Beruflich Dokumente
Kultur Dokumente
V100R003C00
Issue
04
Date
2010-01-25
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Website:
http://www.huawei.com
Email:
support@huawei.com
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Contents
Contents
About This Document.....................................................................................................................1
1 IP Addresses Configuration.....................................................................................................1-1
1.1 Overview.........................................................................................................................................................1-2
1.1.1 Introduction to IP Addresses..................................................................................................................1-2
1.1.2 Features of IP Addresses Supported by the S-switch.............................................................................1-2
1.2 Configuring IP Addresses for VLAN interfaces.............................................................................................1-2
1.2.1 Establishing the Configuration Task......................................................................................................1-2
1.2.2 Configuring a Primary IP Address for an VLAN Interface...................................................................1-3
1.2.3 (Optional) Configuring a Secondary IP Address for an VLANIF Interface..........................................1-4
1.2.4 Checking the Configuration...................................................................................................................1-4
1.3 Maintaining.....................................................................................................................................................1-5
1.3.1 Monitoring Network Operation Status...................................................................................................1-5
1.4 Configuration Examples..................................................................................................................................1-5
1.4.1 Example for Configuring Primary and Secondary IP Addresses...........................................................1-5
2 ARP Configuration....................................................................................................................2-1
2.1 Overview.........................................................................................................................................................2-2
2.1.1 Introduction to ARP...............................................................................................................................2-2
2.1.2 Features of ARP Supported by the S-switch..........................................................................................2-2
2.2 Configuring ARP.............................................................................................................................................2-2
2.2.1 Establishing the Configuration Task......................................................................................................2-2
2.2.2 Configuring Static ARP Entries.............................................................................................................2-3
2.2.3 Optimizing Dynamic ARP.....................................................................................................................2-4
2.2.4 Checking the Configuration...................................................................................................................2-4
2.3 Configuring Routed Proxy ARP.....................................................................................................................2-6
2.3.1 Establishing the Configuration Task......................................................................................................2-6
2.3.2 Configuring an IP Addresses for the VLANIF Interface.......................................................................2-6
2.3.3 Enabling Routed Proxy ARP Function..................................................................................................2-7
2.3.4 Checking the Configuration...................................................................................................................2-7
2.4 Configuring Proxy ARP in a VLAN...............................................................................................................2-8
2.4.1 Establishing the Configuration Task......................................................................................................2-8
2.4.2 Setting the IP Address of a VLANIF Interface......................................................................................2-8
2.4.3 Enabling Proxy ARP in a VLAN...........................................................................................................2-9
Issue 04 (2010-01-25)
Contents
3 DNS Configuration....................................................................................................................3-1
3.1 Overview.........................................................................................................................................................3-2
3.1.1 Introduction to DNS...............................................................................................................................3-2
3.1.2 DNS Supported by the S-switch.............................................................................................................3-2
3.2 Configuring DNS............................................................................................................................................3-2
3.2.1 Establishing the Configuration Task......................................................................................................3-2
3.2.2 Configuring Static DNS Entries.............................................................................................................3-3
3.2.3 Configuring Dynamic DNS....................................................................................................................3-3
3.2.4 Checking the Configuration...................................................................................................................3-4
3.3 Maintaining DNS............................................................................................................................................3-5
3.3.1 Clearing DNS Entries.............................................................................................................................3-5
3.3.2 Monitoring Network Operation Status...................................................................................................3-6
3.3.3 Debugging DNS.....................................................................................................................................3-6
3.4 Configuration Examples..................................................................................................................................3-6
3.4.1 Example for Configuring DNS..............................................................................................................3-6
4 DHCP Configuration.................................................................................................................4-1
4.1 Overview.........................................................................................................................................................4-2
4.1.1 Introduction to DHCP............................................................................................................................4-2
4.1.2 DHCP Supported by the S-switch..........................................................................................................4-2
4.2 Configuring the Global Address Pool-based DHCP Server............................................................................4-2
4.2.1 Establishing the Configuration Task......................................................................................................4-2
4.2.2 Configuring the DHCP Global Address Pool........................................................................................4-3
4.2.3 Configure Static IP Address Binding.....................................................................................................4-4
4.2.4 Configuring DNS Services for the DHCP Client...................................................................................4-5
4.2.5 Configuring NetBIOS Services for the DHCP Client............................................................................4-6
4.2.6 Configuring Egress Gateway for the DHCP Client...............................................................................4-7
ii
Issue 04 (2010-01-25)
Contents
5 IP Performance Configuration.................................................................................................5-1
5.1 Overview.........................................................................................................................................................5-2
5.1.1 Introduction to IP Performance..............................................................................................................5-2
5.1.2 IP Performance Supported by the S-switch............................................................................................5-2
5.2 Improving IP Performance..............................................................................................................................5-3
5.2.1 Establishing the Configuration Task......................................................................................................5-3
5.2.2 Verifying the Source IP Address............................................................................................................5-4
Issue 04 (2010-01-25)
iii
Contents
Issue 04 (2010-01-25)
Contents
Issue 04 (2010-01-25)
Contents
vi
Issue 04 (2010-01-25)
Figures
Figures
Figure 1-1 Configuring primary and secondary IP addresses for a VLANIF interface.......................................1-6
Figure 2-1 Networking diagram for configuring static ARP..............................................................................2-14
Figure 2-2 Networking diagram for configuring dynamic ARP........................................................................2-16
Figure 2-3 Networking diagram of configuring proxy ARP..............................................................................2-18
Figure 2-4 Networking diagram of proxy ARP in a VLAN...............................................................................2-20
Figure 2-5 Networking diagram of configuring proxy ARP between VLANs..................................................2-23
Figure 3-1 Networking diagram of DNS..............................................................................................................3-7
Figure 4-1 Networking diagram of the DHCP server and the client that are in the same network segment.....4-30
Figure 4-2 Networking diagram of the DHCP server based on the address pool on the VLANIF interface.....4-33
Figure 4-3 Networking diagram for configuring DHCP relay...........................................................................4-36
Figure 5-1 Networking diagram of configuring ICMP host unreachable packets.............................................5-13
Figure 6-1 Networking for configuring DHCP policy VLAN based on MAC addresses....................................6-8
Figure 6-2 Networking for configuring DHCP policy VLAN based on interfaces...........................................6-10
Figure 7-1 Networking diagram of configuring an IPv6 address for an interface.............................................7-18
Figure 8-1 Single stack and dual stack structures (Ethernet)...............................................................................8-2
Figure 8-2 Schematic diagram of IPv6 over IPv4 tunnel.....................................................................................8-3
Figure 8-3 6to4 tunnel and 6to4 relay..................................................................................................................8-4
Figure 8-4 ISATAP tunnel...................................................................................................................................8-6
Figure 8-5 Networking diagram of the IPv6 over IPv4 manual tunnel..............................................................8-15
Figure 8-6 Networking diagram of the 6to4 tunnel............................................................................................8-19
Figure 8-7 Networking diagram of the ISATAP tunnel.....................................................................................8-22
Issue 04 (2010-01-25)
vii
Feature description
Data preparations
Pre-configuration tasks
Configuration procedures
Configuration examples
This document helps you grasp the configuration procedures and application scenarios of the IP
Service features of the S-switch.
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
S5300
V100R003C00
Intended Audience
This document is intended for:
l
Commissioning engineers
Network administrators
Issue 04 (2010-01-25)
Organization
This document is organized as follows.
Chapter
Description
1 IP Addresses Configuration
2 ARP Configuration
3 DNS Configuration
4 DHCP Configuration
5 IP Performance Configuration
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 04 (2010-01-25)
Symbol
Description
TIP
NOTE
General Conventions
Convention
Description
Boldface
Italic
Courier New
Command Conventions
Issue 04 (2010-01-25)
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... } *
[ x | y | ... ] *
&<1-n>
GUI Conventions
Convention
Description
boldface
>
Keyboard Operations
Convention
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, F means the
two keys should be pressed in turn.
Mouse Operations
Convention
Description
Click
Select and release the primary mouse button without moving the
pointer.
Double-click
Drag
Press and hold the primary mouse button and move the pointer
to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
ACL Configuration and ACL6 Configuration are moved from Quidway S5300 Series
Ethernet Switches Configuration - IP Service to Quidway S5300 Series Ethernet
Switches Configuration - Security.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
Issue 04 (2010-01-25)
Issue 04 (2010-01-25)
1 IP Addresses Configuration
IP Addresses Configuration
Issue 04 (2010-01-25)
1-1
1 IP Addresses Configuration
1.1 Overview
This section describes the principle and concepts of the IP address.
1.1.1 Introduction to IP Addresses
1.1.2 Features of IP Addresses Supported by the S-switch
Pre-configuration Tasks
Before configuring an IP address for an VLANIF interface, complete the following tasks:
1-2
Issue 04 (2010-01-25)
1 IP Addresses Configuration
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IP addresses for an VLANIF interface, you need the following data.
No.
Data
(Optional) Secondary IP address and subnet mask for the VLANIF interface
Subordinate IP addresses are required when an VLANIF interface needs multiple addresses.
Procedure
Step 1 Run:
system-view
Or
ip address dhcp-alloc
1-3
1 IP Addresses Configuration
Procedure
Step 1 Run:
system-view
Command
Run the display ip interface command. If the physical status and link protocol status of the
interface are Up, it means that the configuration succeeds.
<Quidway> display ip interface brief vlanif 1
*down: administratively down
(l): loopback
(s): spoofing
Interface
IP Address
Physical
Vlanif1
192.168.32.22
up
Protocol
up
Description
Huawei,Quidway
Run the display interface command. If information about the IP address and mask of the
interface is displayed, it means that the configuration succeeds. For example:
<Quidway> display interface vlanif 1
Vlanif1 current state : UP
Line protocol current state : UP
1-4
Issue 04 (2010-01-25)
1 IP Addresses Configuration
Output:
1.3 Maintaining
This section describes how to view configurations about IP addresses.
1.3.1 Monitoring Network Operation Status
Command
Issue 04 (2010-01-25)
1-5
1 IP Addresses Configuration
Figure 1-1 Configuring primary and secondary IP addresses for a VLANIF interface
S-switch
GE 0/0/1
PC 1
172.16.1.1/24
GE 0/0/2
PC 2
172.16.2.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Configure a primary IP address for the VLANIF interface and then configure a secondary
IP address for the interface.
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
If you assign only one IP address to the VLANIF interface on the S-switch, you can access
certain hosts through the S-switch. To access all the hosts in the network through the S-switch,
you need to assign a secondary IP address to the VLANIF interface.
1.
2.
3.
1-6
ms
ms
ms
ms
ms
Issue 04 (2010-01-25)
1 IP Addresses Configuration
# Ping the host PC2 from the device. The ping succeeds.
[Quidway] ping 172.16.2.1
PING 172.16.2.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.1: bytes=56 Sequence=1 ttl=128 time=25
Reply from 172.16.2.1: bytes=56 Sequence=2 ttl=128 time=26
Reply from 172.16.2.1: bytes=56 Sequence=3 ttl=128 time=26
Reply from 172.16.2.1: bytes=56 Sequence=4 ttl=128 time=26
Reply from 172.16.2.1: bytes=56 Sequence=5 ttl=128 time=26
--- 172.16.2.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
ms
ms
ms
ms
ms
Configuration Files
The configuration file of the device is as follows:
#
interface Vlanif1
ip address 172.16.1.2 255.255.255.0
ip address 172.16.2.2 255.255.255.0 sub
#
Issue 04 (2010-01-25)
1-7
2 ARP Configuration
ARP Configuration
Issue 04 (2010-01-25)
2-1
2 ARP Configuration
2.1 Overview
This section describes the basic principle and concepts of the Address Resolution Protocol
(ARP).
2.1.1 Introduction to ARP
2.1.2 Features of ARP Supported by the S-switch
2-2
The packets whose destination IP address is in another network segment traverse a gateway
of the segment so that the gateway can forward the packets to their destination.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
Issue 04 (2010-01-25)
2 ARP Configuration
When users need to filter out some packets with illegal destination IP addresses, static ARP
can bind these illegal addresses to a nonexistent MAC address.
Pre-configuration Tasks
Before configuring ARP, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure ARP, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
To configure common static ARP entries, run the arp static ip-address mac-address
command.
