

------------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1

----End

Configuration FilesConfiguration file of the S-switch

# sysname Quidway# vlan batch 2 to 3 #vlan 3 aggregate-vlan access-vlan 2#interface Vlanif3 ip address 10.10.10.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable#interface GigabitEthernet0/0/1 port link-type access port default vlan 2 port-isolate enable#interface GigabitEthernet0/0/2 port link-type access port default vlan 2 port-isolate enable#return

2.7.5 Example for Configuring Proxy ARP Between VLANs

Networking RequirementsAs shown in Figure 2-5, VLAN 2 and VLAN 3 compose a super-VLAN, VLAN 4.

The sub-VLANs, VLAN 2 and VLAN 3 cannot ping through each other.

To implement communication between VLAN 2 and VLAN 3, configure proxy ARP betweenVLANs.




Issue 04 (2010-01-25)

Figure 2-5 Networking diagram of configuring proxy ARP between VLANs

VLAN2 VLAN3

VLAN4

S-switch

VLAN2 VLAN3



1. Configure an IP address for the VLANIF4 interface.2. Enable proxy ARP between VLANs on the VLANIF4 interface.

Data Preparation

To complete the configuration, you need IP addresses of related interfaces.

Configuration Procedure

This example covers only the commands used to configure proxy ARP between VLANs.

1. Configure an IP address for the VLANIF4 interface.<Quidway> system-view[Quidway] sysname S-switch[S-switch] interface vlanif 4[S-switch-Vlanif4] ip address 192.168.1.100 255.255.255.0[S-switch-Vlanif4] quit

2. Configure IP addresses for PCs.# Configure IP addresses for PCs. The IP addresses must be in the same network segmentwith the IP address of the VLANIF4 interface.# After configurations, PCs and the device can ping through each other but PCs in VLAN2 and PCs in VLAN 3 cannot ping through each other.

3. Configure proxy ARP between VLANs.[S-switch] interface vlanif 4[S-switch-Vlanif4] arp-proxy inter-sub-vlan-proxy enable[S-switch-Vlanif4] quit

4. Verify the configuration.



2-23

l PCs in VLAN 2 and PCs in VLAN 3 can ping through each other.

l Check the ARP table on the PC.

# You can find that in the ARP table of any PC in VLAN 2, the MAC addresses of all PCsin VLAN 3 are the MAC address of the VLANIF4 interface on S-switch.

Configuration FilesThe configuration file of S-switch is as follows:

#sysname S-switch# vlan batch 2 to 4#vlan 4 aggregate-vlan access-vlan 2 to 3#interface Vlanif4 ip address 192.168.1.100 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable#Return




Issue 04 (2010-01-25)

3 DNS Configuration

About This Chapter

This chapter describes the static and dynamic DNS concepts and their configuration steps, alongwith typical examples.

3.1 OverviewThis section describes the basic principle and concepts of Domain Name System (DNS).

3.2 Configuring DNSThis section describes how to use the domain name to communicate with other devices.

3.3 Maintaining DNSThis section describes how to display the configuration of DNS, clear DNS entries and debugDNS.

3.4 Configuration ExamplesThis section provides a configuration example of DNS.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 3 DNS Configuration


3-1

3.1 OverviewThis section describes the basic principle and concepts of Domain Name System (DNS).

3.1.1 Introduction to DNS

3.1.2 DNS Supported by the S-switch

3.1.1 Introduction to DNS

The Domain Name System (DNS) is a host naming mechanism provided by TCP/IP, with whichhosts can be named in the form of character string. This system assumes a hierarchical namingstructure. It designates a meaningful name for the device in the Internet and associates the namewith the IP address through a domain name resolution server. In this manner, you can use domainnames that are easy to remember instead of memorizing complex IP addresses.

3.1.2 DNS Supported by the S-switch

DNS has two resolution modes: dynamic DNS resolution and static DNS resolution. To resolvea domain name, the system first uses static DNS resolution. If this mode fails, the system usesdynamic DNS resolution. To improve resolution efficiency, you can put common domain namesin a static domain name resolution table.

The S-switch supports static resolution and dynamic resolution.

3.2 Configuring DNSThis section describes how to use the domain name to communicate with other devices.


3.2.2 Configuring Static DNS Entries

3.2.3 Configuring Dynamic DNS



Applicable EnvironmentIf local users accessing devices need to communicate with other devices by using domain names,you can configure DNS on the device.

If local users communicate with other devices hardly through the domain name or the DNSserver is unavailable, configure static DNS. Prior to configuring static DNS, you must know themapping between the domain name and the IP address. In case of a change in the mapping, youmust modify the DNS entry manually.

You can configure dynamic DNS on the device if local users frequently use domain names forcommunicating with other devices and the DNS server is available.

3 DNS ConfigurationQuidway S5300 Series Ethernet Switches



Issue 04 (2010-01-25)

Pre-configuration TasksBefore configuring DNS, complete the following tasks:

l Configuring physical attributes of the interface and ensuring that the physical layer statusof the interface is Up

l Configuring parameters of the link layer protocol of the interface and ensuring that the linklayer protocol status of the interface is Up

l Configuring routes between the local device and the DNS server

l Configuring the DNS server

Data PreparationTo configure DNS, you need the following data.

No. Data

1 Domain name and the corresponding IP address in a static DNS entry

2 IP address of a DNS server

3 Domain name or the domain name list of a dynamic DNS entry

3.2.2 Configuring Static DNS Entries

ContextYou can configure a maximum of 50 static DNS entries.


Procedure



Step 2 Run:ip host host-name ip-address

The IP address corresponding to the host name is configured.

A host name corresponds to only one IP address. When you configure an IP address for a hostfor several times, only the IP address configured at the latest is valid. To resolve several hostnames, repeat Step 2.

----End

3.2.3 Configuring Dynamic DNS



3-3


Procedure



Step 2 Run:dns resolve

The function of dynamic domain name resolution is enabled.

Step 3 Run:dns server ip-address

A DNS server is specified.

Step 4 Run:dns domain domain-name

The suffix of the domain name is added.

----End

PostrequisiteThe system supports the configuration of a maximum of 6 domain name servers, 1 sourceaddress, and 10 domain name suffixes.

To configure more than one domain name server, repeat Step 3.

To configure more than one domain name suffix, repeat Step 4.


Run the following commands to check the previous configuration.

Action Command

Check information about the static DNS entry table. display ip host

Check configurations about DNS servers. display dns server

Check configurations about domain name suffixes. display dns domain

Check information about dynamic DNS entries in thedomain name cache.

display dns dynamic-host

Run the display ip host command. If static DNS entries including the mappings between hostnames and IP addresses, are displayed, it means that the configuration succeeds. For example:

<Quidway> display ip host




Issue 04 (2010-01-25)

Host Age Flags Addresshw 0 static 10.1.1.1gww 0 static 192.168.1.1

Run the display dns server command. If IP addresses of all domain servers are displayed, itmeans that the configuration succeeds. For example:

<Quidway> display dns serverIPv4 Dns Servers :Domain-server IpAddress 1 172.16.1.1 2 172.16.1.2

Run the display dns domain command. If the list of suffixes of domain names is displayed, itmeans that the configuration succeeds. For example:

<Quidway> display dns domainNo Domain-name1 com2 net

Run the display dns dynamic-host command. If information about the dynamic domain namecache is displayed, it means that the configuration succeeds. For example:

<Quidway> display dns dynamic-hostNo Domain-name IpAddress TTL Alias1 www.huawei.com 91.1.1.1 35212 www.huawei.com.cn 87.1.1.1 3000

3.3 Maintaining DNSThis section describes how to display the configuration of DNS, clear DNS entries and debugDNS.

3.3.1 Clearing DNS Entries


3.3.3 Debugging DNS

3.3.1 Clearing DNS Entries

CAUTIONDNS entries cannot be restored after being cleared. So, confirm the action before you use thiscommand.

To clear DNS entries, run the following reset command in the user view.

Action Command

Clear dynamic DNS entries in the domain namecache.

reset dns dynamic-host



3-5


In routine maintenance, to obtain configurations about DNS, run the following commands.

Action Command

Check information about the static DNS entrytable.

display ip host

Check configurations about DNS servers. display dns server

Check configurations about domain name suffixes. display dns domain

Check information about dynamic DNS entries inthe domain name cache.

display dns dynamic-host

3.3.3 Debugging DNS

CAUTIONDebugging affects the performance of the system. So after debugging, run the undo debuggingall command to disable it immediately.

Run the following debugging command in the user view to debug DNS and locate the fault.

Action Command

Enable dynamic DNS debugging. debugging dns

3.4 Configuration ExamplesThis section provides a configuration example of DNS.

3.4.1 Example for Configuring DNS

3.4.1 Example for Configuring DNS

Networking RequirementsAs shown in Figure 3-1, S-switch-A acts as a DNS client, being required to access the host2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes"com" and "net".

On S-switch-A, configure static DNS entries of S-switch-B and S-switch-C so that S-switch-Acan communicate with them by using domain names.




Issue 04 (2010-01-25)

Figure 3-1 Networking diagram of DNS

Loopback04.1.1.1/32

Loopback04.1.1.2/32

VLANIF11.1.1.2/16

VLANIF11.1.1.1/16 VLANIF2

2.1.1.1/16VLANIF2

2.1.1.2/16

VLANIF13.1.1.1/16

S-switch-A

S-switch-B S-switch-C

huawei.com2.1.1.3/16

DNS Server3.1.1.2/16

DNS Client


1. Configure static DNS entries.2. Enable DNS resolution.3. Configure an IP address for the DNS server.4. Configure suffixes of domain names.


l Domain names of S-switch-B and S-switch-C

l IP address of the DNS server

l Suffixes of domain names

Configuration ProcedureNOTE

Before performing configurations, suppose:

l S-switch-A and each host have been configured with IP addresses and other configurations.

l The mapping between the domain name "huawei.com" and the IP address 2.1.1.3/16 is available onthe DNS server.

l The DNS server works normally.

1. Configure S-switch-A.# Configure static DNS entries.<S-switch-A> system-view[S-switch-A] ip host S-switch-B 4.1.1.1[S-switch-A] ip host S-switch-C 4.1.1.2# Enable DNS resolution.[S-switch-A] dns resolve



3-7

# Configure an IP address for the DNS server.[S-switch-A] dns server 3.1.1.2

# Configure a domain name suffix "net".[S-switch-A] dns domain net

# Configure a domain name suffix "com".[S-switch-A] dns domain com

NOTE

To complete DNS resolution, configuring routes from S-switch-A to the DNS server is mandatory.

2. Verify the configuration.# Run the ping huawei.com command on S-switch-A to ping the IP address 2.1.1.3. Theping succeeds.<S-switch-A> ping huawei.comTrying DNS server (3.1.1.2) PING huawei.com (2.1.1.3): 56 data bytes, press CTRL_C to break Reply from 2.1.1.3: bytes=56 Sequence=1 ttl=126 time=6 ms Reply from 2.1.1.3: bytes=56 Sequence=2 ttl=126 time=4 ms Reply from 2.1.1.3: bytes=56 Sequence=3 ttl=126 time=4 ms Reply from 2.1.1.3: bytes=56 Sequence=4 ttl=126 time=4 ms Reply from 2.1.1.3: bytes=56 Sequence=5 ttl=126 time=4 ms --- huawei.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/6 ms

# Run the display ip host command on S-switch-A to view static DNS entries, includingmappings between host names and IP addresses.<S-switch-A> display ip hostHost Age Flags AddressS-switch-B 0 static 4.1.1.1S-switch-C 0 static 4.1.1.2

# Run the display dns dynamic-host command on S-switch-A to view dynamic DNSentries in the domain name cache.<S-switch-A> display dns dynamic-hostNo Domain-name IpAddress TTL Alias1 huawei.com 2.1.1.3 3579

NOTE

TTL value in the above display indicates the lifetime of an entry. It is in seconds.


# sysname S-switch-A# ip host S-switch-B 4.1.1.1 ip host S-switch-C 4.1.1.2# dns resolve dns server 3.1.1.2 dns domain net dns domain com#interface Vlanif1 ip address 1.1.1.2 255.255.0.0#rip 1 network 1.0.0.0




Issue 04 (2010-01-25)

#return

l Configuration file of S-switch-B# sysname S-switch-B#interface Vlanif1 ip address 1.1.1.1 255.255.0.0#interface Vlanif2 ip address 2.1.1.1 255.255.0.0#interface LoopBack0 ip address 4.1.1.1 255.255.255.255#rip 1 network 2.0.0.0 network 1.0.0.0 network 4.0.0.0#return

l Configuration file of S-switch-C# sysname S-switch-C#interface Vlanif1 ip address 3.1.1.1 255.255.0.0#interface Vlanif2 ip address 2.1.1.2 255.255.0.0#interface LoopBack0 ip address 4.1.1.2 255.255.255.255#rip 1 network 2.0.0.0 network 3.0.0.0 network 4.0.0.0#return



3-9

4 DHCP Configuration

About This Chapter

This chapter describes the DHCP fundamentals including DHCP service, DHCP server, andrelay agent. It also includes configuration steps for DHCP Server based on different parameters,DHCP relay agent, and security functions in DHCP service, along with typical examples.

4.1 OverviewThis section describes the principle and concepts of the Dynamic Host Configuration Protocol(DHCP).

4.2 Configuring the Global Address Pool-based DHCP ServerThis section descries how to configure a DHCP server when hosts are connected with S-switch through other devices.

4.3 Configuring VLANIF Interface Address Pool-based DHCP ServerThis section describes how to configure a DHCP server that uses the address pool of the VLANIFinterface.

4.4 Configuring the Security Function for DHCPThis section describes how to enhance the security of the DHCP service.

4.5 Configuring DHCP RelayThis section describes how to enable DHCP relay so that DHCP relay can forward DHCPrequests from local clients to the DHCP server on other networks.

4.6 Maintaining DHCPThis section describes how to clear the statistics about DHCP and debug DHCP.

4.7 Configuration ExamplesThis section provides several configuration examples of the DHCP server and DHCP relay.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 4 DHCP Configuration


4-1

4.1 OverviewThis section describes the principle and concepts of the Dynamic Host Configuration Protocol(DHCP).

4.1.1 Introduction to DHCP

4.1.2 DHCP Supported by the S-switch

4.1.1 Introduction to DHCP

With the rapid growth in network scale and complexity, network configuration becomes moredifficult. The location of hosts changes (such as laptops and wireless network) and the numberof hosts has exceeded that of the available IP addresses. The Dynamic Host ConfigurationProtocol (DHCP) is developed to solve these problems.

4.1.2 DHCP Supported by the S-switch

The S-switch supports the following DHCP applications, ensures the security of DHCP services,and provides the DHCP relay agent function.

l Global address pool

l Address pool on the VLAN logical interface

4.2 Configuring the Global Address Pool-based DHCPServer

This section descries how to configure a DHCP server when hosts are connected with S-switch through other devices.


4.2.2 Configuring the DHCP Global Address Pool

4.2.3 Configure Static IP Address Binding

4.2.4 Configuring DNS Services for the DHCP Client

4.2.5 Configuring NetBIOS Services for the DHCP Client

4.2.6 Configuring Egress Gateway for the DHCP Client

4.2.7 Configuring DHCP Self-Defined Options

4.2.8 Assigning IP Addresses in the Global Address Pool to the DHCP Clients on the SpecifiedInterface



4 DHCP ConfigurationQuidway S5300 Series Ethernet Switches



Issue 04 (2010-01-25)


To obtain IP addresses from the device dynamically, you need to configure a global addresspool-based DHCP server.

The global address pool-based DHCP server usually works together with the DHCP relay agent.


Before configuring the global address pool-based DHCP server, complete the following tasks:


l Configuring the NetBIOS server

l Configuring the routes to the DNS server and the NetBIOS server

Data Preparation

To configure the global address pool-based DHCP server, you need the following data.

No. Data

1 Name and the address range of the address pool

2 Range of the IP addresses that cannot be dynamically assigned to hosts

3 IP addresses and the MAC addresses that need to be bound statically

4 Lease of the IP address

5 IP address of the DNS server and the domain name of the DHCP client

6 IP address of the NetBIOS server and the NetBIOS node type of the DHCP client

7 Coding of the DHCP self-defined options and the corresponding ASCII strings orhexadecimal number or IP address

4.2.2 Configuring the DHCP Global Address Pool

Context


Procedure



Step 2 Run:dhcp enable



4-3

DHCP is enabled.

Step 3 Run:dhcp server ip-pool pool-name

A DHCP address pool is created and the DHCP address pool view is displayed.

NOTE

Each DHCP server can be configured with a maximum of 128 global address pools.

Step 4 Run:network ip-address [ mask { mask | mask-length } ]

The address pool range is configured.

Step 5 Run:expired { day day [ hour hour [ minute minute ] ] | unlimited }

The lease of the IP addresses dynamically assigned to hosts is configured. By default, the IPlease is one day.

NOTE

The DHCP server can specify the IP lease for each address pool. The IP lease may vary with address pools.The addresses in the same DHCP address pool, however, have the same IP lease.

Step 6 Run:quit

Back to the system view.

Step 7 Run:dhcp server forbidden-ip low ip address [ high ip address ]

The range of IP addresses that cannot be dynamically assigned is configured.

NOTEAfter repeatedly running the dhcp server forbidden-ip command, you can configure multiple IP addresssegments that cannot be automatically assigned. When using the undo dhcp server forbidden-ip commandto delete the setting, ensure that the specified parameters are consistent with the previously configuredparameters. That is, you cannot delete only partial originally configured addresses.

----End

4.2.3 Configure Static IP Address Binding


Procedure







Issue 04 (2010-01-25)

A DHCP address pool is created and the DHCP address pool view is displayed.

Step 3 Run:static-bind ip-address ip-address [ mask { mask | mask-length } ]

Certain IP addresses are statically bound.

Step 4 Run:static-bind mac-address mac-address

MAC addresses of certain clients are statically bound.

----End

PostrequisiteBased on the clients' needs, you can adopt either static address binding or dynamic addressassignation. However, you cannot configure the same DHCP address pool with these two modesat the same time.

Dynamic address distribution needs specification of the address range for assignment, whilestatic address binding can be regarded as a special DHCP address pool with only one address.

Some clients may need fixed IP addresses that are bound with their MAC addresses. When theclient with a specific MAC address uses DHCP to apply for an IP address, the DHCP serverfinds out the fixed IP address bound with the MAC address and assigns it to the client.

NOTE

The static-bind ip-address command must be used together with the static-bind mac-address command.The new configuration supersedes the previous one when you use the two commands for several times.

4.2.4 Configuring DNS Services for the DHCP Client


Procedure




The DHCP address pool view is displayed.

Step 3 Run:domain-name domain-name

The domain name of the DHCP client is configured.

Step 4 Run:dns-list ip-address &<1-8>



4-5

The IP address of the DNS server of the DHCP client is configured.

----End

Postrequisite

On the DHCP server, designate a domain name for the client per address pool basis.

When a host accesses the Internet by using the domain name, the DNS server resolves the domainname into an IP address. Therefore, to ensure that the client can successfully access the Internet,the DHCP server also needs to specify the DNS server address for the client when it assigns IPaddresses.

