Documente Academic
Documente Profesional
Documente Cultură
Configuring ARP 1
Overview 1
ARP message format 1
ARP operation 1
ARP table 2
Configuring a static ARP entry 3
Configuring the maximum number of dynamic ARP entries for an interface 4
Setting the aging timer for dynamic ARP entries 4
Enabling dynamic ARP entry check 4
Displaying and maintaining ARP 5
Static ARP entry configuration example 5
Network requirements 5
Configuration procedure 6
Configuring IP addressing 9
Overview 9
IP address classes 9
Special IP addresses 10
Subnetting and masking 10
Assigning an IP address to an interface 11
Displaying and maintaining IP addressing 11
DHCP overview 12
DHCP address allocation 12
Allocation mechanisms 12
Dynamic IP address allocation process 12
IP address lease extension 13
DHCP message format 14
DHCP options 15
Common DHCP options 15
Custom options 15
Protocols and standards 19
i
Configuring DNS servers for the client 25
Configuring WINS servers and NetBIOS node type for the client 26
Configuring BIMS server information for the client 26
Configuring gateways for the client 27
Configuring Option 184 parameters for the client with voice service 27
Configuring the TFTP server and bootfile name for the client 28
Configuring self-defined DHCP options 28
Enabling DHCP 29
Enabling the DHCP server on an interface 29
Configuration guidelines 29
Configuration procedure 30
Applying an extended address pool on an interface 30
Configuring the DHCP server security functions 31
Configuration prerequisites 31
Enabling unauthorized DHCP server detection 31
Configuring IP address conflict detection 31
Enabling handling of Option 82 32
Configuration prerequisites 32
Enabling Option 82 handling 32
Specifying the threshold for sending trap messages 32
Configuration prerequisites 32
Configuration procedure 33
Displaying and maintaining the DHCP server 33
DHCP server configuration examples 34
Static IP address assignment configuration example 34
Dynamic IP address assignment configuration example 35
Self-defined option configuration example 37
Troubleshooting DHCP server configuration 38
Symptom 38
Analysis 38
Solution 38
ii
Solution 49
iii
Configuring IPv6 DNS 76
Configuring the IPv6 DNS client 76
Configuring static domain name resolution 76
Configuring dynamic domain name resolution 76
Displaying and maintaining IPv6 DNS 77
IPv6 DNS configuration examples 77
Static domain name resolution configuration example 77
Network requirements 77
Configuration procedure 78
Dynamic domain name resolution configuration example 78
Network requirements 78
Configuration procedure 79
Verifying the configuration 82
Optimizing IP performance 84
Enabling receiving and forwarding of directed broadcasts to a directly connected network 84
Enabling receiving of directed broadcasts to a directly connected network 84
Enabling forwarding of directed broadcasts to a directly connected network 84
Receiving and forwarding directed broadcasts configuration example) 85
Configuring TCP attributes 86
Configuring the TCP send/receive buffer size 86
Configuring TCP timers 86
Configuring ICMP to send error packet 87
Advantages of sending ICMP error packets 87
Disadvantages of sending ICMP error packets 88
Configuration procedure 88
Displaying and maintaining IP performance optimization 88
iv
Configuring ND snooping 109
Configuring path MTU discovery 110
Configuring a static path MTU for a specific IPv6 address 110
Configuring the aging time for dynamic path MTUs 110
Configuring IPv6 TCP properties 111
Configuring IPv6 FIB forwarding 111
Configuring ICMPv6 packet sending 112
Configuring the maximum ICMPv6 error packets sent in an interval 112
Enabling replying to multicast echo requests 112
Enabling sending ICMPv6 time exceeded messages 113
Enabling sending ICMPv6 destination unreachable messages 113
Displaying and maintaining IPv6 basics configuration 114
IPv6 basics configuration example 115
Network requirements 115
Configuration procedure 115
Verifying the configuration 117
Troubleshooting IPv6 basics configuration 120
Symptom 120
Solution 120
v
Configuring a preference for RIP 138
Configuring RIP route redistribution 138
Tuning and optimizing RIP networks 139
Configuration prerequisites 139
Configuring RIP timers 139
Configuring split horizon and poison reverse 139
Configuring the maximum number of ECMP routes 140
Enabling zero field check on incoming RIPv1 messages 140
Enabling source IP address check on incoming RIP updates 141
Configuring RIPv2 message authentication 141
Specifying a RIP neighbor 142
Configuring RIP-to-MIB binding 142
Configuring the RIP packet sending rate 142
Displaying and maintaining RIP 143
RIP configuration examples 143
Configuring RIP version 143
Configuring RIP route redistribution 145
Configuring an additional metric for a RIP interface 147
Troubleshooting RIP 148
No RIP updates received 148
Route oscillation occurred 149
vi
Websites 164
Conventions 165
Index 167
vii
Configuring ARP
This chapter describes how to configure the Address Resolution Protocol (ARP).
Overview
ARP resolves IP addresses into physical addresses such as MAC addresses. On an Ethernet LAN, a
device uses ARP to get the MAC address of the target device for a packet.
ARP operation
As shown in Figure 2, Host A and Host B are on the same subnet. Host A sends a packet to Host B as
follows:
1. Host A looks through its ARP table for an ARP entry for Host B. If an entry is found, Host A uses the
MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the
frame to Host B.
1
2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The
payload of the ARP request comprises the following information:
{ Sender IP address and sender MAC addressHost A's IP address and MAC address
{ Target IP addressHost B's IP address
{ Target MAC addressAn all-zero MAC address
All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)
processes the request.
3. Host B compares its own IP address with the target IP address in the ARP request. If they are the
same, Host B:
a. Adds the sender IP address and sender MAC address into its ARP table.
b. Encapsulates its MAC address into an ARP reply.
c. Unicasts the ARP reply to Host A.
4. After receiving the ARP reply, Host A:
a. Adds the MAC address of Host B into its ARP table.
b. Encapsulates the MAC address into the packet and sends the packet to Host B.
Figure 2 ARP address resolution process
If Host A and Host B are on different subnets, Host A sends a packet to Host B, as follows:
1. Host A sends an ARP request to the gateway. The target IP address in the ARP request is the IP
address of the gateway.
2. The gateway responds with its MAC address in an ARP reply to Host A.
3. Host A uses the gateway MAC address to encapsulate the packet and sends the packet to the
gateway.
4. If the gateway has the ARP entry for Host B, it forwards the packet to Host B directly. If not, it
broadcasts an ARP request, in which the target IP address is the IP address of Host B.
5. After obtaining the MAC address of Host B, the gateway sends the packet to Host B.
ARP table
An ARP table stores dynamic and static ARP entries.
2
Static ARP entry
A static ARP entry is manually configured and maintained. It does not age out, and cannot be overwritten
by a dynamic ARP entry.
Static ARP entries protect communication between devices, because attack packets cannot modify the
IP-to-MAC mapping in a static ARP entry.
Static ARP entries can be classified into long and short ARP entries.
To configure a long static ARP entry, specify the IP address, MAC address, VLAN, and output
interface. A long static ARP entry is directly used for forwarding matching packets. To communicate
with a host by using a fixed IP-to-MAC mapping through a specific interface in a specific VLAN,
configure a long static ARP entry on the device.
To configure a short static ARP entry, you only need to specify the IP address and MAC address. The
device first sends an ARP request whose target IP address is the IP address of the short entry. If the
sender IP and MAC addresses in the received ARP reply match the IP and MAC addresses of the
short static ARP entry, the device adds the interface receiving the ARP reply to the short static ARP
entry, and then uses the resolved entry to forward the matching IP packets.
To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry
on the device.
Step Command
1. Enter system view. system-view
Configure a long static ARP entry:
arp static ip-address mac-address vlan-id interface-type
2. Configure a static ARP entry. interface-number
Configure a short static ARP entry:
arp static ip-address mac-address
3
Configuring the maximum number of dynamic ARP
entries for an interface
Step Command Remarks
1. Enter system view. system-view N/A
interface interface-type
2. Enter interface view. N/A
interface-number
Optional.
By default, a Layer 2 interface does
not limit the number of dynamic ARP
3. Set the maximum number of dynamic entries. A Layer 3 interface can learn
arp max-learning-num
ARP entries that the interface can a maximum of 128 dynamic ARP
number
learn. entries.
If the value of the number argument is
set to 0, the interface is disabled from
learning dynamic ARP entries.
4
Step Command Remarks
Optional.
2. Enable dynamic ARP entry check. arp check enable
Enabled by default.
Display the aging timer of display arp timer aging [ | { begin | exclude |
Available in any view.
dynamic ARP entries. include } regular-expression ]
5
Figure 3 Network diagram
Configuration procedure
# Create VLAN 10.
<Switch> system-view
[Switch] vlan 10
[Switch-vlan10] quit
# Configure a static ARP entry that has IP address 192.168.1.1, MAC address 00e0-fc01-0000, and
output interface GigabitEthernet 1/0/1 in VLAN 10.
[Switch] arp static 192.168.1.1 00e0-fc01-0000 10 gigabitethernet 1/0/1
6
Configuring gratuitous ARP
Overview
In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the
sending device.
A device sends a gratuitous ARP packet for either of the following purposes:
Determine whether its IP address is already used by another device. If the IP address is already used,
the device is informed of the conflict by an ARP reply.
Inform other devices of a change of its MAC address.
Configuration guidelines
Follow these guidelines when you configure gratuitous ARP:
7
You can enable periodic sending of gratuitous ARP packets on a maximum of 1024 interfaces.
Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled interface
goes up and an IP address has been assigned to the interface.
If you change the interval for sending gratuitous ARP packets, the configuration is effective at the
next sending interval.
The frequency of sending gratuitous ARP packets might be much lower than the sending interval set
by the user if this function is enabled on multiple interfaces, if each interface is configured with
multiple secondary IP addresses, or if a small sending interval is configured when the previous two
conditions exist.
Configuration procedure
To configure gratuitous ARP:
interface interface-type
4. Enter interface view. N/A
interface-number
5. Enable periodic sending of gratuitous
arp send-gratuitous-arp
ARP packets and set the sending By default, this feature is disabled.
[ interval milliseconds ]
interval.
8
Configuring IP addressing
This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP
address assignment (BOOTP and DHCP) is beyond the scope of this chapter.
Overview
This section describes the IP addressing basics.
IP addressing uses a 32-bit address to identify each host on a network. To make addresses easier to read,
they are written in dotted decimal notation, each address being four octets in length. For example,
address 00001010000000010000000100000001 in binary is written as 10.1.1.1.
IP address classes
Each IP address breaks down into the following parts:
Net IDIdentifies a network. The first several bits of a net ID, known as the class field or class bits,
identify the class of the IP address.
Host IDIdentifies a host on a network.
IP addresses are divided into five classes, as shown in Figure 4. The shaded areas represent the address
class. The first three classes are widely used.
Figure 4 IP address classes
128.0.0.0 to
B N/A
191.255.255.255
192.0.0.0 to
C N/A
223.255.255.255
9
Class Address range Remarks
224.0.0.0 to
D Multicast addresses.
239.255.255.255
240.0.0.0 to Reserved for future use except for the broadcast address
E
255.255.255.255 255.255.255.255.
Special IP addresses
The following IP addresses are for special use and cannot be used as host IP addresses.
IP address with an all-zero net IDIdentifies a host on the local network. For example, IP address
0.0.0.16 indicates the host with a host ID of 16 on the local network.
IP address with an all-zero host IDIdentifies a network.
IP address with an all-one host IDIdentifies a directed broadcast address. For example, a packet
with the destination address of 192.168.1.255 is broadcast to all the hosts on the network
192.168.1.0.
Subnetting increases the number of addresses that cannot be assigned to hosts. After being subnetted,
a network can accommodate fewer hosts.
For example, a Class B network without subnetting can accommodate 1022 more hosts than the same
network subnetted into 512 subnets.
Without subnetting65534 hosts (216 2). (The two deducted addresses are the broadcast
address, which has an all-one host ID, and the network address, which has an all-zero host ID.)
With subnettingUsing the first 9 bits of the host-id for subnetting provides 512 (29) subnets.
However, only 7 bits remain available for the host ID. This allows 126 (27 2) hosts in each subnet,
a total of 64512 hosts (512 126).
10
Assigning an IP address to an interface
You can assign an interface one primary address and multiple secondary addresses.
Generally, you only need to assign the primary address to an interface. In some cases, you must assign
secondary IP addresses to the interface. For example, if the interface connects to two subnets, to enable
the device to communicate with all hosts on the LAN, assign a primary IP address and a secondary IP
address to the interface.
To assign an IP address to an interface:
11
DHCP overview
The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration
information to network devices.
As shown in Figure 1, DHCP client can obtain an IP address and other configuration parameters from a
DHCP server on another subnet through a DHCP relay agent. For more information about the DHCP relay
agent, see "Configuring the DHCP relay agent."
Figure 6 A typical DHCP application
12
Figure 7 Dynamic IP address allocation process
13
DHCP message format
Figure 8 shows the DHCP message format, which is based on the BOOTP message format although
DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size
of each field in bytes.
Figure 8 DHCP message format
14
DHCP options
DHCP uses the same message format as BOOTP, but DHCP uses the Option field to carry information for
dynamic address allocation and to provide additional configuration information to clients.
Figure 9 DHCP option format
Custom options
Some options, such as Option 43, Option 82, and Option 184, have no standard definitions in RFC
2132.
15
Auto-Configuration Server (ACS) parameters, including the ACS URL, username, and password.
Service provider identifier, which is acquired by the Customer Premises Equipment (CPE) from the
DHCP server and sent to the ACS for selecting vender-specific configurations and parameters.
Preboot Execution Environment (PXE) server address, which is used to obtain the bootfile or other
control information from the PXE server.
1. Format of Option 43:
Figure 10 Format of Option 43
{ Service provider identifier sub-option value fieldContains the service provider identifier.
{ PXE server address sub-option value fieldContains the PXE server type that can only be 0, the
server number that indicates the number of PXE servers contained in the sub-option, and server
IP addresses, as shown in Figure 12.
Figure 12 PXE server address sub-option value field
16
Relay agent option (Option 82)
Option 82 is the relay agent option in the option field of the DHCP message. It records the location
information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a
client's request, it adds Option 82 to the request message and sends it to the server.
The administrator can use Option 82 to locate the DHCP client and further implement security control
and accounting. The DHCP server can use Option 82 to provide individual configuration policies for the
clients.
Option 82 can contain up to 255 sub-options and must have at least one sub-option. The relay agent
option 82 supports two sub-options: sub-option 1 (Circuit ID) and sub-option 2 (Remote ID).
Option 82 has no standard definition. Its padding formats vary with vendors.
There are two methods for configuring Option 82:
User-defined methodManually specify the content of Option 82.
Non-user-defined methodPad Option 82 in the default normal format, verbose format, private
format, or standard format.
If you choose normal format or verbose format, you can specify the code type for the sub-options as ASCII
or HEX.
Normal padding format:
{ Sub-option 1Contains the VLAN ID and interface number of the interface that received the
client's request. The value of the sub-option type is 1, and that of the circuit ID type is 0.
Figure 13 Sub-option 1 in normal padding format
{ Sub-option 2Contains the MAC address of the DHCP relay agent interface or the MAC
address of the DHCP snooping device that received the client's request. The value of the
sub-option type is 2, and that of the remote ID type is 0.
