Sie sind auf Seite 1von 183

Quidway S5700 Series Ethernet Switches

V100R006C01

Configuration Guide - IP Service


Issue

01

Date

2011-10-26

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved.


No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions


and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.


Address:

Huawei Industrial Base


Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website:

http://www.huawei.com

Email:

support@huawei.com

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

About This Document

About This Document


Intended Audience
This document describes the configurations of the IP services of the S5700, including the basic
knowledge and configurations of secondary IP addresses, DNS, DHCP, IP performance, DHCP
Policy VLAN, basic IPv6 functions, and IPv6 over IPv4 tunnels. By reading this document, you
can learn the concepts and configuration procedures of IP services.
This document is intended for:
l

Policy planning engineers

Installation and commissioning engineers

NM configuration engineers

Technical support engineers

Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol

Description

DANGER

WARNING

CAUTION

Issue 01 (2011-10-26)

Indicates a hazard with a high level of risk, which if not


avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.

TIP

Indicates a tip that may help you solve a problem or save


time.

NOTE

Provides additional information to emphasize or supplement


important points of the main text.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

ii

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

About This Document

Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention

Description

Boldface

The keywords of a command line are in boldface.

Italic

Command arguments are in italics.

[]

Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... }

Optional items are grouped in braces and separated by


vertical bars. One item is selected.

[ x | y | ... ]

Optional items are grouped in brackets and separated by


vertical bars. One item is selected or no item is selected.

{ x | y | ... }*

Optional items are grouped in braces and separated by


vertical bars. A minimum of one item or a maximum of all
items can be selected.

[ x | y | ... ]*

Optional items are grouped in brackets and separated by


vertical bars. Several items or no item can be selected.

&<1-n>

The parameter before the & sign can be repeated 1 to n times.

A line starting with the # sign is comments.

Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all changes made in previous issues.

Changes in Issue 01 (2011-10-26)


Initial commercial release.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

iii

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

Contents

Contents
About This Document.....................................................................................................................ii
1 IP Addresses Configuration........................................................................................................1
1.1 Introduction to IP Addresses..............................................................................................................................2
1.2 Features of IP Addresses Supported by the S5700.............................................................................................2
1.3 Configuring IP Addresses for Interfaces............................................................................................................3
1.3.1 Establishing the Configuration Task.........................................................................................................3
1.3.2 Configuring a Primary IP Address for an Interface...................................................................................3
1.3.3 (Optional) Configuring a Secondary IP Address for an Interface.............................................................4
1.3.4 Checking the Configuration.......................................................................................................................4
1.4 Configuration Examples.....................................................................................................................................5
1.4.1 Example for Setting Primary and Secondary IP Addresses......................................................................5

2 ARP Configuration........................................................................................................................8
2.1 Overview of ARP...............................................................................................................................................9
2.2 ARP Features Supported by the S5700..............................................................................................................9
2.3 Configuring Static ARP....................................................................................................................................10
2.3.1 Establishing the Configuration Task.......................................................................................................10
2.3.2 Configuring Common Static ARP Entries...............................................................................................11
2.3.3 Configuring Static ARP Entries in a VLAN...........................................................................................11
2.3.4 Configuring Static ARP Entries in a VPN Instance................................................................................12
2.3.5 Checking the Configuration.....................................................................................................................13
2.4 Optimizing Dynamic ARP................................................................................................................................13
2.4.1 Establishing the Configuration Task.......................................................................................................13
2.4.2 Modify the aging parameters of dynamic ARP.......................................................................................14
2.4.3 Enabling ARP Suppression Function......................................................................................................14
2.4.4 Enabling Layer 2 Topology Detection Function.....................................................................................15
2.4.5 Checking the Configuration.....................................................................................................................15
2.5 Configuring Routed Proxy ARP.......................................................................................................................15
2.5.1 Establishing the Configuration Task.......................................................................................................16
2.5.2 Configure an IP Addresses for the Interface............................................................................................16
2.5.3 Enabling the Routed Proxy ARP Function..............................................................................................17
2.5.4 Checking the Configuration.....................................................................................................................17
2.6 Configuring Proxy ARP Within a VLAN........................................................................................................17
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

iv

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

Contents

2.6.1 Establishing the Configuration Task.......................................................................................................18


2.6.2 Configure an IP Addresses for the Interface............................................................................................18
2.6.3 Enabling Proxy ARP Within a VLAN....................................................................................................19
2.6.4 Checking the Configuration.....................................................................................................................19
2.7 Configuring Proxy ARP Between VLANs.......................................................................................................19
2.7.1 Establishing the Configuration Task.......................................................................................................20
2.7.2 Configuring an IP Addresses for the Interface........................................................................................20
2.7.3 Enabling Proxy ARP Between VLANs...................................................................................................21
2.7.4 Checking the Configuration.....................................................................................................................21
2.8 Maintaining ARP..............................................................................................................................................21
2.8.1 Clearing ARP Entries..............................................................................................................................22
2.8.2 Monitoring Network Operation Status of ARP.......................................................................................22
2.8.3 Debugging ARP.......................................................................................................................................22
2.9 Configuration Examples...................................................................................................................................23
2.9.1 Example for Configuring ARP................................................................................................................23
2.9.2 Example for Configuring Routed Proxy ARP.........................................................................................26
2.9.3 Example for Configuring Intra-VLAN Proxy ARP................................................................................28
2.9.4 Example for Configuring Inter-VLAN Proxy ARP................................................................................30
2.9.5 Example for Configuring Layer 2 Topology Detection..........................................................................33

3 DHCP Configuration..................................................................................................................36
3.1 Introduction to DHCP.......................................................................................................................................37
3.2 DHCP Features Supported by the S5700.........................................................................................................37
3.3 Configuring the DHCP Server Based on the Global Address Pool..................................................................39
3.3.1 Establishing the Configuration Task.......................................................................................................40
3.3.2 Configuring an Interface to Use Global Address Pool............................................................................41
3.3.3 Configuring Address Allocation Mode for Global Address Pool...........................................................42
3.3.4 (Optional) Configuring DNS for Global Address Pool...........................................................................43
3.3.5 (Optional) Configuring NetBIOS for Global Address Pool....................................................................44
3.3.6 (Optional) Configuring the Customized DHCP Option for the Global Address Pool............................45
3.3.7 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................46
3.3.8 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................47
3.3.9 Checking the Configuration.....................................................................................................................47
3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool...............................................48
3.4.1 Establishing the Configuration Task.......................................................................................................49
3.4.2 Configuring Address Allocation Mode for Interface Address Pool........................................................50
3.4.3 (Optional) Configuring the DNS Service of the VLANIF Interface Address Pool.................................51
3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF Interface Address Pool..........................52
3.4.5 (Optional) Configuring the Customized DHCP Option of the VLANIF Interface Address Pool...........53
3.4.6 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................54
3.4.7 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................54
3.4.8 Checking the Configuration.....................................................................................................................55
3.5 Configuring the DHCP Relay Agent................................................................................................................56
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

Contents

3.5.1 Establishing the Configuration Task.......................................................................................................56


3.5.2 Configuring DHCP Relay on an Interface...............................................................................................57
3.5.3 Configuring a Destination DHCP Server Group.....................................................................................58
3.5.4 Binding an Interface to a DHCP Server Group.......................................................................................59
3.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCP Release Packet...................................60
3.5.6 Checking the Configuration.....................................................................................................................61
3.6 Maintaining DHCP...........................................................................................................................................62
3.6.1 Clearing DHCP Statistics........................................................................................................................62
3.6.2 Monitoring DHCP Operation..................................................................................................................62
3.7 Configuration Examples...................................................................................................................................62
3.7.1 Example for Configuring a DHCP Server Based on the Global Address Pool.......................................63
3.7.2 Example for Configuring the DHCP Server Based on the Interface Address Pool.................................66
3.7.3 Example for Configuring a DHCP Relay Agent.....................................................................................70

4 DHCPv6 Configuration..............................................................................................................74
4.1 Introduction to DHCPv6...................................................................................................................................75
4.2 DHCPv6 Features Supported by the S5700.....................................................................................................76
4.3 Configuring DHCPv6 Relay.............................................................................................................................78
4.3.1 Establishing the Configuration Task.......................................................................................................78
4.3.2 Enabling the DHCPv6 Relay Function....................................................................................................78
4.3.3 (Optional) Configuring the Remote ID...................................................................................................79
4.3.4 (Optional) Configuring Rate Limit of DHCPv6 Messages.....................................................................81
4.3.5 Checking the Configuration.....................................................................................................................81
4.4 Maintaining DHCPv6.......................................................................................................................................82
4.4.1 Clearing the Statistics About DHCPv6 Messages Passing Through the DHCP Relay Agent................82
4.4.2 Monitoring the Running Status of the DHCPv6 Relay Agent.................................................................82
4.5 Configuration Examples...................................................................................................................................83
4.5.1 Example for Configuring DHCPv6 Relay...............................................................................................83

5 IP Performance Configuration..................................................................................................87
5.1 Introduction to IP Performance........................................................................................................................88
5.2 IP Performance Supported by the S5700..........................................................................................................88
5.3 Optimizing IP Performance..............................................................................................................................88
5.3.1 Establishing the Configuration Task.......................................................................................................88
5.3.2 Enabling an Interface to Check the Source IP Addresses of Packets......................................................89
5.3.3 Configuring ICMP Attributes..................................................................................................................90
5.3.4 Setting TCP Parameters...........................................................................................................................90
5.3.5 Checking the Configuration.....................................................................................................................91
5.4 Maintaining IP Performance.............................................................................................................................92
5.4.1 Clearing IP Performance Statistics..........................................................................................................92
5.4.2 Monitoring the Running Status of IP Performance.................................................................................93
5.4.3 Debugging IP Performance.....................................................................................................................94
5.5 Configuration Examples...................................................................................................................................94
5.5.1 Example for Disabling the Sending of ICMP Host Unreachable Packets...............................................95
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

vi

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

Contents

6 DHCP Policy VLAN Configuration.........................................................................................98


6.1 Introduction......................................................................................................................................................99
6.2 DHCP Policy VLAN Supported by the S5700.................................................................................................99
6.3 Configuring DHCP Policy VLAN Based on MAC Addresses........................................................................99
6.3.1 Establishing the Configuration Task.......................................................................................................99
6.3.2 Configuration Procedure........................................................................................................................100
6.3.3 Checking the Configuration...................................................................................................................100
6.4 Configuring the DHCP Policy VLAN Based on Interfaces...........................................................................101
6.4.1 Establishing the Configuration Task.....................................................................................................101
6.4.2 Configuration Procedure........................................................................................................................101
6.4.3 Checking the Configuration...................................................................................................................102
6.5 Configuring Generic DHCP Policy VLAN....................................................................................................102
6.5.1 Establishing the Configuration Task.....................................................................................................103
6.5.2 Configuration Procedure........................................................................................................................103
6.5.3 Checking the Configuration...................................................................................................................104
6.6 Maintaining DHCP Policy VLAN..................................................................................................................104
6.6.1 Monitoring the Running Status..............................................................................................................104
6.7 Configuration Examples.................................................................................................................................104
6.7.1 Example for Configuring DHCP Policy VLAN Based on MAC Addresses........................................104
6.7.2 Example for Configuring DHCP Policy VLAN Based on Interfaces...................................................106

7 DNS Configuration...................................................................................................................109
7.1 Introduction to DNS.......................................................................................................................................110
7.2 DNS Supported by the S5700.........................................................................................................................110
7.3 Configuring DNS............................................................................................................................................110
7.3.1 Establishing the Configuration Task.....................................................................................................110
7.3.2 Configuring Static DNS Entries............................................................................................................111
7.3.3 Configuring Dynamic DNS...................................................................................................................111
7.3.4 Checking the Configuration...................................................................................................................112
7.4 Maintaining DNS............................................................................................................................................113
7.4.1 Clearing DNS Entries............................................................................................................................113
7.4.2 Monitoring Network Operation Status of DNS.....................................................................................114
7.4.3 Debugging DNS....................................................................................................................................114
7.5 Configuration Examples.................................................................................................................................115
7.5.1 Example for Configuring DNS..............................................................................................................115

8 Basic Configurations of IPv6...................................................................................................119


8.1 Introduction to IPv6........................................................................................................................................120
8.2 IPv6 Features Supported by the S5700...........................................................................................................120
8.3 Configuring an IPv6 Address for an Interface................................................................................................122
8.3.1 Establishing the Configuration Task.....................................................................................................122
8.3.2 Enabling IPv6 Packet Forwarding Capability.......................................................................................123
8.3.3 Configuring an IPv6 Link-Local Address for an Interface....................................................................123
8.3.4 Configuring an IPv6 Global Unicast Address for an Interface..............................................................124
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

vii

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

Contents

8.3.5 Checking the Configuration...................................................................................................................125


8.4 Configuring IPv6 Neighbor Discovery...........................................................................................................125
8.4.1 Establishing the Configuration Task.....................................................................................................125
8.4.2 Configuring Static Neighbors................................................................................................................126
8.4.3 Enabling RA Message Advertising.......................................................................................................126
8.4.4 Setting the Interval for Advertising RA Messages................................................................................127
8.4.5 Enabling Stateful Auto Configuration...................................................................................................128
8.4.6 Configuring the Address Prefixes to Be Advertised.............................................................................128
8.4.7 Configuring Other Information to Be Advertised.................................................................................129
8.4.8 Checking the Configuration...................................................................................................................130
8.5 Maintaining IPv6............................................................................................................................................131
8.5.1 Clearing IPv6 Statistics.........................................................................................................................131
8.5.2 Monitoring the Running Status of IPv6.................................................................................................132
8.5.3 Debugging IPv6.....................................................................................................................................132
8.6 Configuration Examples.................................................................................................................................133
8.6.1 Example for Setting an IPv6 Address for an Interface..........................................................................133

9 IPv6 DNS Configuration..........................................................................................................137


9.1 Introduction to IPv6 DNS...............................................................................................................................138
9.2 IPv6 DNS Supported by the S5700................................................................................................................138
9.3 Configuring IPv6 DNS...................................................................................................................................138
9.3.1 Establishing the Configuration Task.....................................................................................................138
9.3.2 Configuring a Static IPv6 DNS Entry...................................................................................................139
9.3.3 Configuring the Dynamic IPv6 DNS Services......................................................................................139
9.3.4 Checking the Configuration...................................................................................................................140
9.4 Maintaining IPv6 DNS...................................................................................................................................141
9.4.1 Clearing IPv6 DNS Entries....................................................................................................................141
9.4.2 Monitoring Network Operation Status of IPv6 DNS............................................................................142
9.5 Configuration Examples.................................................................................................................................142
9.5.1 Example for Configuring IPv6 DNS.....................................................................................................142

10 IPv6 over IPv4 Tunnel Configuration.................................................................................147


10.1 Introduction to IPv6 over IPv4.....................................................................................................................148
10.2 IPv6 over IPv4 Supported by the S5700......................................................................................................148
10.3 Configuring IPv4/IPv6 Dual Stacks.............................................................................................................152
10.3.1 Establishing the Configuration Task...................................................................................................152
10.3.2 Enabling IPv6 Packet Forwarding.......................................................................................................153
10.3.3 Configuring IPv4 and IPv6 Addresses for the Interface......................................................................154
10.3.4 Checking the Configuration.................................................................................................................155
10.4 Configuring an IPv6 over IPv4 Tunnel........................................................................................................155
10.4.1 Establishing the Configuration Task...................................................................................................155
10.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface.................................................155
10.4.3 Configuring an IPv6 over IPv4 Manual Tunnel..................................................................................156
10.4.4 Configuring a 6to4 Tunnel..................................................................................................................157
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

viii

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

Contents

10.4.5 Configuring an ISATAP Tunnel..........................................................................................................158


10.4.6 Configuring Routes in the Tunnel.......................................................................................................159
10.4.7 Checking the Configuration.................................................................................................................160
10.5 Configuration Examples...............................................................................................................................160
10.5.1 Example for Configuring an IPv6 over IPv4 Tunnel Manually..........................................................160
10.5.2 Example for Configuring a 6to4 Tunnel..............................................................................................165
10.5.3 Example for Configuring an ISATAP Tunnel.....................................................................................169

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

ix

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

1 IP Addresses Configuration

IP Addresses Configuration

About This Chapter


By assigning IP addresses to network devices, you can enable data communications between
the network devices.
1.1 Introduction to IP Addresses
IP is the core of the TCP/IP protocol suite. The packets of the Transmission Control Protocol
(TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and Internet
Group Membership Protocol (IGMP) are all transmitted in the format of IP datagrams. Devices
on different networks communicate with each other using their network layer addresses, namely
IP addresses.
1.2 Features of IP Addresses Supported by the S5700
IP addresses can be obtained through static manual configuration or DHCP.
1.3 Configuring IP Addresses for Interfaces
Assigning an IP address to a device on a network enables the device to communicate with the
other devices on the network.
1.4 Configuration Examples
This section provides several examples of IP address configuration.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

1 IP Addresses Configuration

1.1 Introduction to IP Addresses


IP is the core of the TCP/IP protocol suite. The packets of the Transmission Control Protocol
(TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and Internet
Group Membership Protocol (IGMP) are all transmitted in the format of IP datagrams. Devices
on different networks communicate with each other using their network layer addresses, namely
IP addresses.
To communicate with each other on Internet Protocol (IP) networks, each host must be assigned
an IP address.
An IP address is a 32-bit number that is composed of two parts, namely, the network ID and
host ID.
The network ID identifies a network and the host ID identifies a host on the network. If the
network IDs of hosts are the same, it indicates that the hosts are on the same network regardless
of their physical locations.

1.2 Features of IP Addresses Supported by the S5700


IP addresses can be obtained through static manual configuration or DHCP.
The S5700 supports IP address configuration through the following methods:
l

Manually configuring an IP address for an interface

Obtaining an IP address by DHCP

The S5700 supports the space overlapping of network segment addresses to save the address
space.
l

Different IP addresses in the overlapped network segments but not same can be configured
on different interfaces of the same device. For example, after an interface on a device is
configured with the IP address 20.1.1.1/16, if another interface is configured with the IP
address 20.1.1.2/24, the system prompts a message. However, the configuration is still
successful; if another interface is configured with the IP address 20.1.1.2/16, the system
prompts an IP address conflict. The configuration fails.

The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on the same interface. For example, after the interface is
configured with a primary IP address 20.1.1.1/24, if the secondary IP address is 20.1.1.2/16
sub, the system prompts a message. However, the configuration is still successful.

The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on different interfaces of the same device. However, the
primary IP address and the secondary IP address cannot be the same. For example, after an
interface on a device is configured with the IP address 20.1.1.1/16, if another interface is
configured with the IP address 20.1.1.2/24 sub, the system prompts a message. However,
the configuration is still successful.

The S5700 supports 31-bit IP address masks. Therefore, there are only two IP addresses in a
network segment, that is, the network address and broadcast address. The two IP addresses can
be used as host addresses.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

1 IP Addresses Configuration

1.3 Configuring IP Addresses for Interfaces


Assigning an IP address to a device on a network enables the device to communicate with the
other devices on the network.

1.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for assigning an IP address to an interface.

Applicable Environment
To start IP services on an interface, configure the IP address for the interface. You can assign
several IP addresses to each interface. Among them, one is the primary IP address and the others
are secondary IP addresses.
Generally, you need to configure only a primary IP address for an interface. Secondary IP
addresses, however, are required in some cases. For instance, when a device connects to a
physical network through an interface, and computers on this network belong to two Class C
networks, you need to configure a primary IP address and a secondary IP address for this interface
to ensure that the device can communication with all computers on this network.

Pre-configuration Tasks
Before configuring an IP addresses for an interface, complete the following tasks:
l

Configuring the physical parameters for the interface and ensuring that the physical layer
status of the interface is Up

Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up

Data Preparation
To configure IP addresses for an interface, you need the following data.
No.

Data

Interface number

Primary IP address and subnet mask of the interface

(Optional) Secondary IP address and subnet mask of the interface

1.3.2 Configuring a Primary IP Address for an Interface


An interface can have only one primary IP address.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

1 IP Addresses Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ip address ip-address { mask | mask-length }

A primary IP address is configured.


An interface has only one primary IP address. If the interface already has a primary IP address,
the newly configured primary IP address replaces the original one.
----End

1.3.3 (Optional) Configuring a Secondary IP Address for an


Interface
To enable an interface to communicate with several networks with different network IDs, you
need to assign a secondary IP address to this interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ip address ip-address { mask | mask-length } sub

A secondary IP address is configured.


You can configure a maximum of 8 secondary IP addresses on an interface.
----End

1.3.4 Checking the Configuration


You can view the configuration of the IP address for an interface.

Prerequisite
The configurations of the IP addresses for the interface are complete.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

1 IP Addresses Configuration

Procedure
l

Run the display ip interface [ brief ] [ interface-type [ interface-number ] ] command to


check the IP configuration on the interface.

Run the display interface [ interface-type [ interface-number ] ] command to check


interface information.

----End

1.4 Configuration Examples


This section provides several examples of IP address configuration.

1.4.1 Example for Setting Primary and Secondary IP Addresses


This section provides a configuration example of setting primary and secondary IP addresses.

Networking Requirements
As shown in Figure 1-1, GigabitEthernet 0/0/1 of the Switch is connected to a LAN, in which
hosts belong to two different network segments, that is 172.16.1.0/24 and 172.16.2.0/24. It is
required that the Switch can access the two network segments but the host in 172.16.1.0/24
cannot interconnect with the host in 172.16.2.0/24.
Figure 1-1 Networking diagram for setting IP addresses

172.16.1.0/24

Switch

GE 0/0/1
VLANIF 100
172.16.1.1/24
172.16.2.1/24 sub

172.16.2.0/24

Configuration Roadmap
The configuration roadmap is as follows:
1.

Analyze the address of the network segment to which each interface is connected.

2.

Set the secondary IP addresses for an interface.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

1 IP Addresses Configuration

Data Preparation
To complete the configuration, you need the following data.
l

Primary IP address and subnet mask of the VLANIF interface

Secondary IP address and subnet mask of the VLANIF interface

Procedure
Step 1 Set the IP address for VLANIF 100 where GigabitEthernet 0/0/1 of the Switch belongs.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-Vlan100] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ip address 172.16.1.1 24
[Quidway-Vlanif100] ip address 172.16.2.1 24 sub

Step 2 Verify the configuration.


# Ping a host on network segment 172.16.2.0 from Switch. The ping succeeds.
<Quidway> ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128
--- 172.16.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms

time=25
time=27
time=26
time=26
time=26

ms
ms
ms
ms
ms

Ping a host on network segment 172.16.2.0 from the Switch. The ping succeeds.
<Quidway> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26
--- 172.16.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms

ms
ms
ms
ms
ms

----End

Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan 100
#
interface Vlanif100

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

1 IP Addresses Configuration

ip address 172.16.1.1 255.255.255.0


ip address 172.16.2.1 255.255.255.0 sub
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

ARP Configuration

About This Chapter


ARP can map an IP address to a MAC address and implements transmission of Ethernet frames.
2.1 Overview of ARP
An Ethernet device must support ARP. ARP implements dynamic mapping between Layer 3 IP
addresses and Layer 2 MAC addresses.
2.2 ARP Features Supported by the S5700
This section describes the ARP features supported by the S5700.
2.3 Configuring Static ARP
Static ARP indicates that there is a fixed mapping between an IP address and a MAC address.
Static ARP needs to be configured by an administrator.
2.4 Optimizing Dynamic ARP
If dynamic ARP is configured, the system automatically resolutes an IP address into an Ethernet
MAC address.
2.5 Configuring Routed Proxy ARP
Proxy ARP enables devices whose IP addresses belong to the same network segment but
different physical networks to communicate with each other.
2.6 Configuring Proxy ARP Within a VLAN
By configuring proxy ARP on a VLAN, you can interconnect isolated hosts on a VLAN.
2.7 Configuring Proxy ARP Between VLANs
By configuring inter-VLAN proxy ARP, you can interconnect hosts on different VLANs.
2.8 Maintaining ARP
The operations of ARP maintenance include clearing ARP statistics and monitoring ARP
operating status.
2.9 Configuration Examples
This section provides several configuration examples of ARP.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

2.1 Overview of ARP


An Ethernet device must support ARP. ARP implements dynamic mapping between Layer 3 IP
addresses and Layer 2 MAC addresses.
Each host or device on the Local Area Network (LAN) can be configured a 32-bit IP address to
communicate with others. The assigned IP address is independent of the hardware address.
On the Ethernet, a host or a device transmits and receives Ethernet frames according to a 48-bit
Medium Access Control (MAC) address. The MAC address is also called the physical address
or the hardware address, which is assigned to an Ethernet interface when equipment is produced.
Therefore, on an interconnected network, an address resolution mechanism is required to provide
the mapping between MAC addresses and IP addresses.
The Address Resolution Protocol (ARP) maps an IP address to the corresponding MAC address.

2.2 ARP Features Supported by the S5700


This section describes the ARP features supported by the S5700.
The S5700 supports dynamic ARP, static ARP, proxy ARP, and Layer 2 topology detection.

ARP
ARP is classified into the following types: dynamic ARP and static ARP.
l

Static ARP means the mapping between manually configured IP addresses and MAC
addresses.

Dynamic ARP means that the ARP mapping table is dynamically maintained by the ARP
protocol.

proxy ARP
The S5700 supports the following types of proxy ARP:
l

Routed proxy ARP


Proxy ARP lets the PCs or switchs on the same network segment but in different physical
networks communicate.
In actual applications, if the current host connected with a switch is not configured with a
default gateway address (that is, the host does not know how to reach the intermediate
system of the network), the host cannot forward data packets.
Routed proxy ARP is introduced to solve this problem. The host sends an ARP Request
message, requesting the MAC address of the destination host. After receiving such a
request, the switch enabled with proxy ARP answers with its own MAC address. By
"faking" its identity, the switch accepts responsibility for routing messages to the "real"
destination.
The switch enabled with proxy ARP can also hide the details of the physical networks and
implement the communication between hosts that are in different physical networks but on
the same network segment.

l
Issue 01 (2011-10-26)

Intra-VLAN proxy ARP


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

In the scenario where two users belong to the same VLAN but user isolation is configured
in the VLAN, to implement communication between the two users, you need to enable
proxy ARP with a VLAN on the member interface of the VLAN.
The interface enabled with proxy ARP within a VLAN does not directly discard the ARP
Request messages that are not for themselves. Instead, it searches the ARP mappings table
for the corresponding ARP entries. In this case, if the switch is qualified to serve as a proxy,
the interface sends the MAC address of the switch to the sender of the ARP Request
message.
Proxy ARP within a VLAN implements the interworking between isolated users in the
same VLAN.
l

Inter-VLAN proxy ARP


In the scenario where two users belong to different VLANs, to implement communication
between the two users, you need to enable proxy ARP between VLANs on the member
interfaces of the VLANs.
The interfaces enabled with proxy ARP between VLANs do not directly discard the ARP
Request messages that are not for themselves. Instead, they search the ARP mappings tables
on themselves for the corresponding ARP entries. If the conditions for being a proxy are
met, the interface sends the MAC address of the switch to the sender of the ARP Request
message.
Proxy ARP between VLANs is mainly applied to the following situations:
Implementing Layer 3 interworking between users in different VLANs
Implementing interworking between sub-VLANs by enabling proxy ARP between
VLANs on the VLANIF interface of the super VLAN

2.3 Configuring Static ARP


Static ARP indicates that there is a fixed mapping between an IP address and a MAC address.
Static ARP needs to be configured by an administrator.

2.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring static ARP.

Applicable Environment
Static ARP is used in the following situations:
l

For the packets whose destination IP address is on another network segment, static ARP
can help these packets traverse a gateway of the local network segment so that the gateway
can forward the packets to their destination.

When you need to filter out some packets with illegitimate destination IP addresses, static
ARP can bind these illegitimate addresses to a nonexistent MAC address.

Pre-configuration Tasks
Before configuring ARP, complete the following tasks:
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

10

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Configuring physical parameters for the interface and ensuring that the status of the physical
layer of the interface is Up

Configuring link layer protocol parameters for the interface and ensuring that the status of
the link layer protocol on the interface is Up

Configuring the network layer protocol for the interface

Data Preparation
To configure ARP, you need the following data.
No.

Data

IP address and MAC address of the static ARP entry

VPN instance name and VLAN ID to which the static ARP entry belongs

2.3.2 Configuring Common Static ARP Entries


Static ARP entries are required for the communication between common interfaces.

Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
arp static ip-address mac-address

Configure common static ARP entries.


NOTE

Static ARP entries keep valid when a device works normally.

