Quidway S5300 Configuration Guide - IP Service (V100R003C00 - 04)

Quidway S5300 Series Ethernet Switches
V100R003C00
Configuration Guide - IP Service
Issue
04
Date
2010-01-25
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.


Contents
Contents
About This Document.....................................................................................................................1
1 IP Addresses Configuration.....................................................................................................1-1
1.1 Overview.........................................................................................................................................................1-2
1.1.1 Introduction to IP Addresses..................................................................................................................1-2
1.1.2 Features of IP Addresses Supported by the S-switch.............................................................................1-2
1.2 Configuring IP Addresses for VLAN interfaces.............................................................................................1-2
1.2.1 Establishing the Configuration Task......................................................................................................1-2
1.2.2 Configuring a Primary IP Address for an VLAN Interface...................................................................1-3
1.2.3 (Optional) Configuring a Secondary IP Address for an VLANIF Interface..........................................1-4
1.2.4 Checking the Configuration...................................................................................................................1-4
1.3 Maintaining.....................................................................................................................................................1-5
1.3.1 Monitoring Network Operation Status...................................................................................................1-5
1.4 Configuration Examples..................................................................................................................................1-5
1.4.1 Example for Configuring Primary and Secondary IP Addresses...........................................................1-5
2 ARP Configuration....................................................................................................................2-1
2.1 Overview.........................................................................................................................................................2-2
2.1.1 Introduction to ARP...............................................................................................................................2-2
2.1.2 Features of ARP Supported by the S-switch..........................................................................................2-2
2.2 Configuring ARP.............................................................................................................................................2-2
2.2.2 Configuring Static ARP Entries.............................................................................................................2-3
2.2.3 Optimizing Dynamic ARP.....................................................................................................................2-4
2.3 Configuring Routed Proxy ARP.....................................................................................................................2-6
2.3.2 Configuring an IP Addresses for the VLANIF Interface.......................................................................2-6
2.3.3 Enabling Routed Proxy ARP Function..................................................................................................2-7
2.4 Configuring Proxy ARP in a VLAN...............................................................................................................2-8
2.4.2 Setting the IP Address of a VLANIF Interface......................................................................................2-8
2.4.3 Enabling Proxy ARP in a VLAN...........................................................................................................2-9
Issue 04 (2010-01-25)

Contents

2.5 Configuring Proxy ARP Between VLANs...................................................................................................2-10

2.5.1 Establishing the Configuration Task....................................................................................................2-10
2.5.2 Configuring an IP Addresses for the VLANIF Interface.....................................................................2-11
2.5.3 Enabling Proxy ARP Between VLANs...............................................................................................2-11
2.5.4 Checking the Configuration.................................................................................................................2-12
2.6 Maintaining ARP...........................................................................................................................................2-12
2.6.1 Clearing ARP Statistics........................................................................................................................2-12
2.6.2 Monitoring Network Operation Status.................................................................................................2-13
2.6.3 Debugging ARP...................................................................................................................................2-13
2.7 Configuration Examples................................................................................................................................2-14
2.7.1 Example for Configuring Static ARP...................................................................................................2-14
2.7.2 Example for Configuring Dynamic ARP.............................................................................................2-16
2.7.3 Example for Configuring Routed Proxy ARP......................................................................................2-17
2.7.4 Example for Configuring Proxy ARP in a VLAN...............................................................................2-19
2.7.5 Example for Configuring Proxy ARP Between VLANs.....................................................................2-22
3 DNS Configuration....................................................................................................................3-1
3.1 Overview.........................................................................................................................................................3-2
3.1.1 Introduction to DNS...............................................................................................................................3-2
3.1.2 DNS Supported by the S-switch.............................................................................................................3-2
3.2 Configuring DNS............................................................................................................................................3-2
3.2.2 Configuring Static DNS Entries.............................................................................................................3-3
3.2.3 Configuring Dynamic DNS....................................................................................................................3-3
3.3 Maintaining DNS............................................................................................................................................3-5
3.3.1 Clearing DNS Entries.............................................................................................................................3-5
3.3.2 Monitoring Network Operation Status...................................................................................................3-6
3.3.3 Debugging DNS.....................................................................................................................................3-6
3.4.1 Example for Configuring DNS..............................................................................................................3-6
4 DHCP Configuration.................................................................................................................4-1
4.1 Overview.........................................................................................................................................................4-2
4.1.1 Introduction to DHCP............................................................................................................................4-2
4.1.2 DHCP Supported by the S-switch..........................................................................................................4-2
4.2 Configuring the Global Address Pool-based DHCP Server............................................................................4-2
4.2.2 Configuring the DHCP Global Address Pool........................................................................................4-3
4.2.3 Configure Static IP Address Binding.....................................................................................................4-4
4.2.4 Configuring DNS Services for the DHCP Client...................................................................................4-5
4.2.5 Configuring NetBIOS Services for the DHCP Client............................................................................4-6
4.2.6 Configuring Egress Gateway for the DHCP Client...............................................................................4-7
ii

Issue 04 (2010-01-25)

Contents
4.2.7 Configuring DHCP Self-Defined Options.............................................................................................4-7

4.2.8 Assigning IP Addresses in the Global Address Pool to the DHCP Clients on the Specified Interface
.........................................................................................................................................................................4-8
4.3 Configuring VLANIF Interface Address Pool-based DHCP Server.............................................................4-11
4.3.2 Enabling Address Pools on VLANIF Interfaces..................................................................................4-12
4.3.3 Configuring the Address Pool on the VLANIF Interface....................................................................4-14
4.3.4 Configuring DNS on the Address Pool of the VLANIF Interface.......................................................4-15
4.3.5 Configuring NetBIOS on the Address Pool of the VLANIF Interface................................................4-15
4.3.6 Configuring DHCP Self-Defined Options for the Address Pool of the VLANIF Interface................4-17
4.4 Configuring the Security Function for DHCP...............................................................................................4-18
4.4.2 Starting the Detection of the Pseudo DHCP Server on a DHCP Server..............................................4-19
4.4.3 Avoiding Repetitive IP Address Assignment.......................................................................................4-20
4.4.4 Saving DHCP Data...............................................................................................................................4-20
4.4.5 Recovering DHCP Data.......................................................................................................................4-21
4.5 Configuring DHCP Relay.............................................................................................................................4-22
4.5.2 Enabling DHCP Relay.........................................................................................................................4-23
4.5.3 Assigning IP Addresses to the Client Through Relay..........................................................................4-24
4.5.4 Requesting the DHCP Server to Release IP Addresses of the Client..................................................4-25
4.6 Maintaining DHCP........................................................................................................................................4-26
4.6.1 Resetting DHCP...................................................................................................................................4-26
4.6.2 Releasing Conflicting IP Addresses.....................................................................................................4-27
4.6.3 Clearing DHCP Statistics.....................................................................................................................4-27
4.6.5 Debugging DHCP................................................................................................................................4-28
4.7.1 Example for Configuring the Global Address Pool-based DHCP Server............................................4-29
4.7.2 Example for Configuring the VLANIF Interface Address Pool-based DHCP Server.........................4-32
4.7.3 Example for Configuring DHCP Relay...............................................................................................4-35
5 IP Performance Configuration.................................................................................................5-1
5.1 Overview.........................................................................................................................................................5-2
5.1.1 Introduction to IP Performance..............................................................................................................5-2
5.1.2 IP Performance Supported by the S-switch............................................................................................5-2
5.2 Improving IP Performance..............................................................................................................................5-3
5.2.2 Verifying the Source IP Address............................................................................................................5-4
Issue 04 (2010-01-25)

iii
Contents

5.2.3 Forwarding Broadcast Packets...............................................................................................................5-4
5.2.4 Configuring ICMP Attributes.................................................................................................................5-5
5.2.5 Configuring TCP Attributes...................................................................................................................5-5
5.3 Maintaining IP Performance.........................................................................................................................5-10

5.3.1 Clearing IP/TCP/UDP Statistics...........................................................................................................5-10
5.3.3 Debugging IP/TCP/UDP......................................................................................................................5-12
5.4.1 Example for Limiting Transmission of ICMP Host-Unreachable Packets..........................................5-13
6 DHCP Policy VLAN Configuration.......................................................................................6-1

6.1 Overview.........................................................................................................................................................6-2
6.1.1 Introduction............................................................................................................................................6-2
6.1.2 DHCP Policy VLAN Supported by the S-switch...................................................................................6-2
6.2 Configuring DHCP Policy VLAN Based on MAC Addresses.......................................................................6-2
6.2.2 Configuration Procedure........................................................................................................................6-3
6.3 Configuring the DHCP Policy VLAN Based on Interfaces............................................................................6-4
6.4 Configuring Generic DHCP Policy VLAN.....................................................................................................6-6
6.5 Maintaining DHCP Policy VLAN.................................................................................................................. 6-7
6.5.1 Monitoring the Running Status..............................................................................................................6-8
6.6.1 Example for Configuring DHCP Policy VLAN Based on MAC Addresses.........................................6-8
6.6.2 Example for Configuring DHCP Policy VLAN Based on Interfaces..................................................6-10
7 Basic IPv6 Configuration..........................................................................................................7-1

7.1 Introduction to IPv6........................................................................................................................................ 7-2
7.2 IPv6 Supported by the S-switch......................................................................................................................7-2
7.3 Configuring an IPv6 Address for an Interface................................................................................................ 7-3
7.3.2 Enabling IPv6 Packet Forwarding Capability........................................................................................7-4
7.3.3 Configuring an IPv6 Link-Local Address for an Interface.................................................................... 7-4
7.3.4 Configuring an IPv6 Global Unicast Address for an Interface..............................................................7-5
7.4 Configuring IPv6 Neighbor Discovery...........................................................................................................7-6
iv

Issue 04 (2010-01-25)

Contents
7.4.2 Configuring Static Neighbors.................................................................................................................7-7

7.4.3 Enabling RA Message Advertising........................................................................................................7-7
7.4.4 Setting the Interval for Advertising RA Messages.................................................................................7-8
7.4.5 Enabling Stateful Auto Configuration....................................................................................................7-8
7.4.6 Configuring the Address Prefixes to Be Advertised..............................................................................7-9
7.4.7 Configuring Other Information to Be Advertised..................................................................................7-9
7.5 Configuring PMTU.......................................................................................................................................7-11
7.5.2 Creating Static PMTU Entries..............................................................................................................7-12
7.5.3 Configuring PMTU Aging Time..........................................................................................................7-12
7.6 Configuring TCP6.........................................................................................................................................7-13
7.6.2 Configuring TCP6 Timers....................................................................................................................7-14
7.6.3 Configuring the Size of the TCP6 Sliding Window.............................................................................7-14
7.7 Maintaining IPv6...........................................................................................................................................7-16
7.7.1 Resetting IPv6......................................................................................................................................7-16
7.7.2 Monitoring Network Operation Status of IPv6....................................................................................7-17
7.7.3 Debugging IPv6....................................................................................................................................7-17
7.8.1 Example for Configuring an IPv6 Address for an Interface................................................................7-18
8 IPv6 over IPv4 Tunnel Configuration....................................................................................8-1

8.1 Introduction to IPv6 over IPv4........................................................................................................................8-2
8.2 IPv6 over IPv4 Supported by the S-switch.....................................................................................................8-2
8.3 Configuring IPv4/IPv6 Dual Stacks................................................................................................................8-6
8.3.2 Enabling IPv6 Packet Forwarding..........................................................................................................8-7
8.3.3 Configuring IPv4 and IPv6 Addresses for the Interface........................................................................8-7
8.4 Configuring an IPv6 over IPv4 Tunnel...........................................................................................................8-8
8.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface....................................................8-9
8.4.3 Configuring an IPv6 over IPv4 Manual Tunnel...................................................................................8-10
8.4.4 Configuring a 6to4 Tunnel...................................................................................................................8-11
8.4.5 Configuring an ISATAP Tunnel..........................................................................................................8-12
8.4.6 Configuring Routes in the Tunnel........................................................................................................8-13
8.5.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel..............................................................8-14
8.5.2 Example for Configuring a 6to4 Tunnel..............................................................................................8-18
Issue 04 (2010-01-25)

Contents

8.5.3 Example for Configuring an ISATAP Tunnel.....................................................................................8-22
vi

Issue 04 (2010-01-25)

Figures
Figures
Figure 1-1 Configuring primary and secondary IP addresses for a VLANIF interface.......................................1-6
Figure 2-1 Networking diagram for configuring static ARP..............................................................................2-14
Figure 2-2 Networking diagram for configuring dynamic ARP........................................................................2-16
Figure 2-3 Networking diagram of configuring proxy ARP..............................................................................2-18
Figure 2-4 Networking diagram of proxy ARP in a VLAN...............................................................................2-20
Figure 2-5 Networking diagram of configuring proxy ARP between VLANs..................................................2-23
Figure 3-1 Networking diagram of DNS..............................................................................................................3-7
Figure 4-1 Networking diagram of the DHCP server and the client that are in the same network segment.....4-30
Figure 4-2 Networking diagram of the DHCP server based on the address pool on the VLANIF interface.....4-33
Figure 4-3 Networking diagram for configuring DHCP relay...........................................................................4-36
Figure 5-1 Networking diagram of configuring ICMP host unreachable packets.............................................5-13
Figure 6-1 Networking for configuring DHCP policy VLAN based on MAC addresses....................................6-8
Figure 6-2 Networking for configuring DHCP policy VLAN based on interfaces...........................................6-10
Figure 7-1 Networking diagram of configuring an IPv6 address for an interface.............................................7-18
Figure 8-1 Single stack and dual stack structures (Ethernet)...............................................................................8-2
Figure 8-2 Schematic diagram of IPv6 over IPv4 tunnel.....................................................................................8-3
Figure 8-3 6to4 tunnel and 6to4 relay..................................................................................................................8-4
Figure 8-4 ISATAP tunnel...................................................................................................................................8-6
Figure 8-5 Networking diagram of the IPv6 over IPv4 manual tunnel..............................................................8-15
Figure 8-6 Networking diagram of the 6to4 tunnel............................................................................................8-19
Figure 8-7 Networking diagram of the ISATAP tunnel.....................................................................................8-22
Issue 04 (2010-01-25)

vii

About This Document
About This Document

Purpose
This document provides configuration procedures and examples for the IP Service features of
the S-switch.
This document covers the following topics:
l
Feature description
Data preparations
Pre-configuration tasks
Configuration procedures
Checking the configuration
Configuration examples
This document helps you grasp the configuration procedures and application scenarios of the IP
Service features of the S-switch.
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
S5300
V100R003C00
Intended Audience
This document is intended for:
l
Commissioning engineers
Data configuration engineers
Network administrators
System maintenance engineers
Issue 04 (2010-01-25)


About This Document
Organization
This document is organized as follows.
Chapter
Description
1 IP Addresses Configuration
This chapter describes the basics, methods

and examples for configuring IP Address.
2 ARP Configuration

and examples for configuring ARP.
3 DNS Configuration

and examples for configuring DNS.
4 DHCP Configuration

and examples for configuring DHCP.
5 IP Performance Configuration

and examples for configuring IP performance.
6 DHCP Policy VLAN Configuration

and examples for configuring DHCP policy
VLAN.
7 Basic IPv6 Configuration

and examples for configuring IPv6.
8 IPv6 over IPv4 Tunnel Configuration

and examples for configuring IPv6 over IPv4
tunnel.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Indicates a hazard with a high level of risk, which if

not avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk,
which if not avoided, could result in minor or
moderate injuries.
Indicates a potentially hazardous situation, which if
not avoided, could result in equipment damage, data
loss, performance degradation, or unexpected
results.

Issue 04 (2010-01-25)

Symbol
About This Document
Description
TIP
Indicates a tip that may help you address a problem

or save your time.
NOTE
Provides additional information to emphasize or

supplement important points of the main text.
General Conventions
Convention
Description
Times New Roman
Normal paragraphs are in Times New Roman.
Boldface
Names of files, directories, folders, and users are in Boldface.

For example, log in as user Root.
Italic
Book titles are in Italics.
Courier New
Examples of information displayed on the screen are in Courier

New.
Command Conventions
Issue 04 (2010-01-25)
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by vertical

bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets and

separated by vertical bars. One or none is selected.
{ x | y | ... } *
Optional items are grouped in braces and separated by vertical

bars. A minimum of one item or a maximum of all items can be
selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets and

separated by vertical bars. Several or none is selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n times.
A line starting with the # sign is comments.


About This Document
GUI Conventions
Convention
Description
boldface
Buttons, menus, parameters, tabs, windows, and dialog titles are

in boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">" signs.

For example, choose File > Create > Folder.
Keyboard Operations
Convention
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Press the keys concurrently. For example, pressing Ctrl+Alt

+A means the three keys should be pressed concurrently.
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, F means the
two keys should be pressed in turn.
Mouse Operations
Convention
Description
Click
Select and release the primary mouse button without moving the
pointer.
Double-click
Press the primary mouse button twice continuously and quickly

without moving the pointer.
Drag
Press and hold the primary mouse button and move the pointer
to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in Issue 04 (2010-01-25)

Fourth commercial release. The document is updated as follows:
l
ACL Configuration and ACL6 Configuration are moved from Quidway S5300 Series
Ethernet Switches Configuration - IP Service to Quidway S5300 Series Ethernet
Switches Configuration - Security.
Issue 04 (2010-01-25)

About This Document

Third commercial release. The document is updated as follows:
The following information is added:
l
ARP Configuration: 2.4 Configuring Proxy ARP in a VLAN
ARP Configuration: 2.7.4 Example for Configuring Proxy ARP in a VLAN
The following information is modified:

l
IP Performance Configuration: 5.2.4 Configuring ICMP Attributes

Second commercial release. The document is updated as follows:
l
Bugs are fixed.
The manual version is updated.

This is the first release.
Issue 04 (2010-01-25)


IP Addresses Configuration
About This Chapter

This chapter describes the fundamentals of IP address, including its classes, methods and
important characteristics. It also describes the steps for IP address configuration, along with
typical examples.
1.1 Overview
This section describes the principle and concepts of the IP address.
1.2 Configuring IP Addresses for VLAN interfaces
This section describes how to configure IP addresses for VLAN interfaces.
1.3 Maintaining
This section describes how to view configurations about IP addresses.
1.4 Configuration Examples
This section provides several configuration examples of IP addresses.
Issue 04 (2010-01-25)

1-1

1.1 Overview
This section describes the principle and concepts of the IP address.
1.1.1 Introduction to IP Addresses
1.1.2 Features of IP Addresses Supported by the S-switch
1.1.1 Introduction to IP Addresses

To communicate with each other in an IP network, each host in the network must be assigned
an IP address.
An IP address is a 32-bit number, composed of two parts, network ID and host ID.
The network ID identifies a network and the host ID identifies a host on the network. If the
network IDs of hosts are the same, it indicates that the hosts are in the same network regardless
of their physical location.
1.1.2 Features of IP Addresses Supported by the S-switch

The S-switch supports IP address configuration through the following methods:
l
Manually configuring an IP address for an interface
Get IP address by DHCP
1.2 Configuring IP Addresses for VLAN interfaces

This section describes how to configure IP addresses for VLAN interfaces.
1.2.1 Establishing the Configuration Task
1.2.2 Configuring a Primary IP Address for an VLAN Interface
1.2.3 (Optional) Configuring a Secondary IP Address for an VLANIF Interface
1.2.4 Checking the Configuration

Applicable Environment
To start the IP services on S-switch, configure the IP address on the VLANIF interface. You can
assign several IP addresses to each interface. Among them, one is the primary IP address and
the others are secondary IP addresses.
Pre-configuration Tasks
Before configuring an IP address for an VLANIF interface, complete the following tasks:
1-2

Issue 04 (2010-01-25)

Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Configuring the corresponding VLAN
Data Preparation
To configure IP addresses for an VLANIF interface, you need the following data.
No.
Data
VLANIF interface number
Primary IP address and subnet mask for the VLANIF interface
(Optional) Secondary IP address and subnet mask for the VLANIF interface
Subordinate IP addresses are required when an VLANIF interface needs multiple addresses.
1.2.2 Configuring a Primary IP Address for an VLAN Interface

Context
Do as follows on the S-switch:
Procedure
Step 1 Run:
system-view
The system view is displayed.

Step 2 Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.

Step 3 Run:
ip address ip-address { mask | mask-length }
Or
ip address dhcp-alloc
A primary IP address is configured.

An VLANIF interface has only one primary IP address. If the VLANIF interface already has a
primary IP address, the newly configured primary IP address replaces the original one.
----End
Issue 04 (2010-01-25)

1-3

1.2.3 (Optional) Configuring a Secondary IP Address for an

VLANIF Interface
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
ip address ip-address { mask | mask-length } sub
A secondary IP address is configured.

----End

Run the following commands to check the pervious configuration.
Action
Command
View the IP configuration on the

interface.
display ip interface[ brief ] [ interface-type interfacenumber ]
View interface information.
display interface[ interface-type [ interface-number ] ]

[ verbose ] [ | { begin| exclude | include } regularexpression ]
Run the display ip interface command. If the physical status and link protocol status of the
interface are Up, it means that the configuration succeeds.
<Quidway> display ip interface brief vlanif 1
*down: administratively down
(l): loopback
(s): spoofing
Interface
IP Address
Physical
Vlanif1
192.168.32.22
up
Protocol
up
Description
Huawei,Quidway
Run the display interface command. If information about the IP address and mask of the
interface is displayed, it means that the configuration succeeds. For example:
<Quidway> display interface vlanif 1
Vlanif1 current state : UP
Line protocol current state : UP
1-4

Issue 04 (2010-01-25)

Description : Huawei, Quidway Series, Vlanif1 Interface, Route Port

The Maximum Transmit Unit is 1500 bytes
Internet Address is 192.168.32.22/16
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0010-8300-0026
Last 300 seconds input rate: 1 packets/sec
Last 300 seconds output rate: 1 packets/sec
Input:
60281 Packets, 21941 Unicasts

29097 Broadcasts, 9243 Multicasts
Output:
22637 Packets, 22637 Unicasts

0 Broadcasts, 0 Multicasts
1.3 Maintaining
This section describes how to view configurations about IP addresses.
1.3.1 Monitoring Network Operation Status

To obtain configurations about IP addresses in routine maintenance, run the following
commands.
Action
Command
View configurations about the

IP address of the interface.
display ip interface[ brief ] [ interface-type interfacenumber ]
View information about the

interface.
display interface [ interface-type [ interface-number ] ]

[ verbose ] [ | { begin | exclude | include } regularexpression ]

This section provides several configuration examples of IP addresses.
1.4.1 Example for Configuring Primary and Secondary IP Addresses
1.4.1 Example for Configuring Primary and Secondary IP Addresses

Networking Requirements
As shown in Figure 1-1, GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 of the S-switch are
connected to two PCs and added to VLAN 1. The IP addresses of PC1 and PC2 are 172.16.1.1/24
and 172.16.2.1/24.
Issue 04 (2010-01-25)

1-5

Figure 1-1 Configuring primary and secondary IP addresses for a VLANIF interface
S-switch
GE 0/0/1
PC 1
172.16.1.1/24
GE 0/0/2
PC 2
172.16.2.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Analyze the network segment where the interface locates.
2.
Configure a primary IP address for the VLANIF interface and then configure a secondary
IP address for the interface.
Data Preparation
To complete the configuration, you need the following data:
l
Primary IP address and subnet mask of the VLANIF interface
Secondary IP address and subnet mask of the VLANIF interface
Configuration Procedure
If you assign only one IP address to the VLANIF interface on the S-switch, you can access
certain hosts through the S-switch. To access all the hosts in the network through the S-switch,
you need to assign a secondary IP address to the VLANIF interface.
1.
Add GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 of the S-switch to VLAN 1.
2.
Configure the device.

# Configure the primary and secondary IP addresses for VLANIF 1 of the device.
<Quidway> system-view
[Quidway] interface vlanif 1
[Quidway-Vlanif1] ip address 172.16.1.2 255.255.255.0
[Quidway-Vlanif1] ip address 172.16.2.2 255.255.255.0 sub
3.
Verify the configuration.