To perform load balancing and improve the network reliability, you can configure several DNSservers and egress gateways.

4.2.5 Configuring NetBIOS Services for the DHCP Client

Context


Procedure





Step 3 Run:nbns-list ip-address &<1-8>

The IP address of the NetBIOS server of the DHCP client is configured.

Step 4 Run:netbios-type { b-node | h-node | m-node | p-node }

The NetBIOS node type of the DHCP client is configured.

By default, the node type of the DHCP client is not specified.

----End

Postrequisite

For the client using the OS of Microsoft, Windows Internet Naming Service (WINS) serverprovides resolution from the host name to the IP address. This is given to the host that usesNetBIOS protocol for communication. Most of the Windows clients need to be configured withWINS.




Issue 04 (2010-01-25)

When a DHCP client communicates in a WAN by adopting the NetBIOS protocol, a mappingbetween the host name and the IP address should be set up. The following lists the types ofNetBIOS nodes for obtaining mappings:

l Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mappingrelation by means of broadcast.

l Type p nodes (p-node): "p" stands for peer-to-peer, namely, type p nodes obtain themapping relation by means of communicating with NetBIOS servers.

l Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owningpart of the broadcasting features.

l Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the"peer-to-peer" communicating mechanism.

4.2.6 Configuring Egress Gateway for the DHCP Client

Context

Procedure





Step 3 Run:gateway-list ip-address &<1-8>

The egress gateway of the DHCP client is configured.

When a DHCP client wants to access a server (or host) that is not on the local network, an egressgateway needs to be configured on the local network.

To perform load balancing and improve the network reliability, you can configure several DNSservers and egress gateways.

----End

4.2.7 Configuring DHCP Self-Defined Options

ContextNOTE

Configuring DHCP self-defined options are optional. Services, such as DNS on the client, NETBIOS, andIP lease cannot be configured through the option code command but through the commands earlymentioned.




4-7

Procedure





Step 3 Run:option code { ascii ascii-string | hex hex-string | ip-address ip-address }

The DHCP self-defined options are configured.

----End

Postrequisite

The Option field in DHCP packets carries the control information and parameters that are notdefined in some common protocols. If the DHCP server is configured with Option, the DHCPclient gets the configuration information saved in the Option filed of DHCP response packets.

You need to add the options to the attribute tables of the DHCP servers. For example,

l To configure the IP address of a log server to 10.110.204.1, use the command option 7 ip-address 10.110.204.1.

l To configure the TTL of the client packet to 64, use the command option 23 hex 40.

NOTE

Using the option command, you can specify the options to be included in the DHCP response packets.

Before using the option command, you need to know the function of each option: Option 77 identifies usertypes or applications of DHCP client. Based on User Class in the Option field, the DHCP server selectsthe proper address pool and configuration parameters. Option 77 usually is configured on the client.

4.2.8 Assigning IP Addresses in the Global Address Pool to theDHCP Clients on the Specified Interface

Context


Procedurel Assigning IP addresses to the clients on the current VLANIF interface

1. Run:system-view

The system view is displayed.2. Run:

interface vlanif VLANIF interface-number




Issue 04 (2010-01-25)

The VLNAIF interface view is displayed.3. Run:

ip address ip-address { mask | mask-length } [ sub ]

The VLNAIF interface is configured with an IP address.4. Run:

dhcp select global

The IP addresses in the global address pool are assigned.l Assigning IP addresses to the clients in VLANs

1. Run:system-view


dhcp select global vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The IP addresses in the global address pool are assigned.

----End



Action Command

Check the available address informationin the DHCP address pool.

display dhcp server free-ip

Check the expired lease in the DHCPaddress pool.

display dhcp server expired { all | ip ip-address| pool [ pool-name ] | vlan vlan-id }

Check address binding information. display dhcp server ip-in-use { all | ip ip-address | pool [ pool-name ] | vlan vlan-id }

Check the statistics about the DHCPserver.

display dhcp server statistics

Check information about the tree-structure of the DHCP address pool.

display dhcp server tree { all | pool [ pool-name ] | vlan vlan-id }

Run the display dhcp server free-ip command. If there are unused IP addresses in the addresspool, it means that the configuration succeeds.

<Quidway> display dhcp server free-ipIP Range from 5.5.5.1 to 5.5.5.254IP Range from 202.38.160.1 to 202.38.160.1IP Range from 202.38.160.4 to 202.38.160.126

Run the display dhcp server expired command. If information about the expired leases of IPaddresses in DHCP address pools is displayed, it means that the configuration succeeds.

<Quidway> display dhcp server expired allGlobal pool:



4-9

IP address Hardware address Lease expiration TypeInterface pool: IP address Hardware address Lease expiration Type

Run the display dhcp server ip-in-use command. If the binding information of IP address, suchas the hardware address and the IP lease, is displayed, it means that the configuration succeeds.

<Quidway> display dhcp server ip-in-use allGlobal pool: IP address Hardware address Lease expiration TypeInterface pool: IP address Hardware address Lease expiration Type 5.5.5.1 0050-ba28-930a Jul 5 2006 13: 00:10 PM Auto:COMMITED

Run the display dhcp server statistics command. If statistics of the DHCP server, includingthe number of DHCP address pools, the number of the automatic binding, the manual bindingand the expired binding and the number of DHCP packets is displayed, it means that theconfiguration succeeds.

<Quidway> display dhcp server statistics Global Pool:Pool Number: 5 BindingAuto: 0Manual: 1Expire: 0 Interface Pool: Pool Number: 1 Binding Auto: 1 Manual: 0 Expire: 0 Boot Request: 6 Dhcp Discover: 1 Dhcp Request: 4 Dhcp Decline: 0 Dhcp Release: 1 Dhcp Inform: 0 Boot Reply: 4 Dhcp Offer: 1 Dhcp Ack: 3 Dhcp Nak: 0 Bad Messages: 0 HA Message: BatchBackup send msg: 0 BatchBackup recv msg: 0 BatchBackup send lease: 0 BatchBackup recv lease: 0

Run the display dhcp server tree command. If the tree structure of the DHCP address pool,including DNS, the IP lease and Option parameters, is displayed, it means that the configurationsucceeds.

<Quidway> display dhcp server tree allGlobal pool: Pool name: 5 network 10.10.1.0 255.255.255.0 Child node:6 Sibling node:7 option 1 ip-address 255.0.0.0 expired 1 0 0 option 58 hex 00 00 A8 C0 option 59 hex 00 00 00 3C Pool name: 6 host 10.10.1.2 255.0.0.0 hardware-address 1111.2222.3333 gigabitethernetParent node:5 option 1 ip-address 255.255.0.0 expired 1 0 0




Issue 04 (2010-01-25)

option 58 hex 00 00 A8 C0 option 59 hex 00 00 00 3C Pool name: 7 network 10.10.1.64 255.255.255.192 PrevSibling node:5 Sibling node:8 option 1 ip-address 255.0.0.0 Pool name: 8 network 20.10.1.1 255.255.255.0 Child node:9 PrevSibling node:7 option 1 ip-address 255.0.0.0 gateway-list 2.2.2.2 nbns-list 3.3.3.3 netbios-type m-node expired 2 0 0 option 58 hex 00 01 51 80 option 59 hex 00 00 00 3C Pool name: 9 network 30.10.1.64 255.255.255.0Parent node:8 option 1 ip-address 255.0.0.0 gateway-list 2.2.2.2 dns-list 1.1.1.1 domain-name 444444 nbns-list 3.3.3.3 netbios-type m-node expired 2 0 0 option 58 hex 00 01 51 80 option 59 hex 00 00 00 3C Interface pool: Pool name: GigabitEthernet0/0/1 network 5.5.5.0 mask 255.255.255.0 option 1 ip-address 255.255.255.0 gateway-list 5.5.5.5 expired 1 0 0 option 58 hex 00 00 A8 C0 option 59 hex 00 00 00 3C

4.3 Configuring VLANIF Interface Address Pool-basedDHCP Server

This section describes how to configure a DHCP server that uses the address pool of the VLANIFinterface.


4.3.2 Enabling Address Pools on VLANIF Interfaces

4.3.3 Configuring the Address Pool on the VLANIF Interface

4.3.4 Configuring DNS on the Address Pool of the VLANIF Interface

4.3.5 Configuring NetBIOS on the Address Pool of the VLANIF Interface

4.3.6 Configuring DHCP Self-Defined Options for the Address Pool of the VLANIF Interface





4-11

Applicable EnvironmentThe interface address pool on the VLANIF interface, is used for devices to support the switchedEthernet interface. Because the switched Ethernet interface cannot be configured with IPaddresses directly, you need to create a VLANIF interface and then configure DHCP addresspools on the VLANIF interface.

Pre-configuration TasksBefore configuring the VLANIF interface address pool-based DHCP server, complete thefollowing tasks:

l Creating a VLANIF interface


l Configuring the NetBIOS server

l Configuring routes to the DNS server and the NetBIOS server

Data PreparationTo configure the VLANIF interface address pool-based DHCP server, you need the followingdata.

No. Data

1 Number, IP address and subnet mask of the VLANIF interface

2 IP addresses in the address pools of VLANIF interface and the MAC addresses to bebound with the IP addresses

3 Lease of the IP address

4 IP address of the DNS server and the domain name of the DHCP client

5 IP address of the NetBIOS server and the NetBIOS node type of the DHCP client

6 Coding of the DHCP self-defined options and the corresponding ASCII strings orhexadecimal number or IP address

4.3.2 Enabling Address Pools on VLANIF Interfaces

ContextDo as follows on the DHCP server:

Procedurel Enabling address pools in the VLANIF interface view

1. Run:system-view





Issue 04 (2010-01-25)

2. Run:vlan vlan-id

A VLAN is created.3. Run:

quit

Back to the system view.4. Run:

interface vlanif vlan-id

The VLANIF interface is displayed.5. Run:

ip address ip-address { mask | mask-length }

The IP address of the VLANIF interface is configured.6. Run:

dhcp select interface

The address pool on the VLANIF interface is enabled.l Enabling address pools on one VLANIF interface or multiple VLANIF interfaces in the

system view1. Run:

system-view


vlan vlan-id

A VLAN is created.3. Run:

quit


interface vlanif VLANIF interface number

The VLANIF interface is displayed.5. Run:


The IP address of the VLANIF interface is configured.6. Run:

quit


dhcp select interface vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The address pool on the specified VLANIF interface is enabled.

----End



4-13

4.3.3 Configuring the Address Pool on the VLANIF Interface

Context

Do as follows on the DHCP server:

Procedure



Step 2 Run:dhcp enable

DHCP is enabled.

Step 3 Run:interface vlanif VLANIF interface number


Step 4 Run:dhcp select interface

The address pool on the interface is enabled.

Step 5 Run:dhcp server static-bind ip-address ip-address mac-address mac-address

Certain IP addresses and MAC addresses are bound with the address pool.

Step 6 The following steps are optional, so perform them as required.

Run:

dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }

The IP lease of the VLANIF interface is configured. By default, the IP lease is one day.

Or

Run:

quit

Return to the system view.

Run:

dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The leases of the IP addresses of several VLANIF interfaces are configured. By default, the IPlease is one day.

----End




Issue 04 (2010-01-25)

PostrequisiteThe IP address and its mask of the VLANIF interface determine the range of the address poolon the VLANIF interface. If you need to configure several address pools for VLANIF interfaces,repeat Steps 3, 4, 5, and 6.

4.3.4 Configuring DNS on the Address Pool of the VLANIFInterface


Procedurel Configuring DNS on VLANIF interfaces

1. Run:system-view



The VLAIF interface view is displayed.3. Run:

dhcp server domain-name domain-name

Domain names are configured for the clients of the VLANIF interface.4. Run:

dhcp server dns-list ip-address &<1-8>

The IP address of the DNS server is specified for the clients of the VLANIF interface.l Configuring DNS on one or multiple VLANIF interfaces

1. Run:system-view


dhcp server domain-name domain-name vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The domain name of the DHCP client is configured.3. Run:

dhcp server dns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The IP address of the DNS server is specified for the DHCP client.

----End

4.3.5 Configuring NetBIOS on the Address Pool of the VLANIFInterface



4-15


Procedurel Configuring NetBIOS on VLANIF interfaces

1. Run:system-view



The VLANIF interface view is displayed.3. Run:

dhcp server nbns-list ip-address &<1-8>

The IP address of the NetBIOS server is specified for the DHCP clients of the VLANIFinterface.

4. Run:dhcp server netbios-type { b-node | h-node | m-node | p-node }

The NetBIOS node type is specified for the DHCP clients of the VLANIF interface.l Configuring NetBIOS on one or multiple VLANIF interfaces

1. Run:system-view


dhcp server nbns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The IP address of the NetBIOS server is specified for the DHCP client.3. Run:

dhcp server netbios-type { b-node | h-node | m-node | p-node } vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

The NetBIOS node type is specified for the DHCP client.

By default, the node type of the client is not specified.

----End

PostrequisiteBefore using the NetBIOS service, make sure that

l The NetBIOS server is configured correctly

l There are routes between the device and the NetBIOS server.

For the client using the OS of Microsoft, WINS server provides the resolution from the hostname to the IP address for the host that uses the NetBIOS protocol to communicate. In this way,most of the Windows network clients need to be configured with WINS.




Issue 04 (2010-01-25)

When a DHCP client communicates on a WAN, by adopting NetBIOS protocol, a mappingbetween the host name and the IP address should be set up. The types of NetBIOS nodes forobtaining mappings are as follows:

l Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mappingrelation by means of broadcast.

l Type p nodes (p-node): "p" stands for peer-to-peer; that is, type p nodes obtain the mappingrelation by means of communicating with NetBIOS servers.

l Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owningpart of the broadcasting features.

l Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the"peer-to-peer" communicating mechanism.

4.3.6 Configuring DHCP Self-Defined Options for the AddressPool of the VLANIF Interface

ContextNOTE

Configuring DHCP self-defined options is optional. Services, such as DNS on the client, NETBIOS andIP lease cannot be configured through the option code command but through the related commanddescribed above.


Procedure



Step 2 Run:dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address &<1-8> } { vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> }

The DHCP self-defined options are configured.

The DHCP self-defined options are optional. You can configure it when needed.

----End

Postrequisite

The Option field in DHCP packets carries the control information and parameters that are notdefined in some common protocols. If the DHCP server is configured with Option, the DHCPclient gets the configuration information saved in Option filed of DHCP response packets.

You can add new options to the attribute list of the DHCP server by manual definition. Forexample,

l To configure the IP address of the log server to 10.110.204.1, run the dhcp server option7 ip-address 10.110.204.1 command.



4-17

l To configure the TTL of the client packet to 64, run the dhcp server option 23 hex 40command.

NOTE

Using the option code command, you can specify the options that need be included in the DHCP responsepackets.Before using the option code command, you need to know the function of each option: Option 77 appliesto identify user types or applications of DHCP client. Based on User Class in the Option field, the DHCPserver selects proper address pool and configuration parameters. Option 77 usually is configured by theclient.



Action Command

Check the expired lease in the DHCP addresspool of the specified VLANIF interface.

display dhcp server expired vlan vlan-id

Check information about the DHCP addressbound to the specified VLANIF interface.

display dhcp server ip-in-use vlan vlan-id

Check information about the tree-structure ofDHCP address pool on the VLANIF interface.

display dhcp server tree vlan vlan-id

Run the display dhcp server tree vlan command. If the tree structure information of DHCPaddress pools on VLANIF interfaces, such as DNS, IP lease and Option parameters, is displayed,it means that the configuration succeeds.

<Quidway> display dhcp server tree vlan 2Interface pool:Pool name: Vlanif2 network 50.1.1.0 mask 255.255.255.0 gateway-list 50.1.1.1 expired day 1 hour 0 minute 0

Run the display dhcp server ip-in-use vlan command. If the binding information of IP addresson VLANIF interfaces, such as the hardware address and the IP lease, is displayed, it means thatthe configuration succeeds.

<Quidway> display dhcp server ip-in-use vlan 2 IP address Hardware address Lease expiration Type 50.1.1.12 0023-0034-0053 NOT Used Manual

Run the display dhcp server expired command. If the expired IP address in the address poolon VLANIF interfaces is displayed, it means that the configuration succeeds.

<Quidway> display dhcp server expired vlan 2 IP address Hardware address Lease expiration Type

4.4 Configuring the Security Function for DHCPThis section describes how to enhance the security of the DHCP service.





Issue 04 (2010-01-25)

4.4.2 Starting the Detection of the Pseudo DHCP Server on a DHCP Server

4.4.3 Avoiding Repetitive IP Address Assignment

4.4.4 Saving DHCP Data

4.4.5 Recovering DHCP Data



Applicable EnvironmentAfter configuring the DHCP server, you need to configure the security function of DHCP toenhance the security.

Pre-configuration TasksBefore configuring the security function of DHCP, complete the DHCP server configuration.

Data PreparationTo configure the security function of DHCP service, you need the following data.

No. Data

1 Interval at which ping packets are sent and the number of ping packets

2 Interval for saving the DHCP data

4.4.2 Starting the Detection of the Pseudo DHCP Server on a DHCPServer

ContextIf a private DHCP server exists in the network, users cannot obtain correct IP addresses and thuscannot log in to the network because this private DHCP server will interact with the DHCP clientduring address application. Such a private DHCP server is called a pseudo DHCP server.


Procedure



Step 2 Run:dhcp server detect



4-19

Detecting the pseudo DHCP server is enabled on the DHCP server.

By default, this function is disabled.

----End

4.4.3 Avoiding Repetitive IP Address Assignment


Procedure



Step 2 Run:dhcp server ping timeout milliseconds

The time for waiting the response after the ping packets is sent by the DHCP server is configured.

Step 3 Run:dhcp server ping packets number

The maximum number of ping packets sent by the DHCP server is configured.

By default, the maximum number of ping packets being sent is 2 and the longest waiting timefor ping response packets is 500 ms.

----End

PostrequisiteBefore assigning addresses to a client, the DHCP server should detect the IP address to avoidaddress collision.

Using the ping command, you can check if there is a ping response of the address to be assignedwithin the specific time. If there is no response after a specific time, the DHCP server re-sendsping packets to this address until it reaches the maximum number of ping packets allowed to besent. If there is still no response, it indicates that the IP address is not in use. In this way, it isensured that a unique IP address is assigned to the client.

4.4.4 Saving DHCP Data


Procedure

Step 1 Run:




Issue 04 (2010-01-25)

system-view


Step 2 Run:dhcp server database enable

Saving the DHCP data to the Flash is enabled.

Step 3 Run:dhcp server database write-delay seconds

The time delay for saving the data is set.

By default, DHCP data cannot be saved to the Flash. If the function is enabled, the default intervalfor saving the current DHCP data is 300 seconds, and the new data overwrites the previous data.

----End

Postrequisite

The DHCP data is saved with a fixed file name on the Flash. Normally, the IP leasing informationis saved in lease.txt file and the address collision information is saved in conflict.txt file. Backup these two files to other directories because they are replaced regularly.

4.4.5 Recovering DHCP Data

Context


Procedure



Step 2 Run:dhcp server database recover

DHCP data is recovered after reboot.