----End

2.3.3 Configuring Static ARP Entries in a VLAN


In the scenario where two users belong to the same VLAN but user isolation is configured in
the VLAN, to implement communications between the two users, you need to enable static ARP
within the VLAN on the member interface of the VLAN.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

11

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLAN
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Configure static ARP entries in a Virtual Local Area Network (VLAN).
To configure static ARP entries in a VLAN, do as follows:
l Run the arp static ip-address mac-address [ vid vlan-id interface interface-type interfacenumber ] command.
To configure static ARP entries for VLANIF interfaces, if an ARP entry contains only the
IP address and MAC address, and the VLAN ID and outbound interface of the ARP packet
are not specified, the system selects the outbound interface automatically. If the VLAN ID
and outbound interface are specified, the system forwards the packet from the specified
outbound interface.
If the interface corresponding to the VLAN is bound to a Virtual Private Network (VPN),
the device can automatically associate the configured static ARP entry with the VPN. This
command is applicable to port-based VLANs.
NOTE

Static ARP entries keep valid when a device works normally.

----End

2.3.4 Configuring Static ARP Entries in a VPN Instance


To implement Layer 2 interworking of the devices in a VPN instance, you can configure static
ARP in the VPN instance.

Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
arp static ip-address mac-address vpn-instance vpn-instance-name

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

12

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Configure static ARP entries in a VPN instance.


NOTE

Static ARP entries keep valid when a device works normally.

----End

2.3.5 Checking the Configuration


You can view the configuration of static ARP.

Prerequisite
The configurations of the ARP function are complete.

Procedure
l

Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to


check information about ARP mapping tables based on VPN instances.

Run the display arp statistics { all } command to check the statistics for ARP entries.

----End

2.4 Optimizing Dynamic ARP


If dynamic ARP is configured, the system automatically resolutes an IP address into an Ethernet
MAC address.

2.4.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for optimizing dynamic ARP.

Applicable Environment
Dynamic ARP is one of functions owned by a device or host. You do not need to run a command
to enable dynamic ARP but you can modify some parameters of dynamic ARP.

Pre-configuration Tasks
None

Data Preparation
Optimizing dynamic ARP, you need the following data.

Issue 01 (2011-10-26)

No.

Data

Aging detection times of the dynamic ARP entry

Aging time of the dynamic ARP entry

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

13

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

2.4.2 Modify the aging parameters of dynamic ARP


If the device needs to update ARP entries frequently, you can reduce the aging timeout period
of ARP entries, increase the number of aging detections for ARP entries, and reduce the aging
detection intervals of ARP entries.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
arp detect-times detect-times

The number of aging detection times of the dynamic ARP entries is configured.
Step 4 Run:
arp expire-time expire-times

The timeout period for aging dynamic ARP entries is configured.


By default, the aging detection times of the dynamic ARP entries is three, and the aging timeout
period is 1200 seconds.
Step 5 Run:
arp detect-mode unicast

The interface is configured to send ARP Aging Detection packets in unicast mode.
By default, an interface sends ARP Aging Detection packets in broadcast mode.
----End

2.4.3 Enabling ARP Suppression Function


If the system receives a great number of ARP packets from the same source at a time, the system
needs to update ARP entries repeatedly. To ensure the performance of the system, you can enable
ARP suppression. In this manner, the system only responds to the ARP packets but does not
update ARP entries.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
arp-suppress enable

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

14

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

ARP suppression is enabled on the current device.


----End

2.4.4 Enabling Layer 2 Topology Detection Function


After Layer 2 topology detection is enabled, the system updates all the ARP entries
corresponding to the VLANs to which a Layer 2 interface belongs, if this Layer 2 interface goes
Up.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
l2-topology detect enable

The Layer 2 topology detection function is enabled.


By default, this function is not enabled.
NOTE

The S5706 does not support this function.

----End

2.4.5 Checking the Configuration


You can view the configuration of dynamic ARP.

Prerequisite
The configurations of the ARP function are complete.

Procedure
l

Run the display arp interface interface-type interface-number command to check


information about ARP mapping tables based on interfaces.

Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to


check information about ARP mapping tables based on VPN instances.

Run the display arp statistics { all } command to check the statistics for ARP entries.

----End

2.5 Configuring Routed Proxy ARP


Proxy ARP enables devices whose IP addresses belong to the same network segment but
different physical networks to communicate with each other.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

15

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

2.5.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring routed proxy ARP.

Applicable Environment
The two physical networks of an enterprise are in different subnets of the same IP network, and
are separated by a device. You need to enable the proxy ARP on the device interface connected
to the physical networks. This enables communication between the two networks.
Network IDs of subnet hosts must be the same. You need not configure default gateways for
hosts.

Pre-configuration Tasks
Before configuring routed proxy ARP, complete the following tasks:
l

Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up

Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up

Data Preparation
To configure routed proxy ARP, you need the following data.
No.

Data

Number of the interface to be enabled with routed proxy ARP

IP address of the interface to be enabled with routed proxy ARP

2.5.2 Configure an IP Addresses for the Interface


The IP address assigned to a routed proxy ARP-enabled interface must be on the same network
segment with the IP address of the host on the LAN to which this interface connects.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Routed proxy ARP can be enabled only on the VLANIF interface of the S5700.
Step 3 Run:
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

16

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

ip address ip-address { mask | mask-length }

The interface is configured with an IP address.


The IP address configured for the interface must be in the same network segment with that of
hosts in the LAN connected with this interface.
----End

2.5.3 Enabling the Routed Proxy ARP Function


To interconnect the subnets in the same IP network, you need to enable routed proxy ARP.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
arp-proxy enable

By default, the routed proxy ARP function is disabled on the interface.


After routed proxy ARP is enabled, you must reduce the aging time of ARP entries in the deviece
so that the number of packets received but cannot be forwarded by the device is decreased. To
configure the aging time of ARP entries.
----End

2.5.4 Checking the Configuration


You can view the configuration of routed proxy ARP.

Prerequisite
The configurations of the routed proxy ARP function are complete.

Procedure
l

Run the display arp interface interface-type interface-number command to check


information about ARP mapping tables based on interfaces.

Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to


check information about ARP mapping tables based on VPN instances.

Run the display arp statistics command to check statistics about ARP entries.

----End

2.6 Configuring Proxy ARP Within a VLAN


By configuring proxy ARP on a VLAN, you can interconnect isolated hosts on a VLAN.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

17

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

2.6.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring proxy ARP on a VLAN.

Applicable Environment
If two users are in the same VLAN but they are isolated from each other, to ensure the two users
can communicate, you need to enable proxy ARP within the VLAN on the interface associated
with the VLAN.

Pre-configuration Tasks
Before configuring proxy ARP within a VLAN, complete the following tasks:
l

Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up

Configuring the VLAN

Configuring user isolation in the VLAN

Data Preparation
To configure proxy ARP within a VLAN, you need the following data.
No.

Data

Number of the interface to be enabled with proxy ARP in a VLAN

IP address of the interface to be enabled with proxy ARP in a VLAN

VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN

2.6.2 Configure an IP Addresses for the Interface


The IP address assigned to an interface needs to be in the same network segment with the IP
addresses of the users of the VLANs associated to this interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Intra-VLAN proxy ARP can be enabled on only the VLANIF interface of the S5700.
Step 3 Run:
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

18

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

ip address ip-address { mask | mask-length }

The interface is configured with an IP address.


The IP address configured for the interface must be in the same network segment with that of
hosts in the VLAN associated with this interface.
----End

2.6.3 Enabling Proxy ARP Within a VLAN


To interconnect isolated users on a VLAN, you need to enable intra-VLAN proxy ARP on the
interface associated to the VLAN.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
arp-proxy inner-sub-vlan-proxy enable

Proxy ARP within a VLAN is enabled.


----End

2.6.4 Checking the Configuration


You can view the configuration of intra-VLAN proxy ARP.

Prerequisite
The configurations of the proxy ARP within a VLAN function are complete.

Procedure
l

Run the display arp interface interface-type interface-number command to check


information about ARP mapping tables based on interfaces.

Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to


check information about ARP mapping tables based on VPN instances.

Run the display arp statistics command to check statistics about ARP entries.

----End

2.7 Configuring Proxy ARP Between VLANs


By configuring inter-VLAN proxy ARP, you can interconnect hosts on different VLANs.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

19

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

2.7.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring inter-VLAN proxy ARP.

Applicable Environment
If two users belong to different VLANs and they need to communicate, you need to enable proxy
ARP between VLANs on the sub-interface associated with the VLAN.
IP addresses of hosts in a VLAN must be in the same network segment.

Pre-configuration Tasks
Before configuring proxy ARP between VLANs, complete the following tasks:
l

Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up

Configuring VLAN aggregation

Data Preparation
To configure proxy ARP between VLANs, you need the following data.
No.

Data

Number of the interface to be enabled with proxy ARP between VLANs

IP address of the interface to be enabled with proxy ARP between VLANs

VLAN ID associated with the interface to be enabled with proxy ARP between
VLANs

2.7.2 Configuring an IP Addresses for the Interface


The IP address assigned to an interface needs to be in the same network segment with the IP
addresses of the users of all the VLANs associated to this interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Inter-VLAN proxy ARP can be enabled only on the VLANIF interface of the S5700.
Step 3 Run:
ip address ip-address { mask | mask-length }

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

20

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

The interface is configured with an IP address.


The IP address configured for the interface must be in the same network segment with that of
hosts in the VLAN associated with this interface.
----End

2.7.3 Enabling Proxy ARP Between VLANs


To interconnect users on different VLANs, you need to enable inter-VLAN proxy ARP on the
VLANIF interfaces.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable

Proxy ARP between VLANs is enabled.


----End

2.7.4 Checking the Configuration


You can view the configuration of inter-VLAN proxy ARP.

Prerequisite
The configurations of Proxy ARP Between VLANs are complete.

Procedure
l

Run the display arp interface interface-type interface-number command to check


information about ARP mapping tables based on interfaces.

Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to


check information about ARP mapping tables based on VPN instances.

Run the display arp statistics command to check statistics about ARP entries.

----End

2.8 Maintaining ARP


The operations of ARP maintenance include clearing ARP statistics and monitoring ARP
operating status.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

21

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

2.8.1 Clearing ARP Entries


This section describes ARP entries clearance through the reset command.

Context

CAUTION
l The mapping between the IP and MAC addresses is deleted after you clear ARP entries. So,
confirm the action before you use the command.
l The static ARP entries cannot restore after you clear it. So, confirm the action before you
use the command.

Procedure
Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | static } command
in the user view to clear the ARP entries in the ARP mapping table.
----End

2.8.2 Monitoring Network Operation Status of ARP


This section describes ARP operation monitoring through the display command.

Context
In routine maintenance, you can run the following command in any view to check the operation
of ARP.

Procedure
l

Run the display arp interface interface-type interface-number command in any view to
check the information about the ARP mapping table based on interfaces.

Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command in


any view to check the information about ARP mapping tables based on VPN instances.

----End

2.8.3 Debugging ARP


This section describes ARP debugging through the debugging command.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

22

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Context

CAUTION
Debugging affects the performance of the system. Thus, after debugging, run the undo
debugging all command to disable debugging immediately. When the CPU usage is close to
100%, debugging ARP may cause the board resetting. So, confirm the action before you use the
command.
When faults occur during ARP operation, run the following debugging command in the user
view to debug ARP and locate the fault.
For more information, see chapter "Information Center Configuration" in the Quidway S5700
Series Ethernet Switches Configuration Guide-System Management. For descriptions about the
debugging commands, see the Quidway S5700 Series Ethernet Switches Debugging
Reference.

Procedure
l

Run the debugging arp packet [ interface interface-type interface-number ] command in


the user view to debug ARP.

Run the debugging arp-proxy [ inner-sub-vlan-proxy | inter-sub-vlan-proxy ]


[ interface interface-type interface-number ] command in the user view to debug proxy
ARP.

Run the debugging arp process [ interface interface-type interface-number ] command


in the user view to debug the processing of ARP packets.

----End

2.9 Configuration Examples


This section provides several configuration examples of ARP.

2.9.1 Example for Configuring ARP


Networking Requirements
As shown in Figure 2-1, GE 0/0/1 of the Switch is connected to the host through the LAN switch
(LSW); GE 0/0/2 is connected to the server through the router. It is required that:
l

GE 0/0/1 should be added to VLAN 2, and GE 0/0/2 should be added to VLAN 3.

To adapt to fast changes of the network and ensure correct forwarding of packets, dynamic
ARP parameters should be set on VLANIF 2 of the Switch.

To ensure the security of the server and prevent invalid ARP packets, a static ARP entry
should be created on GE 0/0/2 of the Switch, with the IP address of the router being 10.2.2.3
and the MAC address being 00e0-fc01-0000.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

23

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Figure 2-1 Networking diagram for configuring ARP

Server
Internet

Router
GE0/0/2
Switch
GE0/0/1
LSW
PC1
PC2
PC2

Configuration Roadmap
The configuration roadmap is as follows:
1.

Create a VLAN and add an interface to the VLAN.

2.

Set dynamic ARP parameters on a VLANIF interface at the user side.

3.

Create a static ARP entry.

Data Preparation
To complete the configuration, you need the following data:
l

GE 0/0/1 added to VLAN 2 and GE 0/0/2 added to VLAN 3

VLANIF 2 with the IP address being 2.2.2.2 and subnet mask being 255.255.255.0, aging
time of ARP entries being 60s, and number of detection times being 2

VLANIF 3 with the IP address being 10.2.2.2 and subnet mask being 255.255.255.0

Interface connecting the router and the Switch, with the IP address being 10.2.2.3, subnet
mask being 255.255.255.0, and MAC address being 00e0-fc01-0000

Procedure
Step 1 Create a VLAN and add an interface to the VLAN.
# Create VLAN 2 and VLAN 3.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

24

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

<Quidway> system-view
[Quidway] vlan batch 2 3

# Add GE 0/0/1 to VLAN 2 and add GE 0/0/2 to VLAN 3.


[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] quit

0/0/1
hybrid tagged vlan 2
0/0/2
hybrid tagged vlan 3

Step 2 Set dynamic ARP parameters on a VLANIF interface.


# Create VLANIF2.
[Quidway] interface vlanif 2

# Assign an IP address to VLANIF 2.


[Quidway-Vlanif2] ip address 2.2.2.2 255.255.255.0

# Set the aging time of ARP entries to 60s.


[Quidway-Vlanif2] arp expire-time 60

# Set the number of detection times before deleting ARP entries to 2.


[Quidway-Vlanif2] arp detect-times 2
[Quidway-Vlanif2] quit

# Create VLANIF 3.
[Quidway] interface vlanif 3

# Assign an IP address to VLANIF 3.


[Quidway-Vlanif3] ip address 10.2.2.2 255.255.255.0
[Quidway-Vlanif3] quit

Step 3 Create a static ARP entry.


# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN ID
3, and outgoing interface GE 0/0/2.
[Quidway] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface gigabitethernet 0/0/2
[Quidway] quit

Step 4 Verify the configuration.


# Run the display current-configuration command. You can view the aging time of ARP
entries, the number of detection times before deleting ARP entries, and the ARP mapping table.
<Quidway> display current-configuration | include arp
arp expire-time 60
arp detect-times 2
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2

----End

Configuration Files
The following is the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 3

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

25

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

#
interface Vlanif2
ip address 2.2.2.2 255.255.255.0
arp expire-time 60
arp detect-times 2
#
interface Vlanif3
ip address 10.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 3
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2
#
return

2.9.2 Example for Configuring Routed Proxy ARP


Networking Requirements
As shown in Figure 2-2, GE 0/0/1 and GE 0/0/2 of the Switch are connected to a LAN
respectively, and the network IDs of the two LANs are 172.16.0.0/16. Host A and Host B are
not configured with the default gateway. It is required that routed proxy ARP should be enabled
on the Switch so that hosts in the two LANs can communicate.
Figure 2-2 Networking diagram for configuring routed proxy ARP

Host A
172.16.1.2/16
0000-5e33-ee20

Host B
172.16.2.2/16
0000-5e33-ee10

GE0/0/1
172.16.1.1/24

GE0/0/2
172.16.2.1/24

VLAN 2

VLAN 3
Switch

Ethernet A

Ethernet B

Configuration Roadmap
The configuration roadmap is as follows:
1.

Assign an IP Address to an interface.

2.

Enable routed proxy ARP on the interface.

Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)

IP addresses of the interfaces


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

26

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

IP addresses of the hosts

Procedure
Step 1 Create VLAN 2 and add GE 0/0/1 to VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type access
[Quidway-GigabitEthernet0/0/1] port default vlan 2
[Quidway-GigabitEthernet0/0/1] quit

Step 2 Create and configure VLANIF 2.


[Quidway] interface vlanif 2
[Quidway-Vlanif2] ip address 172.16.1.1 255.255.255.0

Step 3 Enable routed proxy ARP on VLANIF 2.


[Quidway-Vlanif2] arp-proxy enable
[Quidway-Vlanif2] quit

Step 4 Create VLAN 3 and add GE 0/0/2 to VLAN 3.


[Quidway] vlan 3
[Quidway-vlan3] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port link-type access
[Quidway-GigabitEthernet0/0/2] port default vlan 3
[Quidway-GigabitEthernet0/0/2] quit

Step 5 Create and configure VLANIF 3.


[Quidway] interface vlanif 3
[Quidway-Vlanif3] ip address 172.16.2.1 255.255.255.0

Step 6 Enable routed proxy ARP on VLANIF 3.


[Quidway-Vlanif3] arp-proxy enable
[Quidway-Vlanif3] quit

Step 7 Configure the hosts.


# Assign IP address 172.16.1.2/16 to Host A.
# Assign IP address 172.16.2.2/16 to Host B.
Step 8 Verify the configuration.
# Ping Host B from Host A. The ping operation is successful.
----End

Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 to 3
#
interface Vlanif2
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Vlanif3

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

27

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

ip address 172.16.2.1 255.255.255.0


arp-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
return

2.9.3 Example for Configuring Intra-VLAN Proxy ARP


Networking Requirements
As shown in Figure 2-3, GE 0/0/2 and GE 0/0/1 of the Switch belong to Sub-VLAN 2. SubVLAN 2 belong to Super-VLAN 3. It is required that:
l

Host A and host B in VLAN 2 should be isolated at Layer 2.

Host A should communicate with host B at Layer 3 through intra-VLAN proxy ARP.

The IP address and subnet mask of the VLANIF interface in Super-VLAN 3 should be 10.10.10.1
and 255.255.255.0.
Figure 2-3 Networking diagram for configuring intra-VLAN proxy ARP

Internet

Switch
GE0/0/2

GE0/0/1

hostB
10.10.10.3/24
00-e0-fc-00-00-03

hostA
10.10.10.2/24
00-e0-fc-00-00-02
sub-VLAN2

Configuration Roadmap
The configuration roadmap is as follows:
1.

Create and configure a Super-VLAN and a Sub-VLAN.

2.

Add an interface to the Sub-VLAN.

3.

Create a VLANIF interface of the Super-VLAN and assign an IP address to the VLANIF
interface.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

28

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4.

2 ARP Configuration

Enable intra-VLAN proxy ARP on the VLANIF interface of the Super-VLAN.

Data Preparation
To complete the configuration, you need the following data:
l

VLAN IDs of the Super-VLAN and Sub-VLAN

GE 0/0/2 and GE 0/0/1 belonging to Sub-VLAN 2

IP address and subnet mask of VLANIF 3 of Super-VLAN 3 being 10.10.10.1 and


255.255.255.0

Procedure
Step 1 Configure the Super-VLAN and Sub-VLAN.
# Configure Sub-VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit

# Enable port isolation on GE 0/0/1 and GE 0/0/2.


[Quidway] port-isolate mode l2
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port-isolate enable
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port-isolate enable
[Quidway-GigabitEthernet0/0/2] quit

# Add GE 0/0/1 and GE 0/0/2 to Sub-VLAN 2.


[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] quit

0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2

# Configure Super-VLAN 3 and add Sub-VLAN 2 to Super-VLAN 3.


[Quidway] vlan 3
[Quidway-vlan3] aggregate-vlan
[Quidway-vlan3] access-vlan 2
[Quidway-vlan3] quit

Step 2 Create and configure VLANIF 3.


# Create VLANIF 3.
[Quidway] interface vlanif 3

# Assign an IP address to VLANIF 3.


[Quidway-Vlanif3] ip address 10.10.10.1 24

Step 3 Enable intra-VLAN proxy ARP on VLANIF 3.


[Quidway-Vlanif3] arp-proxy inner-sub-vlan-proxy enable
[Quidway-Vlanif3] quit

Step 4 Verify the configuration.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

29

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

# Run the display current-configuration command. You can view the configurations of the
Super-VLAN, Sub-VLAN, and VLANIF interface. For query results, see the following
configuration file.
# Run the display arp command to view all the ARP entries.
<Quidway> display arp
IP ADDRESS
MAC ADDRESS

EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------10.10.10.1
0018-2000-0083
I Vlanif3
10.10.10.2
00e0-fc00-0002 19
D-0
GE0/0/1
2
10.10.10.3
00e0-fc00-0003 19
D-0
GE0/0/2
2
-----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1

----End

Configuration Files
The following lists the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
port-isolate enable group 1
#
return

2.9.4 Example for Configuring Inter-VLAN Proxy ARP


Networking Requirements
As shown in Figure 2-4, VLAN 2 and VLAN 3 constitute super-VLAN 4. It is required that:
l

Hosts in the sub-VLANs 2 and 3 should not be pinged mutually.

Hosts in VLAN 2 and VLAN 3 should be pinged mutually after inter-VLAN proxy ARP
is enabled.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

30

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Figure 2-4 Networking diagram for configuring inter-VLAN proxy ARP

Switch

VLAN2

VLAN3

VLAN4

VLAN2

VLAN3

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure a super-VLAN and a sub-VLAN.

2.

Add an interface to the sub-VLAN.

3.

Create an VLANIF interface of the super-VLAN and assign an IP address to the VLANIF
interface.

4.

Enable inter-VLAN proxy ARP.

Data Preparation
To complete the configuration, you need the following data:
l

VLAN IDs of the super-VLAN and sub-VLAN

GE 0/0/2 and GE 0/0/1 belonging to sub-VLAN 2

GE 0/0/3 and GE 0/0/4 belonging to sub-VLAN 3

IP address and subnet mask of VLANIF 4 in super-VLAN 4 being 10.10.10.1 and


255.255.255.0

Procedure
Step 1 Configure the super-VLAN and sub-VLAN.
# Configure sub-VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit

# Add GE 0/0/1 and GE 0/0/2 to sub-VLAN 2.


[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type access
[Quidway-GigabitEthernet0/0/1] port default vlan 2

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

31

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port link-type access
[Quidway-GigabitEthernet0/0/2] port default vlan 2
[Quidway-GigabitEthernet0/0/2] quit

# Configure sub-VLAN 3.
<Quidway> system-view
[Quidway] vlan 3
[Quidway-vlan3] quit

# Add GE0/0/3 and GE0/0/4 to sub-VLAN 3.


[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/3] port
[Quidway-GigabitEthernet0/0/3] port
[Quidway-GigabitEthernet0/0/3] quit
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/4] port
[Quidway-GigabitEthernet0/0/4] port
[Quidway-GigabitEthernet0/0/4] quit

0/0/3
link-type access
default vlan 3
0/0/4
link-type access
default vlan 3

# Configure super-VLAN 4 and add sub-VLAN 2 to super-VLAN 4.


[Quidway] vlan 4
[Quidway-vlan4] aggregate-vlan
[Quidway-vlan4] access-vlan 2
[Quidway-vlan4] access-vlan 3
[Quidway-vlan4] quit

Step 2 Create and configure VLANIF 4.


# Create VLANIF 4.
[Quidway] interface vlanif 4

# Assign an IP address to VLANIF 4.


[Quidway-Vlanif4] ip address 10.10.10.1 24

Step 3 Enable inter-VLAN proxy ARP on VLANIF 4.


[Quidway-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[Quidway-Vlanif4] quit

Step 4 Verify the configuration.


# Run the display current-configuration command. You can view the configurations of the
super-VLAN, sub-VLAN, and VLANIF interface. For query results, see the following
configuration file.
# Run the display arp command to view all the ARP entries.
<Quidway> display arp
IP ADDRESS
MAC ADDRESS

EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------10.10.10.1
0018-2000-0083
I Vlanif4
10.10.10.2
00e0-fc00-0002 19
D-0
GE0/0/1
2
10.10.10.3
00e0-fc00-0003 19
D-0
GE0/0/2
2
10.10.10.4
00e0-fc00-0004 19
D-0
GE0/0/3
3
10.10.10.5
00e0-fc00-0005 19
D-0
GE0/0/4
3
-----------------------------------------------------------------------------Total:5
Dynamic:4
Static:0
Interface:1

----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

32

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Configuration Files
The following lists the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.10.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
return

2.9.5 Example for Configuring Layer 2 Topology Detection


Networking Requirements
As shown in Figure 2-5, two GE interfaces are added to VLAN 100 in default mode and the IP
addresses of the two GE interfaces are shown in the figure.
Figure 2-5 Networking diagram for configuring Layer 2 topology detection

Switch

VLANIF100
10.1.1.2/24

PC A
10.1.1.1/24

Issue 01 (2011-10-26)

VLAN100

PC B
10.1.1.3/24

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

33

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

2 ARP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Add two GE interfaces to VLAN 100 in default mode.

2.

Enable Layer 2 topology detection and view changes of ARP entries.

Data Preparation
To complete the configuration, you need the following data:
l

Types and numbers of the interfaces to be added to a VLAN

IP addresses of the VLANIF interface and the PCs

Procedure
Step 1 Create VLAN 100 and add the two GE interfaces of the Switch to VLAN 100 in default mode.
# Create VLANIF 100 and assign an IP addresses to VLANIF 100.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-vlan100] quit
[Quidway] interface vlanif 100
[Quidway-vlanif100] ip address 10.1.1.2 24
[Quidway-vlanif100] quit

# Add the two GE interfaces to VLAN 100 in default mode.


[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] quit

0/0/1
link-type access
default vlan 100
0/0/2
link-type access
default vlan 100

Step 2 # Enable Layer 2 topology detection.


[Quidway] l2-topology detect enable

Step 3 Restart GE 0/0/1 and view changes of the ARP entries and aging time.
# View ARP entries on the Switch. You can find that the Switch has learnt the MAC address of
the PC.
[Quidway] display arp all
IP ADDRESS
MAC ADDRESS
INSTANCE

EXPIRE(M)

TYPE

INTERFACE

VPN-

VLAN
----------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.1
00e0-c01a-4901 20
D-0
GE0/0/1
10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1

# Run the shutdown command and then the undoshutdown command on GE 0/0/1 to view the
aging time of ARP entries.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] shutdown
[Quidway-GigabitEthernet0/0/1] undo shutdown
[Quidway-GigabitEthernet0/0/1] display arp all

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

34

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service
IP ADDRESS

2 ARP Configuration

MAC ADDRESS

EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 0
D-0
GE0/0/2
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
NOTE

According to the displayed information, the ARP entry learned from GE 0/0/1 is deleted after GE 0/0/1 is
shut down. The aging time of ARP entries learned from GE 0/0/2 becomes 0 after GE0/0/1 is restored and
becomes Up again. When the aging time is 0, the Switch sends an ARP probe packet for updating ARP
entries.
[Quidway-GigabitEthernet0/0/1] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
---------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
NOTE

After the ARP entry is updated, the aging time is restored to the default value, 20 minutes.

----End

Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
L2-topolgy detect enable
#
vlan 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

35

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

DHCP Configuration

About This Chapter


The DHCP technology is applicable to a variety of networks. It ensures proper IP address
allocation and saves IP addresses on networks.
3.1 Introduction to DHCP
Dynamic Host Configuration Protocol (DHCP) enables a client to dynamically obtain a valid IP
address.
3.2 DHCP Features Supported by the S5700
The S5700 can be used as a DHCP server or a DHCP relay agent.
3.3 Configuring the DHCP Server Based on the Global Address Pool
A DHCP server can allocate IP addresses to clients by using the global address pool.
3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool
If a DHCP server based on a VLANIF interface address pool is configured, all the users going
online through this interface obtain IP addresses from the VLANIF interface address pool.
3.5 Configuring the DHCP Relay Agent
By using a DHCP relay agent, the DHCP clients on a local area network (LAN) can communicate
with the DHCP servers on other network segments, and obtain IP addresses from them. The
DHCP clients on different network segments can also use one DHCP server. This reduces costs
and achieves centralized device management.
3.6 Maintaining DHCP
After DHCP configurations are complete, you can clear DHCP statistics and monitor DHCP
operation.
3.7 Configuration Examples
DHCP configuration examples explain the networking requirements, networking diagram,
configuration notes, configuration roadmap, and configuration procedure. The configuration
examples involve various usage scenarios of DHCP.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

36

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.1 Introduction to DHCP


Dynamic Host Configuration Protocol (DHCP) enables a client to dynamically obtain a valid IP
address.