# Ping the host PC1 from the device. The ping succeeds.
[Quidway] ping 172.16.1.1
PING 172.16.1.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=128 time=25
1-6

ms
ms
ms
ms
ms
Issue 04 (2010-01-25)

--- 172.16.1.1 ping statistics --5 packet(s) transmitted

5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms
# Ping the host PC2 from the device. The ping succeeds.
[Quidway] ping 172.16.2.1
0.00% packet loss
ms
ms
ms
ms
ms
# The hosts PC1 and PC2 cannot ping each other.
Configuration Files
The configuration file of the device is as follows:
#
interface Vlanif1
ip address 172.16.1.2 255.255.255.0
ip address 172.16.2.2 255.255.255.0 sub
#
Issue 04 (2010-01-25)

1-7

2 ARP Configuration
ARP Configuration
About This Chapter

This chapter describes the static and dynamic ARP, ARP proxy concepts and their configuration
steps, along with typical examples.
2.1 Overview
This section describes the basic principle and concepts of the Address Resolution Protocol
(ARP).
2.2 Configuring ARP
This section describes how to configure static ARP, and dynamic ARP.
2.3 Configuring Routed Proxy ARP
This section describes how to configure routed proxy ARP to make different sub-networks
communicate with each other.
2.4 Configuring Proxy ARP in a VLAN
This section describes how to configure proxy ARP in a VLAN to enable hosts that are isolated
at Layer 2 in a VLAN to communicate with each other.
2.5 Configuring Proxy ARP Between VLANs
This section describes how to implement communication between hosts in different VLANs.
2.6 Maintaining ARP
This section describes how to display ARP configurations, clear ARP statistics and debug ARP.
This section provides several configuration examples of ARP, proxy ARP in a VLAN, and proxy
ARP between VLANs.
Issue 04 (2010-01-25)

2-1

2 ARP Configuration
2.1 Overview
This section describes the basic principle and concepts of the Address Resolution Protocol
(ARP).
2.1.1 Introduction to ARP
2.1.2 Features of ARP Supported by the S-switch
2.1.1 Introduction to ARP

Each host or device in the Local Area Network (LAN) has a 32-bit IP address to communicate
with others. In an Ethernet, a host or a device transmits Ethernet frames based on 48-bit Medium
Access Control (MAC) addresses. A MAC address is also called physical address or hardware
address. It is assigned to an Ethernet interface when a device is produced. IP addresses are
independent of hardware addresses. Therefore, mappings between MAC addresses and IP
addresses must be created through a certain address resolution mechanism.
The Address Resolution Protocol (ARP) emerges. It provides a mapping between an IP address
and a MAC address.
2.1.2 Features of ARP Supported by the S-switch

ARP is classified into dynamic ARP and static ARP. The S-switch supports the dynamic ARP,
static ARP, and proxy ARP.
2.2 Configuring ARP

This section describes how to configure static ARP, and dynamic ARP.
2.2.2 Configuring Static ARP Entries
2.2.3 Optimizing Dynamic ARP

Dynamic ARP is one of functions owned by a device or host. To enable this function, you modify
some parameters of dynamic ARP actions instead of running the related command.
Static ARP is used in the following situations:
l
2-2
The packets whose destination IP address is in another network segment traverse a gateway
of the segment so that the gateway can forward the packets to their destination.
Issue 04 (2010-01-25)

2 ARP Configuration
When users need to filter out some packets with illegal destination IP addresses, static ARP
can bind these illegal addresses to a nonexistent MAC address.
Before configuring ARP, complete the following tasks:
l
Configuring the network layer parameters for the interface
Data Preparation
To configure ARP, you need the following data.
No.
Data
IP address and MAC address of the static ARP entry
ID of the VLANIF interface to which the dynamic ARP entry belongs
Aging detection times of the dynamic ARP entry
Aging time of the dynamic ARP entry
2.2.2 Configuring Static ARP Entries

Context
Procedure
Step 1 Run:
system-view

Step 2 Perform the following as required to add static ARP entries:
l
To configure common static ARP entries, run the arp static ip-address mac-address
command.
To configure static ARP entries in a Virtual Local Area Network (VLAN), do as follows:
Issue 04 (2010-01-25)
Run the arp static ip-address mac-address vid vlan-id interface interface-type interfacenumber command.
Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlanid command.
2-3

2 ARP Configuration
This command is applied to the sub-interface that supports VLAN and can be bound to
the VPN.
l
To configure static ARP entries in a VPN instance, run the arp static ip-address macaddress vpn-instance vpn-instance-name command.
NOTE
Static ARP entries keep valid when a device works normally.
----End
2.2.3 Optimizing Dynamic ARP

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
The VLAN interface view is displayed.

Step 3 Run:
arp detect-times detect-times
The aging detection times of the dynamic ARP entries are configured.
Step 4 Run:
arp expire-time expire-times
The timeout period for aging dynamic ARP entries is configured.

Step 5 Run:
quit
Back to the system view.

Step 6 Run:
arp-suppress enable
ARP suppression is enabled on the current device.

----End

2-4

Issue 04 (2010-01-25)

2 ARP Configuration
Action
Command
View information about

ARP mapping tables based
on interfaces.
display arp [ statistics ] interface vlanif vlan-id [ | { begin |

exclude | include } regular-expression ]
View statistics about ARP

entries.
display arp statistics
Run the display arp interface command. If all the ARP entries of the interface are displayed,
it means that the configuration succeeds. For example:
<Quidway> display arp interface vlanif 1
IP ADDRESS
MAC ADDRESS EXPIRE(M) TYPE INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------192.168.32.22
0010-8300-0026
I - Vlanif1
192.168.1.255
Incomplete
0
D-0 Vlanif1
192.168.29.1
000e-4540-04b7 5
DF0 GE0/0/1
1
192.168.29.3
e000-0af0-e492 7
DF0 GE0/0/1
1
192.168.29.7
e000-0af0-cb68 7
DF0 GE0/0/1
1
192.168.29.2
e000-0af0-e497 7
DF0 GE0/0/1
1
192.168.29.4
e000-0af0-e090 7
DF0 GE0/0/1
1
192.168.29.6
e000-0af0-cb67 7
DF0 GE0/0/1
1
192.168.1.239
0018-8236-f110 9
DF0 GE0/0/1
1
192.168.1.232
0200-000a-1d34 10
DF0 GE0/0/1
1
192.168.1.220
0018-8261-2507 11
DF0 GE0/0/1
1
192.168.31.99
0019-21df-dd7c 17
DF0 GE0/0/1
1
192.168.32.171 0019-e00a-a8fc 17
DF0 GE0/0/1
1
192.168.31.181 001e-9089-c65a 17
DF0 GE0/0/1
1
192.168.31.253 000d-88f7-5fee 19
DF0 GE0/0/1
1
192.168.29.126 e000-0af0-cbba 19
DF0 GE0/0/1
1
192.168.1.145
0200-0016-0319 19
DF0 GE0/0/1
1
192.168.3.169
0018-8261-652c 20
DF0 GE0/0/1
1
192.168.1.143
0200-0016-0331 20
DF0 GE0/0/1
1
192.168.225.2
4e74-6300-0422 20
DF0 GE0/0/1
1
192.168.32.108 0018-8241-e376 20
DF0 GE0/0/1
1
-----------------------------------------------------------------------------Total:21
Dynamic:20
Static:0
Interface:1
Run the display arp statistics command. If statistics about ARP entries are displayed, it means
that the configuration succeeds. For example:
<Quidway> display arp statistics
Total:27
Dynamic:20
Static:0
Issue 04 (2010-01-25)
Interface:7

2-5

2 ARP Configuration
2.3 Configuring Routed Proxy ARP

This section describes how to configure routed proxy ARP to make different sub-networks
communicate with each other.
2.3.2 Configuring an IP Addresses for the VLANIF Interface
2.3.3 Enabling Routed Proxy ARP Function

When two hosts are located in different network segments without gateways configured, you
can use the arp-proxy enable command to enable routed proxy ARP on the S-switch connecting
these hosts. In this manner, IP addresses between these two hosts can be resolved through the
S-switch.
Before configuring routed proxy ARP, complete the following tasks:
l
Data Preparation
To configure routed proxy ARP, you need the following data.
No.
Data
Number of the VLANIF interface enabled with routed proxy ARP
IP address of the VLANIF interface enabled with routed proxy ARP

Context
2-6

Issue 04 (2010-01-25)

2 ARP Configuration
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
The VLANIF interface is configured with an IP address.

----End
2.3.3 Enabling Routed Proxy ARP Function

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
arp-proxy enable
The routed proxy ARP function is enabled on the VLANIF interface.

----End

Issue 04 (2010-01-25)
Action
Command
Check if the Proxy ARP

function is enabled on
VLANIF interfaces
display this

2-7

2 ARP Configuration
Run the display thiscommand. You can check if the Proxy ARP function is enabled on
interfaces. For example:
<Quidway> interface vlanif 1
[Quidway-Vlanif1] display this
#
interface Vlanif1
ip address 100.1.1.235 255.255.255.0
arp-proxy enable
#
2.4 Configuring Proxy ARP in a VLAN

This section describes how to configure proxy ARP in a VLAN to enable hosts that are isolated
at Layer 2 in a VLAN to communicate with each other.
2.4.2 Setting the IP Address of a VLANIF Interface
2.4.3 Enabling Proxy ARP in a VLAN

Users in a VLAN are in the same broadcast domain; therefore, they must be isolated on Layer
2 to prevent broadcast storms. To enable these users to communicate with each other, you need
to enable proxy ARP in the VLAN.
Before configuring proxy ARP in a VLAN, complete the following tasks:
l
Connecting interfaces and setting the physical parameters of each interface to make the
physical layer in Up state
Configuring Layer-2 isolation of users in the VLAN
Data Preparation
To configure proxy ARP in a VLAN, you need the following data.
No.
Data
Number of the interface where proxy ARP in the VLAN is enabled
IP address of the interface where proxy ARP in the VLAN is enabled
2.4.2 Setting the IP Address of a VLANIF Interface

2-8

Issue 04 (2010-01-25)

2 ARP Configuration
Procedure
Step 1 Run:
system-view

Step 2 Run:

You can enable proxy ARP in a VLAN only on VLANIF interfaces of the S-switch.
Step 3 Run:
The IP address of the interface is configured.

The IP address of the VLANIF interface must be on the same network segment as the LAN
connected to the VLANIF interface.
----End
2.4.3 Enabling Proxy ARP in a VLAN

Context
If proxy ARP in a VLAN is enabled on an interface of the S-switch, the interface does not directly
discard the ARP Request packet that is not destined for it. Instead, it searches the ARP mappings
table for the corresponding ARP entry. If the interface can function as the proxy, the interface
sends the MAC address of the S-switch to the sender of the ARP request.
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
arp-proxy inner-sub-vlan-proxy enable
Proxy ARP in the VLAN is enabled.

----End

Issue 04 (2010-01-25)

2-9

2 ARP Configuration
Procedure
l
Run the display this command in the VLANIF interface view to check whether proxy ARP
in a VLAN is enabled on the interface.
----End
Example
# Run the display this on a VLANIF interface to check whether proxy ARP in a VLAN is
enabled on the interface.
#
interface Vlanif10
ip address 10.1.1.10 255.255.255.0
#
return
2.5 Configuring Proxy ARP Between VLANs

This section describes how to implement communication between hosts in different VLANs.
2.5.3 Enabling Proxy ARP Between VLANs

If two users belong to different VLANs and they need to communicate, you need to enable proxy
ARP between VLANs on the sub-interface associated with the VLAN.
If vlan aggregation is configured on the device, the sub-VLANs in a super-VLAN cannot
communicate with each other. To solve this problem, enable proxy ARP between VLANs on
the VLANIF interface corresponding to the super-VLAN.
Implementing communication between VLANs through proxy ARP occupies fewer resources
than through configuring a VLANIF interface for each sub-VLAN.
IP addresses of hosts in a VLAN must be in the same network segment.
Before configuring proxy ARP between VLANs, complete the following tasks:
l
2-10
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
Issue 04 (2010-01-25)

l
2 ARP Configuration
Configuring VLAN aggregation
Data Preparation
To configure proxy ARP between VLANs, you need the following data.
No.
Data
Number of the VLANIF interface to be enabled with proxy ARP between VLANs
IP address of the VLANIF interface to be enabled with proxy ARP between VLANs
VLAN ID associated with the VLANIF interface to be enabled with proxy ARP
between VLANs

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
The VLANIF interface is configured with an IP address.

The IP address configured for the VLANIF interface must be in the same network segment with
that of hosts in the VLAN associated with this interface.
----End
2.5.3 Enabling Proxy ARP Between VLANs

Context
Issue 04 (2010-01-25)

2-11

2 ARP Configuration
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable
Proxy ARP between VLANs is enabled.

----End

Action
Command
Check if the Proxy ARP

Between VLANs is enabled
on VLANIF interfaces
display this
Run the display thiscommand. You can check if the Proxy ARP Between VLANs is enabled
on interfaces. For example:
<Quidway> interface vlanif 1
#
interface Vlanif1
ip address 100.1.1.235 255.255.255.0
#
return
2.6 Maintaining ARP

This section describes how to display ARP configurations, clear ARP statistics and debug ARP.
2.6.1 Clearing ARP Statistics
2.6.3 Debugging ARP
2.6.1 Clearing ARP Statistics

2-12

Issue 04 (2010-01-25)

2 ARP Configuration
CAUTION
The mapping between the IP and MAC addresses is deleted after you clear ARP statistics.
To clear the ARP statistics, run the following reset command in the user view.
Action
Command
Clear the ARP entries in the ARP

mapping table.
reset arp [ all | dynamic | interface vlanif vlan-id |

static ]

To obtain configurations about ARP in routine maintenance, run the following command.
Action
Command
View information about the

ARP mapping table based
on interfaces.
display arp [ statistics ] interface vlanif vlan-id [ | { begin |

exclude | include } regular-expression ]
2.6.3 Debugging ARP
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When faults occur during ARP operation, run the following debugging command in the user
view to debug ARP and locate the fault.
Issue 04 (2010-01-25)
Action
Command
Enable ARP debugging.
debugging arp packet
Enable proxy ARP debugging.
debugging arp-proxy [ inner-sub-vlan-proxy |

inter-sub-vlan-proxy ] [ interface interface-type
interface-number ]

2-13

2 ARP Configuration

This section provides several configuration examples of ARP, proxy ARP in a VLAN, and proxy
ARP between VLANs.
2.7.1 Example for Configuring Static ARP
2.7.2 Example for Configuring Dynamic ARP
2.7.3 Example for Configuring Routed Proxy ARP
2.7.4 Example for Configuring Proxy ARP in a VLAN
2.7.5 Example for Configuring Proxy ARP Between VLANs
2.7.1 Example for Configuring Static ARP

As shown in Figure 2-1, the S-switch-A connected to the hosts also connects the S-switch-B
through Ethernet 0/0/1. It is required that a static ARP entry be added on Ethernet 0/0/1. The IP
address and MAC address of the S-switch-B are 10.2.2.3 and 00e0-fc01-0000 respectively;
Ethernet 0/0/1 belongs to VLAN 3.
Figure 2-1 Networking diagram for configuring static ARP
S-switch-B
Eth 0/0/1
S-switch-A
2-14
1.
Create a VLAN and add the interface in the VLAN.
2.
Create a static ARP entry.

Issue 04 (2010-01-25)

2 ARP Configuration
Data Preparation
l
Ethernet 0/0/1 belonging to VLAN 3
IP address 10.2.2.3 and MAC address 00e0-fc01-0000 of the S-switch-B
The procedure for configuring the S-switch-A is as follows:
1.
Create a VLAN and add the interface in the VLAN.

# Create VLAN 3.
<Quitway> system-view
[Quidway] sysname S-switch-A
[S-switch-A] vlan 3
[S-switch-A-vlan3] quit
# Add Ethernet 0/0/1 in VLAN 3.

[S-switch-A] interface ethernet 0/0/1
[S-switch-A-Ethernet0/0/1] port trunk allow-pass vlan 3
[S-switch-A-Ethernet0/0/1] quit
2.
Create a static ARP entry.

# Create VLANIF 3.
[S-switch-A] interface vlanif 3
# Assign an IP address to VLANIF 3.

[S-switch-A-Vlanif3] ip address 10.2.2.2 255.0.0.0
[S-switch-A-Vlanif3] quit
# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN
ID 3, and outbound interface Ethernet 0/0/1.
[S-switch-A] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface ethernet 0/0/1
3.

# Run the display arp command to view the ARP mapping table.
<S-switch-A>display arp static
IP ADDRESS
MAC ADDRESS EXPIRE(M) TYPE INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------10.2.2.3
00e0-fc01-0000
S-Ethernet 0/0/1
3
-----------------------------------------------------------------------------Total:1
Dynamic:0
Static:1
Interface:0
Configuration Files
l
The following is the configuration file of the S-switch-A.
#
sysname S-switch-A
#
vlan batch 3
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface ethernet 0/0/1
#
interface Vlanif3
ip address 10.2.2.2 255.0.0.0
#
interface Ethernet0/0/1
port trunk allow-pass vlan 3
Issue 04 (2010-01-25)

2-15

2 ARP Configuration
#
return
2.7.2 Example for Configuring Dynamic ARP

As shown in Figure 2-2, a host logs in to the S-switch through Telnet. It is required that the
aging time of dynamic ARP entries be 60s and the S-switch delete the expired dynamic ARP
entries after detecting them twice.
Figure 2-2 Networking diagram for configuring dynamic ARP
10.2.2.2/8
Eth0/0/1
Host A
10.2.2.3/8
S-switch
1.
Create a VLAN.
2.
Create a VLANIF interface and assign an IP address to the VLANIF interface.
3.
Add the interface in the VLAN.
4.
Configure ARP attributes for the VLANIF interface.
Data Preparation
l
VLAN ID: 10
IP address of the VLANIF interface: 10.2.2.2
Aging time of the dynamic ARP entries of VLANIF 10: 60s, and number of detections: 2
1.
# Create a VLAN.
[Quidway] vlan 10
[Quidway-vlan10] quit
2.
# Create a VLANIF interface.

3.
# Assign an IP address to the VLANIF interface.

[Quidway-Vlanif10] quit
2-16

Issue 04 (2010-01-25)

4.
2 ARP Configuration
# Add the interface in the VLAN.

[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port default vlan 10
5.
# Configure ARP attributes for the VLANIF interface.

[Quidway-Vlanif10] arp expire-time 60
[Quidway-Vlanif10] arp detect-times 2
6.
# Verify the configuration.

Host A telnets S-switch successfully through the VLANIF interface with IP address
10.2.2.2.
Run the display arp interface vlanif command. You can view the following information
about the ARP mapping table:
[Quidway] display arp interface vlanif 10
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE INTERFACE
VLAN
-----------------------------------------------------------------------------10.2.2.2
000b-0922-d8a3
I Vlanif10
10.2.2.3
0000-fc33-0011 20
D-0
Eth0/0/1
10
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Configuration Files
Configuration file of S-switch
#
sysname Quidway
#
vlan batch 10
#
interface Vlanif10
ip address 10.2.2.2 255.0.0.0
arp expire-time 60
arp detect-times 2
#
interface Ethernet0/0/1
port default vlan 10
#
return
2.7.3 Example for Configuring Routed Proxy ARP

As shown in Figure 2-3, two S-switches are directly connected. One Ethernet interface on each
S-switch is connected to a LAN. Network numbers of the two LANs are 172.16.0.0/16. The
default gateway is not configured on PC 1 or PC 2. Routed proxy ARP must be configured on
the S-switch and hosts in the two LANs can access each other.
Issue 04 (2010-01-25)

2-17

2 ARP Configuration
Figure 2-3 Networking diagram of configuring proxy ARP
PC1
172.16.1.2/16
0000-5e33-ee20
VLANIF1
172.16.1.1/24
00e0-fc39-80aa
PC2
172.16.2.2/16
0000-5e33-ee10
VLANIF2
172.17.3.1/16
VLANIF2
172.17.3.2/16
S-switch-A
VLANIF1
172.16.2.1/24
00e0-fc39-80bb
S-switch-B
1.
Configure IP addresses for VLANIF interfaces.
2.
Enable proxy ARP on VLANIF interfaces.
3.
Configure the default routes.
Data Preparation
l
IP address for related interfaces
Default routes
IP address of the host
1.
Configure S-switch-A.
# Configure an IP address for VLANIF1 and VLANIF2.
# Enable proxy ARP on VLANIF1.

[S-switch-A-Vlanif1] arp-proxy enable
# Configure a static route.

[S-switch-A] ip route-static 0.0.0.0 0 172.17.3.2
2.
Configure S-switch-B.
# Configure an IP address for VLANIF1 and VLANIF2.
2-18

Issue 04 (2010-01-25)

2 ARP Configuration
[Quidway] sysname S-switch-B

[S-switch-B] interface vlanif 1
[S-switch-B-Vlanif1] ip address 172.16.2.1 255.255.255.0
[S-switch-B-Vlanif1] quit
# Enable routed proxy ARP on VLANIF1.

[S-switch-B-Vlanif1] arp-proxy enable

[S-switch-B] ip route-static 0.0.0.0 0 172.17.3.1
3.
Configure the host.

Configure the IP address of PC1 to 172.16.1.2/16.
Configure the IP address of PC2 to 172.16.2.2/16.
4.

# PC1 can ping through PC2.
# The ARP table of PC1 shows that the MAC address of PC2 is the MAC address of
VLANIF1 on S-switch-A.
Configuration Files
l
Configuration file of S-switch-A

#
sysname S-switch-A
#
interface Vlanif1
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Vlanif2
ip address 172.17.3.1 255.255.0.0
#
ip route-static 0.0.0.0 0 172.17.3.2
#
return
Configuration file of S-switch-B

#
sysname S-switch-B
#
interface Vlanif1
ip address 172.16.2.1 255.255.255.0
arp-proxy enable
#
interface Vlanif2
ip address 172.17.3.2 255.255.0.0
#
ip route-static 0.0.0.0 0 172.17.3.1
#
return
2.7.4 Example for Configuring Proxy ARP in a VLAN

As shown in Figure 2-4, GE 0/0/1 and GE 0/0/2 of the S-switch belong to sub-VLAN 2. VLAN
2 is a sub-VLAN of super-VLAN 3. The requirements are as follows:
Issue 04 (2010-01-25)

2-19

2 ARP Configuration
l
Host A and host B in VLAN 2 are isolated at Layer 2.
Host A and host B can communicate with each other at Layer 3 through proxy ARP in a
VLAN.
The IP address of the VLANIF interface corresponding to the super-VLAN is 10.10.10.1 and
the mask is 255.255.255.0.
Figure 2-4 Networking diagram of proxy ARP in a VLAN
Internet
S-switch
GE0/0/1
GE0/0/2
HostB
10.10.10.3/24
00-e0-fc-00-00-03
HostA
10.10.10.2/24
00-e0-fc-00-00-02
sub-VLAN2
1.
Create and configure the super-VLAN and sub-VLAN.
2.
Add GE 0/0/1 and GE 0/0/2 to the sub-VLAN.
3.
Create the VLANIF interface of the super-VLAN and assign an IP address to the VLANIF
interface.
4.
Enable proxy ARP in a VLAN on the VLANIF interface.
Data Preparation
2-20
IDs of the super-VLAN and sub-VLAN: VLAN 3 and VLAN 2
VLAN that GE 0/0/1 and GE 0/0/2 belong to: VLAN 2
IP address and mask of the VLANIF interface corresponding to the super-VLAN:

10.10.10.1/255.255.255.0

Issue 04 (2010-01-25)

2 ARP Configuration
Procedure
Step 1 Create and configure the super-VLAN and sub-VLAN.
# Create sub-VLAN 2.
[Quidway] vlan 2
[Quidway-Vlan2] quit
# Enable port isolation on GE 0/0/1 and GE 0/0/2.

