You are on page 1of 221

Huawei AR150&200 Series Enterprise Routers

V200R002C00

Configuration Guide - IP Service

Issue 02
Date 2012-03-30

HUAWEI TECHNOLOGIES CO., LTD.


Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.


Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website: http://www.huawei.com
Email: support@huawei.com

Issue 02 (2012-03-30) Huawei Proprietary and Confidential i


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service About This Document

About This Document

Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the IP service feature supported by the
AR150/200.

This document describes how to configure the IP service feature.

This document is intended for:

l Data configuration engineers


l Commissioning engineers
l Network monitoring engineers
l System maintenance engineers

Symbol Conventions
The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a hazard with a high level of risk, which if not


avoided, will result in death or serious injury.
DANGER

Indicates a hazard with a medium or low level of risk, which


if not avoided, could result in minor or moderate injury.
WARNING

Indicates a potentially hazardous situation, which if not


avoided, could result in equipment damage, data loss,
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.

NOTE Provides additional information to emphasize or supplement


important points of the main text.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential ii


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service About This Document

Command Conventions
The command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by


vertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated by


vertical bars. One item is selected or no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated by


vertical bars. A minimum of one item or a maximum of all
items can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated by


vertical bars. Several items or no item can be selected.

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Interface Numbering Conventions


Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.

Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.

Changes in Issue 02 (2012-03-30)


Based on issue 01 (2011-12-30), the document is updated as follows:

The following information is added:

l Disabling the Routing and Forwarding Function on High-end LAN Cards

The following information is modified:

l 6.6.3 Enabling the DHCP/BOOTP Client

Issue 02 (2012-03-30) Huawei Proprietary and Confidential iii


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service About This Document

Changes in Issue 01 (2011-12-30)


Initial commercial release.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential iv


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service Contents

Contents

About This Document.....................................................................................................................ii


1 ARP Configuration........................................................................................................................1
1.1 ARP Overview....................................................................................................................................................3
1.2 ARP Features Supported by the AR150/200......................................................................................................3
1.3 Configuring Static ARP......................................................................................................................................4
1.3.1 Establishing the Configuration Task.........................................................................................................4
1.3.2 Configuring a Static ARP Entry................................................................................................................5
1.3.3 Configuring a Static ARP Entry in a VLAN.............................................................................................5
1.3.4 Configuring a Static ARP Entry in a VPN Instance..................................................................................6
1.3.5 Checking the Configuration.......................................................................................................................6
1.4 Optimizing Dynamic ARP..................................................................................................................................7
1.4.1 Establishing the Configuration Task.........................................................................................................7
1.4.2 Adjusting Parameters of Dynamic ARP Entries........................................................................................8
1.4.3 Enabling ARP Suppression.......................................................................................................................9
1.4.4 Enabling Layer 2 Topology Detection......................................................................................................9
1.4.5 Checking the Configuration.......................................................................................................................9
1.5 Configuring Routed Proxy ARP.......................................................................................................................10
1.5.1 Establishing the Configuration Task.......................................................................................................10
1.5.2 Configuring an IP Addresses for an Interface.........................................................................................11
1.5.3 Configuring Routed Proxy ARP..............................................................................................................12
1.5.4 Checking the Configuration.....................................................................................................................12
1.6 Configuring Intra-VLAN Proxy ARP..............................................................................................................13
1.6.1 Establishing the Configuration Task.......................................................................................................13
1.6.2 Configuring an IP Address for an Interface.............................................................................................14
1.6.3 (Optional) Configuring the VLAN ID of a Sub-interface.......................................................................14
1.6.4 Enabling Intra-VLAN Proxy ARP..........................................................................................................15
1.6.5 Checking the Configuration.....................................................................................................................15
1.7 Configuring Inter-VLAN Proxy ARP..............................................................................................................16
1.7.1 Establishing the Configuration Task.......................................................................................................16
1.7.2 Configuring an IP Addresses for an Interface.........................................................................................17
1.7.3 (Optional) Configuring the VLAN ID of the Sub-interface....................................................................18
1.7.4 Enabling Inter-VLAN Proxy ARP..........................................................................................................18
1.7.5 Checking the Configuration.....................................................................................................................19

Issue 02 (2012-03-30) Huawei Proprietary and Confidential v


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service Contents

1.8 Configuring ARP-Ping IP.................................................................................................................................19