Overview
Network scales and complexity grow fast, so the network configurations become increasingly
complicated. For example, the locations of hosts such as portable computers and wireless
network terminals frequently change, and the number of hosts often exceeds the number of
available IP addresses. The DHCP is developed to solve the preceding problems.
DHCP works in the client/server model. A DHCP client requests the DHCP server for
configurations, and the DHCP server sends the configurations to the client.
The DHCP protocol requires that the DHCP clients and DHCP server be in the same network
segment; therefore, each network segment needs a DHCP server. This wastes resources. DHCP
relay achieves address allocation between network segments.

Definition
DHCP server
A DHCP server allocates IP addresses to clients. A client sends a packet to the server to request
for configurations such as the IP address, subnet mask, and default gateway. After receiving the
packet, the server replies with a packet carrying the corresponding configurations according to
policies. Both the Request and Reply packets are encapsulated in UDP packets.
DHCP relay agent
A DHCP relay agent transparently transmits DHCP broadcast packets between the DHCP clients
and DHCP server that are on different network segments.

3.2 DHCP Features Supported by the S5700


The S5700 can be used as a DHCP server or a DHCP relay agent.
Table 3-1 describes the DHCP usage scenarios where the S5700 is used.
NOTE

The S5706 does not support the DHCP server or DHCP relay function.

Table 3-1 DHCP usage scenarios

Issue 01 (2011-10-26)

Usage

Scenario

DHCP server based on the global address


pool

The DHCP clients and DHCP server are on


the same network segment or on different
network segments.

DHCP server based on the interface address


pool

The DHCP clients and DHCP server are on


the same network segment.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

37

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Usage

Scenario

DHCP relay agent

The DHCP clients and DHCP server are


different network segments.

Using the S5700 as a DHCP Server


The S5700 can function as a DHCP server to allocate IP addresses to clients. A client sends a
packet to the server to request for configurations such as the IP address, subnet mask, and default
gateway. After receiving the packet, the server replies with a packet carrying the corresponding
configurations according to policies. Both the Request and Reply packets are encapsulated in
UDP packets.
The S5700 allocates IP addresses to clients by using the global address pool or an interface
address pool.
l

Using the global address pool: When an interface of the S5700 receives a DHCP packet
from a DHCP client, the S5700 allocates an IP address to the client from the global address
pool. For details about configuring the global address pool, see 3.3 Configuring the DHCP
Server Based on the Global Address Pool.

Using an interface address pool: When an interface of the S5700 receives a DHCP packet
from a DHCP client, the S5700 allocates an IP address to the client from the interface
address pool. If there is no available address in the interface address pool, the S5700 uses
the global address pool that contains the addresses in the interface address pool. For details
about configuring the interface address pool, see 3.4 Configuring the DHCP Server Based
on the VLANIF Interface Address Pool.
NOTE

The S5700 supports the DHCP snooping function. For details about DHCP snooping, see the Quidway
S5700 Series Ethernet Switches Configuration Guide - Security.

Using the S5700 as a DHCP Relay Agent


When functioning as a DHCP relay agent, the S5700 forwards the DHCP packets to the DHCP
servers or clients on different network segments. The DHCP clients on different networks can
use one DHCP server. The DHCP relay agent saves costs and facilitates device management.
After receiving a DHCP packet from a DHCP client, the S5700 functioning as a DHCP relay
agent forwards the DHCP packet to a DHCP server, and then the DHCP server allocates an IP
address to the client. For details about configuring the DHCP relay agent, see 3.5 Configuring
the DHCP Relay Agent.

Application
The S5700 functions as a DHCP server and is in the same network segment as the DHCP clients.
On this network, the DHCP server can use the global address pool or the interface address pool.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

38

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Figure 3-1 DHCP clients and DHCP server are on the same network segment

100.10.10.3/24

100.10.10.4/24
DHCP Server
100.10.10.1/24

100.10.10.2/24

An S5700 functions as a DHCP server and another one functions as a DHCP relay agent. The
DHCP server and DHCP clients are on different network segments. On this network, the DHCP
server can use only the global address pool.
Figure 3-2 DHCP clients and DHCP server are on different network segments

DHCP Server
100.10.10.1/24

Internet

SwitchA

SwitchB

DHCP Relay
20.20.20.1/24

DHCP
Client

DHCP
Client

DHCP
Client

3.3 Configuring the DHCP Server Based on the Global


Address Pool
A DHCP server can allocate IP addresses to clients by using the global address pool.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

39

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.3.1 Establishing the Configuration Task


Before configuring the DHCP server based on the global address pool, familiarize yourself with
the applicable environment, complete the pre-configuration tasks, and obtain the required data.
This helps you complete the configuration task quickly and accurately.

Applicable Environment
On an enterprise network, if the computers are connected to the DHCP server through another
network, the global address pool needs to be configured on the S5700 to allocate IP addresses
to computers, as shown in Figure 3-3.
Figure 3-3 Networking diagram for configuring the DHCP server based on the global address
pool

NetBIOS
server

DHCP
client

DHCP
client

DHCP
client

SwtichC

SwtichB
SwtichA
DHCP server

DNS
server

DHCP
client

DHCP
client

DHCP
client

When the S5700 functions as the DHCP server based on the global address pool, it must work
with the DHCP relay agent.

Pre-configuration Tasks
Before configuring the DHCP server based on the global address pool, complete the following
tasks:
l

Ensuring that the link between the DHCP clients and the S5700 works properly and the
DHCP clients can communicate with the S5700

(Optional) Configuring the DNS server

(Optional) Configuring the NetBIOS server

Configuring routes from the S5700 to the DNS server and the NetBIOS server (The routes
are required only when the servers are configured.)

(Optional) Configuring the customized DHCP option

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

40

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Data Preparation
Before configuring the DHCP server based on the global address pool, you need the following
data.
No.

Data

Address pool name, IP address range, IP address lease, IP addresses not to be allocated
in the IP address pool (optional), and IP address and MAC address that need to be
statically bound (optional)

Egress gateway of the DHCP clients

(Optional) IP address of the DNS server and domain name of the DHCP clients

(Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP
clients

(Optional) Code of the customized DHCP option and corresponding ASCII character
string, hexadecimal numeral, or IP address

3.3.2 Configuring an Interface to Use Global Address Pool


When a DHCP server receives a DHCP packet from a client, the server can allocate an IP address
to the client from the global address pool.

Context
Perform the following steps on the DHCP server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp enable

The DHCP function is enabled.


Step 3 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 4 Run:
ip address ip address { mask | mask-length}

An IP address is allocated to the VLANIF interface.


If there is no DHCP relay agent between the DHCP clients and S5700, the S5700 allocates IP
addresses that are in the same network segment as the interface address to the clients connected
to this interface.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

41

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

If the VLANIF interface is not configured with an IP address or no address pool is on the same
network segment as the interface address, the clients cannot go online.
If there is a DHCP relay agent between the DHCP clients and S5700, the S5700 parses the
gateway address in the received DHCP packets forwarded by the DHCP relay agent. If the
gateway address does not match an entry in the address pool, the clients cannot go online.
Step 5 Run:
dhcp select global

The DHCP function is enabled on the interface and the DHCP server allocates IP addresses to
clients by using the global address pool.
----End

3.3.3 Configuring Address Allocation Mode for Global Address


Pool
According to the requirements of clients, you can select the static binding mode or the dynamic
allocation mode for the address pool, but the two modes cannot be enabled simultaneously for
the same IP address in the global address pool.

Context
Up to 128 address pools can be configured on the S5700, including the global address pools and
interface address pools. The number of address pools of each type is not limited. To use the
dynamic allocation mode, you must specify the range of addresses to be allocated; to use the
static binding mode, only one address can be allocated to a client. The global address pool
attributes include the IP address range, IP address lease, IP addresses not to be automatically
allocated, and IP addresses to be statically bound to MAC addresses.
Perform the following steps on the DHCP server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip pool ip-pool-name

The global address pool view is displayed.


By default, no global address pool exists on the S5700.
Step 3 Run:
network ip-address [ mask { mask | mask-length } ]

The range of IP addresses in the address pool is set.


An address pool can contain only one address segment. The address range of the address pool
is set by the mask, and must be within the network segment where the gateway is located.
Step 4 Run:
lease { day day [ hour hour [ minute minute ] ] | unlimited }

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

42

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

The lease of IP addresses is set.


By default, the IP address lease is one day.
Different address pools on a DHCP server can be set with different IP address leases, but the IP
addresses in one address pool must be set with the same lease.
Step 5 (Optional) Run:
excluded-ip-address start-ip-address [ end-ip-address ]

The IP addresses that cannot be automatically allocated in the DHCP address pool are configured.
Some IP addresses are reserved for other services, for example, the IP address of the DNS server
cannot be allocated to clients. You can run the excluded-ip-address command to configure the
IP addresses that are not allocated in the DHCP address pool. If you run the excluded-ipaddress command multiple times, you can set multiple IP address ranges that cannot be
automatically allocated in the DHCP address pool.
Step 6 (Optional) Run:
static-bind ip-address ip-address mac-address mac-address

An IP address in the address pool is bound to a MAC address.


When a client requires a fixed IP address, bind an idle IP address in the address pool to the MAC
address of the client.
Step 7 Run:
gateway-list ip-address &<1-8>

The egress gateway is configured for the global address pool.


NOTE

To load balance the traffic and improve the reliability of the network, you can configure multiple egress
gateways. An IP address pool can be configured with up to eight gateway addresses. The gateway address
cannot be a broadcast address of a subnet.
When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress
gateway address is the same as the egress gateway address of the DHCP relay agent.

----End

3.3.4 (Optional) Configuring DNS for Global Address Pool


Each client has a domain name. To enable DHCP clients to communicate by using their domain
names and prevent IP address conflicts, the DHCP server needs to specify domain names for
these clients when allocating IP addresses to them.

Context
On the DHCP server, the domain-name command specifies a domain name for each global
address pool. When allocating IP addresses to clients, the DHCP server also sends the domain
names to the clients. During domain name resolution, users only need to enter a part of the
domain name, and then the system uses a complete domain name for resolution.
Perform the following steps on the DHCP server.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

43

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip pool ip-pool-name

The IP address pool view is displayed.


Step 3 Run:
domain-name domain-name

The DNS domain name to be allocated to the DHCP client is configured.


On the DHCP server, you can specify a DNS domain name for each address pool. If the DNS
domain name is configured, the DNS server used by the DHCP client is also specified.
Step 4 Run:
dns-list ip-address &<1-8>

The IP address of the DNS server is configured for the DHCP client.
To load balance the traffic and improve the reliability of the network, configure multiple DNS
servers. Each address pool can be configured with a maximum of eight DNS servers.
----End

3.3.5 (Optional) Configuring NetBIOS for Global Address Pool


DHCP clients running on the Microsoft Windows operating system use the Network Basic Input
Output System (NetBIOS) protocol for communication. The NetBIOS server translates host
names to IP addresses for the clients.

Context
Perform the following steps on the DHCP server.
NOTE

NetBIOS: Network Basic Input Output System.

When a DHCP client uses the NetBIOS protocol for communication, the host names must be
mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified
into the following types:
l

b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast
mode.

p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by
communicating with the NetBIOS server.

m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast
features.

h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end
communication mechanism.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

44

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip pool ip-pool-name

The IP address pool view is displayed.


Step 3 Run:
nbns-list ip-address &<1-8>

The NetBIOS server address of the DHCP client is configured.


Each IP address pool can be configured with up to eight NetBIOS server addresses.
Step 4 Run:
netbios-type { b-node | h-node | m-node | p-node }

The NetBIOS type is set for DHCP clients.


By default, the NetBIOS node type is not specified for DHCP clients.
----End

3.3.6 (Optional) Configuring the Customized DHCP Option for the


Global Address Pool
DHCP provides various options. To use these options, add them to the attribute list of the DHCP
server manually.

Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP
Reply packet containing the option field.
NOTE

The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address
lease. The system also provides commands to configure these functions separately. These commands take
precedence over the option command. If no configuration command of these functions is run, the related
options configured by using the option command take effect.
Related commands:
l

DNS service: domain-name and dns-list

NetBIOS service: nbns-list and netbios-type

Lease: lease

Perform the following steps on the DHCP server.

Procedure
Step 1 Run:
system-view

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

45

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

The system view is displayed.


Step 2 Run:
ip pool ip-pool-name

The IP address pool view is displayed.


Step 3 Run:
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string &<1-10>
| ip-address ip-address &<1-8> }

The DHCP option is configured.


After the option command is used, the specified option is carried by the DHCP Reply packet
returned by the DHCP server. Before using this command, ensure that you know the functions
of the option to be configured. For details on the DHCP options, see RFC 2132.
----End

3.3.7 (Optional) Preventing Repetitive Allocation of an IP Address


To prevent repetitive IP address allocation, the DHCP server pings the IP address to be allocated
before allocating it to a client.

Context
Perform the following steps on the DHCP server.
After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP
address allocation. The DHCP server pings an IP address to be allocated. If there is no response
to the ping packet within a certain period, the DHCP server continues to send ping packets to
this IP address until the number of ping packets reaches the maximum value. If there is still no
response, this IP address is not in use, and the DHCP server allocates the IP address to a client.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp server ping packet number

The maximum number of ping packets is set.


By default, the maximum number of ping packets to be sent by the S5700 is 2.
Step 3 Run:
dhcp server ping timeout milliseconds

The period in which the S5700 waits for the response is set.
By default, the period in which the S5700 waits for the response is 500 ms.
----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

46

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.3.8 (Optional) Configuring Automatic Saving of DHCP Data


You can configure the S5700 to save DHCP data to the storage device. When a fault occurs, you
can restore data from the storage device.

Context
Perform the following steps on the DHCP server.
When the S5700 functions as the DHCP server, you can enable the function of saving DHCP
data so that IP address information is saved to the storage device periodically.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp server database enable

The S5700 automatically saves DHCP data to the flash memory.


After the dhcp server database enable command is executed, the system generates the
lease.txt and conflict.txt files in the flash. The two files save the address lease information and
address conflict information.
Step 3 Run:
dhcp server database write-delay interval

The interval for saving DHCP data is set.


By default, DHCP data is not automatically saved to flash. After the S5700 is configured to
automatically save DHCP data, the S5700 saves data every 7200 seconds by default and the
latest data overwrites the previous data.
Step 4 Run:
dhcp server database recover

The DHCP data in the storage device is restored.


After the dhcp server database recover command is executed, the S5700 restores the DHCP
data in the flash.
----End

3.3.9 Checking the Configuration


This section describes how to verify the configurations of the DHCP server based on the global
address pool.

Prerequisite
The configurations of the DHCP server based on the global address pool are complete.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

47

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Procedure
l

Run the display dhcp server statistics command to view the statistics about the DHCP
server.

Run the display ip pool name ip-pool-name [ low-ip-address high-ip-address | all |


expired | conflict | used ] command to view information about the global address pool.

----End

Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics
Server Statistics:
Client Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Dhcp Inform:
Server Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:

6
1
4
0
1
0
4
1
3
0
0

Run the display ip pool name ip-pool-name command to view the IP address pool named
huawei. The similar information is displayed.
<Quidway> display ip pool name huawei
Pool-Name
: huawei
Pool-No
: 2
Lease
: 3 Days 0 Hours 0 Minutes
Domain-name
: DNS-Server0
: 10.10.10.5
DNS-Server1
: 10.10.10.6
NBNS-Server0
: 20.20.20.5
Netbios-type
: Position
: Local
Status
: Unlocked
Gateway-0
: 10.10.10.10
Mask
: 255.255.255.0
Vpn instance
: --------------------------------------------------------------------------Start
End Total
Used
Idle(Expired)
Conflict
Disable
-------------------------------------------------------------------------10.10.10.1
10.10.10.254
253
0
253
0
0
--------------------------------------------------------------------------

3.4 Configuring the DHCP Server Based on the VLANIF


Interface Address Pool
If a DHCP server based on a VLANIF interface address pool is configured, all the users going
online through this interface obtain IP addresses from the VLANIF interface address pool.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

48

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.4.1 Establishing the Configuration Task


Before configuring the DHCP server based on the interface address pool, familiarize yourself
with the applicable environment, complete the pre-configuration tasks, and obtain the required
data. This helps you complete the configuration task quickly and accurately.

Applicable Environment
If the DHCP clients and the DHCP server are on the same network segment, the interface address
pool needs to be configured on the S5700 to allocate IP addresses for the clients, as shown in
Figure 3-4.
Figure 3-4 Networking diagram for configuring the DHCP server based on the interface address
pool

Client

Client

DHCP Server

Client

The interface address pool takes precedence over the global address pool. If an address pool is
configured on an interface, the clients connected to the interface obtain IP addresses from the
interface address pool even if a global address pool is configured. On an S5700, only VLANIF
interfaces can be configured with address pools.

Pre-configuration Tasks
Before configuring the DHCP server based on the VLANIF interface address pool, complete
the following tasks:
l

Ensuring that the link between the DHCP clients and the S5700 works properly and the
DHCP clients can communicate with the S5700

(Optional) Configuring the DNS server

(Optional) Configuring the NetBIOS server

Configuring routes from the S5700 to the DNS server and the NetBIOS server (The routes
are required only when the servers are configured.)

Data Preparation
Before configuring the DHCP server based on the VLANIF interface address pool, you need the
following data.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

49

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

No.

Data

Number of the VLANIF interface configured with an address pool, IP address range,
IP address lease, IP addresses not to be allocated in the IP address pool (optional),
and IP address and MAC address that need to be statically bound (optional)

(Optional) Egress gateway of the DHCP clients

(Optional) IP address of the DNS server and domain name of the DHCP clients

(Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCP
clients

(Optional) Code of the customized DHCP option and corresponding ASCII character
string, hexadecimal numeral, or IP address

3.4.2 Configuring Address Allocation Mode for Interface Address


Pool
According to the requirements of clients, you can select the static binding mode or the dynamic
allocation mode for the address pool, but you cannot enable the two modes for the same DHCP
address pool.

Context
The interface address pool takes precedence over the global address pool.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp enable

The DHCP function is enabled.


Step 3 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 4 Run:
ip address ip-address { mask | mask-length }

An IP address is allocated to the VLANIF interface.


Step 5 Run:
dhcp select interface

The S5700 is configured to use the interface address pool.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

50

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

The interface address pool is actually the network segment to which the interface belongs, and
such an interface address pool takes effect only on this interface.
Step 6 Run:
dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }

The lease of IP addresses is set.


By default, the IP address lease is one day.
Step 7 (Optional) Run:
dhcp server excluded-ip-address start-ip-address [ end-ip-address ]

The IP addresses that cannot be automatically allocated in the DHCP address pool are configured.
Some IP addresses are reserved for other services, for example, the IP address of the DNS server
cannot be allocated to clients. You can run the dhcp server excluded-ip-address command to
exclude these IP addresses. If you run the dhcp server excluded-ip-address command multiple
times, you can set multiple IP address ranges that cannot be automatically allocated in the DHCP
address pool.
Step 8 (Optional) Run:
dhcp server static-bind ip-address ip-address mac-address mac-address

An IP address in the address pool is bound to a MAC address.


When a client requires a fixed IP address, bind an idle IP address in the address pool to the MAC
address of the client.
----End

3.4.3 (Optional) Configuring the DNS Service of the VLANIF


Interface Address Pool
Each client has a domain name. To enable DHCP clients to communicate by using their domain
names and prevent IP address conflicts, the DHCP server needs to specify domain names for
these clients when allocating IP addresses to them.

Context
On the DHCP server, the dhcp server domain-name command specifies a domain name for
each interface address pool. When allocating IP addresses to clients, the DHCP server also sends
the domain names to the clients. During domain name resolution, users only need to enter a part
of the domain name, and then the system uses a complete domain name for resolution.
Perform the following steps on the DHCP server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

51

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

The VLANIF interface view is displayed.


Step 3 Run:
dhcp server domain-name domain-name

The DNS domain name is configured for the DHCP client.


Step 4 Run:
dhcp server dns-list ip-address &<1-8>

The DNS server address is configured for the DHCP client.


To load balance the traffic and improve the reliability of the network, configure multiple DNS
servers. Each address pool can be configured with a maximum of eight DNS servers.
----End

3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF


Interface Address Pool
DHCP clients running on the Microsoft Windows operating system use the Network Basic Input
Output System (NetBIOS) protocol for communication. The NetBIOS server translates host
names to IP addresses for the clients.

Context
Perform the following steps on the DHCP server.
When a DHCP client uses the NetBIOS protocol for communication, the host names must be
mapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classified
into the following types:
l

b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcast
mode.

p-node: indicates a node in peer-to-peer mode. This node obtains the mappings by
communicating with the NetBIOS server.

m-node: indicates a node in mixed mode, that is, the p-type node with some broadcast
features.

h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-end
communication mechanism.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
dhcp server nbns-list ip-address &<1-8>

The NetBIOS server address is configured for the DHCP client.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

52

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Each IP address pool can be configured with up to eight NetBIOS server addresses.
Step 4 Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }

The NetBIOS type is set for DHCP clients.


By default, the NetBIOS node type is not specified for DHCP clients.
----End

3.4.5 (Optional) Configuring the Customized DHCP Option of the


VLANIF Interface Address Pool
DHCP provides various options. To use these options, add them to the attribute list of the DHCP
server manually.

Context
When a DHCP client requests an IP address from the DHCP server, the server returns a DHCP
Reply packet containing the option field.
NOTE

The option command configures basic functions, such as the DNS service, NetBIOS service, and IP address
lease. The system also provides commands to configure these functions separately. These commands take
precedence over the option command.
Related commands:
l

DNS service: dhcp server domain-name and dhcp server dns-list

NetBIOS service: dhcp server nbns-list and dhcp server netbios-type

Lease: dhcp server lease

Perform the following steps on the DHCP server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hexstring &<1-10> | ip-address ip-address &<1-8> }

The DHCP option is configured.


After the dhcp server option command is run, the specified option is carried by the DHCP
Reply packet returned by the DHCP server. Before using this command, ensure that you know
the functions of the option to be configured. For details on the DHCP options, see RFC 2132.
----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

53

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.4.6 (Optional) Preventing Repetitive Allocation of an IP Address


To prevent repetitive IP address allocation, the DHCP server pings the IP address to be allocated
before allocating it to a client.

Context
Perform the following steps on the DHCP server.
After the dhcp server ping command is executed, the DHCP server can prevent repetitive IP
address allocation. The DHCP server pings an IP address to be allocated. If there is no response
to the ping packet within a certain period, the DHCP server continues to send ping packets to
this IP address until the number of ping packets reaches the maximum value. If there is still no
response, this IP address is not in use, and the DHCP server allocates the IP address to a client.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp server ping packet number

The maximum number of ping packets is set.


By default, the maximum number of ping packets to be sent by the S5700 is 2.
Step 3 Run:
dhcp server ping timeout milliseconds

The period in which the S5700 waits for the response is set.
By default, the period in which the S5700 waits for the response is 500 ms.
----End

3.4.7 (Optional) Configuring Automatic Saving of DHCP Data


You can configure the S5700 to save DHCP data to the storage device. When a fault occurs, you
can restore data from the storage device.

Context
Perform the following steps on the DHCP server.
When the S5700 functions as the DHCP server, you can enable the function of saving DHCP
data so that IP address information is saved to the storage device periodically.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

54

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Step 2 Run:
dhcp server database enable

The S5700 automatically saves DHCP data to the flash memory.


After the dhcp server database enable command is executed, the system generates the
lease.txt and conflict.txt files in the flash. The two files save the address lease information and
address conflict information.
Step 3 Run:
dhcp server database write-delay interval

The interval for saving DHCP data is set.


By default, DHCP data is not automatically saved to flash. After the S5700 is configured to
automatically save DHCP data, the S5700 saves data every 7200 seconds by default and the
latest data overwrites the previous data.
Step 4 Run:
dhcp server database recover

The DHCP data in the storage device is restored.


After the dhcp server database recover command is executed, the S5700 restores the DHCP
data in the flash.
----End

3.4.8 Checking the Configuration


This section describes how to view the configuration of the DHCP server based on the VLANIF
interface address pool.

Prerequisite
The configurations of the DHCP server based on the VLANIF interface address pool are
complete.

Procedure
l

Run the display dhcp server statistics command to view the statistics about the DHCP
server.

Run the display ip pool interface interface-name [ start-ip-address high-ip-address | all |


expired | conflict | used ] command to view information about the interface address pool.

----End

Example
Run the display dhcp server statistics command. The similar information is displayed.
<Quidway> display dhcp server statistics
Server Statistics:
Client Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:

Issue 01 (2011-10-26)

6
1
4
0
1

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

55

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service
Dhcp Inform:
Server Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:

3 DHCP Configuration
0
4
1
3
0
0

Run the display ip pool interface ip-pool-name command to view interface address pool on
VLANIF 10. The similar information is displayed.
<Quidway> display ip pool interface vlanif10
Pool-name
: vlanif10
Pool-No
: 2
Lease
: 1 Days 0 Hours 0 Minutes
Domain-name
: DNS-server0
: NBNS-server0
: Netbios-type
: Position
: Interface
Status
: Unlocked
Gateway-0
: 192.168.10.2
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------192.168.10.1 192.168.10.254
253
0
253
0
0
0
-----------------------------------------------------------------------------

3.5 Configuring the DHCP Relay Agent


By using a DHCP relay agent, the DHCP clients on a local area network (LAN) can communicate
with the DHCP servers on other network segments, and obtain IP addresses from them. The
DHCP clients on different network segments can also use one DHCP server. This reduces costs
and achieves centralized device management.

3.5.1 Establishing the Configuration Task


Before configuring the DHCP relay agent, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the required data. This helps you complete the
configuration task quickly and accurately.

Applicable Environment
If no DHCP server is configured on the local network, the DHCP relay function can be enabled
on an S5700 to forward DHCP Request packets to the DHCP servers on other networks. To
ensure that the DHCP clients obtain IP addresses, the DHCP server must use a global address
pool, and no address pool can be configured on the interface connected to the DHCP relay agent.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

56

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Figure 3-5 Network diagram of DHCP relay

DHCP Server
100.10.10.1/24

Internet

SwitchA

SwitchB

DHCP Relay
20.20.20.1/24

DHCP
Client

DHCP
Client

DHCP
Client

Pre-configuration Tasks
Before configuring the DHCP relay agent, complete the following tasks:
l

Configuring the DHCP server

Configuring a route from the S5700 to the DHCP server

Data Preparation
To configure the DHCP relay agent, you need the following data.
No.

Data

Name of the DHCP server group

IP addresses of the DHCP servers in a DHCP server group

Number and IP address of the interface enabled with the DHCP relay function

3.5.2 Configuring DHCP Relay on an Interface


When the network where a DHCP client resides does not have a DHCP server, a DHCP relay
agent can be configured to forward the DHCP packets of the client to a DHCP server.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

57

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Context
NOTE

A DHCP packet is forwarded between a DHCP client and a DHCP server at most 16 times, and then the
DHCP packet is discarded.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp enable

DHCP is enabled globally.


Step 3 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 4 Run:
ip address ip-address { mask | mask-length }

An IP address is allocated to the VLANIF interface.


NOTE

When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egress
gateway address is the same as the egress gateway address of the DHCP relay agent.

Step 5 Run:
dhcp select relay

The DHCP relay function is enabled for the VLANIF interface.


----End

Follow-up Procedure
When functioning as a DHCP relay agent, the S5700 forwards the DHCP Request packets from
DHCP clients to the DHCP server. After the DHCP relay function is enabled on the VLANIF
interface, set the DHCP server address on the VLANIF interface in either of the following ways:
l

Configure a destination DHCP server group and bind the group to the interface. For details,
see 3.5.3 Configuring a Destination DHCP Server Group and 3.5.4 Binding an
Interface to a DHCP Server Group.

Run the dhcp relay server-ip ip-address command in the VLANIF interface view to
configure the destination DHCP server address.