To configure static ARP entries in a Virtual Local Area Network (VLAN), do as follows:
Issue 04 (2010-01-25)
Run the arp static ip-address mac-address vid vlan-id interface interface-type interfacenumber command.
Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlanid command.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
2-3
2 ARP Configuration
This command is applied to the sub-interface that supports VLAN and can be bound to
the VPN.
l
To configure static ARP entries in a VPN instance, run the arp static ip-address macaddress vpn-instance vpn-instance-name command.
NOTE
----End
Procedure
Step 1 Run:
system-view
The aging detection times of the dynamic ARP entries are configured.
Step 4 Run:
arp expire-time expire-times
Issue 04 (2010-01-25)
2 ARP Configuration
Action
Command
Run the display arp interface command. If all the ARP entries of the interface are displayed,
it means that the configuration succeeds. For example:
<Quidway> display arp interface vlanif 1
IP ADDRESS
MAC ADDRESS EXPIRE(M) TYPE INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------192.168.32.22
0010-8300-0026
I - Vlanif1
192.168.1.255
Incomplete
0
D-0 Vlanif1
192.168.29.1
000e-4540-04b7 5
DF0 GE0/0/1
1
192.168.29.3
e000-0af0-e492 7
DF0 GE0/0/1
1
192.168.29.7
e000-0af0-cb68 7
DF0 GE0/0/1
1
192.168.29.2
e000-0af0-e497 7
DF0 GE0/0/1
1
192.168.29.4
e000-0af0-e090 7
DF0 GE0/0/1
1
192.168.29.6
e000-0af0-cb67 7
DF0 GE0/0/1
1
192.168.1.239
0018-8236-f110 9
DF0 GE0/0/1
1
192.168.1.232
0200-000a-1d34 10
DF0 GE0/0/1
1
192.168.1.220
0018-8261-2507 11
DF0 GE0/0/1
1
192.168.31.99
0019-21df-dd7c 17
DF0 GE0/0/1
1
192.168.32.171 0019-e00a-a8fc 17
DF0 GE0/0/1
1
192.168.31.181 001e-9089-c65a 17
DF0 GE0/0/1
1
192.168.31.253 000d-88f7-5fee 19
DF0 GE0/0/1
1
192.168.29.126 e000-0af0-cbba 19
DF0 GE0/0/1
1
192.168.1.145
0200-0016-0319 19
DF0 GE0/0/1
1
192.168.3.169
0018-8261-652c 20
DF0 GE0/0/1
1
192.168.1.143
0200-0016-0331 20
DF0 GE0/0/1
1
192.168.225.2
4e74-6300-0422 20
DF0 GE0/0/1
1
192.168.32.108 0018-8241-e376 20
DF0 GE0/0/1
1
-----------------------------------------------------------------------------Total:21
Dynamic:20
Static:0
Interface:1
Run the display arp statistics command. If statistics about ARP entries are displayed, it means
that the configuration succeeds. For example:
<Quidway> display arp statistics
Total:27
Dynamic:20
Static:0
Issue 04 (2010-01-25)
Interface:7
2-5
2 ARP Configuration
Pre-configuration Tasks
Before configuring routed proxy ARP, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure routed proxy ARP, you need the following data.
No.
Data
Issue 04 (2010-01-25)
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
Action
Command
display this
2-7
2 ARP Configuration
Run the display thiscommand. You can check if the Proxy ARP function is enabled on
interfaces. For example:
<Quidway> interface vlanif 1
[Quidway-Vlanif1] display this
#
interface Vlanif1
ip address 100.1.1.235 255.255.255.0
arp-proxy enable
#
Pre-configuration Tasks
Before configuring proxy ARP in a VLAN, complete the following tasks:
l
Connecting interfaces and setting the physical parameters of each interface to make the
physical layer in Up state
Data Preparation
To configure proxy ARP in a VLAN, you need the following data.
No.
Data
Issue 04 (2010-01-25)
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
2-9
2 ARP Configuration
Procedure
l
Run the display this command in the VLANIF interface view to check whether proxy ARP
in a VLAN is enabled on the interface.
----End
Example
# Run the display this on a VLANIF interface to check whether proxy ARP in a VLAN is
enabled on the interface.
<Quidway> system-view
[Quidway] interface vlanif 10
[Quidway-Vlanif10] display this
#
interface Vlanif10
ip address 10.1.1.10 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
return
Pre-configuration Tasks
Before configuring proxy ARP between VLANs, complete the following tasks:
l
2-10
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
Issue 04 (2010-01-25)
2 ARP Configuration
Data Preparation
To configure proxy ARP between VLANs, you need the following data.
No.
Data
Number of the VLANIF interface to be enabled with proxy ARP between VLANs
IP address of the VLANIF interface to be enabled with proxy ARP between VLANs
VLAN ID associated with the VLANIF interface to be enabled with proxy ARP
between VLANs
Procedure
Step 1 Run:
system-view
2-11
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Command
display this
Run the display thiscommand. You can check if the Proxy ARP Between VLANs is enabled
on interfaces. For example:
<Quidway> interface vlanif 1
[Quidway-Vlanif1] display this
#
interface Vlanif1
ip address 100.1.1.235 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
return
Issue 04 (2010-01-25)
2 ARP Configuration
CAUTION
The mapping between the IP and MAC addresses is deleted after you clear ARP statistics.
To clear the ARP statistics, run the following reset command in the user view.
Action
Command
Command
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When faults occur during ARP operation, run the following debugging command in the user
view to debug ARP and locate the fault.
Issue 04 (2010-01-25)
Action
Command
2-13
2 ARP Configuration
S-switch-B
Eth 0/0/1
S-switch-A
Configuration Roadmap
The configuration roadmap is as follows:
2-14
1.
2.
Issue 04 (2010-01-25)
2 ARP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
The procedure for configuring the S-switch-A is as follows:
1.
2.
# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN
ID 3, and outbound interface Ethernet 0/0/1.
[S-switch-A] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface ethernet 0/0/1
3.
Configuration Files
l
#
sysname S-switch-A
#
vlan batch 3
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface ethernet 0/0/1
#
interface Vlanif3
ip address 10.2.2.2 255.0.0.0
#
interface Ethernet0/0/1
port trunk allow-pass vlan 3
Issue 04 (2010-01-25)
2-15
2 ARP Configuration
#
return
10.2.2.2/8
Eth0/0/1
Host A
10.2.2.3/8
S-switch
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create a VLAN.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
VLAN ID: 10
Aging time of the dynamic ARP entries of VLANIF 10: 60s, and number of detections: 2
Configuration Procedure
1.
# Create a VLAN.
<Quidway> system-view
[Quidway] vlan 10
[Quidway-vlan10] quit
2.
3.
2-16
Issue 04 (2010-01-25)
4.
2 ARP Configuration
5.
6.
Configuration Files
Configuration file of S-switch
#
sysname Quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.2.2.2 255.0.0.0
arp expire-time 60
arp detect-times 2
#
interface Ethernet0/0/1
port default vlan 10
#
return
Issue 04 (2010-01-25)
2-17
2 ARP Configuration
PC1
172.16.1.2/16
0000-5e33-ee20
VLANIF1
172.16.1.1/24
00e0-fc39-80aa
PC2
172.16.2.2/16
0000-5e33-ee10
VLANIF2
172.17.3.1/16
VLANIF2
172.17.3.2/16
S-switch-A
VLANIF1
172.16.2.1/24
00e0-fc39-80bb
S-switch-B
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
Default routes
Configuration Procedure
1.
Configure S-switch-A.
# Configure an IP address for VLANIF1 and VLANIF2.
<Quidway> system-view
[Quidway] sysname S-switch-A
[S-switch-A] interface vlanif 1
[S-switch-A-Vlanif1] ip address 172.16.1.1 255.255.255.0
[S-switch-A-Vlanif1] quit
[S-switch-A] interface vlanif 2
[S-switch-A-Vlanif2] ip address 172.17.3.1 255.255.0.0
[S-switch-A-Vlanif2] quit
2.
Configure S-switch-B.
# Configure an IP address for VLANIF1 and VLANIF2.
<Quidway> system-view
2-18
Issue 04 (2010-01-25)
2 ARP Configuration
3.
4.
Configuration Files
l
2-19
2 ARP Configuration
l
Host A and host B can communicate with each other at Layer 3 through proxy ARP in a
VLAN.
The IP address of the VLANIF interface corresponding to the super-VLAN is 10.10.10.1 and
the mask is 255.255.255.0.
Figure 2-4 Networking diagram of proxy ARP in a VLAN
Internet
S-switch
GE0/0/1
GE0/0/2
HostB
10.10.10.3/24
00-e0-fc-00-00-03
HostA
10.10.10.2/24
00-e0-fc-00-00-02
sub-VLAN2
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Create the VLANIF interface of the super-VLAN and assign an IP address to the VLANIF
interface.
4.
Data Preparation
To complete the configuration, you need the following data:
2-20
Issue 04 (2010-01-25)
2 ARP Configuration
Procedure
Step 1 Create and configure the super-VLAN and sub-VLAN.
# Create sub-VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-Vlan2] quit
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2
Issue 04 (2010-01-25)
2-21
2 ARP Configuration
-----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
----End
Configuration Files
Configuration file of the S-switch
#
sysname Quidway
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
port-isolate enable
#
return
2-22
Issue 04 (2010-01-25)
2 ARP Configuration
S-switch
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need IP addresses of related interfaces.
Configuration Procedure
This example covers only the commands used to configure proxy ARP between VLANs.
1.
2.
3.
4.
Issue 04 (2010-01-25)
2-23
2 ARP Configuration
l
PCs in VLAN 2 and PCs in VLAN 3 can ping through each other.
# You can find that in the ARP table of any PC in VLAN 2, the MAC addresses of all PCs
in VLAN 3 are the MAC address of the VLANIF4 interface on S-switch.
Configuration Files
The configuration file of S-switch is as follows:
#
sysname S-switch
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 192.168.1.100 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
Return
2-24
Issue 04 (2010-01-25)
3 DNS Configuration
DNS Configuration
Issue 04 (2010-01-25)
3-1
3 DNS Configuration
3.1 Overview
This section describes the basic principle and concepts of Domain Name System (DNS).
3.1.1 Introduction to DNS
3.1.2 DNS Supported by the S-switch
Issue 04 (2010-01-25)
3 DNS Configuration
Pre-configuration Tasks
Before configuring DNS, complete the following tasks:
l
Configuring physical attributes of the interface and ensuring that the physical layer status
of the interface is Up
Configuring parameters of the link layer protocol of the interface and ensuring that the link
layer protocol status of the interface is Up
Configuring routes between the local device and the DNS server
Data Preparation
To configure DNS, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
3-3
3 DNS Configuration
Context
Do as follows on the S-switch:
Procedure
Step 1 Run:
system-view
Postrequisite
The system supports the configuration of a maximum of 6 domain name servers, 1 source
address, and 10 domain name suffixes.
To configure more than one domain name server, repeat Step 3.
To configure more than one domain name suffix, repeat Step 4.
Command
display ip host
Run the display ip host command. If static DNS entries including the mappings between host
names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ip host
3-4
Issue 04 (2010-01-25)
Age
0
0
3 DNS Configuration
Flags
static
static
Address
10.1.1.1
192.168.1.1
Run the display dns server command. If IP addresses of all domain servers are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
172.16.1.1
2
172.16.1.2
Run the display dns domain command. If the list of suffixes of domain names is displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns domain
No
Domain-name
1
com
2
net
Run the display dns dynamic-host command. If information about the dynamic domain name
cache is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns dynamic-host
No Domain-name
IpAddress
1
www.huawei.com
91.1.1.1
2
www.huawei.com.cn
87.1.1.1
TTL
3521
3000
Alias
CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this
command.
To clear DNS entries, run the following reset command in the user view.
Issue 04 (2010-01-25)
Action
Command
3-5
3 DNS Configuration
Command
display ip host
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging
all command to disable it immediately.
Run the following debugging command in the user view to debug DNS and locate the fault.
Action
Command
debugging dns
Issue 04 (2010-01-25)
3 DNS Configuration
DNS Client
S-switch-A
VLANIF1
1.1.1.1/16
Loopback0
4.1.1.2/32
S-switch-C
VLANIF2
2.1.1.1/16
VLANIF1
3.1.1.1/16
VLANIF2
2.1.1.2/16
DNS Server
3.1.1.2/16
huawei.com
2.1.1.3/16
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
NOTE
1.