[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port-isolate enable
[Quidway-GigabitEthernet0/0/1] quit
[Quidway-GigabitEthernet0/0/2] port-isolate enable
# Add GE 0/0/1 and GE 0/0/2 to sub-VLAN 2.

[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/1] port
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2
# Configure super-VLAN 3 and add sub-VLAN 2 to super-VLAN 3.

[Quidway] vlan 3
[Quidway-vlan3] aggregate-vlan
[Quidway-vlan3] access-vlan 2
Step 2 Create and configure the VLANIF interface VLANIF 3.

# Create VLANIF 3.
# Assign an IP address to VLANIF 3.

[Quidway-Vlanif3] ip address 10.10.10.1 24
Step 3 Enable proxy ARP in a VLAN on VLANIF 3.

[Quidway-Vlanif3] arp-proxy inner-sub-vlan-proxy enable
Step 4 Verify the configuration

# Run the display current-configuration command to view the configuration of the superVLAN, sub-VLAN, and VLANIF interface. The output of the command is displayed in the
following configuration file.
# Run the display arp command to view all the ARP entries.
<Quidway> display arp
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE INTERFACE

VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------10.10.10.1
0018-8245-6321
I - Vlanif3
10.10.10.2
00e0-fc00-0002 17
DF0 GE0/0/2
1
10.10.10.3
00e0-fc00-0003 17
DF0 GE0/0/1
1
Issue 04 (2010-01-25)

2-21

2 ARP Configuration
-----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
----End
Configuration Files
Configuration file of the S-switch
#
sysname Quidway
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable
#
port link-type access
port default vlan 2
port-isolate enable
#
return
2.7.5 Example for Configuring Proxy ARP Between VLANs

As shown in Figure 2-5, VLAN 2 and VLAN 3 compose a super-VLAN, VLAN 4.
The sub-VLANs, VLAN 2 and VLAN 3 cannot ping through each other.
To implement communication between VLAN 2 and VLAN 3, configure proxy ARP between
VLANs.
2-22

Issue 04 (2010-01-25)

2 ARP Configuration
Figure 2-5 Networking diagram of configuring proxy ARP between VLANs
S-switch
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
1.
Configure an IP address for the VLANIF4 interface.
2.
Enable proxy ARP between VLANs on the VLANIF4 interface.
Data Preparation
To complete the configuration, you need IP addresses of related interfaces.
This example covers only the commands used to configure proxy ARP between VLANs.
1.
Configure an IP address for the VLANIF4 interface.

[Quidway] sysname S-switch
[S-switch] interface vlanif 4
[S-switch-Vlanif4] ip address 192.168.1.100 255.255.255.0
[S-switch-Vlanif4] quit
2.
Configure IP addresses for PCs.

# Configure IP addresses for PCs. The IP addresses must be in the same network segment
with the IP address of the VLANIF4 interface.
# After configurations, PCs and the device can ping through each other but PCs in VLAN
2 and PCs in VLAN 3 cannot ping through each other.
3.
Configure proxy ARP between VLANs.

[S-switch-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
4.
Issue 04 (2010-01-25)

2-23

2 ARP Configuration
l
PCs in VLAN 2 and PCs in VLAN 3 can ping through each other.
Check the ARP table on the PC.
# You can find that in the ARP table of any PC in VLAN 2, the MAC addresses of all PCs
in VLAN 3 are the MAC address of the VLANIF4 interface on S-switch.
Configuration Files
The configuration file of S-switch is as follows:
#
sysname S-switch
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 192.168.1.100 255.255.255.0
#
Return
2-24

Issue 04 (2010-01-25)

3 DNS Configuration
DNS Configuration
About This Chapter

This chapter describes the static and dynamic DNS concepts and their configuration steps, along
with typical examples.
3.1 Overview
This section describes the basic principle and concepts of Domain Name System (DNS).
3.2 Configuring DNS
This section describes how to use the domain name to communicate with other devices.
3.3 Maintaining DNS
This section describes how to display the configuration of DNS, clear DNS entries and debug
DNS.
This section provides a configuration example of DNS.
Issue 04 (2010-01-25)

3-1

3 DNS Configuration
3.1 Overview
This section describes the basic principle and concepts of Domain Name System (DNS).
3.1.1 Introduction to DNS
3.1.2 DNS Supported by the S-switch
3.1.1 Introduction to DNS

The Domain Name System (DNS) is a host naming mechanism provided by TCP/IP, with which
hosts can be named in the form of character string. This system assumes a hierarchical naming
structure. It designates a meaningful name for the device in the Internet and associates the name
with the IP address through a domain name resolution server. In this manner, you can use domain
names that are easy to remember instead of memorizing complex IP addresses.
3.1.2 DNS Supported by the S-switch

DNS has two resolution modes: dynamic DNS resolution and static DNS resolution. To resolve
a domain name, the system first uses static DNS resolution. If this mode fails, the system uses
dynamic DNS resolution. To improve resolution efficiency, you can put common domain names
in a static domain name resolution table.
The S-switch supports static resolution and dynamic resolution.
3.2 Configuring DNS

This section describes how to use the domain name to communicate with other devices.
3.2.2 Configuring Static DNS Entries
3.2.3 Configuring Dynamic DNS

If local users accessing devices need to communicate with other devices by using domain names,
you can configure DNS on the device.
If local users communicate with other devices hardly through the domain name or the DNS
server is unavailable, configure static DNS. Prior to configuring static DNS, you must know the
mapping between the domain name and the IP address. In case of a change in the mapping, you
must modify the DNS entry manually.
You can configure dynamic DNS on the device if local users frequently use domain names for
communicating with other devices and the DNS server is available.
3-2

Issue 04 (2010-01-25)

3 DNS Configuration
Before configuring DNS, complete the following tasks:
l
Configuring physical attributes of the interface and ensuring that the physical layer status
of the interface is Up
Configuring parameters of the link layer protocol of the interface and ensuring that the link
layer protocol status of the interface is Up
Configuring routes between the local device and the DNS server
Configuring the DNS server
Data Preparation
To configure DNS, you need the following data.
No.
Data
Domain name and the corresponding IP address in a static DNS entry
IP address of a DNS server
Domain name or the domain name list of a dynamic DNS entry
3.2.2 Configuring Static DNS Entries

Context
You can configure a maximum of 50 static DNS entries.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ip host host-name ip-address
The IP address corresponding to the host name is configured.

A host name corresponds to only one IP address. When you configure an IP address for a host
for several times, only the IP address configured at the latest is valid. To resolve several host
names, repeat Step 2.
----End
3.2.3 Configuring Dynamic DNS

Issue 04 (2010-01-25)

3-3

3 DNS Configuration
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
dns resolve
The function of dynamic domain name resolution is enabled.

Step 3 Run:
dns server ip-address
A DNS server is specified.

Step 4 Run:
dns domain domain-name
The suffix of the domain name is added.

----End
Postrequisite
The system supports the configuration of a maximum of 6 domain name servers, 1 source
address, and 10 domain name suffixes.
To configure more than one domain name server, repeat Step 3.
To configure more than one domain name suffix, repeat Step 4.

Run the following commands to check the previous configuration.
Action
Command
Check information about the static DNS entry table.
display ip host
Check configurations about DNS servers.
display dns server
Check configurations about domain name suffixes.
display dns domain
Check information about dynamic DNS entries in the

domain name cache.
display dns dynamic-host
Run the display ip host command. If static DNS entries including the mappings between host
names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ip host
3-4

Issue 04 (2010-01-25)

Host
hw
gww
Age
0
0
3 DNS Configuration
Flags
static
static
Address
10.1.1.1
192.168.1.1
Run the display dns server command. If IP addresses of all domain servers are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
172.16.1.1
2
172.16.1.2
Run the display dns domain command. If the list of suffixes of domain names is displayed, it
<Quidway> display dns domain
No
Domain-name
1
com
2
net
Run the display dns dynamic-host command. If information about the dynamic domain name
cache is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns dynamic-host
No Domain-name
IpAddress
1
www.huawei.com
91.1.1.1
2
www.huawei.com.cn
87.1.1.1
TTL
3521
3000
Alias
3.3 Maintaining DNS

This section describes how to display the configuration of DNS, clear DNS entries and debug
DNS.
3.3.1 Clearing DNS Entries
3.3.3 Debugging DNS
3.3.1 Clearing DNS Entries
CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this
command.
To clear DNS entries, run the following reset command in the user view.
Issue 04 (2010-01-25)
Action
Command
Clear dynamic DNS entries in the domain name

cache.
reset dns dynamic-host

3-5

3 DNS Configuration

In routine maintenance, to obtain configurations about DNS, run the following commands.
Action
Command
Check information about the static DNS entry

table.
display ip host
Check configurations about DNS servers.
display dns server
Check configurations about domain name suffixes.
display dns domain
Check information about dynamic DNS entries in

the domain name cache.
display dns dynamic-host
3.3.3 Debugging DNS
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging
Run the following debugging command in the user view to debug DNS and locate the fault.
Action
Command
Enable dynamic DNS debugging.
debugging dns

This section provides a configuration example of DNS.
3.4.1 Example for Configuring DNS
3.4.1 Example for Configuring DNS

As shown in Figure 3-1, S-switch-A acts as a DNS client, being required to access the host
2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes
"com" and "net".
On S-switch-A, configure static DNS entries of S-switch-B and S-switch-C so that S-switch-A
can communicate with them by using domain names.
3-6

Issue 04 (2010-01-25)

3 DNS Configuration
Figure 3-1 Networking diagram of DNS

Loopback0
4.1.1.1/32
VLANIF1 S-switch-B
1.1.1.2/16
DNS Client
S-switch-A
VLANIF1
1.1.1.1/16
Loopback0
4.1.1.2/32
S-switch-C
VLANIF2
2.1.1.1/16
VLANIF1
3.1.1.1/16
VLANIF2
2.1.1.2/16
DNS Server
3.1.1.2/16
huawei.com
2.1.1.3/16
1.
Configure static DNS entries.
2.
Enable DNS resolution.
3.
Configure an IP address for the DNS server.
4.
Configure suffixes of domain names.
Data Preparation
l
Domain names of S-switch-B and S-switch-C
IP address of the DNS server
Suffixes of domain names
NOTE
Before performing configurations, suppose:
1.
S-switch-A and each host have been configured with IP addresses and other configurations.
The mapping between the domain name "huawei.com" and the IP address 2.1.1.3/16 is available on
the DNS server.
The DNS server works normally.
# Configure static DNS entries.
<S-switch-A> system-view
[S-switch-A] ip host S-switch-B 4.1.1.1
[S-switch-A] ip host S-switch-C 4.1.1.2
# Enable DNS resolution.

[S-switch-A] dns resolve
Issue 04 (2010-01-25)

3-7

3 DNS Configuration
# Configure an IP address for the DNS server.

[S-switch-A] dns server 3.1.1.2
# Configure a domain name suffix "net".

[S-switch-A] dns domain net
# Configure a domain name suffix "com".

[S-switch-A] dns domain com
NOTE
To complete DNS resolution, configuring routes from S-switch-A to the DNS server is mandatory.
2.

# Run the ping huawei.com command on S-switch-A to ping the IP address 2.1.1.3. The
ping succeeds.
<S-switch-A> ping huawei.com
Trying DNS server (3.1.1.2)
PING huawei.com (2.1.1.3): 56 data bytes, press CTRL_C to break
Reply from 2.1.1.3: bytes=56 Sequence=1 ttl=126 time=6 ms
--- huawei.com ping statistics --5 packet(s) transmitted
0.00% packet loss
# Run the display ip host command on S-switch-A to view static DNS entries, including
mappings between host names and IP addresses.
<S-switch-A> display ip host
Host
Age
S-switch-B
0
S-switch-C
0
Flags Address
static 4.1.1.1
static 4.1.1.2
# Run the display dns dynamic-host command on S-switch-A to view dynamic DNS
entries in the domain name cache.
<S-switch-A> display dns dynamic-host
No Domain-name
IpAddress
1
huawei.com
2.1.1.3
TTL
3579
Alias
NOTE
TTL value in the above display indicates the lifetime of an entry. It is in seconds.
Configuration Files
l

#
sysname S-switch-A
#
ip host S-switch-B 4.1.1.1
ip host S-switch-C 4.1.1.2
#
dns resolve
dns server 3.1.1.2
dns domain net
dns domain com
#
interface Vlanif1
ip address 1.1.1.2 255.255.0.0
#
rip 1
network 1.0.0.0
3-8

Issue 04 (2010-01-25)

3 DNS Configuration
#
return
l

#
sysname S-switch-B
#
interface Vlanif1
ip address 1.1.1.1 255.255.0.0
#
interface Vlanif2
ip address 2.1.1.1 255.255.0.0
#
interface LoopBack0
ip address 4.1.1.1 255.255.255.255
#
rip 1
network 2.0.0.0
network 1.0.0.0
network 4.0.0.0
#
return
Configuration file of S-switch-C

#
sysname S-switch-C
#
interface Vlanif1
ip address 3.1.1.1 255.255.0.0
#
interface Vlanif2
ip address 2.1.1.2 255.255.0.0
#
interface LoopBack0
ip address 4.1.1.2 255.255.255.255
#
rip 1
network 2.0.0.0
network 3.0.0.0
network 4.0.0.0
#
return
Issue 04 (2010-01-25)

3-9

DHCP Configuration
About This Chapter

This chapter describes the DHCP fundamentals including DHCP service, DHCP server, and
relay agent. It also includes configuration steps for DHCP Server based on different parameters,
DHCP relay agent, and security functions in DHCP service, along with typical examples.
4.1 Overview
This section describes the principle and concepts of the Dynamic Host Configuration Protocol
(DHCP).
4.2 Configuring the Global Address Pool-based DHCP Server
This section descries how to configure a DHCP server when hosts are connected with Sswitch through other devices.
4.3 Configuring VLANIF Interface Address Pool-based DHCP Server
This section describes how to configure a DHCP server that uses the address pool of the VLANIF
interface.
4.4 Configuring the Security Function for DHCP
This section describes how to enhance the security of the DHCP service.
4.5 Configuring DHCP Relay
This section describes how to enable DHCP relay so that DHCP relay can forward DHCP
requests from local clients to the DHCP server on other networks.
4.6 Maintaining DHCP
This section describes how to clear the statistics about DHCP and debug DHCP.
This section provides several configuration examples of the DHCP server and DHCP relay.
Issue 04 (2010-01-25)

4-1

4.1 Overview
This section describes the principle and concepts of the Dynamic Host Configuration Protocol
(DHCP).
4.1.1 Introduction to DHCP
4.1.2 DHCP Supported by the S-switch
4.1.1 Introduction to DHCP

With the rapid growth in network scale and complexity, network configuration becomes more
difficult. The location of hosts changes (such as laptops and wireless network) and the number
of hosts has exceeded that of the available IP addresses. The Dynamic Host Configuration
Protocol (DHCP) is developed to solve these problems.
4.1.2 DHCP Supported by the S-switch

The S-switch supports the following DHCP applications, ensures the security of DHCP services,
and provides the DHCP relay agent function.
l
Global address pool
Address pool on the VLAN logical interface
4.2 Configuring the Global Address Pool-based DHCP

Server
This section descries how to configure a DHCP server when hosts are connected with Sswitch through other devices.
4.2.2 Configuring the DHCP Global Address Pool
4.2.3 Configure Static IP Address Binding
4.2.4 Configuring DNS Services for the DHCP Client
4.2.5 Configuring NetBIOS Services for the DHCP Client
4.2.6 Configuring Egress Gateway for the DHCP Client
4.2.7 Configuring DHCP Self-Defined Options
4.2.8 Assigning IP Addresses in the Global Address Pool to the DHCP Clients on the Specified
Interface

4-2

Issue 04 (2010-01-25)

To obtain IP addresses from the device dynamically, you need to configure a global address
pool-based DHCP server.
The global address pool-based DHCP server usually works together with the DHCP relay agent.
Before configuring the global address pool-based DHCP server, complete the following tasks:
l
Configuring the NetBIOS server
Configuring the routes to the DNS server and the NetBIOS server
Data Preparation
To configure the global address pool-based DHCP server, you need the following data.
No.
Data
Name and the address range of the address pool
Range of the IP addresses that cannot be dynamically assigned to hosts
IP addresses and the MAC addresses that need to be bound statically
Lease of the IP address
IP address of the DNS server and the domain name of the DHCP client
IP address of the NetBIOS server and the NetBIOS node type of the DHCP client
Coding of the DHCP self-defined options and the corresponding ASCII strings or
hexadecimal number or IP address
4.2.2 Configuring the DHCP Global Address Pool

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
dhcp enable
Issue 04 (2010-01-25)

4-3

DHCP is enabled.
Step 3 Run:
dhcp server ip-pool pool-name
A DHCP address pool is created and the DHCP address pool view is displayed.
NOTE
Each DHCP server can be configured with a maximum of 128 global address pools.
Step 4 Run:
network ip-address [ mask { mask | mask-length } ]
The address pool range is configured.

Step 5 Run:
expired { day day [ hour hour [ minute minute ] ] | unlimited }
The lease of the IP addresses dynamically assigned to hosts is configured. By default, the IP
lease is one day.
NOTE
The DHCP server can specify the IP lease for each address pool. The IP lease may vary with address pools.
The addresses in the same DHCP address pool, however, have the same IP lease.
Step 6 Run:
quit

Step 7 Run:
dhcp server forbidden-ip low ip address [ high ip address ]
The range of IP addresses that cannot be dynamically assigned is configured.

NOTE
After repeatedly running the dhcp server forbidden-ip command, you can configure multiple IP address
segments that cannot be automatically assigned. When using the undo dhcp server forbidden-ip command
to delete the setting, ensure that the specified parameters are consistent with the previously configured
parameters. That is, you cannot delete only partial originally configured addresses.
----End
4.2.3 Configure Static IP Address Binding

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
4-4

Issue 04 (2010-01-25)

A DHCP address pool is created and the DHCP address pool view is displayed.
Step 3 Run:
static-bind ip-address ip-address [ mask { mask | mask-length } ]
Certain IP addresses are statically bound.

Step 4 Run:
static-bind mac-address mac-address
MAC addresses of certain clients are statically bound.

----End
Postrequisite
Based on the clients' needs, you can adopt either static address binding or dynamic address
assignation. However, you cannot configure the same DHCP address pool with these two modes
at the same time.
Dynamic address distribution needs specification of the address range for assignment, while
static address binding can be regarded as a special DHCP address pool with only one address.
Some clients may need fixed IP addresses that are bound with their MAC addresses. When the
client with a specific MAC address uses DHCP to apply for an IP address, the DHCP server
finds out the fixed IP address bound with the MAC address and assigns it to the client.
NOTE
The static-bind ip-address command must be used together with the static-bind mac-address command.
The new configuration supersedes the previous one when you use the two commands for several times.
4.2.4 Configuring DNS Services for the DHCP Client

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
The DHCP address pool view is displayed.

Step 3 Run:
domain-name domain-name
The domain name of the DHCP client is configured.

Step 4 Run:
dns-list ip-address &<1-8>
Issue 04 (2010-01-25)

4-5

The IP address of the DNS server of the DHCP client is configured.

----End
Postrequisite
On the DHCP server, designate a domain name for the client per address pool basis.
When a host accesses the Internet by using the domain name, the DNS server resolves the domain
name into an IP address. Therefore, to ensure that the client can successfully access the Internet,
the DHCP server also needs to specify the DNS server address for the client when it assigns IP
addresses.
To perform load balancing and improve the network reliability, you can configure several DNS
servers and egress gateways.
4.2.5 Configuring NetBIOS Services for the DHCP Client

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
nbns-list ip-address &<1-8>
The IP address of the NetBIOS server of the DHCP client is configured.

Step 4 Run:
netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS node type of the DHCP client is configured.

By default, the node type of the DHCP client is not specified.
----End
Postrequisite
For the client using the OS of Microsoft, Windows Internet Naming Service (WINS) server
provides resolution from the host name to the IP address. This is given to the host that uses
NetBIOS protocol for communication. Most of the Windows clients need to be configured with
WINS.
4-6

Issue 04 (2010-01-25)

When a DHCP client communicates in a WAN by adopting the NetBIOS protocol, a mapping
between the host name and the IP address should be set up. The following lists the types of
NetBIOS nodes for obtaining mappings:
l
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
relation by means of broadcast.
Type p nodes (p-node): "p" stands for peer-to-peer, namely, type p nodes obtain the
mapping relation by means of communicating with NetBIOS servers.
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
4.2.6 Configuring Egress Gateway for the DHCP Client

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
gateway-list ip-address &<1-8>
The egress gateway of the DHCP client is configured.

When a DHCP client wants to access a server (or host) that is not on the local network, an egress
gateway needs to be configured on the local network.
To perform load balancing and improve the network reliability, you can configure several DNS
servers and egress gateways.
----End
4.2.7 Configuring DHCP Self-Defined Options

Context
NOTE
Configuring DHCP self-defined options are optional. Services, such as DNS on the client, NETBIOS, and
IP lease cannot be configured through the option code command but through the commands early
mentioned.

Issue 04 (2010-01-25)

4-7

Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
option
code { ascii ascii-string | hex hex-string | ip-address ip-address }
The DHCP self-defined options are configured.

----End
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in the Option filed of DHCP response packets.
You need to add the options to the attribute tables of the DHCP servers. For example,
l
To configure the IP address of a log server to 10.110.204.1, use the command option 7 ipaddress 10.110.204.1.
To configure the TTL of the client packet to 64, use the command option 23 hex 40.
NOTE
Using the option command, you can specify the options to be included in the DHCP response packets.
Before using the option command, you need to know the function of each option: Option 77 identifies user
types or applications of DHCP client. Based on User Class in the Option field, the DHCP server selects
the proper address pool and configuration parameters. Option 77 usually is configured on the client.
4.2.8 Assigning IP Addresses in the Global Address Pool to the

DHCP Clients on the Specified Interface
Context
Procedure
l
Assigning IP addresses to the clients on the current VLANIF interface

1.
Run:
system-view

2.
Run:
interface vlanif VLANIF interface-number
4-8

Issue 04 (2010-01-25)

The VLNAIF interface view is displayed.

3.
Run:
ip address ip-address { mask | mask-length } [ sub ]
The VLNAIF interface is configured with an IP address.

4.
Run:
dhcp select global
The IP addresses in the global address pool are assigned.

l
Assigning IP addresses to the clients in VLANs

1.
Run:
system-view

2.
Run:
dhcp select global vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
The IP addresses in the global address pool are assigned.