3.5.3 Configuring a Destination DHCP Server Group


Generally, a DHCP relay agent serves multiple DHCP servers. The DHCP servers that share
one DHCP relay agent can be added to a server group to facilitate server management. The
DHCP server group allocates IP addresses for the users connected to the DHCP relay agent.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

58

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Context
Perform the following steps on the DHCP relay agent.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp server group group-name

A DHCP server group is created and the DHCP server group view is displayed.
A maximum of 32 DHCP server groups can be configured globally.
Step 3 Run:
dhcp-server ip-address [ ip-address-index ]

A DHCP server is added to the DHCP server group.


Up to 20 DHCP servers can be added to a DHCP server group. If you do not specify the server
index, the system allocates an idle index to the server.
Step 4 (Optional) Run:
vpn-instance vpn-instance-name

A VPN instance is bound to the DHCP server group.


NOTE

The S5706 and S5700SI do not support this command.

----End

3.5.4 Binding an Interface to a DHCP Server Group


Multiple VLANIF interfaces can be bound to a DHCP server group; however, a VLANIF
interface can belong to only one DHCP server group. That is, the DHCP Request packets on a
VLANIF interface can be relayed to only one DHCP server group.

Context
Perform the following steps on the DHCP relay agent.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

59

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Step 3 Run:
dhcp relay server-select group-name

The VLANIF interface is bound to a DHCP server group.


You can also run dhcp relay server-ip command to specify a server for the VLANIF interface.
----End

3.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCP


Release Packet
If a user is forcibly disconnected, the IP address of the user needs to be released manually on
the DHCP server.

Context
When the IP address of a user expires, the DHCP server renews the IP address for the user if it
does not receive the DHCP Release packet. You can configure the DHCP relay agent to actively
send DHCP Release packets to the DHCP server. The DHCP server then releases the expired
IP addresses.
Perform the following steps on the DHCP relay agent.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 (Optional) Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
dhcp relay release client-ip-address mac-address [ server-ip-address ]

The DHCP relay agent is configured to send DHCP Release packets to the DHCP server.
l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ]
command in the system view:
If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets
to the servers in all DHCP server groups bound to the DHCP relay interfaces.
If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to
the specified DHCP server.
l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ]
command in the VLANIF interface view:
If no DHCP server is specified, the DHCP relay agent will send DHCP Release packets
to all the servers in the DHCP server group bound to this VLANIF interface.
If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets to
the specified DHCP server.
----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

60

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.5.6 Checking the Configuration


After the DHCP relay function is configured, you can use commands to view the configuration
result.

Prerequisite
The DHCP relay configurations are complete.

Procedure
l

Run the display dhcp relay { all | interface interface-type interface-number } command
to view the DHCP server group on a VLANIF interface and the servers in the DHCP server
group.

Run the display dhcp relay statistics command to view packet statistics on the DHCP
relay agent.

Run the display dhcp server group group-name command to view the DHCP server group
configuration.

----End

Example
Run the display dhcp relay interface interface-type interface-number command to view the
DHCP server group on VLANIF 100 and the servers in the DHCP server group. If the similar
information is displayed, the configuration succeeds.
<Quidway> display dhcp relay interface vlanif 100
DHCP relay agent running information of interface Vlanif100 :
Server IP address [01] : 10.2.2.3
Gateway address in use : 10.2.2.2

Run the display dhcp relay statistics command. If the similar information is displayed, the
configuration succeeds.
<Quidway> display dhcp relay statistics
The statistics of DHCP RELAY:
DHCP packets received from clients
DHCP DISCOVER packets received
DHCP REQUEST packets received
DHCP RELEASE packets received
DHCP INFORM packets received
DHCP DECLINE packets received
DHCP packets sent to clients
Unicast packets sent to clients
Broadcast packets sent to clients
DHCP packets received from servers
DHCP OFFER packets received
DHCP ACK packets received
DHCP NAK packets received
DHCP packets sent to servers
DHCP Bad packets received

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

Run the display dhcp server group group-name command to view the configuration of DHCP
server group group1. If the similar information is displayed, the configuration succeeds.
<Quidway> display dhcp server group group1
Group-name
: group1
(0) Server-IP
: 100.10.10.1
(1) Server-IP
: 100.10.10.2
Gateway
: -VPN instance
: --

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

61

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.6 Maintaining DHCP


After DHCP configurations are complete, you can clear DHCP statistics and monitor DHCP
operation.

3.6.1 Clearing DHCP Statistics


During routine maintenance, you can use the reset commands to clear the statistics about the
specified DHCP server group.

Context

CAUTION
DHCP statistics cannot be restored after they are cleared. Exercise caution when running the
reset commands.

Procedure
l

To clear DHCP server statistics, run the reset dhcp server statistics command in the user
view.

To clear DHCP relay agent statistics, run the reset dhcp relay statistics command in the
user view.

----End

3.6.2 Monitoring DHCP Operation


During routine maintenance, you can use the following commands in any view to monitor DHCP
operation status.

Procedure
l

Run the display dhcp relay { all | interface interface-type interface-number } command
to view the DHCP server group on a VLANIF interface and the servers in the DHCP server
group.

Run the display dhcp relay statistics command to view packet statistics on the DHCP
relay agent.

Run the display dhcp server group [ group-name ] command to view the servers in the
DHCP server group.

----End

3.7 Configuration Examples


DHCP configuration examples explain the networking requirements, networking diagram,
configuration notes, configuration roadmap, and configuration procedure. The configuration
examples involve various usage scenarios of DHCP.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

62

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

3.7.1 Example for Configuring a DHCP Server Based on the Global


Address Pool
This section describes how to configure a global address pool to allocate IP addresses for clients
when the clients and DHCP server are in the same network segment.

Networking Requirements
An enterprise has two offices that are in the same network segment. To reduce network
construction cost, the enterprise uses one DHCP server to allocate IP addresses for the computers
in the two offices.
As shown in Figure 3-6, SwitchA functions as the DHCP server, and SwitchB and SwitchC are
user access switches. A global address pool or an interface address pool can be configured on
SwitchA. This section describes how to configure a global address pool. Address pool
10.1.1.0/24 consists of two network segments: 10.1.1.0/25 and 10.1.1.128/25. The IP addresses
of the VLANIF interfaces on the DHCP server are 10.1.1.1/25 and 10.1.1.129/25.
There are a few computers in network segment 10.1.1.0/25 and the computer locations are fixed.
The lease of an IP address in 10.1.1.0/25 is 10 days, the DNS address is 10.1.1.2, no NetBIOS
address is set, and the IP address of the egress gateway is 10.1.1.126.
There are many computers in network segment 10.1.1.128/25 and the computers are often moved
from one place to another. The lease of an IP address in 10.1.1.128/25 is 2 days, the DNS address
is 10.1.1.2, the NetBIOS address is 10.1.1.4, and the IP address of the egress gateway is
10.1.1.254.

Figure 3-6 Networking diagram for configuring the DHCP server based on the global address
pool

NetBIOS
server

DHCP
client

DHCP
client

GE 0/0/1
VLANIF10
10.1.1.1/25

DHCP
client

GE 0/0/2
VLANIF20
10.1.1.129/25
SwtichC

SwtichB
SwtichA
DHCP server

DNS
server

DHCP
client

Network: 10.1.1.0/25

Issue 01 (2011-10-26)

DHCP
client

DHCP
client

Network: 10.1.1.128/25

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

63

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable the DHCP server function on SwitchA.

2.

Create a global address pool on SwitchA and set the attributes of the address pool, including
the range of the address pool, egress gateway, NetBIOS address, and address lease.

3.

Configure VLANIF interfaces to use the global address pool to allocate IP addresses.

Data Preparation
To complete the configuration, you need the following data:
Number and range of the global address pool on SwitchA
NOTE

The following configurations are performed on SwitchA.

Procedure
Step 1 Enable DHCP.
<Quidway> system-view
[Quidway] dhcp enable

Step 2 Create address pools and set the attributes of the address pools.
# Set the attributes of IP address pool 1, including the address pool range, DNS address, egress
gateway address, and address lease.
[Quidway] ip pool 1
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]
[Quidway-ip-pool-1]

network 10.1.1.0 mask 255.255.255.128


dns-list 10.1.1.2
gateway-list 10.1.1.126
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.4
lease day 10
quit

# Set the attributes of IP address pool 2, including the address pool range, DNS address, egress
gateway address, NetBIOS address, and address lease.
[Quidway] ip pool 2
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]
[Quidway-ip-pool-2]

network 10.1.1.128 mask 255.255.255.128


dns-list 10.1.1.2
nbns-list 10.1.1.4
gateway-list 10.1.1.254
lease day 2
quit

Step 3 Set the address allocation mode on the VLANIF interfaces.


# Add GE 0/0/1 to VLAN 10 and GE 0/0/2 to VLAN 20.
[Quidway] vlan batch 10 20
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] quit

Issue 01 (2011-10-26)

0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

64

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

# Configure the clients on VLANIF 10 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] ip address 10.1.1.1 255.255.255.128
[Quidway-Vlanif10] dhcp select global
[Quidway-Vlanif10] quit

# Configure the clients on VLANIF 20 to obtain IP addresses from the global address pool.
[Quidway] interface vlanif 20
[Quidway-Vlanif20] ip address 10.1.1.129 255.255.255.128
[Quidway-Vlanif20] dhcp select global
[Quidway-Vlanif20] quit

Step 4 Verify the configuration.


Run the display ip pool command on the S5700, and you can view the configuration of the IP
address pool.
[Quidway] display ip pool
----------------------------------------------------------------------Pool-name
: 2
Pool-No
: 0
Position
: Local
Status
: Unlocked
Gateway-0
: 10.1.1.254
Mask
: 255.255.255.128
VPN instance
: -----------------------------------------------------------------------Pool-name
: 1
Pool-No
: 2
Position
: Local
Status
: Unlocked
Gateway-0
: 10.1.1.126
Mask
: 255.255.255.128
VPN instance
: -IP address Statistic
Total
:250
Used
:0
Expired
:0

Idle
Conflict

:248
:0

Disable

:2

----End

Configuration Files
Configuration file of the SwitchA
#
sysname Quidway
#
vlan batch 10 20
#
dhcp enable
#
ip pool 1
ip pool 2
#
ip pool 1
gateway-list 10.1.1.126
network 10.1.1.0 mask 255.255.255.128
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.4
dns-list 10.1.1.2
lease day 10 hour 0 minute 0
#
ip pool 2
gateway-list 10.1.1.254

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

65

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

network 10.1.1.128 mask 255.255.255.128


dns-list 10.1.1.2
nbns-list 10.1.1.4
lease day 5 hour 0 minute 0
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.128
dhcp select global
#
interface Vlanif20
ip address 10.1.1.129 255.255.255.128
dhcp select global
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return

3.7.2 Example for Configuring the DHCP Server Based on the


Interface Address Pool
A DHCP server can allocate IP addresses for the clients in the same network segment by using
an interface address pool.

Networking Requirements
A campus has two equipment rooms, which are in different network segments. A switch needs
to be configured as a DHCP server to allocate IP addresses for the computers in the two
equipment rooms.
The DHCP server is connected to the access switches of the two equipment rooms, and allocates
IP addresses for the computers by using two interface address pools.
As shown in Figure 3-7, SwitchA functions as the DHCP server, and SwitchB and SwitchC are
the access switches. The two VLANIF interface address pools need to be configured on GE
0/0/1 and GE 0/0/2 of SwitchA.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

66

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Figure 3-7 Networking diagram for configuring a DHCP server based on a VLANIF interface
address pool

NetBIOS Server
10.1.1.3/24

DHCP
Client

DNS Server
10.1.1.2/24

VLANIF10
10.1.1.1/24
GE0/0/1

SwitchB

GE0/0/2
VLANIF11
10.1.2.1/24

SwitchC

DHCP
Client

DHCP
Client

SwitchA
DHCP
Server

DHCP
Client

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure SwitchA as a DHCP server.

2.

Create VLANIF interfaces and allocate IP addresses to VLANIF interfaces to determine


the range of address pools.

3.

Enable the VLANIF interface address pools.

4.

Set the address pool attributes, including the DNS server address, NetBIOS server address,
and IP address lease.

Data Preparation
To complete the configuration, you need the following data:
l

IP addresses of the interfaces

DNS server address and NetBIOS server address

Address lease in the address pool

Procedure
Step 1 Enable DHCP.
<Quidway> system-view
[Quidway] dhcp enable

Step 2 Add interfaces to VLANs.


# Add GE 0/0/1 to VLAN 10.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

67

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

[Quidway] vlan batch 10 to 11


[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[Quidway-GigabitEthernet0/0/1] quit

# Add GE 0/0/2 to VLAN 11.


[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port hybrid pvid vlan 11
[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 11
[Quidway-GigabitEthernet0/0/2] quit

Step 3 Allocate IP addresses to VLANIF interfaces.


# Allocate an IP address to VLANIF 10.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] ip address 10.1.1.1 24
[Quidway-Vlanif10] quit

# Allocate an IP address to VLANIF 11.


[Quidway] interface vlanif 11
[Quidway-Vlanif11] ip address 10.1.2.1 24
[Quidway-Vlanif11] quit

Step 4 Enable the VLANIF interface address pool.


# Configure the clients on VLANIF 10 to obtain IP addresses from the interface address pool.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] dhcp select interface
[Quidway-Vlanif10] quit

# Configure the clients on VLANIF 11 to obtain IP addresses from the interface address pool.
[Quidway] interface vlanif 11
[Quidway-Vlanif11] dhcp select interface
[Quidway-Vlanif11] quit

Step 5 Configure the DNS service and NetBIOS services of the address pool.
# Configure the DNS service and NetBIOS service of VLANIF 10 address pool.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server
[Quidway-Vlanif10] dhcp server

domain-name huawei.com
dns-list 10.1.1.2
nbns-list 10.1.1.3
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.3
netbios-type b-node

Step 6 Set IP address leases of IP address pools.


# Set the IP address lease of VLANIF 10 address pool to 30 days.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] dhcp server lease day 30
[Quidway-Vlanif10] quit

# Set the IP address lease of VLANIF 11 address pool to 20 days.


[Quidway] interface vlanif 11
[Quidway-Vlanif11] dhcp server lease day 20
[Quidway-Vlanif11] quit

Step 7 Verify the configuration.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

68

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Run the display ip pool interface command on SwitchA to view the configuration of the
interface address pool.
[Quidway] display ip pool interface vlanif10
Pool-Name
: vlanif10
Pool-No
: 0
Lease
: 30 Days 0 Hours 0 Minutes
Domain-name
: huawei.com
DNS-Server0
: 10.1.1.2
NBNS-Server0
: 10.1.1.3
Netbios-type
: b-node
Position
: Interface
Status
: Unlocked
Gateway-0
: 10.1.1.1
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------10.1.1.1
10.1.1.254
253
0
251
0
0
2
----------------------------------------------------------------------------[Quidway] display ip pool interface vlanif11
Pool-Name
: vlanif11
Pool-No
: 1
Lease
: 20 Days 0 Hours 0 Minutes
Domain-name
: DNS-Server0
: NBNS-Server0
: Netbios-type
: Position
: Interface
Status
: Unlocked
Gateway-0
: 10.1.2.1
Mask
: 255.255.255.0
VPN instance
: -----------------------------------------------------------------------------Start
End
Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------------------10.1.2.1
10.1.2.254
253
0
253
0
0
0
-----------------------------------------------------------------------------

----End

Configuration Files
Configuration file of SwitchA
#
sysname Quidway
#
vlan batch 10 to 11
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.1.1.2 10.1.1.3
dhcp server dns-list 10.1.1.2
dhcp server netbios-type b-node
dhcp server nbns-list 10.1.1.3
dhcp server lease day 30 hour 0 minute 0
dhcp server domain-name huawei.com
#
interface Vlanif11
ip address 10.1.2.1 255.255.255.0
dhcp select interface
dhcp server lease day 20 hour 0 minute 0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

69

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
return

3.7.3 Example for Configuring a DHCP Relay Agent


When the DHCP server and DHCP clients are in different network segments, a DHCP relay
agent is required.

Networking Requirements
An enterprise has multiple offices, which are distributed in different office buildings. The offices
in a building belong to the same local area network (LAN), and the buildings belong to different
LANs. The enterprise uses a DHCP server to allocate IP addresses to all clients.
As shown in Figure 3-8, the DHCP clients are in the network segment 20.20.20.0/24 and the
DHCP server is in the network segment 100.10.10.0/24. A Switch enabled with DHCP relay is
required between the clients and server. By using the DHCP relay agent, the DHCP clients can
obtain IP addresses from the DHCP server.
The DHCP server and the clients are in different network segments, and an interface-based
address pool cannot allocate IP addresses to the clients in different network segments. A global
address pool in the network segment 20.20.20.0/24 is required, and the DHCP server must have
a reachable route to the network segment 20.20.20.0/24.
Figure 3-8 DHCP relay agent networking diagram

SwitchB
GE0/0/1
DHCP Server

Internet

VLANIF20
100.10.10.1/24
SwitchA

DHCP Relay
GE0/0/1

DHCP
Client

VLANIF100
20.20.20.1/24

DHCP
Client

DHCP
Client

VLAN100

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

70

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Configuration Roadmap
Configure SwitchA as a DHCP relay agent. The configuration roadmap is as follows:
1.

Configure a DHCP server group on SwitchA and add SwitchB to the DHCP server group.

2.

Enable DHCP relay on VLANIF 100.

3.

Bind the DHCP server group to VLANIF 100 and specify the DHCP server for the DHCP
relay agent.

Configure SwitchB as the DHCP server. The configuration roadmap is as follows:


1.

Configure a reachable route from the DHCP server to GE 0/0/1 of the DHCP relay agent.

2.

Enable the DHCP function on the server. Configure the clients connected to GE 0/0/1 of
the server to obtain IP addresses from the global address pool.

3.

Create a global address pool on the DHCP server to allocate IP addresses to clients.

Data Preparation
To complete the configuration, you need the following data:
l

Name of the DHCP server group

IP address of the DHCP server in the DHCP server group

Number and IP address of the interface enabled with DHCP relay

Procedure
Step 1 Create a DHCP server group and add DHCP servers to the DHCP server group.
# Create a DHCP server group.
<Quidway> system-view
[Quidway] dhcp server group dhcpgroup1

# Add DHCP servers to the DHCP server group.


[Quidway-dhcp-server-group-dhcpgroup1] dhcp-server 100.10.10.1
[Quidway-dhcp-server-group-dhcpgroup1] quit

Step 2 Enable DHCP relay on the VLANIF interface.


# Create a VLAN and add GE 0/0/1 to the VLAN.
[Quidway] vlan 100
[Quidway-Vlan100] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type trunk
[Quidway-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Quidway-GigabitEthernet0/0/1] quit

# Enable DHCP globally, and then enable DHCP Relay on the VLANIF 100 interface.
[Quidway] dhcp enable
[Quidway] interface vlanif 100
[Quidway-Vlanif100] dhcp select relay
[Quidway-Vlanif100] quit

Step 3 Bind a VLANIF interface to a specified DHCP server group.


# Assign an IP address to the VLANIF interface.
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ip address 20.20.20.1 24

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

71

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

# Bind the VLANIF interface to a specified DHCP server group.


[Quidway-Vlanif100] dhcp relay server-select dhcpgroup1
[Quidway-Vlanif100] quit

Step 4 Configure the DHCP server.


# Create a VLAN and add GE 0/0/1 to the VLAN.
[Quidway] vlan 20
[Quidway-Vlan20] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type trunk
[Quidway-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[Quidway-GigabitEthernet0/0/1] quit

# Enable the DHCP function and configure the clients connected to VLANIF 20 to obtain IP
addresses from the global address pool.
<Quidway> system-view
[Quidway] dhcp enable
[Quidway] interface vlanif 20
[Quidway-Vlanif20] ip address 100.10.10.1 24
[Quidway-Vlanif20] dhcp select global
[Quidway-Vlanif20] quit

Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static route
from the DHCP server to the Switch. Ensure that the route between the DHCP server and network
segment 20.20.20.0/24 is reachable.
[Quidway] ip pool 1
[Quidway-ip-pool-1] network 20.20.20.0 mask 24
[Quidway-ip-pool-1] quit

# Configure a static route from the address pool to the DHCP relay agent to ensure that the DHCP
server has a reachable route to the network segment 20.20.20.0/24.(The configuration procedure
is not provided here.)
Step 5 Verify the configuration.
# Run the display dhcp relay command on SwitchA to view the DHCP relay configuration on
the interface.
[Quidway] display dhcp relay interface vlanif100
DHCP relay agent running information of interface Vlanif100 :
Server group name
: dhcpgroup1
Gateway address in use : 100.10.10.1

# Run the display ip pool command on SwitchB to view the address pool configuration.
[Quidway] display ip pool
----------------------------------------------------------------------Pool-Name
: 1
Pool-No
: 0
Position
: Local
Status
: Unlocked
Gateway-0
: Mask
: 255.255.255.0
Vpn instance
: -IP address Statistic
Total
:250
Used
:0
Idle
:248
Expired
:0
Conflict
:0
Disable
:2

----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

72

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

3 DHCP Configuration

Configuration Files
Configuration file of SwitchA
#
sysname Quidway
#
vlan 100
#
dhcp enable
#
dhcp server group dhcpgroup1
dhcp-server 100.10.10.1
#
interface Vlanif100
ip address 20.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
return

Configuration file of SwitchB


#
sysname Quidway
#
vlan batch 20
#
dhcp enable
#
ip pool 1
network 20.20.20.0 mask 255.255.255.0
#
interface Vlanif20
ip address 100.10.10.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

73

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

DHCPv6 Configuration

About This Chapter


Currently, the S5700 can function as only the DHCP relay agent on IPv6 networks. This
document describes how to configure Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
relay.
4.1 Introduction to DHCPv6
DHCPv6 is designed for IPv6 addressing and is used to allocate IPv6 addresses and other
network configuration parameters to hosts.
4.2 DHCPv6 Features Supported by the S5700
Currently, the S5700 supports only the DHCPv6 relay function, and cannot function as the
DHCPv6 server or client.
4.3 Configuring DHCPv6 Relay
When the DHCPv6 client and the DHCPv6 server are on different links, you need to deploy
DHCPv6 relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, the
DHCPv6 relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client and
the DHCPv6 server.
4.4 Maintaining DHCPv6
This section describes how to clear the statistics about DHCPv6 messages passing through the
DHCPv6 relay agent and monitor the running status of the DHCPv6 relay agent.
4.5 Configuration Examples
This section provides a configuration example of DHCPv6 relay.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

74

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

4.1 Introduction to DHCPv6


DHCPv6 is designed for IPv6 addressing and is used to allocate IPv6 addresses and other
network configuration parameters to hosts.

Advantages of Addresses Allocated by DHCPv6


Compared with other IPv6 address allocation modes (manual configuration and stateless address
auto-configuration through the network prefix in router advertisement messages), DHCPv6 has
the following advantages:
l

Controls address allocation better. The device enabled with DHCPv6 can record the address
allocated to the host and allocate a special address to the specified host. This facilitates
network management.

Provides network configuration parameters including the IP address of the DNS server and
the domain name for hosts in addition to IPv6 addresses.

Basic Concepts of DHCPv6


l

Multicast address
In DHCPv6, the client does not need to be configured with the IP address of the DHCPv6
server. Instead, the client locates the DHCPv6 server by sending Solicit messages whose
destination address is a multicast address.
DHCPv6 uses the following multicast addresses:
FF02::1:2 (All_DHCP_Relay_Agents_and_Servers): indicates the multicast address of
all the DHCP servers and relay agents. The address is the link-scoped multicast address
and is used for communication between a DHCP client and its neighboring server or
relay agent on the link. All the DHCP servers and relay agents are members of the
multicast group.
FF05::1:3 (All_DHCP_Servers): indicates the multicast address of all the DHCP
servers. The address is the site-scoped address and is used for communication between
DHCP relay agents and DHCP servers within a site. All DHCP servers within a site are
members of this multicast group.

UDP port number


DHCPv6 messages are transmitted through UDPv6. DHCP clients listen on port 546 for
DHCP messages, and DHCP servers and relay agents listen on port 547 for DHCP
messages.

DUID
The DHCP Unique Identifier (DUID) identifies a DHCPv6-enabled device including the
DHCPv6 client and is used for verification between DHCPv6-enabled devices.
The S5700 uses the DUID Based on hardware type, Link-layer Address and Time (DUIDLLT) to identify DHCPv6-enabled devices.
Figure 4-1 shows the format of the DUID-LLT.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

75

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

Figure 4-1 DUID-LLT format

15

0
DUID type

31
Hardware type

Time
Link layer address

DUID type: The value of the DUID type is 0x0001.


Hardware type: The hardware type supported by the device is Ethernet and the value is
0x0006.
Time: time when the DUID is generated. Before the DUID is generated, the system time
must be configured or the clock source is available.
Link layer address: The value is the link layer address of any interface. The interface
has a unique link layer address. The link layer address is the MAC address.

4.2 DHCPv6 Features Supported by the S5700


Currently, the S5700 supports only the DHCPv6 relay function, and cannot function as the
DHCPv6 server or client.

Typical Networking of DHCPv6


Figure 4-2 shows a typical networking of DHCPv6. The DHCPv6 client communicates with
the DHCPv6 server through the link-scoped multicast address to obtain the IPv6 address and
other network configuration parameters. If the DHCPv6 server and the DHCPv6 client are
located on different links, the DHCPv6 relay agent is required to forward messages. In this case,
you do not need to deploy a DHCPv6 server on each link. The costs are thus saved and
concentrated management is implemented easily.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

76

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

Figure 4-2 Typical networking of DHCPv6

DHCPv6 client

DHCPv6 client

IPv6 network
DHCPv6 relay agent

DHCPv6 client

DHCPv6 client

DHCPv6 server

NOTE

Currently, the S5700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 server
or client.

DHCPv6 Relay Function Supported by the S5700


l

Forwards messages from DHCPv6 clients.


If the S5700 is the first-hop DHCPv6 relay agent, it receives DHCPv6 messages from
DHCPv6 clients. Then the S5700 resolves, encapsulates, and forwards the received
DHCPv6 messages.

Forwards messages from DHCPv6 relay agents.


If the S5700 is the non-first-hop DHCPv6 relay agent, it receives DHCPv6 messages from
DHCPv6 relay agents. Then the S5700 resolves, encapsulates, and forwards the received
DHCPv6 messages.

Forwards messages from DHCPv6 servers.


If the S5700 is the last-hop DHCPv6 relay agent, it receives DHCPv6 messages from
DHCPv6 servers. Then the S5700 resolves, encapsulates, and forwards the received
DHCPv6 messages.

Appends the remote ID.


The S5700 can append or forcibly append the remote ID in Relay-Forward messages.

Limits the rate of DHCPv6 messages to be forwarded.


To prevent a large number of messages of clients or relay agents from attacking the device,
the S5700 can limit the rate of DHCPv6 messages to be forwarded. An alarm is generated
when the number of discarded packets exceeds the threshold.

Collects statistics on forwarded DHCPv6 messages.


If the S5700 is enabled with the DHCPv6 relay function, the S5700 collects statistics on
DHCPv6 messages passing through the DHCP relay agent.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

77

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

4.3 Configuring DHCPv6 Relay


When the DHCPv6 client and the DHCPv6 server are on different links, you need to deploy
DHCPv6 relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, the
DHCPv6 relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client and
the DHCPv6 server.

4.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, and data preparation
for configuring DHCPv6 relay.

Applicable Environment
When the DHCPv6 client applies to the DHCPv6 server on a different link for the IP address,
you need to deploy relay agents between the DHCPv6 client and the DHCPv6 server. In this
manner, the relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client
and the DHCPv6 server.

Pre-configuration Tasks
Before configuring DHCPv6 relay, complete the following tasks:
l

Configuring the DHCPv6 server

Configuring the route between the S5700 and DHCPv6 server

Data Preparation
To configure DHCPv6 relay, you need the following data.
No.

Data

Type and number of the interface where DHCPv6 relay is enabled (the interface type
is VLANIF)

Type and number of the interface where the function of appending the remote ID to
DHCPv6 relay messages is enabled (the interface type can be GE, or XGE)

(Optional) Maximum transmission rate of DHCPv6 messages and alarm threshold of


the number of DHCPv6 messages discarded

4.3.2 Enabling the DHCPv6 Relay Function


You can enable the DHCPv6 relay function on a VLANIF interface of the S5700, set the IPv6
address of the DHCPv6 server or the next hop relay agent, and specify the outbound interface
of relay messages.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

78

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp enable

DHCP is enabled.
Step 3 Run:
ipv6

The IPv6 packet forwarding capability is enabled.


Step 4 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 5 Run:
ipv6 enable

The IPv6 capability is enabled on the interface.


Step 6 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

The IPv6 address is configured on the interface.