1.8.1 Establishing the Configuration Task.......................................................................................................20
1.8.2 Checking an IP Address by Using ARP-Ping IP.....................................................................................20
1.9 Configuring ARP-Ping MAC...........................................................................................................................21
1.9.1 Establishing the Configuration Task.......................................................................................................21
1.9.2 Checking a MAC Address by Using ARP-Ping MAC............................................................................22
1.10 Maintaining ARP............................................................................................................................................22
1.10.1 Deleting ARP Entries............................................................................................................................22
1.10.2 Monitoring the ARP Running Status.....................................................................................................23
1.11 Configuration Examples.................................................................................................................................24
1.11.1 Example for Configuring Static ARP....................................................................................................24
1.11.2 Example for Configuring Routed Proxy ARP.......................................................................................27
1.11.3 Example for Configuring Intra-VLAN Proxy ARP..............................................................................29
1.11.4 Example for Configuring Inter-VLAN Proxy ARP..............................................................................32
1.11.5 Example for Configuring Layer 2 Topology Detection........................................................................34

2 IP Address Configuration..........................................................................................................38
2.1 IP Address Overview........................................................................................................................................39
2.2 IP Addresses Supported by the AR150/200.....................................................................................................39
2.3 Configuring IP Addresses for an Interface.......................................................................................................39
2.3.1 Establishing the Configuration Task.......................................................................................................39
2.3.2 Configuring a Primary IP Address for an Interface.................................................................................40
2.3.3 (Optional) Configuring a Secondary IP Address for an Interface...........................................................41
2.3.4 Checking the Configuration.....................................................................................................................41
2.4 Configuring IP Address Unnumbered on an Interface.....................................................................................42
2.4.1 Establishing the Configuration Task.......................................................................................................42
2.4.2 Configuring a Primary IP Address for the Interface from Which an IP Address Will Be Borrowed
..........................................................................................................................................................................43
2.4.3 Configuring IP Address Unnumbered on an Interface............................................................................43
2.4.4 Checking the Configuration.....................................................................................................................44
2.5 Configuration Examples...................................................................................................................................45
2.5.1 Example for Configuring Primary and Secondary IP Addresses for an Interface...................................45
2.5.2 Example for Configuring IP Address Unnumbered on an Interface.......................................................46

3 Basic IPv6 Configuration...........................................................................................................50


3.1 Introduction to IPv6..........................................................................................................................................52
3.2 IPv6 Supported by the AR150/200...................................................................................................................52
3.3 Configuring an IPv6 Address for an Interface..................................................................................................54
3.3.1 Establishing the Configuration Task.......................................................................................................54
3.3.2 Enabling IPv6 Packet Forwarding Capability.........................................................................................55
3.3.3 Configuring an IPv6 Link-Local Address for an Interface......................................................................56
3.3.4 Configuring an IPv6 Global Unicast Address for an Interface................................................................57
3.3.5 Configuring an IPv6 Anycast Address for an Interface...........................................................................57
3.3.6 Checking the Configuration.....................................................................................................................58

Issue 02 (2012-03-30) Huawei Proprietary and Confidential vi


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service Contents

3.4 Configuring IPv6 Neighbor Discovery.............................................................................................................59


3.4.1 Establishing the Configuration Task.......................................................................................................60
3.4.2 Configuring Static Neighbors..................................................................................................................61
3.4.3 Enabling RA Message Advertising.........................................................................................................61
3.4.4 Setting the Interval for Advertising RA Messages..................................................................................62
3.4.5 Configuring the Address Prefixes to Be Advertised...............................................................................62
3.4.6 Configuring Other Information to Be Advertised...................................................................................63
3.4.7 Configuring the Default Router Priority and Route Information............................................................64
3.4.8 Checking the Configuration.....................................................................................................................65
3.5 Configuring IPv4/IPv6 Dual Stacks.................................................................................................................66
3.5.1 Establishing the Configuration Task.......................................................................................................66
3.5.2 Enabling IPv6 Packet Forwarding...........................................................................................................67
3.5.3 Configuring IPv4 and IPv6 Addresses for the Interface..........................................................................68
3.5.4 Checking the Configuration.....................................................................................................................69
3.6 Configuring PMTU...........................................................................................................................................69
3.6.1 Establishing the Configuration Task.......................................................................................................69
3.6.2 Creating Static PMTU Entries.................................................................................................................70
3.6.3 Configuring PMTU Aging Time.............................................................................................................70
3.6.4 Checking the Configuration.....................................................................................................................71
3.7 Configuring TCP6............................................................................................................................................72
3.7.1 Establishing the Configuration Task.......................................................................................................72
3.7.2 Configuring TCP6 Timers.......................................................................................................................72
3.7.3 Configuring the Size of the TCP6 Sliding Window................................................................................73
3.7.4 Checking the Configuration.....................................................................................................................73
3.8 Maintaining IPv6..............................................................................................................................................75
3.8.1 Resetting IPv6..........................................................................................................................................75
3.9 Configuration Examples...................................................................................................................................76
3.9.1 Example for Configuring an IPv6 Address for an Interface....................................................................76
3.9.2 Example for Configuring IPv6 Neighbor Discovery...............................................................................78