Figure 14 Sub-option 2 in normal padding format
17
Figure 15 Sub-option 1 in verbose padding format
{ Sub-option 2Contains the MAC address of the DHCP relay agent interface or the MAC
address of the DHCP snooping device that received the client's request. It has the same format
as that in normal padding format. See Figure 14.
Private padding format:
{ Sub-option 1Contains the VLAN ID of the interface that received the client's request, module
(subcard number of the receiving port on a centralized device or slot number of the receiving
port on a distributed device) and port (number of the receiving port). The value of the sub-option
type is 1.
Figure 16 Sub-option 1 in private padding format
{ Sub-option 2Contains the MAC address of the DHCP snooping device that received the
client's request. The value of the sub-option type is 2.
Figure 17 Sub-option 2 in private padding format
{ Sub-option 9Contains the sysname and the primary IP address of the Loopback0 interface.
The value of the sub-option type is 9.
Figure 18 Sub-option 9 in private padding format
18
Figure 19 Sub-option 1 in standard padding format
{ Sub-option 2Contains the MAC address of the DHCP snooping device that received the
client's request. The value of the sub-option type is 2, and that of the remote ID type is 0. It has
the same format as sub-option 2 in normal padding format. See Figure 14.
Option 184
Option 184 is a reserved option. You can define the parameters in the option as needed. The device
supports Option 184 carrying voice related parameters, so a DHCP client with voice functions can get
voice parameters from the DHCP server.
Option 184 has the following sub-options:
Sub-option 1Specifies the IP address of the primary network calling processor, which serves as
the network calling control source and provides program download services.
Sub-option 2Specifies the IP address of the backup network calling processor. DHCP clients
contact the backup processor when the primary one is unreachable.
Sub-option 3Specifies the voice VLAN ID and the result whether or not the DHCP clients takes this
ID as the voice VLAN.
Sub-option 4Specifies the failover route that includes the IP address and the number of the target
user. A Session Initiation Protocol (SIP) user uses this IP address and number to directly establish a
connection to the target SIP user when both the primary and backup calling processors are
unreachable.
For Option 184, you must define sub-option 1 to make other sub-options take effect.
19
Configuring the DHCP server
The DHCP server configuration is supported only on VLAN interfaces and loopback interfaces. The
subaddress pool configuration is not supported on loopback interfaces.
Overview
The DHCP server is well suited to networks where:
Manual configuration and centralized management are difficult to implement.
IP addresses are limited. For example, an ISP limits the number of concurrent online users, and most
users must acquire IP addresses dynamically.
Most hosts do not need fixed IP addresses.
NOTE:
The extended address pools on a DHCP server are independent of each other, and no inheritance
relationship exists among them.
20
2. If the receiving interface has an extended address pool referenced, the DHCP server assigns an IP
address from this address pool. If no IP address is available in the address pool, the DHCP server
fails to assign an address to the client. For the configuration of such an address pool, see
"Configuring dynamic address allocation for an extended address pool."
3. Otherwise, the DHCP server selects the smallest common address pool that contains the IP address
of the receiving interface (if the client and the server reside on the same subnet), or the smallest
common address pool that contains the IP address specified in the giaddr field of the client's
request (if a DHCP relay agent is in-between). If no IP address is available in the address pool, the
DHCP server fails to assign an address to the client because it cannot assign an IP address from the
parent address pool to the client. For the configuration of such an address pool, see "Configuring
dynamic address allocation."
For example, two common address pools, 1.1.1.0/24 and 1.1.1.0/25, are configured on the DHCP server.
If the IP address of the interface receiving DHCP requests is 1.1.1.1/25, the DHCP server selects IP
addresses for clients from address pool 1.1.1.0/25. If no IP address is available in the address pool, the
DHCP server fails to assign addresses to clients. If the IP address of the interface receiving DHCP requests
is 1.1.1.130/25, the DHCP server selects IP addresses for clients from the 1.1.1.0/24 address pool.
NOTE:
To avoid wrong IP address allocation, keep the IP addresses for dynamic allocation within the subnet
where the interface of the DHCP server or DHCP relay agent resides.
21
Task Remarks
Configuring the DHCP server security functions Optional.
Configuring WINS servers and NetBIOS node type for the client
Configuring Option 184 parameters for the client with voice service
Configuring the TFTP server and bootfile name for the client
A common address pool and an extended address pool are different in address allocation mode
configuration. Configurations of other parameters (such as the domain name suffix and DNS server
address) for them are the same.
22
Configuring address allocation mode for a common address
pool
CAUTION:
You can configure either a static binding or dynamic address allocation for a common address pool, but
not both.
You need to specify a subnet for dynamic address allocation. A static binding is a special address pool
containing only one IP address.
23
Step Command Remarks
Optional.
5. Specify the lease duration for the expired { day day [ hour hour
IP address. [ minute minute ] ] | unlimited } By default, the lease duration
of the IP address is unlimited.
network network-address
3. Specify a subnet. Not specified by default.
[ mask-length | mask mask ]
4. Specify the address lease expired { day day [ hour hour Optional.
duration. [ minute minute ] ] | unlimited } One day by default.
5. Return to system view. quit N/A
Optional.
6. Exclude IP addresses from dhcp server forbidden-ip Except IP addresses of the DHCP
automatic allocation. low-ip-address [ high-ip-address ] server interfaces, all addresses in
the DHCP address pool are
assignable by default.
24
After the assignable IP address range and the mask are specified, the address pool becomes valid.
To configure dynamic address allocation for an extended address pool:
5. Specify the address lease expired { day day [ hour hour Optional.
duration. [ minute minute ] ] | unlimited } One day by default.
Optional.
Excluded IP addresses specified with the forbidden-ip command in DHCP address pool view are not
assignable in the current extended address pool, but are assignable in other address pools.
25
Step Command Remarks
2. Enter DHCP address pool dhcp server ip-pool pool-name
N/A
view. [ extended ]
26
Step Command Remarks
2. Enter DHCP address pool dhcp server ip-pool pool-name
N/A
view. [ extended ]
3. Specify the BIMS server IP
bims-server ip ip-address [ port No BIMS server information is
address, port number, and
port-number ] sharekey key specified by default.
shared key.
No gateway is specified by
default.
3. Specify gateways. gateway-list ip-address&<1-8>
You can specify up to eight
gateways in a DHCP address pool.
Optional.
voice-config voice-vlan vlan-id
5. Configure the voice VLAN. No voice VLAN is configured by
{ disable | enable }
default.
Optional.
6. Specify the failover IP address voice-config fail-over
and dialer string. ip-address dialer-string No failover IP address or dialer
string is specified by default.
27
Configuring the TFTP server and bootfile name for the client
For the DHCP server to support client auto-configuration, specify the IP address or name of a TFTP server
and the bootfile name in the DHCP address pool. You do not need to perform any configuration on the
DHCP client.
The DHCP client obtains these parameters from the DHCP server, and uses them to contact the TFTP
server to request the configuration file used for system initialization.
1. When a router starts up without loading any configuration file, the system sets an active interface
(such as the interface of the default VLAN) as the DHCP client to request from the DHCP server for
parameters, such as an IP address and name of a TFTP server, and the bootfile name.
2. After receiving related parameters, the DHCP client sends a TFTP request to obtain the
configuration file from the specified TFTP server for system initialization. If the client cannot get
such parameters, it performs system initialization without loading any configuration file.
To configure the IP address and name of the TFTP server and the bootfile name in the DHCP address
pool:
28
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter DHCP address pool dhcp server ip-pool pool-name
N/A
view. [ extended ]
Enabling DHCP
Enable DHCP to validate other DHCP configurations.
To enable DHCP:
Configuration guidelines
Follow these guidelines when you enable the DHCP server on an interface:
29
If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of
whether the subaddress keyword is used, selects an IP address from the address pool containing the
primary IP address of the DHCP relay agent's interface (connected to the client) for a requesting
client.
When the DHCP server and client are on the same subnet:
{ With the keyword subaddress specified, the DHCP server preferably assigns an IP address from
an address pool that resides on the same subnet as the primary IP address of the server
interface (connecting to the client). If the address pool contains no assignable IP address, the
server assigns an IP address from an address pool that resides on the same subnet as the
secondary IP addresses of the server interface. If the interface has multiple secondary IP
addresses, each address pool is tried in turn for address allocation.
{ Without the keyword subaddress specified, the DHCP server can only assign an IP address from
the address pool that resides on the same subnet as the primary IP address of the server
interface.
Configuration procedure
To enable the DHCP server on an interface:
interface interface-type
2. Enter interface view. N/A
interface-number
30
Step Command Remarks
Optional.
By default, the DHCP server has no
3. Apply an extended address dhcp server apply ip-pool extended address pool applied on its
pool on the interface. pool-name interface, and assigns an IP address
from a common address pool to a
requesting client.
With the unauthorized DHCP server detection enabled, the device logs each detected DHCP server once.
The administrator can use the log information to find unauthorized DHCP servers.
31
Step Command Remarks
Optional.
2. Specify the maximum number of
dhcp server ping packets The default setting is one.
ping packets to be sent for
number The value 0 disables IP address conflict
conflict detection.
detection.
Optional.
dhcp server ping timeout The default setting is 500 ms.
3. Configure the ping timeout time.
milliseconds The value 0 disables IP address conflict
detection.
Configuration prerequisites
Before you perform this configuration, complete the following configurations on the DHCP server:
1. Enable DHCP.
2. Configure the DHCP address pool.
To support Option 82 requires configuring both the DHCP server and relay agent (or the device enabled
with DHCP snooping). For more information, see "Configuring the DHCP relay agent" and "Configuring
DHCP snooping."
32
Configuration procedure
A DHCP server sends trap messages to the network management server when one of the following items
reaches the specified threshold:
The ratio of successfully allocated IP addresses to received DHCP requests
The average IP address use of the address pool
The maximum IP address use of the address pool
Trap messages help network administrators know the latest usage information about the DHCP server.
To specify the threshold for sending trap messages:
33
Task Command Remarks
Clear information about IP address Available in user
reset dhcp server conflict { all | ip ip-address }
conflicts. view.
Clear information about dynamic reset dhcp server ip-in-use { all | ip Available in user
bindings. ip-address | pool [ pool-name ] } view.
10.1.1.126/25
Vlan-int2
10.1.1.1/25 10.1.1.2/25 Vlan-int2 Vlan-int2
Configuration procedure
1. Configure the IP address of VLAN-interface 2 on Switch A:
<SwitchA> system-view
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 10.1.1.1 25
[SwitchA-Vlan-interface2] quit
34
2. Configure the DHCP server:
# Enable DHCP.
[SwitchA] dhcp enable
# Create DHCP address pool 0 and configure a static binding, DNS server, and gateway in it.
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] static-bind ip-address 10.1.1.5 25
[SwitchA-dhcp-pool-0] static-bind client-identifier
3030-3066-2e65-3234-392e-3830-3530-2d56-6c61-6e2d-696e-7465-7266-6163-6532
[SwitchA-dhcp-pool-0] dns-list 10.1.1.2
[SwitchA-dhcp-pool-0] gateway-list 10.1.1.126
[SwitchA-dhcp-pool-0] quit
# Create DHCP address pool 1 and configure a static binding, DNS server, and gateway in it.
[SwitchA] dhcp server ip-pool 1
[SwitchA-dhcp-pool-1] static-bind ip-address 10.1.1.6 25
[SwitchA-dhcp-pool-1] static-bind mac-address 000f-e249-8050
[SwitchA-dhcp-pool-1] dns-list 10.1.1.2
[SwitchA-dhcp-pool-1] gateway-list 10.1.1.126
35
Figure 21 Network diagram
Configuration procedure
1. Specify IP addresses for VLAN interfaces. (Details not shown.)
2. Configure the DHCP server:
# Enable DHCP.
<SwitchA> system-view
[SwitchA] dhcp enable
# Enable the DHCP server on VLAN-interface 1 and VLAN-interface 2.
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] dhcp select server global-pool
[SwitchA-Vlan-interface1] quit
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] dhcp select server global-pool
[SwitchA-Vlan-interface2] quit
# Exclude IP addresses (addresses of the DNS server, WINS server, and gateways).
[SwitchA] dhcp server forbidden-ip 10.1.1.2
[SwitchA] dhcp server forbidden-ip 10.1.1.4
[SwitchA] dhcp server forbidden-ip 10.1.1.126
[SwitchA] dhcp server forbidden-ip 10.1.1.254
# Configure DHCP address pool 0 (subnet, client domain name suffix, and DNS server address).
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
[SwitchA-dhcp-pool-0] domain-name aabbcc.com
[SwitchA-dhcp-pool-0] dns-list 10.1.1.2
[SwitchA-dhcp-pool-0] quit
# Configure DHCP address pool 1 (subnet, gateway, lease duration, and WINS server).
[SwitchA] dhcp server ip-pool 1
[SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128
[SwitchA-dhcp-pool-1] gateway-list 10.1.1.126
[SwitchA-dhcp-pool-1] expired day 10 hour 12
[SwitchA-dhcp-pool-1] nbns-list 10.1.1.4
[SwitchA-dhcp-pool-1] quit
# Configure DHCP address pool 2 (subnet, gateway, and lease duration).
36
[SwitchA] dhcp server ip-pool 2
[SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128
[SwitchA-dhcp-pool-2] expired day 5
[SwitchA-dhcp-pool-2] gateway-list 10.1.1.254
Configuration procedure
1. Specify IP addresses for the interfaces. (Details not shown.)
2. Configure the DHCP server:
# Enable DHCP.
<SwitchA> system-view
[SwitchA] dhcp enable
# Enable the DHCP server on VLAN-interface 2.
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] dhcp select server global-pool
[SwitchA-Vlan-interface2] quit
# Configure DHCP address pool 0.
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
[SwitchA-dhcp-pool-0] option 43 hex 80 0B 00 00 02 01 02 03 04 02 02 02 02
37
Verifying the configuration
After the preceding configuration is complete, Switch B can obtain its IP address on 10.1.1.0/24 and the
PXE server addresses from the Switch A. You can use the display dhcp server ip-in-use command on the
DHCP server to view the IP addresses assigned to the clients.
Analysis
Another host on the subnet may have the same IP address.
Solution
1. Disable the client's network adapter or disconnect the client's network cable. Ping the IP address
of the client from another host to check whether there is a host using the same IP address.
2. If a ping response is received, the IP address has been manually configured on a host. Execute the
dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic
allocation.
3. Enable the network adapter or connect the network cable. Release the IP address and obtain
another one on the client. For example, to release the IP address and obtain another one on a
Windows XP DHCP client:
a. In Windows environment, select Start > Run.
b. Enter cmd in the dialog box, and click OK to enter the command line interface.
c. Enter ipconfig/release to relinquish the IP address.
d. Enter ipconfig/renew to obtain another IP address.
38
Configuring the DHCP relay agent
Overview
The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This
feature avoids deploying a DHCP server for each subnet, centralizes management, and reduces
investment.
Fundamentals
Figure 23 shows a typical application of the DHCP relay agent.
Figure 23 DHCP relay agent application
The DHCP server and client interact with each other in the same way regardless of whether the relay
agent exists (see "DHCP address allocation").
Figure 24 DHCP relay agent work process
39
1. After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client,
the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the
message to the designated DHCP server in unicast mode.
2. Based on the giaddr field, the DHCP server returns an IP address and other configuration
parameters in a response to the relay agent, and the relay agent conveys it to the client.