----End

Action
Command
Check the available address information

in the DHCP address pool.
display dhcp server free-ip
Check the expired lease in the DHCP

address pool.
display dhcp server expired { all | ip ip-address

| pool [ pool-name ] | vlan vlan-id }
Check address binding information.
display dhcp server ip-in-use { all | ip ipaddress | pool [ pool-name ] | vlan vlan-id }
Check the statistics about the DHCP

server.
display dhcp server statistics
Check information about the treestructure of the DHCP address pool.
display dhcp server tree { all | pool [ poolname ] | vlan vlan-id }
Run the display dhcp server free-ip command. If there are unused IP addresses in the address
pool, it means that the configuration succeeds.
<Quidway> display dhcp server free-ip
IP Range from 5.5.5.1
to
to
to
5.5.5.254
202.38.160.1
202.38.160.126
Run the display dhcp server expired command. If information about the expired leases of IP
addresses in DHCP address pools is displayed, it means that the configuration succeeds.
<Quidway> display dhcp server expired all
Global pool:
Issue 04 (2010-01-25)

4-9

IP address
Hardware address
Interface pool:
IP address
Hardware address
Lease expiration
Type
Lease expiration
Type
Run the display dhcp server ip-in-use command. If the binding information of IP address, such
as the hardware address and the IP lease, is displayed, it means that the configuration succeeds.
<Quidway> display dhcp server ip-in-use all
Global pool:
IP address Hardware address
Lease expiration
Interface pool:
IP address Hardware address
Lease expiration
5.5.5.1
0050-ba28-930a Jul 5 2006 13: 00:10 PM
Type
Type
Auto:COMMITED
Run the display dhcp server statistics command. If statistics of the DHCP server, including
the number of DHCP address pools, the number of the automatic binding, the manual binding
and the expired binding and the number of DHCP packets is displayed, it means that the
configuration succeeds.
<Quidway> display dhcp server
Global Pool:
Pool Number:
5
Binding
Auto:
0
Manual:
1
Expire:
0
Interface Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Boot Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Dhcp Inform:
Boot Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:
HA Message:
BatchBackup send msg:
BatchBackup recv msg:
BatchBackup send lease:
BatchBackup recv lease:
statistics
1
1
0
0
6
1
4
0
1
0
4
1
3
0
0
0
0
0
0
Run the display dhcp server tree command. If the tree structure of the DHCP address pool,
including DNS, the IP lease and Option parameters, is displayed, it means that the configuration
succeeds.
<Quidway> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 gigabitethernet
Parent node:5
expired 1 0 0
4-10

Issue 04 (2010-01-25)

Pool name: 7
network 10.10.1.64
PrevSibling node:5
Sibling node:8
Pool name: 8
network 20.10.1.1
Child node:9
PrevSibling node:7
gateway-list 2.2.2.2
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
Pool name: 9
network 30.10.1.64
Parent node:8
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
255.255.255.192
255.255.255.0
255.255.255.0
Interface pool:
Pool name: GigabitEthernet0/0/1
network 5.5.5.0 mask 255.255.255.0
expired 1 0 0
4.3 Configuring VLANIF Interface Address Pool-based

DHCP Server
This section describes how to configure a DHCP server that uses the address pool of the VLANIF
interface.
4.3.2 Enabling Address Pools on VLANIF Interfaces
4.3.3 Configuring the Address Pool on the VLANIF Interface
4.3.4 Configuring DNS on the Address Pool of the VLANIF Interface
4.3.5 Configuring NetBIOS on the Address Pool of the VLANIF Interface
4.3.6 Configuring DHCP Self-Defined Options for the Address Pool of the VLANIF Interface

Issue 04 (2010-01-25)

4-11

The interface address pool on the VLANIF interface, is used for devices to support the switched
Ethernet interface. Because the switched Ethernet interface cannot be configured with IP
addresses directly, you need to create a VLANIF interface and then configure DHCP address
pools on the VLANIF interface.
Before configuring the VLANIF interface address pool-based DHCP server, complete the
following tasks:
l
Creating a VLANIF interface
Configuring the NetBIOS server
Configuring routes to the DNS server and the NetBIOS server
Data Preparation
To configure the VLANIF interface address pool-based DHCP server, you need the following
data.
No.
Data
Number, IP address and subnet mask of the VLANIF interface
IP addresses in the address pools of VLANIF interface and the MAC addresses to be
bound with the IP addresses
Lease of the IP address
IP address of the DNS server and the domain name of the DHCP client
IP address of the NetBIOS server and the NetBIOS node type of the DHCP client
Coding of the DHCP self-defined options and the corresponding ASCII strings or
hexadecimal number or IP address
4.3.2 Enabling Address Pools on VLANIF Interfaces

Context
Do as follows on the DHCP server:
Procedure
l
Enabling address pools in the VLANIF interface view

1.
Run:
system-view

4-12

Issue 04 (2010-01-25)

2.
Run:
vlan vlan-id
A VLAN is created.
3.
Run:
quit

4.
Run:
The VLANIF interface is displayed.

5.
Run:
The IP address of the VLANIF interface is configured.

6.
Run:
dhcp select interface
The address pool on the VLANIF interface is enabled.

l
Enabling address pools on one VLANIF interface or multiple VLANIF interfaces in the
system view
1.
Run:
system-view

2.
Run:
vlan vlan-id
A VLAN is created.
3.
Run:
quit

4.
Run:
interface vlanif VLANIF interface number
The VLANIF interface is displayed.

5.
Run:
The IP address of the VLANIF interface is configured.

6.
Run:
quit

7.
Run:
dhcp select interface vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
The address pool on the specified VLANIF interface is enabled.

----End
Issue 04 (2010-01-25)

4-13

4.3.3 Configuring the Address Pool on the VLANIF Interface

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
dhcp enable
DHCP is enabled.
Step 3 Run:

Step 4 Run:
The address pool on the interface is enabled.

Step 5 Run:
dhcp server static-bind ip-address ip-address mac-address mac-address
Certain IP addresses and MAC addresses are bound with the address pool.
Step 6 The following steps are optional, so perform them as required.
Run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
The IP lease of the VLANIF interface is configured. By default, the IP lease is one day.
Or
Run:
quit
Return to the system view.

Run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } vlan
{ vlan-id1 [ to vlan-id2 ] } &<1-10>
The leases of the IP addresses of several VLANIF interfaces are configured. By default, the IP
lease is one day.
----End
4-14

Issue 04 (2010-01-25)

Postrequisite
The IP address and its mask of the VLANIF interface determine the range of the address pool
on the VLANIF interface. If you need to configure several address pools for VLANIF interfaces,
repeat Steps 3, 4, 5, and 6.
4.3.4 Configuring DNS on the Address Pool of the VLANIF

Interface
Context
Procedure
l
Configuring DNS on VLANIF interfaces

1.
Run:
system-view

2.
Run:
The VLAIF interface view is displayed.

3.
Run:
dhcp server domain-name domain-name
Domain names are configured for the clients of the VLANIF interface.
4.
Run:
dhcp server dns-list ip-address &<1-8>
The IP address of the DNS server is specified for the clients of the VLANIF interface.
l
Configuring DNS on one or multiple VLANIF interfaces

1.
Run:
system-view

2.
Run:
dhcp server domain-name domain-name vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The domain name of the DHCP client is configured.

3.
Run:
dhcp server dns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The IP address of the DNS server is specified for the DHCP client.
----End
4.3.5 Configuring NetBIOS on the Address Pool of the VLANIF

Interface
Issue 04 (2010-01-25)

4-15

Context
Procedure
l
Configuring NetBIOS on VLANIF interfaces

1.
Run:
system-view

2.
Run:

3.
Run:
dhcp server nbns-list ip-address &<1-8>
The IP address of the NetBIOS server is specified for the DHCP clients of the VLANIF
interface.
4.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS node type is specified for the DHCP clients of the VLANIF interface.
l
Configuring NetBIOS on one or multiple VLANIF interfaces

1.
Run:
system-view

2.
Run:
dhcp server nbns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The IP address of the NetBIOS server is specified for the DHCP client.
3.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node } vlan { vlanid1 [ to vlan-id2 ] } &<1-10>
The NetBIOS node type is specified for the DHCP client.

By default, the node type of the client is not specified.
----End
Postrequisite
Before using the NetBIOS service, make sure that
l
The NetBIOS server is configured correctly
There are routes between the device and the NetBIOS server.
For the client using the OS of Microsoft, WINS server provides the resolution from the host
name to the IP address for the host that uses the NetBIOS protocol to communicate. In this way,
most of the Windows network clients need to be configured with WINS.
4-16

Issue 04 (2010-01-25)

When a DHCP client communicates on a WAN, by adopting NetBIOS protocol, a mapping

between the host name and the IP address should be set up. The types of NetBIOS nodes for
obtaining mappings are as follows:
l
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
relation by means of broadcast.
Type p nodes (p-node): "p" stands for peer-to-peer; that is, type p nodes obtain the mapping
relation by means of communicating with NetBIOS servers.
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
4.3.6 Configuring DHCP Self-Defined Options for the Address

Pool of the VLANIF Interface
Context
NOTE
Configuring DHCP self-defined options is optional. Services, such as DNS on the client, NETBIOS and
IP lease cannot be configured through the option code command but through the related command
described above.
Procedure
Step 1 Run:
system-view

Step 2 Run:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ipaddress &<1-8> } { vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> }
The DHCP self-defined options are configured.

The DHCP self-defined options are optional. You can configure it when needed.
----End
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in Option filed of DHCP response packets.
You can add new options to the attribute list of the DHCP server by manual definition. For
example,
l
Issue 04 (2010-01-25)
To configure the IP address of the log server to 10.110.204.1, run the dhcp server option
7 ip-address 10.110.204.1 command.
4-17

l
To configure the TTL of the client packet to 64, run the dhcp server option 23 hex 40
command.
NOTE
Using the option code command, you can specify the options that need be included in the DHCP response
packets.
Before using the option code command, you need to know the function of each option: Option 77 applies
to identify user types or applications of DHCP client. Based on User Class in the Option field, the DHCP
server selects proper address pool and configuration parameters. Option 77 usually is configured by the
client.

Action
Command
Check the expired lease in the DHCP address

pool of the specified VLANIF interface.
display dhcp server expired vlan vlan-id
Check information about the DHCP address

bound to the specified VLANIF interface.
display dhcp server ip-in-use vlan vlan-id
Check information about the tree-structure of

DHCP address pool on the VLANIF interface.
display dhcp server tree vlan vlan-id
Run the display dhcp server tree vlan command. If the tree structure information of DHCP
address pools on VLANIF interfaces, such as DNS, IP lease and Option parameters, is displayed,
it means that the configuration succeeds.
<Quidway> display dhcp server tree vlan 2
Interface pool:
Pool name: Vlanif2
network 50.1.1.0 mask 255.255.255.0
expired day 1 hour 0 minute 0
Run the display dhcp server ip-in-use vlan command. If the binding information of IP address
on VLANIF interfaces, such as the hardware address and the IP lease, is displayed, it means that
the configuration succeeds.
<Quidway> display dhcp server ip-in-use vlan 2
IP address
Hardware address
Lease expiration
50.1.1.12
0023-0034-0053
NOT Used
Type
Manual
Run the display dhcp server expired command. If the expired IP address in the address pool
on VLANIF interfaces is displayed, it means that the configuration succeeds.
<Quidway> display dhcp server expired vlan 2
IP address
Hardware address
Lease expiration
Type
4.4 Configuring the Security Function for DHCP

This section describes how to enhance the security of the DHCP service.
4-18

Issue 04 (2010-01-25)

4.4.2 Starting the Detection of the Pseudo DHCP Server on a DHCP Server
4.4.3 Avoiding Repetitive IP Address Assignment
4.4.4 Saving DHCP Data
4.4.5 Recovering DHCP Data

After configuring the DHCP server, you need to configure the security function of DHCP to
enhance the security.
Before configuring the security function of DHCP, complete the DHCP server configuration.
Data Preparation
To configure the security function of DHCP service, you need the following data.
No.
Data
Interval at which ping packets are sent and the number of ping packets
Interval for saving the DHCP data
4.4.2 Starting the Detection of the Pseudo DHCP Server on a DHCP

Server
Context
If a private DHCP server exists in the network, users cannot obtain correct IP addresses and thus
cannot log in to the network because this private DHCP server will interact with the DHCP client
during address application. Such a private DHCP server is called a pseudo DHCP server.
Procedure
Step 1 Run:
system-view

Step 2 Run:
dhcp server detect
Issue 04 (2010-01-25)

4-19

Detecting the pseudo DHCP server is enabled on the DHCP server.

By default, this function is disabled.
----End
4.4.3 Avoiding Repetitive IP Address Assignment

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
dhcp server ping timeout milliseconds
The time for waiting the response after the ping packets is sent by the DHCP server is configured.
Step 3 Run:
dhcp server ping packets number
The maximum number of ping packets sent by the DHCP server is configured.
By default, the maximum number of ping packets being sent is 2 and the longest waiting time
for ping response packets is 500 ms.
----End
Postrequisite
Before assigning addresses to a client, the DHCP server should detect the IP address to avoid
address collision.
Using the ping command, you can check if there is a ping response of the address to be assigned
within the specific time. If there is no response after a specific time, the DHCP server re-sends
ping packets to this address until it reaches the maximum number of ping packets allowed to be
sent. If there is still no response, it indicates that the IP address is not in use. In this way, it is
ensured that a unique IP address is assigned to the client.
4.4.4 Saving DHCP Data

Context
Procedure
Step 1 Run:
4-20

Issue 04 (2010-01-25)

system-view

Step 2 Run:
dhcp server database enable
Saving the DHCP data to the Flash is enabled.

Step 3 Run:
dhcp server database write-delay seconds
The time delay for saving the data is set.

By default, DHCP data cannot be saved to the Flash. If the function is enabled, the default interval
for saving the current DHCP data is 300 seconds, and the new data overwrites the previous data.
----End
Postrequisite
The DHCP data is saved with a fixed file name on the Flash. Normally, the IP leasing information
is saved in lease.txt file and the address collision information is saved in conflict.txt file. Back
up these two files to other directories because they are replaced regularly.
4.4.5 Recovering DHCP Data

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
dhcp server database recover
DHCP data is recovered after reboot.

----End

Issue 04 (2010-01-25)
Action
Command
View the statistics of DHCP address

collisions.
display dhcp server conflict { all | ip ip-address }

4-21

Action
Command
View the storage path and file

information of the DHCP database.
display dhcp server database
Run the display dhcp server conflict command. If the conflicted IP address and the time when
the conflict occurs are displayed, it means that the configuration succeeds.
<Quidway> display dhcp server conflict all
Address
Discover Time
10.110.1.2
Jan 11 2003 11:57: 7 PM
Run the display dhcp server database command. If the saved path of the DHCP data is
displayed, it means that the configuration succeeds.
<Quidway> display dhcp server database
Status: disable
Recover from files after reboot: disable
File saving lease items: flash:/dhcp/lease.txt
File saving conflict items: flash:/dhcp/conflict.txt
Save Interval: 300 (seconds)
4.5 Configuring DHCP Relay

This section describes how to enable DHCP relay so that DHCP relay can forward DHCP
requests from local clients to the DHCP server on other networks.
4.5.2 Enabling DHCP Relay
4.5.3 Assigning IP Addresses to the Client Through Relay
4.5.4 Requesting the DHCP Server to Release IP Addresses of the Client

When there is no DHCP server configured on the local network, enable the DHCP relay function
on the device. Thus, the DHCP relay can forward the DHCP requests from local clients to the
DHCP server on the other network. That is, the interface connecting the DHCP server to the
DHCP relay must not be configured with any interface address pool.
NOTE
The relay between the server and the client cannot exceed four. Otherwise, the DHCP packet is discarded.
Before configuring the DHCP relay, complete the following tasks:
4-22

Issue 04 (2010-01-25)

l
Configuring the DHCP server
Configuring the routes from the local device to the DHCP server
Data Preparation
To configure the DHCP relay, you need the following data.
No.
Data
IP address of the DHCP server
Number of the VLAN to be enabled the DHCP relay function
IP address to be released and the corresponding MAC address
4.5.2 Enabling DHCP Relay

Context
Each interface can be configured with up to 20 IP relay addresses.
Do as follows on the S-switch acting as the DHCP relay:
Procedure
l
Enabling DHCP relay in the interface view

1.
Run:
system-view

2.
Run:
The interface view is displayed.

3.
Run:
The IP address of the interface is configured.

NOTE
This IP address must be in the same network segment with the IP addresses in the address pool
on the DHCP server.
4.
Run:
ip relay address ip-address
The relay IP address of the interface is added.

The relay IP address indicates the IP address of the DHCP server specified on the
DHCP relay device. After the DHCP relay is enabled on one interface, the DHCP
server is specified by the IP relay address. The DHCP broadcast packets received on
the interface are sent to the specified DHCP server.
Issue 04 (2010-01-25)

4-23

NOTE
If the VLANIF interface is configured with a secondary IP address, the secondary IP address
cannot be used as the gateway address. That is, if the ip relay address command is run on the
interface, the command takes effect only on the network segment where the primary IP address
of the interface resides.
Enabling DHCP Relay in the system view

1.
Run:
system-view

2.
Run:
ip relay address ip-address vlan vlan-id
The IP relay address of the VLANIF interface is added.

----End
Postrequisite
Because the DHCP client may send broadcast packets during DHCP configuration, the interface
where IP relay is enabled should support the broadcast mode.
4.5.3 Assigning IP Addresses to the Client Through Relay

Context
Procedure
l
Assigning IP addresses to the client of the current interface

1.
Run:
system-view

2.
Run:

3.
Run:
dhcp select relay
IP addresses are assigned through DHCP relay.

l
Assigning IP addresses to the clients of the VLAN

1.
Run:
system-view

2.
Run:
dhcp select relay vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>
IP addresses are assigned through DHCP relay.

----End
4-24

Issue 04 (2010-01-25)

4.5.4 Requesting the DHCP Server to Release IP Addresses of the

Client
Context
Procedure
l
Requesting all the DHCP servers to release an IP address

1.
Run:
system-view

2.
Run:
dhcp relay release client-ip-address mac-address
The DHCP servers are required to release the IP address.

l
Requesting the specified DHCP server to release an IP address

1.
Run:
system-view

2.
Run:
dhcp relay release client-ip-address mac-address server-ip-address
The specified DHCP server is required to release the IP address.

l
Requesting the DHCP server connected with the interface to release an IP address
1.
Run:
system-view

2.
Run:

3.
Run:
dhcp relay release client-ip-address mac-address [ server-ip-address ]
The DHCP server connected with the interface on the DHCP relay is required to
release the IP address.
----End

Run the flowing commands to check the previous configuration.
Issue 04 (2010-01-25)

4-25

Action
Command
Check the related statistics about the

DHCP relay.
display dhcp relay statistics
Check the DHCP relay address of

the interface.
display dhcp relay address vlan vlan-id
Run the display dhcp relay address command. If there are available DHCP relay addresses and
related configuration information, it means that the configuration succeeds.
<Quidway> display dhcp relay address vlan 1
** Vlanif1 DHCP Relay Address **
Relay Address [0] :
3.3.3.3
Run the display dhcp relay statistics command. If statistics of DHCP relay, such as the number
of wrong DHCP packets and the number of various DHCP packet, is displayed, it means that
<Quidway> display dhcp relay statistics
Bad Packets received:
DHCP packets received from clients:
DHCP DISCOVER packets received:
DHCP REQUEST packets received:
DHCP INFORM packets received:
DHCP DECLINE packets received:
DHCP packets received from servers:
DHCP OFFER packets received:
DHCP ACK packets received:
DHCP NAK packets received:
DHCP packets sent to servers:
DHCP packets sent to clients:
Unicast packets sent to clients:
Broadcast packets sent to clients:
0
0
0
0
0
0
0
0
0
0
0
0
0
0
4.6 Maintaining DHCP

This section describes how to clear the statistics about DHCP and debug DHCP.
4.6.1 Resetting DHCP
4.6.2 Releasing Conflicting IP Addresses
4.6.3 Clearing DHCP Statistics
4.6.5 Debugging DHCP
4.6.1 Resetting DHCP
CAUTION
Resetting DHCP binding through the reset dhcp command interrupts the operation of the DHCP
server.
4-26

Issue 04 (2010-01-25)

To reset DHCP, run the following reset commands in the user view.
Action
Command
Reset information about the binding of the

specified IP address.
reset dhcp server ip-in-use ip ip-address
Reset information about the dynamic address

bindings of the global address pool.
reset dhcp server ip-in-use pool [ poolname ]
Reset information about dynamic IP address

bindings on the address pool of the VLANIF
interface.
reset dhcp server ip-in-use vlan vlan-id
Reset information about the dynamic address

bindings of all the address pools.
reset dhcp server ip-in-use all
4.6.2 Releasing Conflicting IP Addresses
CAUTION
After the conflicting IP addresses are released, they can be reallocated by the DHCP server.
To release the conflicting IP addresses, run the following reset commands in the user view.
Action
Command
Release the conflicting IP addresses in the

specified address pool.
reset dhcp server conflict ip ip-address
Release all conflicting IP addresses.
reset dhcp server conflict all
The DHCP server detects the conflicting IP addresses through the ping command while the
DHCP client detects the conflicting IP address through sending ARP packets.
4.6.3 Clearing DHCP Statistics
CAUTION
DHCP statistics cannot be restored after you clear it. So, confirm the action before you use the
command.
To clear the DHCP statistics, run the following reset commands.
Issue 04 (2010-01-25)

4-27

Action
Command
Reset the statistics about the DHCP

server.
reset dhcp server statistics
Reset the statistics about the DHCP relay.
reset dhcp relay statistics

To obtain configuration about DHCP in routine maintenance, run the following commands.
Action
Command
View information about available IP

addresses in the DHCP address pool.
display dhcp server free-ip
View information about the IP

addresses with expired leases in the
DHCP address pool.
display dhcp server expired { all | ip ip-address |

pool [ pool-name ] | vlan vlan-id}
View information about address

bindings.
display dhcp server ip-in-use { all | ip ip-address |

pool [ pool-name ] | vlan vlan-id }
View statistics about the DHCP

server.
display dhcp server statistics
View information about the tree

structure of the DHCP address pool.
display dhcp server tree { all | pool [ pool-name ] |

vlan vlan-id }
View information about the conflict

addresses in the DHCP address pool.
display dhcp server conflict { all | ip ip-address }
View the path at which DHCP

database is saved and file information
about the database.
display dhcp server database
View configurations about the DHCP

relay address.
display dhcp relay address vlan vlan-id
4.6.5 Debugging DHCP
CAUTION
allcommand to disable it immediately.
Run the following debug commands in the user view to debug DHCP and locate the fault.
4-28

Issue 04 (2010-01-25)

Action
Command
Enable DHCP server debugging .
debugging dhcp server { all | error | event | packet }
Enable DHCP relay debugging.
debugging dhcp relay { all | error | event | packet

[ client mac mac-address ] }

This section provides several configuration examples of the DHCP server and DHCP relay.
4.7.1 Example for Configuring the Global Address Pool-based DHCP Server
4.7.2 Example for Configuring the VLANIF Interface Address Pool-based DHCP Server
4.7.3 Example for Configuring DHCP Relay
4.7.1 Example for Configuring the Global Address Pool-based

DHCP Server
As shown in Figure 4-1, a DHCP server dynamically assigns the IP addresses to a client in the
same network segment. The address pool segment 10.1.1.0/24 is divided into two segments:
10.1.1.0/25 and 10.1.1.128/25. The IP addresses of the two VLANIF interfaces on the DHCP
server are 10.1.1.1/25 and 10.1.1.129/25.
The IP lease of the segment 10.1.1.0/25 is 10 days and 12 hours, with domain name as
huawei.com, DNS address as 10.1.1.2, egress device address as 10.1.1.126 and without the
NetBIOS address.
The IP lease of the segment 10.1.1.128/25 is 5 days, with domain name as huawei.com, DNS
address as 10.1.1.2, egress device address as 10.1.1.254, and NetBIOS address as 10.1.1.4.
Issue 04 (2010-01-25)

4-29

Figure 4-1 Networking diagram of the DHCP server and the client that are in the same network
segment
NetBIOS
Server
DHCP
Client
DHCP
Client
VLANIF1
10.1.1.1/25
DHCP
Client
VLANIF2
10.1.1.129/25
DHCP
Server
DNS
Server
DHCP
Client
Network: 10.1.1.0/25
DHCP
Client
DHCP
Client
Network: 10.1.1.128/25
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, the NetBIOS server and the egress gateway.
3.
Configure an address pool, including the address range and the domain name, and configure
the IP address of the DNS server.
4.
Configure related attributes for the address pool, such as the address range, the egress
gateway, the IP address of the NetBIOS server and the IP lease.
This example covers the configurations of three address pools. Address pool 0 is configured
with the common attribute of all client; address pool 1 and address pool 2 are configured
with different attributes of various clients.
In this example, you can configure only address pool 1 and address pool 2. They cannot
adopt configurations of the root address pool. You need to configure attributes for them
respectively.
Data Preparation
l
IP address that need not be assigned automatically
Address pool number
1.
4-30
Configure the DHCP server.