----End



Action Command

View the statistics of DHCP addresscollisions.

display dhcp server conflict { all | ip ip-address }



4-21

Action Command

View the storage path and fileinformation of the DHCP database.

display dhcp server database

Run the display dhcp server conflict command. If the conflicted IP address and the time whenthe conflict occurs are displayed, it means that the configuration succeeds.

<Quidway> display dhcp server conflict allAddress Discover Time10.110.1.2 Jan 11 2003 11:57: 7 PM

Run the display dhcp server database command. If the saved path of the DHCP data isdisplayed, it means that the configuration succeeds.

<Quidway> display dhcp server database Status: disable Recover from files after reboot: disable File saving lease items: flash:/dhcp/lease.txt File saving conflict items: flash:/dhcp/conflict.txt Save Interval: 300 (seconds)

4.5 Configuring DHCP RelayThis section describes how to enable DHCP relay so that DHCP relay can forward DHCPrequests from local clients to the DHCP server on other networks.


4.5.2 Enabling DHCP Relay

4.5.3 Assigning IP Addresses to the Client Through Relay

4.5.4 Requesting the DHCP Server to Release IP Addresses of the Client




When there is no DHCP server configured on the local network, enable the DHCP relay functionon the device. Thus, the DHCP relay can forward the DHCP requests from local clients to theDHCP server on the other network. That is, the interface connecting the DHCP server to theDHCP relay must not be configured with any interface address pool.

NOTE

The relay between the server and the client cannot exceed four. Otherwise, the DHCP packet is discarded.


Before configuring the DHCP relay, complete the following tasks:




Issue 04 (2010-01-25)

l Configuring the DHCP server

l Configuring the routes from the local device to the DHCP server

Data PreparationTo configure the DHCP relay, you need the following data.

No. Data

1 IP address of the DHCP server

2 Number of the VLAN to be enabled the DHCP relay function

3 IP address to be released and the corresponding MAC address

4.5.2 Enabling DHCP Relay

ContextEach interface can be configured with up to 20 IP relay addresses.

Do as follows on the S-switch acting as the DHCP relay:

Procedurel Enabling DHCP relay in the interface view

1. Run:system-view


interface vlanif vlan-id

The interface view is displayed.3. Run:


The IP address of the interface is configured.

NOTE

This IP address must be in the same network segment with the IP addresses in the address poolon the DHCP server.

4. Run:ip relay address ip-address

The relay IP address of the interface is added.

The relay IP address indicates the IP address of the DHCP server specified on theDHCP relay device. After the DHCP relay is enabled on one interface, the DHCPserver is specified by the IP relay address. The DHCP broadcast packets received onthe interface are sent to the specified DHCP server.



4-23

NOTE

If the VLANIF interface is configured with a secondary IP address, the secondary IP addresscannot be used as the gateway address. That is, if the ip relay address command is run on theinterface, the command takes effect only on the network segment where the primary IP addressof the interface resides.

l Enabling DHCP Relay in the system view1. Run:

system-view


ip relay address ip-address vlan vlan-id

The IP relay address of the VLANIF interface is added.

----End

PostrequisiteBecause the DHCP client may send broadcast packets during DHCP configuration, the interfacewhere IP relay is enabled should support the broadcast mode.

4.5.3 Assigning IP Addresses to the Client Through Relay

ContextDo as follows on the S-switch acting as the DHCP relay:

Procedurel Assigning IP addresses to the client of the current interface

1. Run:system-view



The VLANIF interface view is displayed.3. Run:

dhcp select relay

IP addresses are assigned through DHCP relay.l Assigning IP addresses to the clients of the VLAN

1. Run:system-view


dhcp select relay vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>

IP addresses are assigned through DHCP relay.

----End




Issue 04 (2010-01-25)

4.5.4 Requesting the DHCP Server to Release IP Addresses of theClient

Context

Do as follows on the S-switch acting as the DHCP relay:

Procedurel Requesting all the DHCP servers to release an IP address

1. Run:system-view


2. Run:dhcp relay release client-ip-address mac-address

The DHCP servers are required to release the IP address.

l Requesting the specified DHCP server to release an IP address

1. Run:system-view


2. Run:dhcp relay release client-ip-address mac-address server-ip-address

The specified DHCP server is required to release the IP address.

l Requesting the DHCP server connected with the interface to release an IP address

1. Run:system-view


2. Run:interface vlanif VLANIF interface number


3. Run:dhcp relay release client-ip-address mac-address [ server-ip-address ]

The DHCP server connected with the interface on the DHCP relay is required torelease the IP address.

----End


Run the flowing commands to check the previous configuration.



4-25

Action Command

Check the related statistics about theDHCP relay.

display dhcp relay statistics

Check the DHCP relay address ofthe interface.

display dhcp relay address vlan vlan-id

Run the display dhcp relay address command. If there are available DHCP relay addresses andrelated configuration information, it means that the configuration succeeds.<Quidway> display dhcp relay address vlan 1 ** Vlanif1 DHCP Relay Address ** Relay Address [0] : 3.3.3.3

Run the display dhcp relay statistics command. If statistics of DHCP relay, such as the numberof wrong DHCP packets and the number of various DHCP packet, is displayed, it means thatthe configuration succeeds.<Quidway> display dhcp relay statistics Bad Packets received: 0 DHCP packets received from clients: 0 DHCP DISCOVER packets received: 0 DHCP REQUEST packets received: 0 DHCP INFORM packets received: 0 DHCP DECLINE packets received: 0 DHCP packets received from servers: 0 DHCP OFFER packets received: 0 DHCP ACK packets received: 0 DHCP NAK packets received: 0 DHCP packets sent to servers: 0 DHCP packets sent to clients: 0 Unicast packets sent to clients: 0 Broadcast packets sent to clients: 0

4.6 Maintaining DHCPThis section describes how to clear the statistics about DHCP and debug DHCP.

4.6.1 Resetting DHCP

4.6.2 Releasing Conflicting IP Addresses

4.6.3 Clearing DHCP Statistics


4.6.5 Debugging DHCP

4.6.1 Resetting DHCP

CAUTIONResetting DHCP binding through the reset dhcp command interrupts the operation of the DHCPserver.




Issue 04 (2010-01-25)

To reset DHCP, run the following reset commands in the user view.

Action Command

Reset information about the binding of thespecified IP address.

reset dhcp server ip-in-use ip ip-address

Reset information about the dynamic addressbindings of the global address pool.

reset dhcp server ip-in-use pool [ pool-name ]

Reset information about dynamic IP addressbindings on the address pool of the VLANIFinterface.

reset dhcp server ip-in-use vlan vlan-id

Reset information about the dynamic addressbindings of all the address pools.

reset dhcp server ip-in-use all

4.6.2 Releasing Conflicting IP Addresses

CAUTIONAfter the conflicting IP addresses are released, they can be reallocated by the DHCP server.

To release the conflicting IP addresses, run the following reset commands in the user view.

Action Command

Release the conflicting IP addresses in thespecified address pool.

reset dhcp server conflict ip ip-address

Release all conflicting IP addresses. reset dhcp server conflict all

The DHCP server detects the conflicting IP addresses through the ping command while theDHCP client detects the conflicting IP address through sending ARP packets.

4.6.3 Clearing DHCP Statistics

CAUTIONDHCP statistics cannot be restored after you clear it. So, confirm the action before you use thecommand.

To clear the DHCP statistics, run the following reset commands.



4-27

Action Command

Reset the statistics about the DHCPserver.

reset dhcp server statistics

Reset the statistics about the DHCP relay. reset dhcp relay statistics


To obtain configuration about DHCP in routine maintenance, run the following commands.

Action Command

View information about available IPaddresses in the DHCP address pool.

display dhcp server free-ip

View information about the IPaddresses with expired leases in theDHCP address pool.

display dhcp server expired { all | ip ip-address |pool [ pool-name ] | vlan vlan-id}

View information about addressbindings.

display dhcp server ip-in-use { all | ip ip-address |pool [ pool-name ] | vlan vlan-id }

View statistics about the DHCPserver.

display dhcp server statistics

View information about the treestructure of the DHCP address pool.

display dhcp server tree { all | pool [ pool-name ] |vlan vlan-id }

View information about the conflictaddresses in the DHCP address pool.

display dhcp server conflict { all | ip ip-address }

View the path at which DHCPdatabase is saved and file informationabout the database.

display dhcp server database

View configurations about the DHCPrelay address.

display dhcp relay address vlan vlan-id

4.6.5 Debugging DHCP

CAUTIONDebugging affects the performance of the system. So after debugging, run the undo debuggingallcommand to disable it immediately.

Run the following debug commands in the user view to debug DHCP and locate the fault.




Issue 04 (2010-01-25)

Action Command

Enable DHCP server debugging . debugging dhcp server { all | error | event | packet }

Enable DHCP relay debugging. debugging dhcp relay { all | error | event | packet[ client mac mac-address ] }

4.7 Configuration ExamplesThis section provides several configuration examples of the DHCP server and DHCP relay.

4.7.1 Example for Configuring the Global Address Pool-based DHCP Server

4.7.2 Example for Configuring the VLANIF Interface Address Pool-based DHCP Server

4.7.3 Example for Configuring DHCP Relay

4.7.1 Example for Configuring the Global Address Pool-basedDHCP Server

Networking RequirementsAs shown in Figure 4-1, a DHCP server dynamically assigns the IP addresses to a client in thesame network segment. The address pool segment 10.1.1.0/24 is divided into two segments:10.1.1.0/25 and 10.1.1.128/25. The IP addresses of the two VLANIF interfaces on the DHCPserver are 10.1.1.1/25 and 10.1.1.129/25.

The IP lease of the segment 10.1.1.0/25 is 10 days and 12 hours, with domain name ashuawei.com, DNS address as 10.1.1.2, egress device address as 10.1.1.126 and without theNetBIOS address.

The IP lease of the segment 10.1.1.128/25 is 5 days, with domain name as huawei.com, DNSaddress as 10.1.1.2, egress device address as 10.1.1.254, and NetBIOS address as 10.1.1.4.



4-29

Figure 4-1 Networking diagram of the DHCP server and the client that are in the same networksegment

DHCPClient

DHCPServer

NetBIOSServer

DHCPClient

DNSServer

DHCPClient

DHCPClient

DHCPClient

DHCPClient

VLANIF110.1.1.1/25

VLANIF210.1.1.129/25

Network: 10.1.1.0/25 Network: 10.1.1.128/25


1. Enable DHCP.2. Configure the IP addresses that need not be assigned automatically, such as IP addresses

of the DNS server, the NetBIOS server and the egress gateway.3. Configure an address pool, including the address range and the domain name, and configure

the IP address of the DNS server.4. Configure related attributes for the address pool, such as the address range, the egress

gateway, the IP address of the NetBIOS server and the IP lease.This example covers the configurations of three address pools. Address pool 0 is configuredwith the common attribute of all client; address pool 1 and address pool 2 are configuredwith different attributes of various clients.In this example, you can configure only address pool 1 and address pool 2. They cannotadopt configurations of the root address pool. You need to configure attributes for themrespectively.


l IP address that need not be assigned automatically

l Address pool number

Configuration Procedure1. Configure the DHCP server.




Issue 04 (2010-01-25)

# Enable DHCP on the device.<Quidway> system-view[Quidway] sysname S-switch[S-switch] dhcp enable# Configure the IP addresses that do not participate in auto-allocation, including addressesof the DNS server, the NetBIOS server and the egress gateway.[S-switch] dhcp server forbidden-ip 10.1.1.2[S-switch] dhcp server forbidden-ip 10.1.1.4[S-switch] dhcp server forbidden-ip 10.1.1.126[S-switch] dhcp server forbidden-ip 10.1.1.254# Configure general attributes of DHCP address pool 0, including the address pool range,domain name and the IP address of the DNS server.[S-switch] dhcp server ip-pool 0[S-switch-dhcp-0] network 10.1.1.0 mask 255.255.255.0[S-switch-dhcp-0] domain-name huawei.com[S-switch-dhcp-0] dns-list 10.1.1.2[S-switch-dhcp-0] quit# Configure attributes of DHCP address pool 1, including the address pool range, egressgateway and the IP lease.[S-switch] dhcp server ip-pool 1[S-switch-dhcp-1] network 10.1.1.0 mask 255.255.255.128[S-switch-dhcp-1] expired day 10 hour 12[S-switch-dhcp-1] gateway-list 10.1.1.126[S-switch-dhcp-1] quit# Configure attributes of DHCP address pool 2, including the address pool range, egressgateway, the IP address of the NetBIOS server and the IP lease.[S-switch] dhcp server ip-pool 2[S-switch-dhcp-2] network 10.1.1.128 mask 255.255.255.128[S-switch-dhcp-2] expired day 5[S-switch-dhcp-2] nbns-list 10.1.1.4[S-switch-dhcp-2] gateway-list 10.1.1.254[S-switch-dhcp-2] quit# Configure the clients of the VLANIF1 to obtain their IP addresses from the global addresspool.[S-switch] interface vlanif 1[S-switch-Vlanif1] ip address 10.1.1.1 255.255.255.128[S-switch-Vlanif1] dhcp select global[S-switch-Vlanif1] quit# Configure the clients of the VLANIF2 to obtain their IP addresses from the global addresspool.[S-switch] interface vlanif 2[S-switch-Vlanif2] ip address 10.1.1.129 255.255.255.128[S-switch-Vlanif2] dhcp select global[S-switch-Vlanif2] quit

2. Verify the configuration.After the configuration, run the display dhcp server tree command on the DHCP server.If the tree structure information of DHCP address pools, including DNS, IP lease, andOption parameters, is displayed, it means that the configuration succeeds.[S-switch] display dhcp server tree allGlobal pool:Pool name: 0Child node:1 network 10.1.1.0 mask 255.255.255.0 dns-list 10.1.1.2 domain-name huawei.com expired day 1 hour 0 minute 0Pool name: 1Parent node:0



4-31

Sibling node:2 network 10.1.1.0 mask 255.255.255.128 gateway-list 10.1.1.126 dns-list 10.1.1.2 domain-name huawei.com expired day 10 hour 12 minute 0Pool name: 2Parent node:0PrevSibling node:1 network 10.1.1.128 mask 255.255.255.128 gateway-list 10.1.1.254 dns-list 10.1.1.2 domain-name huawei.com nbns-list 10.1.1.4 expired day 5 hour 0 minute 0

Configuration FileThe configuration file of S-switch is as follows:# sysname S-switch#dhcp server ip-pool 0 network 10.1.1.0 mask 255.255.255.0 dns-list 10.1.1.2 domain-name huawei.com#dhcp server ip-pool 1 network 10.1.1.0 mask 255.255.255.128 gateway-list 10.1.1.126 expired day 10 hour 12#dhcp server ip-pool 2 network 10.1.1.128 mask 255.255.255.128 gateway-list 10.1.1.254 nbns-list 10.1.1.4 expired day 5#interface Vlanif1 ip address 10.1.1.1 255.255.255.128 #interface Vlanif2 ip address 10.1.1.129 255.255.255.128 # dhcp server forbidden-ip 10.1.1.2 dhcp server forbidden-ip 10.1.1.4 dhcp server forbidden-ip 10.1.1.126 dhcp server forbidden-ip 10.1.1.254# dhcp enable#return

NOTE

By default, IP addresses in the global address pool are assigned. So, the configuration file does not containthe dhcp select global command.

4.7.2 Example for Configuring the VLANIF Interface Address Pool-based DHCP Server

Networking RequirementsFigure 4-2 shows the diagram of applying the VLANIF-interface-based address pool to thedevice that supports switched Ethernet interfaces. The Ethernet interface cannot be configured




Issue 04 (2010-01-25)

with an IP address, so you need to create a VLANIF interface and configure a DHCP addresspool on it to assign IP addresses.

Figure 4-2 Networking diagram of the DHCP server based on the address pool on the VLANIFinterface

DHCPClient

DHCPServer

NetBIOS Server DNS Server 10.1.1.2/2410.1.1.3/24

VLANIF1010.1.1.1/24

VLANIF1110.1.2.1/24

GE0/0/1

GE0/0/2

DHCPClient

DHCPClient

DHCPClient


1. Enable DHCP.2. Configure the IP addresses that need not be assigned automatically, such as IP addresses

of the DNS server, IP addresses of the NetBIOS server.3. Create VLANIF interfaces and configure IP addresses for them.4. Enable the address pool that is based on the VLANIF interface.5. Configure related attributes for the address pool, such as the domain name, IP addresses of

the NetBIOS server and the DNS server, and the IP lease.


l IP address that need not be assigned automatically

l Address pool number

Configuration Procedure1. Configure the DHCP server.

# Enable DHCP on the device.<Quidway> system-view



4-33

[Quidway] sysname S-switch[S-switch] dhcp enable

# Configure the IP addresses that do not participate in auto-allocation, including IPaddresses of the DNS server and NetBIOS server.[S-switch] dhcp server forbidden-ip 10.1.1.2[S-switch] dhcp server forbidden-ip 10.1.1.3

# Create a VLAN.[S-switch] vlan 10[S-switch-vlan10] quit[S-switch] vlan 11[S-switch-vlan11] quit

# Configure attributes for the switched Ethernet interface and join the interface to a VLAN.[S-switch] interface gigabitethernet 0/0/1[S-switch-GigabitEthernet0/0/1] port default vlan 10[S-switch-GigabitEthernet0/0/1] quit[S-switch] interface gigabitethernet 0/0/2[S-switch-GigabitEthernet0/0/2] port default vlan 11[S-switch-GigabitEthernet0/0/2] quit

# Create a VLANIF interface and configure an IP address for the VLANIF interface.[S-switch] interface vlanif 10[S-switch-Vlanif10] ip address 10.1.1.1 24[S-switch-Vlanif10] quit[S-switch] interface vlanif 11[S-switch-Vlanif11] ip address 10.1.2.1 24[S-switch-Vlanif11] quit

# Enable the address pool on the VLANIF interface.[S-switch] dhcp select interface vlan 10 to 11

# Configure the domain name of the address pool and IP addresses of the DNS server andthe NetBIOS server.[S-switch] dhcp server domain-name huawei.com vlan 10 to 11[S-switch] dhcp server dns-list 10.1.1.2 vlan 10 to 11[S-switch] dhcp server nbns-list 10.1.1.3 vlan 10 to 11[S-switch] dhcp server netbios-type b-node vlan 10 to 11

# Configure the IP lease.[S-switch] dhcp server expired day 10 hour 12 vlan 10 to 11

2. Verify the configuration.

After the configuration, run the display dhcp server tree command on the DHCP server.If the tree structure information of DHCP address pools, including DNS, IP lease, andOption parameters, is displayed, it means that the configuration succeeds.[S-switch] display dhcp server tree allInterface pool:Pool name: Vlanif10 network 10.1.1.0 mask 255.255.255.0 gateway-list 10.1.1.1 dns-list 10.1.1.2 domain-name huawei.com nbns-list 10.1.1.3 netbios-type b-node expired day 10 hour 12 minute 0Pool name: Vlanif11 network 10.1.2.0 mask 255.255.255.0 gateway-list 10.1.2.1 dns-list 10.1.1.2 domain-name huawei.com nbns-list 10.1.1.3 netbios-type b-node expired day 10 hour 12 minute 0




Issue 04 (2010-01-25)

Configuration FilesThe configuration file of S-switch is as follows:

# sysname S-switch# vlan batch 10 to 11#interface Vlanif10 ip address 10.1.1.1 255.255.255.0 dhcp select interface dhcp server dns-list 10.1.1.2 dhcp server domain-name huawei.com dhcp server nbns-list 10.1.1.3 dhcp server netbios-type b-node dhcp server expired day 10 hour 12#interface Vlanif11 ip address 10.1.2.1 255.255.255.0 dhcp select interface dhcp server dns-list 10.1.1.2 dhcp server domain-name huawei.com dhcp server nbns-list 10.1.1.3 dhcp server netbios-type b-node dhcp server expired day 10 hour 12#interface gigabitEthernet0/0/1 port default vlan 10#interface gigabitEthernet0/0/2 port default vlan 11# dhcp server forbidden-ip 10.1.1.2 dhcp server forbidden-ip 10.1.1.3# dhcp enable#return

4.7.3 Example for Configuring DHCP Relay

Networking RequirementsAs shown in Figure 4-3, the DHCP client is in the network segment 10.100.0.0/16, while theDHCP server is in the network segment 202.40.0.0/16. A DHCP relay device is needed to relayDHCP packets so that the DHCP client obtains the IP addresses from the DHCP server.