S-switch-A and each host have been configured with IP addresses and other configurations.
The mapping between the domain name "huawei.com" and the IP address 2.1.1.3/16 is available on
the DNS server.
Configure S-switch-A.
# Configure static DNS entries.
<S-switch-A> system-view
[S-switch-A] ip host S-switch-B 4.1.1.1
[S-switch-A] ip host S-switch-C 4.1.1.2
Issue 04 (2010-01-25)
3-7
3 DNS Configuration
To complete DNS resolution, configuring routes from S-switch-A to the DNS server is mandatory.
2.
# Run the display ip host command on S-switch-A to view static DNS entries, including
mappings between host names and IP addresses.
<S-switch-A> display ip host
Host
Age
S-switch-B
0
S-switch-C
0
Flags Address
static 4.1.1.1
static 4.1.1.2
# Run the display dns dynamic-host command on S-switch-A to view dynamic DNS
entries in the domain name cache.
<S-switch-A> display dns dynamic-host
No Domain-name
IpAddress
1
huawei.com
2.1.1.3
TTL
3579
Alias
NOTE
TTL value in the above display indicates the lifetime of an entry. It is in seconds.
Configuration Files
l
3-8
Issue 04 (2010-01-25)
3 DNS Configuration
#
return
l
Issue 04 (2010-01-25)
3-9
4 DHCP Configuration
DHCP Configuration
Issue 04 (2010-01-25)
4-1
4 DHCP Configuration
4.1 Overview
This section describes the principle and concepts of the Dynamic Host Configuration Protocol
(DHCP).
4.1.1 Introduction to DHCP
4.1.2 DHCP Supported by the S-switch
Issue 04 (2010-01-25)
4 DHCP Configuration
Applicable Environment
To obtain IP addresses from the device dynamically, you need to configure a global address
pool-based DHCP server.
The global address pool-based DHCP server usually works together with the DHCP relay agent.
Pre-configuration Tasks
Before configuring the global address pool-based DHCP server, complete the following tasks:
l
Configuring the routes to the DNS server and the NetBIOS server
Data Preparation
To configure the global address pool-based DHCP server, you need the following data.
No.
Data
IP address of the DNS server and the domain name of the DHCP client
IP address of the NetBIOS server and the NetBIOS node type of the DHCP client
Coding of the DHCP self-defined options and the corresponding ASCII strings or
hexadecimal number or IP address
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
4-3
4 DHCP Configuration
DHCP is enabled.
Step 3 Run:
dhcp server ip-pool pool-name
A DHCP address pool is created and the DHCP address pool view is displayed.
NOTE
Each DHCP server can be configured with a maximum of 128 global address pools.
Step 4 Run:
network ip-address [ mask { mask | mask-length } ]
The lease of the IP addresses dynamically assigned to hosts is configured. By default, the IP
lease is one day.
NOTE
The DHCP server can specify the IP lease for each address pool. The IP lease may vary with address pools.
The addresses in the same DHCP address pool, however, have the same IP lease.
Step 6 Run:
quit
After repeatedly running the dhcp server forbidden-ip command, you can configure multiple IP address
segments that cannot be automatically assigned. When using the undo dhcp server forbidden-ip command
to delete the setting, ensure that the specified parameters are consistent with the previously configured
parameters. That is, you cannot delete only partial originally configured addresses.
----End
Procedure
Step 1 Run:
system-view
4-4
Issue 04 (2010-01-25)
4 DHCP Configuration
A DHCP address pool is created and the DHCP address pool view is displayed.
Step 3 Run:
static-bind ip-address ip-address [ mask { mask | mask-length } ]
Postrequisite
Based on the clients' needs, you can adopt either static address binding or dynamic address
assignation. However, you cannot configure the same DHCP address pool with these two modes
at the same time.
Dynamic address distribution needs specification of the address range for assignment, while
static address binding can be regarded as a special DHCP address pool with only one address.
Some clients may need fixed IP addresses that are bound with their MAC addresses. When the
client with a specific MAC address uses DHCP to apply for an IP address, the DHCP server
finds out the fixed IP address bound with the MAC address and assigns it to the client.
NOTE
The static-bind ip-address command must be used together with the static-bind mac-address command.
The new configuration supersedes the previous one when you use the two commands for several times.
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
4-5
4 DHCP Configuration
Postrequisite
On the DHCP server, designate a domain name for the client per address pool basis.
When a host accesses the Internet by using the domain name, the DNS server resolves the domain
name into an IP address. Therefore, to ensure that the client can successfully access the Internet,
the DHCP server also needs to specify the DNS server address for the client when it assigns IP
addresses.
To perform load balancing and improve the network reliability, you can configure several DNS
servers and egress gateways.
Procedure
Step 1 Run:
system-view
Postrequisite
For the client using the OS of Microsoft, Windows Internet Naming Service (WINS) server
provides resolution from the host name to the IP address. This is given to the host that uses
NetBIOS protocol for communication. Most of the Windows clients need to be configured with
WINS.
4-6
Issue 04 (2010-01-25)
4 DHCP Configuration
When a DHCP client communicates in a WAN by adopting the NetBIOS protocol, a mapping
between the host name and the IP address should be set up. The following lists the types of
NetBIOS nodes for obtaining mappings:
l
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
relation by means of broadcast.
Type p nodes (p-node): "p" stands for peer-to-peer, namely, type p nodes obtain the
mapping relation by means of communicating with NetBIOS servers.
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
Configuring DHCP self-defined options are optional. Services, such as DNS on the client, NETBIOS, and
IP lease cannot be configured through the option code command but through the commands early
mentioned.
4-7
4 DHCP Configuration
Procedure
Step 1 Run:
system-view
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in the Option filed of DHCP response packets.
You need to add the options to the attribute tables of the DHCP servers. For example,
l
To configure the IP address of a log server to 10.110.204.1, use the command option 7 ipaddress 10.110.204.1.
To configure the TTL of the client packet to 64, use the command option 23 hex 40.
NOTE
Using the option command, you can specify the options to be included in the DHCP response packets.
Before using the option command, you need to know the function of each option: Option 77 identifies user
types or applications of DHCP client. Based on User Class in the Option field, the DHCP server selects
the proper address pool and configuration parameters. Option 77 usually is configured on the client.
Procedure
l
Run:
system-view
Run:
interface vlanif VLANIF interface-number
4-8
Issue 04 (2010-01-25)
4 DHCP Configuration
Run:
ip address ip-address { mask | mask-length } [ sub ]
Run:
dhcp select global
Run:
system-view
Run:
dhcp select global vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
Command
display dhcp server ip-in-use { all | ip ipaddress | pool [ pool-name ] | vlan vlan-id }
Run the display dhcp server free-ip command. If there are unused IP addresses in the address
pool, it means that the configuration succeeds.
<Quidway> display dhcp server free-ip
IP Range from 5.5.5.1
to
IP Range from 202.38.160.1
to
IP Range from 202.38.160.4
to
5.5.5.254
202.38.160.1
202.38.160.126
Run the display dhcp server expired command. If information about the expired leases of IP
addresses in DHCP address pools is displayed, it means that the configuration succeeds.
<Quidway> display dhcp server expired all
Global pool:
Issue 04 (2010-01-25)
4-9
4 DHCP Configuration
IP address
Hardware address
Interface pool:
IP address
Hardware address
Lease expiration
Type
Lease expiration
Type
Run the display dhcp server ip-in-use command. If the binding information of IP address, such
as the hardware address and the IP lease, is displayed, it means that the configuration succeeds.
<Quidway> display dhcp server ip-in-use all
Global pool:
IP address Hardware address
Lease expiration
Interface pool:
IP address Hardware address
Lease expiration
5.5.5.1
0050-ba28-930a Jul 5 2006 13: 00:10 PM
Type
Type
Auto:COMMITED
Run the display dhcp server statistics command. If statistics of the DHCP server, including
the number of DHCP address pools, the number of the automatic binding, the manual binding
and the expired binding and the number of DHCP packets is displayed, it means that the
configuration succeeds.
<Quidway> display dhcp server
Global Pool:
Pool Number:
5
Binding
Auto:
0
Manual:
1
Expire:
0
Interface Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Boot Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Dhcp Inform:
Boot Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:
HA Message:
BatchBackup send msg:
BatchBackup recv msg:
BatchBackup send lease:
BatchBackup recv lease:
statistics
1
1
0
0
6
1
4
0
1
0
4
1
3
0
0
0
0
0
0
Run the display dhcp server tree command. If the tree structure of the DHCP address pool,
including DNS, the IP lease and Option parameters, is displayed, it means that the configuration
succeeds.
<Quidway> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 gigabitethernet
Parent node:5
option 1 ip-address 255.255.0.0
expired 1 0 0
4-10
Issue 04 (2010-01-25)
4 DHCP Configuration
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 7
network 10.10.1.64
PrevSibling node:5
Sibling node:8
option 1 ip-address 255.0.0.0
Pool name: 8
network 20.10.1.1
Child node:9
PrevSibling node:7
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
Pool name: 9
network 30.10.1.64
Parent node:8
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
255.255.255.192
255.255.255.0
255.255.255.0
Interface pool:
Pool name: GigabitEthernet0/0/1
network 5.5.5.0 mask 255.255.255.0
option 1 ip-address 255.255.255.0
gateway-list 5.5.5.5
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
4-11
4 DHCP Configuration
Applicable Environment
The interface address pool on the VLANIF interface, is used for devices to support the switched
Ethernet interface. Because the switched Ethernet interface cannot be configured with IP
addresses directly, you need to create a VLANIF interface and then configure DHCP address
pools on the VLANIF interface.
Pre-configuration Tasks
Before configuring the VLANIF interface address pool-based DHCP server, complete the
following tasks:
l
Data Preparation
To configure the VLANIF interface address pool-based DHCP server, you need the following
data.
No.
Data
IP addresses in the address pools of VLANIF interface and the MAC addresses to be
bound with the IP addresses
IP address of the DNS server and the domain name of the DHCP client
IP address of the NetBIOS server and the NetBIOS node type of the DHCP client
Coding of the DHCP self-defined options and the corresponding ASCII strings or
hexadecimal number or IP address
Procedure
l
Run:
system-view
Issue 04 (2010-01-25)
2.
4 DHCP Configuration
Run:
vlan vlan-id
A VLAN is created.
3.
Run:
quit
Run:
interface vlanif vlan-id
Run:
ip address ip-address { mask | mask-length }
Run:
dhcp select interface
Enabling address pools on one VLANIF interface or multiple VLANIF interfaces in the
system view
1.
Run:
system-view
Run:
vlan vlan-id
A VLAN is created.
3.
Run:
quit
Run:
interface vlanif VLANIF interface number
Run:
ip address ip-address { mask | mask-length }
Run:
quit
Run:
dhcp select interface vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
4-13
4 DHCP Configuration
Procedure
Step 1 Run:
system-view
DHCP is enabled.
Step 3 Run:
interface vlanif VLANIF interface number
Certain IP addresses and MAC addresses are bound with the address pool.
Step 6 The following steps are optional, so perform them as required.
Run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
The IP lease of the VLANIF interface is configured. By default, the IP lease is one day.
Or
Run:
quit
The leases of the IP addresses of several VLANIF interfaces are configured. By default, the IP
lease is one day.
----End
4-14
Issue 04 (2010-01-25)
4 DHCP Configuration
Postrequisite
The IP address and its mask of the VLANIF interface determine the range of the address pool
on the VLANIF interface. If you need to configure several address pools for VLANIF interfaces,
repeat Steps 3, 4, 5, and 6.
Procedure
l
Run:
system-view
Run:
interface vlanif VLANIF interface number
Run:
dhcp server domain-name domain-name
Domain names are configured for the clients of the VLANIF interface.
4.
Run:
dhcp server dns-list ip-address &<1-8>
The IP address of the DNS server is specified for the clients of the VLANIF interface.
l
Run:
system-view
Run:
dhcp server domain-name domain-name vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
Run:
dhcp server dns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The IP address of the DNS server is specified for the DHCP client.