40
Task Remarks
Configuring the DHCP relay agent security functions Optional.
Enabling DHCP
Enable DHCP to validate other DHCP relay agent settings.
To enable DHCP:
interface interface-type
2. Enter interface view. N/A
interface-number
Configuration guidelines
Follow these guidelines when you correlate a DHCP server group with a relay agent interface:
41
You can specify up to 20 DHCP server groups on the relay agent.
You can specify up to eight DHCP server addresses for each DHCP server group.
The IP addresses of DHCP servers and those of relay agent's interfaces that connect DHCP clients
cannot be on the same subnet. Otherwise, the client cannot obtain an IP address.
A DHCP server group can correlate with one or multiple DHCP relay agent interfaces, while a relay
agent interface can only correlate with one DHCP server group. Using the dhcp relay server-select
command repeatedly overwrites the previous configuration. However, if the specified DHCP server
group does not exist, the interface still uses the previous correlation.
The group-id argument in the dhcp relay server-select command is configured by using the dhcp
relay server-group command.
Configuration procedure
To correlate a DHCP server group with a relay agent interface:
interface interface-type
3. Enter interface view. N/A
interface-number
By default, no interface is
4. Correlate the DHCP server
dhcp relay server-select group-id correlated with any DHCP
group with the current interface.
server group.
Configuration guidelines
Follow these guidelines when you configure address check:
The dhcp relay address-check command can be executed only on VLAN interfaces.
Before enabling address check on an interface, you must enable the DHCP service, and enable the
DHCP relay agent on the interface. Otherwise, the address check configuration is ineffective.
42
The dhcp relay address-check enable command only checks IP and MAC addresses but not
interfaces.
When using the dhcp relay security static command to bind an interface to a static binding entry,
make sure the interface is configured as a DHCP relay agent. Otherwise, address entry conflicts
may occur.
Configuration procedure
To create a static binding and enable address check:
interface interface-type
3. Enter interface view. N/A
interface-number
4. Enable or disable address dhcp relay address-check { disable |
Disabled by default.
check. enable }
Optional.
dhcp relay security tracker The default setting is auto. The auto
3. Configure the refresh interval.
{ interval | auto } interval is calculated by the relay agent
according to the number of client entries.
43
With unauthorized DHCP servers detection enabled, the DHCP relay agent checks whether a request
contains Option 54 (Server Identifier Option). If yes, the DHCP relay agent records in the option the IP
address of the DHCP server that assigned an IP address to a requesting DHCP client, and records the
receiving interface. The administrator can use this information to check for unauthorized DHCP servers.
The relay agent logs a DHCP server only once. After recorded DHCP server information is cleared, the
relay agent will re-record server information by using this mechanism.
To enable unauthorized DHCP server detection:
interface interface-type
2. Enter interface view. N/A
interface-number
3. Enable MAC address
dhcp relay check mac-address The default setting is disabled.
check.
A DHCP relay agent changes the source MAC addresses of DHCP packets before forwarding them out.
Therefore, enable MAC address check only on the DHCP relay agent directly connected to the DHCP
clients. If you enable this feature on an intermediate relay agent, it may discard valid DHCP packets and
the sending clients do not obtain IP addresses.
44
Enabling client offline detection
With this feature enabled, the DHCP relay agent considers that a DHCP client goes offline when the ARP
entry for the client ages out. In addition, it removes the client entry and sends a DHCP-RELEASE message
to the DHCP server to release the IP address of the client.
To enable offline detection:
interface interface-type
2. Enter interface view. N/A
interface-number
3. Enable offline detection. dhcp relay client-detect enable Disabled by default.
Removing an ARP entry manually does not remove the corresponding client's IP-to-MAC binding. When
the client goes offline, use the undo dhcp relay security command to remove the IP-to-MAC binding
manually.
Step Command
1. Enter system view. system-view
2. Configure the DHCP relay agent to release an IP address. dhcp relay release ip client-ip
Dynamic client entries can be generated only after you enable address check or IP source guard on the
DHCP relay agent. For more information about IP source guard, see Security Configuration Guide.
45
To support Option 82, you must perform related configurations on both the DHCP server and relay agent.
For more information about DHCP server configuration, see "Configuring the DHCP server."
If the handling strategy of the DHCP relay agent is configured as replace, you must configure a padding
format for Option 82. If the handling strategy is keep or drop, you need not configure any padding
format.
The system name (sysname) if padded in sub-option 1 (node identifier) of Option 82 must not contain
spaces. Otherwise, the DHCP relay agent drops the message.
Configuration procedure
To configure the DHCP relay agent to support Option 82:
Optional.
Configure the padding format for
By default:
Option 82:
dhcp relay information format The padding format for Option
{ normal | verbose [ node-identifier 82 is normal.
{ mac | sysname | user-defined The code type for the circuit ID
node-identifier } ] } sub-option depends on the
5. Configure padding format of Option 82.
Configure the code type for the circuit
non-user-defined Each field has its own code
ID sub-option:
Option 82. type.
dhcp relay information circuit-id
format-type { ascii | hex } The code type for the remote ID
Configure the code type for the remote sub-option is hex.
ID sub-option: The remote ID sub-option
dhcp relay information remote-id configuration and the circuit ID
format-type { ascii | hex } sub-option configuration apply to
non-user-defined Option 82 only.
46
Displaying and maintaining the DHCP relay agent
Task Command Remarks
Display information about DHCP server display dhcp relay { all | interface
Available in any
groups correlated to a specific or all interface-type interface-number } [ | { begin
view.
interfaces. | exclude | include } regular-expression ]
Clear packet statistics on the DHCP reset dhcp relay statistics [ server-group Available in user
relay agent. group-id ] view.
47
Figure 25 Network diagram
DHCP client DHCP client
Vlan-int1 Vlan-int2
10.10.1.1/24 10.1.1.2/24
Vlan-int2
10.1.1.1/24
Switch A Switch B
DHCP relay agent DHCP server
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Enable DHCP.
<SwitchA> system-view
[SwitchA] dhcp enable
After the preceding configuration is complete, DHCP clients can obtain IP addresses and other network
parameters from the DHCP server through the DHCP relay agent. You can use the display dhcp relay
statistics command to view statistics of DHCP packets forwarded by DHCP relay agents. After you enable
address check of the DHCP relay agents with the dhcp relay address-check enable command, use the
display dhcp relay security command to view bindings of DHCP relay agents
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Enable DHCP.
<SwitchA> system-view
[SwitchA] dhcp enable
48
# Add DHCP server 10.1.1.1 into DHCP server group 1.
[SwitchA] dhcp relay server-group 1 ip 10.1.1.1
# Enable the DHCP relay agent to support Option 82, and perform Option 82-related configurations.
[SwitchA-Vlan-interface1] dhcp relay information enable
[SwitchA-Vlan-interface1] dhcp relay information strategy replace
[SwitchA-Vlan-interface1] dhcp relay information circuit-id string company001
[SwitchA-Vlan-interface1] dhcp relay information remote-id string device001
NOTE:
To use Option 82, you must also enable the DHCP server to handle Option 82.
Analysis
Some problems may occur with the DHCP relay agent or server configuration.
Solution
To locate the problem, enable debugging and execute the display command on the DHCP relay agent
to view the debugging information and interface state information.
Verify the following:
1. DHCP is enabled on the DHCP server and relay agent.
2. The DHCP server has an address pool on the same subnet as the DHCP clients.
3. The DHCP server and DHCP relay agent can reach each other.
4. The relay agent interface connected to DHCP clients is correlated with a correct DHCP server
group and the IP addresses of the group members are correct.
49
Configuring DHCP client
An interface can be configured to acquire an IP address in multiple ways. The latest configuration
overwrites the previous one.
Secondary IP addresses cannot be configured on an interface that is enabled with the DHCP client.
If the IP address that interface A obtains from the DHCP server is on the same network segment as the IP
address of interface B, interface A neither uses the IP address nor requests any IP address from the DHCP
server, unless the IP address of interface B is manually deleted and interface A is brought up again by
first executing the shutdown command and then the undo shutdown command or the DHCP client is
re-enabled on interface A by executing the undo ip address dhcp-alloc command and then the ip
address dhcp-alloc command.
50
DHCP client configuration example
Network requirements
As shown in Figure 27, on a LAN, Switch B contacts the DHCP server via VLAN-interface 2 to obtain an
IP address, DNS server address, and static route information. The DHCP client IP address resides on
network 10.1.1.0/24. The DNS server address is 20.1.1.1. The next hop of the static route to network
20.1.1.0/24 is 10.1.1.2.
The DHCP server uses Option 121 to assign static route information to DHCP clients. Figure 26 shows the
format of Option 121. The destination descriptor field comprises two parts, subnet mask length and
destination network address. In this example, the value of the destination descriptor field takes 18 14 01
01, a hexadecimal number indicating that the subnet mask length is 24 and destination network address
is 20.1.1.0, and the value of the next hop address field takes 0A 01 01 02, a hexadecimal number
indicating that the next hop is 10.1.1.2.
Figure 26 Option 121 format
Configuration procedure
1. Configure Switch A:
# Specify the IP address of VLAN-interface 2.
<SwitchA> system-view
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 10.1.1.1 24
[SwitchA-Vlan-interface2] quit
# Enable the DHCP service.
[SwitchA] dhcp enable
# Exclude an IP address from automatic allocation.
[SwitchA] dhcp server forbidden-ip 10.1.1.2
# Configure DHCP address pool 0 and specify the subnet, lease duration, DNS server address,
and a static route to subnet 20.1.1.0/24.
51
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
[SwitchA-dhcp-pool-0] expired day 10
[SwitchA-dhcp-pool-0] dns-list 20.1.1.1
[SwitchA-dhcp-pool-0] option 121 hex 18 14 01 01 0A 01 01 02
2. Configure Switch B:
# Enable the DHCP client on VLAN-interface 2.
<SwitchB> system-view
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address dhcp-alloc
# Use the display ip routing-table command to view the route information on Switch B. A static route to
network 20.1.1.0/24 is added to the routing table.
[SwitchB-Vlan-interface2] display ip routing-table
Routing Tables: Public
Destinations : 5 Routes : 5
52
Configuring DHCP snooping
A DHCP snooping-enabled device must be either between the DHCP client and relay agent, or between
the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server.
Overview
DHCP snooping defines trusted and untrusted ports to make sure that clients obtain IP addresses only
from authorized DHCP servers.
TrustedA trusted port can forward DHCP messages normally to make sure the clients get IP
addresses from authorized DHCP servers.
UntrustedAn untrusted port discards received DHCP-ACK and DHCP-OFFER messages to prevent
unauthorized servers from assigning IP addresses.
DHCP snooping reads DHCP-ACK messages received from trusted ports and DHCP-REQUEST messages
to create DHCP snooping entries. A DHCP snooping entry includes the MAC and IP addresses of a client,
the port that connects to the DHCP client, and the VLAN of the port.
The following features need to use DHCP snooping entries:
ARP detectionUses DHCP snooping entries to filter ARP packets from unauthorized clients. For
more information, see Security Configuration Guide.
IP source guardUses DHCP snooping entries to filter illegal packets on a per-port basis. For more
information, see Security Configuration Guide.
As shown in Figure 28, the trusted port forwards reply messages from the DHCP server to the client, but
the untrusted port connected to the unauthorized DHCP server cannot forward any reply messages. This
ensures that the DHCP client can obtain an IP address from the authorized DHCP server.
53
DHCP snooping support for Option 82
Option 82 records the location information about the DHCP client so the administrator can locate the
DHCP client for security control and accounting purposes. For more information, see "Configuring the
DHCP relay agent."
If DHCP snooping supports Option 82, it handles clients' requests according to Option 82, if any. Table
4 describes the handling strategies.
If a reply returned by the DHCP server contains Option 82, the DHCP snooping device removes the
Option 82 before forwarding the reply to the client. If the reply contains no Option 82, the DHCP
snooping device forwards it directly.
Table 4 Handling strategies of DHCP snooping
54
If a DHCP request Handling
Padding format The DHCP snooping device
has strategy
Forwards the message after adding the Option
N/A normal
82 padded in normal format.
The handling strategy and padding format for Option 82 on the DHCP snooping device are the same as
those on the relay agent.
55
Step Command Remarks
interface interface-type The interface connects to the DHCP
3. Enter Ethernet interface view.
interface-number server.
interface interface-type
2. Enter interface view. N/A
interface-number
3. Enable DHCP snooping to
dhcp-snooping information enable Disabled by default.
support Option 82.
4. Configure the handling
dhcp-snooping information strategy Optional.
strategy for requests
{ append | drop | keep | replace } replace by default.
containing Option 82.
56
Step Command Remarks
Configure the padding format Optional.
for Option 82: By default:
dhcp-snooping information
format { normal | private
The padding format for Option
82 is normal.
private | standard |verbose
[ node-identifier { mac | The code type for the circuit ID
sysname | user-defined sub-option depends on the
node-identifier } ] } padding format of Option 82.
5. Configure Option 82 in Each field has its own code type.
Configure the code type for the
the non-user-defined The code type for the remote ID
circuit ID sub-option:
padding format. sub-option is hex.
dhcp-snooping information
circuit-id format-type { ascii | The private padding format supports
hex } only the hex code type.
Configure the code type for the The remote ID sub-option
remote ID sub-option: configuration and the circuit ID
dhcp-snooping information sub-option code type configuration
remote-id format-type { ascii | apply to non-user-defined Option 82
hex } only.
Configure the padding content
for the circuit ID sub-option: Optional.
dhcp-snooping information By default:
[ vlan vlan-id ] circuit-id string The padding content for the circuit
6. Configure user-defined circuit-id ID sub-option depends on the
Option 82. Configure the padding content padding format of Option 82.
for the remote ID sub-option: The padding content for the
dhcp-snooping information remote ID sub-option depends on
[ vlan vlan-id ] remote-id string the padding format of Option 82.
{ remote-id | sysname }
57
Step Command Remarks
Optional.
3. Back up DHCP snooping entries to dhcp-snooping binding DHCP snooping entries are stored to
the file. database update now the file each time this command is
used.
After DHCP snooping is disabled with the undo dhcp-snooping command, the device deletes all DHCP
snooping entries, including those stored in the file.
interface interface-type
2. Enter interface view. N/A
interface-number
Disabled by default.
dhcp-snooping check You can enable MAC address check
3. Enable MAC address check.
mac-address only on Layer 2 Ethernet interfaces
and Layer 2 aggregate interfaces.
58
To prevent such attacks, you can enable DHCP-REQUEST message check on DHCP snooping devices.
This feature uses DHCP snooping entries to check incoming DHCP-REQUEST messages.
If a matching entry is found for a message, the DHCP snooping device compares the entry with the
message information. If they are consistent, the DHCP-REQUEST message is considered a valid
lease renewal request and forwarded to the DHCP server. If they are not consistent, the message is
considered as a forged lease renewal request and discarded.
If no matching entry is found, the message is considered valid and forwarded to the DHCP server.
To enable DHCP-REQUEST message check:
interface interface-type
2. Enter interface view. N/A
interface-number
Disabled by default.
3. Enable
dhcp-snooping check You can enable DHCP-REQUEST check
DHCP-REQUEST
request-message only on Layer 2 Ethernet interfaces and
check.
Layer 2 aggregate interfaces.
Available in user
Clear DHCP snooping entries. reset dhcp-snooping { all | ip ip-address }
view.