4 DNS Configuration.....................................................................................................................82
4.1 DNS Overview.................................................................................................................................................83
4.2 DNS Features Supported by the AR150/200....................................................................................................83
4.3 Configuring a DNS Client................................................................................................................................84
4.3.1 Establishing the Configuration Task.......................................................................................................84
4.3.2 Configuring Static DNS...........................................................................................................................85
4.3.3 Configuring Dynamic DNS.....................................................................................................................85
4.3.4 Checking the Configuration.....................................................................................................................86
4.4 Configuring DNS Proxy or Relay....................................................................................................................87
4.4.1 Establishing the Configuration Task.......................................................................................................87
4.4.2 Configuring a DNS Server......................................................................................................................88
4.4.3 (Optional) Configuring DNS Spoofing...................................................................................................88
4.4.4 (Optional) Setting the Aging Time of DNS Entries................................................................................89

Issue 02 (2012-03-30) Huawei Proprietary and Confidential vii


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service Contents

4.4.5 Checking the Configuration.....................................................................................................................90


4.5 Configuring a DDNS Client.............................................................................................................................90
4.5.1 Establishing the Configuration Task.......................................................................................................90
4.5.2 Creating a DDNS Policy..........................................................................................................................91
4.5.3 Configuring a DDNS Policy....................................................................................................................91
4.5.4 Binding a DDNS Policy to an Interface..................................................................................................92
4.5.5 Checking the Configuration.....................................................................................................................93
4.6 Maintaining DNS..............................................................................................................................................93
4.6.1 Deleting Dynamic DNS Entries of DNS Clients.....................................................................................93
4.6.2 Deleting DNS Entries of the DNS Proxy or Relay..................................................................................94
4.6.3 Manually Updating a DDNS Policy........................................................................................................94
4.7 Configuration Examples...................................................................................................................................94
4.7.1 Example for Configuring a DNS Client..................................................................................................94
4.7.2 Example for Configuring DNS Proxy.....................................................................................................98
4.7.3 Example for Configuring a DDNS Client.............................................................................................100

5 NAT Configuration...................................................................................................................104
5.1 NAT Overview...............................................................................................................................................105
5.2 NAT Features Supported by the AR150/200.................................................................................................106
5.3 Configuring NAT...........................................................................................................................................109
5.3.1 Establishing the Configuration Task.....................................................................................................109
5.3.2 Configuring an Address Pool................................................................................................................110
5.3.3 Associating an ACL with an Address Pool...........................................................................................111
5.3.4 Configuring Easy IP..............................................................................................................................111
5.3.5 Configuring an Internal Server..............................................................................................................112
5.3.6 Configuring Static NAT........................................................................................................................112
5.3.7 Enabling NAT ALG..............................................................................................................................113
5.3.8 Configuring NAT Filtering....................................................................................................................113
5.3.9 Configuring NAT Mapping...................................................................................................................114
5.3.10 Configuring DNS Mapping.................................................................................................................115
5.3.11 Configuring Twice NAT.....................................................................................................................115
5.3.12 Checking the Configuration.................................................................................................................116
5.4 Configuration Examples.................................................................................................................................117
5.4.1 Example for Configuring the NAT Server............................................................................................117
5.4.2 Example for Configuring Outbound NAT.............................................................................................119
5.4.3 Example for Configuring Twice NAT...................................................................................................122

6 DHCP Configuration................................................................................................................125
6.1 DHCP Overview.............................................................................................................................................127
6.2 DHCP Features Supported by the AR150/200...............................................................................................127
6.3 Configuring a DHCP Server Based on a Global Address Pool......................................................................128
6.3.1 Establishing the Configuration Task.....................................................................................................128
6.3.2 Configuring an Interface to Select a Global Address Pool for IP Address Allocation..........................130
6.3.3 Configuring Global Address Pool Attributes........................................................................................130