----End
4-15
4 DHCP Configuration
Context
Do as follows on the DHCP server:
Procedure
l
Run:
system-view
Run:
interface vlanif VLANIF interface number
Run:
dhcp server nbns-list ip-address &<1-8>
The IP address of the NetBIOS server is specified for the DHCP clients of the VLANIF
interface.
4.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS node type is specified for the DHCP clients of the VLANIF interface.
l
Run:
system-view
Run:
dhcp server nbns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The IP address of the NetBIOS server is specified for the DHCP client.
3.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node } vlan { vlanid1 [ to vlan-id2 ] } &<1-10>
Postrequisite
Before using the NetBIOS service, make sure that
l
There are routes between the device and the NetBIOS server.
For the client using the OS of Microsoft, WINS server provides the resolution from the host
name to the IP address for the host that uses the NetBIOS protocol to communicate. In this way,
most of the Windows network clients need to be configured with WINS.
4-16
Issue 04 (2010-01-25)
4 DHCP Configuration
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
relation by means of broadcast.
Type p nodes (p-node): "p" stands for peer-to-peer; that is, type p nodes obtain the mapping
relation by means of communicating with NetBIOS servers.
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
Configuring DHCP self-defined options is optional. Services, such as DNS on the client, NETBIOS and
IP lease cannot be configured through the option code command but through the related command
described above.
Procedure
Step 1 Run:
system-view
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in Option filed of DHCP response packets.
You can add new options to the attribute list of the DHCP server by manual definition. For
example,
l
Issue 04 (2010-01-25)
To configure the IP address of the log server to 10.110.204.1, run the dhcp server option
7 ip-address 10.110.204.1 command.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4-17
4 DHCP Configuration
l
To configure the TTL of the client packet to 64, run the dhcp server option 23 hex 40
command.
NOTE
Using the option code command, you can specify the options that need be included in the DHCP response
packets.
Before using the option code command, you need to know the function of each option: Option 77 applies
to identify user types or applications of DHCP client. Based on User Class in the Option field, the DHCP
server selects proper address pool and configuration parameters. Option 77 usually is configured by the
client.
Command
Run the display dhcp server tree vlan command. If the tree structure information of DHCP
address pools on VLANIF interfaces, such as DNS, IP lease and Option parameters, is displayed,
it means that the configuration succeeds.
<Quidway> display dhcp server tree vlan 2
Interface pool:
Pool name: Vlanif2
network 50.1.1.0 mask 255.255.255.0
gateway-list 50.1.1.1
expired day 1 hour 0 minute 0
Run the display dhcp server ip-in-use vlan command. If the binding information of IP address
on VLANIF interfaces, such as the hardware address and the IP lease, is displayed, it means that
the configuration succeeds.
<Quidway> display dhcp server ip-in-use vlan 2
IP address
Hardware address
Lease expiration
50.1.1.12
0023-0034-0053
NOT Used
Type
Manual
Run the display dhcp server expired command. If the expired IP address in the address pool
on VLANIF interfaces is displayed, it means that the configuration succeeds.
<Quidway> display dhcp server expired vlan 2
IP address
Hardware address
Lease expiration
Type
Issue 04 (2010-01-25)
4 DHCP Configuration
4.4.2 Starting the Detection of the Pseudo DHCP Server on a DHCP Server
4.4.3 Avoiding Repetitive IP Address Assignment
4.4.4 Saving DHCP Data
4.4.5 Recovering DHCP Data
4.4.6 Checking the Configuration
Pre-configuration Tasks
Before configuring the security function of DHCP, complete the DHCP server configuration.
Data Preparation
To configure the security function of DHCP service, you need the following data.
No.
Data
Interval at which ping packets are sent and the number of ping packets
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
4-19
4 DHCP Configuration
Procedure
Step 1 Run:
system-view
The time for waiting the response after the ping packets is sent by the DHCP server is configured.
Step 3 Run:
dhcp server ping packets number
The maximum number of ping packets sent by the DHCP server is configured.
By default, the maximum number of ping packets being sent is 2 and the longest waiting time
for ping response packets is 500 ms.
----End
Postrequisite
Before assigning addresses to a client, the DHCP server should detect the IP address to avoid
address collision.
Using the ping command, you can check if there is a ping response of the address to be assigned
within the specific time. If there is no response after a specific time, the DHCP server re-sends
ping packets to this address until it reaches the maximum number of ping packets allowed to be
sent. If there is still no response, it indicates that the IP address is not in use. In this way, it is
ensured that a unique IP address is assigned to the client.
Procedure
Step 1 Run:
4-20
Issue 04 (2010-01-25)
4 DHCP Configuration
system-view
Postrequisite
The DHCP data is saved with a fixed file name on the Flash. Normally, the IP leasing information
is saved in lease.txt file and the address collision information is saved in conflict.txt file. Back
up these two files to other directories because they are replaced regularly.
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
Action
Command
4-21
4 DHCP Configuration
Action
Command
Run the display dhcp server conflict command. If the conflicted IP address and the time when
the conflict occurs are displayed, it means that the configuration succeeds.
<Quidway> display dhcp server conflict all
Address
Discover Time
10.110.1.2
Jan 11 2003 11:57: 7 PM
Run the display dhcp server database command. If the saved path of the DHCP data is
displayed, it means that the configuration succeeds.
<Quidway> display dhcp server database
Status: disable
Recover from files after reboot: disable
File saving lease items: flash:/dhcp/lease.txt
File saving conflict items: flash:/dhcp/conflict.txt
Save Interval: 300 (seconds)
The relay between the server and the client cannot exceed four. Otherwise, the DHCP packet is discarded.
Pre-configuration Tasks
Before configuring the DHCP relay, complete the following tasks:
4-22
Issue 04 (2010-01-25)
Configuring the routes from the local device to the DHCP server
4 DHCP Configuration
Data Preparation
To configure the DHCP relay, you need the following data.
No.
Data
Procedure
l
Run:
system-view
Run:
interface vlanif vlan-id
Run:
ip address ip-address { mask | mask-length }
This IP address must be in the same network segment with the IP addresses in the address pool
on the DHCP server.
4.
Run:
ip relay address ip-address
4-23
4 DHCP Configuration
NOTE
If the VLANIF interface is configured with a secondary IP address, the secondary IP address
cannot be used as the gateway address. That is, if the ip relay address command is run on the
interface, the command takes effect only on the network segment where the primary IP address
of the interface resides.
Run:
system-view
Run:
ip relay address ip-address vlan vlan-id
Postrequisite
Because the DHCP client may send broadcast packets during DHCP configuration, the interface
where IP relay is enabled should support the broadcast mode.
Procedure
l
Run:
system-view
Run:
interface vlanif VLANIF interface number
Run:
dhcp select relay
Run:
system-view
Run:
dhcp select relay vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>
Issue 04 (2010-01-25)
4 DHCP Configuration
Procedure
l
Run:
system-view
Run:
dhcp relay release client-ip-address mac-address
Run:
system-view
Run:
dhcp relay release client-ip-address mac-address server-ip-address
Requesting the DHCP server connected with the interface to release an IP address
1.
Run:
system-view
Run:
interface vlanif VLANIF interface number
Run:
dhcp relay release client-ip-address mac-address [ server-ip-address ]
The DHCP server connected with the interface on the DHCP relay is required to
release the IP address.
----End
4-25
4 DHCP Configuration
Action
Command
Run the display dhcp relay address command. If there are available DHCP relay addresses and
related configuration information, it means that the configuration succeeds.
<Quidway> display dhcp relay address vlan 1
** Vlanif1 DHCP Relay Address **
Relay Address [0] :
3.3.3.3
Run the display dhcp relay statistics command. If statistics of DHCP relay, such as the number
of wrong DHCP packets and the number of various DHCP packet, is displayed, it means that
the configuration succeeds.
<Quidway> display dhcp relay statistics
Bad Packets received:
DHCP packets received from clients:
DHCP DISCOVER packets received:
DHCP REQUEST packets received:
DHCP INFORM packets received:
DHCP DECLINE packets received:
DHCP packets received from servers:
DHCP OFFER packets received:
DHCP ACK packets received:
DHCP NAK packets received:
DHCP packets sent to servers:
DHCP packets sent to clients:
Unicast packets sent to clients:
Broadcast packets sent to clients:
0
0
0
0
0
0
0
0
0
0
0
0
0
0
CAUTION
Resetting DHCP binding through the reset dhcp command interrupts the operation of the DHCP
server.
4-26
Issue 04 (2010-01-25)
4 DHCP Configuration
To reset DHCP, run the following reset commands in the user view.
Action
Command
CAUTION
After the conflicting IP addresses are released, they can be reallocated by the DHCP server.
To release the conflicting IP addresses, run the following reset commands in the user view.
Action
Command
The DHCP server detects the conflicting IP addresses through the ping command while the
DHCP client detects the conflicting IP address through sending ARP packets.
CAUTION
DHCP statistics cannot be restored after you clear it. So, confirm the action before you use the
command.
To clear the DHCP statistics, run the following reset commands.
Issue 04 (2010-01-25)
4-27
4 DHCP Configuration
Action
Command
Command
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging
allcommand to disable it immediately.
Run the following debug commands in the user view to debug DHCP and locate the fault.
4-28
Issue 04 (2010-01-25)
4 DHCP Configuration
Action
Command
Issue 04 (2010-01-25)
4-29
4 DHCP Configuration
Figure 4-1 Networking diagram of the DHCP server and the client that are in the same network
segment
NetBIOS
Server
DHCP
Client
DHCP
Client
VLANIF1
10.1.1.1/25
DHCP
Client
VLANIF2
10.1.1.129/25
DHCP
Server
DNS
Server
DHCP
Client
Network: 10.1.1.0/25
DHCP
Client
DHCP
Client
Network: 10.1.1.128/25
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, the NetBIOS server and the egress gateway.
3.
Configure an address pool, including the address range and the domain name, and configure
the IP address of the DNS server.
4.
Configure related attributes for the address pool, such as the address range, the egress
gateway, the IP address of the NetBIOS server and the IP lease.
This example covers the configurations of three address pools. Address pool 0 is configured
with the common attribute of all client; address pool 1 and address pool 2 are configured
with different attributes of various clients.
In this example, you can configure only address pool 1 and address pool 2. They cannot
adopt configurations of the root address pool. You need to configure attributes for them
respectively.
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
1.
4-30
Issue 04 (2010-01-25)
4 DHCP Configuration
dhcp
dhcp
dhcp
dhcp
server
server
server
server
forbidden-ip
forbidden-ip
forbidden-ip
forbidden-ip
10.1.1.2
10.1.1.4
10.1.1.126
10.1.1.254
# Configure general attributes of DHCP address pool 0, including the address pool range,
domain name and the IP address of the DNS server.
[S-switch] dhcp server ip-pool 0
[S-switch-dhcp-0] network 10.1.1.0 mask 255.255.255.0
[S-switch-dhcp-0] domain-name huawei.com
[S-switch-dhcp-0] dns-list 10.1.1.2
[S-switch-dhcp-0] quit
# Configure attributes of DHCP address pool 1, including the address pool range, egress
gateway and the IP lease.
[S-switch] dhcp server ip-pool 1
[S-switch-dhcp-1] network 10.1.1.0 mask 255.255.255.128
[S-switch-dhcp-1] expired day 10 hour 12
[S-switch-dhcp-1] gateway-list 10.1.1.126
[S-switch-dhcp-1] quit
# Configure attributes of DHCP address pool 2, including the address pool range, egress
gateway, the IP address of the NetBIOS server and the IP lease.
[S-switch] dhcp server ip-pool 2
[S-switch-dhcp-2] network 10.1.1.128 mask 255.255.255.128
[S-switch-dhcp-2] expired day 5
[S-switch-dhcp-2] nbns-list 10.1.1.4
[S-switch-dhcp-2] gateway-list 10.1.1.254
[S-switch-dhcp-2] quit
# Configure the clients of the VLANIF1 to obtain their IP addresses from the global address
pool.
[S-switch] interface vlanif 1
[S-switch-Vlanif1] ip address 10.1.1.1 255.255.255.128
[S-switch-Vlanif1] dhcp select global
[S-switch-Vlanif1] quit
# Configure the clients of the VLANIF2 to obtain their IP addresses from the global address
pool.