The DHCP server is assigned with an address pool in the network segment 10.100.0.0/16. TheIP address of the DNS server is 10.100.1.2/16, the IP address of the NetBIOS server is10.100.1.3/16, and the IP address of the egress gateway is 10.100.1.4. On the DHCP server, therouting table must contain at least one reachable a route to the network segment 10.110.0.0.



4-35

Figure 4-3 Networking diagram for configuring DHCP relay

DNS Server

DHCPClient

DHCP RelayVLANIF1

10.100.1.1/16

GE0/0/1202.40.1.2/16

Router

VLANIF2202.40.1.1/16

NetBIOS Server10.100.1.2/16 10.100.1.3/16

DHCP Server

DHCPClient



1. Enable DHCP on S-switchthat acts as the DHCP relay.2. Configure the IP address for interface VLANIF2.3. Configure the IP relay address for VLANIF1 and enable DHCP relay on VLANIF1.4. Configure a route from the DHCP server to the network segment 10.100.0.0/16.5. Enable DHCP on the Router.6. Configure the clients attached to GE 0/0/1 to obtain IP addresses through the global address

pool.7. Configure a global address pool on the Router.

Data Preparation

To complement the configuration, you need the following data:

l IP address of the interface that need to be enabled with DHCP relay

l IP address of the DHCP server

Configuration Procedure1. Configure the DHCP relay.

# Enable DHCP on the device.<Quidway> system-view[Quidway] sysname S-switch[S-switch] dhcp enable

# Configure an IP address for VLANIF2.[S-switch] interface vlanif 2[S-switch-Vlanif2] ip address 202.40.1.1 255.255.0.0[S-switch-Vlanif2] quit




Issue 04 (2010-01-25)

# Enter the view of the interface that needs to be enabled with DHCP relay. Configure theIP address and mask of the interface, which should be in the same network segment withthat of the DHCP client.[S-switch] interface vlanif 1[S-switch-Vlanif1] ip address 10.100.1.1 255.255.0.0[S-switch-Vlanif1] ip relay address 202.40.1.2[S-switch-Vlanif1] dhcp select relay[S-switch-Vlanif1] quit

2. Configure the DHCP server.# On the Router, configure routes to VLANIF1 that connects S-switchand its client.<Quidway> system-view[Quidway] sysname Router[Router] ip route-static 10.100.0.0 255.255.0.0 202.40.1.1# Enable DHCP.[Router] dhcp enable# Configure the clients of GE 0/0/1 to obtain the IP addresses from the global address pool.[Router] interface GigabitEthernet 0/0/1[Router-GigabitEthernet 0/0/1] ip address 202.40.1.2 255.255.0.0[Router-GigabitEthernet 0/0/1] dhcp select global[Router-GigabitEthernet 0/0/1] quit# Configure the IP addresses that do not participate in auto-allocation, including IPaddresses of the DNS server, the NetBIOS server and the egress gateway.[Router] dhcp server forbidden-ip 10.100.1.2[Router] dhcp server forbidden-ip 10.100.1.3[Router] dhcp server forbidden-ip 10.100.1.4# Configure attributes of DHCP address pool 1, including the address pool range, domainname, egress gateway, the IP address of the DNS server and IP lease.[Router] dhcp server ip-pool 1[Router-dhcp-1] network 10.100.0.0 mask 255.255.0.0[Router-dhcp-1] domain-name huawei.com[Router-dhcp-1] dns-list 10.100.1.2[Router-dhcp-1] nbns-list 10.100.1.3[Router-dhcp-1] gateway-list 10.100.1.4[Router-dhcp-1] expired day 10 hour 12[Router-dhcp-1] quit

3. Verify the configuration.Run the display dhcp server tree command on the DHCP server. If the tree structureinformation of DHCP address pools, including DNS, IP lease, and Option parameters, isdisplayed, it means that the configuration succeeds.[Router] display dhcp server tree allGlobal pool:Pool name: 1 network 10.100.0.0 mask 255.255.0.0 gateway-list 10.100.1.4 dns-list 10.100.1.2 domain-name huawei.com nbns-list 10.100.1.3 expired day 10 hour 12 minute 0Run the display dhcp relay address vlan 1 command on the DHCP relay device to viewconfigurations of the relay IP address.[S-switch] display dhcp relay address vlan 1 ** Vlanif1 DHCP Relay Address ** Relay Address [0] : 202.40.1.2



4-37

Configuration Filesl Configuration file of S-switch

# sysname S-switch#interface Vlanif1 ip address 10.100.1.1 255.255.0.0 ip relay address 202.40.1.2 dhcp select relay#interface Vlanif2 ip address 202.40.1.1 255.255.0.0#return

l Configuration file of the Router# sysname Router#dhcp server ip-pool 1 network 10.100.0.0 mask 255.255.0.0 gateway-list 10.100.1.4 dns-list 10.100.1.2 domain-name huawei.com nbns-list 10.100.1.3 expired day 10 hour 12 #interface GigabitEthernet 0/0/1ip address 202.40.1.2 255.255.0.0#dhcp server forbidden-ip 10.100.1.2dhcp server forbidden-ip 10.100.1.3dhcp server forbidden-ip 10.100.1.4#ip route-static 10.100.0.0 255.255.0.0 202.40.1.1#return




Issue 04 (2010-01-25)

5 IP Performance Configuration

About This Chapter

This chapter describes the parameters and function required for IP performance optimizationand provides procedures and examples for optimizing IP performance.

5.1 OverviewThis section describes the parameters and concepts concerning IP performance.

5.2 Improving IP PerformanceThis section describes how to enhance the performance of a specified network through settingsome IP parameters.

5.3 Maintaining IP PerformanceThis section describes how to clear IP/TCP/UDP statistics and debug IP/TCP/UDP.

5.4 Configuration ExamplesThis section provides several configuration examples of the IP performance.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 5 IP Performance Configuration


5-1

5.1 OverviewThis section describes the parameters and concepts concerning IP performance.

5.1.1 Introduction to IP Performance

5.1.2 IP Performance Supported by the S-switch

5.1.1 Introduction to IP Performance

IP performance optimization should be performed on the basis of configurations of someparameters and enablement of related functions, for example, ICMP function, and TCPattributes.

Internet Control Message Protocol (ICMP) messages are used by either the IP layer or the higherlayer protocol (TCP or UDP). ICMP communicates error messages or other conditions thatrequire attention.

5.1.2 IP Performance Supported by the S-switch

ICMPl ICMP Host Unreachable Messages

When forwarding packets, the device discards the packets and returns an ICMP hostunreachable message to the source to notify that the source must stop sending packets tothis destination if the device encounters the following situations:

– There is no route to the destination.

– The packet is not for itself.

l ICMP Packet Sending Switches

In normal circumstance, ICMP host unreachable messages can ensure normal packettransmission. However, when devices encounter the preceding conditions frequently,network traffic becomes heavy because devices send a large number of ICMP messages.This increases the traffic burden. In the case of malicious attacks, network congestionbecomes worse.

To solve this problem, a control switch is added on the outgoing interface of ICMPmessages. This switch is used to respectively enable or disable the sending of ICMP hostunreachable messages. If the switch is disabled, the device does not send out the ICMPhost unreachable packets. This can reduce the traffic burden and protect the network frommalicious attacks.

Broadcast Packet Forwarding

Broadcast packet forwarding is used to control whether broadcast packets are forwarded on aspecified interface. Run the ip forward-broadcast command on an interface. For the broadcastpackets that are not generated by the local host, this interface sends the broadcast packets to thelocal host before forwarding them.

5 IP Performance ConfigurationQuidway S5300 Series Ethernet Switches



Issue 04 (2010-01-25)

When forwarding broadcast packets is enabled, the ACL rules can be specified. The interfaceforwards only the broadcast packets that match the ACL. It sends back the broadcast packetsthat do not match the ACL to the host without forwarding them.

S-switch generally do not forward directional broadcast packets. In some cases, however, youmay require the device to forward directional broadcast packets. Thus, you can run the ipforward-broadcast command to enable an interface to forward directional broadcast packets.This makes the networking to be flexible.

5.2 Improving IP PerformanceThis section describes how to enhance the performance of a specified network through settingsome IP parameters.


5.2.2 Verifying the Source IP Address

5.2.3 Forwarding Broadcast Packets

5.2.4 Configuring ICMP Attributes

5.2.5 Configuring TCP Attributes




In some special network environments, you must adjust the IP parameters to achieve the bestperformance. Improving IP performance involves configurations of a series of parameters.


Before improving IP performance, complete the following tasks:

l Configuring the physical parameters for related interfaces and ensuring that the status ofthe physical layer of the interface is Up

l Configuring the link layer protocol for related interfaces and ensuring that the status of thelink layer protocol on the interface is Up

l Configuring the IP addresses for related interfaces

l Configuring the ACL

Data Preparation

To improve IP performance, you need the following data.

No. Data

1 Number of the interface



5-3

No. Data

2 Number of the interface which needs source address verification

3 Number of the interface which needs to forward broadcast packets and ACL numberwhich is used to specify the broadcast packets

4 Number of the interface which needs to configure ICMP host-unreachable

5 SYN-WAIT timer, FIN-WAIT timer, receiving and sending buffer size of the socket

5.2.2 Verifying the Source IP Address


Procedure




The interface view is displayed.

Step 3 Run:ip verify source-address

The source IP address verification is enabled on the interface.

By default, the function is disabled on all interfaces.

----End

5.2.3 Forwarding Broadcast Packets


Procedure







Issue 04 (2010-01-25)


Step 3 Run:ip forward-broadcast [ acl acl-number ]

The interface is configured to forward broadcast packets.

By default, broadcast packets are not forwarded by any interface.

----End

5.2.4 Configuring ICMP Attributes

ContextBy default, sending ICMP redirection packets and unreachable packets is enabled.

CAUTIONl If the transmission of ICMP host unreachable messages is disabled, the device no longer

sends the ICMP host unreachable message.


Procedure



Step 2 Run:interface interface-type interface-number


The interface is a VLANIF interface.

Step 3 Run:icmp host-unreachable send

Sending ICMP host unreachable packets is enabled.

----End

5.2.5 Configuring TCP Attributes

ContextThe TCP attributes that can be configured include:

l The SYN-Wait timer: On sending SYN packets, the TCP starts the SYN-Wait timer. Ifresponse packets are not received before the SYN-Wait timer timeout, the TCP connection



5-5

is terminated. The SYN-Wait timer timeout ranges from 2 seconds to 600 seconds, and thedefault value is 75 seconds.

l The FIN-Wait timer: When the TCP connection status turns from FIN_WAIT_1 toFIN_WAIT_2, the FIN-Wait timer starts. If FIN packets are not received before the FIN-Wait timer timeout, the TCP connection is terminated. The FIN-Wait timer timeout rangesfrom 76 seconds to 3600 seconds, and the default value is 675 seconds.

l The receiving and sending window-size of the connection-oriented socket: It ranges from1K bytes to 32K bytes, and the default value is 8K bytes.

If an attribute of TCP is configured for many times in the system view, only the last configurationtakes effect.


Procedure



Step 2 Run:tcp timer syn-timeout interval

The SYN-Wait timer of setting up TCP connections is configured.

Step 3 Run:tcp timer fin-timeout interval

The FIN_WAIT_2 timer of setting TCP connections is configured.

Step 4 Run:tcp window window-size

The receiving/sending buffer size of the TCP socket is configured.

----End



Action Command

View the TCP connection status. display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ip-address ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remote-port-number ] ]

View the TCP traffic statistics. display tcp statistics

View the UDP traffic statistics. display udp statistics




Issue 04 (2010-01-25)

Action Command

View the table information of the IP layerinterface.

display ip interface [ interface-type interface-number ]display ip interface brief [ interface-type[ interface-number ] ]

View the IP traffic statistics. display ip statistics

View the ICMP traffic statistics. display icmp statistics

View the Rawlink statistics. display rawlink statistics

View the FIB table. display fib

View the filtered FIB information. display fib acl acl-number[ verbose ]

View the FIB entry which matches adestination address.

display fib destination-address1 [ destination-mask1 ] [ longer ] [ verbose ]

View the FIB entry whose destinationaddress is in the range of destination-address1 destination-mask1 todestination-address2 destination-mask2.

display fib destination-address1 destination-mask1 destination-address2 destination-mask2[ verbose ]

View the FIB entries that have passedfiltering in a certain format according tothe input IP prefix name.

display fib ip-prefix prefix-name [ verbose ]

View the FIB entries that have passedfiltering in a certain format according tothe input interface type and interfacenumber.

display fib interface interface-type interface-number

View the FIB entries that have passedfiltering in a certain format according tothe input next hop address.

display fib next-hop ip-address

View the total number of FIB entries. display fib statistics

View the summary of the FIB. display fib [ | { begin | exclude | include }regular-expression ]

View all the current socket APIinformation.

display ip socket [ monitor ] [ task-id task-id |sock-type sock-type ]

Run the display tcp status command. If the information about the TCP connection status isdisplayed, it means that the configuration succeeds. For example:

<Quidway> display tcp statusTCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State0dcdd3c0 30 /1 0.0.0.0:21 0.0.0.0:0 0 Listening0f63b34c 40 /1 0.0.0.0:23 0.0.0.0:0 14849 Listening0dcde398 40 /2 100.1.1.235:23 100.1.1.156:3589 0 Established0dce0348 40 /3 100.1.1.235:23 100.1.1.156:3596 0 Established



5-7

0dce0e40 40 /4 100.1.1.235:23 100.1.1.156:3750 0 Established0dce22f8 40 /5 100.1.1.235:23 100.1.1.156:3762 0 Established

Run the display tcp statistics command. If the TCP traffic statistics are displayed, it means thatthe configuration succeeds. For example:

<Quidway> display tcp statisticsReceived packets: Total: 0 packets in sequence: 0 (0 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets of data after window: 0 (0 bytes) packets received after close: 0 ACK packets: 0 (0 bytes) duplicate ACK packets: 0, too much ACK packets: 0 Sent packets: Total: 0 urgent packets: 0 control packets: 0 (including 0 RST) window probe packets: 0, window update packets: 0 data packets: 0 (0 bytes),data packets retransmitted: 0 (0 bytes) ACK-only packets: 0 (0 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keep alive timeout: 0, keep alive probe: 0, Keep alive timeout, so connections disconnected : 0 Initiated connections: 0, accepted connections: 0, established connections: 0 Closed connections: 0 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0

Run the display udp statistics command. If the UDP traffic statistics are displayed, it meansthat the configuration succeeds. For example:

<Quidway> display udp statisticsReceived packets: Total: 0 checksum error: 0 shorter than header: 0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0Sent packets: Total: 0

Run the display ip interface command. If the information about IP interfaces is displayed, itmeans that the configuration succeeds. For example:

<Quidway> display ip interface vlanif 1Vlanif1 current state : DOWNLine protocol current state : DOWNThe Maximum Transmit Unit : 1500 bytesinput packets : 0, bytes : 0, multicasts : 0output packets : 0, bytes : 0, multicasts : 0Directed-broadcast packets: received packets: 0, sent packets: 0 forwarded packets: 0, dropped packets: 0Internet Address is 172.18.255.1/24Broadcast address : 172.18.255.255




Issue 04 (2010-01-25)

TTL invalid packet number: 0ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0DHCP packet deal mode: global

Run the display ip statistics command. If the IP traffic statistics are displayed, it means that theconfiguration succeeds. For example:

<Quidway> display ip statisticsInput: sum 10153 local 10153 bad protocol 0 bad format 0 bad checksum 0 bad options 0 TTL exceeded 0Output: forwarding 0 local 11589 dropped 0 no route 0Fragment: input 0 output 0 dropped 0 fragmented 0 couldn't fragment 0Reassembling:sum 0 timeouts 0

Run the display icmp statistics command. If the ICMP traffic statistics are displayed, it meansthat the configuration succeeds. For example:

<Quidway> display icmp statisticsInput: bad formats 0 bad checksum 0 echo 4 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information request 0 mask requests 0 mask replies 0 time exceeded 0Output:echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 4 parameter problem 0 timestamp 0 information reply 0 mask requests 0 mask replies 0 time exceeded 0

Run the display rawlink statistics command. If the Rawlink statistics are displayed, it meansthat the configuration succeeds. For example:

<Quidway> display rawlink statisticsReceived packets: Total: 0 ifnet is null: 0 input packets missing pcb cache: 0 not pass multicast: 0 no join multicast: 0 full sock and pstMBuf to be freed: 0 full sock and nothing to be freed: 0 full sock and other reason: 0Send packets: Total: 0



5-9

Run the display fib command. If the brief information about the FIB is displayed, it means thatthe configuration succeeds. For example:

<Quidway> display fib FIB Table: Total number of Routes : 7

Destination/Mask Nexthop Flag TimeStamp Interface TunnelID127.0.0.1/32 127.0.0.1 HU t[57] InLoop0 0x0127.0.0.0/8 127.0.0.1 U t[57] InLoop0 0x0172.16.255.6/32 127.0.0.1 HU t[86] InLoop0 0x0172.16.255.4/30 172.16.255.6 U t[86] Vlanif2002 0x00.0.0.0/0 172.16.255.5 GSU t[86] Vlanif2002 0x0192.168.0.0/16 172.16.255.5 GSU t[86] Vlanif2002 0x0172.16.255.5/32 172.16.255.5 HLU t[650] GE0/0/1 0x0<Quidway> display fib acl 2010Route entry matched by access-list 2010:Summary counts: 1Destination/Mask Nexthop Flag TimeStamp Interface TunnelID127.0.0.0/8 127.0.0.1 U t[0] InLoopBack0 0x0

5.3 Maintaining IP PerformanceThis section describes how to clear IP/TCP/UDP statistics and debug IP/TCP/UDP.

5.3.1 Clearing IP/TCP/UDP Statistics


5.3.3 Debugging IP/TCP/UDP

5.3.1 Clearing IP/TCP/UDP Statistics

CAUTIONIP/TCP/UDP statistics cannot be restored after you clear it. So, confirm the action before youuse the command.