Issue 04 (2010-01-25)

# Enable DHCP on the device.

[S-switch] dhcp enable
# Configure the IP addresses that do not participate in auto-allocation, including addresses

of the DNS server, the NetBIOS server and the egress gateway.
[S-switch]
[S-switch]
[S-switch]
[S-switch]
dhcp
dhcp
dhcp
dhcp
server
server
server
server
forbidden-ip
forbidden-ip
forbidden-ip
forbidden-ip
10.1.1.2
10.1.1.4
10.1.1.126
10.1.1.254
# Configure general attributes of DHCP address pool 0, including the address pool range,
domain name and the IP address of the DNS server.
[S-switch] dhcp server ip-pool 0
[S-switch-dhcp-0] network 10.1.1.0 mask 255.255.255.0
[S-switch-dhcp-0] domain-name huawei.com
[S-switch-dhcp-0] dns-list 10.1.1.2
[S-switch-dhcp-0] quit
# Configure attributes of DHCP address pool 1, including the address pool range, egress
gateway and the IP lease.
[S-switch-dhcp-1] expired day 10 hour 12
[S-switch-dhcp-1] gateway-list 10.1.1.126
# Configure attributes of DHCP address pool 2, including the address pool range, egress
gateway, the IP address of the NetBIOS server and the IP lease.
[S-switch-dhcp-2] expired day 5
[S-switch-dhcp-2] nbns-list 10.1.1.4
[S-switch-dhcp-2] gateway-list 10.1.1.254
# Configure the clients of the VLANIF1 to obtain their IP addresses from the global address
pool.
[S-switch-Vlanif1] dhcp select global
# Configure the clients of the VLANIF2 to obtain their IP addresses from the global address
pool.
[S-switch-Vlanif2] dhcp select global
2.

After the configuration, run the display dhcp server tree command on the DHCP server.
If the tree structure information of DHCP address pools, including DNS, IP lease, and
Option parameters, is displayed, it means that the configuration succeeds.
[S-switch] display dhcp server tree all
Global pool:
Pool name: 0
Child node:1
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.2
domain-name huawei.com
Pool name: 1
Parent node:0
Issue 04 (2010-01-25)

4-31

Sibling node:2
network 10.1.1.0 mask 255.255.255.128
dns-list 10.1.1.2
Pool name: 2
Parent node:0
PrevSibling node:1
network 10.1.1.128 mask 255.255.255.128
dns-list 10.1.1.2
nbns-list 10.1.1.4
Configuration File
#
sysname S-switch
#
dhcp server ip-pool 0
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.2
#
network 10.1.1.0 mask 255.255.255.128
expired day 10 hour 12
#
network 10.1.1.128 mask 255.255.255.128
nbns-list 10.1.1.4
expired day 5
#
interface Vlanif1
ip address 10.1.1.1 255.255.255.128
#
interface Vlanif2
ip address 10.1.1.129 255.255.255.128
#
dhcp server forbidden-ip 10.1.1.2
#
dhcp enable
#
return
NOTE
By default, IP addresses in the global address pool are assigned. So, the configuration file does not contain
the dhcp select global command.
4.7.2 Example for Configuring the VLANIF Interface Address Poolbased DHCP Server
Figure 4-2 shows the diagram of applying the VLANIF-interface-based address pool to the
device that supports switched Ethernet interfaces. The Ethernet interface cannot be configured
4-32

Issue 04 (2010-01-25)

with an IP address, so you need to create a VLANIF interface and configure a DHCP address
pool on it to assign IP addresses.
Figure 4-2 Networking diagram of the DHCP server based on the address pool on the VLANIF
interface
NetBIOS Server
10.1.1.3/24
DHCP
Client
DNS Server
10.1.1.2/24
VLANIF10 GE0/0/1
10.1.1.1/24
DHCP
Server
VLANIF11 GE0/0/2
10.1.2.1/24
DHCP
Client
DHCP
Client
DHCP
Client
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, IP addresses of the NetBIOS server.
3.
Create VLANIF interfaces and configure IP addresses for them.
4.
Enable the address pool that is based on the VLANIF interface.
5.
Configure related attributes for the address pool, such as the domain name, IP addresses of
the NetBIOS server and the DNS server, and the IP lease.
Data Preparation
l
IP address that need not be assigned automatically
Address pool number
1.

Issue 04 (2010-01-25)

4-33

# Configure the IP addresses that do not participate in auto-allocation, including IP

addresses of the DNS server and NetBIOS server.
[S-switch] dhcp server forbidden-ip 10.1.1.2
[S-switch] dhcp server forbidden-ip 10.1.1.3
# Create a VLAN.
[S-switch] vlan 10
[S-switch-vlan10] quit
[S-switch] vlan 11
[S-switch-vlan11] quit
# Configure attributes for the switched Ethernet interface and join the interface to a VLAN.
[S-switch] interface gigabitethernet
[S-switch-GigabitEthernet0/0/1] port
[S-switch-GigabitEthernet0/0/1] quit
[S-switch] interface gigabitethernet
[S-switch-GigabitEthernet0/0/2] port
[S-switch-GigabitEthernet0/0/2] quit
0/0/1
default vlan 10
0/0/2
default vlan 11
# Create a VLANIF interface and configure an IP address for the VLANIF interface.
[S-switch-Vlanif10] ip address 10.1.1.1 24
[S-switch-Vlanif11] ip address 10.1.2.1 24
# Enable the address pool on the VLANIF interface.

[S-switch] dhcp select interface vlan 10 to 11
# Configure the domain name of the address pool and IP addresses of the DNS server and
the NetBIOS server.
[S-switch]
[S-switch]
[S-switch]
[S-switch]
dhcp
dhcp
dhcp
dhcp
server
server
server
server
domain-name huawei.com vlan 10 to 11

dns-list 10.1.1.2 vlan 10 to 11
nbns-list 10.1.1.3 vlan 10 to 11
netbios-type b-node vlan 10 to 11
# Configure the IP lease.

[S-switch] dhcp server expired day 10 hour 12 vlan 10 to 11
2.

After the configuration, run the display dhcp server tree command on the DHCP server.
If the tree structure information of DHCP address pools, including DNS, IP lease, and
Option parameters, is displayed, it means that the configuration succeeds.
[S-switch] display dhcp server tree all
Interface pool:
Pool name: Vlanif10
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.2
nbns-list 10.1.1.3
netbios-type b-node
Pool name: Vlanif11
network 10.1.2.0 mask 255.255.255.0
dns-list 10.1.1.2
nbns-list 10.1.1.3
netbios-type b-node
4-34

Issue 04 (2010-01-25)

Configuration Files
#
sysname S-switch
#
vlan batch 10 to 11
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp server dns-list 10.1.1.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
interface Vlanif11
ip address 10.1.2.1 255.255.255.0
dhcp server dns-list 10.1.1.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
interface gigabitEthernet0/0/1
#
interface gigabitEthernet0/0/2
#
#
dhcp enable
#
return
4.7.3 Example for Configuring DHCP Relay

As shown in Figure 4-3, the DHCP client is in the network segment 10.100.0.0/16, while the
DHCP server is in the network segment 202.40.0.0/16. A DHCP relay device is needed to relay
DHCP packets so that the DHCP client obtains the IP addresses from the DHCP server.
The DHCP server is assigned with an address pool in the network segment 10.100.0.0/16. The
IP address of the DNS server is 10.100.1.2/16, the IP address of the NetBIOS server is
10.100.1.3/16, and the IP address of the egress gateway is 10.100.1.4. On the DHCP server, the
routing table must contain at least one reachable a route to the network segment 10.110.0.0.
Issue 04 (2010-01-25)

4-35

Figure 4-3 Networking diagram for configuring DHCP relay
DNS Server
NetBIOS Server
10.100.1.2/16 10.100.1.3/16
DHCP Relay
VLANIF1
10.100.1.1/16
VLANIF2
202.40.1.1/16
DHCP
Client
DHCP Server
Router
GE0/0/1
202.40.1.2/16
DHCP
Client
1.
Enable DHCP on S-switchthat acts as the DHCP relay.
2.
Configure the IP address for interface VLANIF2.
3.
Configure the IP relay address for VLANIF1 and enable DHCP relay on VLANIF1.
4.
Configure a route from the DHCP server to the network segment 10.100.0.0/16.
5.
Enable DHCP on the Router.
6.
Configure the clients attached to GE 0/0/1 to obtain IP addresses through the global address
pool.
7.
Configure a global address pool on the Router.
Data Preparation
To complement the configuration, you need the following data:
l
IP address of the interface that need to be enabled with DHCP relay
IP address of the DHCP server
1.
Configure the DHCP relay.

# Configure an IP address for VLANIF2.

4-36

Issue 04 (2010-01-25)

# Enter the view of the interface that needs to be enabled with DHCP relay. Configure the
IP address and mask of the interface, which should be in the same network segment with
that of the DHCP client.
[S-switch-Vlanif1] ip relay address 202.40.1.2
[S-switch-Vlanif1] dhcp select relay
2.

# On the Router, configure routes to VLANIF1 that connects S-switchand its client.
[Quidway] sysname Router
[Router] ip route-static 10.100.0.0 255.255.0.0 202.40.1.1
# Enable DHCP.
[Router] dhcp enable
# Configure the clients of GE 0/0/1 to obtain the IP addresses from the global address pool.
[Router] interface GigabitEthernet 0/0/1
[Router-GigabitEthernet 0/0/1] ip address 202.40.1.2 255.255.0.0
[Router-GigabitEthernet 0/0/1] dhcp select global
[Router-GigabitEthernet 0/0/1] quit
# Configure the IP addresses that do not participate in auto-allocation, including IP

addresses of the DNS server, the NetBIOS server and the egress gateway.
[Router] dhcp server forbidden-ip 10.100.1.2
# Configure attributes of DHCP address pool 1, including the address pool range, domain
name, egress gateway, the IP address of the DNS server and IP lease.
[Router] dhcp server ip-pool 1
[Router-dhcp-1] network 10.100.0.0 mask 255.255.0.0
[Router-dhcp-1] domain-name huawei.com
[Router-dhcp-1] dns-list 10.100.1.2
[Router-dhcp-1] nbns-list 10.100.1.3
[Router-dhcp-1] gateway-list 10.100.1.4
[Router-dhcp-1] expired day 10 hour 12
[Router-dhcp-1] quit
3.

Run the display dhcp server tree command on the DHCP server. If the tree structure
information of DHCP address pools, including DNS, IP lease, and Option parameters, is
displayed, it means that the configuration succeeds.
[Router] display dhcp server tree all
Global pool:
Pool name: 1
network 10.100.0.0 mask 255.255.0.0
dns-list 10.100.1.2
nbns-list 10.100.1.3
Run the display dhcp relay address vlan 1 command on the DHCP relay device to view
configurations of the relay IP address.
[S-switch] display dhcp relay address vlan 1
** Vlanif1
DHCP Relay Address
Relay Address [0] :
202.40.1.2
Issue 04 (2010-01-25)

**
4-37

Configuration Files
l
Configuration file of S-switch

#
sysname S-switch
#
interface Vlanif1
ip address 10.100.1.1 255.255.0.0
ip relay address 202.40.1.2
dhcp select relay
#
interface Vlanif2
ip address 202.40.1.1 255.255.0.0
#
return
Configuration file of the Router

#
sysname Router
#
network 10.100.0.0 mask 255.255.0.0
dns-list 10.100.1.2
nbns-list 10.100.1.3
expired day 10 hour 12
#
interface GigabitEthernet 0/0/1
ip address 202.40.1.2 255.255.0.0
#
#
ip route-static 10.100.0.0 255.255.0.0 202.40.1.1
#
return
4-38

Issue 04 (2010-01-25)

IP Performance Configuration
About This Chapter

This chapter describes the parameters and function required for IP performance optimization
and provides procedures and examples for optimizing IP performance.
5.1 Overview
This section describes the parameters and concepts concerning IP performance.
5.2 Improving IP Performance
This section describes how to enhance the performance of a specified network through setting
some IP parameters.
5.3 Maintaining IP Performance
This section describes how to clear IP/TCP/UDP statistics and debug IP/TCP/UDP.
This section provides several configuration examples of the IP performance.
Issue 04 (2010-01-25)

5-1

5.1 Overview
This section describes the parameters and concepts concerning IP performance.
5.1.1 Introduction to IP Performance
5.1.2 IP Performance Supported by the S-switch
5.1.1 Introduction to IP Performance

IP performance optimization should be performed on the basis of configurations of some
parameters and enablement of related functions, for example, ICMP function, and TCP
attributes.
Internet Control Message Protocol (ICMP) messages are used by either the IP layer or the higher
layer protocol (TCP or UDP). ICMP communicates error messages or other conditions that
require attention.
5.1.2 IP Performance Supported by the S-switch

ICMP
l
ICMP Host Unreachable Messages

When forwarding packets, the device discards the packets and returns an ICMP host
unreachable message to the source to notify that the source must stop sending packets to
this destination if the device encounters the following situations:
There is no route to the destination.
The packet is not for itself.
ICMP Packet Sending Switches

In normal circumstance, ICMP host unreachable messages can ensure normal packet
transmission. However, when devices encounter the preceding conditions frequently,
network traffic becomes heavy because devices send a large number of ICMP messages.
This increases the traffic burden. In the case of malicious attacks, network congestion
becomes worse.
To solve this problem, a control switch is added on the outgoing interface of ICMP
messages. This switch is used to respectively enable or disable the sending of ICMP host
unreachable messages. If the switch is disabled, the device does not send out the ICMP
host unreachable packets. This can reduce the traffic burden and protect the network from
malicious attacks.
Broadcast Packet Forwarding

Broadcast packet forwarding is used to control whether broadcast packets are forwarded on a
specified interface. Run the ip forward-broadcast command on an interface. For the broadcast
packets that are not generated by the local host, this interface sends the broadcast packets to the
local host before forwarding them.
5-2

Issue 04 (2010-01-25)

When forwarding broadcast packets is enabled, the ACL rules can be specified. The interface
forwards only the broadcast packets that match the ACL. It sends back the broadcast packets
that do not match the ACL to the host without forwarding them.
S-switch generally do not forward directional broadcast packets. In some cases, however, you
may require the device to forward directional broadcast packets. Thus, you can run the ip
forward-broadcast command to enable an interface to forward directional broadcast packets.
This makes the networking to be flexible.
5.2 Improving IP Performance

This section describes how to enhance the performance of a specified network through setting
some IP parameters.
5.2.2 Verifying the Source IP Address
5.2.3 Forwarding Broadcast Packets
5.2.4 Configuring ICMP Attributes
5.2.5 Configuring TCP Attributes

In some special network environments, you must adjust the IP parameters to achieve the best
performance. Improving IP performance involves configurations of a series of parameters.
Before improving IP performance, complete the following tasks:
l
Configuring the physical parameters for related interfaces and ensuring that the status of
the physical layer of the interface is Up
Configuring the link layer protocol for related interfaces and ensuring that the status of the
Configuring the IP addresses for related interfaces
Configuring the ACL
Data Preparation
To improve IP performance, you need the following data.
Issue 04 (2010-01-25)
No.
Data
Number of the interface

5-3

No.
Data
Number of the interface which needs source address verification
Number of the interface which needs to forward broadcast packets and ACL number
which is used to specify the broadcast packets
Number of the interface which needs to configure ICMP host-unreachable
SYN-WAIT timer, FIN-WAIT timer, receiving and sending buffer size of the socket
5.2.2 Verifying the Source IP Address

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
ip verify source-address
The source IP address verification is enabled on the interface.

By default, the function is disabled on all interfaces.
----End
5.2.3 Forwarding Broadcast Packets

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
5-4

Issue 04 (2010-01-25)


Step 3 Run:
ip forward-broadcast [ acl acl-number ]
The interface is configured to forward broadcast packets.

By default, broadcast packets are not forwarded by any interface.
----End
5.2.4 Configuring ICMP Attributes

Context
By default, sending ICMP redirection packets and unreachable packets is enabled.
CAUTION
l
If the transmission of ICMP host unreachable messages is disabled, the device no longer
sends the ICMP host unreachable message.
Procedure
Step 1 Run:
system-view

Step 2 Run:
interface interface-type interface-number

The interface is a VLANIF interface.
Step 3 Run:
icmp host-unreachable send
Sending ICMP host unreachable packets is enabled.

----End
5.2.5 Configuring TCP Attributes

Context
The TCP attributes that can be configured include:
l
Issue 04 (2010-01-25)
The SYN-Wait timer: On sending SYN packets, the TCP starts the SYN-Wait timer. If
response packets are not received before the SYN-Wait timer timeout, the TCP connection
5-5

is terminated. The SYN-Wait timer timeout ranges from 2 seconds to 600 seconds, and the
default value is 75 seconds.
l
The FIN-Wait timer: When the TCP connection status turns from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer starts. If FIN packets are not received before the FINWait timer timeout, the TCP connection is terminated. The FIN-Wait timer timeout ranges
from 76 seconds to 3600 seconds, and the default value is 675 seconds.
The receiving and sending window-size of the connection-oriented socket: It ranges from
1K bytes to 32K bytes, and the default value is 8K bytes.
If an attribute of TCP is configured for many times in the system view, only the last configuration
takes effect.
Procedure
Step 1 Run:
system-view

Step 2 Run:
tcp timer syn-timeout interval
The SYN-Wait timer of setting up TCP connections is configured.

Step 3 Run:
tcp timer fin-timeout interval
The FIN_WAIT_2 timer of setting TCP connections is configured.

Step 4 Run:
tcp window window-size
The receiving/sending buffer size of the TCP socket is configured.

----End

5-6
Action
Command
View the TCP connection status.
display tcp status [ [ task-id task-id ] [ socketid socket-id ] | [ local-ip ip-address ] [ localport local-port-number ] [ remote-ip ipaddress ] [ remote-port remote-port-number ] ]
View the TCP traffic statistics.
display tcp statistics
View the UDP traffic statistics.
display udp statistics

Issue 04 (2010-01-25)

Action
Command
View the table information of the IP layer

interface.
display ip interface [ interface-type interfacenumber ]

display ip interface brief [ interface-type
[ interface-number ] ]
View the IP traffic statistics.
display ip statistics
View the ICMP traffic statistics.
display icmp statistics
View the Rawlink statistics.
display rawlink statistics
View the FIB table.
display fib
View the filtered FIB information.
display fib acl acl-number[ verbose ]
View the FIB entry which matches a

destination address.
display fib destination-address1 [ destinationmask1 ] [ longer ] [ verbose ]
View the FIB entry whose destination

address is in the range of destinationaddress1 destination-mask1 to
destination-address2 destination-mask2.
display fib destination-address1 destinationmask1 destination-address2 destination-mask2

[ verbose ]
View the FIB entries that have passed

filtering in a certain format according to
the input IP prefix name.
display fib ip-prefix prefix-name [ verbose ]

the input interface type and interface
number.
display fib interface interface-type interfacenumber

the input next hop address.
display fib next-hop ip-address
View the total number of FIB entries.
display fib statistics
View the summary of the FIB.
display fib [ | { begin | exclude | include }

regular-expression ]
View all the current socket API

information.
display ip socket [ monitor ] [ task-id task-id |

sock-type sock-type ]
Run the display tcp status command. If the information about the TCP connection status is
displayed, it means that the configuration succeeds. For example:
<Quidway> display tcp status
TCPCB
Tid/Soid Local Add:port
0dcdd3c0 30 /1
0.0.0.0:21
0f63b34c 40 /1
0.0.0.0:23
0dcde398 40 /2
100.1.1.235:23
d
0dce0348 40 /3
100.1.1.235:23
d
Issue 04 (2010-01-25)
Foreign Add:port
0.0.0.0:0
0.0.0.0:0
100.1.1.156:3589
100.1.1.156:3596

VPNID State
0
Listening
14849 Listening
0
Establishe
0
Establishe
5-7

0dce0e40
d
0dce22f8
d
40 /4
100.1.1.235:23
100.1.1.156:3750
Establishe
40 /5
100.1.1.235:23
100.1.1.156:3762
Establishe
Run the display tcp statistics command. If the TCP traffic statistics are displayed, it means that
the configuration succeeds. For example:
<Quidway> display tcp statistics
Received packets:
Total: 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 0 (0 bytes)
duplicate ACK packets: 0, too much ACK packets: 0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 (including 0 RST)
data packets: 0 (0 bytes),data packets retransmitted: 0 (0 bytes)
ACK-only packets: 0 (0 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
Keep alive timeout: 0, keep alive probe: 0, Keep alive timeout, so connections d
isconnected : 0
Initiated connections: 0, accepted connections: 0, established connections: 0
Closed connections: 0 (dropped: 0, initiated dropped: 0)
Packets dropped with MD5 authentication: 0
Packets permitted with MD5 authentication: 0
Run the display udp statistics command. If the UDP traffic statistics are displayed, it means
<Quidway> display udp statistics
Received packets:
Total: 0
checksum error: 0
shorter than header: 0, data length larger than packet: 0
unicast(no socket on port): 0
broadcast/multicast(no socket on port): 0
not delivered, input socket full: 0
input packets missing pcb cache: 0
Sent packets:
Total: 0
Run the display ip interface command. If the information about IP interfaces is displayed, it
<Quidway> display ip interface vlanif 1
Vlanif1 current state : DOWN
Line protocol current state : DOWN
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
Directed-broadcast packets:
received packets:
0, sent packets:
forwarded packets:
0, dropped packets:
Internet Address is 172.18.255.1/24
Broadcast address : 172.18.255.255
5-8

0
0
Issue 04 (2010-01-25)

TTL invalid packet number:
ICMP packet input number:
Echo reply:
Unreachable:
Source quench:
Routing redirect:
Echo request:
Router advert:
Router solicit:
Time exceed:
IP header bad:
Timestamp request:
Timestamp reply:
Information request:
Information reply:
Netmask request:
Netmask reply:
Unknown type:
DHCP packet deal mode: global
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Run the display ip statistics command. If the IP traffic statistics are displayed, it means that the
configuration succeeds. For example:
<Quidway> display ip statistics
Input:
sum
10153
bad protocol
0
bad checksum
0
TTL exceeded
0
Output:
forwarding
0
dropped
0
Fragment: input
0
dropped
0
fragmented
0
Reassembling:sum
0
local
bad format
bad options
10153
0
0
local
no route
output
11589
0
0
couldn't fragment
timeouts
0
0
Run the display icmp statistics command. If the ICMP traffic statistics are displayed, it means
<Quidway> display icmp statistics
Input: bad formats
0
bad checksum
echo
4
destination unreachable
source quench
0
redirects
echo reply
5
parameter problem
timestamp
0
information request
mask requests
0
mask replies
time exceeded
0
Output:echo
5
destination unreachable
source quench
0
redirects
echo reply
4
parameter problem
timestamp
0
information reply
mask requests
0
mask replies
time exceeded
0
0
0
0
0
0
0
0
0
0
0
0
Run the display rawlink statistics command. If the Rawlink statistics are displayed, it means
<Quidway> display rawlink statistics
Received packets:
Total: 0
ifnet is null: 0
not pass multicast: 0
no join multicast: 0
full sock and pstMBuf to be freed: 0
full sock and nothing to be freed: 0
full sock and other reason: 0
Send packets:
Total: 0
Issue 04 (2010-01-25)

5-9

Run the display fib command. If the brief information about the FIB is displayed, it means that
the configuration succeeds. For example:
<Quidway> display fib
FIB Table:
Total number of Routes : 7
Destination/Mask
Nexthop
Flag TimeStamp
127.0.0.1/32
127.0.0.1
HU
t[57]
127.0.0.0/8
127.0.0.1
U
t[57]
172.16.255.6/32
127.0.0.1
HU
t[86]
172.16.255.4/30
172.16.255.6
U
t[86]
0.0.0.0/0
172.16.255.5
GSU t[86]
192.168.0.0/16
172.16.255.5
GSU t[86]
172.16.255.5/32
172.16.255.5
HLU t[650]
<Quidway> display fib acl 2010
Route entry matched by access-list 2010:
Summary counts: 1
Destination/Mask Nexthop
Flag
TimeStamp
127.0.0.0/8
127.0.0.1
U
t[0]
Interface
InLoop0
InLoop0
InLoop0
Vlanif2002
Vlanif2002
Vlanif2002
GE0/0/1
TunnelID
0x0
0x0
0x0
0x0
0x0
0x0
0x0
Interface
InLoopBack0
TunnelID
0x0
5.3 Maintaining IP Performance