Issue 02 (2012-03-30) Huawei Proprietary and Confidential viii


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service Contents

6.3.4 (Optional) Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client
........................................................................................................................................................................132
6.3.5 (Optional) Configuring the Static DNS Service on a DHCP Client......................................................133
6.3.6 (Optional) Configuring the Static NetBIOS Service on a DHCP Client...............................................133
6.3.7 (Optional) Configuring User-Defined DHCP Options of the Global Address Pool.............................134
6.3.8 (Optional) Configuring the Function That Prevents Identical IP Addresses.........................................135
6.3.9 Checking the Configuration...................................................................................................................136
6.4 Configuring a DHCP Server Based on an Interface Address Pool.................................................................137
6.4.1 Establishing the Configuration Task.....................................................................................................137
6.4.2 Configuring Interface Address Pool Attributes.....................................................................................138
6.4.3 (Optional) Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client
........................................................................................................................................................................139
6.4.4 (Optional) Configuring the Static DNS Service on a DHCP Client......................................................140
6.4.5 (Optional) Configuring the Static NetBIOS Service on a DHCP Client...............................................141
6.4.6 (Optional) Configuring User-Defined DHCP Options of the Interface Address Pool..........................142
6.4.7 (Optional) Configuring the Function That Prevents Identical IP Addresses.........................................143
6.4.8 Checking the Configuration...................................................................................................................143
6.5 Configuring a DHCP Relay Agent.................................................................................................................144
6.5.1 Establishing the Configuration Task.....................................................................................................144
6.5.2 Configuring an Interface to Function as a DHCP Relay Agent.............................................................146
6.5.3 Specifying a Server Group on the DHCP Relay Agent.........................................................................147
6.5.4 Binding a DHCP Server Group to a DHCP Relay Interface.................................................................147
6.5.5 (Optional) Configuring the DHCP Relay Agent to Instruct the DHCP Server to Reclaim the Client IP
address............................................................................................................................................................148
6.5.6 Checking the Configuration...................................................................................................................148
6.6 Configuring a DHCP/BOOTP Client.............................................................................................................149
6.6.1 Establishing the Configuration Task.....................................................................................................149
6.6.2 (Optional) Configuring the DHCP/BOOTP Client Attributes..............................................................150
6.6.3 Enabling the DHCP/BOOTP Client......................................................................................................151
6.6.4 Checking the Configuration...................................................................................................................152
6.7 Configuring the DHCP Rate Limit Function..................................................................................................153
6.8 Maintaining DHCP.........................................................................................................................................156
6.8.1 Clearing DHCP Statistics......................................................................................................................156
6.8.2 Monitoring the Operating Status of DHCP...........................................................................................156
6.9 Configuration Examples.................................................................................................................................157
6.9.1 Example for Configuring a DHCP Server Based on a Global Address Pool in the Scenario Where DHCP
Clients and the DHCP Server Are on the Same Network Segment...............................................................157
6.9.2 Example for Configuring a DHCP Server Based on an Interface Address Pool in the Scenario Where
DHCP Clients and the Server Are on the Same Network Segment...............................................................160
6.9.3 Example for Configuring a DHCP Server and a DHCP Relay Agent When the DHCP Server and Clients
Are on Different Network Segments..............................................................................................................164
6.9.4 Example for Configuring the DHCP and BOOTP Clients....................................................................167
6.9.5 Example for Configuring DHCP Rate Limit.........................................................................................172

7 IP Performance Configuration................................................................................................174

Issue 02 (2012-03-30) Huawei Proprietary and Confidential ix


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service Contents

7.1 IP Performance Overview..............................................................................................................................175


7.2 IP Performance Features Supported by the AR150/200.................................................................................175
7.3 Optimizing IP Performance............................................................................................................................175
7.3.1 Establishing the Configuration Task.....................................................................................................175
7.3.2 Checking Validity of Source IP Addresses of Received Packets..........................................................176
7.3.3 Controlling IP packets with Source Route Options...............................................................................176
7.3.4 Configuring an Interface to Forward Broadcast Packets.......................................................................177
7.3.5 Configuring an Outbound Interface to Fragment IP Packets.................................................................177
7.3.6 Configuring an Interface to Send ICMP Redirection Packets...............................................................178
7.3.7 Setting the Mode in Which Protocol Packets Are Sent.........................................................................178
7.3.8 Checking the Configuration...................................................................................................................179
7.4 Configuring Load Balancing for IP Packet Forwarding.................................................................................181
7.4.1 Establishing the Configuration Task.....................................................................................................181
7.4.2 Configuring the Unequal-Cost Multiple Path During IP Packet Forwarding.......................................182
7.4.3 Checking the Configuration...................................................................................................................183
7.5 Configuring TCP Attributes...........................................................................................................................184
7.5.1 Establishing the Configuration Task.....................................................................................................184
7.5.2 Setting Values of TCP Timers...............................................................................................................184
7.5.3 Setting the Aging Time of the PMTU...................................................................................................185
7.5.4 Setting the Size of the TCP Sliding Window........................................................................................185
7.5.5 Setting the MSS of TCP Packets on an Interface..................................................................................186
7.5.6 Checking the Configuration...................................................................................................................186
7.6 Maintaining IP Performance...........................................................................................................................187
7.6.1 Clearing IP Performance Statistics........................................................................................................187
7.6.2 Monitoring the IP Running Status.........................................................................................................188
7.7 Configuration Examples.................................................................................................................................189
7.7.1 Example for Disabling the Sending of ICMP Redirection Packets.......................................................189