To clear the IP/TCP/UDP statistics, run the following reset commands in the user view.

Action Command

Reset the IP statistics. reset ip statistics [ interface interface-typeinterface-number ]

Clear information about the socketmonitor.

reset ip socket monitor

Reset the TCP traffic statistics. reset tcp statistics

Reset the UDP traffic statistics. reset udp statistics

Rest the Rawlink statistics. reset rawlink statistics




Issue 04 (2010-01-25)


To obtain configurations in routine maintenance, run the following commands.

Action Command

View TCP connection status. display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ip-address ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remote-port-number ] ]

View statistics about TCP traffic. display tcp statistics

View statistics about UDP traffic. display udp statistics

View information about IP interfaces. display ip interface [ interface-type interface-number ]display ip interface brief [ interface-type [interface-number ] ]

View statistics about IP traffic. display ip statistics

View statistics about ICMP traffic. display icmp statistics

View statistics about Rawlink. display rawlink statistics

View the FIB table. display fib

View the FIB information selectivelythrough filtering.

display fib acl acl-number [ verbose ]

Filter FIB entries by matching destinationIP addresses.

display fib [ slot-id ] destination-address1[ desinationt-mask1 ] [ longer ] [ verbose ]

View the FIB entries with the destinationIP addresses in the range from destination-address1 destination-mask1 todestination-address2 destination-mask2.

display fib [ slot-id ] destination-address1destination-mask1 destination-address2destination-mask2 [ verbose ]

View the FIB entries that have passedfiltering in a certain format according to theinput IP prefix name.

display fib ip-prefix prefix-name [ verbose ]

View the FIB entries that have passedfiltering in a certain format according to theinput interface type and interface number.

display fib interface interface-type interface-number

View the FIB entries that have passedfiltering in a certain format according to theinput next hop address.

display fib next-hop ip-address

View the total number of FIB entries. display fib statistics

View brief information about theforwarding table.

display fib [ | { begin | exclude | include }regular-expression ]



5-11

Action Command

View information about all the socketinterfaces of the system.

display ip socket [ monitor ] [ task-id task-id| sock-type sock-type ]

5.3.3 Debugging IP/TCP/UDP

CAUTIONDebugging affects the performance of the system. So after debugging, run the undo debuggingall command to disable it immediately.

Run the following debug commands in the user view to debug IP/TCP/UDP/RAWIP/RAWLINK and locate the fault.

Action Command

Enable IP packets debugging. debugging ip packet [ error ] [ acl acl-number ]

Enable ICMP debugging. debugging ip icmp

Enable UDP packets debugging. debugging udp packet [ local-ip ip-address ] [ local-port local-port ] [ remote-ip ip-address ] [ remote-port remote-port ]debugging udp packet [ task-id task-id ] [ socket-idsocket-id ]

Enable TCP packets debugging. debugging tcp packet [ local-ip ip-address ] [ local-port local-port ] [ remote-ip ip-address ] [ remote-port remote-port ] [ flag flag-number ]debugging tcp packet [ task-id task-id ] [ socket-idsocket-id ] [ flag flag-number ]

Enable TCP event debugging. debugging tcp event [ local-ip local-address ] [ local-port local-port ] [ remote-ip remote-address ] [ remote-port remote-port ]debugging tcp event [ task-id task-id ] [ socket-idsocket-id ]

Enable TCP MD5 authenticationdebugging.

debugging tcp md5 [ local-ip local-address ] [ local-port local-port ] [ remote-ip remote-address ] [ remote-port remote-port ]debugging tcp md5 [ task-id task-id ] [ socket-id socket-id ]




Issue 04 (2010-01-25)

Action Command

Enable RAWIP packetsdebugging.

debugging rawip packet [ local-ip ip-address ][ remote-ip ip-address ] [ protocol protocol-number ][ verbose verbose-number ]debugging rawip packet [ task-id task-id ] [ socket-idsocket-id ] [ verbose verbose-number ]

Enable RAWLINK packetsdebugging.

debugging rawlink packet [ local-mac local-mac ][ remote-mac remote-mac ] [ verbose verbose-number ]debugging rawlink packet [ task-id task-id ] [ socket-id socket-id ] [ verbose verbose-number ]

5.4 Configuration ExamplesThis section provides several configuration examples of the IP performance.

5.4.1 Example for Limiting Transmission of ICMP Host-Unreachable Packets

5.4.1 Example for Limiting Transmission of ICMP Host-Unreachable Packets

Networking Requirements

As shown in Figure 5-1, S-switch-A, S-switch-B and S-switch-C are connected with each otherthrough their VLANIF to test limiting transmission of host-unreachable packets.

Figure 5-1 Networking diagram of configuring ICMP host unreachable packets

S-switch-A

Internet

S-switch-BS-switch-C

VLANIF11.1.1.1/24

VLANIF11.1.1.2/24

VLANIF12.2.2.2/24



5-13


1. Configure IP addresses for the interfaces on devices.2. Configure static routes between devices that are not directly connected.3. Enable limiting transmission of ICMP Host-unreachable packets.


l Static routes between devices that are not directly connected

l IP addresses for the interfaces

Configuration Procedure1. Configure S-switch-A.

# Configure static routes on S-switch-A.<Quidway> system-view[Quidway] sysname S-switch-A[S-switch-A] ip route-static 2.2.2.2 24 1.1.1.2# Configure an IP address for VLANIF1.[S-switch-A] interface vlanif 1[S-switch-A-Vlanif1] ip address 1.1.1.1 24 [S-switch-A-Vlanif1] quit

2. Configure S-switch-B.# Disable sending ICMP host unreachable packets on S-switch-B and configure an IPaddress for VLANIF1<Quidway> system-view[Quidway] sysname S-switch-B[S-switch-B] interface vlanif 1[S-switch-B-Vlanif1] undo icmp host-unreachable send[S-switch-B-Vlanif1] ip address 1.1.1.2 24 [S-switch-B-Vlanif1] quit[S-switch-B] quit

3. Configure S-switch-C.# Configure an IP address for VLANIF1 on S-switch-C.<Quidway> system-view[Quidway] sysname S-switch-C[S-switch-C] interface vlanif 1[S-switch-C-Vlanif1] ip address 2.2.2.2 24[S-switch-C-Vlanif1] quit

4. Verify the configuration.# Enable the debugging of the ICMP packets of S-switch-B.<S-switch-B> debugging ip icmp# Run the ping 2.2.2.2 command on S-switch-A. If you can view that S-switch-B does notsend the host unreachable packets, it means that the configuration succeeds. For example:[S-switch-A] ping 2.2.2.2





Issue 04 (2010-01-25)

# sysname S-switch-A#interface Vlanif1 ip address 1.1.1.1 255.255.255.0#ip route-static 2.2.2.0 255.255.255.0 1.1.1.2#

l Configuration file of S-switch-B# sysname S-switch-B#interface Vlanif1 ip address 1.1.1.2 255.255.255.0 undo icmp host-unreachable send#

l Configuration file of S-switch-C# sysname S-switch-C#interface Vlanif1 ip address 2.2.2.2 255.255.255.0#



5-15

6 DHCP Policy VLAN Configuration

About This Chapter

This chapter describes the concept, operating mode, and configuration of Dynamic HostConfiguration Protocol (DHCP) policy Virtual Local Area Network (VLAN), and providesconfiguration examples.

6.1 OverviewThis section describes the concept of DHCP policy VLAN.

6.2 Configuring DHCP Policy VLAN Based on MAC AddressesThis section describes how to configure DHCP Policy VLAN Based on MAC Addresses

6.3 Configuring the DHCP Policy VLAN Based on InterfacesThis section describes how to configure the DHCP policy VLAN based on interfaces.

6.4 Configuring Generic DHCP Policy VLANThis section describes how to configure Generic DHCP Policy VLAN

6.5 Maintaining DHCP Policy VLANThis section describes how to maintain DHCP policy VLAN.

6.6 Configuration ExamplesThis section provides several configuration examples of DHCP policy VLAN.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 6 DHCP Policy VLAN Configuration


6-1

6.1 OverviewThis section describes the concept of DHCP policy VLAN.

6.1.1 Introduction

6.1.2 DHCP Policy VLAN Supported by the S-switch

6.1.1 Introduction

When the policy for VLANs is configured on the S-switch, the VLAN to which each hostconnects to the interface on the S-switch belongs is determined by the network segment to whichthe IP address of the host belongs. When a host that accesses the network for the first time isconnected to an interface, the host cannot be added to its associated VLAN because it has novalid IP address.

DHCP policy VLAN is thus introduced. With DHCP policy VLAN, hosts that access the networkfor the first time can obtain valid IP addresses from the DHCP server and then be added to theVLANs whose network segments the IP addresses belong to.

6.1.2 DHCP Policy VLAN Supported by the S-switch

The S-switch supports the following types of DHCP policy VLAN:

l DHCP policy VLAN based on MAC addresses

l DHCP policy VLAN based on interfaces

l Generic DHCP policy VLAN

6.2 Configuring DHCP Policy VLAN Based on MACAddresses

This section describes how to configure DHCP Policy VLAN Based on MAC Addresses


6.2.2 Configuration Procedure




When multiple hosts access the network through an interface on the S-switch, you need toconfigure DHCP policy VLAN based on MAC addresses so that the hosts can obtain IP addressesfrom the DHCP server and be added to specific VLANs.

6 DHCP Policy VLAN ConfigurationQuidway S5300 Series Ethernet Switches



Issue 04 (2010-01-25)

Pre-configuration TasksBefore configuring DHCP policy VLAN based on MAC addresses, complete the followingtasks:

l Configuring the default VLAN for the interface on the S-switch that connects to the newlyadded hosts

Data PreparationTo configure DHCP policy VLAN based on MAC addresses, you need the following data.

No. Data

1 MAC addresses of the newly added hosts

2 ID of the VLAN to which the DHCP server belongs


ContextDo as follows on the S-switch.

Procedure




The view of the interface on the S-switch that connects to multiple hosts is displayed.

Step 3 Run:port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }

The interface is added to the specified VLANs, ensuring that frames from the VLANs passthrough the interface in untagged mode.

Step 4 Run:vlan vlan id

The view of the VLAN to which the DHCP server belongs is displayed.

Step 5 Run:policy-vlan dhcp-mac mac-address1 [ to mac-address2 ] [ priority priority ]

The DHCP policy VLAN based on MAC addresses is configured.

----End



6-3


Run the following command to check the previous configuration.

Action Command

Check the configuration of the S-switch in the VLAN view.

display this

Run the display this command in the VLAN view of the S-switch where DHCP policy VLANbased on MAC addresses is configured, you can view that the configuration of DHCP policyVLAN based on MAC addresses is correct.

[Quidway-vlan2] display this#vlan 2 policy-vlan dhcp-mac 0002-0002-0002 priority 2#

6.3 Configuring the DHCP Policy VLAN Based onInterfaces

This section describes how to configure the DHCP policy VLAN based on interfaces.





Applicable EnvironmentWhen multiple hosts access the network through different interfaces on the S-switch, you needto configure DHCP policy VLAN based on interfaces so that the hosts can obtain IP addressesfrom the DHCP server.

Pre-configuration TasksBefore configuring DHCP policy VLAN based on interfaces, complete the following tasks:

l Configuring the default VLAN for the interface that connects to the newly added host onthe S-switch

l Configuring the interface that connects to the newly added host on the S-switch as a hybridinterface

Data PreparationTo configure DHCP policy VLAN based on interfaces, you need the following data.




Issue 04 (2010-01-25)

No. Data

1 Number of the interface that connects to the newly added host on the S-switch



ContextDo as follows on the S-switch.

Procedure




The view of the interface that connects to the newly added host on the S-switch is displayed.





Step 5 Run:policy-vlan dhcp-port interface-type interface-number1 [ to interface-number2 ] [ priority priority ]

The DHCP policy VLAN based on interfaces is configured.

----End



Action Command


display this



6-5

Run the display this command in the VLAN view of the S-switch where DHCP policy VLANbased on interfaces is configured, you can view that the configuration of DHCP policy VLANbased on interfaces is correct.

[Quidway-vlan2] display this#vlan 2 policy-vlan dhcp-port GigabitEthernet 0/0/2 priority 2#

6.4 Configuring Generic DHCP Policy VLANThis section describes how to configure Generic DHCP Policy VLAN






When hosts that do not apply DHCP policy VLAN based on MAC addresses or DHCP policyVLAN based on interfaces access the network for the first time, you need to configure genericDHCP policy VLAN on the S-switch so that the hosts can obtain valid IP addresses.


Before configuring generic DHCP policy VLAN, complete the following tasks:

l Configuring the default VLAN for the interface that connects to the newly added host onthe S-switch

Data Preparation

To configure generic DHCP policy VLAN, you need the following data.

No. Data



Context

Do as follows on the S-switch.




Issue 04 (2010-01-25)

Procedure




The view of the interface that connects to the newly added host on the S-switch is displayed.





Step 5 Run:policy-vlan dhcp-generic [ priority priority ]

The generic DHCP policy VLAN is configured.

----End


Run the following command to check the previous configuration.

Action Command


display this

Run the display this command in the VLAN view of the S-switch where generic DHCP policyVLAN is configured, you can view that the configuration of generic DHCP policy VLAN iscorrect.

[Quidway-vlan2] display this#vlan 2 policy-vlan dhcp-generic priority 2#

6.5 Maintaining DHCP Policy VLANThis section describes how to maintain DHCP policy VLAN.

6.5.1 Monitoring the Running Status



6-7

6.5.1 Monitoring the Running Status

To check the running status of DHCP policy VLAN, run the following display command in thecorresponding VLAN view.

Action Command

Check the configuration of DHCPpolicy VLAN.

display this

6.6 Configuration ExamplesThis section provides several configuration examples of DHCP policy VLAN.

6.6.1 Example for Configuring DHCP Policy VLAN Based on MAC Addresses

6.6.2 Example for Configuring DHCP Policy VLAN Based on Interfaces

6.6.1 Example for Configuring DHCP Policy VLAN Based on MACAddresses


As shown in Figure 6-1, on the S-switch, GE 0/0/2 connects to PC1 and PC2 that access thenetwork for the first time; GE 0/0/4 connects to the DHCP server that belongs to VLAN 100.The MAC address of PC1 is 001E-9089-C65A; the MAC address of PC2 is 00E0-4C84-0B44.

Figure 6-1 Networking for configuring DHCP policy VLAN based on MAC addresses

S-switchPC1

001E-9089-C65A

PC2 00E0-4C84-0B44

DHCP Server192.168.31.251/16

VLAN100GE 0/0/4

GE 0/0/2




Issue 04 (2010-01-25)


1. Determine to which VLAN the DHCP server belongs.2. Configure DHCP policy VLAN based on MAC addresses.


l MAC address of the newly added host

l Default VLAN ID of the interfaces on the S-switch

Configuration Procedure1. Configure the S-switch.

# Configure GE 0/0/2 and GE 0/0/4 on the S-switch as a hybrid interface, and configureframes from VLAN 100 to pass through GE 0/0/2 in untagged mode.<Quidway> system-view[Quidway] interface gigabitethernet 0/0/2[Quidway-GigabitEthernet0/0/2] port default vlan 2[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 100[Quidway-GigabitEthernet0/0/2] quit[Quidway] interface gigabitethernet 0/0/4[Quidway-GigabitEthernet0/0/4] port default vlan 4[Quidway-GigabitEthernet0/0/4] port hybrid untagged vlan 100[Quidway-GigabitEthernet0/0/4] quit# Configure DHCP policy VLAN based on MAC addresses.<Quidway> system-view[Quidway] vlan 100[Quidway-vlan100] policy-vlan dhcp-mac 001E-9089-C65A priority 5[Quidway-vlan100] policy-vlan dhcp-mac 00E0-4C84-0B44 priority 5[Quidway-vlan100] quit

2. Verify the configuration.# Ping the DHCP server from PC1 and PC2. The ping operations are successful.C:\>ping 192.168.31.251

Pinging 192.168.31.251 with 32 bytes of data:

Reply from 192.168.31.251: bytes=32 time=126ms TTL=255Reply from 192.168.31.251: bytes=32 time=2ms TTL=255Reply from 192.168.31.251: bytes=32 time=2ms TTL=255Reply from 192.168.31.251: bytes=32 time=2ms TTL=255

Ping statistics for 192.168.31.251: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 126ms, Average = 33ms

Configuration FilesThe following lists the configuration file of the S-switch.

#interface GigabitEthernet0/0/2 port default vlan 2 port hybrid untagged vlan 100interface GigabitEthernet0/0/4



6-9

port default vlan 4 port hybrid untagged vlan 100#vlan 100 policy-vlan dhcp-mac 001e-9089-c65a priority 5 policy-vlan dhcp-mac 00e0-4c84-0b44 priority 5

#return

6.6.2 Example for Configuring DHCP Policy VLAN Based onInterfaces


As shown in Figure 6-2, on the S-switch, GE 0/0/2 connects to an access switch; GE 0/0/1connects to the DHCP server that belongs to VLAN 100; the access switch connects to 10 hosts.

Figure 6-2 Networking for configuring DHCP policy VLAN based on interfaces

S-switch

PC1 PC10

DHCP Server192.168.31.251/16

VLAN100GE 0/0/1

GE 0/0/2

...



1. Determine to which VLAN the DHCP server belongs.2. Configure DHCP policy VLAN based on interfaces.

Data Preparation

To complete the configuration, you need the following data:

l Number of the S-switch interface that connects to the downstream access switch

l Default VLAN ID of the interfaces on the S-switch




Issue 04 (2010-01-25)

Configuration Procedure1. Configure the S-switch.

# Configure GE 0/0/1 and GE 0/0/2 on the S-switch as hybrid interfaces, and configureframes from VLAN 100 to pass through GigabitEthernet 0/0/2 in untagged mode.<Quidway> system-view[Quidway] interface gigabitethernet 0/0/1[Quidway-GigabitEthernet0/0/1] port link-type hybrid[Quidway-GigabitEthernet0/0/1] port default vlan 10[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 100[Quidway-GigabitEthernet0/0/1] quit[Quidway] interface gigabitethernet 0/0/2[Quidway-GigabitEthernet0/0/2] port link-type hybrid[Quidway-GigabitEthernet0/0/2] port default vlan 20[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 100[Quidway-GigabitEthernet0/0/2] quit# Configure DHCP policy VLAN based on interfaces.<Quidway> system-view[Quidway] vlan 100[Quidway-vlan100] policy-vlan dhcp-port gigabitethernet 0/0/2 priority 5

2. Verify the configuration.# Ping the DHCP server from each host. The ping operations are successful.C:\>ping 192.168.31.251

Pinging 192.168.31.251 with 32 bytes of data:

Reply from 192.168.31.251: bytes=32 time=126ms TTL=255Reply from 192.168.31.251: bytes=32 time=2ms TTL=255Reply from 192.168.31.251: bytes=32 time=2ms TTL=255Reply from 192.168.31.251: bytes=32 time=2ms TTL=255

Ping statistics for 192.168.31.251: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 126ms, Average = 33ms

Configuration FilesThe following lists the configuration file of the S-switch.