This section describes how to clear IP/TCP/UDP statistics and debug IP/TCP/UDP.
5.3.1 Clearing IP/TCP/UDP Statistics
5.3.3 Debugging IP/TCP/UDP
5.3.1 Clearing IP/TCP/UDP Statistics
CAUTION
IP/TCP/UDP statistics cannot be restored after you clear it. So, confirm the action before you
use the command.
To clear the IP/TCP/UDP statistics, run the following reset commands in the user view.
5-10
Action
Command
Reset the IP statistics.
reset ip statistics [ interface interface-type

interface-number ]
Clear information about the socket

monitor.
reset ip socket monitor
Reset the TCP traffic statistics.
reset tcp statistics
Reset the UDP traffic statistics.
reset udp statistics
Rest the Rawlink statistics.
reset rawlink statistics

Issue 04 (2010-01-25)


To obtain configurations in routine maintenance, run the following commands.
Action
Command
View TCP connection status.
display tcp status [ [ task-id task-id ] [ socketid socket-id ] | [ local-ip ip-address ] [ localport local-port-number ] [ remote-ip ipaddress ] [ remote-port remote-port-number ] ]
View statistics about TCP traffic.
display tcp statistics
View statistics about UDP traffic.
display udp statistics
View information about IP interfaces.
display ip interface [ interface-type interfacenumber ]

display ip interface brief [ interface-type [
interface-number ] ]
Issue 04 (2010-01-25)
View statistics about IP traffic.
display ip statistics
View statistics about ICMP traffic.
display icmp statistics
View statistics about Rawlink.
display rawlink statistics
View the FIB table.
display fib
View the FIB information selectively

through filtering.
display fib acl acl-number [ verbose ]
Filter FIB entries by matching destination

IP addresses.
display fib [ slot-id ] destination-address1

[ desinationt-mask1 ] [ longer ] [ verbose ]
View the FIB entries with the destination

IP addresses in the range from destinationaddress1 destination-mask1 to
destination-address2 destination-mask2.
display fib [ slot-id ] destination-address1

destination-mask1 destination-address2
destination-mask2 [ verbose ]

filtering in a certain format according to the
input IP prefix name.
display fib ip-prefix prefix-name [ verbose ]

input interface type and interface number.
display fib interface interface-type interfacenumber

input next hop address.
display fib next-hop ip-address
View the total number of FIB entries.
display fib statistics
View brief information about the

forwarding table.
display fib [ | { begin | exclude | include }

regular-expression ]

5-11

Action
Command
View information about all the socket

interfaces of the system.
display ip socket [ monitor ] [ task-id task-id

| sock-type sock-type ]
5.3.3 Debugging IP/TCP/UDP
CAUTION
Run the following debug commands in the user view to debug IP/TCP/UDP/RAWIP/
RAWLINK and locate the fault.
Action
Command
Enable IP packets debugging.
debugging ip packet [ error ] [ acl acl-number ]
Enable ICMP debugging.
debugging ip icmp
Enable UDP packets debugging.
debugging udp packet [ local-ip ip-address ] [ localport local-port ] [ remote-ip ip-address ] [ remoteport remote-port ]
debugging udp packet [ task-id task-id ] [ socket-id
socket-id ]
Enable TCP packets debugging.
debugging tcp packet [ local-ip ip-address ] [ localport local-port ] [ remote-ip ip-address ] [ remoteport remote-port ] [ flag flag-number ]
debugging tcp packet [ task-id task-id ] [ socket-id
socket-id ] [ flag flag-number ]
Enable TCP event debugging.
debugging tcp event [ local-ip local-address ] [ localport local-port ] [ remote-ip remote-address ] [ remoteport remote-port ]
debugging tcp event [ task-id task-id ] [ socket-id
socket-id ]
Enable TCP MD5 authentication

debugging.
debugging tcp md5 [ local-ip local-address ] [ localport local-port ] [ remote-ip remote-address ] [ remoteport remote-port ]
debugging tcp md5 [ task-id task-id ] [ socket-id socketid ]
5-12

Issue 04 (2010-01-25)

Action
Command
Enable RAWIP packets

debugging.
debugging rawip packet [ local-ip ip-address ]

[ remote-ip ip-address ] [ protocol protocol-number ]
[ verbose verbose-number ]
debugging rawip packet [ task-id task-id ] [ socket-id
socket-id ] [ verbose verbose-number ]
Enable RAWLINK packets

debugging.
debugging rawlink packet [ local-mac local-mac ]

[ remote-mac remote-mac ] [ verbose verbosenumber ]
debugging rawlink packet [ task-id task-id ] [ socketid socket-id ] [ verbose verbose-number ]

This section provides several configuration examples of the IP performance.
5.4.1 Example for Limiting Transmission of ICMP Host-Unreachable Packets
5.4.1 Example for Limiting Transmission of ICMP HostUnreachable Packets

As shown in Figure 5-1, S-switch-A, S-switch-B and S-switch-C are connected with each other
through their VLANIF to test limiting transmission of host-unreachable packets.
Figure 5-1 Networking diagram of configuring ICMP host unreachable packets
S-switch-A
VLANIF1
1.1.1.1/24
Internet
VLANIF1
2.2.2.2/24
VLANIF1
1.1.1.2/24
S-switch-C
Issue 04 (2010-01-25)
S-switch-B

5-13

1.
Configure IP addresses for the interfaces on devices.
2.
Configure static routes between devices that are not directly connected.
3.
Enable limiting transmission of ICMP Host-unreachable packets.
Data Preparation
l
Static routes between devices that are not directly connected
IP addresses for the interfaces
1.
# Configure static routes on S-switch-A.
[S-switch-A] ip route-static 2.2.2.2 24 1.1.1.2
# Configure an IP address for VLANIF1.

[S-switch-A-Vlanif1] ip address 1.1.1.1 24
2.
Configure S-switch-B.
# Disable sending ICMP host unreachable packets on S-switch-B and configure an IP
address for VLANIF1
[S-switch-B-Vlanif1] undo icmp host-unreachable send
[S-switch-B-Vlanif1] ip address 1.1.1.2 24
[S-switch-B] quit
3.
Configure S-switch-C.
# Configure an IP address for VLANIF1 on S-switch-C.
[Quidway] sysname S-switch-C
[S-switch-C] interface vlanif 1
[S-switch-C-Vlanif1] ip address 2.2.2.2 24
[S-switch-C-Vlanif1] quit
4.

# Enable the debugging of the ICMP packets of S-switch-B.
<S-switch-B> debugging ip icmp
# Run the ping 2.2.2.2 command on S-switch-A. If you can view that S-switch-B does not
send the host unreachable packets, it means that the configuration succeeds. For example:
[S-switch-A] ping 2.2.2.2
Configuration Files
l
5-14

Issue 04 (2010-01-25)

#
sysname S-switch-A
#
interface Vlanif1
ip address 1.1.1.1 255.255.255.0
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
l

#
sysname S-switch-B
#
interface Vlanif1
ip address 1.1.1.2 255.255.255.0
undo icmp host-unreachable send
#

#
sysname S-switch-C
#
interface Vlanif1
ip address 2.2.2.2 255.255.255.0
#
Issue 04 (2010-01-25)

5-15

DHCP Policy VLAN Configuration
About This Chapter

This chapter describes the concept, operating mode, and configuration of Dynamic Host
Configuration Protocol (DHCP) policy Virtual Local Area Network (VLAN), and provides
configuration examples.
6.1 Overview
This section describes the concept of DHCP policy VLAN.
6.2 Configuring DHCP Policy VLAN Based on MAC Addresses
This section describes how to configure DHCP Policy VLAN Based on MAC Addresses
6.3 Configuring the DHCP Policy VLAN Based on Interfaces
This section describes how to configure the DHCP policy VLAN based on interfaces.
6.4 Configuring Generic DHCP Policy VLAN
This section describes how to configure Generic DHCP Policy VLAN
6.5 Maintaining DHCP Policy VLAN
This section describes how to maintain DHCP policy VLAN.
This section provides several configuration examples of DHCP policy VLAN.
Issue 04 (2010-01-25)

6-1

6.1 Overview
This section describes the concept of DHCP policy VLAN.
6.1.1 Introduction
6.1.2 DHCP Policy VLAN Supported by the S-switch
6.1.1 Introduction
When the policy for VLANs is configured on the S-switch, the VLAN to which each host
connects to the interface on the S-switch belongs is determined by the network segment to which
the IP address of the host belongs. When a host that accesses the network for the first time is
connected to an interface, the host cannot be added to its associated VLAN because it has no
valid IP address.
DHCP policy VLAN is thus introduced. With DHCP policy VLAN, hosts that access the network
for the first time can obtain valid IP addresses from the DHCP server and then be added to the
VLANs whose network segments the IP addresses belong to.
6.1.2 DHCP Policy VLAN Supported by the S-switch

The S-switch supports the following types of DHCP policy VLAN:
l
DHCP policy VLAN based on MAC addresses
DHCP policy VLAN based on interfaces
Generic DHCP policy VLAN
6.2 Configuring DHCP Policy VLAN Based on MAC

Addresses
This section describes how to configure DHCP Policy VLAN Based on MAC Addresses
6.2.2 Configuration Procedure

When multiple hosts access the network through an interface on the S-switch, you need to
configure DHCP policy VLAN based on MAC addresses so that the hosts can obtain IP addresses
from the DHCP server and be added to specific VLANs.
6-2

Issue 04 (2010-01-25)

Before configuring DHCP policy VLAN based on MAC addresses, complete the following
tasks:
l
Configuring the default VLAN for the interface on the S-switch that connects to the newly
added hosts
Data Preparation
To configure DHCP policy VLAN based on MAC addresses, you need the following data.
No.
Data
MAC addresses of the newly added hosts
ID of the VLAN to which the DHCP server belongs

Context
Do as follows on the S-switch.
Procedure
Step 1 Run:
system-view

Step 2 Run:
The view of the interface on the S-switch that connects to multiple hosts is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan id
The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
policy-vlan dhcp-mac mac-address1 [ to mac-address2 ] [ priority priority ]
The DHCP policy VLAN based on MAC addresses is configured.

----End
Issue 04 (2010-01-25)

6-3


Run the following command to check the previous configuration.
Action
Command
Check the configuration of the Sswitch in the VLAN view.
display this
Run the display this command in the VLAN view of the S-switch where DHCP policy VLAN
based on MAC addresses is configured, you can view that the configuration of DHCP policy
VLAN based on MAC addresses is correct.
[Quidway-vlan2] display this
#
vlan 2
policy-vlan dhcp-mac 0002-0002-0002 priority 2
#
6.3 Configuring the DHCP Policy VLAN Based on

Interfaces
This section describes how to configure the DHCP policy VLAN based on interfaces.

When multiple hosts access the network through different interfaces on the S-switch, you need
to configure DHCP policy VLAN based on interfaces so that the hosts can obtain IP addresses
from the DHCP server.
Before configuring DHCP policy VLAN based on interfaces, complete the following tasks:
l
Configuring the default VLAN for the interface that connects to the newly added host on
the S-switch
Configuring the interface that connects to the newly added host on the S-switch as a hybrid
interface
Data Preparation
To configure DHCP policy VLAN based on interfaces, you need the following data.
6-4

Issue 04 (2010-01-25)

No.
Data
Number of the interface that connects to the newly added host on the S-switch

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
The view of the interface that connects to the newly added host on the S-switch is displayed.
Step 3 Run:
Step 4 Run:
vlan vlan id
Step 5 Run:
policy-vlan dhcp-port interface-type interface-number1 [ to interface-number2 ]
[ priority priority ]
The DHCP policy VLAN based on interfaces is configured.

----End

Issue 04 (2010-01-25)
Action
Command
display this

6-5

Run the display this command in the VLAN view of the S-switch where DHCP policy VLAN
based on interfaces is configured, you can view that the configuration of DHCP policy VLAN
based on interfaces is correct.
#
vlan 2
policy-vlan dhcp-port GigabitEthernet 0/0/2 priority 2
#
6.4 Configuring Generic DHCP Policy VLAN

This section describes how to configure Generic DHCP Policy VLAN

When hosts that do not apply DHCP policy VLAN based on MAC addresses or DHCP policy
VLAN based on interfaces access the network for the first time, you need to configure generic
DHCP policy VLAN on the S-switch so that the hosts can obtain valid IP addresses.
Before configuring generic DHCP policy VLAN, complete the following tasks:
l
Configuring the default VLAN for the interface that connects to the newly added host on
the S-switch
Data Preparation
To configure generic DHCP policy VLAN, you need the following data.
No.
Data

Context
6-6

Issue 04 (2010-01-25)

Procedure
Step 1 Run:
system-view

Step 2 Run:
The view of the interface that connects to the newly added host on the S-switch is displayed.
Step 3 Run:
Step 4 Run:
vlan vlan id
Step 5 Run:
policy-vlan dhcp-generic [ priority priority ]
The generic DHCP policy VLAN is configured.

----End

Run the following command to check the previous configuration.
Action
Command
display this
Run the display this command in the VLAN view of the S-switch where generic DHCP policy
VLAN is configured, you can view that the configuration of generic DHCP policy VLAN is
correct.
#
vlan 2
policy-vlan dhcp-generic priority 2
#
6.5 Maintaining DHCP Policy VLAN

This section describes how to maintain DHCP policy VLAN.
6.5.1 Monitoring the Running Status
Issue 04 (2010-01-25)

6-7

6.5.1 Monitoring the Running Status

To check the running status of DHCP policy VLAN, run the following display command in the
corresponding VLAN view.
Action
Command
Check the configuration of DHCP

policy VLAN.
display this

This section provides several configuration examples of DHCP policy VLAN.
6.6.1 Example for Configuring DHCP Policy VLAN Based on MAC Addresses
6.6.2 Example for Configuring DHCP Policy VLAN Based on Interfaces
6.6.1 Example for Configuring DHCP Policy VLAN Based on MAC

Addresses
As shown in Figure 6-1, on the S-switch, GE 0/0/2 connects to PC1 and PC2 that access the
network for the first time; GE 0/0/4 connects to the DHCP server that belongs to VLAN 100.
The MAC address of PC1 is 001E-9089-C65A; the MAC address of PC2 is 00E0-4C84-0B44.
Figure 6-1 Networking for configuring DHCP policy VLAN based on MAC addresses
PC1
001E-9089-C65A
S-switch
GE 0/0/4
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
PC2
00E0-4C84-0B44
6-8

Issue 04 (2010-01-25)

1.
Determine to which VLAN the DHCP server belongs.
2.
Configure DHCP policy VLAN based on MAC addresses.
Data Preparation
l
MAC address of the newly added host
Default VLAN ID of the interfaces on the S-switch
1.
Configure the S-switch.

# Configure GE 0/0/2 and GE 0/0/4 on the S-switch as a hybrid interface, and configure
frames from VLAN 100 to pass through GE 0/0/2 in untagged mode.
0/0/2
default vlan 2
hybrid untagged vlan 100
0/0/4
default vlan 4
# Configure DHCP policy VLAN based on MAC addresses.

[Quidway] vlan 100
[Quidway-vlan100] policy-vlan dhcp-mac 001E-9089-C65A priority 5
[Quidway-vlan100] policy-vlan dhcp-mac 00E0-4C84-0B44 priority 5
2.

# Ping the DHCP server from PC1 and PC2. The ping operations are successful.
C:\>ping 192.168.31.251
Pinging 192.168.31.251 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
192.168.31.251:
192.168.31.251:
192.168.31.251:
192.168.31.251:
bytes=32
bytes=32
bytes=32
bytes=32
time=126ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
Ping statistics for 192.168.31.251:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 126ms, Average = 33ms
Configuration Files
The following lists the configuration file of the S-switch.
#
port default vlan 2
port hybrid untagged vlan 100
Issue 04 (2010-01-25)

6-9


port default vlan 4
#
vlan 100
policy-vlan dhcp-mac 001e-9089-c65a priority 5
policy-vlan dhcp-mac 00e0-4c84-0b44 priority 5
#
return
6.6.2 Example for Configuring DHCP Policy VLAN Based on

Interfaces
As shown in Figure 6-2, on the S-switch, GE 0/0/2 connects to an access switch; GE 0/0/1
connects to the DHCP server that belongs to VLAN 100; the access switch connects to 10 hosts.
Figure 6-2 Networking for configuring DHCP policy VLAN based on interfaces
S-switch
GE 0/0/1
VLAN100
GE 0/0/2
DHCP Server
192.168.31.251/16
...
PC1
PC10
1.
Determine to which VLAN the DHCP server belongs.
2.
Configure DHCP policy VLAN based on interfaces.
Data Preparation
6-10
Number of the S-switch interface that connects to the downstream access switch
Default VLAN ID of the interfaces on the S-switch

Issue 04 (2010-01-25)

1.
Configure the S-switch.

# Configure GE 0/0/1 and GE 0/0/2 on the S-switch as hybrid interfaces, and configure
frames from VLAN 100 to pass through GigabitEthernet 0/0/2 in untagged mode.
0/0/1
link-type hybrid
default vlan 10
0/0/2
link-type hybrid
default vlan 20
# Configure DHCP policy VLAN based on interfaces.

[Quidway] vlan 100
[Quidway-vlan100] policy-vlan dhcp-port gigabitethernet 0/0/2 priority 5
2.

# Ping the DHCP server from each host. The ping operations are successful.
C:\>ping 192.168.31.251
Pinging 192.168.31.251 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
192.168.31.251:
192.168.31.251:
192.168.31.251:
192.168.31.251:
bytes=32
bytes=32
bytes=32
bytes=32
time=126ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
Ping statistics for 192.168.31.251:

Configuration Files
The following lists the configuration file of the S-switch.
#
#
vlan 100
policy-vlan dhcp-port gigabitEthernet 0/0/2 priority 5
#
return
Issue 04 (2010-01-25)

6-11

Basic IPv6 Configuration
About This Chapter

This chapter describes the IPv6 features and IPv6 address overview. It also describes
configuration steps for IPv6 ND, PMTU configuration, along with typical examples.
7.1 Introduction to IPv6
7.2 IPv6 Supported by the S-switch
7.3 Configuring an IPv6 Address for an Interface
This section describes how to configure an IPv6 address for an interface.
7.4 Configuring IPv6 Neighbor Discovery
This section describes how to configure IPv6 neighbor discovery.
7.5 Configuring PMTU
This section describes how to configure IPv6 PMTU.
7.6 Configuring TCP6
This section describes how to configure TCP connections.
7.7 Maintaining IPv6
This section describes how to clear IPv6 statistics and debug IPv6.
This section provides a configuration example for the IPv6 address.
Issue 04 (2010-01-25)

7-1

7.1 Introduction to IPv6

Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network
protocol of the second generation. It is a set of specifications designed by the Internet
Engineering Task Force (IETF). IPv6 is the upgraded version of IPv4. The most remarkable
difference between IPv6 and IPv4 is that the IP address lengthens from 32 bits to 128 bits.
7.2 IPv6 Supported by the S-switch

The S-switch supports the IPv6 protocol suite and TCP6 protocol suite.
IPv6 Address
A 128-bit IPv6 address has the following formats:
l
X:X:X:X:X:X:X:X
In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group
are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are
separated by colons. Every "X" represents a group of hexadecimal values.
X:X:X:X:X:X:d.d.d.d
This format is for the following types of addresses:
IPv4-compatible IPv6 address
IPv4-mapped IPv6 address
IPv4-compatible IPv6 address is used to configure an IPv6 over IPv4 tunnel.

In this type of address, "X" represents the first six groups of numbers. Each "X" stands for
16 bits that are represented by hexadecimal numbers. "d" represents the subsequent four
group of numbers. Each "d" stands for eight bits that are represented by decimal numbers.
"d.d.d.d" is a standard IPv4 address.
An IPv6 address can be divided into two parts:
l
Network prefix: equals the network ID of an IPv4 address. It is of n bits.
Interface identifier: equals the host ID in an IPv4 address. It is of 128-n bits.
IPv6 Neighbor Discovery

The IPv6 neighbor discovery (ND) is a group of messages and processes that define the
relationship between neighboring nodes. ND replaces the Address Resolution Protocol (ARP)
messages and the Internet Control Message Protocol (ICMP) device discovery messages. It also
provides additional functions.
IPv6 PMTU
Generally, the problem that different networks have different Maximum Transmission Units
(MTU) can be solved in the following ways:
7-2

Issue 04 (2010-01-25)

Devices fragment packets as required. The source host only needs to fragment packets;
however, the intermediate device not only needs to fragment packets, but also to reassemble
packets.
The source host sends packets based on a proper MTU so that packets need not be
fragmented on the intermediate device. In such a case, packet processing burden on the
intermediate device can be reduced. During IPv6 packet transmission, only this way can
be adopted because IPv6 intermediate devices do not support packet fragmentation.
The Path MTU (PMTU) Discovery mechanism aims at finding a proper MTU value on the path
from the source to the destination.
IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing
protocols. This brings about Routing Information Base (RIB). The RIB is a base of the
Forwarding Information Base (FIB). Guided by route management policies, a device extracts a
minimum of necessary forwarding information from RIB and adds the information to the FIB.
Through the route management module, you can also add static routes into the FIB.
A FIB contains a group of minimum information needed by a device during packet forwarding.
An FIB entry usually contains the destination address, prefix length, transport port, next-hop
address, route flag, and time stamp. A device forwards packets according to FIB entries.
The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB
container (used on the forwarding plane). A FIB agent is responsible for interacting with the
RM module for delivering FIB entries to the forwarding engine, and to the I/O board in a
distributed system.
A FIB contains the following information:
l
Destination address: indicates the network or host a packet is destined for.
Prefix length: indicates the length of the destination address prefix. From the prefix length,
you can infer that the destination address is a network address or a host address.
Nexthop: indicates the address of the close next hop through which the packet reaches the
destination.
Flag(s): identifies route features.
Interface: indicates the outgoing interface of the packet.
Timestamp: Indicates the time when an FIB entry is established.
7.3 Configuring an IPv6 Address for an Interface

This section describes how to configure an IPv6 address for an interface.
7.3.2 Enabling IPv6 Packet Forwarding Capability
7.3.3 Configuring an IPv6 Link-Local Address for an Interface
7.3.4 Configuring an IPv6 Global Unicast Address for an Interface
Issue 04 (2010-01-25)

7-3


When a device communicates with an IPv6 device, you need to configure IPv6 address for the
interface.
Before configuring IPv6 addresses, complete the following tasks:
l
Configuring the physical features of the interface and ensuring that the status of the physical
layer of the interface is Up
Data Preparation
To configure IPv6 addresses for an interface, you need the following data.
No.
Data
Number of the interface
Link-local address configured manually
Global unicast address and prefix length
7.3.2 Enabling IPv6 Packet Forwarding Capability

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ipv6
The IPv6 packet forwarding capability is enabled.

By default, the IPv6 packet forwarding capability is disabled.
----End
7.3.3 Configuring an IPv6 Link-Local Address for an Interface

7-4

Issue 04 (2010-01-25)

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Perform the following as required.
Run:
ipv6 address auto link-local
Auto generation of the IPv6 link-local address is enabled.

Or
Run:
ipv6 address ipv6-address link-local
The IPv6 link-local address is manually configured.

Besides configuring a link-local address through the preceding two commands, you can also
configure a global unicast IPv6 address for auto generating a link-local address. For details, see
Configuring an IPv6 Global Unicast Address for an Interface.
----End
7.3.4 Configuring an IPv6 Global Unicast Address for an Interface

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } [ eui-64 ]
Issue 04 (2010-01-25)

7-5

The global unicast address is configured on the interface.