Clear DHCP packet statistics on the reset dhcp-snooping packet statistics Available in user
DHCP snooping device. [ slot slot-number ] view.
59
DHCP snooping configuration example
Network requirements
As shown in Figure 29, perform configurations on Switch B to achieve the following purposes:
The port connected to the DHCP server can forward responses from the server, but the other ports
cannot forward responses from any DHCP server.
Configure Router B to record clients' IP-MAC bindings by reading DHCP-REQUEST messages and
DHCP-ACK messages received from the trusted port.
Figure 29 Network diagram
Configuration procedure
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp-snooping
60
Configuration procedure
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp-snooping
61
Configuring BOOTP client
BOOTP application
After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get
information (such as IP address) from the BOOTP server.
To use BOOTP, an administrator must configure a BOOTP parameter file for each BOOTP client on the
BOOTP server. The parameter file contains information such as MAC address and IP address of a
BOOTP client. When a BOOTP client sends a request to the BOOTP server, the BOOTP server searches
for the BOOTP parameter file and returns the corresponding configuration information.
BOOTP is usually used in relatively stable environments. In network environments that change frequently,
DHCP is more suitable.
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an
IP address for the BOOTP client, without any BOOTP server.
62
Configuring an interface to dynamically obtain an
IP address through BOOTP
Step Command Remarks
1. Enter system view. system-view N/A
interface interface-type
2. Enter interface view. N/A
interface-number
3. Configure an interface to By default, an interface does not
dynamically obtain an IP address ip address bootp-alloc use BOOTP to obtain an IP
through BOOTP. address.
Configuration procedure
The following describes only the configuration on Switch B serving as a client.
# Configure VLAN-interface 1 to dynamically obtain an IP address from the DHCP server.
<SwitchB> system-view
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address bootp-alloc
# Use the display bootp client command to display the IP address assigned to the BOOTP client.
63
Configuring IPv4 DNS
Overview
Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain
names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications
and let the DNS server translate them into correct IP addresses.
DNS services can be static or dynamic. After a user specifies a name, the device checks the local static
name resolution table for an IP address. If no IP address is available, it contacts the DNS server for
dynamic name resolution, which takes more time than static name resolution. To improve efficiency, you
can put frequently queried name-to-IP address mappings in the local static name resolution table.
Request Request
User
Resolver
program
Response Response
DNS server
Read Save
Cache
DNS client
Figure 30 shows the relationship between the user program, DNS client, and DNS server.
64
The DNS client comprises the resolver and cache. The user program and DNS client can run on the same
device or different devices, but the DNS server and the DNS client usually run on different devices.
Dynamic domain name resolution allows the DNS client to store the latest mappings between domain
names and IP addresses in the dynamic domain name cache. The DNS client does not need to send a
request to the DNS server for a repeated query next time. The aged mappings are removed from the
cache, and latest entries are required from the DNS server. The DNS server decides how long a mapping
is valid, and the DNS client gets the aging information from DNS messages.
DNS suffixes
The DNS client holds a list of user-specified suffixes. The resolver can use the list to supply the missing part
of incomplete names.
For example, a user can configure com as the suffix for aabbcc.com. The user only needs to type aabbcc
to obtain the IP address of aabbcc.com because the resolver adds the suffix and delimiter before passing
the name to the DNS server.
If there is no dot (.) in the domain name (for example, aabbcc), the resolver considers this a host
name, and adds a DNS suffix before the query. If no match is found after all the configured suffixes
are used, respectively, the original domain name (for example, aabbcc) is used for the query.
If there is a dot (.) in the domain name (for example, www.aabbcc), the resolver directly uses this
domain name for the query. If the query fails, the resolver adds a DNS suffix for another query.
If the dot (.) is at the end of the domain name (for example, aabbcc.com.), the resolver considers
it a Fully Qualified Domain Name (FQDN) and returns the query result, successful or failed. The dot
at the end of the domain name is considered a terminating symbol.
The device supports static and dynamic DNS client services.
NOTE:
If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP
address of the host.
DNS proxy
A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server.
As shown in Figure 31, a DNS client sends a DNS request to the DNS proxy, which forwards the request
to the designated DNS server, and then conveys the reply from the DNS server to the client.
The DNS proxy simplifies network management. When the DNS server address is changed, you can
change the configuration on only the DNS proxy instead of on each DNS client.
65
Figure 31 DNS proxy networking application
DNS spoofing
Figure 32 DNS spoofing application
66
The device serves as a DNS proxy and is specified as a DNS server on the hosts. After the dial-up
connection is established through the dial-up interface, the device dynamically obtains the DNS
server address through DHCP or other autoconfiguration mechanisms.
Without DNS spoofing enabled, the device forwards the DNS requests received from the hosts to the
DNS server, if it cannot find a match in the local domain name resolution table. However, without any
dial-up connection established, the device cannot obtain the DNS server address, so it cannot forward
or answer the requests from the clients. The domain name cannot be resolved, and no traffic triggers the
establishment of a dial-up connection.
DNS spoofing can solve the problem. DNS spoofing enables the device to reply the DNS client with a
configured IP address when the device does not have a DNS server address or route to a DNS server.
Subsequent packets sent by the DNS client trigger the establishment of a dial-up connection with the
network.
In the network of Figure 32, a host accesses the HTTP server in following these steps:
1. The host sends a DNS request to the device to resolve the domain name of the HTTP server into an
IP address.
2. Upon receiving the request, the device searches the local static and dynamic DNS entries for a
match. If no match is found and the device does know the DNS server address, the device spoofs
the host by replying a configured IP address. The TTL of the DNS reply is 0. The device must have
a route to the IP address with the dial-up interface as the output interface.
Because the IP address configured with DNS spoofing is not the actual IP address of the requested
domain name, the TTL of the DNS reply is set to 0 to prevent the DNS client from generating
incorrect domain name-to-IP address mappings.
3. Upon receiving the reply, the host sends an HTTP request to the replied IP address.
4. When forwarding the HTTP request through the dial-up interface, the device establishes a dial-up
connection with the network, and dynamically obtains the DNS server address through DHCP or
other autoconfiguration mechanisms.
5. When the DNS reply ages out, the host sends a DNS request to the device again.
6. Then the device operates the same as a DNS proxy. For more information, see "DNS proxy."
7. After obtaining the IP address of the HTTP server, the host can access the HTTP server.
67
Step Command Remarks
Not configured by default.
The IPv4 address you last assign to the host
2. Configure a mapping
name overwrites the previous one if there is
between a host name ip host hostname ip-address
any.
and an IPv4 address.
You may create up to 50 static mappings
between domain names and IPv4 addresses.
Configuration guidelines
Follow these guidelines when you configure dynamic domain name resolution:
You can configure up to six DNS servers, including those with IPv6 addresses, in system view, and
up to six DNS servers on all interfaces of a device.
A DNS server configured in system view has a higher priority than one configured in interface view.
A DNS server configured earlier has a higher priority than one configured later in the same view.
A DNS server manually configured has a higher priority than one dynamically obtained through
DHCP. A name query request is first sent to the DNS server that has the highest priority. If no reply
is received, it is sent to the DNS server that has the second highest priority, and so on in turn.
You can specify up to ten DNS suffixes.
Configuration procedure
To configure dynamic domain name resolution:
Optional.
68
Configuring the DNS proxy
You can specify multiple DNS servers by using the dns server command repeatedly. Upon receiving a
name query request from a client, the DNS proxy forwards the request to the DNS server that has the
highest priority. If the DNS proxy does not receive a reply, it forwards the request to a DNS server that
has the second highest priority.
To configure the DNS proxy:
69
Task Command Remarks
Clear information about the
reset dns host ip Available in user view.
dynamic IPv4 domain name cache.
Configuration procedure
# Configure a mapping between host name host.com and IP address 10.1.1.2.
<Sysname> system-view
[Sysname] ip host host.com 10.1.1.2
# Use the ping host.com command to verify that the device can use static domain name resolution to
resolve domain name host.com into IP address 10.1.1.2.
[Sysname] ping host.com
PING host.com (10.1.1.2):
56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms
70
Dynamic domain name resolution configuration example
Network requirements
As shown in Figure 34, the device wants to access the host by using an easy-to-remember domain name
rather than an IP address, and to request the DNS server on the network for an IP address by using
dynamic domain name resolution. The IP address of the DNS server is 2.1.1.2/16 and the DNS server has
a com domain, which stores the mapping between domain name host and IP address 3.1.1.1/16.
Configure dynamic domain name resolution and the domain name suffix com on the device that serves
as a DNS client so that the device can use domain name host to access the host with the domain name
host.com and the IP address 3.1.1.1/16.
Figure 34 Network diagram
Configuration procedure
Before performing the following configuration, make sure the device and the host are accessible to each
other through available routes, and that the IP addresses of the interfaces are configured as shown Figure
34.
This configuration may vary with DNS servers. The following configuration is performed on a PC running
Windows Server 2000.
1. Configure the DNS server:
a. Select Start > Programs > Administrative Tools > DNS.
The DNS server configuration page appears, as shown in Figure 35.
b. Right-click Forward Lookup Zones, select New Zone, and then follow the wizard to create a
new zone named com.
71
Figure 35 Creating a zone
c. On the DNS server configuration page, right-click zone com, and select New Host.
Figure 36 Adding a host
d. On the page that appears, enter host name host and IP address 3.1.1.1.
e. Click Add Host.
The mapping between the IP address and host name is created.
72
Figure 37 Adding a mapping between domain name and IP address
73
DNS proxy configuration example
Network requirements
When the IP address of the DNS server changes, you must configure the new IP address of the DNS
server on each device on the LAN. To simplify network management, you can use the DNS proxy
function.
As shown in Figure 38:
Specify Device A as the DNS server of Device B (the DNS client).
Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1.
Configure the IP address of the DNS proxy on Device B.
DNS requests of Device B are forwarded to the real DNS server through the DNS proxy.
Figure 38 Network diagram
Configuration procedure
Before performing the following configuration, assume that Device A, the DNS server, and the host are
reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 38.
1. Configure the DNS server:
This configuration may vary with DNS servers. When a PC running Windows Server 2000 acts as
the DNS server, see "Dynamic domain name resolution configuration example" for related
configuration information.
2. Configure the DNS proxy:
# Specify the DNS server 4.1.1.1.
<DeviceA> system-view
[DeviceA] dns server 4.1.1.1
# Enable DNS proxy.
[DeviceA] dns proxy enable
3. Configure the DNS client:
# Enable the domain name resolution function.
<DeviceB> system-view
[DeviceB] dns resolve
74
# Specify the DNS server 2.1.1.2.
[DeviceB] dns server 2.1.1.2
Solution
1. Use the display dns host ip command to verify that the specified domain name is in the cache.
2. If the specified domain name does not exist, check that dynamic domain name resolution is
enabled and that the DNS client can communicate with the DNS server.
3. If the specified domain name is in the cache, but the IP address is incorrect, check that the DNS
client has the correct IP address of the DNS server.
4. Verify that the mapping between the domain name and IP address is correct on the DNS server.
75
Configuring IPv6 DNS
IPv6 Domain Name System (DNS) is responsible for translating domain names into IPv6 addresses. Like
IPv4 DNS, IPv6 DNS includes static domain name resolution and dynamic domain name resolution. The
functions and implementations of the two types of domain name resolution are the same as those of IPv4
DNS. For more information, see "Configuring IPv4 DNS."
76
Step Command Remarks
2. Enable dynamic domain
dns resolve Disabled by default.
name resolution.
Optional.
4. Configure a DNS suffix. dns domain domain-name Not configured by default. Only the provided
domain name is resolved.
Display IPv6 DNS server display dns ipv6 server [ dynamic ] [ | { begin
Available in any view.
information. | exclude | include } regular-expression ]
Display information about dynamic display dns host ipv6 [ | { begin | exclude |
Available in any view.
IPv6 domain name cache. include } regular-expression ]
77
Configuration procedure
# Configure a mapping between host name host.com and IPv6 address 1::2.
<Device> system-view
[Device] ipv6 host host.com 1::2
# Use the ping ipv6 host.com command to verify that the device can use static domain name resolution
to resolve domain name host.com into IPv6 address 1::2.
[Device] ping ipv6 host.com
PING host.com (1::2):
56 data bytes, press CTRL_C to break
Reply from 1::2
bytes=56 Sequence=1 hop limit=128 time = 3 ms
Reply from 1::2
bytes=56 Sequence=2 hop limit=128 time = 1 ms
Reply from 1::2
bytes=56 Sequence=3 hop limit=128 time = 1 ms
Reply from 1::2
bytes=56 Sequence=4 hop limit=128 time = 2 ms
Reply from 1::2
bytes=56 Sequence=5 hop limit=128 time = 2 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/3 ms
78
Figure 40 Network diagram
Configuration procedure
Before performing the following configuration, make sure the device and the host are accessible to each
other through available routes, and the IPv6 addresses of the interfaces are configured as shown Figure
40.
This configuration may vary with DNS servers. The following configuration is performed on a PC running
Windows Server 2003. Make sure the DNS server supports the IPv6 DNS function so that the server can
process IPv6 DNS packets, and the interfaces of the DNS server can forward IPv6 packets.
1. Configure the DNS server:
a. Select Start > Programs > Administrative Tools > DNS.
The DNS server configuration page appears, as shown in Figure 41.
b. Right-click Forward Lookup Zones, select New Zone, and then follow the wizard to create a
new zone named com.
Figure 41 Creating a zone
c. On the DNS configuration page, right-click zone com, and select Other New Records.
79
Figure 42 Creating a record
d. On the page that appears, select IPv6 Host (AAAA) as the resource record type.
e. Click Create Record.
80
Figure 43 Selecting the resource record type
f. On the page that appears, enter host name host and IPv6 address 1::1, and then click OK.
The system creates mapping between the host name and the IPv6 address.
81
Figure 44 Adding a mapping between domain name and IPv6 address
82
bytes=56 Sequence=2 hop limit=126 time = 1 ms
Reply from 1::1
bytes=56 Sequence=3 hop limit=126 time = 1 ms
Reply from 1::1
bytes=56 Sequence=4 hop limit=126 time = 1 ms
Reply from 1::1
bytes=56 Sequence=5 hop limit=126 time = 1 ms
83
Optimizing IP performance
84
Step Command Remarks
1. Enter system view. system-view N/A
interface interface-type
2. Enter interface view. N/A
interface-number
3. Enable the interface to forward ip forward-broadcast [ acl
Disabled by default.
directed broadcasts. acl-number ]
Configuration procedure
Configure Switch A:
# Enable Switch A to receive directed broadcasts.
<SwitchA> system-view
[SwitchA] ip forward-broadcast
# Specify IP addresses for VLAN-interface 3 and VLAN-interface 2.
[SwitchA] interface vlan-interface 3
[SwitchA-Vlan-interface3] ip address 1.1.1.2 24
[SwitchA-Vlan-interface3] quit
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 2.2.2.2 24
# Enable VLAN-interface 2 to forward directed broadcasts.
[SwitchA-Vlan-interface2] ip forward-broadcast
Configure Switch B:
# Enable Switch B to receive directed broadcasts.
<SwitchB> system-view
[SwitchB] ip forward-broadcast
# Configure a static route to the host.
[SwitchB] ip route-static 1.1.1.1 24 2.2.2.2
# Specify an IP address for VLAN-interface 2.
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 2.2.2.1 24
85
After the configurations, if you ping the subnet broadcast address (2.2.2.255) of VLAN-interface
2 of Switch A on the host, the ping packets can be received by VLAN-interface 2 of Switch B.