#interface GigabitEthernet0/0/1 port default vlan 10 port hybrid untagged vlan 100interface GigabitEthernet0/0/2 port default vlan 20 port hybrid untagged vlan 100#vlan 100 policy-vlan dhcp-port gigabitEthernet 0/0/2 priority 5#return



6-11

7 Basic IPv6 Configuration

About This Chapter

This chapter describes the IPv6 features and IPv6 address overview. It also describesconfiguration steps for IPv6 ND, PMTU configuration, along with typical examples.

7.1 Introduction to IPv6

7.2 IPv6 Supported by the S-switch

7.3 Configuring an IPv6 Address for an InterfaceThis section describes how to configure an IPv6 address for an interface.

7.4 Configuring IPv6 Neighbor DiscoveryThis section describes how to configure IPv6 neighbor discovery.

7.5 Configuring PMTUThis section describes how to configure IPv6 PMTU.

7.6 Configuring TCP6This section describes how to configure TCP connections.

7.7 Maintaining IPv6This section describes how to clear IPv6 statistics and debug IPv6.

7.8 Configuration ExamplesThis section provides a configuration example for the IPv6 address.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 7 Basic IPv6 Configuration


7-1

7.1 Introduction to IPv6

Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard networkprotocol of the second generation. It is a set of specifications designed by the InternetEngineering Task Force (IETF). IPv6 is the upgraded version of IPv4. The most remarkabledifference between IPv6 and IPv4 is that the IP address lengthens from 32 bits to 128 bits.

7.2 IPv6 Supported by the S-switch

The S-switch supports the IPv6 protocol suite and TCP6 protocol suite.

IPv6 Address

A 128-bit IPv6 address has the following formats:

l X:X:X:X:X:X:X:X

In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each groupare represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups areseparated by colons. Every "X" represents a group of hexadecimal values.

l X:X:X:X:X:X:d.d.d.d

This format is for the following types of addresses:

– IPv4-compatible IPv6 address

– IPv4-mapped IPv6 address

IPv4-compatible IPv6 address is used to configure an IPv6 over IPv4 tunnel.

In this type of address, "X" represents the first six groups of numbers. Each "X" stands for16 bits that are represented by hexadecimal numbers. "d" represents the subsequent fourgroup of numbers. Each "d" stands for eight bits that are represented by decimal numbers."d.d.d.d" is a standard IPv4 address.

An IPv6 address can be divided into two parts:

l Network prefix: equals the network ID of an IPv4 address. It is of n bits.

l Interface identifier: equals the host ID in an IPv4 address. It is of 128-n bits.

IPv6 Neighbor Discovery

The IPv6 neighbor discovery (ND) is a group of messages and processes that define therelationship between neighboring nodes. ND replaces the Address Resolution Protocol (ARP)messages and the Internet Control Message Protocol (ICMP) device discovery messages. It alsoprovides additional functions.

IPv6 PMTU

Generally, the problem that different networks have different Maximum Transmission Units(MTU) can be solved in the following ways:

7 Basic IPv6 ConfigurationQuidway S5300 Series Ethernet Switches



Issue 04 (2010-01-25)

l Devices fragment packets as required. The source host only needs to fragment packets;however, the intermediate device not only needs to fragment packets, but also to reassemblepackets.

l The source host sends packets based on a proper MTU so that packets need not befragmented on the intermediate device. In such a case, packet processing burden on theintermediate device can be reduced. During IPv6 packet transmission, only this way canbe adopted because IPv6 intermediate devices do not support packet fragmentation.

The Path MTU (PMTU) Discovery mechanism aims at finding a proper MTU value on the pathfrom the source to the destination.

IPv6 FIB

Connecting network topologies of different types needs the configuration of different routingprotocols. This brings about Routing Information Base (RIB). The RIB is a base of theForwarding Information Base (FIB). Guided by route management policies, a device extracts aminimum of necessary forwarding information from RIB and adds the information to the FIB.Through the route management module, you can also add static routes into the FIB.

A FIB contains a group of minimum information needed by a device during packet forwarding.An FIB entry usually contains the destination address, prefix length, transport port, next-hopaddress, route flag, and time stamp. A device forwards packets according to FIB entries.

The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIBcontainer (used on the forwarding plane). A FIB agent is responsible for interacting with theRM module for delivering FIB entries to the forwarding engine, and to the I/O board in adistributed system.

A FIB contains the following information:

l Destination address: indicates the network or host a packet is destined for.

l Prefix length: indicates the length of the destination address prefix. From the prefix length,you can infer that the destination address is a network address or a host address.

l Nexthop: indicates the address of the close next hop through which the packet reaches thedestination.

l Flag(s): identifies route features.

l Interface: indicates the outgoing interface of the packet.

l Timestamp: Indicates the time when an FIB entry is established.

7.3 Configuring an IPv6 Address for an InterfaceThis section describes how to configure an IPv6 address for an interface.


7.3.2 Enabling IPv6 Packet Forwarding Capability

7.3.3 Configuring an IPv6 Link-Local Address for an Interface

7.3.4 Configuring an IPv6 Global Unicast Address for an Interface




7-3


Applicable EnvironmentWhen a device communicates with an IPv6 device, you need to configure IPv6 address for theinterface.

Pre-configuration TasksBefore configuring IPv6 addresses, complete the following tasks:

l Configuring the physical features of the interface and ensuring that the status of the physicallayer of the interface is Up


Data PreparationTo configure IPv6 addresses for an interface, you need the following data.

No. Data

1 Number of the interface

2 Link-local address configured manually

3 Global unicast address and prefix length

7.3.2 Enabling IPv6 Packet Forwarding Capability


Procedure



Step 2 Run:ipv6

The IPv6 packet forwarding capability is enabled.

By default, the IPv6 packet forwarding capability is disabled.

----End

7.3.3 Configuring an IPv6 Link-Local Address for an Interface




Issue 04 (2010-01-25)


Procedure





Step 3 Perform the following as required.

Run:

ipv6 address auto link-local

Auto generation of the IPv6 link-local address is enabled.

Or

Run:

ipv6 address ipv6-address link-local

The IPv6 link-local address is manually configured.

Besides configuring a link-local address through the preceding two commands, you can alsoconfigure a global unicast IPv6 address for auto generating a link-local address. For details, seeConfiguring an IPv6 Global Unicast Address for an Interface.

----End

7.3.4 Configuring an IPv6 Global Unicast Address for an Interface


Procedure





Step 3 Run:ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } [ eui-64 ]



7-5

The global unicast address is configured on the interface.

----End


PrerequisiteThe configurations of the IPv6 addresses are complete.

Procedurel Run the display ipv6 interface [ interface-type interface-number | brief ] command to

check the IPv6 information of an interface.

l Run the display ipv6 statistics command to check the IPv6 packet statistics.

----End

7.4 Configuring IPv6 Neighbor DiscoveryThis section describes how to configure IPv6 neighbor discovery.


7.4.2 Configuring Static Neighbors

7.4.3 Enabling RA Message Advertising

7.4.4 Setting the Interval for Advertising RA Messages

7.4.5 Enabling Stateful Auto Configuration

7.4.6 Configuring the Address Prefixes to Be Advertised

7.4.7 Configuring Other Information to Be Advertised




Most of the ND configurations are implemented based on the interfaces.


Before configuring IPv6 neighbor discovery, complete the following tasks:

l Configuring the physical features for the interface and ensuring that the status of thephysical layer of the interface is Up

l Configuring link layer parameters for the interface

l Configuring the IPv6 address for the interface




Issue 04 (2010-01-25)

Data PreparationTo configure IPv6 neighbor discovery, you need the following data.

No. Data

1 Number of interface which needs to be configured with IPv6 ND

2 IPv6 address and MAC address of the static neighbor

3 Intervals, prefix, and life duration of RA messages

4 Flag bit of automatic configuration

5 Hop limit of ND

6 Sending times of NS for DAD

7 Intervals for re-transmitting NS messages

8 NUD reachable time

9 Interface MTU

7.4.2 Configuring Static Neighbors


Procedure





Step 3 Run:ipv6 neighbor ipv6-address mac-address vid vlan-id interface-type interface-number

Static neighbors are configured.

----End

7.4.3 Enabling RA Message Advertising




7-7

Procedure





Step 3 Run:undo ipv6 nd ra halt

The function of advertising RA messages is enabled.

By default, suppress the device from advertising messages.

----End

7.4.4 Setting the Interval for Advertising RA Messages

Context


Procedure





Step 3 Run:ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }

The interval for advertising RA messages is configured.

By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds.

The maximum interval can not be shorter than the minimum interval.

----End

7.4.5 Enabling Stateful Auto Configuration

Context





Issue 04 (2010-01-25)

Procedure





Step 3 Run:ipv6 nd autoconfig managed-address-flag

The flag bit for stateful auto configuration addresses is set.

If this flag is set, hosts use the stateful protocol for address auto-configuration in addition to anyaddresses auto-configured using stateless address auto-configuration.

Step 4 Run:ipv6 nd autoconfig other-flag

The flag bit for other stateful configurations is set.

When this flag is set, hosts use the stateful protocol for auto-configuration of other (non-address)information.

----End

7.4.6 Configuring the Address Prefixes to Be Advertised


Procedure





Step 3 Run:ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ]

The prefix of RA messages is configured.

----End

7.4.7 Configuring Other Information to Be Advertised



7-9

ContextDuplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You canconfigure the number of DAD messages which are sent continuously.

Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NSre-transmitting time interval is 1000ms.

NUD checks the reachability of neighbors. By default, NUD value is 30000ms.

The MTU of the interface determines whether to fragment IP packets on the interface.


Procedure



Step 2 Run:ipv6 nd hop-limit limit

ND hop limit is configured.

The value of limit ranges from 1 to 255. By default, it is 64.



Step 4 Run:ipv6 nd ra router-lifetime ra-lifetime

The life duration of RA messages is configured.

NOTE

l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the intervalmust be less than or equal to the life duration.

l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.

l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the durationis still 1800 seconds.

Step 5 Run:ipv6 nd dad attempts value

Times to send NS message for DAD are configured.

Step 6 Run:ipv6 nd ns retrans-timer value

The interval for re-sending NS messages is set.

Step 7 Run:ipv6 nd nud reachable-time value

The NUD reachable time is set.




Issue 04 (2010-01-25)

Step 8 Run:ipv6 mtu mtu

MTU of the interface is configured.

----End

PostrequisiteIf the IPv6 MTU value is changed, run the shutdown command and the undo shutdowncommand orderly in the interface view to validate the configuration.


PrerequisiteThe configurations of the IPv6 neighbor discovery function are complete.

Procedurel Run the display ipv6 neighbors interface-type interface-number command to check the

neighbor information in the cache.l Run the display ipv6 interface [ interface-type interface-number | brief ] command to

check the IPv6 information of an interface.

----End

7.5 Configuring PMTUThis section describes how to configure IPv6 PMTU.


7.5.2 Creating Static PMTU Entries

7.5.3 Configuring PMTU Aging Time



Applicable EnvironmentBy setting PMTUs on interfaces, you can enable devices to send packets based on proper MTUsacross the network. This avoids packet fragmentation, reduces the burden of the devices,implements efficient usage of network resources and achieves the best throughput.

Pre-configuration TasksBefore configuring PMTUs, complete the following tasks:

l Configuring the physical features for the interface and ensuring that the status of thephysical layer of the interface is Up



7-11

l Configuring the link layer protocol for the interface

Data PreparationTo configure PMTUs, you need the following data.

No. Data

1 IPv6 address and PMTU value to be configured

2 PMTU aging time

7.5.2 Creating Static PMTU Entries


Procedure



Step 2 Run:ipv6 pathmtu ipv6-address [ path-mtu ]

The PMTU value of a specified IPv6 address is configured.

The path-mtu ranges from 1280 to 10000 bytes. By default, the PMTU of the IPv6 address is1500 bytes.

----End

7.5.3 Configuring PMTU Aging Time


Procedure



Step 2 Run:ipv6 pathmtu age age-time

The aging time of PMTU is configured.




Issue 04 (2010-01-25)

By default, the dynamic PMTU aging time is 10 minutes.

The PMTU aging time is used to change the lifetime of a dynamic PMTU entry in the cache. Ithas no effect on static PMTU entries because they cannot be aged.

----End


PrerequisiteThe configurations of the PMTU are complete.

Procedurel Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command to check

all PMTU items.l Run the display ipv6 interface [ interface-type interface-number | brief ] command to

check the current MTU of the interface.

----End

7.6 Configuring TCP6This section describes how to configure TCP connections.


7.6.2 Configuring TCP6 Timers

7.6.3 Configuring the Size of the TCP6 Sliding Window




To optimize network performance, you need to adjust the TCP6 parameters.


Before configuring TCP6, complete the following tasks:

l Connecting and configuring the physical features for the interface and ensuring that thestatus of the physical layer of the interface is Up

l Configuring the link layer protocol parameters for the interface and ensuring that the statusof the link layer protocol on the interface is Up

Data Preparation

To configure TCP6, you need the following data.



7-13

No. Data

1 Value of TCP6 FIN-WAIT timer

2 Value of TCP6 SYN-WAIT timer

3 Size of TCP6 Sliding Window

7.6.2 Configuring TCP6 Timers


ProcedureStep 1 Run:

system-view


Step 2 Run:tcp ipv6 timer syn-timeout timer-value

The TCP6 SYN-WAIT timer is set.

By default, the SYN-WAIT timer is 75s.

Step 3 Run:tcp ipv6 timer fin-timeout timer-value

The TCP6 FIN-WAIT timer is set.

By default, the FIN-WAIT timer is 675s.

----End

7.6.3 Configuring the Size of the TCP6 Sliding Window


ProcedureStep 1 Run:

system-view


Step 2 Run:tcp ipv6 window window-size

The size of the TCP6 sliding window is configured.




Issue 04 (2010-01-25)

The size of the TCP6 sliding window ranges from 1 KB to 32 KB. By default, the size of theTCP6 sliding window is 8 KB.

----End


PrerequisiteThe configurations of the TCP6 function are complete.

Procedurel Run the display tcp ipv6 statistics command to check related TCP6 statistics.l Run the display tcp ipv6 status command to check the TCP6 connection status.l Run the display udp ipv6 statistics command to check related UDP6 statistics.l Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command to check

the information of the specified socket.

----End

ExampleRun the display tcp ipv6 statistics, display tcp ipv6 status, and display udp ipv6 statisticscommands. If the connection status and statistic of TCP6 and UDP6 are displayed, it means thatthe configuration succeeds.

<Quidway> display tcp ipv6 statisticsReceived packets: Total: 0 packets in sequence: 0 (0 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0

duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0

ACK packets: 0 (0 bytes) duplicate ACK packets: 0, too much ACK packets: 0

Sent packets: Total: 0 urgent packets: 0 control packets: 0 (including 0 RST) window probe packets: 0, window update packets: 0

data packets: 0 (0 bytes) data packets retransmitted: 0 (0 bytes) ACK only packets: 0 (0 delayed)

Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected : 0Initiated connections: 0, accepted connections: 0, established connections: 0Closed connections: 0 (dropped: 0, initiated dropped: 0)<Quidway> display tcp ipv6 statusTCP6CB Local Address Foreign Address State09e39ae4 3000::2->179 3000::1->49158 Time_Wait09e36f24 3000::2->49152 3000::1->179 Established07da08f8 ::->179 ::->0 Listening07d96da8 ::->23 ::->0 Listening



7-15

<Quidway> display udp ipv6 statisticsReceived packets: Total: 0 checksum error: 0 shorter than header: 0, invalid message length: 0 no socket on port: 0 no multicast port: 0 not delivered, input socket full: 0 input packets missing pcb cache: 0Sent packets: Total: 0

Run the display ipv6 socket command. If the related socket information is displayed, it meansthat the configuration succeeds.

<Quidway> display ipv6 socketSOCK_STREAM:Task = VTYD(14), socketid = 4, Proto = 6,LA = ::->22, FA = ::->0,sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,socket state = SS_PRIV SS_ASYNCTask = VTYD(14), socketid = 3, Proto = 6,LA = ::->23, FA = ::->0,sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,socket state = SS_PRIV SS_ASYNCSOCK_DGRAM:SOCK_RAW:

7.7 Maintaining IPv6This section describes how to clear IPv6 statistics and debug IPv6.

7.7.1 Resetting IPv6

7.7.2 Monitoring Network Operation Status of IPv6

7.7.3 Debugging IPv6

7.7.1 Resetting IPv6

ContextNOTE

IPv6 statistics cannot restore after you clear it. So, confirm the action before you use the command.

Procedurel Run the reset ipv6 statistics [ slot 0 ] command in the user view to clear statistics of

processing IPv6 packets after you confirm it.

l Run the reset ipv6 pathmtu { all | dynamic | static } command in the user view to clearPMTU entries in the cache after you confirm it.

l Run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interface-number ] | vlanif vlan-id } command in the user view to clear all IPv6 neighbor statisticsafter you confirm it.

l Run the reset ipv6 routing-table statistics protocol { all | protocol } command in the userview to clear all IPv6 routing table statistics after you confirm it.




Issue 04 (2010-01-25)

l Run the reset tcp ipv6 statistics command in the user view to clear all TCP6 statistics afteryou confirm it.

l Run the reset udp ipv6 statistics command in the user view to clear all UDP6 statisticsafter you confirm it.

----End

7.7.2 Monitoring Network Operation Status of IPv6

ContextIn routine maintenance, you can run the following command in any view to check the operationof IPv6.

Procedurel Run the display ipv6 interface [ interface-type interface-number | brief ] command in any

view to check the IPv6 information about the interface.l Run the display ipv6 statistics command in any view to check IPv6 packet statistics.l Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ]

command in any view to check contents about the neighbor cache.l Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command in any

view to check all PMTU entries.l Run the display udp ipv6 statistics command in any view to check UDP6 statistics.l Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command in any

view to check information about the specified socket.l Run the display ipv6 fib { begin | include | exclude } regular-expression ] command in

any view to check information about the FIB.

----End

7.7.3 Debugging IPv6

ContextNOTE

Debugging affects the performance of the system. So, after debugging, execute the undo debugging allcommand to disable it immediately.

Run the following debugging commands in the user view to debug IPv6 and locate the fault.

For the procedures of displaying the debugging information, refer to the chapter "InformationCenter Configuration" in the Quidway S5300 SeriesConfiguration Guide - DeviceManagement.

Procedurel Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6.l Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and

ND messages.l Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to

debug IPv6 packet.



7-17

l Run the debugging ipv6 pathmtu command in the user view to debug PMTU.l Run the debugging tcp ipv6 { event | packet } [ task-id socket-id ] command in the user

view to debug TCP6.l Run the debugging udp ipv6 packet [ task-id socket-id ] command in the user view to

debug UDP6.

----End

7.8 Configuration ExamplesThis section provides a configuration example for the IPv6 address.

7.8.1 Example for Configuring an IPv6 Address for an Interface

7.8.1 Example for Configuring an IPv6 Address for an Interface

Networking RequirementAs shown in Figure 7-1, S-switch-A and S-switch-B are connected through VLANIF interfaces.It is required to configure IPv6 global unicast addresses for the interfaces and test the connectivitybetween them.

The IPv6 global unicast addresses to be configured for the interfaces are 3001::1/64 and3001::2/64.