----End

Prerequisite
The configurations of the IPv6 addresses are complete.
Procedure
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command to

check the IPv6 information of an interface.
Run the display ipv6 statistics command to check the IPv6 packet statistics.
----End
7.4 Configuring IPv6 Neighbor Discovery

This section describes how to configure IPv6 neighbor discovery.
7.4.2 Configuring Static Neighbors
7.4.3 Enabling RA Message Advertising
7.4.4 Setting the Interval for Advertising RA Messages
7.4.5 Enabling Stateful Auto Configuration
7.4.6 Configuring the Address Prefixes to Be Advertised
7.4.7 Configuring Other Information to Be Advertised

Most of the ND configurations are implemented based on the interfaces.
Before configuring IPv6 neighbor discovery, complete the following tasks:
7-6
Configuring the physical features for the interface and ensuring that the status of the
Configuring link layer parameters for the interface
Configuring the IPv6 address for the interface

Issue 04 (2010-01-25)

Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
No.
Data
Number of interface which needs to be configured with IPv6 ND
IPv6 address and MAC address of the static neighbor
Intervals, prefix, and life duration of RA messages
Flag bit of automatic configuration
Hop limit of ND
Sending times of NS for DAD
Intervals for re-transmitting NS messages
NUD reachable time
Interface MTU
7.4.2 Configuring Static Neighbors

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
ipv6 neighbor ipv6-address mac-address vid vlan-id interface-type interface-number
Static neighbors are configured.

----End
7.4.3 Enabling RA Message Advertising

Context
Issue 04 (2010-01-25)

7-7

Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
undo ipv6 nd ra halt
The function of advertising RA messages is enabled.

By default, suppress the device from advertising messages.
----End
7.4.4 Setting the Interval for Advertising RA Messages

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }
The interval for advertising RA messages is configured.

By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds.
The maximum interval can not be shorter than the minimum interval.
----End
7.4.5 Enabling Stateful Auto Configuration

Context
7-8

Issue 04 (2010-01-25)

Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
ipv6 nd autoconfig managed-address-flag
The flag bit for stateful auto configuration addresses is set.

If this flag is set, hosts use the stateful protocol for address auto-configuration in addition to any
addresses auto-configured using stateless address auto-configuration.
Step 4 Run:
ipv6 nd autoconfig other-flag
The flag bit for other stateful configurations is set.

When this flag is set, hosts use the stateful protocol for auto-configuration of other (non-address)
information.
----End
7.4.6 Configuring the Address Prefixes to Be Advertised

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length } validlifetime preferred-lifetime [ no-autoconfig ] [ off-link ]
The prefix of RA messages is configured.

----End
7.4.7 Configuring Other Information to Be Advertised

Issue 04 (2010-01-25)

7-9

Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can
configure the number of DAD messages which are sent continuously.
Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS
re-transmitting time interval is 1000ms.
NUD checks the reachability of neighbors. By default, NUD value is 30000ms.
The MTU of the interface determines whether to fragment IP packets on the interface.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ipv6 nd hop-limit limit
ND hop limit is configured.

The value of limit ranges from 1 to 255. By default, it is 64.
Step 3 Run:

Step 4 Run:
ipv6 nd ra router-lifetime ra-lifetime
The life duration of RA messages is configured.

NOTE
When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval
must be less than or equal to the life duration.
By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.
By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration
is still 1800 seconds.
Step 5 Run:
ipv6 nd dad attempts value
Times to send NS message for DAD are configured.

Step 6 Run:
ipv6 nd ns retrans-timer value
The interval for re-sending NS messages is set.

Step 7 Run:
ipv6 nd nud reachable-time value
The NUD reachable time is set.

7-10

Issue 04 (2010-01-25)

Step 8 Run:
ipv6 mtu mtu
MTU of the interface is configured.

----End
Postrequisite
If the IPv6 MTU value is changed, run the shutdown command and the undo shutdown
command orderly in the interface view to validate the configuration.

Prerequisite
The configurations of the IPv6 neighbor discovery function are complete.
Procedure
l
Run the display ipv6 neighbors interface-type interface-number command to check the
neighbor information in the cache.

check the IPv6 information of an interface.
----End
7.5 Configuring PMTU

This section describes how to configure IPv6 PMTU.
7.5.2 Creating Static PMTU Entries
7.5.3 Configuring PMTU Aging Time

By setting PMTUs on interfaces, you can enable devices to send packets based on proper MTUs
across the network. This avoids packet fragmentation, reduces the burden of the devices,
implements efficient usage of network resources and achieves the best throughput.
Before configuring PMTUs, complete the following tasks:
l
Issue 04 (2010-01-25)
Configuring the physical features for the interface and ensuring that the status of the
7-11


l
Configuring the link layer protocol for the interface
Data Preparation
To configure PMTUs, you need the following data.
No.
Data
IPv6 address and PMTU value to be configured
PMTU aging time
7.5.2 Creating Static PMTU Entries

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ipv6 pathmtu ipv6-address [ path-mtu ]
The PMTU value of a specified IPv6 address is configured.

The path-mtu ranges from 1280 to 10000 bytes. By default, the PMTU of the IPv6 address is
1500 bytes.
----End
7.5.3 Configuring PMTU Aging Time

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ipv6 pathmtu age age-time
The aging time of PMTU is configured.

7-12

Issue 04 (2010-01-25)

By default, the dynamic PMTU aging time is 10 minutes.

The PMTU aging time is used to change the lifetime of a dynamic PMTU entry in the cache. It
has no effect on static PMTU entries because they cannot be aged.
----End

Prerequisite
The configurations of the PMTU are complete.
Procedure
l
Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command to check
all PMTU items.

check the current MTU of the interface.
----End
7.6 Configuring TCP6

This section describes how to configure TCP connections.
7.6.2 Configuring TCP6 Timers
7.6.3 Configuring the Size of the TCP6 Sliding Window

To optimize network performance, you need to adjust the TCP6 parameters.
Before configuring TCP6, complete the following tasks:
l
Connecting and configuring the physical features for the interface and ensuring that the
status of the physical layer of the interface is Up
Configuring the link layer protocol parameters for the interface and ensuring that the status
of the link layer protocol on the interface is Up
Data Preparation
To configure TCP6, you need the following data.
Issue 04 (2010-01-25)

7-13

No.
Data
Value of TCP6 FIN-WAIT timer
Value of TCP6 SYN-WAIT timer
Size of TCP6 Sliding Window
7.6.2 Configuring TCP6 Timers

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
tcp ipv6 timer syn-timeout timer-value
The TCP6 SYN-WAIT timer is set.

By default, the SYN-WAIT timer is 75s.
Step 3 Run:
tcp ipv6 timer fin-timeout timer-value
The TCP6 FIN-WAIT timer is set.

By default, the FIN-WAIT timer is 675s.
----End
7.6.3 Configuring the Size of the TCP6 Sliding Window

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
tcp ipv6 window window-size
The size of the TCP6 sliding window is configured.

7-14

Issue 04 (2010-01-25)

The size of the TCP6 sliding window ranges from 1 KB to 32 KB. By default, the size of the
TCP6 sliding window is 8 KB.
----End

Prerequisite
The configurations of the TCP6 function are complete.
Procedure
l
Run the display tcp ipv6 statistics command to check related TCP6 statistics.
Run the display tcp ipv6 status command to check the TCP6 connection status.
Run the display udp ipv6 statistics command to check related UDP6 statistics.
Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command to check
the information of the specified socket.
----End
Example
Run the display tcp ipv6 statistics, display tcp ipv6 status, and display udp ipv6 statistics
commands. If the connection status and statistic of TCP6 and UDP6 are displayed, it means that
<Quidway> display tcp ipv6 statistics
Received packets:
Total: 0
packets in sequence: 0 (0 bytes)
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets with data after window: 0 (0 bytes)
packets after close: 0
ACK packets: 0 (0 bytes)
duplicate ACK packets: 0, too much ACK packets: 0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 (including 0 RST)
data packets: 0 (0 bytes) data packets retransmitted: 0 (0 bytes)
ACK only packets: 0 (0 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disc
onnected : 0
Initiated connections: 0, accepted connections: 0, established connections: 0
Closed connections: 0 (dropped: 0, initiated dropped: 0)
<Quidway> display tcp ipv6 status
TCP6CB
Local Address
Foreign Address
State
09e39ae4 3000::2->179
3000::1->49158
Time_Wait
09e36f24 3000::2->49152
3000::1->179
Established
07da08f8 ::->179
::->0
Listening
07d96da8 ::->23
::->0
Listening
Issue 04 (2010-01-25)

7-15

<Quidway> display udp ipv6 statistics

Received packets:
Total: 0
checksum error: 0
shorter than header: 0, invalid message length: 0
no socket on port: 0
no multicast port: 0
not delivered, input socket full: 0
Sent packets:
Total: 0
Run the display ipv6 socket command. If the related socket information is displayed, it means
that the configuration succeeds.
<Quidway> display ipv6 socket
SOCK_STREAM:
Task = VTYD(14), socketid = 4, Proto = 6,
LA = ::->22, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
Task = VTYD(14), socketid = 3, Proto = 6,
LA = ::->23, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
SOCK_DGRAM:
SOCK_RAW:
7.7 Maintaining IPv6

This section describes how to clear IPv6 statistics and debug IPv6.
7.7.1 Resetting IPv6
7.7.2 Monitoring Network Operation Status of IPv6
7.7.3 Debugging IPv6
7.7.1 Resetting IPv6

Context
NOTE
IPv6 statistics cannot restore after you clear it. So, confirm the action before you use the command.
Procedure
7-16
Run the reset ipv6 statistics [ slot 0 ] command in the user view to clear statistics of
processing IPv6 packets after you confirm it.
Run the reset ipv6 pathmtu { all | dynamic | static } command in the user view to clear
PMTU entries in the cache after you confirm it.
Run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interfacenumber ] | vlanif vlan-id } command in the user view to clear all IPv6 neighbor statistics
after you confirm it.
Run the reset ipv6 routing-table statistics protocol { all | protocol } command in the user
view to clear all IPv6 routing table statistics after you confirm it.
Issue 04 (2010-01-25)

Run the reset tcp ipv6 statistics command in the user view to clear all TCP6 statistics after
you confirm it.
Run the reset udp ipv6 statistics command in the user view to clear all UDP6 statistics
after you confirm it.
----End
7.7.2 Monitoring Network Operation Status of IPv6

Context
In routine maintenance, you can run the following command in any view to check the operation
of IPv6.
Procedure
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command in any
view to check the IPv6 information about the interface.
Run the display ipv6 statistics command in any view to check IPv6 packet statistics.
Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ]

command in any view to check contents about the neighbor cache.
Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command in any
view to check all PMTU entries.
Run the display udp ipv6 statistics command in any view to check UDP6 statistics.
Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command in any
view to check information about the specified socket.
Run the display ipv6 fib { begin | include | exclude } regular-expression ] command in
any view to check information about the FIB.
----End
7.7.3 Debugging IPv6

Context
NOTE
Debugging affects the performance of the system. So, after debugging, execute the undo debugging all
command to disable it immediately.
Run the following debugging commands in the user view to debug IPv6 and locate the fault.
For the procedures of displaying the debugging information, refer to the chapter "Information
Center Configuration" in the Quidway S5300 SeriesConfiguration Guide - Device
Management.
Procedure
l
Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6.
Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and
ND messages.
Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to
debug IPv6 packet.
Issue 04 (2010-01-25)

7-17

Run the debugging ipv6 pathmtu command in the user view to debug PMTU.
Run the debugging tcp ipv6 { event | packet } [ task-id socket-id ] command in the user
view to debug TCP6.
Run the debugging udp ipv6 packet [ task-id socket-id ] command in the user view to
debug UDP6.
----End

This section provides a configuration example for the IPv6 address.
7.8.1 Example for Configuring an IPv6 Address for an Interface
7.8.1 Example for Configuring an IPv6 Address for an Interface

Networking Requirement
As shown in Figure 7-1, S-switch-A and S-switch-B are connected through VLANIF interfaces.
It is required to configure IPv6 global unicast addresses for the interfaces and test the connectivity
between them.
The IPv6 global unicast addresses to be configured for the interfaces are 3001::1/64 and
3001::2/64.
Figure 7-1 Networking diagram of configuring an IPv6 address for an interface
Vlanif1
3001::1/64
S-switch-A
Vlanif1
3001::2/64
S-switch-B
1.
Enable IPv6 forwarding capability on devices.
2.
Configure IPv6 global unicast addresses for the interfaces.
Data Preparation
To complement the configuration, you need the following data:
l
Global unicast addresses and prefix length of the interfaces
Procedure
Step 1 Enable IPv6 packet forwarding on S-switch-A and S-switch-B.
7-18

Issue 04 (2010-01-25)

# Configure S-switch-A
[S-switch-A] ipv6
# Configure S-switch-B
[S-switch-B] ipv6
Step 2 Configure IPv6 global unicast addresses for the interfaces.

# Configure S-switch-A.
[S-switch-A] vlan 1
[S-switch-A-vlan1] port gigabitethernet0/0/1
[S-switch-A-vlan1] quit
[S-switch-A-Vlanif1] ipv6 address 3001::1/64
# Configure S-switch-B.
[S-switch-B] vlan 1
[S-switch-B-vlan1] port gigabitethernet0/0/1
[S-switch-B-vlan1] quit
[S-switch-B-Vlanif1] ipv6 address 3001::2/64
Step 3 Verify the configuration.

If the configuration succeeds, you can view the configured IPv6 global unicast addresses and
status of the interface and the IPv6 protocol are both Up.
# Display interface information of S-switch-A.
[S-switch-A] display ipv6 interface vlanif 1
Vlanif1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:FF:FE00:7200
Global unicast address(es):
3001::1, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF00:7200
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# Display interface information of S-switch-B.

[S-switch-B] display ipv6 interface vlanif 1
Vlanif1 current state :
UP
IPv6 is enabled, link-local address is FE80::2D6F:0:7AF3:1
3001::2, subnet is 3001::/64
FF02::1:FF00:2
FF02::1:FFF3:1
FF02::2
FF02::1
Issue 04 (2010-01-25)

7-19


MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
# On S-switch-A, ping the link-local address of S-switch-B. Note that you need to use the
parameter -i to specify the interface.
[S-switch-A] ping ipv6 fe80::2d6f:0:7af3:1 -i vlanif 1
PING FE80::2D6F:0:7AF3:1 : 56 data bytes, press CTRL_C to break
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=1 hop limit=64 time = 60 ms
--- FE80::2D6F:0:7AF3:1 ping statistics --5 packet(s) transmitted
0.00% packet loss
# On S-switch-A, ping the global unicast IPv6 address of S-switch-B.

[ S-switch-A] ping ipv6 3001::2
PING 3001::2 : 56 data bytes, press CTRL_C to break
Reply from 3001::2
Reply from 3001::2
Reply from 3001::2
Reply from 3001::2
Reply from 3001::2
--- 3001::2 ping statistics --5 packet(s) transmitted
0.00% packet loss
----End
Configuration Files
l

#
sysname S-switch-A
#
ipv6
#
interface Vlanif1
ipv6 address 3001::1/64
#
port default vlan 1

#
sysname S-switch-B
#
ipv6
7-20

Issue 04 (2010-01-25)

#
interface Vlanif1
#
port default vlan 1
Issue 04 (2010-01-25)

7-21

IPv6 over IPv4 Tunnel Configuration
About This Chapter

This chapter describes the IPv6 over IPv4 tunnel fundamentals. It also describes configuration
steps for IPv6 over IPv4 tunnel configuration, along with typical examples.
8.1 Introduction to IPv6 over IPv4
8.2 IPv6 over IPv4 Supported by the S-switch
8.3 Configuring IPv4/IPv6 Dual Stacks
This section describes how to enable the IPv4/IPv6 dual protocol stacks.
8.4 Configuring an IPv6 over IPv4 Tunnel
This section describes how users in IPv6 networks communicate across an IPv4 network.
This section provides several configuration examples of IPv6 over IPv4 tunnels.
Issue 04 (2010-01-25)

8-1

8.1 Introduction to IPv6 over IPv4

During the transition from the IPv4 Internet to the IPv6 Internet, IPv4 networks have been widely
deployed while IPv6 domains are isolated and dispersed around the world. It is not economical
to connect these isolated sites with private lines.
The usual method is tunnel technology. This technology creates tunnels over IPv4 networks to
connect isolated IPv6 domains. This is similar to the situation where the tunnel technology is
used to deploy VPNs on the IP networks.
The tunnel used to connect isolated IPv6 domains over IPv4 networks is called IPv6 over IPv4
tunnel. To implement this tunnel, enable IPv4/IPv6 dual stacks on the devices at the border of
the IPv4 network and the IPv6 network.
8.2 IPv6 over IPv4 Supported by the S-switch

Dual Stacks
The simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve a
complete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure
8-1 shows a single stack structure and a dual stack structure.
Figure 8-1 Single stack and dual stack structures (Ethernet)
IPv4 Application
TCP
UDP
IPv4/IPv6 Application
TCP
UDP
IPv4
IPv4
Protocol ID:
0x0800
Ethernet
IPv4 Stack
IPv6
Protocol ID: Protocol ID:
0x86DD
0x0800
Ethernet
Dual Stack
The characteristics of the dual-stack structure are as follows:

l
Supported by multiple link layer protocols

Multiple link layer protocols, such as Ethernet, support dual stacks. The link layer in the
above diagram is the Ethernet. For an Ethernet frame with the protocol ID field value of
0x0800 indicates that the network layer has IPv4 packets. The ID field value of 0x86DD
indicates that the network has IPv6 packets.
8-2
Supported by multiple applications

Issue 04 (2010-01-25)

Multiple applications such as DNS, FTP and Telnet support dual stacks. The upper
application, such as DNS, can select TCP or UDP as its transport layer protocol. However,
it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.
IPv6 over IPv4 Tunnel

Figure 8-2 shows principles of the IPv6 over IPv4 tunnel technology.
1.
Enabling IPv4/IPv6 dual stacks

Enable IPv4/IPv6 dual stacks on the border device.
2.
Encapsulating IPv6 packets

After receiving a packet from the IPv6 network, the border device takes the received IPv6
packet as the payload, adds an IPv4 packet header before the payload and encapsulates it
into an IPv4 packet if it finds that the destination of the packet is not for itself.
3.
Transmitting the encapsulated packet

In the IPv4 network, the encapsulated packet is transmitted to the peer border device.
4.
Decapsulating the packet

The peer border device decapsulates the packet, removes the IPv4 packet header, and
forwards the resulting IPv6 packet to the remote IPv6 network.
Figure 8-2 Schematic diagram of IPv6 over IPv4 tunnel
Dual Stack
Dual Stack
IPv4
Tunnel
IPv6
IPv6 host
IPv6 Header
IPv6 Data
IPv4 Header IPv6 Header
IPv6
IPv6 Header
IPv6 host
IPv6 Data
IPv6 Data
The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 over
IPv4 tunnel. Tunnels can be classified according to their setup modes.
The common IPv6 over IPv4 tunnel modes include:
l
IPv6 over IPv4 manual tunnels
6to4 tunnels
Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnels
IPv6 over IPv4 Manual Tunnel

An IPv6 over IPv4 manual tunnel is set up by configuring the border devices of two tunnel ends.
The source IPv4 address and destination IPv4 address of such a tunnel must be configured
statically.
A manual tunnel is equivalent to a permanent link between two IPv6 networks over an IPv4
backbone network. It is the fixed channel for regular and secure communication between the
two border devices.
Issue 04 (2010-01-25)

8-3

The manual tunnel can be used between isolated IPv6 networks. It can also be used between a
border device and a host. In this case, the host and the device on both ends of the tunnel must
support the IPv4 and the IPv6 protocol stacks.
6to4 Tunnel
A 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over an
IPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6
network and the IPv4 network. The border device on both the ends of the 6to4 tunnel must
support the IPv4 and the IPv6 dual protocol stacks at the same time.
The key difference between the 6to4 tunnel and the manual tunnel is that the former can be a
point-to-multipoint connection, and the latter is only a point-to-point connection. Hence, the
devices of the 6to4 tunnel are not configured in pairs.
The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. You
need not specify the IPv4-compatible IPv6 address for it.
The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the following
format:
2002:IPv4 address: subnet ID:interface ID
The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4
address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address must
be configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4
network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both the
subnet ID and the interface ID are allocated in the isolated IPv6 domains.
As shown in Figure 8-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4
network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address of
the host or device in Site1 is the IPv4 address of the interface through which S-switch-A accesses
the IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or device
in Site2 is the IPv4 address of the interface through which S-switch-B accesses the IPv4 network.
S-switch-A and S-switch-B are both 6to4 devices.
Figure 8-3 6to4 tunnel and 6to4 relay
6to4
Router
6to4
Network
Site1
6to4
Router
IPv4
Network
S-switch-A
S-switch-C
6to4
Network
Site2
S-switch-B
6to4
Relay
IPv6
Internet
Site3
When the host in Site1 accesses the host in Site2, the process concerned is as follows:
8-4

Issue 04 (2010-01-25)

1.
The IPv6 packet is transmitted to S-switch-A.
2.
S-switch-A checks the destination address of the IPv6 packet and finds that the address is
the 6to4 address, from which S-switch-A obtains the remote IPv4 address of the 6to4 tunnel.
3.
S-switch-A encapsulates this IPv6 packet into the IPv4 packet. The destination address of
IPv4 packet header is the remote IPv4 address of the tunnel, and its source address is the
local IPv4 address of the tunnel.
4.
S-switch-A forwards the IPv4 packet in the IPv4 network to S-switch-B.
5.
S-switch-B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6
packet to the destination host in Site2.
The above process implements the communication between the 6to4 networks. To implement
the communication between the 6to4 network and native IPv6 network, a 6to4 relay device is
needed. The so-called native IPv6 network means that both its internal host and device are not
configured with the 6to4 address.
The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network.
One side of the 6to4 relay device is connected to the native IPv6 network; the other side is
connected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device.
As shown in Figure 8-3, when the host in the 6to4 network accesses the IPv6 Internet, the process
concerned is as follows:
1.
The IPv6 packet is routed to S-switch-A.
2.
A 6to4 tunnel is created between S-switch-A and S-switch-C.
3.
The IPv6 packet is encapsulated into the IPv4 packet and is sent to S-switch-C.
4.
S-switch-C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends the
IPv6 packet to the destination host in the IPv6 Internet.
ISATAP Tunnel
The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6
network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device.
The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows:
Prefix (64bit)::5EFE:IPv4-Address
When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in a
same IPv4 network), the IPv4 address embedded into the ISATAP address can be either a public
network address or a private network address.
As shown in Figure 8-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as follows:
1.
The IPv4/IPv6 host sends a request message to a device.

The IPv4/IPv6 host uses the link-local address in the ISATAP format to send a router
request message to the ISATAP device. It encapsulates the message into the IPv4 packet.
2.
The ISATAP device responds to the request message.

The ISATAP device uses a router notification message to respond to the request. The router
notification message contains the ISATAP prefix, which is manually configured on the
device.
3.
Issue 04 (2010-01-25)
The IPv4/IPv6 host obtains its IPv6 address.

8-5

The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with
5EFE:IPv4-Address, and uses this address to access the IPv6 host.
Figure 8-4 ISATAP tunnel
IPv6
Host
IPv4
Network
ISATAP Tunnel
IPv6
Network
ISATAP
Router
IPv4/IPv6 Host
2.1.1.1
FE80::5EFE:0201:0101
3FFE::5EFE:0201:0101
The principle of an IPv4 or IPv6 host accessing an IPv6 network is as follows:

1.
The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps given
above.
2.
The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host in
the IPv6 network.
3.
An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6
host.
8.3 Configuring IPv4/IPv6 Dual Stacks

This section describes how to enable the IPv4/IPv6 dual protocol stacks.
8.3.2 Enabling IPv6 Packet Forwarding
8.3.3 Configuring IPv4 and IPv6 Addresses for the Interface

If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to be
enabled on the device.
Enabling the IPv4/IPv6 dual protocol stacks on the S-switch is a simple process. Enable the IPv6
packet forwarding capacity in the system view and configure an IPv4 address or IPv6 address
on the corresponding interface. The device can then forward IPv4 and IPv6 packets on the
corresponding interface.
Before configuring IPv6 tunnels, complete the following tasks:
8-6

Issue 04 (2010-01-25)

Configuring the link layer parameters for the interface
Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data.
No.
Data
Type and number of the interface connected with the IPv4 network
IPv4 address and mask of the interface connected with the IPv4 network
Type and number of the interface connected with the IPv6 network
IPv6 address and prefix of the interface connected with the IPv6 network
8.3.2 Enabling IPv6 Packet Forwarding

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
ipv6
The IPv6 packet forwarding capability is enabled.