However, if you disable the ip forward-broadcast command, the ping packets cannot be received
by the VLAN-interface 2 of Switch B.
Optional.
TCP synwait timer: By default:
tcp timer syn-timeout time-value The TCP synwait timer is 75
2. Configure TCP timers.
TCP finwait timer: seconds.
tcp timer fin-timeout time-value The TCP finwait timer is 675
seconds.
86
Configuring ICMP to send error packet
Sending error packets is a major function of ICMP. Error packets are usually sent by the network or
transport layer protocols to notify the source device of network failures or errors.
87
Disadvantages of sending ICMP error packets
Sending ICMP error packets facilitates network control and management, but it has the following
disadvantages:
Sending a lot of ICMP packets increases network traffic.
A device's performance degrades if it receives a lot of malicious packets that cause it to respond
with ICMP error packets.
A host's performance degrades if the redirection function increases the size of its routing table.
End users are affected if malicious users send ICMP destination unreachable packets.
To prevent such problems, disable the device from sending ICMP error packets.
The switch does not support sending ICMP redirect packets.
Configuration procedure
To enable sending ICMP error packets:
88
Task Command Remarks
display ip socket [ socktype sock-type ]
[ task-id socket-id ] [ slot slot-number ] [ |
Display socket information. Available in any view.
{ begin | exclude | include }
regular-expression ]
Clear statistics of IP packets. reset ip statistics [ slot slot-number ] Available in user view.
Clear statistics of TCP connections. reset tcp statistics Available in user view.
Clear statistics of UDP traffic. reset udp statistics Available in user view.
89
Configuring UDP helper
Overview
UDP helper enables a device to convert received UDP broadcast packets into unicast packets and
forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain
configuration information or device names by broadcasting packets because the target server or host
resides on another broadcast domain.
Upon receiving a UDP broadcast packet, UDP helper matches the UDP destination port number of the
packet against the configured UDP ports.
If a match is found, UDP helper modifies the destination IP address of the packet, and sends the
packet to the specified destination server.
If no match is found, UDP helper sends the packet to the upper layer protocol.
Configuration procedure
Step Command Remarks
1. Enter system view. system-view N/A
2. Enable UDP helper. udp-helper enable The default setting is disabled.
90
Step Command Remarks
interface interface-type
4. Enter interface view. N/A
interface-number
No destination server is
5. Specify a destination server. udp-helper server ip-address
specified by default.
Clear UDP helper statistics. reset udp-helper packet Available in user view.
Vlan-int1
10.110.1.1/16 Vlan-int1 Server
10.2.1.1/16
IP network
Switch A Switch B
Configuration procedure
Make sure Switch A can reach the subnet 10.2.0.0/16 is available.
# Enable Switch A to receive directed broadcasts.
<SwitchA> system-view
[SwitchA] ip forward-broadcast
# Enable UDP helper to forward broadcast packets with the UDP destination port 55.
[SwitchA] udp-helper port 55
91
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.110.1.1 16
[SwitchA-Vlan-interface1] udp-helper server 10.2.1.1
92
Configuring IPv6 basics
Overview
IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. The
significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128
bits.
IPv6 features
Simplified header format
IPv6 removes several IPv4 header fields or moves them to the IPv6 extension headers to reduce the length
of the basic IPv6 packet header. The basic IPv6 packet header has a fixed length of 40 bytes to simplify
IPv6 packet handling and to improve forwarding efficiency. Although IPv6 address size is four times the
IPv4 address size, the basic IPv6 packet header size is only twice the size of the option-less IPv4 packet
header.
Figure 47 IPv4 packet header format and basic IPv6 packet header format
Address autoconfiguration
To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration:
93
Stateful address autoconfiguration enables a host to acquire an IPv6 address and other
configuration information from a server (for example, a DHCP server).
Stateless address autoconfiguration enables a host to generate an IPv6 address and other
configuration information automatically by using its link-layer address and the prefix information
advertised by a router.
To communicate with other hosts on the same link, a host automatically generates a link-local address
based on its link-layer address and the link-local address prefix (FE80::/10).
Built-in security
IPv6 defines extension headers to support IPsec. IPsec provides end-to-end security for network security
solutions and enhances interoperability among different IPv6 applications.
QoS support
The Flow Label field in the IPv6 header allows the device to label the packets and facilitates the special
handling of a flow.
IPv6 addresses
IPv6 address format
An IPv6 address is represented as a set of 16-bit hexadecimals separated by colons. An IPv6 address is
divided into eight groups, and each 16-bit group is represented by four hexadecimal numbers, for
example, 2001:0000:130F:0000:0000:09C0:876A:130B.
To simplify the representation of IPv6 addresses, you can handle zeros in IPv6 addresses by using the
following methods:
You can remove the leading zeros in each group. For example, you can represent the previous
address in a shorter format, such as 2001:0:130F:0:0:9C0:876A:130B.
If an IPv6 address contains two or more consecutive groups of zeros, you can replace them by a
double colon (::). For example, you can represent the previous address in the shortest format, such
as 2001:0:130F::9C0:876A:130B.
CAUTION:
A double colon may appear once or not at all in an IPv6 address. This limit allows the device to determine
how many zeros the double colon represents, and correctly convert it to zeros to restore a 128-bit IPv6
address.
An IPv6 address consists of an address prefix and an interface ID, which are equivalent to the network
ID and the host ID of an IPv4 address, respectively.
94
An IPv6 address prefix is written in IPv6-address/prefix-length notation, where the IPv6-address is
represented in any of the formats previously mentioned and the prefix-length is a decimal number
indicating how many leftmost bits of the IPv6 address comprises the address prefix.
Anycast addresses use the unicast address space and have the
Anycast address
identical structure of unicast addresses.
Unicast addresses
Unicast addresses include global unicast addresses, link-local unicast addresses, site-local unicast
addresses, the loopback address, and the unspecified address:
Global unicast addresses, equivalent to public IPv4 addresses, are provided for network service
providers. This type of address allows efficient prefix aggregation to restrict the number of global
routing entries.
Link-local addresses are used for communication among link-local nodes for neighbor discovery
and stateless autoconfiguration. Packets with link-local source or destination addresses are not
forwarded to other links.
Site-local unicast addresses are similar to private IPv4 addresses. Packets with site-local source or
destination addresses are not forwarded out of the local site (or a private network).
A loopback address is 0:0:0:0:0:0:0:1 (or ::1). It cannot be assigned to any physical interface, and
it can be used by a node to send an IPv6 packet to itself in the same way as the loopback address
in IPv4.
95
An unspecified address is 0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before
acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets.
The unspecified address cannot be used as a destination IPv6 address.
Multicast addresses
IPv6 multicast addresses listed in Table 6 are reserved for special purposes.
Table 6 Reserved IPv6 multicast addresses
Address Application
FF01::1 Node-local scope all-nodes multicast address
Multicast addresses also include solicited-node addresses. A node uses a solicited-node multicast
address to acquire the link-layer address of a neighboring node on the same link and to detect duplicate
addresses. Each IPv6 unicast or anycast address has a corresponding solicited-node address. The format
of a solicited-node multicast address is FF02:0:0:0:0:1:FFXX:XXXX. FF02:0:0:0:0:1:FF is fixed and
consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 unicast address or anycast address.
On a tunnel interface
96
The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of
the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an
ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros. For
more information about tunnels, see "Configuring tunneling."
On an interface of another type (such as a serial interface)
The EUI-64 address-based interface identifier is generated randomly by the device.
Router Solicitation (RS) Requests an address prefix and other configuration information
133
message for autoconfiguration after startup.
Responds to an RS message.
Router Advertisement (RA)
134 Advertises information, such as the Prefix Information options
message
and flag bits.
Address resolution
This function is similar to the ARP function in IPv4. An IPv6 node acquires the link-layer addresses of
neighboring nodes on the same link through NS and NA message exchanges. Figure 49 shows how
Host A acquires the link-layer address of Host B on a single link.
97
Figure 49 Address resolution
1. Host A sends an NS message whose source address is the unspecified address and whose
destination address is the corresponding solicited-node multicast address of the IPv6 address to be
detected. The NS message contains the IPv6 address.
2. If Host B uses this IPv6 address, Host B returns an NA message. The NA message contains the IPv6
address of Host B.
98
3. Host A learns that the IPv6 address is being used by Host B after receiving the NA message from
Host B. If Host A does not get any NA message, Host A decides that the IPv6 address is not in use,
and uses this address.
Redirection
A newly started host may contain only a default route to the gateway in its routing table. When certain
conditions are satisfied, the gateway sends an ICMPv6 Redirect message to the source host, so the host
can select a better next hop to forward packets (similar to the ICMP redirection function in IPv4).
The gateway sends an ICMPv6 Redirect message when the following conditions are satisfied:
The receiving interface is the forwarding interface.
The selected route itself is not created or modified by an ICMPv6 Redirect message.
The selected route is not the default route.
99
Figure 51 Path MTU discovery process
1. The source host compares its MTU with the packet to be sent, performs necessary fragmentation,
and sends the resulting packet to the destination host.
2. If the MTU supported by a forwarding interface is smaller than the packet, the device discards the
packet and returns an ICMPv6 error packet containing the interface MTU to the source host.
3. After receiving the ICMPv6 error packet, the source host uses the returned MTU to limit the packet
size, performs fragmentation, and sends the resulting packet to the destination host.
4. Step 2 and step 3 are repeated until the destination host receives the packet. In this way, the
source host decides the minimum MTU of all links in the path to the destination host.
Dual stack
Dual stack is the most direct transition approach. A network node that supports both IPv4 and IPv6 is a
dual stack node. A dual stack node configured with an IPv4 address and an IPv6 address can forward
both IPv4 and IPv6 packets. For an upper layer application that supports both IPv4 and IPv6, either TCP
or UDP can be selected at the transport layer, whereas the IPv6 stack is preferred at the network layer.
Dual stack is suitable for communication between IPv4 nodes or between IPv6 nodes. It is the basis of all
transition technologies. However, it does not solve the IPv4 address depletion issue because each dual
stack node must have a globally unique IP address.
Tunneling
Tunneling is an encapsulation technology that uses one network protocol to encapsulate packets of
another network protocol and transfer them over the network. For more information about tunneling, see
"Configuring tunneling."
NAT-PT
Network Address Translation Protocol Translation (NAT-PT) is usually applied on a device between IPv4
and IPv6 networks to translate between IPv4 and IPv6 packets, allowing communication between IPv4
and IPv6 nodes. It performs IP address translation, and according to different protocols, performs
semantic translation for packets. This technology is only suitable for communication between a pure IPv4
node and a pure IPv6 node.
100
The switching engine on the HP 830 Series PoE+ Unified Wired-WLAN switch does not support tunneling
and NAT-PT.
101
Task Remarks
Configuring the maximum ICMPv6 error packets sent
Optional.
in an interval
interface interface-type
2. Enter interface view. N/A
interface-number
102
Step Command Remarks
3. Configure the interface to
ipv6 address By default, no IPv6 global unicast
generate an EUI-64 IPv6
ipv6-address/prefix-length eui-64 address is configured on an interface.
address.
Manual configuration
To specify an IPv6 address manually for an interface:
interface interface-type
2. Enter interface view. N/A
interface-number
interface interface-type
2. Enter interface view. N/A
interface-number
103
If you delete the manually assigned address, the automatically generated link-local address is
validated.
To configure automatic generation of an IPv6 link-local address for an interface:
interface interface-type
2. Enter interface view. N/A
interface-number
Optional.
3. Configure the interface By default, no link-local address is
to generate an IPv6 configured on an interface.
ipv6 address auto link-local
link-local address
After an IPv6 global unicast address is
automatically.
configured on the interface, a link-local
address is generated automatically.
interface interface-type
2. Enter interface view. N/A
interface-number
Optional.
By default, no link-local address is
3. Configure an IPv6
ipv6 address ipv6-address configured on an interface.
link-local address
link-local After an IPv6 global unicast address is
manually.
configured on the interface, a link-local
address is generated automatically.
After an IPv6 global unicast address is configured for an interface, a link-local address is generated
automatically. The automatically generated link-local address is the same as the one generated by using
the ipv6 address auto link-local command. If a link-local address is manually assigned to an interface,
this manual link-local address takes effect. If the manually assigned link-local address is removed, the
automatically generated link-local address takes effect.
The undo ipv6 address auto link-local command only removes the link-local addresses generated
through the ipv6 address auto link-local command. However, if an IPv6 global unicast address is already
configured for an interface, the interface still has a link-local address because the system automatically
generates one for the interface. If no IPv6 global unicast address is configured, the interface has no
link-local address.
interface interface-type
2. Enter interface view. N/A
interface-number
104
Step Command Remarks
Optional.
3. Configure an IPv6 anycast ipv6 address By default, no IPv6 anycast
address. ipv6-address/prefix-length anycast address is configured on an
interface.
Configuring IPv6 ND
Configuring a static neighbor entry
You can resolve the IPv6 address of a neighboring node into a link-layer address dynamically through
NS and NA messages or through a manually configured static neighbor entry.
The device uniquely identifies a static neighbor entry by the neighbor's IPv6 address and the local Layer
3 interface number. You can configure a static neighbor entry by using either of the following methods.
Method 1Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of
the local node.
If you use Method 1, the device automatically finds the Layer 2 port connected to the neighbor.
Method 2Associate a neighbor IPv6 address and link-layer address with a port in a VLAN
containing the local node.
If you use Method 2, make sure the corresponding VLAN interface exists and the Layer 2 port
specified by port-type port-number belongs to the VLAN specified by vlan-id. The device associates
the VLAN interface with the neighbor IPv6 address to identify the static neighbor entry.
To configure a static neighbor entry:
interface interface-type
2. Enter interface view. N/A
interface-number
105
Step Command Remarks
Optional.
3. Configure the maximum By default, a Layer 2 interface does
number of neighbors that can ipv6 neighbors max-learning-num not limit the number of neighbors
be learned dynamically by an number dynamically learned. A Layer 3
interface. interface can dynamically learn a
maximum of 256 neighbors.
Parameters Description
When sending an IPv6 packet, a host uses the value to fill the Hop Limit field in IPv6
Cur Hop Limit headers. The value is also filled into the Hop Limit field in the response packet of a
device.
Prefix Information After receiving the prefix information, the hosts on the same link can perform
options stateless autoconfiguration.
MTU Guarantees that all nodes on a link use the same MTU value.
M flag If the M flag is set to 1, hosts use the stateful autoconfiguration (for example, through
a DHCP server) to acquire IPv6 addresses. Otherwise, hosts use the stateless
autoconfiguration to acquire IPv6 addresses and generate IPv6 addresses
according to their own link-layer addresses and the obtained prefix information.
Router Lifetime This field tells the receiving hosts how long the advertising device can live.
If the device fails to receive a response message within the specified time after
Retrans Timer
sending an NS message, it retransmits the NS message.
The maximum interval for sending RA messages should be less than (or equal to) the router lifetime in RA
messages, so the router can be updated through an RA message before expiration.
The values of the NS retransmission timer and the reachable time configured for an interface are sent to
hosts through RA messages. Furthermore, this interface sends NS messages at the interval of the NS
retransmission timer and considers a neighbor reachable within the reachable time.