Step 7 Run:
dhcpv6 relay destination ipv6-address [ interface interface-type interface-number ]

The DHCPv6 relay function is enabled on the VLANIF interface, the IPv6 address of the
DHCPv6 server or the next hop relay agent is set, and the outbound interface of relay messages
is specified.
By default, the DHCPv6 relay function is disabled on a VLANIF interface.
l If the configured IPv6 address is a global address or a site address, the outbound interface
does not need to be specified. The DHCPv6 server sends the relay messages to the IPv6
address by searching for a route.
l If the configured IPv6 address is a local address or a multicast address, the outbound interface
of the DHCPv6 server or the next hop relay agent needs to be specified.
On the S5700, up to eight interfaces can be enabled with the DHCPv6 relay function and each
interface can be configured with up to eight destination addresses.
----End

4.3.3 (Optional) Configuring the Remote ID


The remote ID carries information about a client and identifies a client.

Context
The DHCPv6 server can make decisions about address allocation, parameter setting, and prefix
agent according to the remote ID. The format of the remote ID is defined by the vendor. Usually,
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

79

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

the remote ID carries the phone number and user name in a dial-up connection, or the peer IP
address and access interface in a point-to-point connection. Currently, a remote ID can contain
a maximum of 247 bytes.
When the S5700 functions as the DHCPv6 relay agent, it processes the remote ID as follows:
l

The S5700 directly receives messages from DHCPv6 clients. When constructing a RelayForward message, the S5700 adds the remote ID to the Relay-Forward message according
to the configuration.

If the Relay-Reply message received by the S5700 from the DHCPv6 server contains the
remote ID, the S5700 removes the remote ID from the Relay-Reply message before
forwarding it to DHCPv6 clients or other relay agents.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcpv6 remote-id format { default | user-defined text }

The format of the remote ID in DHCPv6 messages is set.


By default, the default format of the remote ID in DHCPv6 messages is used.
Step 3 Run:
interface interface-type interface-number

The interface view is displayed.


The interface can be a GE interface or an XGE interface.
Step 4 Run:
dhcpv6 remote-id insert enable

The function of appending the remote ID to DHCPv6 relay messages is enabled.


Or, run:
dhcpv6 remote-id rebuild enable

The function of forcibly appending the remote ID to DHCPv6 relay messages is enabled.
l After the dhcpv6 remote-id insert enable command is used, if the original DHCPv6
messages do not carry the remote ID, the S5700 appends the remote ID to the DHCPv6
messages. If the original DHCPv6 messages carry the remote ID, the S5700 sends the DHCP
messages directly.
l After the dhcpv6 remote-id rebuild enable command is used, if the original DHCPv6
messages do not carry the remote ID, the S5700 appends the remote ID to the DHCPv6
messages. If the original DHCPv6 messages carry the remote ID, the S5700 deletes the
original remote ID from the DHCP messages and appends a new remote ID to the DHCP
messages.
If you run the dhcpv6 remote-id insert enable and dhcpv6 remote-id rebuild enable
commands simultaneously on an interface, the command that you run later takes effect.
----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

80

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

4.3.4 (Optional) Configuring Rate Limit of DHCPv6 Messages


To prevent a large number of messages of clients or relay agents from attacking the device, the
S5700 can limit the rate of DHCPv6 messages to be forwarded.

Context
After rate limit of DHCPv6 messages is enabled, excessive DHCPv6 messages are discarded
when the rate of DHCPv6 messages exceeds the limit. When the number of discarded DHCPv6
messages exceeds the threshold, the S5700 supports the log function.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp enable

DHCP is enabled.
Step 3 Run:
dhcpv6 packet-rate packet-rate

Rate limit of DHCPv6 messages is enabled and the maximum transmission rate of DHCPv6
messages is set.
By default, rate limit of DHCPv6 messages is disabled on the S5700.
Step 4 Run:
dhcpv6 packet-rate drop-alarm enable

The alarm function for DHCPv6 messages discarded when the rate of DHCPv6 messages
exceeds rate limit.
After the log function is enabled, if the number of DHCPv6 messages that pass through the
S5700 every second exceeds the rate limit, they are discarded. By default, S5700 sends logs
when the number of discarded DHCPv6 messages exceeds 100.
Step 5 Run:
dhcpv6 packet-rate drop-alarm threshold threshold

The log threshold for DHCPv6 messages discarded is set when the rate of DHCPv6 messages
exceeds rate limit.
----End

4.3.5 Checking the Configuration


This section describes how to check the configuration of DHCPv6 relay.

Prerequisite
The configurations of DHCPv6 relay are complete.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

81

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

Procedure
l

Run the display dhcpv6 relay [ interface interface-type interface-number ] command to


check the configuration about the interface enabled with the DHCPv6 relay function.
Currently, the interface type can only be the VLANIF interface.

Run the display dhcpv6 relay statistics [ interface interface-type interface-number ]


command to check the statistics about DHCPv6 messages passing through the DHCPv6
relay agent.
Currently, the interface type can only be the VLANIF interface.

----End

4.4 Maintaining DHCPv6


This section describes how to clear the statistics about DHCPv6 messages passing through the
DHCPv6 relay agent and monitor the running status of the DHCPv6 relay agent.

4.4.1 Clearing the Statistics About DHCPv6 Messages Passing


Through the DHCP Relay Agent
If the S5700 is enabled with the DHCPv6 relay function, the system collects statistics about
DHCPv6 messages passing through the DHCP relay agent. To clear the statistics about DHCPv6
messages passing through the DHCPv6 relay agent, you can use the command in the user view
or system view.

Context

CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you use the
command.

Procedure
l

Run the reset dhcpv6 relay statistics [ interface interface-type interface-number ]


command to clear the statistics about DHCPv6 messages passing through the DHCPv6
relay agent.
The interface must be the VLANIF interface. If no interface is specified, all the statistics
about DHCPv6 messages are cleared. If the interface is specified, the statistics about
DHCPv6 messages on the specified interface are cleared.

----End

4.4.2 Monitoring the Running Status of the DHCPv6 Relay Agent


This section describes how to use the display commands to monitor the running status of the
DHCPv6 relay agent.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

82

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

Procedure
l

Run the display dhcpv6 relay [ interface interface-type interface-number ] command to


check the configuration about the interface enabled with the DHCPv6 relay function.

Run the display dhcpv6 relay statistics [ interface interface-type interface-number ]


command to check the statistics about DHCPv6 messages passing through the DHCPv6
relay agent.

----End

4.5 Configuration Examples


This section provides a configuration example of DHCPv6 relay.

4.5.1 Example for Configuring DHCPv6 Relay


This section provides a configuration example of DHCPv6 relay.

Networking Requirements
As shown in Figure 4-3, the DHCPv6 client address is 2000::/64 and the DHCPv6 server address
is 3000::3/64. The DHCPv6 client and the DHCPv6 server are on different links; therefore, a
DHCPv6 relay agent is required to forward DHCPv6 messages.
It is required that the Switch should function as the DHCPv6 relay agent to forward DHCPv6
messages exchanged between the DHCPv6 client and the DHCPv6 server. In addition, the
Switch functions as the gateway device of the network at 2000::/64. By specifying the M flag
bit and O flag bit in RA messages, hosts on the network are enabled to obtain IPv6 addresses
and other network configuration parameters through DHCPv6.
Figure 4-3 Networking for configuring DHCPv6 relay

DHCPv6 client

DHCPv6 client
GE0/0/2
GE0/0/1
Switch
VLANIF20
VLANIF10
3000::1/64
2000::1/64

DHCPv6 relay agent

3000::3/64
DHCPv6 server

DHCPv6 client

DHCPv6 client

Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 01 (2011-10-26)

Enable DHCP.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

83

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

2.

Create VLANIF interfaces and set IPv6 addresses of the VLANIF interfaces.

3.

Enable the DHCPv6 relay function and set the DHCPv6 server address.

4.

Configure the Switch as the gateway.

Data Preparation
To complete the configuration, you need the following data:
l

IPv6 addresses of the interfaces

IP address of the DHCPv6 server

Procedure
Step 1 Enable DHCP.
<Quidway> system-view
[Quidway] dhcp enable

Step 2 Add interfaces to VLANs.


# Add GigabitEthernet0/0/1 to VLAN 10.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[Quidway-GigabitEthernet0/0/1] quit

# Add GigabitEthernet0/0/2 to VLAN 20.


[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 20
[Quidway-GigabitEthernet0/0/2] quit

Step 3 Set IPv6 addresses of VLANIF interfaces.


# Enable the IPv6 packet forwarding function.
[Quidway] ipv6

# Set the IPv6 address of VLANIF 10.


[Quidway] vlan batch 10 20
[Quidway] interface vlanif 10
[Quidway-Vlanif10] ipv6 enable
[Quidway-Vlanif10] ipv6 address 2000::1 64
[Quidway-Vlanif10] quit

# Set the IPv6 address of VLANIF 20.


[Quidway] interface vlanif 20
[Quidway-Vlanif20] ipv6 enable
[Quidway-Vlanif20] ipv6 address 3000::1 64
[Quidway-Vlanif20] quit

Step 4 Enable the DHCPv6 relay function.


# Enable the DHCPv6 relay function on VLANIF 10 and set the IP address of the DHCPv6
server.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] dhcpv6 relay destination 3000::3

Step 5 Configure the Switch as the gateway.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

84

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

# Configure the Switch to send RA messages and configure M and O flag bits.
[Quidway-Vlanif10]
[Quidway-Vlanif10]
[Quidway-Vlanif10]
[Quidway-Vlanif10]

undo ipv6 nd ra halt


ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
quit

Step 6 Verify the configuration.


Run the display dhcpv6 relay command on the Switch, and you can view the configuration of
DHCPv6 relay.
[Quidway] display dhcpv6 relay
Interface
Mode
Destination
-----------------------------------------------------------------Vlanif10
Relay
3000::3
------------------------------------------------------------------

Run the display dhcpv6 relay statistics on the Switch, and you can view the statistics about
DHCP messages passing through the DHCPv6 relay agent.
[Quidway] display dhcpv6 relay statistics
MessageType
Receive
Send
Solicit
0
0
Advertise
0
0
Request
0
0
Confirm
0
0
Renew
0
0
Rebind
0
0
Reply
0
0
Release
0
0
Decline
0
0
Reconfigure
0
0
Information-request
0
0
Relay-forward
0
0
Relay-reply
0
0
UnknownType
0
0

Error
0
0
0
0
0
0
0
0
0
0
0
0
0
0

----End

Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 10 20
#
ipv6
#
dhcp enable
#
interface Vlanif10
ipv6 enable
ipv6 address 2000::1/64
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
dhcpv6 relay destination 3000::3
#
interface Vlanif20
ipv6 enable
ipv6 address 3000::1/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

85

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

4 DHCPv6 Configuration

interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

86

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

IP Performance Configuration

About This Chapter


This chapter describes the basic concepts of IP performance, and provides configuration
procedures and examples of IP performance.
5.1 Introduction to IP Performance
On certain networks, you need to change IP parameters to optimize the performance of networks.
Here, IP performance parameters supported by the S5700 are described.
5.2 IP Performance Supported by the S5700
5.3 Optimizing IP Performance
This section describes how to optimize IP performance of a certain network by setting IP
performance parameters.
5.4 Maintaining IP Performance
This section describes how to maintain IP performance.
5.5 Configuration Examples
This section provides several configuration examples of IP performance.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

87

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

5.1 Introduction to IP Performance


On certain networks, you need to change IP parameters to optimize the performance of networks.
Here, IP performance parameters supported by the S5700 are described.

5.2 IP Performance Supported by the S5700


ICMP
l

ICMP Host Unreachable Messages


When forwarding packets, the device discards the packets and returns an ICMP host
unreachable message to the source to notify that the source must stop sending packets to
this destination if the device encounters the following situations:
There is no route to the destination.
The packet is not for itself.

ICMP Packet Sending Switches


In normal circumstance, ICMP host unreachable messages can ensure normal packet
transmission. However, when devices encounter the preceding conditions frequently,
network traffic becomes heavy because devices send a large number of ICMP messages.
This increases the traffic burden. In the case of malicious attacks, network congestion
becomes worse.
To solve this problem, a control switch is added on the outgoing interface of ICMP
messages. This switch is used to respectively enable or disable the sending of ICMP host
unreachable messages. If the switch is disabled, the device does not send out the ICMP
host unreachable packets. This can reduce the traffic burden and protect the network from
malicious attacks.

5.3 Optimizing IP Performance


This section describes how to optimize IP performance of a certain network by setting IP
performance parameters.

5.3.1 Establishing the Configuration Task


Applicable Environment
On certain networks, you need to change IP performance parameters to optimize the
performance. To optimize the performance, you need to set parameters.

Pre-configuration Tasks
Before optimizing IP performance, complete the following tasks:
l

Issue 01 (2011-10-26)

Connecting interfaces and setting physical parameters of the interfaces to ensure that the
physical layer of the interfaces is in the Up state
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

88

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

Setting parameters of the link layer protocol for the interfaces to ensure that the status of
the link layer protocol on the interfaces is Up

Assigning IP addresses to interfaces

Configuring access control lists (ACLs)

Data Preparation
To optimize IP performance, you need the following data.
No.

Data

Number of the interface

Number of the interface which needs source address verification

Number of the interface which needs to forward broadcast packets and ACL number
which is used to specify the broadcast packets

Number of the interface which needs to configure ICMP host-unreachable

SYN-WAIT timer, FIN-WAIT timer, receiving and sending buffer size of the socket

5.3.2 Enabling an Interface to Check the Source IP Addresses of


Packets
Context
Do as follows on the S5700.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
vlan vlan-id

A VLAN is created.
Step 3 Run:
quit

The system view is displayed.


Step 4 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 5 Run:
ip verify source-address

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

89

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

The interface is enabled to check the source IP addresses.


By default, the function is disabled on all interfaces.
----End

5.3.3 Configuring ICMP Attributes


Context
By default, sending ICMP redirection packets and unreachable packets is enabled.

CAUTION
l If the transmission of ICMP host unreachable messages is disabled, the device no longer
sends the ICMP host unreachable message.
Do as follows on the S5700:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
icmp host-unreachable send

Sending ICMP host unreachable packets is enabled.


----End

5.3.4 Setting TCP Parameters


Context
You can set the following TCP parameters:
l

SYN-Wait timer: When sending packets with the SYN flag, TCP starts the SYN-Wait timer.
If no response is received before the SYN-Wait timer expires, the TCP connection ends.
The timeout interval of the TCP SYN-Wait timer is an integer that ranges from 2 to 600,
in seconds. By default, the value is 75s.

FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer is enabled. If no packet with the FIN flag is received
before the FIN-Wait timer expires, the TCP connection ends. The timeout interval of the

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

90

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

TCP FIN-Wait timer is an integer that ranges from 76 to 3600, in seconds. By default, the
value is 675s.
l

Size of the packet receive or transmit buffer: The value is an integer that ranges from 1 to
32, in Kbytes. By default, the value is 8 Kbytes.

If you run the tcp window command repeatedly in the same system view, the latest configuration
overrides the previous configuration.
Do as follows on the S5700.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
tcp timer syn-timeout interval

The timeout interval of the TCP SYN-Wait timer is set.


Step 3 Run:
tcp timer fin-timeout interval

The timeout interval of the TCP FIN-Wait timer (FIN_WAIT_2) is set.


Step 4 Run:
tcp window window-size

The size of the packet receive or transmit buffer is set.


----End

5.3.5 Checking the Configuration


Prerequisite
The configurations of optimizing IP performance are complete.
NOTE

The S5706, S5700SI does not support VPN-instance.

Procedure
l

Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status.

Run the display tcp statistics command to check the statistics on TCP traffic.

Run the display udp statistics command to check the statistics on UDP traffic.

Run the display ip statistics command to check the statistics on IP traffic.

Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
socket-type ] command to check information about the created IPv4 socket.

Run the display icmp statistics command to check the statistics on ICMP traffic.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

91

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

Run the display rawlink statistics command to check the Rawlink statistics.

Run the display fib [ slot-id ] command to check the Forwarding Information Base (FIB)
table on the Line Processing Unit (LPU).

Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] command


to check information about the FIB table.

Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ]


command to check information about the FIB entries that match ACL rules in a certain
format.

Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface
as a specified interface.

Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name


[ verbose ] command to check information about the FIB entries that match a specified IP
prefix list.

Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1


[ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIB
entries that match destination IP addresses in a specified range.

Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address command


to check information about the FIB entries that match the specified next hop address.

Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command to


check the total number of FIB entries.

----End

5.4 Maintaining IP Performance


This section describes how to maintain IP performance.

5.4.1 Clearing IP Performance Statistics


Context

CAUTION
The statistics on IP, TCP, or UDP traffic cannot be restored after you clear them. So, confirm
the action before you use the command.

Procedure
l

Run the reset ip statistics [ interface interface-type interface-number ] command in the


user view to clear the statistics on IP traffic.

Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the
user view to clear the information about the socket monitor.

Run the reset tcp statistics command in the user view to clear the statistics on TCP traffic.

Run the reset udp statistics command in the user view to clear the statistics on UDP traffic.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

92

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

Run the reset rawlink statistics command in the user view to clear the Rawlink statistics.

----End

5.4.2 Monitoring the Running Status of IP Performance


Context
In routine maintenance, you can run the following command in any view to view the running
status of IP performance.
NOTE

The S5706, S5700SI does not support VPN-instance.

Procedure
l

Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status.

Run the display tcp statistics command to check the statistics on TCP traffic.

Run the display udp statistics command to check the statistics on UDP traffic.

Run the display ip statistics command to check the statistics on IP traffic.

Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
socket-type ] command to check information about the created IPv4 socket.

Run the display icmp statistics command to check the statistics on ICMP traffic.

Run the display rawlink statistics command to check the Rawlink statistics.

Run the display fib [ slot-id ] command to check the FIB table on the LPU.

Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] command


to check information about the FIB table.

Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ]


command to check information about the FIB entries that match ACL rules in a certain
format.

Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interfacenumber command to check information about the FIB entries with the outgoing interface
as a specified interface.

Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name


[ verbose ] command to check information about the FIB entries that match a specified IP
prefix list.

Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1


[ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIB
entries that match destination IP addresses in a specified range.

Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address command


to check information about the FIB entries that match the specified next hop address.

Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command to


check the total number of FIB entries.

----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

93

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

5.4.3 Debugging IP Performance


Context

CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When an IP, TCP, UDP, RAWIP, or RAWLINK fault occurs, run the following debugging
commands in the user view to locate the fault.
For details on debugging commands, see the Quidway S5700 Series Ethernet Switches
Debugging Reference.

Procedure
l

Run the debugging ip packet [ error ] [ acl acl-number ] [ verbose ] command in the user
view to debug IP packets.

Run the debugging ip icmp [ verbose ] command in the user view to debug ICMP packets.

Run the debugging udp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging udp packet [ task-id task-id ] [ socket-id
socket-id ] command in the user view to debug UDP packets.

Run the debugging tcp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] [ flag flag-number ] or debugging tcp packet [ task-id
task-id ] [ socket-id socket-id ] [ flag flag-number ] command in the user view to debug
UDP packets.

Run the debugging tcp event [ local-ip local-address ] [ local-port local-port ] [ remoteip remote-address ] [ remote-port remote-port ] or debugging tcp event [ task-id taskid ] [ socket-id socket-id ] command in the user view to debug TCP events.

Run the debugging tcp md5 [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging tcp md5 [ task-id task-id ] [ socket-id
socket-id ] command in the user view to debug TCP Message Digest Algorithm 5 (MD5)
authentication.

Run the debugging rawip packet [ src-ip src-address ] [ dest-ip dest-address ]


[ protocol protocol-number ] [ verbose verbose-number ] or debugging rawip packet
[ task-id task-id ] [ socket-id socket-id ] [ verbose verbose-number ] command in the user
view to debug RAWIP packets.

Run the debugging rawlink packet [ src-mac src-mac ] [ dest-mac dest-mac ]


[ verbose verbose-number ] or debugging rawlink packet [ task-id task-id ] [ socket-id
socket-id ] [ verbose verbose-number ] command in the user view to debug RAWLINK
packets.

----End

5.5 Configuration Examples


This section provides several configuration examples of IP performance.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

94

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

5.5.1 Example for Disabling the Sending of ICMP Host Unreachable


Packets
This section provides a configuration example of disabling the sending of ICMP host
unreachable packets.

Networking Requirements
As shown in Figure 5-1, to limit the sending of ICMP redirection packets, Switch A, Switch B,
and Switch C are required and these devices are connected through their GigabitEthernet
interfaces.
Figure 5-1 Networking diagram for disabling the sending of ICMP host unreachable packets

GE0/0/2
VLANIF11
2.2.2.2/24

GE0/0/2

VLANIF11
2.2.2.1/24

SwitchB

GE0/0/1

SwitchC

GE0/0/1

VLANIF10
1.1.1.2/24

VLANIF10
1.1.1.1/24

SwitchA

Configuration Roadmap
The configuration roadmap is as follows:
1.

Assign IP addresses to interfaces on Switches.

2.

Configure static routes to indirectly connected devices.

3.

Enable the sending of ICMP host unreachable packets in the system view.

4.

Enable the sending of ICMP host unreachable packets in the interface view.
NOTE

By default, the sending of ICMP host unreachable packets is enabled on the system view and on the
interface view. If the configuration is not changed, you can skip this configuration.

Data Preparation
To complete the configuration, you need the following data:
l

Static routes to indirectly connected devices

IP address of the interface

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

95

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

Procedure
Step 1 Configure Switch A.
# Assign an IP address to VLANIF 10.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-Vlan10] quit
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit

# Configure a static route on Switch A.


[SwitchA] ip route-static 2.2.2.0 24 1.1.1.2

Step 2 Configure Switch B.


# Assign an IP address to VLANIF 10 on Switch B and disable the sending of ICMP host
unreachable packets.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] icmp host-unreachable send
[SwitchB] vlan 10
[SwitchB-Vlan10] quit
[SwitchB] interface gigabitethernet0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 1.1.1.2 24
[SwitchB-Vlanif10] quit
[SwitchB] vlan 11
[SwitchB-Vlan11] quit
[SwitchB] interface gigabitethernet0/0/2
[SwitchB-GigabitEthernet0/0/2] port hybrid tagged vlan 11
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 11
[SwitchB-Vlanif11] ip address 2.2.2.1 24
[SwitchB-Vlanif11] icmp host-unreachable send
[SwitchB-Vlanif11] quit

Step 3 Configure Switch C.


# Assign an IP address to VLANIF 11 on Switch C.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] vlan 11
[SwitchC-Vlan11] quit
[SwitchC] interface gigabitethernet0/0/2
[SwitchC-GigabitEthernet0/0/2] port hybrid tagged vlan 11
[SwitchC-GigabitEthernet0/0/2] quit
[SwitchC] interface vlanif 11
[SwitchC-Vlanif11] ip address 2.2.2.2 24
[SwitchC-Vlanif11] quit

Step 4 Verify the configuration.


# Debug ICMP packets on Switch A.
<SwitchA> debugging ip icmp
<SwitchA> terminal monitor
<SwitchA> terminal debugging

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

96

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

5 IP Performance Configuration

# Run the ping 2.2.2.3 command on Switch A. According to the received packet captured by
the tester on Switch A, Switch B sends host unreachable packets.
[SwitchA] ping 2.2.2.3

----End

Configuration Files
l

Configuration file of Switch A


#
sysname SwitchA
#
vlan 10
#
interface vlanif 10
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return

Configuration file of Switch B


#
sysname SwitchB
#
vlan batch 10 to 11
#
interface vlanif 10
ip address 1.1.1.2 255.255.255.0
#
interface vlanif 11
ip address 2.2.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 11
#
return

Configuration file of Switch C


#
sysname SwitchC
#
vlan 11
#
interface vlanif 11
ip address 2.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 11
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

97

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

DHCP Policy VLAN Configuration

About This Chapter


This chapter describes the concept, operating mode, and configuration of Dynamic Host
Configuration Protocol (DHCP) policy Virtual Local Area Network (VLAN), and provides
configuration examples.
6.1 Introduction
6.2 DHCP Policy VLAN Supported by the S5700
6.3 Configuring DHCP Policy VLAN Based on MAC Addresses
This section describes how to configure DHCP Policy VLAN Based on MAC Addresses
6.4 Configuring the DHCP Policy VLAN Based on Interfaces
This section describes how to configure the DHCP policy VLAN based on interfaces.
6.5 Configuring Generic DHCP Policy VLAN
This section describes how to configure Generic DHCP Policy VLAN
6.6 Maintaining DHCP Policy VLAN
This section describes how to maintain DHCP policy VLAN.
6.7 Configuration Examples
This section provides several configuration examples of DHCP policy VLAN.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

98

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

6.1 Introduction
When the policy for VLANs is configured on the S5700, the VLAN to which each host connects
to the interface on the S5700 belongs is determined by the network segment to which the IP
address of the host belongs. When a host that accesses the network for the first time is connected
to an interface, the host cannot be added to its associated VLAN because it has no valid IP
address.
DHCP policy VLAN is thus introduced. With DHCP policy VLAN, hosts that access the network
for the first time can obtain valid IP addresses from the DHCP server and then be added to the
VLANs whose network segments the IP addresses belong to.

6.2 DHCP Policy VLAN Supported by the S5700


The S5700 supports the following types of DHCP policy VLAN:
l

DHCP policy VLAN based on MAC addresses

DHCP policy VLAN based on interfaces

Generic DHCP policy VLAN

6.3 Configuring DHCP Policy VLAN Based on MAC


Addresses
This section describes how to configure DHCP Policy VLAN Based on MAC Addresses

6.3.1 Establishing the Configuration Task


Applicable Environment
When multiple hosts access the network through an interface on the S5700, you need to configure
DHCP policy VLAN based on MAC addresses so that the hosts can obtain IP addresses from
the DHCP server and be added to specific VLANs.

Pre-configuration Tasks
Before configuring DHCP policy VLAN based on MAC addresses, complete the following
tasks:
l

Configuring the default VLAN for the interface on the S5700 that connects to the newly
added hosts

Data Preparation
To configure DHCP policy VLAN based on MAC addresses, you need the following data.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

99

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

No.

Data

MAC addresses of the newly added hosts

ID of the VLAN to which the DHCP server belongs

6.3.2 Configuration Procedure


Context
Do as follows on the S5700.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The view of the interface on the S5700 that connects to multiple hosts is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }

The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan-id

The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
dhcp policy-vlan mac-address
priority ]

mac-address1 [ to mac-address2 ] [ priority

The DHCP policy VLAN based on MAC addresses is configured.


----End

6.3.3 Checking the Configuration


Run the following command to check the previous configuration.

Issue 01 (2011-10-26)

Action

Command

Check the configuration of the


S5700 in the VLAN view.

display this

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

100

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

Run the display this command in the VLAN view of the S5700 where DHCP policy VLAN
based on MAC addresses is configured, you can view that the configuration of DHCP policy
VLAN based on MAC addresses is correct.
[Quidway-vlan2] display this
#
vlan 2
dhcp policy-vlan mac-address 0002-0002-0002 priority 2
#

6.4 Configuring the DHCP Policy VLAN Based on


Interfaces
This section describes how to configure the DHCP policy VLAN based on interfaces.

6.4.1 Establishing the Configuration Task


Applicable Environment
When multiple hosts access the network through different interfaces on the S5700, you need to
configure DHCP policy VLAN based on interfaces so that the hosts can obtain IP addresses
from the DHCP server.

Pre-configuration Tasks
Before configuring DHCP policy VLAN based on interfaces, complete the following tasks:
l

Configuring the default VLAN for the interface that connects to the newly added host on
the S5700

Configuring the interface that connects to the newly added host on the S5700 as a hybrid
interface

Data Preparation
To configure DHCP policy VLAN based on interfaces, you need the following data.
No.

Data

Number of the interface that connects to the newly added host on the S5700

ID of the VLAN to which the DHCP server belongs

6.4.2 Configuration Procedure


Context
Do as follows on the S5700.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

101

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The view of the interface that connects to the newly added host on the S5700 is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }

The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan-id

The view of the VLAN to which the DHCP server belongs is displayed.
Step 5 Run:
dhcp policy-vlan port interface-type interface-number1 [ to interface-number2 ]
[ priority priority ]

The DHCP policy VLAN based on interfaces is configured.