[S-switch] interface vlanif 2
[S-switch-Vlanif2] ip address 10.1.1.129 255.255.255.128
[S-switch-Vlanif2] dhcp select global
[S-switch-Vlanif2] quit
2.
Issue 04 (2010-01-25)
4-31
4 DHCP Configuration
Sibling node:2
network 10.1.1.0 mask 255.255.255.128
gateway-list 10.1.1.126
dns-list 10.1.1.2
domain-name huawei.com
expired day 10 hour 12 minute 0
Pool name: 2
Parent node:0
PrevSibling node:1
network 10.1.1.128 mask 255.255.255.128
gateway-list 10.1.1.254
dns-list 10.1.1.2
domain-name huawei.com
nbns-list 10.1.1.4
expired day 5 hour 0 minute 0
Configuration File
The configuration file of S-switch is as follows:
#
sysname S-switch
#
dhcp server ip-pool 0
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.2
domain-name huawei.com
#
dhcp server ip-pool 1
network 10.1.1.0 mask 255.255.255.128
gateway-list 10.1.1.126
expired day 10 hour 12
#
dhcp server ip-pool 2
network 10.1.1.128 mask 255.255.255.128
gateway-list 10.1.1.254
nbns-list 10.1.1.4
expired day 5
#
interface Vlanif1
ip address 10.1.1.1 255.255.255.128
#
interface Vlanif2
ip address 10.1.1.129 255.255.255.128
#
dhcp server forbidden-ip 10.1.1.2
dhcp server forbidden-ip 10.1.1.4
dhcp server forbidden-ip 10.1.1.126
dhcp server forbidden-ip 10.1.1.254
#
dhcp enable
#
return
NOTE
By default, IP addresses in the global address pool are assigned. So, the configuration file does not contain
the dhcp select global command.
4.7.2 Example for Configuring the VLANIF Interface Address Poolbased DHCP Server
Networking Requirements
Figure 4-2 shows the diagram of applying the VLANIF-interface-based address pool to the
device that supports switched Ethernet interfaces. The Ethernet interface cannot be configured
4-32
Issue 04 (2010-01-25)
4 DHCP Configuration
with an IP address, so you need to create a VLANIF interface and configure a DHCP address
pool on it to assign IP addresses.
Figure 4-2 Networking diagram of the DHCP server based on the address pool on the VLANIF
interface
NetBIOS Server
10.1.1.3/24
DHCP
Client
DNS Server
10.1.1.2/24
VLANIF10 GE0/0/1
10.1.1.1/24
DHCP
Server
VLANIF11 GE0/0/2
10.1.2.1/24
DHCP
Client
DHCP
Client
DHCP
Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, IP addresses of the NetBIOS server.
3.
4.
5.
Configure related attributes for the address pool, such as the domain name, IP addresses of
the NetBIOS server and the DNS server, and the IP lease.
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
1.
Issue 04 (2010-01-25)
4-33
4 DHCP Configuration
[Quidway] sysname S-switch
[S-switch] dhcp enable
# Create a VLAN.
[S-switch] vlan 10
[S-switch-vlan10] quit
[S-switch] vlan 11
[S-switch-vlan11] quit
# Configure attributes for the switched Ethernet interface and join the interface to a VLAN.
[S-switch] interface gigabitethernet
[S-switch-GigabitEthernet0/0/1] port
[S-switch-GigabitEthernet0/0/1] quit
[S-switch] interface gigabitethernet
[S-switch-GigabitEthernet0/0/2] port
[S-switch-GigabitEthernet0/0/2] quit
0/0/1
default vlan 10
0/0/2
default vlan 11
# Create a VLANIF interface and configure an IP address for the VLANIF interface.
[S-switch] interface vlanif 10
[S-switch-Vlanif10] ip address 10.1.1.1 24
[S-switch-Vlanif10] quit
[S-switch] interface vlanif 11
[S-switch-Vlanif11] ip address 10.1.2.1 24
[S-switch-Vlanif11] quit
# Configure the domain name of the address pool and IP addresses of the DNS server and
the NetBIOS server.
[S-switch]
[S-switch]
[S-switch]
[S-switch]
dhcp
dhcp
dhcp
dhcp
server
server
server
server
2.
4-34
Issue 04 (2010-01-25)
4 DHCP Configuration
Configuration Files
The configuration file of S-switch is as follows:
#
sysname S-switch
#
vlan batch 10 to 11
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 10.1.1.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
interface Vlanif11
ip address 10.1.2.1 255.255.255.0
dhcp select interface
dhcp server dns-list 10.1.1.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
interface gigabitEthernet0/0/1
port default vlan 10
#
interface gigabitEthernet0/0/2
port default vlan 11
#
dhcp server forbidden-ip 10.1.1.2
dhcp server forbidden-ip 10.1.1.3
#
dhcp enable
#
return
Issue 04 (2010-01-25)
4-35
4 DHCP Configuration
DNS Server
NetBIOS Server
10.100.1.2/16 10.100.1.3/16
DHCP Relay
VLANIF1
10.100.1.1/16
VLANIF2
202.40.1.1/16
DHCP
Client
DHCP Server
Router
GE0/0/1
202.40.1.2/16
DHCP
Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Configure the IP relay address for VLANIF1 and enable DHCP relay on VLANIF1.
4.
Configure a route from the DHCP server to the network segment 10.100.0.0/16.
5.
6.
Configure the clients attached to GE 0/0/1 to obtain IP addresses through the global address
pool.
7.
Data Preparation
To complement the configuration, you need the following data:
l
Configuration Procedure
1.
4-36
Issue 04 (2010-01-25)
4 DHCP Configuration
# Enter the view of the interface that needs to be enabled with DHCP relay. Configure the
IP address and mask of the interface, which should be in the same network segment with
that of the DHCP client.
[S-switch] interface vlanif 1
[S-switch-Vlanif1] ip address 10.100.1.1 255.255.0.0
[S-switch-Vlanif1] ip relay address 202.40.1.2
[S-switch-Vlanif1] dhcp select relay
[S-switch-Vlanif1] quit
2.
# Enable DHCP.
[Router] dhcp enable
# Configure the clients of GE 0/0/1 to obtain the IP addresses from the global address pool.
[Router] interface GigabitEthernet 0/0/1
[Router-GigabitEthernet 0/0/1] ip address 202.40.1.2 255.255.0.0
[Router-GigabitEthernet 0/0/1] dhcp select global
[Router-GigabitEthernet 0/0/1] quit
# Configure attributes of DHCP address pool 1, including the address pool range, domain
name, egress gateway, the IP address of the DNS server and IP lease.
[Router] dhcp server ip-pool 1
[Router-dhcp-1] network 10.100.0.0 mask 255.255.0.0
[Router-dhcp-1] domain-name huawei.com
[Router-dhcp-1] dns-list 10.100.1.2
[Router-dhcp-1] nbns-list 10.100.1.3
[Router-dhcp-1] gateway-list 10.100.1.4
[Router-dhcp-1] expired day 10 hour 12
[Router-dhcp-1] quit
3.
Run the display dhcp relay address vlan 1 command on the DHCP relay device to view
configurations of the relay IP address.
[S-switch] display dhcp relay address vlan 1
** Vlanif1
DHCP Relay Address
Relay Address [0] :
202.40.1.2
Issue 04 (2010-01-25)
**
4-37
4 DHCP Configuration
Configuration Files
l
4-38
Issue 04 (2010-01-25)
5 IP Performance Configuration
IP Performance Configuration
Issue 04 (2010-01-25)
5-1
5 IP Performance Configuration
5.1 Overview
This section describes the parameters and concepts concerning IP performance.
5.1.1 Introduction to IP Performance
5.1.2 IP Performance Supported by the S-switch
Issue 04 (2010-01-25)
5 IP Performance Configuration
When forwarding broadcast packets is enabled, the ACL rules can be specified. The interface
forwards only the broadcast packets that match the ACL. It sends back the broadcast packets
that do not match the ACL to the host without forwarding them.
S-switch generally do not forward directional broadcast packets. In some cases, however, you
may require the device to forward directional broadcast packets. Thus, you can run the ip
forward-broadcast command to enable an interface to forward directional broadcast packets.
This makes the networking to be flexible.
Pre-configuration Tasks
Before improving IP performance, complete the following tasks:
l
Configuring the physical parameters for related interfaces and ensuring that the status of
the physical layer of the interface is Up
Configuring the link layer protocol for related interfaces and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To improve IP performance, you need the following data.
Issue 04 (2010-01-25)
No.
Data
5-3
5 IP Performance Configuration
No.
Data
Number of the interface which needs to forward broadcast packets and ACL number
which is used to specify the broadcast packets
SYN-WAIT timer, FIN-WAIT timer, receiving and sending buffer size of the socket
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
5-4
Issue 04 (2010-01-25)
5 IP Performance Configuration
CAUTION
l
If the transmission of ICMP host unreachable messages is disabled, the device no longer
sends the ICMP host unreachable message.
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
The SYN-Wait timer: On sending SYN packets, the TCP starts the SYN-Wait timer. If
response packets are not received before the SYN-Wait timer timeout, the TCP connection
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
5-5
5 IP Performance Configuration
is terminated. The SYN-Wait timer timeout ranges from 2 seconds to 600 seconds, and the
default value is 75 seconds.
l
The FIN-Wait timer: When the TCP connection status turns from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer starts. If FIN packets are not received before the FINWait timer timeout, the TCP connection is terminated. The FIN-Wait timer timeout ranges
from 76 seconds to 3600 seconds, and the default value is 675 seconds.
The receiving and sending window-size of the connection-oriented socket: It ranges from
1K bytes to 32K bytes, and the default value is 8K bytes.
If an attribute of TCP is configured for many times in the system view, only the last configuration
takes effect.