106
Enabling sending of RA messages
interface interface-type
2. Enter interface view. N/A
interface-number
3. Disable RA message
undo ipv6 nd ra halt By default, RA messages are suppressed.
suppression.
Optional.
By default, the maximum interval for
sending RA messages is 600 seconds,
and the minimum interval is 200
4. Configure the maximum and ipv6 nd ra interval seconds.
minimum intervals for max-interval-value The device sends RA messages at
sending RA messages. min-interval-value random intervals between the maximum
interval and the minimum interval.
The minimum interval should be less than
or equal to 0.75 times the maximum
interval.
Optional.
2. Configure the hop limit. ipv6 nd hop-limit value
64 by default.
interface interface-type
3. Enter interface view. N/A
interface-number
Optional.
Optional.
5. Turn off the MTU option in
ipv6 nd ra no-advlinkmtu By default, RA messages contain the
RA messages.
MTU option.
Optional.
ipv6 nd autoconfig By default, the M flag bit is set to 0 and
6. Set the M flag bit to 1.
managed-address-flag hosts acquire IPv6 addresses through
stateless autoconfiguration.
107
Step Command Remarks
Optional.
By default, the O flag bit is set to 0 and
7. Set the O flag bit to 1. ipv6 nd autoconfig other-flag hosts acquire other configuration
information through stateless
autoconfiguration.
Optional.
By default, the local interface sends NS
messages at 1000 millisecond intervals,
9. Set the NS retransmission and the value of the Retrans Timer field
ipv6 nd ns retrans-timer value
timer. in RA messages sent by the local
interface is 0. The interval for
retransmitting an NS message is
determined by the receiving device.
Optional.
By default, the neighbor reachable time
on the local interface is 30000
ipv6 nd nud reachable-time milliseconds, and the value of the
10. Set the reachable time.
value Reachable Time field in the RA messages
sent by the local interface is 0. The
neighbor reachable time is determined
by the receiving device.
interface interface-type
2. Enter interface view. N/A
interface-number
Optional.
3. Configure the number of
attempts to send an NS ipv6 nd dad attempts value 1 by default. When the value
message for DAD. argument is set to 0, DAD is
disabled.
108
Configuring ND snooping
The ND snooping feature is used in Layer 2 switching networks. You must enable ND snooping on a
VLAN of a device, ND packets received by the interfaces of the VLAN are redirected to the CPU. When
ND snooping is enabled globally, the CPU uses the ND packets to create or update ND snooping
entries.
The following items describe how an ND snooping entry is created, updated, and aged out:
1. Creating an ND snooping entry
The device only uses received DAD NS messages to create ND snooping entries. An ND snooping
entry includes the source IPv6 address, source MAC address, receiving VLAN, and receiving port.
2. Updating an ND snooping entry
Upon receiving an ND packet, the device searches the ND snooping table for an entry that
contains the source IPv6 address of the packet. If the entry was refreshed within one second, the
device does not update the entry. If the entry is not refreshed for more than one second, the device
matches the source MAC address and the receiving port of the ND packet against those in the
entry.
{ If both are matched, the device restarts the aging timer for the ND snooping entry.
{ If not both are matched and the received packet is a DAD NS message, the message is ignored.
{ If neither of them matches the entry and the received packet is not a DAD NS message, the
device performs active acknowledgement.
The following is the active acknowledgement process:
a. The device checks the validity of an existing ND snooping entry. The device sends out a DAD
NS message that contains the IPv6 address of the ND snooping entry. If an NA message is
received during the sending of NS message with the source IPv6 address, source MAC
address, receiving port, and receving VLAN matching the target entry, the device restarts the
aging timer for the existing entry. If no NA message for the NS message is received within one
second after the NS message is sent out, the device starts to check the validity of the received
ND packet.
b. The device sends out a DAD NS message that contains the source IPv6 address of the received
ND packet. If an NA message for the NS message is received, the device restarts the aging
timer for the entry. If no NA message for the NS message is received within one second after
the DAD NS message is sent out, the device does not update the entry.
3. Aging out an ND snooping entry
An ND snooping entry is aged out if the entry is not updated within 25 minutes. If an ND snooping
entry is not updated within 15 minutes, the device performs active acknowledgement.
The device sends out a DAD NS message that contains the IPv6 address of an ND snooping entry.
{ If an NA message is received during the sending of the NS message, the device resets the aging
timer for the entry.
{ If no NA message is received within one second after the NS message is sent out, the device
deletes the entry when the timer expires.
You can use ND snooping entries in DN detection and IP source guard to check user validity. For
information about ND detection and IP source guard, see Security Configuration Guide.
To configure ND snooping:
109
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter VLAN view. vlan vlan-id N/A
3. Enable ND snooping. ipv6 nd snooping enable Disabled by default.
4. Return to system view. quit N/A
5. Enter Layer 2 Ethernet
interface interface-type
interface view or Layer 2 N/A
interface-number
aggregate interface view.
Optional.
6. Configure the maximum
ipv6 nd snooping max-learning-num By default, the number of ND
number of ND snooping
number snooping entries an interface
entries the interface can learn.
can learn is unlimited.
110
Configuring IPv6 TCP properties
You can configure the following IPv6 TCP properties:
synwait timerWhen a SYN packet is sent, the synwait timer is triggered. If no response packet is
received before the synwait timer expires, the IPv6 TCP connection establishment fails.
finwait timerWhen the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered.
If no packet is received before the finwait timer expires, the IPv6 TCP connection is terminated. If a
FIN packet is received, the IPv6 TCP connection status becomes TIME_WAIT. If non-FIN packets are
received, the finwait timer is reset upon receipt of the last non-FIN packet and the connection is
terminated after the finwait timer expires.
Size of the IPv6 TCP sending/receiving buffer.
To configure IPv6 TCP properties:
Optional.
2. Set the synwait timer. tcp ipv6 timer syn-timeout wait-time
75 seconds by default.
Optional.
3. Set the finwait timer. tcp ipv6 timer fin-timeout wait-time
675 seconds by default.
111
Step Command Remarks
Configure load sharing based on
the hash algorithm:
Optional.
ipv6 fib-loadbalance-type
3. Configure the IPv6 FIB hash-based By default, load sharing based on
load sharing mode. polling is adopted and ECMP
Configure load sharing based on
routes are used in turn to forward
polling:
packets.
undo ipv6 fib-loadbalance-type
hash-based
Optional.
By default, the capacity of a token bucket is 10 and
2. Configure the
ipv6 icmp-error { bucket the update interval is 100 milliseconds. A
capacity and update
bucket-size | ratelimit maximum of 10 ICMPv6 error packets can be sent
interval of the token
interval } * within 100 milliseconds.
bucket.
The update interval "0" indicates that the number
of ICMPv6 error packets sent is not restricted.
112
To enable replying to multicast echo requests:
113
If an attacker sends abnormal traffic that causes the device to generate ICMPv6 destination unreachable
messages, end users may be affected. To prevent such attacks, you can disable the device from sending
ICMPv6 destination unreachable messages.
To enable sending ICMPv6 destination unreachable messages:
Display the statistics of IPv6 display udp ipv6 statistics [ | { begin | exclude |
Available in any view.
UDP packets. include } regular-expression ]
114
Task Command Remarks
display ipv6 nd snooping [ ipv6-address | vlan
Display ND snooping
vlan-id ] [ | { begin | exclude | include } Available in any view.
entries.
regular-expression ]
Clear FIB cache entries. reset ipv6 fibcache { slot-number | all } Available in user view.
Clear the path MTU values. reset ipv6 pathmtu { all | static | dynamic} Available in user view.
Clear ND snooping entries. reset ipv6 nd snooping [ ipv6-address | vlan vlan-id ] Available in user view.
Configuration procedure
1. Configure Switch A:
# Enable IPv6.
<SwitchA> system-view
[SwitchA] ipv6
# Specify a global unicast address for VLAN-interface 2.
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ipv6 address 3001::1/64
[SwitchA-Vlan-interface2] quit
115
# Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no
interface advertises RA messages by default).
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ipv6 address 2001::1/64
[SwitchA-Vlan-interface1] undo ipv6 nd ra halt
[SwitchA-Vlan-interface1] quit
2. Configure Switch B:
# Enable IPv6.
<SwitchB> system-view
[SwitchB] ipv6
# Configure a global unicast address for VLAN-interface 2.
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ipv6 address 3001::2/64
[SwitchB-Vlan-interface2] quit
# Configure an IPv6 static route with destination IP address 2001::/64 and next hop address
3001::1.
[SwitchB] ipv6 route-static 2001:: 64 3001::1
3. Configure the host:
# Enable IPv6 for Host to obtain an IPv6 address automatically through IPv6 ND.
# Execute the ping ipv6 command on Switch A to verify the connectivity between Switch A and
Switch B.
[SwitchA] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press CTRL_C to break
Reply from 3001::1
bytes=56 Sequence=0 hop limit=64 time = 3 ms
Reply from 3001::1
bytes=56 Sequence=1 hop limit=64 time = 2 ms
Reply from 3001::1
bytes=56 Sequence=2 hop limit=64 time = 2 ms
Reply from 3001::1
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from 3001::1
bytes=56 Sequence=4 hop limit=64 time = 9 ms
116
Verifying the configuration
# Display the IPv6 interface settings on Switch A. All the IPv6 global unicast addresses configured on the
interface are displayed.
[SwitchA] display ipv6 interface vlan-interface 2 verbose
Vlan-interface2 current state :UP
Line protocol current state :UP
IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:2
Global unicast address(es):
3001::1, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:0
FF02::1:FF00:1
FF02::1:FF00:2
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
IPv6 Packet statistics:
InReceives: 25829
InTooShorts: 0
InTruncatedPkts: 0
InHopLimitExceeds: 0
InBadHeaders: 0
InBadOptions: 0
ReasmReqds: 0
ReasmOKs: 0
InFragDrops: 0
InFragTimeouts: 0
OutFragFails: 0
InUnknownProtos: 0
InDelivers: 47
OutRequests: 89
OutForwDatagrams: 48
InNoRoutes: 0
InTooBigErrors: 0
OutFragOKs: 0
OutFragCreates: 0
InMcastPkts: 6
InMcastNotMembers: 25747
OutMcastPkts: 48
InAddrErrors: 0
InDiscards: 0
OutDiscards: 0
117
[SwitchA] display ipv6 interface vlan-interface 1 verbose
Vlan-interface1 current state :UP
Line protocol current state :UP
IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0
Global unicast address(es):
2001::1, subnet is 2001::/64
Joined group address(es):
FF02::1:FF00:0
FF02::1:FF00:1
FF02::1:FF00:1C0
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 600 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses
IPv6 Packet statistics:
InReceives: 272
InTooShorts: 0
InTruncatedPkts: 0
InHopLimitExceeds: 0
InBadHeaders: 0
InBadOptions: 0
ReasmReqds: 0
ReasmOKs: 0
InFragDrops: 0
InFragTimeouts: 0
OutFragFails: 0
InUnknownProtos: 0
InDelivers: 159
OutRequests: 1012
OutForwDatagrams: 35
InNoRoutes: 0
InTooBigErrors: 0
OutFragOKs: 0
OutFragCreates: 0
InMcastPkts: 79
InMcastNotMembers: 65
OutMcastPkts: 938
InAddrErrors: 0
InDiscards: 0
OutDiscards: 0
118
# Display the IPv6 interface settings on Switch B. All the IPv6 global unicast addresses configured on the
interface are displayed.
[SwitchB] display ipv6 interface vlan-interface 2 verbose
Vlan-interface2 current state :UP
Line protocol current state :UP
IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234
Global unicast address(es):
3001::2, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:0
FF02::1:FF00:2
FF02::1:FF00:1234
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
IPv6 Packet statistics:
InReceives: 117
InTooShorts: 0
InTruncatedPkts: 0
InHopLimitExceeds: 0
InBadHeaders: 0
InBadOptions: 0
ReasmReqds: 0
ReasmOKs: 0
InFragDrops: 0
InFragTimeouts: 0
OutFragFails: 0
InUnknownProtos: 0
InDelivers: 117
OutRequests: 83
OutForwDatagrams: 0
InNoRoutes: 0
InTooBigErrors: 0
OutFragOKs: 0
OutFragCreates: 0
InMcastPkts: 28
InMcastNotMembers: 0
OutMcastPkts: 7
InAddrErrors: 0
InDiscards: 0
OutDiscards: 0
# Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they
are connected.
119
CAUTION:
When you ping a link-local address, you should use the -i parameter to specify an interface for the
link-local address.
The output shows that Switch B can ping Switch A and the host.
Solution
1. Use the display current-configuration command in any view or the display this command in system
view to verify that IPv6 is enabled. For more information about the display current-configuration
command, see Fundamentals Configuration Guide.
2. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface
is correct and the interface is up.
3. Use the debugging ipv6 packet command in user view to enable the debugging for IPv6 packets
to help locate the cause.
120
IP routing basics
IP routing directs IP packet forwarding on routers based on a routing table. This book focuses on unicast
routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration
Guide.
Routing table
A router maintains at least two routing tables: a global routing table and a FIB. The FIB table contains
only the optimal routes, and the global routing table contains all routes. The router uses the FIB table to
forward packets.
Table 9 categorizes routes by different criteria.
Table 9 Route categories
Criterion Categories
Network routeDestination is a network. The subnet mask is less than 32 bits.
Destination
Host routeDestination is a host. The subnet mask is 32 bits.
Whether the Direct routeDestination is directly connected.
destination is directly
Indirect routeDestination is indirectly connected.
connected
Direct routeA direct route is discovered by the data link protocol on an interface,
and is also called an "interface route."
Origin
Static routeA static route is manually configured by an administrator.
Dynamic routeA dynamic route is dynamically discovered by a routing protocol.
To view brief information about a routing table, use the display ip routing-table command:
<Sysname> display ip routing-table
Routing Tables: Public
Destinations : 7 Routes : 7
121
NextHopNext hop.
InterfaceOutput interface.
Route preference
Routing protocols (including static and direct routing) each by default have a preference. If they find
multiple routes to the same destination, the router selects the route with the highest preference as the
optimal route.
The preference of a direct route is always 0 and cannot be changed. You can configure a preference for
each static route and each dynamic routing protocol as required. The following table lists the route types
and default preferences. The smaller the value, the higher the preference.
Table 10 Route types and default route preferences
OSPF 10
IS-IS 15
Static route 60
RIP 100
IBGP 255
EBGP 255
Route backup
Route backup can improve network availability. Among multiple routes to the same destination, the route
with the highest priority is the primary route, and others are secondary routes.
The router forwards matching packets through the primary route. When the primary route fails, the route
with the highest preference among the secondary routes is selected to forward packets. When the
primary route recovers, the router uses it to forward packets.
122
Task Command Remarks
display ip routing-table ip-address [ mask
Display information about routes to | mask-length ] [ longer-match ]
Available in any view.
a specific destination address. [ verbose ] [ | { begin | exclude |
include } regular-expression ]
123
Configuring static routing
Static routes are manually configured. If a network's topology is simple, you only need to configure static
routes for the network to work properly.
Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the
network, the network administrator must modify the static routes manually.
Optional.
4. Delete all static
routes, including delete static-routes all To delete one static route,
the default route. use the undo ip
route-static command.