----End

6.4.3 Checking the Configuration


Run the following commands to check the previous configuration.
Action

Command

Check the configuration of the


S5700 in the VLAN view.

display this

Run the display this command in the VLAN view of the S5700 where DHCP policy VLAN
based on interfaces is configured, you can view that the configuration of DHCP policy VLAN
based on interfaces is correct.
[Quidway-vlan2] display this
#
vlan 2
dhcp policy-vlan port GigabitEthernet 0/0/2 priority 2
#

6.5 Configuring Generic DHCP Policy VLAN


This section describes how to configure Generic DHCP Policy VLAN

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

102

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

6.5.1 Establishing the Configuration Task


Applicable Environment
When hosts that do not apply DHCP policy VLAN based on MAC addresses or DHCP policy
VLAN based on interfaces access the network for the first time, you need to configure generic
DHCP policy VLAN on the S5700 so that the hosts can obtain valid IP addresses.

Pre-configuration Tasks
Before configuring generic DHCP policy VLAN, complete the following tasks:
l

Configuring the default VLAN for the interface that connects to the newly added host on
the S5700

Data Preparation
To configure generic DHCP policy VLAN, you need the following data.
No.

Data

ID of the VLAN to which the DHCP server belongs

6.5.2 Configuration Procedure


Context
Do as follows on the S5700.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The view of the interface that connects to the newly added host on the S5700 is displayed.
Step 3 Run:
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }

The interface is added to the specified VLANs, ensuring that frames from the VLANs pass
through the interface in untagged mode.
Step 4 Run:
vlan vlan-id

The view of the VLAN to which the DHCP server belongs is displayed.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

103

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

Step 5 Run:
dhcp policy-vlan generic [ priority priority ]

The generic DHCP policy VLAN is configured.


----End

6.5.3 Checking the Configuration


Run the following command to check the previous configuration.
Action

Command

Check the configuration of the


S5700 in the VLAN view.

display this

Run the display this command in the VLAN view of the S5700 where generic DHCP policy
VLAN is configured, you can view that the configuration of generic DHCP policy VLAN is
correct.
[Quidway-vlan2] display this
#
vlan 2
dhcp policy-vlan generic priority 2
#

6.6 Maintaining DHCP Policy VLAN


This section describes how to maintain DHCP policy VLAN.

6.6.1 Monitoring the Running Status


To check the running status of DHCP policy VLAN, run the following display command in the
corresponding VLAN view.
Action

Command

Check the configuration of DHCP


policy VLAN.

display this

6.7 Configuration Examples


This section provides several configuration examples of DHCP policy VLAN.

6.7.1 Example for Configuring DHCP Policy VLAN Based on MAC


Addresses
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

104

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

Networking Requirements
As shown in Figure 6-1, on the S5700, GE 0/0/2 connects to PC1 and PC2 that access the network
for the first time; GE 0/0/4 connects to the DHCP server that belongs to VLAN 100. The MAC
address of PC1 is 001E-9089-C65A; the MAC address of PC2 is 00E0-4C84-0B44.
Figure 6-1 Networking for configuring DHCP policy VLAN based on MAC addresses

PC1
001E-9089-C65A

S-switch
GE 0/0/4

VLAN100

GE 0/0/2
DHCP Server
192.168.31.251/16

PC2
00E0-4C84-0B44

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable DHCP globally.

2.

Determine to which VLAN the DHCP server belongs.

3.

Configure DHCP policy VLAN based on MAC addresses.

Data Preparation
To complete the configuration, you need the following data:
l

MAC address of the newly added host

Default VLAN ID of the interfaces on the S5700

Configuration Procedure
1.

Configure the S5700.


# Enable DHCP globally. Configure GE 0/0/2 and GE 0/0/4 on the S5700 as a hybrid
interface, and configure frames from VLAN 100 to pass through GE 0/0/2 in untagged
mode.
<Quidway> system-view
[Quidway] dhcp enable
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port hybrid pvid vlan 2
[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 2 to 100
[Quidway-GigabitEthernet0/0/2] quit

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

105

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

[Quidway] interface gigabitethernet 0/0/4


[Quidway-GigabitEthernet0/0/4] port hybrid pvid vlan 100
[Quidway-GigabitEthernet0/0/4] port hybrid untagged vlan 100
[Quidway-GigabitEthernet0/0/4] quit

# Configure DHCP policy VLAN based on MAC addresses.


<Quidway> system-view
[Quidway] vlan 100
[Quidway-vlan100] dhcp policy-vlan mac-address 001E-9089-C65A priority 5
[Quidway-vlan100] dhcp policy-vlan mac-address 00E0-4C84-0B44 priority 5
[Quidway-vlan100] quit

2.

Verify the configuration.


# After PC1 and PC2 go online and obtain IP addresses, ping the DHCP server from PC1
and PC2. The ping operations are successful.
C:\>ping 192.168.31.251
Pinging 192.168.31.251 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

192.168.31.251:
192.168.31.251:
192.168.31.251:
192.168.31.251:

bytes=32
bytes=32
bytes=32
bytes=32

time=126ms TTL=255
time=2ms TTL=255
time=2ms TTL=255
time=2ms TTL=255

Ping statistics for 192.168.31.251:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 126ms, Average = 33ms

Configuration Files
The following lists the configuration file of the S5700.
#
dhcp enable
interface GigabitEthernet0/0/2
port hybrid pvid vlan 2
port hybrid untagged vlan 2 to 100
interface GigabitEthernet0/0/4
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
vlan 100
dhcp policy-vlan mac-address 001e-9089-c65a priority 5
dhcp policy-vlan mac-address 00e0-4c84-0b44 priority 5
#
return

6.7.2 Example for Configuring DHCP Policy VLAN Based on


Interfaces
Networking Requirements
As shown in Figure 6-2, on the S5700, GE 0/0/2 connects to an access switch; GE 0/0/1 connects
to the DHCP server that belongs to VLAN 100; the access switch connects to 10 hosts.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

106

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

Figure 6-2 Networking for configuring DHCP policy VLAN based on interfaces

S-switch
GE 0/0/1

VLAN100

GE 0/0/2
DHCP Server
192.168.31.251/16

...
PC1

PC10

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable DHCP globally.

2.

Determine to which VLAN the DHCP server belongs.

3.

Configure DHCP policy VLAN based on interfaces.

Data Preparation
To complete the configuration, you need the following data:
l

Number of the S5700 interface that connects to the downstream access switch

Default VLAN ID of the interfaces on the S5700

Configuration Procedure
1.

Configure the S5700.


# Enable DHCP globally. Configure GE 0/0/1 and GE 0/0/2 on the S5700 as hybrid
interfaces, and configure frames from VLAN 100 to pass through GE 0/0/2 in untagged
mode.
<Quidway> system-view
[Quidway] dhcp enable
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] port
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] port
[Quidway-GigabitEthernet0/0/2] quit

2.
Issue 01 (2011-10-26)

0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10 to 100
0/0/2
hybrid pvid vlan 20
hybrid untagged vlan 20 to 100

# Configure DHCP policy VLAN based on interfaces.


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

107

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

6 DHCP Policy VLAN Configuration

<Quidway> system-view
[Quidway] vlan 100
[Quidway-vlan100] dhcp policy-vlan port gigabitethernet 0/0/2 priority 5

Configuration Files
The following lists the configuration file of the S5700.
#
dhcp enable
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10 to 100
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20 to 100
#
vlan 100
dhcp policy-vlan port GigabitEthernet 0/0/2 priority 5
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

108

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

DNS Configuration

About This Chapter


By configuring the Domain Name System (DNS), you can enable network devices to
communicate with other through their domain names.
7.1 Introduction to DNS
After each host on the Internet is assigned a domain name, you can set up a mapping between
the domain name and IP address of a host through. In this manner, you can use domain names,
which are easy to memorize and are of significance, instead of complicated IP addresses.
7.2 DNS Supported by the S5700
Domain name resolution can be performed in either dynamic mode or static mode.
7.3 Configuring DNS
By configuring the DNS, you can set up a mapping between a domain name and an IP address.
In this manner, you can enable the device to communicate with other devices.
7.4 Maintaining DNS
The operations of DNS maintenance include clearing DNS statistics and monitoring the DNS
operating status.
7.5 Configuration Examples
This section provides a configuration example of DNS.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

109

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

7.1 Introduction to DNS


After each host on the Internet is assigned a domain name, you can set up a mapping between
the domain name and IP address of a host through. In this manner, you can use domain names,
which are easy to memorize and are of significance, instead of complicated IP addresses.
The Domain Name System (DNS) is a host naming mechanism provided by TCP/IP, with which
hosts can be named in the form of character string. This system assumes a hierarchical naming
structure. It designates a meaningful name for the device in the Internet and associates the name
with the IP address through a domain name resolution server. In this manner, you can use domain
names that are easy to remember instead of memorizing complex IP addresses.

7.2 DNS Supported by the S5700


Domain name resolution can be performed in either dynamic mode or static mode.
DNS has two resolution modes: dynamic DNS resolution and static DNS resolution. To resolve
a domain name, the system first uses static DNS resolution. If this mode fails, the system uses
dynamic DNS resolution. To improve resolution efficiency, you can put common domain names
in a static domain name resolution table.
The S5700 supports static resolution and dynamic resolution.

7.3 Configuring DNS


By configuring the DNS, you can set up a mapping between a domain name and an IP address.
In this manner, you can enable the device to communicate with other devices.

7.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring the DNS.

Applicable Environment
If local users accessing devices need to communicate with other devices by using domain names,
you can configure DNS on the device. An DNS entry is an mapping between a domain name
and an IP address.
If local users communicate with other devices hardly through the domain name or if the DNS
server is unavailable, configure static DNS. Prior to configuring static DNS, you must know the
mapping between the domain name and the IP address. In case of a change in the mapping, you
must modify the DNS entry manually.
You can configure dynamic DNS on the device if local users frequently use domain names for
communicating with other devices and the DNS server is available.

Pre-configuration Tasks
Before configuring DNS, complete the following tasks:
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

110

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

Configuring physical attributes of the interface and ensuring that the physical layer status
of the interface is Up

Configuring parameters of the link layer protocol of the interface and ensuring that the link
layer protocol status of the interface is Up

Configuring routes between the local device and the DNS server

Configuring the DNS server

Data Preparation
To configure DNS, you need the following data.
No.

Data

Domain name and the corresponding IP address in a static DNS entry

IP address of a DNS server

Domain name or the domain name list of a dynamic DNS entry

7.3.2 Configuring Static DNS Entries


You can create a table of mappings between domain names and IP addresses and add commonlyused domain names to this table. When a client needs to use the IP address corresponding to a
domain name, the client can search the table for the required IP address. This improves the
efficiency of domain name resolution.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip host host-name ip-address

The IP address corresponding to the host name is configured.


A host name corresponds to only one IP address. When you configure an IP address for a host
for several times, only the IP address configured at the latest is valid. To resolve several host
names, repeat Step 2.
You can configure a maximum of 50 static DNS entries.
----End

7.3.3 Configuring Dynamic DNS


To perform dynamic domain name resolution, you need a special domain name resolution server,
which runs a server program. This server provides mappings between domain names and IP
addresses and receives resolution requests from the client.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

111

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dns resolve

Dynamic domain name resolution is enabled.


Step 3 Run:
dns server ip-address

A DNS server is specified.


Step 4 (Optional) Run:
dns server source-ip source-ip-address

The IP address of the local device is specified.


The local device uses the specified IP address to communicate with the DNS server, which
ensures communication security.
Step 5 Run:
dns domain domain-name

The suffix of the domain name is added.


----End

Follow-up Procedure
The system supports the configuration of a maximum of 6 domain name servers, 1 source
address, and 10 domain name suffixes.
To configure more than one domain name server, repeat Step 3.
To configure more than one domain name suffix, repeat Step 5.

7.3.4 Checking the Configuration


You can view the configuration of the DNS.

Prerequisite
The configurations of the DNS function are complete.

Procedure
l

Run the display ip host command to check the information about the static DNS entry
table.

Run the display dns server command to check the configurations about DNS servers.

Run the display dns domain command to check the configurations about domain name
suffixes.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

112

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.

----End

Example
Run the display ip host command. If static DNS entries including the mappings between host
names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ip host
Host
Age
Flags
hw
0
static
gww
0
static

Address
10.1.1.1
192.168.1.1

Run the display dns server command. If IP addresses of all domain servers are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
172.16.1.1
2
172.16.1.2
IPv6 Dns Servers :
No configured servers.

Run the display dns domain command. If the list of suffixes of domain names is displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns domain
No
Domain-name
1
com
2
net

Run the display dns dynamic-host command. If information about the dynamic domain name
cache is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns dynamic-host
No Domain-name
IpAddress
1
www.huawei.com
91.1.1.1
2
www.huawei.com.cn
87.1.1.1

TTL
3521
3000

Alias

7.4 Maintaining DNS


The operations of DNS maintenance include clearing DNS statistics and monitoring the DNS
operating status.

7.4.1 Clearing DNS Entries


This section describes DNS entry clearance through the reset command.

Context

CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this
command.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

113

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

Procedure
Step 1 Run the reset dns dynamic-host command in the user view to clear dynamic DNS entries
statistics in the domain name cache.
----End

7.4.2 Monitoring Network Operation Status of DNS


This section describes DNS operation monitoring through the display command.

Context
In routine maintenance, you can run the following command in any view to check the operation
of DNS.

Procedure
l

Run the display ip host command to check the information about the static DNS entry
table.

Run the display dns server command to check configurations about DNS servers.

Run the display dns domain command to check configurations about domain name
suffixes.

Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.

----End

7.4.3 Debugging DNS


This section describes DNS debugging through the debugging command.

Context

CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging
all command to disable it immediately.
Run the following debugging command in the user view to debug DNS and locate the fault.
For more information, refer to the chapter "Information Center Configuration" in the Quidway
S5700 Series Ethernet Switches Configuration Guide - System Management. For descriptions
about the debugging commands, refer to the Quidway S5700 Series Ethernet Switches
Debugging Reference.

Procedure
Step 1 Run the debugging dns command in the user view to debug dynamic DNS.
----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

114

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

7.5 Configuration Examples


This section provides a configuration example of DNS.

7.5.1 Example for Configuring DNS


This section provides a configuration example of DNS.

Networking Requirements
As shown in Figure 7-1, Switch A acts as a DNS client, being required to access the host
2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes
"com" and "net".
On Switch A, configure static DNS entries of Switch B and Switch C so that Switch A can
communicate with them by using domain names.
Figure 7-1 Networking diagram of DNS

Loopback0
4.1.1.1/32
GE0/0/1
VLANIF 100 SwitchB
1.1.1.2/16

DNS Client
SwitchA

GE0/0/2
VLANIF 101
1.1.1.1/16

Loopback0
4.1.1.2/32

SwitchC
GE0/0/1
VLANIF 100
2.1.1.1/16

GE0/0/2
VLANIF 101
3.1.1.1/16
GE0/0/1
VLANIF 100 DNS Server
2.1.1.2/16
3.1.1.2/16

huawei.com
2.1.1.3/16

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure static DNS entries.

2.

Enable DNS resolution.

3.

Configure an IP address for the DNS server.

4.

Configure suffixes of domain names.

Data Preparation
To complete the configuration, you need the following data:
l

Domain names of Switch B and Switch C

IP address of the DNS server

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

115

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

Suffixes of domain names

Procedure
Step 1 Configure Switch A.
# Configure static DNS entries.
<SwitchA> system-view
[SwitchA] ip host SwitchB 4.1.1.1
[SwitchA] ip host SwitchC 4.1.1.2

# Enable DNS resolution.


[SwitchA] dns resolve

# Configure an IP address for the DNS server.


[SwitchA] dns server 3.1.1.2

# Configure a domain name suffix "net".


[SwitchA] dns domain net

# Configure a domain name suffix "com".


[SwitchA] dns domain com
[SwitchA] quit
NOTE

To complete DNS resolution, configuring routes from Switch A to the DNS server is mandatory. For
procedures for configuring routes, refer to the Quidway S5700 Series Ethernet Switches Configuration
Guide - IP Routing.

Step 2 Verify the configuration.


# Run the ping huawei.com command on Switch A to ping the IP address 2.1.1.3. The ping
succeeds.
<SwitchA> ping huawei.com
Trying DNS server (3.1.1.2)
PING huawei.com (2.1.1.3): 56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56
Reply from 2.1.1.3: bytes=56

data bytes, press CTRL_C to break


Sequence=1 ttl=126 time=6 ms
Sequence=2 ttl=126 time=4 ms
Sequence=3 ttl=126 time=4 ms
Sequence=4 ttl=126 time=4 ms
Sequence=5 ttl=126 time=4 ms

--- huawei.com ping statistics --5 packet(s) transmitted


5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms

# Run the display ip host command on Switch A to view static DNS entries, including mappings
between host names and IP addresses.
<SwitchA> display ip host
Host
Age
SwitchB
0
SwitchC
0

Flags Address
static 4.1.1.1
static 4.1.1.2

# Run the display dns dynamic-host command on Switch A to view dynamic DNS entries in
the domain name cache.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

116

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service
<SwitchA> display dns dynamic-host
No Domain-name
IpAddress
1
huawei.com
2.1.1.3

7 DNS Configuration

TTL
3579

Alias

NOTE

TTL value in the above display indicates the lifetime of an entry. It is in seconds.

----End

Configuration Files
l

Configuration file of Switch A


#
sysname SwitchA
#
vlan batch 100
#
ip host SwitchB 4.1.1.1
ip host SwitchC 4.1.1.2
#
dns resolve
dns server 3.1.1.2
dns domain net
dns domain com
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface vlanif100
ip address 1.1.1.2 255.255.0.0
#
rip 1
network 1.0.0.0
#
return

Configuration file of Switch B


#
sysname SwitchB
#
vlan batch 100 101
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface LoopBack0
ip address 4.1.1.1 255.255.255.255
#
interface vlanif100
ip address 2.1.1.1 255.255.0.0
#
interface vlanif101
ip address 1.1.1.1 255.255.0.0
#
rip 1
network 2.0.0.0
network 1.0.0.0
network 4.0.0.0
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

117

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

7 DNS Configuration

Configuration file of Switch C


#
sysname SwitchC
#
vlan batch 100 101
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface LoopBack0
ip address 4.1.1.2 255.255.255.255
#
interface vlanif100
ip address 2.1.1.2 255.255.0.0
#
interface vlanif101
ip address 3.1.1.1 255.255.0.0
#
rip 1
network 2.0.0.0
network 3.0.0.0
network 4.0.0.0
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

118

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

Basic Configurations of IPv6

About This Chapter


This chapter describes the basic concept and configurations of IPv6.
8.1 Introduction to IPv6
This section describes the basic principle of IPv6.
8.2 IPv6 Features Supported by the S5700
The S5700 supports the IPv6 protocol suite and TCP6 protocol suite.
8.3 Configuring an IPv6 Address for an Interface
Assigning an IPv6 address to a device on a network enables the device to communicate with the
other devices on the network.
8.4 Configuring IPv6 Neighbor Discovery
IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship
between neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the Address
Resolution Protocol (ARP), ICMP Device Discovery messages, and ICMP Redirect messages,
and introduces neighbor reachability detection.
8.5 Maintaining IPv6
This section describes how to maintain IPv6. Detailed operations include deleting information
about IPv6 operation and monitoring IPv6 operation.
8.6 Configuration Examples
This section provides a configuration example of IPv6 addresses.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

119

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

8.1 Introduction to IPv6


This section describes the basic principle of IPv6.

Basic Concepts
Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network
protocol of 2nd generation. It is designed by Internet Engineering Task Force as an upgraded
version of IPv4. The major feature of IPv6 is the larger address space: addresses in IPv6 are 128
bits long versus 32 bits in IPv4.

Overview of IPv6 Addresses


A 128-bit IPv6 address has two formats:
l

X:X:X:X:X:X:X:X
In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group
are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are
separated by ":". Every "X" represents four hexadecimal characters.

X:X:X:X:X:X:d.d.d.d
Addresses in this format are classified into two types:
IPv4-compatible IPv6 addresses
IPv4-mapped IPv6 addresses
IPv4-compatible IPv6 addresses are used to configure the IPv6 over IPv4 tunnel.
Each "X" stands for 16 bits that are represented by four hexadecimal characters. Each "d"
stands for 8 bits that are represented by decimal numbers. "d.d.d.d" is a standard IPv4
address.

An IPv6 address can be divided into two parts:


l

Network prefix: n bits, equivalent to the network ID in the IPv4 address.

Interface identifier: 128-n bits, equivalent to the host ID in the IPv4 address.

8.2 IPv6 Features Supported by the S5700


The S5700 supports the IPv6 protocol suite and TCP6 protocol suite.

IPv6 Features Supported by the S5700


The S5700 supports the setting of IPv6 addresses on a VLANIF, Loopback and tunnel interface.
Each interface supports a maximum of 20 IPv6 addresses, including link-local addresses and
the global unicast addresses.
The link-local address is used in the neighbor discovery protocol and used in the communication
between the nodes on the local link in the stateless address auto-configuration. The packets
whose source or destination address is the link-local address are forwarded on only the local
link.
A link-local address can be set automatically or manually. After the command to enable the
system to automatically set link-local addresses is run, the system automatically sets a link-local
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

120

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

address for an interface. The link-local address manually set must be a valid link-local address
(FE80::/10).
Automatically generated link-local addresses are recommended because link-local addresses are
used only for communications between link-local nodes usually to satisfy the communication
request of protocols and irrelevant to communications between users.
A global unicast address is equal to an IP address on the IPv4 public network, which is used to
forward data on the public network and mandatory for communications between users.
An EUI-64 address is equivalent to a global unicast address in view of functions. For an EUI-64
address, however, only the network bits need to be specified. Its host bits are transformed from
the MAC address of the interface. For a global unicast address, complete 128 bits of the address
have to be specified.

IPv6 Neighbor Discovery


IPv6 neighbor discovery (ND) is a packet transmission process to identify relationships between
neighboring nodes. The ND protocol replaces the Address Resolution Protocol (ARP), ICMP
Redirect message, and ICMP Router Discovery message on an IPv4 network and provides other
functions.

IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing
protocols. This brings about Routing Information Base (RIB). The RIB is a base of the FIB.
Guided by route management policies, the S5700 obtains minimum necessary forwarding
information from the RIB and adds the information to the FIB. Through the route management
module, you can also add static routes into the FIB.
Forwarding Information Base (FIB) contains minimum necessary information needed by an
S5700 to forward packets. An FIB entry usually contains the destination address, prefix length,
transport port, next-hop address, route flag, time stamp. An S5700 forwards packets according
to FIB entries.
The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB
container (used on the forwarding plane). The control plane (FibAgent) is responsible for
interacting with the RM module and downloading the FIB to the forwarding engine. For a
distributed system, the FIB needs to be downloaded to the I/O board.
A FIB contains the following information:
l

Destination address: indicates the network or host a packet is destined for.

Prefix length: indicates the length of the destination address prefix. From the prefix length,
you can infer that the destination address is a network address or a host address.

Nexthop: indicates the address of the next hop through which the packet reaches the
destination.

Flag(s): identifies route characteristics.

Interface: indicates the outgoing interface of the packet.

Timestamp: time when an FIB entry is generated.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

121

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

8.3 Configuring an IPv6 Address for an Interface


Assigning an IPv6 address to a device on a network enables the device to communicate with the
other devices on the network.

8.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for assigning an IPv6 address to an interface.

Applicable Environment
When a device communicates with an IPv6 device, you need to configure IPv6 address for the
interface.
An EUI-64 address has the same function as an global unicast address. The difference is that
only the network bits need to be specified for the EUI-64 address and the host bits are transformed
from the MAC addresses of the interface while a complete 128-bit address need to be specified
for the global unicast address. Note that the prefix length of the network bits in an EUI-64 address
must not be longer than 64 bits.
The EUI-64 address and the global unicast address can be configured simultaneously or
alternatively. However, the IP addresses configured for one interface cannot be in the same
network segment.

Pre-configuration Tasks
Before configuring IPv6 addresses, complete the following tasks:
l

Configuring the physical features of the interface and ensuring that the status of the physical
layer of the interface is Up

Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up

Data Preparation
To configure IPv6 addresses for an interface, you need the following data.

Issue 01 (2011-10-26)

No.

Data

Number of the interface

Link-local address configured manually

Global unicast address and prefix length

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

122

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

8.3.2 Enabling IPv6 Packet Forwarding Capability


You can perform other IPv6 configurations on an interface only when IPv6 is enabled in the
interface view. To enable IPv6 packet forwarding on an interface, you must configure IPv6 in
the system view.

Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l

If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The IPv6 function, however, is not enabled on the interface
and hence you cannot perform any IPv6 configurations.

If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the IPv6 protocol status on the interface is Down.
Therefore, the device cannot forward IPv6 data.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6

The IPv6 packet forwarding capability is enabled.


By default, the IPv6 packet forwarding capability is disabled.
To enable a device to forward IPv6 packets, you must run this command in the system view;
otherwise, the IPv6 protocol status of the interface is Down and the device cannot forward IPv6
packets although you enable IPv6 on the interface.
Step 3 Run:
interface interface-type interface-number

The view of the VLANIF interface to be enabled with the IPv6 capability is displayed.
Step 4 Run:
ipv6 enable

The IPv6 capability is enabled on the interface.


Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability
in the interface view.
By default, the IPv6 capability is disabled on the interface.
----End

8.3.3 Configuring an IPv6 Link-Local Address for an Interface


The local address of a link is used in the neighbor discovery protocol, and in the communications
between nodes on the local end of the link in stateless address auto-configuration. The local
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

123

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

address of a link is valid only for the link. A packet with a link-local address as the source or
destination address is forwarded only along the local link.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Perform the following as required.
Run:
ipv6 address auto link-local

Auto generation of the IPv6 link-local address is enabled.


Or
Run:
ipv6 address ipv6-address link-local

The IPv6 link-local address is manually configured.


Besides configuring a link-local address through the preceding two commands, you can also
configure a global unicast IPv6 address for auto generating a link-local address. For details, see
Configuring an IPv6 Global Unicast Address for an Interface.
----End

8.3.4 Configuring an IPv6 Global Unicast Address for an Interface


A global unicast IP address is equal to an Internet IPv4 address and can be used for links whose
route prefixes can be aggregated. In this manner, routing entries can be reduced.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ipv6 enable

You can enable the IPv6 capability.


Step 4 Run:
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

124

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } or ipv6


address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

The global unicast address is configured on the interface.


----End

8.3.5 Checking the Configuration


Prerequisite
All configurations of the IPv6 address are complete.

Procedure
l

Run the display ipv6 interface [ interface-type interface-number | brief ] command to


check IPv6 information about the interface.

Run the display ipv6 statistics command to view statistics on IPv6 packets.

----End

8.4 Configuring IPv6 Neighbor Discovery


IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship
between neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the Address
Resolution Protocol (ARP), ICMP Device Discovery messages, and ICMP Redirect messages,
and introduces neighbor reachability detection.

8.4.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for IPv6 neighbor discovery.

Applicable Environment
Most of the ND configurations are implemented based on the interfaces.

Pre-configuration Tasks
Before configuring IPv6 neighbor discovery, complete the following tasks:
l

Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up

Configuring link layer parameters for the interface

Configuring the IPv6 address for the interface

Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

125

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

No.

Data

Number of interface which needs to be configured with IPv6 ND

IPv6 address and MAC address of the static neighbor

Intervals, prefix, and life duration of RA messages

Flag bit of automatic configuration

Hop limit of ND

Sending times of DAD

Intervals for re-transmitting NS messages

NUD reachable time

Interface MTU

8.4.2 Configuring Static Neighbors


By configuring a static neighbor, you can obtain the mapping of the IPv6 address and MAC
address of the neighbor.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ipv6 enable

You can enable the IPv6 capability.


Step 4 Run one of the following commands as required:
l To configure a static neighbor entry on a VLANIF interface, run the ipv6 neighbor ipv6address mac-address vid vlan-id interface-type interface-number command.
----End

8.4.3 Enabling RA Message Advertising


After being enabled with switch advertisement, the device can send router advertisement
messages, providing prefixes for hosts.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

126

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ipv6 enable

You can enable the IPv6 capability.


Step 4 Run:
undo ipv6 nd ra halt

The function of advertising RA messages is enabled.


----End

8.4.4 Setting the Interval for Advertising RA Messages


The device periodically sends router advertisement messages containing information such as
prefixes and flag bits.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ipv6 enable

You can enable the IPv6 capability.


Step 4 Run:
ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }

The interval for advertising RA messages is configured.


By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds.
The maximum interval can not be shorter than the minimum interval.
When the maximum interval is less than 9 seconds, the minimum interval is set to the same value
as the maximum interval.
----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

127

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

8.4.5 Enabling Stateful Auto Configuration


After being enabled with stateful auto-configuration, the host can obtain an IPv6 address through
stateful auto-configuration, for example, the DHCP server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ipv6 enable

You can enable the IPv6 capability.