Do as follows on the S-switch:
Procedure
Step 1 Run:
system-view
5-6
Action
Command
display tcp status [ [ task-id task-id ] [ socketid socket-id ] | [ local-ip ip-address ] [ localport local-port-number ] [ remote-ip ipaddress ] [ remote-port remote-port-number ] ]
Issue 04 (2010-01-25)
5 IP Performance Configuration
Action
Command
display ip statistics
display fib
Run the display tcp status command. If the information about the TCP connection status is
displayed, it means that the configuration succeeds. For example:
<Quidway> display tcp status
TCPCB
Tid/Soid Local Add:port
0dcdd3c0 30 /1
0.0.0.0:21
0f63b34c 40 /1
0.0.0.0:23
0dcde398 40 /2
100.1.1.235:23
d
0dce0348 40 /3
100.1.1.235:23
d
Issue 04 (2010-01-25)
Foreign Add:port
0.0.0.0:0
0.0.0.0:0
100.1.1.156:3589
100.1.1.156:3596
VPNID State
0
Listening
14849 Listening
0
Establishe
0
Establishe
5-7
5 IP Performance Configuration
0dce0e40
d
0dce22f8
d
40 /4
100.1.1.235:23
100.1.1.156:3750
Establishe
40 /5
100.1.1.235:23
100.1.1.156:3762
Establishe
Run the display tcp statistics command. If the TCP traffic statistics are displayed, it means that
the configuration succeeds. For example:
<Quidway> display tcp statistics
Received packets:
Total: 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 0 (0 bytes)
duplicate ACK packets: 0, too much ACK packets: 0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 (including 0 RST)
window probe packets: 0, window update packets: 0
data packets: 0 (0 bytes),data packets retransmitted: 0 (0 bytes)
ACK-only packets: 0 (0 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
Keep alive timeout: 0, keep alive probe: 0, Keep alive timeout, so connections d
isconnected : 0
Initiated connections: 0, accepted connections: 0, established connections: 0
Closed connections: 0 (dropped: 0, initiated dropped: 0)
Packets dropped with MD5 authentication: 0
Packets permitted with MD5 authentication: 0
Run the display udp statistics command. If the UDP traffic statistics are displayed, it means
that the configuration succeeds. For example:
<Quidway> display udp statistics
Received packets:
Total: 0
checksum error: 0
shorter than header: 0, data length larger than packet: 0
unicast(no socket on port): 0
broadcast/multicast(no socket on port): 0
not delivered, input socket full: 0
input packets missing pcb cache: 0
Sent packets:
Total: 0
Run the display ip interface command. If the information about IP interfaces is displayed, it
means that the configuration succeeds. For example:
<Quidway> display ip interface vlanif 1
Vlanif1 current state : DOWN
Line protocol current state : DOWN
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
Directed-broadcast packets:
received packets:
0, sent packets:
forwarded packets:
0, dropped packets:
Internet Address is 172.18.255.1/24
Broadcast address : 172.18.255.255
5-8
0
0
Issue 04 (2010-01-25)
5 IP Performance Configuration
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Run the display ip statistics command. If the IP traffic statistics are displayed, it means that the
configuration succeeds. For example:
<Quidway> display ip statistics
Input:
sum
10153
bad protocol
0
bad checksum
0
TTL exceeded
0
Output:
forwarding
0
dropped
0
Fragment: input
0
dropped
0
fragmented
0
Reassembling:sum
0
local
bad format
bad options
10153
0
0
local
no route
output
11589
0
0
couldn't fragment
timeouts
0
0
Run the display icmp statistics command. If the ICMP traffic statistics are displayed, it means
that the configuration succeeds. For example:
<Quidway> display icmp statistics
Input: bad formats
0
bad checksum
echo
4
destination unreachable
source quench
0
redirects
echo reply
5
parameter problem
timestamp
0
information request
mask requests
0
mask replies
time exceeded
0
Output:echo
5
destination unreachable
source quench
0
redirects
echo reply
4
parameter problem
timestamp
0
information reply
mask requests
0
mask replies
time exceeded
0
0
0
0
0
0
0
0
0
0
0
0
Run the display rawlink statistics command. If the Rawlink statistics are displayed, it means
that the configuration succeeds. For example:
<Quidway> display rawlink statistics
Received packets:
Total: 0
ifnet is null: 0
input packets missing pcb cache: 0
not pass multicast: 0
no join multicast: 0
full sock and pstMBuf to be freed: 0
full sock and nothing to be freed: 0
full sock and other reason: 0
Send packets:
Total: 0
Issue 04 (2010-01-25)
5-9
5 IP Performance Configuration
Run the display fib command. If the brief information about the FIB is displayed, it means that
the configuration succeeds. For example:
<Quidway> display fib
FIB Table:
Total number of Routes : 7
Destination/Mask
Nexthop
Flag TimeStamp
127.0.0.1/32
127.0.0.1
HU
t[57]
127.0.0.0/8
127.0.0.1
U
t[57]
172.16.255.6/32
127.0.0.1
HU
t[86]
172.16.255.4/30
172.16.255.6
U
t[86]
0.0.0.0/0
172.16.255.5
GSU t[86]
192.168.0.0/16
172.16.255.5
GSU t[86]
172.16.255.5/32
172.16.255.5
HLU t[650]
<Quidway> display fib acl 2010
Route entry matched by access-list 2010:
Summary counts: 1
Destination/Mask Nexthop
Flag
TimeStamp
127.0.0.0/8
127.0.0.1
U
t[0]
Interface
InLoop0
InLoop0
InLoop0
Vlanif2002
Vlanif2002
Vlanif2002
GE0/0/1
TunnelID
0x0
0x0
0x0
0x0
0x0
0x0
0x0
Interface
InLoopBack0
TunnelID
0x0
CAUTION
IP/TCP/UDP statistics cannot be restored after you clear it. So, confirm the action before you
use the command.
To clear the IP/TCP/UDP statistics, run the following reset commands in the user view.
5-10
Action
Command
Issue 04 (2010-01-25)
5 IP Performance Configuration
Command
display tcp status [ [ task-id task-id ] [ socketid socket-id ] | [ local-ip ip-address ] [ localport local-port-number ] [ remote-ip ipaddress ] [ remote-port remote-port-number ] ]
Issue 04 (2010-01-25)
display ip statistics
display fib
5-11
5 IP Performance Configuration
Action
Command
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging
all command to disable it immediately.
Run the following debug commands in the user view to debug IP/TCP/UDP/RAWIP/
RAWLINK and locate the fault.
Action
Command
debugging ip icmp
debugging udp packet [ local-ip ip-address ] [ localport local-port ] [ remote-ip ip-address ] [ remoteport remote-port ]
debugging udp packet [ task-id task-id ] [ socket-id
socket-id ]
debugging tcp packet [ local-ip ip-address ] [ localport local-port ] [ remote-ip ip-address ] [ remoteport remote-port ] [ flag flag-number ]
debugging tcp packet [ task-id task-id ] [ socket-id
socket-id ] [ flag flag-number ]
debugging tcp event [ local-ip local-address ] [ localport local-port ] [ remote-ip remote-address ] [ remoteport remote-port ]
debugging tcp event [ task-id task-id ] [ socket-id
socket-id ]
debugging tcp md5 [ local-ip local-address ] [ localport local-port ] [ remote-ip remote-address ] [ remoteport remote-port ]
debugging tcp md5 [ task-id task-id ] [ socket-id socketid ]
5-12
Issue 04 (2010-01-25)
5 IP Performance Configuration
Action
Command
S-switch-A
VLANIF1
1.1.1.1/24
Internet
VLANIF1
2.2.2.2/24
VLANIF1
1.1.1.2/24
S-switch-C
Issue 04 (2010-01-25)
S-switch-B
5-13
5 IP Performance Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Configure static routes between devices that are not directly connected.
3.
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
1.
Configure S-switch-A.
# Configure static routes on S-switch-A.
<Quidway> system-view
[Quidway] sysname S-switch-A
[S-switch-A] ip route-static 2.2.2.2 24 1.1.1.2
2.
Configure S-switch-B.
# Disable sending ICMP host unreachable packets on S-switch-B and configure an IP
address for VLANIF1
<Quidway> system-view
[Quidway] sysname S-switch-B
[S-switch-B] interface vlanif 1
[S-switch-B-Vlanif1] undo icmp host-unreachable send
[S-switch-B-Vlanif1] ip address 1.1.1.2 24
[S-switch-B-Vlanif1] quit
[S-switch-B] quit
3.
Configure S-switch-C.
# Configure an IP address for VLANIF1 on S-switch-C.
<Quidway> system-view
[Quidway] sysname S-switch-C
[S-switch-C] interface vlanif 1
[S-switch-C-Vlanif1] ip address 2.2.2.2 24
[S-switch-C-Vlanif1] quit
4.
# Run the ping 2.2.2.2 command on S-switch-A. If you can view that S-switch-B does not
send the host unreachable packets, it means that the configuration succeeds. For example:
[S-switch-A] ping 2.2.2.2
Configuration Files
l
5-14
Issue 04 (2010-01-25)
5 IP Performance Configuration
#
sysname S-switch-A
#
interface Vlanif1
ip address 1.1.1.1 255.255.255.0
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
l
Issue 04 (2010-01-25)
5-15
Issue 04 (2010-01-25)
6-1
6.1 Overview
This section describes the concept of DHCP policy VLAN.
6.1.1 Introduction
6.1.2 DHCP Policy VLAN Supported by the S-switch
6.1.1 Introduction
When the policy for VLANs is configured on the S-switch, the VLAN to which each host
connects to the interface on the S-switch belongs is determined by the network segment to which
the IP address of the host belongs. When a host that accesses the network for the first time is
connected to an interface, the host cannot be added to its associated VLAN because it has no
valid IP address.
DHCP policy VLAN is thus introduced. With DHCP policy VLAN, hosts that access the network
for the first time can obtain valid IP addresses from the DHCP server and then be added to the
VLANs whose network segments the IP addresses belong to.
Issue 04 (2010-01-25)
Pre-configuration Tasks
Before configuring DHCP policy VLAN based on MAC addresses, complete the following
tasks:
l
Configuring the default VLAN for the interface on the S-switch that connects to the newly
added hosts
Data Preparation
To configure DHCP policy VLAN based on MAC addresses, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
The view of the interface on the S-switch that connects to multiple hosts is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan id
The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
policy-vlan dhcp-mac mac-address1 [ to mac-address2 ] [ priority priority ]
6-3
Command
display this
Run the display this command in the VLAN view of the S-switch where DHCP policy VLAN
based on MAC addresses is configured, you can view that the configuration of DHCP policy
VLAN based on MAC addresses is correct.
[Quidway-vlan2] display this
#
vlan 2
policy-vlan dhcp-mac 0002-0002-0002 priority 2
#
Pre-configuration Tasks
Before configuring DHCP policy VLAN based on interfaces, complete the following tasks:
l
Configuring the default VLAN for the interface that connects to the newly added host on
the S-switch
Configuring the interface that connects to the newly added host on the S-switch as a hybrid
interface
Data Preparation
To configure DHCP policy VLAN based on interfaces, you need the following data.
6-4
Issue 04 (2010-01-25)
No.
Data
Number of the interface that connects to the newly added host on the S-switch
Procedure
Step 1 Run:
system-view
The view of the interface that connects to the newly added host on the S-switch is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan id
The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
policy-vlan dhcp-port interface-type interface-number1 [ to interface-number2 ]
[ priority priority ]
Issue 04 (2010-01-25)
Action
Command
display this
6-5
Run the display this command in the VLAN view of the S-switch where DHCP policy VLAN
based on interfaces is configured, you can view that the configuration of DHCP policy VLAN
based on interfaces is correct.
[Quidway-vlan2] display this
#
vlan 2
policy-vlan dhcp-port GigabitEthernet 0/0/2 priority 2
#
Pre-configuration Tasks
Before configuring generic DHCP policy VLAN, complete the following tasks:
l
Configuring the default VLAN for the interface that connects to the newly added host on
the S-switch
Data Preparation
To configure generic DHCP policy VLAN, you need the following data.
No.
Data
Issue 04 (2010-01-25)
Procedure
Step 1 Run:
system-view
The view of the interface that connects to the newly added host on the S-switch is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan id
The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
policy-vlan dhcp-generic [ priority priority ]
Command
display this
Run the display this command in the VLAN view of the S-switch where generic DHCP policy
VLAN is configured, you can view that the configuration of generic DHCP policy VLAN is
correct.
[Quidway-vlan2] display this
#
vlan 2
policy-vlan dhcp-generic priority 2
#
6-7
Command
display this
PC1
001E-9089-C65A
S-switch
GE 0/0/4
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
PC2
00E0-4C84-0B44
6-8
Issue 04 (2010-01-25)
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data:
l
Configuration Procedure
1.
0/0/2
default vlan 2
hybrid untagged vlan 100
0/0/4
default vlan 4
hybrid untagged vlan 100
2.
from
from
from
from
192.168.31.251:
192.168.31.251:
192.168.31.251:
192.168.31.251:
bytes=32
bytes=32
bytes=32
bytes=32
time=126ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
Configuration Files
The following lists the configuration file of the S-switch.
#
interface GigabitEthernet0/0/2
port default vlan 2
port hybrid untagged vlan 100
interface GigabitEthernet0/0/4
Issue 04 (2010-01-25)
6-9
S-switch
GE 0/0/1
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
...
PC1
PC10
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data:
6-10
Number of the S-switch interface that connects to the downstream access switch
Issue 04 (2010-01-25)
Configuration Procedure
1.
0/0/1
link-type hybrid
default vlan 10
hybrid untagged vlan 100
0/0/2
link-type hybrid
default vlan 20
hybrid untagged vlan 100
2.
from
from
from
from
192.168.31.251:
192.168.31.251:
192.168.31.251:
192.168.31.251:
bytes=32
bytes=32
bytes=32
bytes=32
time=126ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
Configuration Files
The following lists the configuration file of the S-switch.
#
interface GigabitEthernet0/0/1
port default vlan 10
port hybrid untagged vlan 100
interface GigabitEthernet0/0/2
port default vlan 20
port hybrid untagged vlan 100
#
vlan 100
policy-vlan dhcp-port gigabitEthernet 0/0/2 priority 5
#
return
Issue 04 (2010-01-25)
6-11
Issue 04 (2010-01-25)
7-1
IPv6 Address
A 128-bit IPv6 address has the following formats:
l
X:X:X:X:X:X:X:X
In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group
are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are
separated by colons. Every "X" represents a group of hexadecimal values.
X:X:X:X:X:X:d.d.d.d
This format is for the following types of addresses:
IPv6 PMTU
Generally, the problem that different networks have different Maximum Transmission Units
(MTU) can be solved in the following ways:
7-2
Issue 04 (2010-01-25)
Devices fragment packets as required. The source host only needs to fragment packets;
however, the intermediate device not only needs to fragment packets, but also to reassemble
packets.