124
Displaying and maintaining static routes
Task Command Remarks
display ip routing-table protocol static [ inactive |
Available in any
Display static route information. verbose ] [ | { begin | exclude | include }
view.
regular-expression ]
Configuration procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure static routes:
# Configure a default route on Switch A.
<SwitchA> system-view
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
# Configure two static routes on Switch B.
<SwitchB> system-view
[SwitchB] ip route-static 1.1.2.0 255.255.255.0 1.1.4.1
[SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.5.6
# Configure a default route on Switch C.
<SwitchC> system-view
[SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.5.5
3. Configure the default gateways of hosts A, B, and C as 1.1.2.3, 1.1.6.1, and 1.1.3.1,
respectively. (Details not shown.)
4. Verify the configuration:
# Display the IP routing table on Switch A.
[SwitchA] display ip routing-table
125
Routing Tables: Public
Destinations : 7 Routes : 7
126
Tracing route to 1.1.2.2 over a maximum of 30 hops
Trace complete.
127
Configuring IPv6 static routing
Overview
Static routes are manually configured. If a network's topology is simple, you only need to configure static
routes for the network to work properly.
Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the
network, the network administrator has to modify the static routes manually.
Similar to IPv4 static routes, IPv6 static routes work well in simple IPv6 network environments.
Optional.
128
IPv6 static routing configuration example
Network requirements
As shown in Figure 54, configure IPv6 static routes so that hosts can reach one another.
Figure 54 Network diagram
Configuration procedure
1. Configure the IPv6 addresses for all VLAN interfaces. (Details not shown.)
2. Configure IPv6 static routes:
# Enable IPv6 and configure an IPv6 static route on Switch A.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] ipv6 route-static :: 0 4::2
# Enable IPv6 and configure two IPv6 static routes on Switch B.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] ipv6 route-static 1:: 64 4::1
[SwitchB] ipv6 route-static 3:: 64 5::1
# Enable IPv6 and configure an IPv6 static route on Switch C.
<SwitchC> system-view
[SwitchC] ipv6
[SwitchC] ipv6 route-static :: 0 5::2
3. Configure the IPv6 addresses for all the hosts based on the network diagram, and configure the
default gateway of Host A as 1::1, Host B as 2::1, and Host C as 3::1.
4. Verify the configuration:
# Display the IPv6 routing table of Switch A.
[SwitchA] display ipv6 routing-table
Routing Table : Public
Destinations : 5 Routes : 5
129
Interface : Vlan-interface200 Cost : 0
130
Configuring RIP
Routing Information Protocol (RIP) is a distance-vector simple interior gateway protocol suited to
small-sized networks. It employs UDP to exchange route information through port 520.
Overview
RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly
connected network is 0. The hop count from a router to a directly connected router is 1. To limit
convergence time, RIP restricts the metric range from 0 to 15. A destination of a metric value of 16 (or
greater) is considered unreachable. For this reason, RIP is not suitable for large-sized networks.
RIP timers
RIP uses the following timers:
Update timerSpecifies the interval between route updates.
Timeout timerSpecifies the route aging time. If no update for a route is received within the aging
time, the metric of the route is set to 16.
Suppress timerSpecifies the duration a RIP route stays in suppressed state. When the metric of a
route is 16, the route enters the suppressed state. A suppressed route can be replaced by an
updated route that is received from the same neighbor before the suppress timer expires and has a
metric less than 16.
Garbage-collect timerSpecifies the interval from when the metric of a route becomes 16 to when
it is deleted from the routing table. RIP advertises the route with a metric of 16. If no update is
announced for that route before the garbage-collect timer expires, the route is deleted from the
routing table.
131
Split horizonDisables RIP from sending routing information on the interface from which the
information was learned to prevent routing loops and save bandwidth.
Poison reverseEnables RIP to set the metric of routes received from a neighbor to 16 and sends
back these routes to the neighbor so the neighbor can delete the information from its routing table
to prevent routing loops.
Triggered updatesRIP immediately advertises triggered updates for topology changes to reduce
the possibility of routing loops and to speed up convergence.
RIP operation
RIP uses the following workflow:
1. RIP sends request messages to neighboring routers. Neighboring routers return response
messages containing routing tables.
2. To learn the latest routing information, all RIP routers on the network use the received responses to
update the local routing table and send triggered update messages to its neighbors.
3. RIP periodically sends the local routing table to its neighbors. After a RIP neighbor receives the
message, it updates its routing table, selects optimal routes, and sends an update to other
neighbors. RIP ages routes to keep only valid routes.
RIP versions
There are two RIP versions, RIPv1 and RIPv2.
RIPv1 is a classful routing protocol. It advertises messages through broadcast only. RIPv1 messages do
not carry mask information, so RIPv1 can only recognize natural networks such as Class A, B, and C. For
this reason, RIPv1 does not support non-contiguous subnets.
RIPv2 is a classless routing protocol and has the following advantages over RIPv1:
Supports route tags to implement flexible route control through routing policies.
Supports masks, route summarization, and CIDR.
Supports designated next hops to select the best ones on broadcast networks.
Supports multicasting route updates so only RIPv2 routers can receive these updates to reduce
resource consumption.
Supports simple authentication and MD5 authentication to enhance security.
RIPv2 supports two transmission modes: broadcast and multicast. Multicast is the default mode, and uses
224.0.0.9 as the multicast address. An interface operating in the RIPv2 broadcast mode can also
receive RIPv1 messages.
132
RIP configuration task list
Task Remarks
Configuring basic RIP Required
Tuning and Enabling zero field check on incoming RIPv1 messages Optional
optimizing
Enabling source IP address check on incoming RIP updates Optional
RIP
networks Configuring RIPv2 message authentication Optional
Enabling RIP
Perform this task to create a RIP process and enable the RIP process on the interface attached to the
specified network. An interface that is not on the specified network does not run RIP.
If you configure RIP settings in interface view before enabling RIP, the settings do not take effect until RIP
is enabled. If a physical interface is attached to multiple networks, you cannot advertise these networks
in different RIP processes.
To enable RIP:
133
Step Command Remarks
3. Enable RIP on the interface
By default, RIP is disabled on
attached to the specified network network-address
interfaces.
network.
interface interface-type
5. Enter interface view. N/A
interface-number
134
Step Command Remarks
Optional.
By default, if an interface has an
interface-specific RIP version, the
version takes precedence over the
global one. If no interface-specific
3. Specify a global RIP version. version { 1 | 2 } RIP version is specified, the
interface can send RIPv1
broadcasts, and receive RIPv1
broadcasts and unicasts, and
RIPv2 broadcasts, multicasts, and
unicasts.
4. Return to system view. quit N/A
interface interface-type
5. Enter interface view. N/A
interface-number
Optional.
By default, if an interface has no
RIP version specified, the global
6. Specify a RIP version for the rip version { 1 | 2 [ broadcast | version takes effect. If no global RIP
interface. multicast ] } version is specified, the interface
can send RIPv1 broadcasts, and
receive RIPv1 broadcasts and
unicasts, and RIPv2 broadcasts,
multicasts, and unicasts.
interface interface-type
2. Enter interface view. N/A
interface-number
135
Step Command Remarks
3. Specify an inbound Optional.
rip metricin value
additional routing metric. The default setting is 0.
Optional.
By default, RIPv2 automatic route
summarization is enabled.
3. Enable RIPv2 automatic route
summary If the subnets in the routing table are not
summarization.
contiguous, disable automatic route
summarization to advertise more specific
routes.
interface interface-type
5. Enter interface view. N/A
interface-number
136
Step Command Remarks
rip summary-address ip-address
6. Configure a summary route. N/A
{ mask | mask-length }
interface interface-type
5. Enter interface view. N/A
interface-number
Optional.
rip default-route { { only | By default, a RIP interface can
6. Configure the RIP interface to
originate } [ cost cost ] | advertise a default route if the RIP
advertise a default route.
no-originate } process is configured with default
route advertisement.
NOTE:
The router enabled to advertise a default route does not receive default routes from RIP neighbors.
137
Configuring inbound/outbound route filtering
Perform this task to filter inbound and outbound routes by using an ACL or IP prefix list. You can also
configure RIP to receive routes only from a specified neighbor.
To configure route filtering:
138
Step Command Remarks
2. Enter RIP view. rip [ process-id ] N/A
Configuration prerequisites
Before you tune and optimize RIP networks, complete the following tasks:
Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
Configure basic RIP.
Optional.
By default:
timers { garbage-collect The update timer is 30s.
garbage-collect-value |
3. Configure RIP timers.
The timeout timer is 180s.
suppress suppress-value |
timeout timeout-value | update The suppress timer is 120s.
update-value } * The garbage-collect timer is 120s.
HP recommends that you not change the
default values of these timers.
139
To enable split horizon:
interface interface-type
2. Enter interface view. N/A
interface-number
Optional.
3. Enable split horizon. rip split-horizon
By default, split horizon is enabled.
interface interface-type
2. Enter interface view. N/A
interface-number
Optional.
3. Configure the maximum
maximum load-balancing number By default, the maximum number of
number of ECMP routes.
ECMP routes is 6.
140
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter RIP view. rip [ process-id ] N/A
Perform this task to enable source IP address check on incoming RIP updates.
Upon receiving a message on an Ethernet interface, RIP compares the source IP address of the
message with the IP address of the interface. If they are not in the same network segment, RIP
discards the message.
Upon receiving a message on a serial interface, RIP checks whether the source address of the
message is the IP address of the peer interface. If not, RIP discards the message.
To enable source IP address check on incoming RIP updates:
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type interface-number
141
Specifying a RIP neighbor
Usually, RIP sends messages to broadcast or multicast addresses. On non-broadcast or multicast links,
you must manually specify RIP neighbors.
Follow these guidelines when you specify a RIP neighbor:
Do not use the peer ip-address command when the neighbor is directly connected. Otherwise, the
neighbor might receive both the unicast and multicast (or broadcast) of the same routing
information.
If a specified neighbor is not directly connected, disable source address check on incoming
updates.
To specify a RIP neighbor:
Optional.
2. Bind RIP to MIB. rip mib-binding process-id By default, MIB is bound to RIP
process 1.
142
Step Command Remarks
3. Specify the interval for
Optional.
sending RIP packets and the
maximum number of RIP output-delay time count count By default, an interface sends up to
packets that can be sent at three RIP packets every 20
each interval. milliseconds.
Reset a RIP process. reset rip process-id process Available in user view.
Clear the statistics of a RIP process. reset rip process-id statistics Available in user view.
Configuration procedure
1. Configure IP address for interfaces. (Details not shown.)
143
2. Configure basic RIP:
# Configure Switch A.
[SwitchA] rip
[SwitchA-rip-1] network 192.168.1.0
[SwitchA-rip-1] network 172.16.0.0
[SwitchA-rip-1] network 172.17.0.0
[SwitchA-rip-1] quit
# Configure Switch B.
[SwitchB] rip
[SwitchB-rip-1] network 192.168.1.0
[SwitchB-rip-1] network 10.0.0.0
[SwitchB-rip-1] quit
# Display the RIP routing table on Switch A.
[SwitchA] display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------------------
Peer 192.168.1.2 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
10.0.0.0/8 192.168.1.2 1 0 RA 11
The output shows that RIPv1 uses a natural mask.
3. Configure RIP version:
# Configure RIPv2 on Switch A.
[SwitchA] rip
[SwitchA-rip-1] version 2
[SwitchA-rip-1] undo summary
[SwitchA-rip-1] quit
# Configure RIPv2 on Switch B.
[SwitchB] rip
[SwitchB-rip-1] version 2
[SwitchB-rip-1] undo summary
# Display the RIP routing table on Switch A.
[SwitchA] display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------------------
Peer 192.168.1.2 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
10.0.0.0/8 192.168.1.2 1 0 RA 50
10.2.1.0/24 192.168.1.2 1 0 RA 16
10.1.1.0/24 192.168.1.2 1 0 RA 16
The output shows that RIPv2 uses classless subnet masks.
NOTE:
After RIPv2 is configured, RIPv1 routes might still exist in the routing table until they are aged out.
144
Configuring RIP route redistribution
Network requirements
As shown in Figure 56, Switch B communicates with Switch A through RIP 100 and with Switch C through
RIP 200.
Configure RIP 200 to redistribute direct routes and routes from RIP 100 on Switch B so Switch C can learn
routes destined for 10.2.1.0/24 and 11.1.1.0/24. Switch A cannot learn routes destined for 12.3.1.0/24
and 16.4.1.0/24.
Configure Switch B to not advertise route 10.2.1.1/24 to Switch C.
Figure 56 Network diagram
Configuration procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure basic RIP:
# Enable RIP 100 and configure RIPv2 on Switch A.
<SwitchA> system-view
[SwitchA] rip 100
[SwitchA-rip-100] network 10.0.0.0
[SwitchA-rip-100] network 11.0.0.0
[SwitchA-rip-100] version 2
[SwitchA-rip-100] undo summary
[SwitchA-rip-100] quit
# Enable RIP 100 and RIP 200, and configure RIPv2 on Switch B.
<SwitchB> system-view
[SwitchB] rip 100
[SwitchB-rip-100] network 11.0.0.0
[SwitchB-rip-100] version 2
[SwitchB-rip-100] undo summary
[SwitchB-rip-100] quit
[SwitchB] rip 200
[SwitchB-rip-200] network 12.0.0.0
[SwitchB-rip-200] version 2
[SwitchB-rip-200] undo summary
[SwitchB-rip-200] quit
# Enable RIP 200 and configure RIPv2 on Switch C.
<SwitchC> system-view
[SwitchC] rip 200
[SwitchC-rip-200] network 12.0.0.0
[SwitchC-rip-200] network 16.0.0.0
145
[SwitchC-rip-200] version 2
[SwitchC-rip-200] undo summary
[SwitchC-rip-200] quit
# Display the IP routing table on Switch C.
[SwitchC] display ip routing-table
Routing Tables: Public
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
12.3.1.0/24 Direct 0 0 12.3.1.2 Vlan200
12.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0
16.4.1.0/24 Direct 0 0 16.4.1.1 Vlan400
16.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
3. Configure route redistribution:
# Configure RIP 200 to redistribute routes from RIP 100 and direct routes on Switch B.
[SwitchB] rip 200
[SwitchB-rip-200] import-route rip 100
[SwitchB-rip-200] import-route direct
[SwitchB-rip-200] quit
# Display the IP routing table on Switch C.
[SwitchC] display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
10.2.1.0/24 RIP 100 1 12.3.1.1 Vlan200
11.1.1.0/24 RIP 100 1 12.3.1.1 Vlan200
12.3.1.0/24 Direct 0 0 12.3.1.2 Vlan200
12.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0
16.4.1.0/24 Direct 0 0 16.4.1.1 Vlan400
16.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
4. Configure RIP to filter redistributed routes:
# Configure ACL 2000 on Switch B to filter routes redistributed from RIP 100 to not advertise to
Switch C.