To enable a device to forward IPv6 packets, you must run this command in the system view;
otherwise, the IPv6 protocol status on the interface is Down and the device cannot forward IPv6
packets although the interface is configured with an IPv6 address.
By default, the IPv6 packet forwarding capability is disabled.
----End
8.3.3 Configuring IPv4 and IPv6 Addresses for the Interface

Context
Issue 04 (2010-01-25)

8-7

Procedure
Step 1 Run:
system-view

Step 2 Run:
The interface view of the IPv4 network is displayed.

Step 3 Run:
An IPv4 address is assigned to the interface.

Step 4 Run:
quit
Return to the system view.

Step 5 Run:
The interface view of the IPv6 network is displayed.

Step 6 Perform the following configuration as required.
l
Run:
ipv6 address auto link-local
The link-local address is set to be automatically generated.

l
Run:
ipv6 address ipv6-address link-local
The link-local address of the interface is configured.

l
Run:
ipv6 address { ipv6-address prefix-length | ipv6-address / prefix-length }
The global unicast address is configured.

l
Run:
ipv6 address ipv6-address / prefix-length [ eui-64 ]
The IPv6 EUI-64 address is configured.

----End
8.4 Configuring an IPv6 over IPv4 Tunnel

This section describes how users in IPv6 networks communicate across an IPv4 network.
8.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface
8.4.3 Configuring an IPv6 over IPv4 Manual Tunnel
8.4.4 Configuring a 6to4 Tunnel
8.4.5 Configuring an ISATAP Tunnel
8-8

Issue 04 (2010-01-25)

8.4.6 Configuring Routes in the Tunnel


To enable communication between two IPv6 networks over the IPv4 network, configure an IPv6
over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.
Before configuring an IPv6 over IPv4 tunnel, complete the following tasks:
l
Configuring the link layer protocol for the interface and ensuring that the status of the link
layer protocol on the interface is Up
Configuring the IPv4/IPv6 dual-protocol stacks
Data Preparation
To configure an IPv6 over IPv4 tunnel, you need the following data.
No.
Data
Number, IPv6 address and prefix length of the tunnel
Encapsulation mode of packets over the tunnel
Source IPv4 address or interface number of the tunnel
Destination IPv4 address of the tunnel
8.4.2 Enabling the Service Loopback Function on an Eth-Trunk

Interface
Context
Before enabling the service loopback function on an Eth-Trunk interface, note the following:
l
You need to create an Eth-Trunk interface and keep it in the Up state before enabling the
service loopback function.
Only one interface enabled with the service loopback function is needed on a device.

Issue 04 (2010-01-25)

8-9

Procedure
Step 1 Run:
system-view

Step 2 Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.

Step 3 Run:
service-type tunnel
The Eth-Trunk interface is enabled with the service loopback function.

----End
8.4.3 Configuring an IPv6 over IPv4 Manual Tunnel

Context
Note the following when configuring an IPv6 over IPv4 manual tunnel:
l
Create only one interface enabled with the service loopback function on a device first, and
keep it in the Up state.
Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface.
You need to conduct the following configurations on the devices on both the ends of the
tunnel. During the configuration, note that the source address of the local tunnel end is the
destination address set for the remote tunnel end; the destination address of the local tunnel
end is the source address set for the remote tunnel end.
To support dynamic routing protocol, you also need to configure the tunnel interface with
a network address.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ipv6
IPv6 is enabled on the device.

Step 3 Run:
interface tunnel interface-number
The tunnel interface is created.

Step 4 Run:
tunnel-protocol ipv6-ipv4
8-10

Issue 04 (2010-01-25)

The tunnel is specified be an IPv6 over IPv4 manual tunnel.

Step 5 Run:
source vlanif vlan-id
The source interface of the tunnel is specified.

Step 6 Run:
destination ipv4-address
The destination address of the tunnel is specified.

NOTE
The destination address of the tunnel can be the address of a physical interface or the address of a loopback
interface.
Step 7 Run:
The tunnel interface is configured with an IPv6 address.

----End
8.4.4 Configuring a 6to4 Tunnel

Context
Note the following when configuring a 6to4 tunnel:
l
Before configuring other parameters of the tunnel, create a tunnel interface.
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. The
destination address of the tunnel is automatically obtained from the destination IP address
field carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnel
must be unique.
On the border device, configure a 6to4 address on the interface that is connected with the
6to4 network, and configure an IPv4 address on the interface that is connected with the
IPv4 network. To make the tunnel support the routing protocol, configure an IP address for
the tunnel interface.
Procedure
Step 1 Run:
system-view

Step 2 Run:
ipv6
Issue 04 (2010-01-25)

8-11

IPv6 is enabled on the device.

Step 3 Run:
A tunnel interface is created.

Step 4 Run:
tunnel-protocol ipv6-ipv4 6to4
The tunnel is specified as a 6to4 tunnel.

Step 5 Run:
source vlanif vlan-id
The source interface of the tunnel is specified.

Step 6 Run:
The interface is configured with an IPv6 address.

----End
8.4.5 Configuring an ISATAP Tunnel

Context
Note the following when configuring an ISATAP tunnel:
l
Before configuring other parameters of the tunnel, create a tunnel interface.
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
When configuring an ISATAP tunnel, you need to specify only the source address of the
tunnel. The destination address of the tunnel is automatically obtained from the destination
IP address field carried in the original IPv6 packet. Note that the source interface of the
ISATAP tunnel must be unique.
The IPv6 address configured on the tunnel interface is an ISATAP address with a prefix
length of 64 bits.
Procedure
Step 1 Run:
system-view

Step 2 Run:
A tunnel interface is created.

8-12

Issue 04 (2010-01-25)

Step 3 Run:
tunnel-protocol ipv6-ipv4 isatap
The tunnel is specified as an ISATAP tunnel.

Step 4 Run:
source { ipv4-address | interface-type interface-number }
The source address or source interface of the tunnel is specified.

Step 5 Run:
The tunnel interface is configured with an IPv6 address.

Step 6 Run:
The device is allowed to advertise routes.

----End
8.4.6 Configuring Routes in the Tunnel

Context
Routes for forwarding must exist on the source device and the destination device of the tunnel,
ensuring normal packet forwarding.
Configuring routes in the tunnel comprises configuring static routes and dynamic routes.
l
You can configure the static route by manually configuring the route to the destination
address (the destination address specified before encapsulating packets rather than the
destination address of the tunnel), and configure the next hop as the address of the peer
tunnel interface.
You can enable dynamic routing protocol on the tunnel interface connected to the private
networks and on the device interface.

Prerequisite
The configurations of the IPv6 over IPv4 Tunnel function are complete.
Procedure
Step 1 Run the display interface tunnel [ interface-number ] [ verbose ] [ | { begin | exclude |
include } regular-expression ] command to check the operation status of a tunnel interface.
Step 2 Run the display ipv6 interface tunnel interface-number command to check the IPv6 attributes
of a tunnel interface.
----End
Issue 04 (2010-01-25)

8-13

Example
Run the display interface tunnel command. If the tunnel interface is Up and is configured with
a source address, a destination address and the protocol type, it means that the configuration
succeeds.
<Quidway> display interface tunnel 0/0/3
Tunnel0/0/3 current state : UP
Line protocol current state : DOWN
Description : HUAWEI, Quidway Series, Tunnel0/0/3 Interface, Route Port
The Maximum Transmit Unit is 1500 bytes
Internet protocol processing : disabled
Encapsulation is TUNNEL, loopback not set
Tunnel source 192.168.51.2 (Vlanif1), destination 192.168.50.2
Tunnel protocol/transport IPv6 over IPv4
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
0 input error
0 packets output, 0 bytes
0 output error
Run the display ipv6 interface tunnel command. If the IPv6 packets forwarding is enabled,
you can see the state of tunnel interface is Up, the state of IPv6 protocol is Up, source address
and ND parameters.
<Quidway> display ipv6 interface tunnel 0/0/3
IPv6 is enabled, link-local address is FE80::C0A8:3302
3001::2, subnet is 3001::/64
FF02::1:FFA8:3302
FF02::1:FF00:2
FF02::2
FF02::1
MTU is 1500 bytes

This section provides several configuration examples of IPv6 over IPv4 tunnels.
8.5.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel
8.5.2 Example for Configuring a 6to4 Tunnel
8.5.3 Example for Configuring an ISATAP Tunnel
8.5.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel

As shown in Figure 8-5, two IPv6 networks are connected to S-switch-B in the IPv4 backbone
network respectively through S-switch-A and S-switch-C. To enable communication between
two IPv6 networks, configure an IPv6 over IPv4 manual tunnel between S-switch-A and Sswitch-C.
8-14

Issue 04 (2010-01-25)

Figure 8-5 Networking diagram of the IPv6 over IPv4 manual tunnel
Vlanif1
192.168.50.1/24
S-switch-B
GE0/0/1
Vlanif2
192.168.51.1/24
GE0/0/2
GE0/0/1
S-switch-C
IPv4 network
Vlanif1
192.168.50.2/24
Vlanif2
IPv6
192.168.51.2/24
Dual
Dual
Stack
Stack
S-switch-A GE0/0/1
IPv6
The configuration roadmap of IPv6 over IPv4 manual tunnel is as follows:
1.
Enabling the service loopback function on an Eth-Trunk interface.
2.
Configure IP addresses for physical interfaces.
3.
Configure IPv6 addresses, the source interface, and the destination addresses for the tunnel
interfaces.
4.
Set the tunnel protocol as IPv6-IPv4.
Data Preparation
l
IP addresses of interfaces
IPv6 addresses, the source interfaces and the destination addresses of the tunnel interfaces
Procedure
Step 1 Configure S-switch-A.
# Enabling the service loopback function on an Eth-Trunk interface.
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service-type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway-GigabitEthernet0/0/1] eth-trunk 1
# Configure an IP address for the VLANIF interface.

[S-switch-A] ipv6
# Set the tunnel protocol as IPv6-IPv4.

Issue 04 (2010-01-25)

8-15

[S-switch-A] interface tunnel 0/0/1

[S-switch-A-Tunnel0/0/1] tunnel-protocol ipv6-ipv4
# Configure the IPv6 address, source interface, and destination address for the tunnel interface.
[S-switch-A-Tunnel0/0/1]
ipv6 enable
source vlanif 1
destination 192.168.51.2
quit
# Configure static routes.

[S-switch-A] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1
Step 2 Configure S-switch-B.


Step 3 Configure S-switch-C.


[Quidway] sysname S-switch-C
[S-switch-C] ipv6
[S-switch-C] interface vlanif 1
[S-switch-C-Vlanif1] ip address 192.168.51.2 255.255.255.0
[S-switch-C-Vlanif1] quit
# Set the tunnel protocol as IPv6-IPv4.

[S-switch-C] interface tunnel 0/0/1
[S-switch-C-Tunnel0/0/1] tunnel-protocol ipv6-ipv4
# Configure the IPv6 address, source interface, and destination address for the tunnel interface.
[S-switch-C-Tunnel0/0/1]

source vlanif 1
quit

8-16

Issue 04 (2010-01-25)

[S-switch-C] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1

# On S-switch-C, ping the IPv4 address of the interface VLANIF1 of S-switch-A. S-switch-C
can receive response packets from S-switch-A.
[S-switch-C] ping 192.168.50.2
0.00% packet loss
# On S-switch-C, ping the IPv6 address of Tunnel 0/0/1 of S-switch-A. S-switch-C can receive
response packets from S-switch-A.
[S-switch-C] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press
Reply from 3001::1
bytes=56 Sequence=1 hop limit=255
Reply from 3001::1
Reply from 3001::1
Reply from 3001::1
Reply from 3001::1
--- 3001::1 ping statistics --5 packet(s) transmitted
0.00% packet loss
CTRL_C to break
time = 28 ms
time = 27 ms
time = 26 ms
time = 27 ms
time = 26 ms
----End
Configuration File
l

#
sysname S-switch-A
#
ipv6
#
interface Vlanif1
ip address 192.168.50.2 255.255.255.0
#
interface Eth-Trunk1
service-type tunnel
#
interface Tunnel0/0/1
source Vlanif1
#
eth-trunk 1
#
ip route-static 192.168.51.0 255.255.255.0 192.168.50.1
Issue 04 (2010-01-25)

8-17

#
return
l

#
sysname S-switch-B
#
interface Vlanif1
ip address 192.168.50.1 255.255.255.0
#
interface Vlanif2
ip address 192.168.51.1 255.255.255.0
#
service-type tunnel
#
eth-trunk 1
#
return

#
sysname S-switch-C
#
ipv6
#
interface Vlanif1
ip address 192.168.51.2 255.255.255.0
#
service-type tunnel
#
source Vlanif1
#
eth-trunk 1
#
ip route-static 192.168.50.0 255.255.255.0 192.168.51.1
#
return
8.5.2 Example for Configuring a 6to4 Tunnel

As shown in Figure 8-6, two IPv6 networks are both 6to4 networks. S-switch-A and Sswitch-B are connected with the 6to4 network and the IPv4 network. To enable communication
between the hosts in the two 6to4 network, it is required to set up a 6to4 tunnel between Sswitch-A and S-switch-B.
To enable communication between 6to4 networks, configure 6to4 addresses for the hosts in the
6to4 network. A 6to4 address has a 48-bit prefix composed of 2002:IPv4 address:. As shown
in Figure 8-6, the IPv4 address of the interface through which A is connected to the IPv4 network
is 2.1.1.1. Therefore, the 6to4 address of A in the 6to4 network should start with
2002:0201:0101::.
8-18

Issue 04 (2010-01-25)

Figure 8-6 Networking diagram of the 6to4 tunnel
IPv4
6to4
6to4
Router
Router
S-switch-B
S-switch-A GE0/0/2
GE0/0/2 Vlanif2
Vlanif2
2002:201:102:1::1/64
Vlanif1
Vlanif1
2002:201:101:1::1/64
2.1.1.1 2.1.1.2
GE0/0/1
GE0/0/1
Tunnel 0/0/1
Tunnel 0/0/1
2002:201:101::1/64
2002:201:102::1/64
PC2
PC1
IPv6
2002:201:101:1::2
2002:201:102:1::2
IPv6
1.
2.
Configure IPv4/IPv6 dual-protocol stacks.
3.
Configure the tunnel protocol as 6to4.
4.
Configure related routes.
Data Preparation
l
IPv4 or IPv6 addresses of interfaces
Source tunnel interface
Procedure
Step 1 Configure S-switch-A.
# Configure IPv4/IPv6 dual protocol stacks.

[S-switch-A] ipv6
[S-switch-A-Vlanif1] ip address 2.1.1.1 8
Issue 04 (2010-01-25)

8-19


[S-switch-A-Vlanif2] ipv6 address 2002:0201:0101:1::1/64
# Configure a 6to4 tunnel.

[S-switch-A] interface tunnel 0/0/1
[S-switch-A-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4
[S-switch-A-Tunnel0/0/1] ipv6 address 2002:0201:0101::1/64
[S-switch-A-Tunnel0/0/1] source vlanif 1
[S-switch-A-Tunnel0/0/1] quit
# Configure a route to other 6to4 networks.

[S-switch-A] ipv6 route-static 2002:: 16 tunnel 0/0/1
Step 2 Configure S-switch-B.

# Configure IPv4/IPv6 dual protocol stacks.

[S-switch-B] ipv6
[S-switch-B-Vlanif1] ip address 2.1.1.2 8
[S-switch-B-Vlanif2] ipv6 address 2002:0201:0102:1::1/64
# Configure a 6to4 tunnel.

[S-switch-B] interface tunnel 0/0/1
[S-switch-B-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4
[S-switch-B-Tunnel0/0/1] ipv6 address 2002:0201:0102::1/64
[S-switch-B-Tunnel0/0/1] source vlanif 1
[S-switch-B-Tunnel0/0/1] quit
# Configure a route to other 6to4 networks.

[S-switch-B] ipv6 route-static 2002:: 16 tunnel 0/0/1
NOTE
There must be an accessible route between S-switch-A and S-switch-B. In this example, both the devices
are directly connected; therefore, no routing protocol needs to be configured.

# Check the IPv6 state of Tunnel 0/0/1 on S-switch-A and find it is UP.
[S-switch-A] display ipv6 interface tunnel 0/0/1
IPv6 is enabled, link-local address is FE80::201:101
2002:201:101::1, subnet is 2002:201:101::/64
FF02::1:FF01:101
FF02::1:FF00:1
FF02::2
8-20

Issue 04 (2010-01-25)

FF02::1
MTU is 1500 bytes
# S-switch-A can ping through the 6to4 address of VLANIF2 of S-switch-B.

[S-switch-A] ping ipv6 2002:0201:0102:1::1
PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break
Reply from 2002:201:102:1::1
Reply from 2002:201:102:1::1
Reply from 2002:201:102:1::1
Reply from 2002:201:102:1::1
Reply from 2002:201:102:1::1
--- 2002:0201:0102:1::1 ping statistics --5 packet(s) transmitted
0.00% packet loss
----End
Configuration Files
l

#
sysname S-switch-A
#
ipv6
#
interface Vlanif1
ip address 2.1.1.1 255.0.0.0
#
interface Vlanif2
ipv6 address 2002:201:101:1::1/64
#
service-type tunnel
#
interface Tunnel 0/0/1
ipv6 address 2002:201:101::1/64
source vlanif 1
#
eth-trunk 1
#
ipv6 route-static 2002:: 16 Tunnel 0/0/1
#
return

#
sysname S-switch-B
#
ipv6
#
interface Vlanif1
ip address 2.1.1.2 255.0.0.0
#
interface Vlanif2
Issue 04 (2010-01-25)

8-21


ipv6 address 2002:201:102:1::1/64
#
service-type tunnel
#
interface Tunnel 0/0/1
ipv6 address 2002:201:102::1/64
source vlanif1
#
eth-trunk 1
#
ipv6 route-static 2002:: 16 Tunnel 0/0/1
#
return
8.5.3 Example for Configuring an ISATAP Tunnel

Network Requirements
As shown in Figure 8-7, an IPv6 host in the IPv4 network running the Windows XP system
needs to access the IPv6 network through a border device. Both the IPv6 host and the border
device support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host and
the border device.
Figure 8-7 Networking diagram of the ISATAP tunnel
IPv4
network
IPv6
network
GE0/0/1
Vlanif1
3001::1/64
IPv6 Host
3001::2
GE0/0/2
ISATAP
Router
Vlanif2
2.1.1.1/8
ISATAP Host
FE80::5EFE:0201:0102
2.1.1.2
2001::5EFE:0201:0102
1.
2.
Configure IPv4/IPv6 dual protocol stacks.
3.
Configure an ISATAP tunnel.
4.
Configure static routes from the IPv6 host to the ISATAP host.
Data Preparation
8-22
IPv4 or IPv6 addresses of interfaces
Source interface of the tunnel

Issue 04 (2010-01-25)

Procedure
Step 1 Configure the ISATAP device.
# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.
[Quidway] ipv6
[Quidway-Vlanif1] ipv6 address 3001::1/64
# Configure an ISATAP tunnel.

[Quidway] interface tunnel 0/0/2
[Quidway-Tunnel0/0/2] tunnel-protocol ipv6-ipv4 isatap
[Quidway-Tunnel0/0/2] ipv6 address 2001::/64 eui-64
[Quidway-Tunnel0/0/2] source vlanif 2
[Quidway-Tunnel0/0/2] undo ipv6 nd ra halt
[Quidway-Tunnel0/0/2] quit
Step 2 Configure the ISATAP host.

# Configure a static route to the border device. (The pseudo interface number of the host is 2.
You can run the ipv6 if command to view the interface corresponding to the automatic tunneling
pseudo interface.
C:\> ipv6 install
Installing...
Succeeded.
C:\> ipv6 rlu 2 2.1.1.1
Step 3 Configure the IPv6 host.

# Configure a static route on the IPv6 host to the border device, so hosts in different networks
can communicate through the ISATAP tunnel.
C:\> ipv6 rtu 2001::/64 6/3001::1

Check the status of the Tunnel 0/0/2 on the ISATAP device and find it is Up.
[Quidway] display ipv6 interface Tunnel 0/0/2
IPv6 is enabled, link-local address is FE80::5EFE:201:101
2001::5EFE:201:101, subnet is 2001::/64
FF02::1:FF01:101
FF02::2
FF02::1
MTU is 1500 bytes
Issue 04 (2010-01-25)

8-23

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
# On the ISATAP device, ping the global unicast IP address of the tunnel interface on the
ISATAP host.
[Quidway] ping ipv6 2001::5efe:2.1.1.2
PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from 2001::5EFE:201:102
--- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted
0.00% packet loss
# On the ISATAP host, ping the global unicast IP address of the ISATAP device.
C:\> ping6 2001::5efe:2.1.1.1
Pinging 2001::5efe:2.1.1.1
from 2001::5efe:2.1.1.2 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
2001::5efe:2.1.1.1:
2001::5efe:2.1.1.1:
2001::5efe:2.1.1.1:
2001::5efe:2.1.1.1:
bytes=32
bytes=32
bytes=32
bytes=32
time=1ms
time=1ms
time=1ms
time=1ms
Ping statistics for 2001::5efe:2.1.1.1:

# The ISATAP host can ping through the IPv6 host.

C:\> ping6 3001::2
Pinging 3001::2 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
3001::2:
3001::2:
3001::2:
3001::2:
time<1ms
time<1ms
time<1ms
time<1ms
Ping statistics for 3001::2:

----End
Configuration Files
The configuration file of the ISATAP device is as follows:
#
sysname Quidway
8-24

Issue 04 (2010-01-25)

#
ipv6
#
interface Vlanif1
#
interface Vlanif2
ip address 2.1.1.1 255.0.0.0
#
service-type tunnel
#
ipv6 address 2001::/64 eui-64
tunnel-protocol ipv6-ipv4 isatap
source Vlanif2
#
eth-trunk 1
#
return
Issue 04 (2010-01-25)

8-25

Quidway S5300 Configuration Guide - IP Service (V100R003C00 - 04)

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Quidway S5300 Configuration Guide - IP Service (V100R003C00 - 04)

Hochgeladen von

Copyright:

Verfügbare Formate

Quidway S5300 Series Ethernet Switches

Configuration Guide - IP Service

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Huawei Industrial Base

Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

2.5 Configuring Proxy ARP Between VLANs...................................................................................................2-10

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

4.2.7 Configuring DHCP Self-Defined Options.............................................................................................4-7

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

5.3 Maintaining IP Performance.........................................................................................................................5-10

6 DHCP Policy VLAN Configuration.......................................................................................6-1

7 Basic IPv6 Configuration..........................................................................................................7-1

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

7.4.2 Configuring Static Neighbors.................................................................................................................7-7

8 IPv6 over IPv4 Tunnel Configuration....................................................................................8-1

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

About This Document

About This Document

Checking the configuration

Data configuration engineers

System maintenance engineers

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

About This Document

This chapter describes the basics, methods

This chapter describes the basics, methods

This chapter describes the basics, methods

This chapter describes the basics, methods

This chapter describes the basics, methods

6 DHCP Policy VLAN Configuration

This chapter describes the basics, methods

7 Basic IPv6 Configuration

This chapter describes the basics, methods

8 IPv6 over IPv4 Tunnel Configuration

This chapter describes the basics, methods

Indicates a hazard with a high level of risk, which if

Huawei Proprietary and Confidential

Quidway S5300 Series Ethernet Switches

About This Document

Indicates a tip that may help you address a problem

Provides additional information to emphasize or

Times New Roman

Normal paragraphs are in Times New Roman.

Names of files, directories, folders, and users are in Boldface.

Book titles are in Italics.

Examples of information displayed on the screen are in Courier

The keywords of a command line are in boldface.

Command arguments are in italics.

Items (keywords or arguments) in brackets [ ] are optional.