The source host sends packets based on a proper MTU so that packets need not be
fragmented on the intermediate device. In such a case, packet processing burden on the
intermediate device can be reduced. During IPv6 packet transmission, only this way can
be adopted because IPv6 intermediate devices do not support packet fragmentation.
The Path MTU (PMTU) Discovery mechanism aims at finding a proper MTU value on the path
from the source to the destination.
IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing
protocols. This brings about Routing Information Base (RIB). The RIB is a base of the
Forwarding Information Base (FIB). Guided by route management policies, a device extracts a
minimum of necessary forwarding information from RIB and adds the information to the FIB.
Through the route management module, you can also add static routes into the FIB.
A FIB contains a group of minimum information needed by a device during packet forwarding.
An FIB entry usually contains the destination address, prefix length, transport port, next-hop
address, route flag, and time stamp. A device forwards packets according to FIB entries.
The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB
container (used on the forwarding plane). A FIB agent is responsible for interacting with the
RM module for delivering FIB entries to the forwarding engine, and to the I/O board in a
distributed system.
A FIB contains the following information:
l
Prefix length: indicates the length of the destination address prefix. From the prefix length,
you can infer that the destination address is a network address or a host address.
Nexthop: indicates the address of the close next hop through which the packet reaches the
destination.
7-3
Pre-configuration Tasks
Before configuring IPv6 addresses, complete the following tasks:
l
Configuring the physical features of the interface and ensuring that the status of the physical
layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IPv6 addresses for an interface, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
Context
Do as follows on the S-switch:
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
7-5
Procedure
l
Run the display ipv6 statistics command to check the IPv6 packet statistics.
----End
Pre-configuration Tasks
Before configuring IPv6 neighbor discovery, complete the following tasks:
7-6
Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
Issue 04 (2010-01-25)
Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
No.
Data
Hop limit of ND
Interface MTU
Procedure
Step 1 Run:
system-view
7-7
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
7-9
Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can
configure the number of DAD messages which are sent continuously.
Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS
re-transmitting time interval is 1000ms.
NUD checks the reachability of neighbors. By default, NUD value is 30000ms.
The MTU of the interface determines whether to fragment IP packets on the interface.
Do as follows on the S-switch:
Procedure
Step 1 Run:
system-view
When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval
must be less than or equal to the life duration.
By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.
By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration
is still 1800 seconds.
Step 5 Run:
ipv6 nd dad attempts value
Issue 04 (2010-01-25)
Step 8 Run:
ipv6 mtu mtu
Postrequisite
If the IPv6 MTU value is changed, run the shutdown command and the undo shutdown
command orderly in the interface view to validate the configuration.
Procedure
l
Run the display ipv6 neighbors interface-type interface-number command to check the
neighbor information in the cache.
----End
Pre-configuration Tasks
Before configuring PMTUs, complete the following tasks:
l
Issue 04 (2010-01-25)
Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
7-11
Data Preparation
To configure PMTUs, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
Procedure
l
Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command to check
all PMTU items.
----End
Pre-configuration Tasks
Before configuring TCP6, complete the following tasks:
l
Connecting and configuring the physical features for the interface and ensuring that the
status of the physical layer of the interface is Up
Configuring the link layer protocol parameters for the interface and ensuring that the status
of the link layer protocol on the interface is Up
Data Preparation
To configure TCP6, you need the following data.
Issue 04 (2010-01-25)
7-13
No.
Data
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
The size of the TCP6 sliding window ranges from 1 KB to 32 KB. By default, the size of the
TCP6 sliding window is 8 KB.
----End
Procedure
l
Run the display tcp ipv6 statistics command to check related TCP6 statistics.
Run the display tcp ipv6 status command to check the TCP6 connection status.
Run the display udp ipv6 statistics command to check related UDP6 statistics.
Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command to check
the information of the specified socket.
----End
Example
Run the display tcp ipv6 statistics, display tcp ipv6 status, and display udp ipv6 statistics
commands. If the connection status and statistic of TCP6 and UDP6 are displayed, it means that
the configuration succeeds.
<Quidway> display tcp ipv6 statistics
Received packets:
Total: 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets with data after window: 0 (0 bytes)
packets after close: 0
ACK packets: 0 (0 bytes)
duplicate ACK packets: 0, too much ACK packets: 0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 (including 0 RST)
window probe packets: 0, window update packets: 0
data packets: 0 (0 bytes) data packets retransmitted: 0 (0 bytes)
ACK only packets: 0 (0 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disc
onnected : 0
Initiated connections: 0, accepted connections: 0, established connections: 0
Closed connections: 0 (dropped: 0, initiated dropped: 0)
<Quidway> display tcp ipv6 status
TCP6CB
Local Address
Foreign Address
State
09e39ae4 3000::2->179
3000::1->49158
Time_Wait
09e36f24 3000::2->49152
3000::1->179
Established
07da08f8 ::->179
::->0
Listening
07d96da8 ::->23
::->0
Listening
Issue 04 (2010-01-25)
7-15
Run the display ipv6 socket command. If the related socket information is displayed, it means
that the configuration succeeds.
<Quidway> display ipv6 socket
SOCK_STREAM:
Task = VTYD(14), socketid = 4, Proto = 6,
LA = ::->22, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
Task = VTYD(14), socketid = 3, Proto = 6,
LA = ::->23, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
SOCK_DGRAM:
SOCK_RAW:
IPv6 statistics cannot restore after you clear it. So, confirm the action before you use the command.
Procedure
7-16
Run the reset ipv6 statistics [ slot 0 ] command in the user view to clear statistics of
processing IPv6 packets after you confirm it.
Run the reset ipv6 pathmtu { all | dynamic | static } command in the user view to clear
PMTU entries in the cache after you confirm it.
Run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interfacenumber ] | vlanif vlan-id } command in the user view to clear all IPv6 neighbor statistics
after you confirm it.
Run the reset ipv6 routing-table statistics protocol { all | protocol } command in the user
view to clear all IPv6 routing table statistics after you confirm it.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
Issue 04 (2010-01-25)
Run the reset tcp ipv6 statistics command in the user view to clear all TCP6 statistics after
you confirm it.
Run the reset udp ipv6 statistics command in the user view to clear all UDP6 statistics
after you confirm it.
----End
Procedure
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command in any
view to check the IPv6 information about the interface.
Run the display ipv6 statistics command in any view to check IPv6 packet statistics.
Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command in any
view to check all PMTU entries.
Run the display udp ipv6 statistics command in any view to check UDP6 statistics.
Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command in any
view to check information about the specified socket.
Run the display ipv6 fib { begin | include | exclude } regular-expression ] command in
any view to check information about the FIB.
----End
Debugging affects the performance of the system. So, after debugging, execute the undo debugging all
command to disable it immediately.
Run the following debugging commands in the user view to debug IPv6 and locate the fault.
For the procedures of displaying the debugging information, refer to the chapter "Information
Center Configuration" in the Quidway S5300 SeriesConfiguration Guide - Device
Management.
Procedure
l
Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6.
Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and
ND messages.
Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to
debug IPv6 packet.
Issue 04 (2010-01-25)
7-17
Run the debugging ipv6 pathmtu command in the user view to debug PMTU.
Run the debugging tcp ipv6 { event | packet } [ task-id socket-id ] command in the user
view to debug TCP6.
Run the debugging udp ipv6 packet [ task-id socket-id ] command in the user view to
debug UDP6.
----End
Vlanif1
3001::1/64
S-switch-A
Vlanif1
3001::2/64
S-switch-B
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complement the configuration, you need the following data:
l
Procedure
Step 1 Enable IPv6 packet forwarding on S-switch-A and S-switch-B.
7-18
Issue 04 (2010-01-25)
# Configure S-switch-A
<Quidway> system-view
[Quidway] sysname S-switch-A
[S-switch-A] ipv6
# Configure S-switch-B
<Quidway> system-view
[Quidway] sysname S-switch-B
[S-switch-B] ipv6
# Configure S-switch-B.
[S-switch-B] vlan 1
[S-switch-B-vlan1] port gigabitethernet0/0/1
[S-switch-B-vlan1] quit
[S-switch-B] interface vlanif 1
[S-switch-B-Vlanif1] ipv6 address 3001::2/64
[S-switch-B-Vlanif1] quit
Issue 04 (2010-01-25)
7-19
# On S-switch-A, ping the link-local address of S-switch-B. Note that you need to use the
parameter -i to specify the interface.
[S-switch-A] ping ipv6 fe80::2d6f:0:7af3:1 -i vlanif 1
PING FE80::2D6F:0:7AF3:1 : 56 data bytes, press CTRL_C to break
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=1 hop limit=64 time = 60 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=2 hop limit=64 time = 50 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=3 hop limit=64 time = 50 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=4 hop limit=64 time = 30 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=5 hop limit=64 time = 1 ms
--- FE80::2D6F:0:7AF3:1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/38/60 ms
----End
Configuration Files
l
7-20
Issue 04 (2010-01-25)
#
interface Vlanif1
ipv6 address 3001::2/64
#
interface GigabitEthernet0/0/1
port default vlan 1
Issue 04 (2010-01-25)
7-21
Issue 04 (2010-01-25)
8-1
IPv4 Application
TCP
UDP
IPv4/IPv6 Application
TCP
UDP
IPv4
IPv4
Protocol ID:
0x0800
Ethernet
IPv4 Stack
IPv6
Protocol ID: Protocol ID:
0x86DD
0x0800
Ethernet
Dual Stack
8-2
Issue 04 (2010-01-25)
Multiple applications such as DNS, FTP and Telnet support dual stacks. The upper
application, such as DNS, can select TCP or UDP as its transport layer protocol. However,
it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.
2.
3.
4.
Dual Stack
Dual Stack
IPv4
Tunnel
IPv6
IPv6 host
IPv6 Header
IPv6 Data
IPv4 Header IPv6 Header
IPv6
IPv6 Header
IPv6 host
IPv6 Data
IPv6 Data
The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 over
IPv4 tunnel. Tunnels can be classified according to their setup modes.
The common IPv6 over IPv4 tunnel modes include:
l
6to4 tunnels
8-3
The manual tunnel can be used between isolated IPv6 networks. It can also be used between a
border device and a host. In this case, the host and the device on both ends of the tunnel must
support the IPv4 and the IPv6 protocol stacks.
6to4 Tunnel
A 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over an
IPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6
network and the IPv4 network. The border device on both the ends of the 6to4 tunnel must
support the IPv4 and the IPv6 dual protocol stacks at the same time.
The key difference between the 6to4 tunnel and the manual tunnel is that the former can be a
point-to-multipoint connection, and the latter is only a point-to-point connection. Hence, the
devices of the 6to4 tunnel are not configured in pairs.
The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. You
need not specify the IPv4-compatible IPv6 address for it.
The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the following
format:
2002:IPv4 address: subnet ID:interface ID
The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4
address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address must
be configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4
network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both the
subnet ID and the interface ID are allocated in the isolated IPv6 domains.
As shown in Figure 8-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4
network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address of
the host or device in Site1 is the IPv4 address of the interface through which S-switch-A accesses
the IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or device
in Site2 is the IPv4 address of the interface through which S-switch-B accesses the IPv4 network.
S-switch-A and S-switch-B are both 6to4 devices.
Figure 8-3 6to4 tunnel and 6to4 relay
6to4
Router
6to4
Network
Site1
6to4
Router
IPv4
Network
S-switch-A
S-switch-C
6to4
Network
Site2
S-switch-B
6to4
Relay
IPv6
Internet
Site3
When the host in Site1 accesses the host in Site2, the process concerned is as follows:
8-4
Issue 04 (2010-01-25)
1.
2.
S-switch-A checks the destination address of the IPv6 packet and finds that the address is
the 6to4 address, from which S-switch-A obtains the remote IPv4 address of the 6to4 tunnel.
3.
S-switch-A encapsulates this IPv6 packet into the IPv4 packet. The destination address of
IPv4 packet header is the remote IPv4 address of the tunnel, and its source address is the
local IPv4 address of the tunnel.
4.
5.
S-switch-B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6
packet to the destination host in Site2.