Figure 7-1 Networking diagram of configuring an IPv6 address for an interface

S-switch-A

Vlanif13001::1/64 3001::2/64

S-switch-B

Vlanif1


1. Enable IPv6 forwarding capability on devices.2. Configure IPv6 global unicast addresses for the interfaces.

Data PreparationTo complement the configuration, you need the following data:

l Global unicast addresses and prefix length of the interfaces

Procedure

Step 1 Enable IPv6 packet forwarding on S-switch-A and S-switch-B.




Issue 04 (2010-01-25)

# Configure S-switch-A

<Quidway> system-view[Quidway] sysname S-switch-A[S-switch-A] ipv6

# Configure S-switch-B

<Quidway> system-view[Quidway] sysname S-switch-B[S-switch-B] ipv6

Step 2 Configure IPv6 global unicast addresses for the interfaces.

# Configure S-switch-A.

[S-switch-A] vlan 1[S-switch-A-vlan1] port gigabitethernet0/0/1[S-switch-A-vlan1] quit[S-switch-A] interface vlanif 1[S-switch-A-Vlanif1] ipv6 address 3001::1/64[S-switch-A-Vlanif1] quit

# Configure S-switch-B.

[S-switch-B] vlan 1[S-switch-B-vlan1] port gigabitethernet0/0/1[S-switch-B-vlan1] quit[S-switch-B] interface vlanif 1[S-switch-B-Vlanif1] ipv6 address 3001::2/64[S-switch-B-Vlanif1] quit

Step 3 Verify the configuration.

If the configuration succeeds, you can view the configured IPv6 global unicast addresses andstatus of the interface and the IPv6 protocol are both Up.

# Display interface information of S-switch-A.

[S-switch-A] display ipv6 interface vlanif 1Vlanif1 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::200:FF:FE00:7200 Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1:FF00:1 FF02::1:FF00:7200 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses

# Display interface information of S-switch-B.

[S-switch-B] display ipv6 interface vlanif 1Vlanif1 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::2D6F:0:7AF3:1 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es): FF02::1:FF00:2 FF02::1:FFF3:1 FF02::2 FF02::1



7-19

MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses

# On S-switch-A, ping the link-local address of S-switch-B. Note that you need to use theparameter -i to specify the interface.

[S-switch-A] ping ipv6 fe80::2d6f:0:7af3:1 -i vlanif 1 PING FE80::2D6F:0:7AF3:1 : 56 data bytes, press CTRL_C to break Reply from FE80::2D6F:0:7AF3:1 bytes=56 Sequence=1 hop limit=64 time = 60 ms Reply from FE80::2D6F:0:7AF3:1 bytes=56 Sequence=2 hop limit=64 time = 50 ms Reply from FE80::2D6F:0:7AF3:1 bytes=56 Sequence=3 hop limit=64 time = 50 ms Reply from FE80::2D6F:0:7AF3:1 bytes=56 Sequence=4 hop limit=64 time = 30 ms Reply from FE80::2D6F:0:7AF3:1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --- FE80::2D6F:0:7AF3:1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/38/60 ms

# On S-switch-A, ping the global unicast IPv6 address of S-switch-B.

[ S-switch-A] ping ipv6 3001::2 PING 3001::2 : 56 data bytes, press CTRL_C to break Reply from 3001::2 bytes=56 Sequence=1 hop limit=64 time = 30 ms Reply from 3001::2 bytes=56 Sequence=2 hop limit=64 time = 50 ms Reply from 3001::2 bytes=56 Sequence=3 hop limit=64 time = 50 ms Reply from 3001::2 bytes=56 Sequence=4 hop limit=64 time = 20 ms Reply from 3001::2 bytes=56 Sequence=5 hop limit=64 time = 40 ms --- 3001::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/38/50 ms

----End


# sysname S-switch-A#ipv6#interface Vlanif1ipv6 address 3001::1/64#interface GigabitEthernet0/0/1 port default vlan 1

l Configuration file of S-switch-B# sysname S-switch-B#ipv6




Issue 04 (2010-01-25)

#interface Vlanif1ipv6 address 3001::2/64#interface GigabitEthernet0/0/1 port default vlan 1



7-21

8 IPv6 over IPv4 Tunnel Configuration

About This Chapter

This chapter describes the IPv6 over IPv4 tunnel fundamentals. It also describes configurationsteps for IPv6 over IPv4 tunnel configuration, along with typical examples.

8.1 Introduction to IPv6 over IPv4

8.2 IPv6 over IPv4 Supported by the S-switch

8.3 Configuring IPv4/IPv6 Dual StacksThis section describes how to enable the IPv4/IPv6 dual protocol stacks.

8.4 Configuring an IPv6 over IPv4 TunnelThis section describes how users in IPv6 networks communicate across an IPv4 network.

8.5 Configuration ExamplesThis section provides several configuration examples of IPv6 over IPv4 tunnels.

Quidway S5300 Series Ethernet SwitchesConfiguration Guide - IP Service 8 IPv6 over IPv4 Tunnel Configuration


8-1

8.1 Introduction to IPv6 over IPv4

During the transition from the IPv4 Internet to the IPv6 Internet, IPv4 networks have been widelydeployed while IPv6 domains are isolated and dispersed around the world. It is not economicalto connect these isolated sites with private lines.

The usual method is tunnel technology. This technology creates tunnels over IPv4 networks toconnect isolated IPv6 domains. This is similar to the situation where the tunnel technology isused to deploy VPNs on the IP networks.

The tunnel used to connect isolated IPv6 domains over IPv4 networks is called IPv6 over IPv4tunnel. To implement this tunnel, enable IPv4/IPv6 dual stacks on the devices at the border ofthe IPv4 network and the IPv6 network.

8.2 IPv6 over IPv4 Supported by the S-switch

Dual Stacks

The simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve acomplete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure8-1 shows a single stack structure and a dual stack structure.

Figure 8-1 Single stack and dual stack structures (Ethernet)

IPv4 IPv6

TCP UDP

IPv4/IPv6 Application

Ethernet

Protocol ID:0x0800

Protocol ID:0x86DD

IPv4

TCP UDP

IPv4 Application

Ethernet

Protocol ID:0x0800

IPv4 Stack Dual Stack

The characteristics of the dual-stack structure are as follows:

l Supported by multiple link layer protocols

Multiple link layer protocols, such as Ethernet, support dual stacks. The link layer in theabove diagram is the Ethernet. For an Ethernet frame with the protocol ID field value of0x0800 indicates that the network layer has IPv4 packets. The ID field value of 0x86DDindicates that the network has IPv6 packets.

l Supported by multiple applications

8 IPv6 over IPv4 Tunnel ConfigurationQuidway S5300 Series Ethernet Switches



Issue 04 (2010-01-25)

Multiple applications such as DNS, FTP and Telnet support dual stacks. The upperapplication, such as DNS, can select TCP or UDP as its transport layer protocol. However,it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.

IPv6 over IPv4 TunnelFigure 8-2 shows principles of the IPv6 over IPv4 tunnel technology.

1. Enabling IPv4/IPv6 dual stacksEnable IPv4/IPv6 dual stacks on the border device.

2. Encapsulating IPv6 packetsAfter receiving a packet from the IPv6 network, the border device takes the received IPv6packet as the payload, adds an IPv4 packet header before the payload and encapsulates itinto an IPv4 packet if it finds that the destination of the packet is not for itself.

3. Transmitting the encapsulated packetIn the IPv4 network, the encapsulated packet is transmitted to the peer border device.

4. Decapsulating the packetThe peer border device decapsulates the packet, removes the IPv4 packet header, andforwards the resulting IPv6 packet to the remote IPv6 network.

Figure 8-2 Schematic diagram of IPv6 over IPv4 tunnel

IPv6 IPv6

IPv6 Header

Dual Stack

IPv6 host IPv6 host

Dual Stack

IPv4Tunnel

IPv6 DataIPv6 Header IPv6 Data

IPv4 Header IPv6 Header IPv6 Data

The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 overIPv4 tunnel. Tunnels can be classified according to their setup modes.

The common IPv6 over IPv4 tunnel modes include:

l IPv6 over IPv4 manual tunnels

l 6to4 tunnels

l Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnels

IPv6 over IPv4 Manual TunnelAn IPv6 over IPv4 manual tunnel is set up by configuring the border devices of two tunnel ends.The source IPv4 address and destination IPv4 address of such a tunnel must be configuredstatically.

A manual tunnel is equivalent to a permanent link between two IPv6 networks over an IPv4backbone network. It is the fixed channel for regular and secure communication between thetwo border devices.



8-3

The manual tunnel can be used between isolated IPv6 networks. It can also be used between aborder device and a host. In this case, the host and the device on both ends of the tunnel mustsupport the IPv4 and the IPv6 protocol stacks.

6to4 TunnelA 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over anIPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6network and the IPv4 network. The border device on both the ends of the 6to4 tunnel mustsupport the IPv4 and the IPv6 dual protocol stacks at the same time.

The key difference between the 6to4 tunnel and the manual tunnel is that the former can be apoint-to-multipoint connection, and the latter is only a point-to-point connection. Hence, thedevices of the 6to4 tunnel are not configured in pairs.

The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. Youneed not specify the IPv4-compatible IPv6 address for it.

The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the followingformat:

2002:IPv4 address: subnet ID:interface ID

The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address mustbe configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both thesubnet ID and the interface ID are allocated in the isolated IPv6 domains.

As shown in Figure 8-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address ofthe host or device in Site1 is the IPv4 address of the interface through which S-switch-A accessesthe IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or devicein Site2 is the IPv4 address of the interface through which S-switch-B accesses the IPv4 network.S-switch-A and S-switch-B are both 6to4 devices.

Figure 8-3 6to4 tunnel and 6to4 relay

6to4Network

Site1IPv4

Network

IPv6Internet

Site3

6to4Router

6to4Relay

S-switch-C

6to4NetworkSite2

6to4Router

S-switch-B

S-switch-A

When the host in Site1 accesses the host in Site2, the process concerned is as follows:




Issue 04 (2010-01-25)

1. The IPv6 packet is transmitted to S-switch-A.

2. S-switch-A checks the destination address of the IPv6 packet and finds that the address isthe 6to4 address, from which S-switch-A obtains the remote IPv4 address of the 6to4 tunnel.

3. S-switch-A encapsulates this IPv6 packet into the IPv4 packet. The destination address ofIPv4 packet header is the remote IPv4 address of the tunnel, and its source address is thelocal IPv4 address of the tunnel.

4. S-switch-A forwards the IPv4 packet in the IPv4 network to S-switch-B.

5. S-switch-B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6packet to the destination host in Site2.

The above process implements the communication between the 6to4 networks. To implementthe communication between the 6to4 network and native IPv6 network, a 6to4 relay device isneeded. The so-called native IPv6 network means that both its internal host and device are notconfigured with the 6to4 address.

The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network.One side of the 6to4 relay device is connected to the native IPv6 network; the other side isconnected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device.

As shown in Figure 8-3, when the host in the 6to4 network accesses the IPv6 Internet, the processconcerned is as follows:

1. The IPv6 packet is routed to S-switch-A.

2. A 6to4 tunnel is created between S-switch-A and S-switch-C.

3. The IPv6 packet is encapsulated into the IPv4 packet and is sent to S-switch-C.

4. S-switch-C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends theIPv6 packet to the destination host in the IPv6 Internet.

ISATAP Tunnel

The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device.

The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows:

Prefix (64bit)::5EFE:IPv4-Address

When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in asame IPv4 network), the IPv4 address embedded into the ISATAP address can be either a publicnetwork address or a private network address.

As shown in Figure 8-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as follows:

1. The IPv4/IPv6 host sends a request message to a device.

The IPv4/IPv6 host uses the link-local address in the ISATAP format to send a routerrequest message to the ISATAP device. It encapsulates the message into the IPv4 packet.

2. The ISATAP device responds to the request message.

The ISATAP device uses a router notification message to respond to the request. The routernotification message contains the ISATAP prefix, which is manually configured on thedevice.

3. The IPv4/IPv6 host obtains its IPv6 address.



8-5

The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with5EFE:IPv4-Address, and uses this address to access the IPv6 host.

Figure 8-4 ISATAP tunnel

IPv6Network

IPv4/IPv6 HostIPv6Host

ISATAP Tunnel

IPv4Network

ISATAPRouter 2.1.1.1

FE80::5EFE:0201:01013FFE::5EFE:0201:0101

The principle of an IPv4 or IPv6 host accessing an IPv6 network is as follows:

1. The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps givenabove.

2. The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host inthe IPv6 network.

3. An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6host.

8.3 Configuring IPv4/IPv6 Dual StacksThis section describes how to enable the IPv4/IPv6 dual protocol stacks.


8.3.2 Enabling IPv6 Packet Forwarding

8.3.3 Configuring IPv4 and IPv6 Addresses for the Interface



If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to beenabled on the device.

Enabling the IPv4/IPv6 dual protocol stacks on the S-switch is a simple process. Enable the IPv6packet forwarding capacity in the system view and configure an IPv4 address or IPv6 addresson the corresponding interface. The device can then forward IPv4 and IPv6 packets on thecorresponding interface.


Before configuring IPv6 tunnels, complete the following tasks:




Issue 04 (2010-01-25)


l Configuring the link layer parameters for the interface

Data Preparation

To configure IPv4/IPv6 dual stacks, you need the following data.

No. Data

1 Type and number of the interface connected with the IPv4 network

2 IPv4 address and mask of the interface connected with the IPv4 network

3 Type and number of the interface connected with the IPv6 network

4 IPv6 address and prefix of the interface connected with the IPv6 network

8.3.2 Enabling IPv6 Packet Forwarding

Context


Procedure



Step 2 Run:ipv6

The IPv6 packet forwarding capability is enabled.

To enable a device to forward IPv6 packets, you must run this command in the system view;otherwise, the IPv6 protocol status on the interface is Down and the device cannot forward IPv6packets although the interface is configured with an IPv6 address.

By default, the IPv6 packet forwarding capability is disabled.

----End

8.3.3 Configuring IPv4 and IPv6 Addresses for the Interface

Context




8-7

Procedure




The interface view of the IPv4 network is displayed.


An IPv4 address is assigned to the interface.

Step 4 Run:quit

Return to the system view.


The interface view of the IPv6 network is displayed.

Step 6 Perform the following configuration as required.l Run:

ipv6 address auto link-localThe link-local address is set to be automatically generated.

l Run:ipv6 address ipv6-address link-localThe link-local address of the interface is configured.

l Run:ipv6 address { ipv6-address prefix-length | ipv6-address / prefix-length }The global unicast address is configured.

l Run:ipv6 address ipv6-address / prefix-length [ eui-64 ]The IPv6 EUI-64 address is configured.

----End

8.4 Configuring an IPv6 over IPv4 TunnelThis section describes how users in IPv6 networks communicate across an IPv4 network.


8.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface

8.4.3 Configuring an IPv6 over IPv4 Manual Tunnel

8.4.4 Configuring a 6to4 Tunnel

8.4.5 Configuring an ISATAP Tunnel




Issue 04 (2010-01-25)

8.4.6 Configuring Routes in the Tunnel




To enable communication between two IPv6 networks over the IPv4 network, configure an IPv6over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.


Before configuring an IPv6 over IPv4 tunnel, complete the following tasks:


l Configuring the link layer protocol for the interface and ensuring that the status of the linklayer protocol on the interface is Up

l Configuring the IPv4/IPv6 dual-protocol stacks

Data Preparation

To configure an IPv6 over IPv4 tunnel, you need the following data.

No. Data

1 Number, IPv6 address and prefix length of the tunnel

2 Encapsulation mode of packets over the tunnel

3 Source IPv4 address or interface number of the tunnel

4 Destination IPv4 address of the tunnel

8.4.2 Enabling the Service Loopback Function on an Eth-TrunkInterface

Context

Before enabling the service loopback function on an Eth-Trunk interface, note the following:

l You need to create an Eth-Trunk interface and keep it in the Up state before enabling theservice loopback function.

l Only one interface enabled with the service loopback function is needed on a device.

Do as follows on the S-switch.



8-9

Procedure



Step 2 Run:interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run:service-type tunnel

The Eth-Trunk interface is enabled with the service loopback function.

----End

8.4.3 Configuring an IPv6 over IPv4 Manual Tunnel

ContextNote the following when configuring an IPv6 over IPv4 manual tunnel:

l Create only one interface enabled with the service loopback function on a device first, andkeep it in the Up state.

l Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface.

l You need to conduct the following configurations on the devices on both the ends of thetunnel. During the configuration, note that the source address of the local tunnel end is thedestination address set for the remote tunnel end; the destination address of the local tunnelend is the source address set for the remote tunnel end.

l To support dynamic routing protocol, you also need to configure the tunnel interface witha network address.


Procedure



Step 2 Run:ipv6

IPv6 is enabled on the device.

Step 3 Run:interface tunnel interface-number

The tunnel interface is created.

Step 4 Run:tunnel-protocol ipv6-ipv4




Issue 04 (2010-01-25)

The tunnel is specified be an IPv6 over IPv4 manual tunnel.

Step 5 Run:source vlanif vlan-id

The source interface of the tunnel is specified.

Step 6 Run:destination ipv4-address

The destination address of the tunnel is specified.

NOTE

The destination address of the tunnel can be the address of a physical interface or the address of a loopbackinterface.

Step 7 Run:ipv6 address { ipv6-address prefix-length | ipv6-address / prefix-length }

The tunnel interface is configured with an IPv6 address.

----End

8.4.4 Configuring a 6to4 Tunnel

ContextNote the following when configuring a 6to4 tunnel:


l Before configuring other parameters of the tunnel, create a tunnel interface.

l When the specified source interface of the tunnel is a physical interface, it is recommendedto set the tunnel ID to be the same as the number of the physical interface.

l When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. Thedestination address of the tunnel is automatically obtained from the destination IP addressfield carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnelmust be unique.

l On the border device, configure a 6to4 address on the interface that is connected with the6to4 network, and configure an IPv4 address on the interface that is connected with theIPv4 network. To make the tunnel support the routing protocol, configure an IP address forthe tunnel interface.


Procedure



Step 2 Run:ipv6



8-11

IPv6 is enabled on the device.


A tunnel interface is created.

Step 4 Run:tunnel-protocol ipv6-ipv4 6to4

The tunnel is specified as a 6to4 tunnel.

Step 5 Run:source vlanif vlan-id

The source interface of the tunnel is specified.


The interface is configured with an IPv6 address.

----End

8.4.5 Configuring an ISATAP Tunnel

ContextNote the following when configuring an ISATAP tunnel:


l Before configuring other parameters of the tunnel, create a tunnel interface.

l When the specified source interface of the tunnel is a physical interface, it is recommendedto set the tunnel ID to be the same as the number of the physical interface.

l When configuring an ISATAP tunnel, you need to specify only the source address of thetunnel. The destination address of the tunnel is automatically obtained from the destinationIP address field carried in the original IPv6 packet. Note that the source interface of theISATAP tunnel must be unique.

l The IPv6 address configured on the tunnel interface is an ISATAP address with a prefixlength of 64 bits.


Procedure




A tunnel interface is created.




Issue 04 (2010-01-25)

Step 3 Run:tunnel-protocol ipv6-ipv4 isatap

The tunnel is specified as an ISATAP tunnel.