Step 4 Run:
ipv6 nd autoconfig managed-address-flag

The flag bit for stateful auto configuration addresses is set.


If this flag is set, hosts use the stateful protocol for address auto-configuration in addition to any
addresses auto-configured using stateless address auto-configuration.
Step 5 Run:
ipv6 nd autoconfig other-flag

The flag bit for other stateful configurations is set.


When this flag is set, hosts use the stateful protocol for auto-configuration of other (non-address)
information.
----End

8.4.6 Configuring the Address Prefixes to Be Advertised


Nodes of the local links can perform address auto-configuration by using prefixes of these
addresses.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
ipv6 enable

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

128

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

You can enable the IPv6 capability.


Step 4 Run:
ipv6 nd ra prefix { ipv6-address ipv6-prefix-length | ipv6-prefix/ipv6-prefixlength } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ]

The prefix of RA messages is configured.


----End

8.4.7 Configuring Other Information to Be Advertised


A router advertisement message carries information such as the maximum number of hops,
prefix option, neighbor hold time, and keepalive time.

Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can
configure the number of DAD messages which are sent continuously.
Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS
re-transmitting time interval is 1000ms.
Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. By default,
NUD value is 30000ms.
The MTU of the interface determines whether to fragment IP packets on the interface. Default
MTUs vary with interface types. The MTU on an GigabitEthernet interface defaults to be 1500
bytes.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6 nd hop-limit limit

ND hop limit is configured.


The value of limit ranges from 1 to 255. By default, it is 64.
Step 3 Run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 4 Run:
ipv6 enable

You can enable the IPv6 capability.


Step 5 Run:
ipv6 nd ra router-lifetime ra-lifetime

The life duration of RA messages is configured.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

129

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

NOTE

l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval must
be less than or equal to the life duration.
l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.
l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration
is still 1800 seconds.

Step 6 Run:
ipv6 nd dad attempts value

Times to send DAD messages are configured.


Step 7 Run:
ipv6 nd ns retrans-timer interval

The interval for re-sending NS messages is set.


Step 8 Run:
ipv6 nd nud reachable-time value

The NUD reachable time is set.


Step 9 Run:
ipv6 mtu mtu

MTU of the interface is configured.


----End

Follow-up Procedure
If the IPv6 MTU value is changed, run the shutdown command and the undo shudown
command orderly in the interface view to validate the configuration.

8.4.8 Checking the Configuration


You can view the configuration of IPv6 neighbor discovery.

Prerequisite
The configurations of the IPv6 neighbor discovery function are complete.

Procedure
l

Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ]


command to check the neighbor information in the cache.

Run the display ipv6 interface [ interface-type interface-number | brief ] command to


check the IPv6 information of an interface.

----End

Example
Run the display ipv6 neighbors command. If the cache of the neighbor information contains
neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.
<Quidway> display ipv6 neighbors VLANIF10

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

130

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

-------------------------------------------------------IPv6 Address : 3003::2


Link-layer
: 00e0-fc89-fe6e
State : STALE
Interface
: VLANIF10
Age
: 7
VPN name
: vpn1
VLAN : IPv6 Address : FE80::2E0:FCFF:FE89:FE6E
Link-layer
: 00e0-fc89-fe6e
State : STALE
Interface
: VLANIF10
Age
: 7
VPN name
: vpn1
VLAN : --------------------------------------------------------Total: 2
Dynamic: 2
Static: 0

Run the display ipv6 interface brief command. If information about the IPv6 address on the
interface and interface status are displayed, it means that the configuration succeeds.
<Quidway> display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface
Physical
VLANIF20
up
up
[IPv6 Address] 2030::101:101
VLANIF30
up
up
[IPv6 Address] 2001::1
LoopBack0
up
[IPv6 Address] Unassigned

Protocol

up(s)

8.5 Maintaining IPv6


This section describes how to maintain IPv6. Detailed operations include deleting information
about IPv6 operation and monitoring IPv6 operation.

8.5.1 Clearing IPv6 Statistics


Context

CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you run the
command.

Procedure
l

To clear statistics about processing IPv6 packets, run the reset ipv6 statistics command in
the user view.

To clear the IPv6 neighbor cache entry, run the reset ipv6 neighbors { all | dynamic |
static | vid vlan-id [ interface-type interface-number] | interface-type interface-number }
command in the user view.

To clear statistics about TCP6, run the reset tcp ipv6 statistics command in the user view.

To clear statistics about UDP6, run the reset udp ipv6 statistics command in the user view.

----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

131

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

8.5.2 Monitoring the Running Status of IPv6


Context
In routine maintenance, you can run the following commands in any view to display the running
of IPv6.

Procedure
l

Run the display ipv6 interface [ interface-type interface-number | brief ] command in any
view to view information about IPv6 on an interface.

Run the display ipv6 statistics command in any view to view statistics on IPv6 packets.

Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ]


command in any view to view the cache content of neighbors.

Run the display tcp ipv6 statistics command in any view to view statistics on TCP6
packets.

Run the display tcp ipv6 status command in any view to view the status of a TCP6
connection.

Run the display udp ipv6 statistics command in any view to view statistics on UDP6
packets.

Run the display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] command in any
view to view information about the specified socket.

Run the display ipv6 fib [ existing-slot-id ] command in any view to view information
about FIB.

----End

8.5.3 Debugging IPv6


This section describes IPv6 debugging through the debugging command.

Context

CAUTION
Debugging affects the performance of the system. So, after debugging, execute the undo
debugging all command to disable it immediately.
Run the following debugging commands in the user view to debug IPv6 and locate the fault.
For the procedures of displaying the debugging information, refer to the chapter "Information
Center Configuration" in the S5700 Ethernet Switches Configuration Guide - System
Management. For descriptions about the debugging commands, refer to the S5700 Ethernet
Switches Debugging Reference.

Procedure
l
Issue 01 (2011-10-26)

Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

132

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and
ND messages.

Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to
debug IPv6 packet.

Run the debugging ipv6 pathmtu command in the user view to debug PMTU.

Run the debugging tcp ipv6 { event | packet } [ task-id task id | socket-id socket id ]
command in the user view to debug TCP6.

Run the debugging udp ipv6 packet [ task-id task id | socket-id socket id ] command in
the user view to debug UDP6.

----End

8.6 Configuration Examples


This section provides a configuration example of IPv6 addresses.

8.6.1 Example for Setting an IPv6 Address for an Interface


This section provides a configuration example of IPv6 address for an interface.

Networking Requirements
As shown in Figure 8-1, two Switches are connected through GE 0/0/1. The GE 0/0/1 interfaces
of Switch A and Switch B correspond to their VLANIF 100 interfaces. You need to set IPv6
global unicast addresses for the VLANIF 100 interfaces and check the Layer 3 interconnection
between them.
The IPv6 global unicast addresses for the interfaces are 3001::1/64 and 3001::2/64.
Figure 8-1 Networking diagram for setting IPv6 addresses
SwitchA

SwitchB

GE 0/0/1
VLANIF 100
3001::1/64

GE 0/0/1
VLANIF 100
3001::2/64

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enable the IPv6 forwarding capability on the Switch.

2.

Set IPv6 global unicast addresses for the interfaces.

Data Preparation
To complete the configuration, you need the following data.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

133

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

Global unicast address of an interface

Procedure
Step 1 Enable the IPv6 forwarding capability on the Switch.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6

# Configure Switch B.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6

Step 2 Configure the IPv6 global unicast address for the interfaces.
# Configure Switch A.
[SwitchA] vlan 100
[SwitchA-Vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ipv6 enable
[SwitchA-Vlanif100] ipv6 address 3001::1/64
[SwitchA-Vlanif100] quit

# Configure Switch B.
[SwitchB] vlan 100
[SwitchB-Vlan100] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ipv6 enable
[SwitchB-Vlanif100] ipv6 address 3001::2/64
[SwitchB-Vlanif100] quit

Step 3 Verify the configuration.


If the configuration succeeds, you can view the configured global unicast addresses. The status
of the interface and the IPv6 protocol are Up.
# Display information about the interface on Switch A.
[SwitchA] display ipv6 interface vlanif 100
Vlanif100 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::218:20FF:FE00:83 [TENTATIVE]
Global unicast address(es):
3001::1, subnet is 3001::/64 [TENTATIVE]
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF00:83
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

134

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

ND retransmit interval is 1000 milliseconds


Hosts use stateless autoconfig for addresses

# Display information about the interface on Switch B.


[SwitchB] display ipv6 interface vlanif 100
Vlanif100 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE33:11 [TENTATIVE]
Global unicast address(es):
3001::2, subnet is 3001::/64 [TENTATIVE]
Joined group address(es):
FF02::1:FF00:2
FF02::1:FF33:11
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses

# On Switch A, ping the link-local address of Switch B. Note that you need to use the parameter
-i to specify the interface of the link-local address.
[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100
PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=1 hop limit=64 time = 7 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- FE80::2E0:FCFF:FE33:11 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/7 ms

# On Switch A, ping the IPv6 global unicast address of Switch B.


[SwitchA] ping ipv6 3001::2
PING 3001::2 : 56 data bytes, press CTRL_C to break
Reply from 3001::2
bytes=56 Sequence=1 hop limit=64 time = 12 ms
Reply from 3001::2
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 3001::2
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from 3001::2
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Reply from 3001::2
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- 3001::2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/4/12 ms

----End

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

135

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

8 Basic Configurations of IPv6

Configuration Files
l

Configuration file of Switch A


#
sysname SwitchA
#
ipv6
#
vlan 100
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::1/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return

Configuration file of Switch B


#
sysname SwitchB
#
ipv6
#
vlan 100
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::2/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

136

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

IPv6 DNS Configuration

About This Chapter


By configuring the IPv6 Domain Name System (DNS), you can enable network devices to
communicate with other through their domain names.
9.1 Introduction to IPv6 DNS
After each host on the Internet is assigned a domain name, you can set up mapping between the
domain name and IP address of a host. In this manner, you can use domain names, which are
easy to memorize and are of significance, instead of complicated IP addresses.
9.2 IPv6 DNS Supported by the S5700
IPv6 domain name resolution can be performed in either dynamic mode or static mode.
9.3 Configuring IPv6 DNS
By configuring the IPv6 DNS, you can set up a mapping between a domain name and an IPv6
address. In this manner, you can enable the device to communicate with other devices.
9.4 Maintaining IPv6 DNS
This section describes how to maintain the IPv6 DNS. Detailed operations include deleting IPv6
DNS entries and monitoring IPv6 DNS operation.
9.5 Configuration Examples
This section provides several configuration examples of IPv6 DNS.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

137

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

9.1 Introduction to IPv6 DNS


After each host on the Internet is assigned a domain name, you can set up mapping between the
domain name and IP address of a host. In this manner, you can use domain names, which are
easy to memorize and are of significance, instead of complicated IP addresses.
IPv6 DNS has two resolution modes: dynamic IPv6 DNS resolution and static IPv6 DNS
resolution. To resolve a domain name, the system first uses static IPv6 DNS resolution. If this
mode fails, the system uses dynamic IPv6 DNS resolution. To improve resolution efficiency,
you can put common domain names in a static domain name resolution table.

9.2 IPv6 DNS Supported by the S5700


IPv6 domain name resolution can be performed in either dynamic mode or static mode.
IPv6 domain name system (DNS) is similar to IPv4 DNS. For configurations of IPv4 DNS, refer
to "DNS Configuration."

9.3 Configuring IPv6 DNS


By configuring the IPv6 DNS, you can set up a mapping between a domain name and an IPv6
address. In this manner, you can enable the device to communicate with other devices.

9.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring the IPv6 DNS.

Applicable Environment
DNS needs to be configured if the local users log on to a device using domain names to
communicate with other devices. The IPv6 DNS entries show the mapping between domain
names and IPv6 addresses.
If users seldom use the domain name to access other devices, or if the DNS server is unavailable,
a static DNS needs to be configured. To configure a static IPv6 DNS, the network administrator
needs to know the relation between domain names and IPv6 addresses, and manually modify
the IPv6 DNS entry when the relation changes.
If the users need to use the domain name to access many devices, and the DNS server is available,
a dynamic DNS can be configured. The dynamic DNS needs to be supported by a DNS server.

Pre-configuration Tasks
Before configuring IPv6 DNS, configure the route between a local device and a DNS server.

Data Preparation
To configure IPv6 DNS, you need the following data.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

138

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

No.

Data

Domain name of the static IPv6 DNS entry and the corresponding IPv6 address

IPv6 address of the IPv6 DNS server

Domain name of the dynamic IPv6 DNS or the domain name list

9.3.2 Configuring a Static IPv6 DNS Entry


You can create a table of mappings between domain names and IPv6 addresses and add common
domain names to this table. When a client needs to use the IPv6 address corresponding to a
domain name, the client can search the table for the required IPv6 address. This improves the
efficiency of domain name resolution.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6

You can enable the IPv6 capability.


Step 3 Run:
ipv6 host host-name ipv6-address

The host name and the corresponding IPv6 address are configured.
If the same host is configured with IPv6 addresses for several times (the maximum times is 8
IPv6 addresses), the IPv6 address configured earliest is used when needing to find the host with
the IPv6 address, such as ping this host.
----End

9.3.3 Configuring the Dynamic IPv6 DNS Services


To perform dynamic domain name resolution, you need a special domain name resolution server,
which runs a server program. This server provides mappings between domain names and IPv6
addresses and receives resolution requests from the client.

Context
If the IPv6 DNS server is configured with a link-local address, the interface name should also
be configured with the IPv6 address.
Figure 9-1 DNS server connecting IPv4 and IPv6 networks

DNS IPv4 client

DNS server

IPv4 link
Issue 01 (2011-10-26)

DNS IPv6 client


IPv6 link

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

139

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

CAUTION
If multiple DNS servers are configured, the servers are queried in the order of configuration till
proper response is received. If both IPv4 and IPv6 servers are configured, the A query is first
sent to the IPv4 server, while AAAA query packets are first sent to the IPv6 server.
The DNS domains are configured on a device and the domain names can be searched. If the
DNS fails in searching for a host name, it appends a domain name to the host name following a
"." and continues the DNS search. You can configure some commonly used domain names like
"com", and "net". For example, if the search for the host name "huawei" fails, the system then
searches for "huawei.com" or "huawei.net".
Do as follows on the switch:

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dns resolve

The dynamic domain name resolution is enabled.


Step 3 Run:
dns server ipv6 ipv6-address [ interface-type interface-number ]

The IPv6 DNS server is configured.


Step 4 Run:
dns server ipv6 source-ip ipv6-address

The IPv6 address of the local device is specified.


After the source IPv6 address is specified for the local device, the local device uses the specified
source IPv6 address to communicate with the IPv6 DNS server to ensure the security of check.
Step 5 Run:
dns domain domain-name

The suffix of domain names is added.


----End

9.3.4 Checking the Configuration


You can view the configuration of the IPv6 DNS.

Prerequisite
The configurations of the IPv6 DNS function are complete.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

140

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

Procedure
l

Run the display ipv6 host command to check the static IPv6 DNS table.

Run the display dns server command to check the configuration of the DNS server.

Run the display dns domain command to check the configuration of the suffix list of the
domain name.

Run the display dns ipv6 dynamic-host command to check the cache of the dynamic
domain name.

----End

Example
Run the display ipv6 host command. If the static IPv6 DNS entries, including the host name
and the IPv6 address, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ipv6 host
Host
Age
RTB
0
RTA
0

Flags
static
static

IPv6Address (es)
20::1
20::2

Run the display dns server command. If the IPv6 addresses of all DNS servers are displayed,
it means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
169.254.65.125
IPv6 Dns Servers:
Domain-server Ipv6Address
1
3001::2
2
FE80::2

(Interface Name)
GigabitEthernet6/0/0

Run the display dns domain command. If the suffixes of the domain names are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns domain
No
Domain-name
1
com
2
net

Run the display dns ipv6 dynamic-host command. If information about the cache of the
dynamic domain name is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
TTL
1
huawei6
3001::2
6

9.4 Maintaining IPv6 DNS


This section describes how to maintain the IPv6 DNS. Detailed operations include deleting IPv6
DNS entries and monitoring IPv6 DNS operation.

9.4.1 Clearing IPv6 DNS Entries


This section describes IPv6 DNS entry clearance through the reset command.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

141

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

Context

CAUTION
IPv6 DNS entries cannot be restored after being cleared. So, confirm the action before you use
this command.

Procedure
Step 1 Run the reset dns ipv6 dynamic-host command in the user view to clear dynamic IPv6 DNS
entries statistics in the domain name cache.
----End

9.4.2 Monitoring Network Operation Status of IPv6 DNS


This section describes IPv6 DNS operation monitoring through the display command.

Context
In routine maintenance, you can run the following commands in any view to check the operation
of IPv6 DNS.

Procedure
l

Run:
display dns domain

Domain names are checked.


l

Run:
display dns server

Configurations of the DNS server are checked.


l

Run:
display dns ipv6 dynamic-host

Contents about the cache of the IPv6 dynamic domain names are checked.
l

Run:
display ipv6 host

The static DNS table is checked.


----End

9.5 Configuration Examples


This section provides several configuration examples of IPv6 DNS.

9.5.1 Example for Configuring IPv6 DNS


This section provides a configuration example of IPv6 DNS.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

142

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

Networking Requirements
As shown in Figure 9-2, Switch A, functioning as the IPv6 DNS client and working jointly
whose IPv6 DNS server, can access the host with the IP address as 2002::1/64 based on the
domain name huawei.com.
On Switch A, the static IPv6 DNS entries of Switch B and Switch C are configured. This ensures
that Switch A can manage both the routers based on the domain names Switch B and Switch C.
Figure 9-2 Networking diagram of IPv6 DNS configurations

Loopback0
4.1.1.1/32
GE0/0/1
VLANIF100 SwitchB
2001::1/64

DNS client
SwitchA

GE0/0/1
VLANIF101
2001::2/64

Loopback0
4.1.1.2/32
GE0/0/1
VLANIF101
2003::1/64

SwitchC
GE0/0/2
VLANIF100
2002::2/64

GE0/0/2
VLANIF100 DNS server
2002::3/64 2003::2/64

huawei.com
2002::1/64

Configuration Roadmap
The configuration roadmap is as follows:
1.

Configure static IPv6 DNS entries.

2.

Enable the DNS resolution function.

3.

Configure IPv6 address of the IPv6 DNS server.

4.

Set the domain name suffix.

Data Preparation
To complete the configuration, you need the following data:
l

Domain names of Switch B and Switch C

IPv6 address of the IPv6 DNS server

Domain name suffix

Procedure
Step 1 Configure Switch A.
# Configure static IPv6 DNS entries.
<SwitchA> system-view

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

143

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

[SwitchA] ipv6 host RouterB 2001::2


[SwitchA] ipv6 host RouterC 2002::3

# Enable the DNS resolution function.


[SwitchA] dns resolve

# Configure the IPv6 address of the IPv6 DNS server.


[SwitchA] dns server ipv6 2003::2

# Set the domain name suffix to ".net".


[SwitchA] dns domain net

# Set the domain name suffix to ".com".


[SwitchA] dns domain com
[SwitchA] quit
NOTE

To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server.
For details of how to configure the route, see Configuration example of IP static route in the Quidway
S5700 Series Ethernet Switches Configuration Guide - IP Routing.

Step 2 Verify the configuration.


# Run the ping ipv6 huawei.com command on Switch A. You can find that the Ping operation
succeeds, and the destination IP address is 2002::1.
<SwitchA> ping ipv6 huawei.com
Resolved Host ( huawei.com -> 2002::1)
PING huawei.com : 56 data bytes, press CTRL_C to
Reply from 2002::1: bytes=56 Sequence=1 ttl=126
Reply from 2002::1: bytes=56 Sequence=2 ttl=126
Reply from 2002::1: bytes=56 Sequence=3 ttl=126
Reply from 2002::1: bytes=56 Sequence=4 ttl=126
Reply from 2002::1: bytes=56 Sequence=5 ttl=126

break
time=6
time=4
time=4
time=4
time=4

ms
ms
ms
ms
ms

--- huawei.com ping statistics --5 packet(s) transmitted


5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms

# Run the display ipv6 host command on SwitchA. You can view the mapping relationships
between the host names in static IPv6 DNS entries and the IPv6 addresses.
<SwitchA> display ipv6 host
Host
Age
SwitchB
0
SwitchC
0

Flags
static
static

IPv6Address (es)
2001::2
2002::3

Run the display dns ipv6 dynamic-host command on SwitchA. You can view information about
dynamic IPv6 DNS entries in the dynamic cache.
<SwitchA> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
1
huawei.com
2002::1

TTL
3579

NOTE

TTL in the command output indicates the life time of the entry, in seconds.

----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

144

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

Configuration Files
l

Configuration file of Switch A

#
sysname SwitchA
#
vlan batch 100
#
ipv6
#
ipv6 host SwitchB 2001::2
ipv6 host SwitchC 2002::3
#
dns resolve
dns server ipv6 2003::2
dns domain net
dns domain com
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface vlanif100
ipv6 enable
ipv6 address 2001::1/64
#
return

Configuration file of Switch B


#
sysname SwitchB
#
vlan batch 100 101
#
ipv6
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface vlanif100
ipv6 enable
ipv6 address 2002::2/64
#
interface vlanif101
ipv6 enable
ipv6 address 2001::2/64
#
return

Configuration file of Switch C


#
sysname SwitchC
#
vlan batch 100 101
#
ipv6
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

145

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

9 IPv6 DNS Configuration

#
interface vlanif100
ipv6 enable
ipv6 address 2002::3/64
#
interface vlanif101
ipv6 enable
ipv6 address 2003::1/64
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

146

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10

10 IPv6 over IPv4 Tunnel Configuration

IPv6 over IPv4 Tunnel Configuration

About This Chapter


The IPv6 over IPv4 tunnel technology is developed to address the problem in the transition from
IPv4 networks to IPv6 networks.

Context
The S5706 does not support this function.
10.1 Introduction to IPv6 over IPv4
An IPv6 packet is transparently transmitted after being encapsulated into an IPv4 packet.
10.2 IPv6 over IPv4 Supported by the S5700
You can configure manual IPv6 over IPv4 tunnels or 6to4 tunnels to interconnect IPv6 networks.
10.3 Configuring IPv4/IPv6 Dual Stacks
To establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite and
the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.
10.4 Configuring an IPv6 over IPv4 Tunnel
You can interconnect IPv6 networks by using IPv4 networks.
10.5 Configuration Examples
This section provides configuration examples of IPv6 over IPv4 tunnel.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

147

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

10.1 Introduction to IPv6 over IPv4


An IPv6 packet is transparently transmitted after being encapsulated into an IPv4 packet.
During the transition from the IPv4 Internet to the IPv6 Internet, IPv4 networks have been widely
deployed while IPv6 domains are isolated and dispersed around the world. It is not economical
to connect these isolated sites with private lines.
The usual method is tunnel technology. This technology creates tunnels over IPv4 networks to
connect isolated IPv6 domains. This is similar to the situation where the tunnel technology is
used to deploy VPNs on the IP networks.
The tunnel used to connect isolated IPv6 domains over IPv4 networks is called IPv6 over IPv4
tunnel. To implement this tunnel, enable IPv4/IPv6 dual stacks on the devices at the border of
the IPv4 network and the IPv6 network.

10.2 IPv6 over IPv4 Supported by the S5700


You can configure manual IPv6 over IPv4 tunnels or 6to4 tunnels to interconnect IPv6 networks.

Dual Stacks
The simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve a
complete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure
10-1 shows a single stack structure and a dual stack structure.
Figure 10-1 Single stack and dual stack structures (Ethernet)

IPv4 Application
UDP

TCP

IPv4
Protocol ID:
0x0800
Ethernet

IPv4/IPv6 Application
TCP

UDP

IPv6
Protocol ID: Protocol ID:
0x86DD
0x0800
Ethernet

IPv4 Stack

Dual Stack

The characteristics of the dual-stack structure are as follows:


l

Supported by multiple link layer protocols


Multiple link layer protocols, such as Ethernet, support dual stacks. The link layer in the
above diagram is the Ethernet. For an Ethernet frame with the protocol ID field value of
0x0800 indicates that the network layer has IPv4 packets. The ID field value of 0x86DD
indicates that the network has IPv6 packets.

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

148

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Supported by multiple applications


Multiple applications such as DNS, FTP and Telnet support dual stacks. The upper
application, such as DNS, can select TCP or UDP as its transport layer protocol. However,
it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.

IPv6 over IPv4 Tunnel


Figure 10-2 shows principles of the IPv6 over IPv4 tunnel technology.
1.

Enabling IPv4/IPv6 dual stacks


Enable IPv4/IPv6 dual stacks on the border device.

2.

Encapsulating IPv6 packets


After receiving a packet from the IPv6 network, the border device takes the received IPv6
packet as the payload, adds an IPv4 packet header before the payload and encapsulates it
into an IPv4 packet if it finds that the destination of the packet is not for itself.

3.

Transmitting the encapsulated packet


In the IPv4 network, the encapsulated packet is transmitted to the peer border device.

4.

Decapsulating the packet


The peer border device decapsulates the packet, removes the IPv4 packet header, and
forwards the resulting IPv6 packet to the remote IPv6 network.

Figure 10-2 Schematic diagram of IPv6 over IPv4 tunnel

Dual Stack
Router
IPv6

IPv4
Tunnel

Dual Stack
Router
IPv6
IPv6 host

IPv6 host
IPv6 Header

IPv6 Header

IPv6 Data
IPv4 Header

IPv6 Header

IPv6 Data

IPv6 Data

The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 over
IPv4 tunnel. Tunnels can be classified according to their setup modes.
The common IPv6 over IPv4 tunnel modes include:
l

IPv6 over IPv4 manual tunnels

6to4 tunnels

Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnels

IPv6 over IPv4 Manual Tunnel


An IPv6 over IPv4 manual tunnel is set up by configuring the border devices of two tunnel ends.
The source IPv4 address and destination IPv4 address of such a tunnel must be configured
statically.
A manual tunnel is equivalent to a permanent link between two IPv6 networks over an IPv4
backbone network. It is the fixed channel for regular and secure communication between the
two border devices.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

149

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

The manual tunnel can be used between isolated IPv6 networks. It can also be used between a
border device and a host. In this case, the host and the device on both ends of the tunnel must
support the IPv4 and the IPv6 protocol stacks.

6to4 Tunnel
A 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over an
IPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6
network and the IPv4 network. The border device on both the ends of the 6to4 tunnel must
support the IPv4 and the IPv6 dual protocol stacks at the same time.
The key difference between the 6to4 tunnel and the manual tunnel is that the former can be a
point-to-multipoint connection, and the latter is only a point-to-point connection. Hence, the
devices of the 6to4 tunnel are not configured in pairs.
The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. You
need not specify the IPv4-compatible IPv6 address for it.
The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the following
format:
2002:IPv4 address: subnet ID:interface ID
The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4
address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address must
be configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4
network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both the
subnet ID and the interface ID are allocated in the isolated IPv6 domains.
As shown in Figure 10-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4
network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address of
the host or device in Site1 is the IPv4 address of the interface through which Switch A accesses
the IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or device
in Site2 is the IPv4 address of the interface through which Switch B accesses the IPv4 network.
Switch A and Switch B are both 6to4 devices.
Figure 10-3 6to4 tunnel and 6to4 relay

6to4
Router

6to4
Network
Site1

6to4
Router

6to4
Network
Site2

SwitchB
IPv4
Network

SwitchA
6to4
Relay

SwitchC
IPv6
Internet
Site3

When the host in Site1 accesses the host in Site2, the process concerned is as follows:
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

150

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

1.

The IPv6 packet is transmitted to Switch A.

2.

Switch A checks the destination address of the IPv6 packet and finds that the address is the
6to4 address, from which Switch A obtains the remote IPv4 address of the 6to4 tunnel.

3.

Switch A encapsulates this IPv6 packet into the IPv4 packet. The destination address of
IPv4 packet header is the remote IPv4 address of the tunnel, and its source address is the
local IPv4 address of the tunnel.

4.

Switch A forwards the IPv4 packet in the IPv4 network to Switch B.

5.

Switch B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6 packet
to the destination host in Site2.

The above process implements the communication between the 6to4 networks. To implement
the communication between the 6to4 network and native IPv6 network, a 6to4 relay device is
needed. The so-called native IPv6 network means that both its internal host and device are not
configured with the 6to4 address.
The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network.
One side of the 6to4 relay device is connected to the native IPv6 network; the other side is
connected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device.
As shown in Figure 10-3, when the host in the 6to4 network accesses the IPv6 Internet, the
process concerned is as follows:
1.