[SwitchB] acl number 2000
[SwitchB-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255
[SwitchB-acl-basic-2000] rule permit
[SwitchB-acl-basic-2000] quit
[SwitchB] rip 200
[SwitchB-rip-200] filter-policy 2000 export rip 100
# Display the IP routing table on Switch C.
[SwitchC] display ip routing-table
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
146
11.1.1.0/24 RIP 100 1 12.3.1.1 Vlan200
12.3.1.0/24 Direct 0 0 12.3.1.2 Vlan200
12.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0
16.4.1.0/24 Direct 0 0 16.4.1.1 Vlan400
16.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
Configuration procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure basic RIP:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] rip 1
[SwitchA-rip-1] network 1.0.0.0
[SwitchA-rip-1] version 2
[SwitchA-rip-1] undo summary
[SwitchA-rip-1] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] rip 1
[SwitchB-rip-1] network 1.0.0.0
[SwitchB-rip-1] version 2
[SwitchB-rip-1] undo summary
# Configure Switch C.
<SwitchC> system-view
[SwitchB] rip 1
147
[SwitchC-rip-1] network 1.0.0.0
[SwitchC-rip-1] version 2
[SwitchC-rip-1] undo summary
# Configure Switch D.
<SwitchD> system-view
[SwitchD] rip 1
[SwitchD-rip-1] network 1.0.0.0
[SwitchD-rip-1] version 2
[SwitchD-rip-1] undo summary
# Configure Switch E.
<SwitchE> system-view
[SwitchE] rip 1
[SwitchE-rip-1] network 1.0.0.0
[SwitchE-rip-1] version 2
[SwitchE-rip-1] undo summary
# Display the IP routing table on Switch A.
[SwitchA] display rip 1 database
1.0.0.0/8, cost 0, ClassfulSumm
1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface
1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface
1.1.3.0/24, cost 1, nexthop 1.1.1.2
1.1.4.0/24, cost 1, nexthop 1.1.2.2
1.1.5.0/24, cost 2, nexthop 1.1.1.2
1.1.5.0/24, cost 2, nexthop 1.1.2.2
The output shows that two RIP routes can reach network 1.1.5.0/24. Their next hops are Switch
B (1.1.1.2) and Switch C (1.1.2.2), respectively, with the same cost of 2. Switch C is the next hop
router to reach network 1.1.4.0/24, with a cost of 1.
3. Configure an additional metric of 3 for RIP-enabled VLAN-interface 200 on Switch A.
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] rip metricin 3
[SwitchA-Vlan-interface200] display rip 1 database
1.0.0.0/8, cost 0, ClassfulSumm
1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface
1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface
1.1.3.0/24, cost 1, nexthop 1.1.1.2
1.1.4.0/24, cost 2, nexthop 1.1.1.2
1.1.5.0/24, cost 2, nexthop 1.1.1.2
The output shows that only one RIP route reaches network 1.1.5.0/24, with the next hop as Switch
B (1.1.1.2) and a cost of 2.
Troubleshooting RIP
No RIP updates received
Symptom
No RIP updates are received when the links work correctly.
148
Analysis
After enabling RIP, use the network command to enable corresponding interfaces. Make sure no
interfaces are disabled from handling RIP messages.
If the peer is configured to send multicast messages, the same should be configured on the local end.
Solution
Use the display current-configuration command to verify RIP configuration.
Use the display rip command to verify whether an interface is disabled.
Analysis
Make sure that all the same timers within the entire RIP network are identical and have logical
relationships between them. For example, the timeout timer value should be greater than the update
timer value.
Solution
Use the display rip command to verify the configuration of RIP timers.
Use the timers command to adjust timers properly.
149
Configuring RIPng
Overview
RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng.
RIPng for IPv6 has the following basic differences from RIP:
UDP port numberRIPng uses UDP port 521 for sending and receiving routing information.
Multicast addressRIPng uses FF02::9 as the link-local-router multicast address.
Destination Prefix128-bit destination address prefix.
Next hop128-bit IPv6 address.
Source addressRIPng uses FE80::/10 as the link-local source address.
150
Figure 58 RIPng basic packet format
RTE format
The following are types of RTEs in RIPng:
Next hop RTEDefines the IPv6 address of a next hop.
IPv6 prefix RTEDescribes the destination IPv6 address, route tag, prefix length, and metric in the
RIPng routing table.
Figure 59 Next hop RTE format
IPv6 next hop address is the IPv6 address of the next hop.
Figure 60 IPv6 prefix RTE format
151
2. When a RIPng neighbor receives the request packet, it sends back a response packet that contains
the local routing table. RIPng can also periodically advertise route updates in response packets or
advertise a triggered update caused by a route change.
The RIPng router processes RTEs in the request. If only one RTE exists with the IPv6 prefix and prefix
length of 0 and a metric value of 16, the RIPng router responds with the entire routing table
information in response messages. If multiple RTEs exist in the request message, the RIPng router
examines each RTE, updates its metric, and sends the requested routing information to the
requesting router in the response packet.
3. After receiving the response, the requesting RIPng router checks the validity of the response (for
example, whether the source IPv6 address is the link-local address and whether the port number is
correct) before adding routes to its routing table. A response packet that fails the check is
discarded.
Tuning and optimizing RIPng Configuring split horizon and poison reverse Optional
networks Configuring zero field check on RIPng packets Optional
Configuration prerequisites
Before you configure RIPng basic functions, complete the following tasks:
Enable IPv6 packet forwarding.
Configure an IP address for each interface, and make sure all nodes are reachable to one another.
152
Configuration procedure
To configure the basic RIPng functions:
interface interface-type
4. Enter interface view. N/A
interface-number
5. Enable RIPng on the interface. ripng process-id enable Disabled by default.
NOTE:
If RIPng is not enabled on an interface, the interface does not send or receive any RIPng route.
153
Configuring RIPng route summarization
Step Command
1. Enter system view. system-view
2. Enter interface view. interface interface-type interface-number
3. Advertise a summary IPv6 prefix. ripng summary-address ipv6-address prefix-length
interface interface-type
2. Enter interface view. N/A
interface-number
154
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter RIPng view. ripng [ process-id ] N/A
Optional.
3. Configure a RIPng priority. preference preference By default, the RIPng priority is
100.
Optional.
3. Configure a default routing
default cost cost The default metric of redistributed
metric for redistributed routes.
routes is 0.
4. Redistribute routes from import-route protocol [ process-id ] No route redistribution is
another routing protocol. [ cost cost ] * configured by default.
Configuration prerequisites
Before tuning and optimizing the RIPng network, complete the following tasks:
Configure a network layer address for each interface.
Configure the basic RIPng functions.
155
Step Command Remarks
Optional.
The RIPng timers have the following
defaults:
timers { garbage-collect
garbage-collect-value | suppress Update timer30 seconds.
3. Configure RIPng
timers.
suppress-value | timeout Timeout timer180 seconds.
timeout-value | update Suppress timer20 seconds.
update-value } *
Garbage-collect timer20 seconds.
HP recommends that you not change the
default values of these timers.
interface interface-type
2. Enter interface view. N/A
interface-number
interface interface-type
2. Enter interface view. N/A
interface-number
3. Enable the poison reverse
ripng poison-reverse Disabled by default.
function.
156
If you are sure that all packets are trustworthy, disable the zero field check to reduce the CPU processing
time.
To configure RIPng zero field check:
Optional.
3. Enable the zero field check. checkzero
Enabled by default.
Reset a RIPng process. reset ripng process-id process Available in user view.
Clear statistics of a RIPng process. reset ripng process-id statistics Available in user view.
157
RIPng configuration examples
Configure RIPng basic functions
Network requirements
As shown in Figure 61, all switches run RIPng. Configure Switch B to filter the route (3::/64) learned from
Switch C, which means the route is not added to the routing table of Switch B, and Switch B does not
forward it to Switch A.
Figure 61 Network diagram
Configuration procedure
1. Configure the IPv6 address for each interface. (Details not shown.)
2. Configure basic RIPng functions:
# Configure Switch A.
<SwitchA> system-view
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 1 enable
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 400
[SwitchA-Vlan-interface400] ripng 1 enable
[SwitchA-Vlan-interface400] quit
# Configure Switch B.
<SwitchB> system-view
[SwitchB] ripng 1
[SwitchB-ripng-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] ripng 1 enable
[SwitchB-Vlan-interface200] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 1 enable
[SwitchB-Vlan-interface100] quit
# Configure Switch C.
<SwitchC> system-view
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] ripng 1 enable
[SwitchC-Vlan-interface200] quit
158
[SwitchC] interface vlan-interface 500
[SwitchC-Vlan-interface500] ripng 1 enable
[SwitchC-Vlan-interface500] quit
[SwitchC] interface vlan-interface 600
[SwitchC-Vlan-interface600] ripng 1 enable
[SwitchC-Vlan-interface600] quit
# Display the routing table of Switch B.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
159
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Configuration procedure
1. Configure IPv6 addresses for the interfaces. (Details not shown.)
2. Configure RIPng basic functions:
# Enable RIPng 100 on Switch A.
<SwitchA> system-view
160
[SwitchA] ripng 100
[SwitchA-ripng-100] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 100 enable
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ripng 100 enable
[SwitchA-Vlan-interface200] quit
# Enable RIP 100 and RIP 200 on Switch B.
<SwitchB> system-view
[SwitchB] ripng 100
[SwitchB-ripng-100] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 100 enable
[SwitchB-Vlan-interface100] quit
[SwitchB] ripng 200
[SwitchB-ripng-200] quit
[SwitchB] interface vlan-interface 300
[SwitchB-Vlan-interface300] ripng 200 enable
[SwitchB-Vlan-interface300] quit
# Enable RIPng 200 on Switch C.
<SwitchC> system-view
[SwitchC] ripng 200
[SwitchC] interface vlan-interface 300
[SwitchC-Vlan-interface300] ripng 200 enable
[SwitchC-Vlan-interface300] quit
[SwitchC] interface vlan-interface 400
[SwitchC-Vlan-interface400] ripng 200 enable
[SwitchC-Vlan-interface400] quit
# Display the routing table of Switch A.
[SwitchA] display ipv6 routing-table
Routing Table :
Destinations : 6 Routes : 6
161
Interface : Vlan200 Cost : 0
162
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0d
163
Support and other resources
Contacting HP
For worldwide technical support information, see the HP support website:
http://www.hp.com/support
Before contacting HP, collect the following information:
Product model names and numbers
Technical support registration number (if applicable)
Product serial numbers
Error messages
Operating system type and revision level
Detailed questions
Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website:
http://www.hp.com/go/wwalerts
After registering, you will receive email notification of product enhancements, new driver versions,
firmware updates, and other product resources.
Related information
Documents
To find related documents, browse to the Manuals page of the HP Business Support Center website:
http://www.hp.com/support/manuals
For related documentation, navigate to the Networking section, and select a networking category.
For a complete list of acronyms and their definitions, see HP FlexNetwork Technology Acronyms.
Websites
HP.com http://www.hp.com
HP Networking http://www.hp.com/go/networking
HP manuals http://www.hp.com/support/manuals
HP download drivers and software http://www.hp.com/support/downloads
HP software depot http://www.software.hp.com
HP Education http://www.hp.com/learn
164
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.
The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.
GUI conventions
Convention Description
Window names, button names, field names, and menu items are in bold text. For
Boldface
example, the New User window appears; click OK.
> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
Convention Description
An alert that calls attention to important information that if not understood or followed can
WARNING result in personal injury.
An alert that calls attention to important information that if not understood or followed can
CAUTION result in data loss, data corruption, or damage to hardware or software.
165
Network topology icons
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.
166
Index
ABCDEIOPRSTU
A Configuring the DHCP relay agent to handle Option
82,45
Applying an extended address pool on an
Configuring the DHCP relay agent to release an IP
interface,30
address,45
Assigning an IP address to an interface,11
Configuring the DHCP server security functions,31
B Configuring the DNS proxy,69
Basic static route configuration example,125 Configuring the IPv4 DNS client,67
BOOTP application,62 Configuring the IPv6 DNS client,76
BOOTP client configuration example,63 Configuring the maximum number of dynamic ARP
entries for an interface,4
C
Configuring UDP helper,90
Configuration guidelines,7 Contacting HP,164
Configuration procedure,90 Conventions,165
Configuration procedure,8 Correlating a DHCP server group with a relay agent
Configuring a static ARP entry,3 interface,41
Configuring a static route,124 D
Configuring an address pool on the DHCP server,22
DHCP address allocation,12
Configuring an interface to dynamically obtain an IP
address through BOOTP,63 DHCP client configuration example,51
Configuring basic IPv6 functions,102 DHCP message format,14
Configuring basic RIP,133 DHCP options,15
Configuring DHCP snooping basic functions,55 DHCP relay agent configuration examples),47
Configuring DHCP snooping entries backup,57 DHCP relay agent configuration task list,40
Configuring DHCP snooping to support Option 82,56 DHCP server configuration examples,34
Configuring DNS spoofing,69 DHCP server configuration task list,21
Configuring ICMP to send error packet,87 DHCP snooping configuration example,60
Configuring ICMPv6 packet sending,112 DHCP snooping configuration task list,55
Configuring IPv6 FIB forwarding,111 DHCP snooping Option 82 support configuration
example,60
Configuring IPv6 ND,105
Displaying and maintaining a routing table,122
Configuring IPv6 static routing,128
Displaying and maintaining ARP,5
Configuring IPv6 TCP properties,111
Displaying and maintaining BOOTP client
Configuring path MTU discovery,110
configuration,63
Configuring RIP route control,135
Displaying and maintaining DHCP snooping,59
Configuring RIPng basic functions,152
Displaying and maintaining IP addressing,11
Configuring RIPng route control,153
Displaying and maintaining IP performance
Configuring TCP attributes,86 optimization,88
Configuring the DHCP relay agent security Displaying and maintaining IPv4 DNS,69
functions,42
Displaying and maintaining IPv6 basics
configuration,114
167
Displaying and maintaining IPv6 DNS,77 Overview,1
Displaying and maintaining IPv6 static routes,128 Overview,93
Displaying and maintaining RIP,143 Overview,90
Displaying and maintaining RIPng,157 Overview,150
Displaying and maintaining static routes,125 Overview,64
Displaying and maintaining the DHCP client,50 Overview,7
Displaying and maintaining the DHCP relay agent,47 Overview,53
Displaying and maintaining the DHCP server,33 Overview,39
Displaying and maintaining UDP helper,91 P
Dynamic domain name resolution configuration
Protocols and standards,62
example,78
Protocols and standards,19
E
R
Enabling client offline detection,45
Related information,164
Enabling DHCP,41
RIP configuration examples,143
Enabling DHCP,29
RIP configuration task list,133
Enabling DHCP starvation attack protection,58
RIPng configuration examples,158
Enabling DHCP-REQUEST message attack
protection,58 RIPng configuration task list,152
Enabling dynamic ARP entry check,4 Route backup,122
Enabling handling of Option 82,32 Route preference,122
Enabling receiving and forwarding of directed Routing table,121
broadcasts to a directly connected network,84 S
Enabling the DHCP client on an interface,50
Setting the aging timer for dynamic ARP entries,4
Enabling the DHCP relay agent on an interface,41
Specifying the threshold for sending trap messages,32
Enabling the DHCP server on an interface,29
Static ARP entry configuration example,5
I Static domain name resolution configuration
Introduction to DHCP client,50 example,77
IPv4 DNS configuration examples,70 T
IPv6 basics configuration example,115 Troubleshooting DHCP relay agent configuration,49
IPv6 basics configuration task list,101 Troubleshooting DHCP server configuration,38
IPv6 DNS configuration examples,77 Troubleshooting IPv4 DNS configuration,75
IPv6 static routing configuration example,129 Troubleshooting IPv6 basics configuration,120
O Troubleshooting RIP,148
Obtaining an IP address dynamically,62 Tuning and optimizing RIP networks,139
Overview,20 Tuning and optimizing RIPng networks,155
Overview,131 U
Overview,9 UDP helper configuration example,91
Overview,128
168