Step 4 Run:source { ipv4-address | interface-type interface-number }

The source address or source interface of the tunnel is specified.


The tunnel interface is configured with an IPv6 address.

Step 6 Run:undo ipv6 nd ra halt

The device is allowed to advertise routes.

----End

8.4.6 Configuring Routes in the Tunnel

Context

Routes for forwarding must exist on the source device and the destination device of the tunnel,ensuring normal packet forwarding.

Configuring routes in the tunnel comprises configuring static routes and dynamic routes.

l You can configure the static route by manually configuring the route to the destinationaddress (the destination address specified before encapsulating packets rather than thedestination address of the tunnel), and configure the next hop as the address of the peertunnel interface.

l You can enable dynamic routing protocol on the tunnel interface connected to the privatenetworks and on the device interface.


PrerequisiteThe configurations of the IPv6 over IPv4 Tunnel function are complete.

Procedure

Step 1 Run the display interface tunnel [ interface-number ] [ verbose ] [ | { begin | exclude |include } regular-expression ] command to check the operation status of a tunnel interface.

Step 2 Run the display ipv6 interface tunnel interface-number command to check the IPv6 attributesof a tunnel interface.

----End



8-13

Example

Run the display interface tunnel command. If the tunnel interface is Up and is configured witha source address, a destination address and the protocol type, it means that the configurationsucceeds.

<Quidway> display interface tunnel 0/0/3Tunnel0/0/3 current state : UPLine protocol current state : DOWNDescription : HUAWEI, Quidway Series, Tunnel0/0/3 Interface, Route PortThe Maximum Transmit Unit is 1500 bytesInternet protocol processing : disabledEncapsulation is TUNNEL, loopback not setTunnel source 192.168.51.2 (Vlanif1), destination 192.168.50.2Tunnel protocol/transport IPv6 over IPv4 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes 0 input error 0 packets output, 0 bytes 0 output error

Run the display ipv6 interface tunnel command. If the IPv6 packets forwarding is enabled,you can see the state of tunnel interface is Up, the state of IPv6 protocol is Up, source addressand ND parameters.

<Quidway> display ipv6 interface tunnel 0/0/3Tunnel0/0/3 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::C0A8:3302 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es): FF02::1:FFA8:3302 FF02::1:FF00:2 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses

8.5 Configuration ExamplesThis section provides several configuration examples of IPv6 over IPv4 tunnels.

8.5.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel

8.5.2 Example for Configuring a 6to4 Tunnel

8.5.3 Example for Configuring an ISATAP Tunnel

8.5.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel


As shown in Figure 8-5, two IPv6 networks are connected to S-switch-B in the IPv4 backbonenetwork respectively through S-switch-A and S-switch-C. To enable communication betweentwo IPv6 networks, configure an IPv6 over IPv4 manual tunnel between S-switch-A and S-switch-C.




Issue 04 (2010-01-25)

Figure 8-5 Networking diagram of the IPv6 over IPv4 manual tunnel

S-switch-A

DualStack

DualStack

192.168.50.2/24

IPv4 network

192.168.51.2/24IPv6 IPv6

Vlanif1192.168.50.1/24 192.168.51.1/24

S-switch-B

S-switch-CVlanif1

Vlanif2

Vlanif2

GE0/0/1

GE0/0/1 GE0/0/2

GE0/0/1

Configuration RoadmapThe configuration roadmap of IPv6 over IPv4 manual tunnel is as follows:

1. Enabling the service loopback function on an Eth-Trunk interface.2. Configure IP addresses for physical interfaces.3. Configure IPv6 addresses, the source interface, and the destination addresses for the tunnel

interfaces.4. Set the tunnel protocol as IPv6-IPv4.


l IP addresses of interfaces

l IPv6 addresses, the source interfaces and the destination addresses of the tunnel interfaces

Procedure

Step 1 Configure S-switch-A.

# Enabling the service loopback function on an Eth-Trunk interface.

<Quidway> system-view[Quidway] interface eth-trunk 1[Quidway-Eth-Trunk1] service-type tunnel[Quidway-Eth-Trunk1] quit[Quidway] interface gigabitethernet 0/0/1[Quidway-GigabitEthernet0/0/1] eth-trunk 1[Quidway-GigabitEthernet0/0/1] quit

# Configure an IP address for the VLANIF interface.

[Quidway] sysname S-switch-A[S-switch-A] ipv6[S-switch-A] interface vlanif 1[S-switch-A-Vlanif1] ip address 192.168.50.2 255.255.255.0[S-switch-A-Vlanif1] quit

# Set the tunnel protocol as IPv6-IPv4.



8-15

[S-switch-A] interface tunnel 0/0/1[S-switch-A-Tunnel0/0/1] tunnel-protocol ipv6-ipv4

# Configure the IPv6 address, source interface, and destination address for the tunnel interface.

[S-switch-A-Tunnel0/0/1] ipv6 enable[S-switch-A-Tunnel0/0/1] ipv6 address 3001::1/64[S-switch-A-Tunnel0/0/1] source vlanif 1[S-switch-A-Tunnel0/0/1] destination 192.168.51.2[S-switch-A-Tunnel0/0/1] quit

# Configure static routes.

[S-switch-A] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1

Step 2 Configure S-switch-B.




[Quidway] sysname S-switch-B[S-switch-B] interface vlanif 1[S-switch-B-Vlanif1] ip address 192.168.50.1 255.255.255.0[S-switch-B-Vlanif1] quit[S-switch-B] interface vlanif 2[S-switch-B-Vlanif2] ip address 192.168.51.1 255.255.255.0[S-switch-B-Vlanif2] quit

Step 3 Configure S-switch-C.




[Quidway] sysname S-switch-C[S-switch-C] ipv6[S-switch-C] interface vlanif 1[S-switch-C-Vlanif1] ip address 192.168.51.2 255.255.255.0[S-switch-C-Vlanif1] quit

# Set the tunnel protocol as IPv6-IPv4.

[S-switch-C] interface tunnel 0/0/1[S-switch-C-Tunnel0/0/1] tunnel-protocol ipv6-ipv4

# Configure the IPv6 address, source interface, and destination address for the tunnel interface.

[S-switch-C-Tunnel0/0/1] ipv6 address 3001::2/64[S-switch-C-Tunnel0/0/1] source vlanif 1[S-switch-C-Tunnel0/0/1] destination 192.168.50.2[S-switch-C-Tunnel0/0/1] quit

# Configure a static route.




Issue 04 (2010-01-25)

[S-switch-C] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1


# On S-switch-C, ping the IPv4 address of the interface VLANIF1 of S-switch-A. S-switch-Ccan receive response packets from S-switch-A.

[S-switch-C] ping 192.168.50.2 PING 192.168.50.2: 56 data bytes, press CTRL_C to break Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=84 ms Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=25 ms Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=3 ms Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=24 ms --- 192.168.50.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/32/84 ms

# On S-switch-C, ping the IPv6 address of Tunnel 0/0/1 of S-switch-A. S-switch-C can receiveresponse packets from S-switch-A.

[S-switch-C] ping ipv6 3001::1 PING 3001::1 : 56 data bytes, press CTRL_C to break Reply from 3001::1 bytes=56 Sequence=1 hop limit=255 time = 28 ms Reply from 3001::1 bytes=56 Sequence=2 hop limit=255 time = 27 ms Reply from 3001::1 bytes=56 Sequence=3 hop limit=255 time = 26 ms Reply from 3001::1 bytes=56 Sequence=4 hop limit=255 time = 27 ms Reply from 3001::1 bytes=56 Sequence=5 hop limit=255 time = 26 ms --- 3001::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 26/26/28 ms

----End

Configuration Filel Configuration file of S-switch-A

# sysname S-switch-A#ipv6#interface Vlanif1 ip address 192.168.50.2 255.255.255.0#interface Eth-Trunk1 service-type tunnel#interface Tunnel0/0/1 ipv6 address 3001::1/64 tunnel-protocol ipv6-ipv4 source Vlanif1 destination 192.168.51.2#interface GigabitEthernet0/0/1 eth-trunk 1#ip route-static 192.168.51.0 255.255.255.0 192.168.50.1



8-17

#return

l Configuration file of S-switch-B# sysname S-switch-B#interface Vlanif1 ip address 192.168.50.1 255.255.255.0#interface Vlanif2 ip address 192.168.51.1 255.255.255.0#interface Eth-Trunk1 service-type tunnel#interface GigabitEthernet0/0/2 eth-trunk 1#return

l Configuration file of S-switch-C# sysname S-switch-C#ipv6#interface Vlanif1 ip address 192.168.51.2 255.255.255.0#interface Eth-Trunk1 service-type tunnel#interface Tunnel0/0/1 ipv6 address 3001::2/64 tunnel-protocol ipv6-ipv4 source Vlanif1 destination 192.168.50.2#interface GigabitEthernet0/0/1 eth-trunk 1#ip route-static 192.168.50.0 255.255.255.0 192.168.51.1#return

8.5.2 Example for Configuring a 6to4 Tunnel

Networking RequirementsAs shown in Figure 8-6, two IPv6 networks are both 6to4 networks. S-switch-A and S-switch-B are connected with the 6to4 network and the IPv4 network. To enable communicationbetween the hosts in the two 6to4 network, it is required to set up a 6to4 tunnel between S-switch-A and S-switch-B.

To enable communication between 6to4 networks, configure 6to4 addresses for the hosts in the6to4 network. A 6to4 address has a 48-bit prefix composed of 2002:IPv4 address:. As shownin Figure 8-6, the IPv4 address of the interface through which A is connected to the IPv4 networkis 2.1.1.1. Therefore, the 6to4 address of A in the 6to4 network should start with2002:0201:0101::.




Issue 04 (2010-01-25)

Figure 8-6 Networking diagram of the 6to4 tunnel

S-switch-A

Vlanif12.1.1.1

IPv4

Vlanif12.1.1.2

Tunnel 0/0/12002:201:101::1/64 Tunnel 0/0/1

2002:201:102::1/642002:201:101:1::2

PC1

IPv6 2002:201:102:1::2

PC2

Vlanif22002:201:102:1::1/64

IPv6

Vlanif22002:201:101:1::1/64

6to4Router

6to4Router

S-switch-B

GE0/0/1

GE0/0/2GE0/0/2

GE0/0/1


1. Enabling the service loopback function on an Eth-Trunk interface.2. Configure IPv4/IPv6 dual-protocol stacks.3. Configure the tunnel protocol as 6to4.4. Configure related routes.


l IPv4 or IPv6 addresses of interfaces

l Source tunnel interface

Procedure

Step 1 Configure S-switch-A.



# Configure IPv4/IPv6 dual protocol stacks.

[Quidway] sysname S-switch-A[S-switch-A] ipv6[S-switch-A] interface vlanif 1[S-switch-A-Vlanif1] ip address 2.1.1.1 8[S-switch-A-Vlanif1] quit



8-19

[S-switch-A] interface vlanif 2[S-switch-A-Vlanif2] ipv6 address 2002:0201:0101:1::1/64[S-switch-A-Vlanif2] quit

# Configure a 6to4 tunnel.

[S-switch-A] interface tunnel 0/0/1[S-switch-A-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4[S-switch-A-Tunnel0/0/1] ipv6 address 2002:0201:0101::1/64[S-switch-A-Tunnel0/0/1] source vlanif 1[S-switch-A-Tunnel0/0/1] quit

# Configure a route to other 6to4 networks.

[S-switch-A] ipv6 route-static 2002:: 16 tunnel 0/0/1

Step 2 Configure S-switch-B.



# Configure IPv4/IPv6 dual protocol stacks.

[Quidway] sysname S-switch-B[S-switch-B] ipv6[S-switch-B] interface vlanif 1[S-switch-B-Vlanif1] ip address 2.1.1.2 8[S-switch-B-Vlanif1] quit[S-switch-B] interface vlanif 2[S-switch-B-Vlanif2] ipv6 address 2002:0201:0102:1::1/64[S-switch-B-Vlanif2] quit

# Configure a 6to4 tunnel.

[S-switch-B] interface tunnel 0/0/1[S-switch-B-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4[S-switch-B-Tunnel0/0/1] ipv6 address 2002:0201:0102::1/64[S-switch-B-Tunnel0/0/1] source vlanif 1[S-switch-B-Tunnel0/0/1] quit

# Configure a route to other 6to4 networks.

[S-switch-B] ipv6 route-static 2002:: 16 tunnel 0/0/1

NOTE

There must be an accessible route between S-switch-A and S-switch-B. In this example, both the devicesare directly connected; therefore, no routing protocol needs to be configured.


# Check the IPv6 state of Tunnel 0/0/1 on S-switch-A and find it is UP.

[S-switch-A] display ipv6 interface tunnel 0/0/1Tunnel0/0/1 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::201:101 Global unicast address(es): 2002:201:101::1, subnet is 2002:201:101::/64 Joined group address(es): FF02::1:FF01:101 FF02::1:FF00:1 FF02::2




Issue 04 (2010-01-25)

FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses

# S-switch-A can ping through the 6to4 address of VLANIF2 of S-switch-B.

[S-switch-A] ping ipv6 2002:0201:0102:1::1 PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break Reply from 2002:201:102:1::1 bytes=56 Sequence=1 hop limit=255 time = 8 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=2 hop limit=255 time = 25 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=3 hop limit=255 time = 4 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=4 hop limit=255 time = 5 ms Reply from 2002:201:102:1::1

bytes=56 Sequence=5 hop limit=255 time = 5 ms --- 2002:0201:0102:1::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 4/9/25 ms

----End


# sysname S-switch-A#ipv6#interface Vlanif1 ip address 2.1.1.1 255.0.0.0#interface Vlanif2 ipv6 address 2002:201:101:1::1/64#interface Eth-Trunk1 service-type tunnel#interface Tunnel 0/0/1 ipv6 address 2002:201:101::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif 1#interface GigabitEthernet0/0/2 eth-trunk 1#ipv6 route-static 2002:: 16 Tunnel 0/0/1#return

l Configuration file of S-switch-B# sysname S-switch-B#ipv6#interface Vlanif1 ip address 2.1.1.2 255.0.0.0#interface Vlanif2



8-21

ipv6 address 2002:201:102:1::1/64#interface Eth-Trunk1 service-type tunnel#interface Tunnel 0/0/1 ipv6 address 2002:201:102::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif1#interface GigabitEthernet0/0/2 eth-trunk 1#ipv6 route-static 2002:: 16 Tunnel 0/0/1#return

8.5.3 Example for Configuring an ISATAP Tunnel

Network RequirementsAs shown in Figure 8-7, an IPv6 host in the IPv4 network running the Windows XP systemneeds to access the IPv6 network through a border device. Both the IPv6 host and the borderdevice support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host andthe border device.

Figure 8-7 Networking diagram of the ISATAP tunnel

IPv4network

IPv6network

ISATAP HostIPv6 Host

2.1.1.2FE80::5EFE:0201:0102

2001::5EFE:0201:0102

ISATAPRouter

Vlanif22.1.1.1/8

Vlanif13001::1/64

3001::2

GE0/0/1 GE0/0/2


1. Enabling the service loopback function on an Eth-Trunk interface.2. Configure IPv4/IPv6 dual protocol stacks.3. Configure an ISATAP tunnel.4. Configure static routes from the IPv6 host to the ISATAP host.


l IPv4 or IPv6 addresses of interfaces

l Source interface of the tunnel




Issue 04 (2010-01-25)

Procedure

Step 1 Configure the ISATAP device.



# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.

[Quidway] ipv6[Quidway] interface vlanif 1[Quidway-Vlanif1] ipv6 address 3001::1/64[Quidway-Vlanif1] quit[Quidway] interface vlanif 2[Quidway-Vlanif2] ip address 2.1.1.1 255.0.0.0[Quidway-Vlanif2] quit

# Configure an ISATAP tunnel.

[Quidway] interface tunnel 0/0/2[Quidway-Tunnel0/0/2] tunnel-protocol ipv6-ipv4 isatap[Quidway-Tunnel0/0/2] ipv6 address 2001::/64 eui-64[Quidway-Tunnel0/0/2] source vlanif 2[Quidway-Tunnel0/0/2] undo ipv6 nd ra halt[Quidway-Tunnel0/0/2] quit

Step 2 Configure the ISATAP host.

# Configure a static route to the border device. (The pseudo interface number of the host is 2.You can run the ipv6 if command to view the interface corresponding to the automatic tunnelingpseudo interface.

C:\> ipv6 installInstalling...Succeeded.C:\> ipv6 rlu 2 2.1.1.1

Step 3 Configure the IPv6 host.

# Configure a static route on the IPv6 host to the border device, so hosts in different networkscan communicate through the ISATAP tunnel.

C:\> ipv6 rtu 2001::/64 6/3001::1


Check the status of the Tunnel 0/0/2 on the ISATAP device and find it is Up.

[Quidway] display ipv6 interface Tunnel 0/0/2Tunnel0/0/2 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::5EFE:201:101 Global unicast address(es): 2001::5EFE:201:101, subnet is 2001::/64 Joined group address(es): FF02::1:FF01:101 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds



8-23

ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisement max interval 600 seconds, min interval 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses

# On the ISATAP device, ping the global unicast IP address of the tunnel interface on theISATAP host.[Quidway] ping ipv6 2001::5efe:2.1.1.2 PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break Reply from 2001::5EFE:201:102 bytes=56 Sequence=1 hop limit=64 time = 4 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=3 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=4 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=5 hop limit=64 time = 2 ms

--- 2001::5efe:2.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/4 ms

# On the ISATAP host, ping the global unicast IP address of the ISATAP device.C:\> ping6 2001::5efe:2.1.1.1

Pinging 2001::5efe:2.1.1.1from 2001::5efe:2.1.1.2 with 32 bytes of data:

Reply from 2001::5efe:2.1.1.1: bytes=32 time=1msReply from 2001::5efe:2.1.1.1: bytes=32 time=1msReply from 2001::5efe:2.1.1.1: bytes=32 time=1msReply from 2001::5efe:2.1.1.1: bytes=32 time=1ms

Ping statistics for 2001::5efe:2.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms

# The ISATAP host can ping through the IPv6 host.C:\> ping6 3001::2

Pinging 3001::2 with 32 bytes of data:

Reply from 3001::2: time<1msReply from 3001::2: time<1msReply from 3001::2: time<1msReply from 3001::2: time<1ms

Ping statistics for 3001::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

----End

Configuration FilesThe configuration file of the ISATAP device is as follows:# sysname Quidway




Issue 04 (2010-01-25)

#ipv6#interface Vlanif1 ipv6 address 3001::1/64#interface Vlanif2 ip address 2.1.1.1 255.0.0.0#interface Eth-Trunk1 service-type tunnel#interface Tunnel0/0/2ipv6 address 2001::/64 eui-64undo ipv6 nd ra halttunnel-protocol ipv6-ipv4 isatapsource Vlanif2#interface GigabitEthernet0/0/2 eth-trunk 1#return



8-25

quidway s5300 configuration guide - ip service (v100r003c00_04)

Documents

huawei trademarks

huawei proprietary

huawei industrial basebantian

features of ip addresses

ip addresses configuration

secondary ip address

primary ip address

configuration task