The IPv6 packet is routed to Switch A.

2.

A 6to4 tunnel is created between Switch A and Switch C.

3.

The IPv6 packet is encapsulated into the IPv4 packet and is sent to Switch C.

4.

Switch C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends the
IPv6 packet to the destination host in the IPv6 Internet.

ISATAP Tunnel
The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6
network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device.
The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows:
Prefix (64bit)::5EFE:IPv4-Address
When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in a
same IPv4 network), the IPv4 address embedded into the ISATAP address can be either a public
network address or a private network address.
As shown in Figure 10-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as
follows:
1.

The IPv4/IPv6 host sends a request message to a device.


The IPv4/IPv6 host uses the link-local address in the ISATAP format to send a router
request message to the ISATAP device. It encapsulates the message into the IPv4 packet.

2.

The ISATAP device responds to the request message.


The ISATAP device uses a router notification message to respond to the request. The router
notification message contains the ISATAP prefix, which is manually configured on the
device.

3.
Issue 01 (2011-10-26)

The IPv4/IPv6 host obtains its IPv6 address.


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

151

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with
5EFE:IPv4-Address, and uses this address to access the IPv6 host.
Figure 10-4 ISATAP tunnel

IPv4
Network
ISATAP Tunnel

IPv6
Network

IPv6 Host

ISATAP
Switch

IPv4/IPv6 Host
2.1.1.1
FE80::5EFE:0201:0101
3FFE::5EFE:0201:0101

The principle of an IPv4 or IPv6 host accessing an IPv6 network is as follows:


1.

The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps given
above.

2.

The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host in
the IPv6 network.

3.

An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6
host.

10.3 Configuring IPv4/IPv6 Dual Stacks


To establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite and
the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.

10.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for the IPv4/IPv6 dual protocol stack.

Applicable Environment
If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to be
enabled on the device.
Enabling the IPv4/IPv6 dual protocol stacks on the S5700 is a simple process. Enable the IPv6
packet forwarding capacity in the system view and configure an IPv4 address or IPv6 address
on the corresponding interface. The device can then forward IPv4 and IPv6 packets on the
corresponding interface.

Pre-configuration Tasks
Before configuring IPv6 tunnels, complete the following tasks:
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

152

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up

Configuring the link layer parameters for the interface

Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data.
No.

Data

Type and number of the interface connected with the IPv4 network

IPv4 address and mask of the interface connected with the IPv4 network

Type and number of the interface connected with the IPv6 network

IPv6 address and prefix of the interface connected with the IPv6 network

10.3.2 Enabling IPv6 Packet Forwarding


To enable IPv6 packet forwarding, you need to enable IPv6 in both the interface view and the
system view.

Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l

If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The interface on the device is not of the IPv6 capability
and hence you cannot perform any IPv6 configurations.

If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the IPv6 protocol status on the interface is Down and the
device cannot forward IPv6 data.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6

The IPv6 packet forwarding capability is enabled.


To enable a device to forward IPv6 packets, you must run this command in the system view;
otherwise, the IPv6 protocol status on the interface is Down and the device cannot forward IPv6
packets although the interface is configured with an IPv6 address.
By default, the IPv6 packet forwarding capability is disabled.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

153

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Step 3 Run:
interface vlanif vlan-id

The view of the interface to be enabled with the IPv6 capability is displayed.
Step 4 Run:
ipv6 enable

The IPv6 capability is enabled on the interface.


Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability
in the interface view.
By default, the IPv6 capability is disabled on the interface.
----End

10.3.3 Configuring IPv4 and IPv6 Addresses for the Interface


You need to configure IPv4 and IPv6 addresses separately on the IPv4 and IPv6 networks.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface vlanif vlan-id

The interface view of the IPv4 network is displayed.


Step 3 Run:
ip address ip-address { mask | mask-length }

An IPv4 address is assigned to the interface.


Step 4 Run:
quit

Return to the system view.


Step 5 Run:
interface vlanif vlan-id

The interface view of the IPv6 network is displayed.


Step 6 Perform the following configuration as required.
l Run:
ipv6 address auto link-local

The link-local address is set to be automatically generated.


l Run:
ipv6 address ipv6-address link-local

The link-local address of the interface is configured.


l Run:
ipv6 address { ipv6-address | prefix-length }

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

154

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

The global unicast address is configured.


l Run:
ipv6 address { ipv6-address | prefix-length } eui-64

The IPv6 EUI-64 address is configured.


----End

10.3.4 Checking the Configuration


Prerequisite
All configurations are complete.

Procedure
Step 1 Run the display ipv6 interface command to view the IPv6 information about the interface.
----End

10.4 Configuring an IPv6 over IPv4 Tunnel


You can interconnect IPv6 networks by using IPv4 networks.

10.4.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring an IPv6 over IPv4 tunnel.

Applicable Environment
To enable communication between two IPv6 networks over the IPv4 network, configure an IPv6
over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.

Pre-configuration Tasks
Before configuring an IPv6 over IPv4 tunnel, complete the following tasks:
l

Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up

Configuring the link layer protocol for the interface and ensuring that the status of the link
layer protocol on the interface is Up

Configuring the IPv4/IPv6 dual-protocol stacks

Data Preparation
To configure an IPv6 over IPv4 tunnel, you need the following data.

10.4.2 Enabling the Service Loopback Function on an Eth-Trunk


Interface
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

155

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Context
Before enabling the service loopback function on an Eth-Trunk interface, note the following:
l

Before enabling the service loopback function, create an Eth-Trunk, add member interfaces
to the Eth-Trunk and keep it in the Up state.

Only one interface enabled with the service loopback function is needed on a device.

Do as follows on the S5700.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.


Step 3 Run:
service type tunnel

The Eth-Trunk interface is enabled with the service loopback function.


Step 4 Run:
interface interface-type interface-number

The interface view is displayed.


Step 5 Run:
eth-trunk trunk-id

The interface is added to the Eth-Trunk.


----End

10.4.3 Configuring an IPv6 over IPv4 Manual Tunnel


A manual IPv6 over IPv4 tunnel is a P2P tunnel. The source address and destination address of
a manual IPv6 over IPv4 tunnel are both manually assigned. The source address and destination
address of a manual IPv6 over IPv4 tunnel on the same device must be unique. A manual IPv6
over IPv4 tunnel acts as a permanent link that crosses an IPv4 network and connects two IPv6
networks. Border devices can communicate with each other securely and regularly through
manual IPv6 over IPv4 tunnels.

Context
Note the following when configuring an IPv6 over IPv4 manual tunnel:
l

Create only one interface enabled with the service loopback function on a device first, and
keep it in the Up state.

Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface.

You need to conduct the following configurations on the devices on both the ends of the
tunnel. During the configuration, note that the source address of the local tunnel end is the

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

156

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

destination address set for the remote tunnel end; the destination address of the local tunnel
end is the source address set for the remote tunnel end.
l

To support dynamic routing protocol, you also need to configure the tunnel interface with
a network address.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface tunnel interface-number

The tunnel interface is created.


Step 3 Run:
tunnel-protocol ipv6-ipv4

The tunnel is specified be an IPv6 over IPv4 manual tunnel.


Step 4 Run:
source { ip-address | interface-type interface-number }

The source address or source interface of the tunnel is specified.


Step 5 Run:
destination dest-ip-address

The destination address of the tunnel is specified.


NOTE

The destination address of the tunnel can be the address of a physical interface or the address of a loopback
interface.

Step 6 Run:
ipv6 enable

IPv6 is enabled on the interface.


Step 7 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

The tunnel interface is configured with an IPv6 address.


----End

10.4.4 Configuring a 6to4 Tunnel


A 6to4 tunnel is a P2MP tunnel and can interconnect IPv6 networks which are isolated from
each other through an IPv4 network.

Context
Note the following when configuring a 6to4 tunnel:
l
Issue 01 (2011-10-26)

Before configuring other parameters of the tunnel, create a tunnel interface.


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

157

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.

When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. The
destination address of the tunnel is automatically obtained from the destination IP address
field carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnel
must be unique.

On the border device, configure a 6to4 address on the interface that is connected with the
6to4 network, and configure an IPv4 address on the interface that is connected with the
IPv4 network. To make the tunnel support the routing protocol, configure an IP address for
the tunnel interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface tunnel interface-number

A tunnel interface is created.


Step 3 Run:
tunnel-protocol ipv6-ipv4 6to4

The tunnel is specified as a 6to4 tunnel.


Step 4 Run:
source { ip-address | interface-type interface-number }

The source address or source interface of the tunnel is specified.


Step 5 Run:
ipv6 enable

IPv6 is enabled on the interface.


Step 6 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

The interface is configured with an IPv6 address.


----End

Follow-up Procedure
The configuration of 6to4 relay needed to access the IPv6 network, is similar to the 6to4 tunnel.
For the configuration example, see "Example for Configuring 6to4 Relay."

10.4.5 Configuring an ISATAP Tunnel


Intra-site Automatic Tunnel Addressing Protocol (ISATAP) tunnels are used in the situation
where IPv4/IPv6 hosts in an IPv4 network need to access an IPv6 network. An ISATAP tunnel
can be established between an ISATAP host and an ISATAP device.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

158

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Context
Note the following when configuring an ISATAP tunnel:
l

Before configuring other parameters of the tunnel, create a tunnel interface.

When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.

When configuring an ISATAP tunnel, you need to specify only the source address of the
tunnel. The destination address of the tunnel is automatically obtained from the destination
IP address field carried in the original IPv6 packet. Note that the source interface of the
ISATAP tunnel must be unique.

The IPv6 address configured on the tunnel interface is an ISATAP address with a prefix
length of 64 bits.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface tunnel interface-number

A tunnel interface is created.


Step 3 Run:
tunnel-protocol ipv6-ipv4 isatap

The tunnel is specified as an ISATAP tunnel.


Step 4 Run:
source { ip-address | interface-type interface-number }

The source address or source interface of the tunnel is specified.


Step 5 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

The tunnel interface is configured with an IPv6 address.


Step 6 Run:
undo ipv6 nd ra halt

The device is allowed to advertise routes.


----End

10.4.6 Configuring Routes in the Tunnel


Packets can be normally forwarded only when routes exist on both the source device and
destination device of the tunnel.

Context
Configuring routes in the tunnel comprises configuring static routes and dynamic routes.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

159

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

When configuring a static route, you need to run the ipv6 route-static dest-ipv6-address
prefix-length { interface-type interface-number nexthop-ipv6-address | nexthop-ipv6address } command to configure a route destined for the destination address (the destination
address specified before the packet encapsulation, rather than the destination address of the
tunnel). In addition, you need to set the next hop address to the address of the interface on
the remote end of the tunnel.

You can enable dynamic routing protocol on the tunnel interface connected to the private
networks and on the device interface.

10.4.7 Checking the Configuration


Prerequisite
All configurations of the IPv6 over IPv4 tunnel are complete.

Procedure
Step 1 Run the display ipv6 interface tunnel interface-number command to view the IPv6 attribute
of the tunnel interface.
----End

10.5 Configuration Examples


This section provides configuration examples of IPv6 over IPv4 tunnel.

10.5.1 Example for Configuring an IPv6 over IPv4 Tunnel Manually


This section provides a configuration example of manual IPv6 over IPv4 tunnel.

Networking Requirements
As shown in Figure 10-5, two IPv6 networks are connected to Switch B on the IPv4 backbone
network respectively through Switch A and Switch C. To enable the communication between
two IPv6 networks, manually configure an IPv6 over IPv4 tunnel between Switch A and
Switch C.
Figure 10-5 Networking diagram for configuring the IPv6 over IPv4 tunnel manually

GE 0/0/1
VLANIF 100
192.168.50.1/24
GE 0/0/1
VLANIF 100
192.168.50.2/24
IPv6

GE 0/0/2
VLANIF 200
192.168.51.1/24
GE 0/0/1
VLANIF 200
192.168.51.2/24

SwitchB
Dual
stack

SwitchA
Issue 01 (2011-10-26)

IPv4
network

Dual
stack

IPv6

SwitchC

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

160

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enabling the service loopback function on an Eth-Trunk interface.

2.

Set the IP address for the VLANIF interface mapping with the physical interface.

3.

Configure IPv6 addresses, source interface, and destination addresses for the tunnel
interfaces.

4.

Set the tunnel protocol to IPv6-IPv4.

Data Preparation
To complete the configuration, you need the following data.
l

IP addresses of interfaces

IPv6 address, source address, and destination address of the tunnel

Procedure
Step 1 Configure Switch A.
# Enabling the service loopback function on an Eth-Trunk interface.

CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit

# Assign IP addresses to interfaces.


<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6
[SwitchA] vlan 100
[SwitchA-Vlan100] quit
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 192.168.50.2 255.255.255.0
[SwitchA-Vlanif100] quit

# Set the tunnel protocol to IPv6-IPv4.


[SwitchA] interface tunnel 0/0/1
[SwitchA-Tunnel0/0/1] tunnel-protocol ipv6-ipv4

# Bind the tunnel interface to the Eth-Trunk.


Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

161

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

[SwitchA-Tunnel0/0/1] eth-trunk 1

# Set IPv6 address and destination address for the tunnel interface.
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]

ipv6 enable
ipv6 address 3001::1/64
source vlanif 100
destination 192.168.51.2
quit

Configure a static route.


[SwitchA] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1

Step 2 Configure Switch B.


Assign IP addresses to interfaces.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6
[SwitchB] vlan 100
[SwitchB-Vlan100] quit
[SwitchB] vlan 200
[SwitchB-Vlan200] quit
[SwitchB] interface gigabitethernet0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet0/0/2
[SwitchB-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchB-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 192.168.50.1 255.255.255.0
[SwitchB-Vlanif100] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] ip address 192.168.51.1 255.255.255.0
[SwitchB-Vlanif200] quit

Step 3 Configure Switch C.


# Enabling the service loopback function on an Eth-Trunk interface.

CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet0/0/1
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit

Assign IP addresses to interfaces.


<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] ipv6
[SwitchC] vlan 200
[SwitchC-Vlan200] quit
[SwitchC] interface gigabitethernet0/0/1
[SwitchC-GigabitEthernet0/0/1] port hybrid pvid vlan 200

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

162

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

[SwitchC-GigabitEthernet0/0/1] port hybrid untagged vlan 200


[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 200
[SwitchC-Vlanif200] ip address 192.168.51.2 255.255.255.0
[SwitchC-Vlanif200] quit

# Set the tunnel protocol to IPv6-IPv4.


[SwitchC] interface tunnel 0/0/1
[SwitchC-Tunnel0/0/1] tunnel-protocol ipv6-ipv4

# Bind the tunnel interface to the Eth-Trunk.


[SwitchC-Tunnel0/0/1] eth-trunk 1

# Set IPv6 address and destination address for the tunnel interface.
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]
[SwitchC-Tunnel0/0/1]

ipv6 enable
ipv6 address 3001::2/64
source vlanif 200
destination 192.168.50.2
quit

# Configure a static route.


[SwitchC] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1

Step 4 Verify the configuration.


# On Switch C, ping the IPv4 address of VLANIF 100 of Switch A. Switch C can receive the
response packet from Switch A.
[SwitchC] ping 192.168.50.2
PING 192.168.50.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=84 ms
Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=27 ms
Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=25 ms
Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=24 ms
--- 192.168.50.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/32/84 ms

# On Switch C, ping the IPv6 address of Tunnel 0/0/1 of Switch A. Switch C can receive the
response packet from Switch A.
[SwitchC] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press
Reply from 3001::1
bytes=56 Sequence=1 hop limit=255
Reply from 3001::1
bytes=56 Sequence=2 hop limit=255
Reply from 3001::1
bytes=56 Sequence=3 hop limit=255
Reply from 3001::1
bytes=56 Sequence=4 hop limit=255
Reply from 3001::1
bytes=56 Sequence=5 hop limit=255
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/28 ms

CTRL_C to break
time = 28 ms
time = 27 ms
time = 26 ms
time = 27 ms
time = 26 ms

----End
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

163

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Configuration Files
l

Configuration file of Switch A


#
sysname SwitchA
#
ipv6
#
vlan batch 100
#
interface Vlanif100
192.168.50.2 255.255.255.0
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/1
eth-trunk 1
ipv6 enable
ipv6 address 3001::1/64
tunnel-protocol ipv6-ipv4
source Vlanif100
destination 192.168.51.2
#
ip route-static 192.168.51.0 255.255.255.0 192.168.50.1
#
return

Configuration file of Switch B


#
sysname SwitchB
#
vlan batch 100 200
#
interface Vlanif100
192.168.50.1 255.255.255.0
#
interface Vlanif200
192.168.51.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
return

Configuration file of Switch C


#
sysname SwitchC
#
ipv6
#
vlan batch 200
#
interface Vlanif200
192.168.51.2 255.255.255.0
#
interface Eth-Trunk1

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

164

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

service type tunnel


#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/1
eth-trunk 1
ipv6 enable
ipv6 address 3001::2/64
tunnel-protocol ipv6-ipv4
source Vlanif200
destination 192.168.50.2
#
ip route-static 192.168.50.0 255.255.255.0 192.168.51.1
#
return

10.5.2 Example for Configuring a 6to4 Tunnel


This section provides a configuration example of 6to4 tunnel.

Networking Requirements
As shown in Figure 10-6, Switch A and Switch B are connected to a 6to4 network and an IPv4
backbone network respectively. To enable communication between two 6to4 network hosts, you
need to manually configure an 6to4 tunnel between Switch A and Switch B.
To enable communication between 6to4 networks, configure 6to4 addresses for the hosts on the
6to4 network. A 6to4 address has a 48-bit prefix, which is in the format 2002:IPv4 address. As
shown in Figure 10-6, the IPv4 address of the interface through which Switch A is connected
to the IPv4 network is 2.1.1.1. Therefore, the 6to4 address prefix of the 6to4 network where
Switch A is located is 2002:0201:0101::.
Figure 10-6 Networking diagram for configuring a 6to4 tunnel

GE 0/0/1
VLANIF 100
2.1.1.1
SwitchA

IPv4

GE 0/0/2
VLANIF 200
2002:201:101:1::1/64

PC1
IPv6

Issue 01 (2011-10-26)

Tunnel 0/0/1
2002:201:101::1/64
2002:201:101:1::2

GE 0/0/1
VLANIF 100
2.1.1.2
SwitchB

GE 0/0/2
VLANIF 200
2002:201:102:1::1/64

Tunnel 0/0/1
2002:201:102::1/64
2002:201:102:1::2

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

PC2
IPv6

165

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enabling the service loopback function on an Eth-Trunk interface.

2.

Configure the IPv4/IPv6 stack on the Switch.

3.

Configure a 6to4 tunnel on the Switch.

4.

Configure related routes on the Switch.

Data Preparation
To complete the configuration, you need the following data.
l

IPv4 and IPv6 addresses of interfaces

Source tunnel interface

Procedure
Step 1 # Configure Switch A.
# Enabling the service loopback function on an Eth-Trunk interface.

CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit

# Configure the IPv4/IPv6 stack.


<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6
[SwitchA] vlan batch 100 200
[SwitchA] interface gigabitethernet0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 2.1.1.1 8
[SwitchA-Vlanif100] quit
[SwitchA] interface gigabitethernet0/0/2
[SwitchA-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface vlanif 200
[SwitchA-Vlanif200] ipv6 enable
[SwitchA-Vlanif200] ipv6 address 2002:0201:0101:1::1/64
[SwitchA-Vlanif200] quit

# Configure a 6to4 tunnel.


[S5700-A] interface tunnel 0/0/1
[SwitchA-Tunnel0/0/1] eth-trunk 1

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

166

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]
[SwitchA-Tunnel0/0/1]

10 IPv6 over IPv4 Tunnel Configuration


tunnel-protocol ipv6-ipv4 6to4
ipv6 enable
ipv6 address 2002:0201:0101::1/64
source vlanif 100
quit

# Configure a route to other 6to4 networks.


[SwitchA] ipv6 route-static 2002:: 16 tunnel 0/0/1

Step 2 # Configure Switch B.


# Enabling the service loopback function on an Eth-Trunk interface.

CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit

# Configure the IPv4/IPv6 stack.


<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6
[SwitchB] vlan batch 100 200
[SwitchB] interface gigabitethernet0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 2.1.1.2 8
[SwitchB-Vlanif100] quit
[SwitchB] interface gigabitethernet0/0/2
[SwitchB-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchB-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] ipv6 enable
[SwitchB-Vlanif200] ipv6 address 2002:0201:0102:1::1/64
[SwitchB-Vlanif200] quit

# Configure a 6to4 tunnel.


[SwitchB] interface tunnel 0/0/1
[SwitchB-Tunnel0/0/1] eth-trunk 1
[SwitchB-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4
[SwitchB-Tunnel0/0/1] ipv6 enable
[SwitchB-Tunnel0/0/1] ipv6 address 2002:0201:0102::1/64
[SwitchB-Tunnel0/0/1] source vlanif 100
[SwitchB-Tunnel0/0/1] quit

# Configure a route to other 6to4 networks.


[SwitchB] ipv6 route-static 2002:: 16 tunnel 0/0/1

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

167

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

NOTE

There must be a reachable route between SwitchA and SwitchB. In this example, the routing protocol needs
to be configured on GigabitEthernet0/0/1 of SwitchA and SwitchB to ensure a reachable route between
SwitchA and SwitchB. For the configuration procedure, see the Quidway S5700 Series Ethernet Switches
Configuration Guide - IP Routing.

Step 3 Verify the configuration.


# View the IPv6 status of Tunnel 0/0/1 on Switch A, and you can find that the status is Up.
[SwitchA] display ipv6 interface tunnel 0/0/1
Tunnel0/0/1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::201:101 [TENTATIVE]
Global unicast address(es):
2002:201:101::1, subnet is 2002:201:101::/64 [TENTATIVE]
Joined group address(es):
FF02::1:FF01:101
FF02::1:FF00:1
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses

# On Switch A, ping the 6to4 address of VLANIF 200 of Switch B. Switch A can receive the
response packet from Switch B.
[SwitchA] ping ipv6 2002:0201:0102:1::1
PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break
Reply from 2002:201:102:1::1
bytes=56 Sequence=1 hop limit=255 time = 8 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=2 hop limit=255 time = 25 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=3 hop limit=255 time = 4 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=4 hop limit=255 time = 5 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=5 hop limit=255 time = 5 ms
--- 2002:0201:0102:1::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/9/25 ms

----End

Configuration Files
l

Configuration file of Switch A


#
sysname SwitchA
#
ipv6
#
vlan batch 100 200
#
interface Vlanif100
ip address 2.1.1.1 255.0.0.0
#
interface Vlanif200
ipv6 enable
ipv6 address 2002:201:101:1::1/64

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

168

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
GigabitEthernet0/0/13
eth-trunk 1
#
interface Tunnel0/0/1
eth-trunk 1
ipv6 enable
ipv6 address 2002:201:101:1::1/64
tunnel-protocol ipv6-ipv4 6to4
source vlanif100
#
ipv6 route-static 2002:: 16 Tunnel 0/0/1
#
return

Configuration file of Switch B


#
sysname SwitchB
#
ipv6
#
vlan batch 100 200
#
interface Vlanif100
ip address 2.1.1.2 255.0.0.0
#
interface Vlanif200
ipv6 enable
ipv6 address 2002:201:102:1::1/64
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/1
eth-trunk 1
ipv6 enable
ipv6 address 2002:201:102:1::1/64
tunnel-protocol ipv6-ipv4 6to4
source vlanif100
#
ipv6 route-static 2002:: 16 Tunnel 0/0/1
#
return

10.5.3 Example for Configuring an ISATAP Tunnel


This section provides a configuration example of ISATAP tunnel.
Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

169

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Network Requirements
As shown in Figure 10-7, an IPv6 host in the IPv4 network running the Windows XP system
needs to access the IPv6 network through a border device. Both the IPv6 host and the border
device support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host and
the border device.
Figure 10-7 Networking diagram of the ISATAP tunnel

IPv6
network
IPv6 host
3001::2

ISATAP

IPv4
network

Switch
ISATAP host
GE0/0/2
GE0/0/1
FE80::5EFE:0201:0102
VLANIF 100 VLANIF 200
2.1.1.2
3001::1/64 2.1.1.1/8
2001::5EFE:0201:0102

Configuration Roadmap
The configuration roadmap is as follows:
1.

Enabling the service loopback function on an Eth-Trunk interface.

2.

Configure IPv4/IPv6 dual protocol stacks.

3.

Configure an ISATAP tunnel.

4.

Configure static routes from the IPv6 host to the ISATAP host.

Data Preparation
To complete the configuration, you need the following data:
l

IPv4 or IPv6 addresses of interfaces

Source interface of the tunnel

VLAN that the physical interface of the Switch belongs to

Procedure
Step 1 Configure the ISATAP device.
# Enabling the service loopback function on an Eth-Trunk interface.

CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

170

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

[Quidway-Eth-Trunk1] service type tunnel


[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit

# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.
<Quidway> system-view
[Quidway] ipv6
[Quidway] vlan batch 100 200
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[Quidway-GigabitEthernet0/0/2] quit
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ipv6 enable
[Quidway-Vlanif100] ipv6 address 3001::1/64
[Quidway-Vlanif100] quit
[Quidway] interface vlanif 200
[Quidway-Vlanif200] ip address 2.1.1.1 255.0.0.0
[Quidway-Vlanif200] quit

# Configure an ISATAP tunnel.


[Quidway] interface tunnel 0/0/2
[Quidway-Tunnel0/0/2] eth-trunk 1
[Quidway-Tunnel0/0/2] tunnel-protocol ipv6-ipv4 isatap
[Quidway-Tunnel0/0/2] ipv6 enable
[Quidway-Tunnel0/0/2] ipv6 address 2001::/64 eui-64
[Quidway-Tunnel0/0/2] source vlanif 200
[Quidway-Tunnel0/0/2] undo ipv6 nd ra halt
[Quidway-Tunnel0/0/2] quit

Step 2 Configure the ISATAP host.


NOTE

The ISATAP host needs to run IPv6 and needs to be enabled with the IPv6 function.

# Configure a static route to the border device. (The pseudo interface number of the host is 2.
You can run the ipv6 if command to view the interface corresponding to the automatic tunneling
pseudo interface.)
C:\> netsh interface ipv6 isatap set router 2.1.1.1

Step 3 Configure the IPv6 host.


# Configure a static route on the IPv6 host to the border device, so hosts in different networks
can communicate through the ISATAP tunnel.
C:\> netsh interface ipv6 set route 2001::/64 3001::1

Step 4 Verify the configuration.


Check the status of the Tunnel 0/0/2 on the ISATAP device and find it is Up.
[Quidway] display ipv6 interface tunnel 0/0/2
Tunnel0/0/2 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::5EFE:201:101 [TENTATIVE]
Global unicast address(es):
2001::5EFE:201:101, subnet is 2001::/64 [TENTATIVE]
Joined group address(es):
FF02::1:FF01:101

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

171

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses

# On the ISATAP device, ping the global unicast IP address of the tunnel interface on the
ISATAP host.
[Quidway] ping ipv6 2001::5efe:2.1.1.2
PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from 2001::5EFE:201:102
bytes=56 Sequence=1 hop limit=64 time = 4 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=3 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=5 hop limit=64 time = 2 ms
--- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/4 ms

# On the ISATAP host, ping the global unicast IP address of the ISATAP device.
C:\> ping6 2001::5efe:2.1.1.1
Pinging 2001::5efe:2.1.1.1
from 2001::5efe:2.1.1.2 with 32 bytes of data:
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Ping statistics for 2001::5efe:2.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

# The ISATAP host can ping through the IPv6 host.


C:\> ping6 3001::2
Pinging 3001::2 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

3001::2:
3001::2:
3001::2:
3001::2:

time<1ms
time<1ms
time<1ms
time<1ms

Ping statistics for 3001::2:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

----End

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

172

Quidway S5700 Series Ethernet Switches


Configuration Guide - IP Service

10 IPv6 over IPv4 Tunnel Configuration

Configuration Files
The configuration file of the ISATAP device is as follows:
#
sysname Quidway
#
vlan batch 100 200
#
ipv6
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::1/64
#
interface Vlanif200
ip address 2.1.1.1 255.0.0.0
#
interface Eth-Trunk1
service-type tunnel
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/2
eth-trunk 1
ipv6 enable
ipv6 address 2001::/64 eui-64
undo ipv6 nd ra halt
tunnel-protocol ipv6-ipv4 isatap
source Vlanif200
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
return

Issue 01 (2011-10-26)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

173