The above process implements the communication between the 6to4 networks. To implement
the communication between the 6to4 network and native IPv6 network, a 6to4 relay device is
needed. The so-called native IPv6 network means that both its internal host and device are not
configured with the 6to4 address.
The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network.
One side of the 6to4 relay device is connected to the native IPv6 network; the other side is
connected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device.
As shown in Figure 8-3, when the host in the 6to4 network accesses the IPv6 Internet, the process
concerned is as follows:
1.
2.
3.
The IPv6 packet is encapsulated into the IPv4 packet and is sent to S-switch-C.
4.
S-switch-C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends the
IPv6 packet to the destination host in the IPv6 Internet.
ISATAP Tunnel
The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6
network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device.
The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows:
Prefix (64bit)::5EFE:IPv4-Address
When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in a
same IPv4 network), the IPv4 address embedded into the ISATAP address can be either a public
network address or a private network address.
As shown in Figure 8-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as follows:
1.
2.
3.
Issue 04 (2010-01-25)
8-5
The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with
5EFE:IPv4-Address, and uses this address to access the IPv6 host.
Figure 8-4 ISATAP tunnel
IPv6
Host
IPv4
Network
ISATAP Tunnel
IPv6
Network
ISATAP
Router
IPv4/IPv6 Host
2.1.1.1
FE80::5EFE:0201:0101
3FFE::5EFE:0201:0101
The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps given
above.
2.
The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host in
the IPv6 network.
3.
An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6
host.
Pre-configuration Tasks
Before configuring IPv6 tunnels, complete the following tasks:
8-6
Issue 04 (2010-01-25)
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data.
No.
Data
Type and number of the interface connected with the IPv4 network
IPv4 address and mask of the interface connected with the IPv4 network
Type and number of the interface connected with the IPv6 network
IPv6 address and prefix of the interface connected with the IPv6 network
Procedure
Step 1 Run:
system-view
8-7
Procedure
Step 1 Run:
system-view
Run:
ipv6 address auto link-local
Run:
ipv6 address ipv6-address link-local
Run:
ipv6 address { ipv6-address prefix-length | ipv6-address / prefix-length }
Run:
ipv6 address ipv6-address / prefix-length [ eui-64 ]
Issue 04 (2010-01-25)
Pre-configuration Tasks
Before configuring an IPv6 over IPv4 tunnel, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer protocol for the interface and ensuring that the status of the link
layer protocol on the interface is Up
Data Preparation
To configure an IPv6 over IPv4 tunnel, you need the following data.
No.
Data
You need to create an Eth-Trunk interface and keep it in the Up state before enabling the
service loopback function.
Only one interface enabled with the service loopback function is needed on a device.
8-9
Procedure
Step 1 Run:
system-view
Create only one interface enabled with the service loopback function on a device first, and
keep it in the Up state.
Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface.
You need to conduct the following configurations on the devices on both the ends of the
tunnel. During the configuration, note that the source address of the local tunnel end is the
destination address set for the remote tunnel end; the destination address of the local tunnel
end is the source address set for the remote tunnel end.
To support dynamic routing protocol, you also need to configure the tunnel interface with
a network address.
Procedure
Step 1 Run:
system-view
8-10
Issue 04 (2010-01-25)
The destination address of the tunnel can be the address of a physical interface or the address of a loopback
interface.
Step 7 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address / prefix-length }
Create only one interface enabled with the service loopback function on a device first, and
keep it in the Up state.
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. The
destination address of the tunnel is automatically obtained from the destination IP address
field carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnel
must be unique.
On the border device, configure a 6to4 address on the interface that is connected with the
6to4 network, and configure an IPv4 address on the interface that is connected with the
IPv4 network. To make the tunnel support the routing protocol, configure an IP address for
the tunnel interface.
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
8-11
Create only one interface enabled with the service loopback function on a device first, and
keep it in the Up state.
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
When configuring an ISATAP tunnel, you need to specify only the source address of the
tunnel. The destination address of the tunnel is automatically obtained from the destination
IP address field carried in the original IPv6 packet. Note that the source interface of the
ISATAP tunnel must be unique.
The IPv6 address configured on the tunnel interface is an ISATAP address with a prefix
length of 64 bits.
Procedure
Step 1 Run:
system-view
Issue 04 (2010-01-25)
Step 3 Run:
tunnel-protocol ipv6-ipv4 isatap
You can configure the static route by manually configuring the route to the destination
address (the destination address specified before encapsulating packets rather than the
destination address of the tunnel), and configure the next hop as the address of the peer
tunnel interface.
You can enable dynamic routing protocol on the tunnel interface connected to the private
networks and on the device interface.
Procedure
Step 1 Run the display interface tunnel [ interface-number ] [ verbose ] [ | { begin | exclude |
include } regular-expression ] command to check the operation status of a tunnel interface.
Step 2 Run the display ipv6 interface tunnel interface-number command to check the IPv6 attributes
of a tunnel interface.
----End
Issue 04 (2010-01-25)
8-13
Example
Run the display interface tunnel command. If the tunnel interface is Up and is configured with
a source address, a destination address and the protocol type, it means that the configuration
succeeds.
<Quidway> display interface tunnel 0/0/3
Tunnel0/0/3 current state : UP
Line protocol current state : DOWN
Description : HUAWEI, Quidway Series, Tunnel0/0/3 Interface, Route Port
The Maximum Transmit Unit is 1500 bytes
Internet protocol processing : disabled
Encapsulation is TUNNEL, loopback not set
Tunnel source 192.168.51.2 (Vlanif1), destination 192.168.50.2
Tunnel protocol/transport IPv6 over IPv4
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
0 input error
0 packets output, 0 bytes
0 output error
Run the display ipv6 interface tunnel command. If the IPv6 packets forwarding is enabled,
you can see the state of tunnel interface is Up, the state of IPv6 protocol is Up, source address
and ND parameters.
<Quidway> display ipv6 interface tunnel 0/0/3
Tunnel0/0/3 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::C0A8:3302
Global unicast address(es):
3001::2, subnet is 3001::/64
Joined group address(es):
FF02::1:FFA8:3302
FF02::1:FF00:2
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
Issue 04 (2010-01-25)
Figure 8-5 Networking diagram of the IPv6 over IPv4 manual tunnel
Vlanif1
192.168.50.1/24
S-switch-B
GE0/0/1
Vlanif2
192.168.51.1/24
GE0/0/2
GE0/0/1
S-switch-C
IPv4 network
Vlanif1
192.168.50.2/24
Vlanif2
IPv6
192.168.51.2/24
Dual
Dual
Stack
Stack
S-switch-A GE0/0/1
IPv6
Configuration Roadmap
The configuration roadmap of IPv6 over IPv4 manual tunnel is as follows:
1.
2.
3.
Configure IPv6 addresses, the source interface, and the destination addresses for the tunnel
interfaces.
4.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
IPv6 addresses, the source interfaces and the destination addresses of the tunnel interfaces
Procedure
Step 1 Configure S-switch-A.
# Enabling the service loopback function on an Eth-Trunk interface.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service-type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] eth-trunk 1
[Quidway-GigabitEthernet0/0/1] quit
8-15
# Configure the IPv6 address, source interface, and destination address for the tunnel interface.
[S-switch-A-Tunnel0/0/1]
[S-switch-A-Tunnel0/0/1]
[S-switch-A-Tunnel0/0/1]
[S-switch-A-Tunnel0/0/1]
[S-switch-A-Tunnel0/0/1]
ipv6 enable
ipv6 address 3001::1/64
source vlanif 1
destination 192.168.51.2
quit
# Configure the IPv6 address, source interface, and destination address for the tunnel interface.
[S-switch-C-Tunnel0/0/1]
[S-switch-C-Tunnel0/0/1]
[S-switch-C-Tunnel0/0/1]
[S-switch-C-Tunnel0/0/1]
Issue 04 (2010-01-25)
# On S-switch-C, ping the IPv6 address of Tunnel 0/0/1 of S-switch-A. S-switch-C can receive
response packets from S-switch-A.
[S-switch-C] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press
Reply from 3001::1
bytes=56 Sequence=1 hop limit=255
Reply from 3001::1
bytes=56 Sequence=2 hop limit=255
Reply from 3001::1
bytes=56 Sequence=3 hop limit=255
Reply from 3001::1
bytes=56 Sequence=4 hop limit=255
Reply from 3001::1
bytes=56 Sequence=5 hop limit=255
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/28 ms
CTRL_C to break
time = 28 ms
time = 27 ms
time = 26 ms
time = 27 ms
time = 26 ms
----End
Configuration File
l
Issue 04 (2010-01-25)
8-17
#
return
l
8-18
Issue 04 (2010-01-25)
IPv4
6to4
6to4
Router
Router
S-switch-B
S-switch-A GE0/0/2
GE0/0/2 Vlanif2
Vlanif2
2002:201:102:1::1/64
Vlanif1
Vlanif1
2002:201:101:1::1/64
2.1.1.1 2.1.1.2
GE0/0/1
GE0/0/1
Tunnel 0/0/1
Tunnel 0/0/1
2002:201:101::1/64
2002:201:102::1/64
PC2
PC1
IPv6
2002:201:101:1::2
2002:201:102:1::2
IPv6
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure S-switch-A.
# Enabling the service loopback function on an Eth-Trunk interface.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service-type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] eth-trunk 1
[Quidway-GigabitEthernet0/0/2] quit
Issue 04 (2010-01-25)
8-19
There must be an accessible route between S-switch-A and S-switch-B. In this example, both the devices
are directly connected; therefore, no routing protocol needs to be configured.
8-20
Issue 04 (2010-01-25)
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
----End
Configuration Files
l
Issue 04 (2010-01-25)
8-21
IPv4
network
IPv6
network
GE0/0/1
Vlanif1
3001::1/64
IPv6 Host
3001::2
GE0/0/2
ISATAP
Router
Vlanif2
2.1.1.1/8
ISATAP Host
FE80::5EFE:0201:0102
2.1.1.2
2001::5EFE:0201:0102
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Configure static routes from the IPv6 host to the ISATAP host.
Data Preparation
To complete the configuration, you need the following data:
8-22
Issue 04 (2010-01-25)
Procedure
Step 1 Configure the ISATAP device.
# Enabling the service loopback function on an Eth-Trunk interface.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service-type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] eth-trunk 1
[Quidway-GigabitEthernet0/0/2] quit
# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.
[Quidway] ipv6
[Quidway] interface vlanif 1
[Quidway-Vlanif1] ipv6 address 3001::1/64
[Quidway-Vlanif1] quit
[Quidway] interface vlanif 2
[Quidway-Vlanif2] ip address 2.1.1.1 255.0.0.0
[Quidway-Vlanif2] quit
Issue 04 (2010-01-25)
8-23
# On the ISATAP device, ping the global unicast IP address of the tunnel interface on the
ISATAP host.
[Quidway] ping ipv6 2001::5efe:2.1.1.2
PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from 2001::5EFE:201:102
bytes=56 Sequence=1 hop limit=64 time = 4 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=3 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=5 hop limit=64 time = 2 ms
--- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/4 ms
# On the ISATAP host, ping the global unicast IP address of the ISATAP device.
C:\> ping6 2001::5efe:2.1.1.1
Pinging 2001::5efe:2.1.1.1
from 2001::5efe:2.1.1.2 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
2001::5efe:2.1.1.1:
2001::5efe:2.1.1.1:
2001::5efe:2.1.1.1:
2001::5efe:2.1.1.1:
bytes=32
bytes=32
bytes=32
bytes=32
time=1ms
time=1ms
time=1ms
time=1ms
from
from
from
from
3001::2:
3001::2:
3001::2:
3001::2:
time<1ms
time<1ms
time<1ms
time<1ms
----End
Configuration Files
The configuration file of the ISATAP device is as follows:
#
sysname Quidway
8-24
Issue 04 (2010-01-25)
#
ipv6
#
interface Vlanif1
ipv6 address 3001::1/64
#
interface Vlanif2
ip address 2.1.1.1 255.0.0.0
#
interface Eth-Trunk1
service-type tunnel
#
interface Tunnel0/0/2
ipv6 address 2001::/64 eui-64
undo ipv6 nd ra halt
tunnel-protocol ipv6-ipv4 isatap
source Vlanif2
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
return
Issue 04 (2010-01-25)
8-25