8 IP Unicast PBR Configuration................................................................................................192


8.1 PBR Overview................................................................................................................................................193
8.2 PBR Supported by the AR150/200.................................................................................................................193
8.3 Configuring IP Policy-based Routing.............................................................................................................193
8.3.1 Establishing the Configuration Task.....................................................................................................193
8.3.2 Defining the Matching Rule of PBR.....................................................................................................194
8.3.3 Defining Actions of PBR.......................................................................................................................195
8.3.4 Applying PBR........................................................................................................................................197
8.3.5 Checking the Configuration...................................................................................................................197
8.4 Configuration Examples.................................................................................................................................198
8.4.1 Example for Configuring IP Unicast PBR............................................................................................198

9 UDP Helper Configuration......................................................................................................202


9.1 UDP Helper Overview....................................................................................................................................203
9.2 UDP Helper Features Supported by the AR150/200......................................................................................203
9.3 Configuring UDP Helper................................................................................................................................204

Issue 02 (2012-03-30) Huawei Proprietary and Confidential x


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service Contents

9.3.1 Establishing the Configuration Task.....................................................................................................204


9.3.2 Enabling UDP Helper............................................................................................................................204
9.3.3 (Optional) Configuring a UDP Port for Packets to Be Relayed............................................................205
9.3.4 Configuring a Destination Server..........................................................................................................205
9.3.5 Checking the Configuration...................................................................................................................206
9.4 Maintaining UDP Helper................................................................................................................................207
9.4.1 Clearing the UDP Helper Statistics.......................................................................................................207
9.5 Configuration Examples.................................................................................................................................207
9.5.1 Example for Configuring UDP Helper..................................................................................................207

Issue 02 (2012-03-30) Huawei Proprietary and Confidential xi


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1 ARP Configuration

About This Chapter

ARP can map an IP address to a MAC address and implements transmission of Ethernet frames.
1.1 ARP Overview
ARP dynamically maps Layer 3 IP addresses to Layer 2 MAC addresses. An Ethernet device
must support ARP.
1.2 ARP Features Supported by the AR150/200
This section describes ARP Features supported by the AR150/200.
1.3 Configuring Static ARP
Static ARP entries record fixed mappings between IP addresses and MAC addresses. They are
configured manually by network administrators.
1.4 Optimizing Dynamic ARP
If dynamic ARP is configured, the system resolves an IP address into an Ethernet MAC address.
Dynamic ARP entries are maintained dynamically by the ARP protocol. You can adjust
parameters of dynamic ARP entries such as the number of ARP probes and the aging time of
dynamic ARP entries to optimize forwarding performance of the AR150/200.
1.5 Configuring Routed Proxy ARP
Routed proxy ARP implements communication between devices on the same network segment
but on different physical networks.
1.6 Configuring Intra-VLAN Proxy ARP
Intra-VLAN proxy ARP enables hosts that are isolated at Layer 2 in a VLAN to communicate
with each other.
1.7 Configuring Inter-VLAN Proxy ARP
Inter-VLAN proxy ARP enables hosts in different sub-VLANs of a super-VLAN to
communicate with each other.
1.8 Configuring ARP-Ping IP
ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets.
1.9 Configuring ARP-Ping MAC
ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending Internet Control
Management Protocol (ICMP) packets.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 1


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1.10 Maintaining ARP


This section describes how to maintain ARP.
1.11 Configuration Examples

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 2


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1.1 ARP Overview


ARP dynamically maps Layer 3 IP addresses to Layer 2 MAC addresses. An Ethernet device
must support ARP.

On a LAN, a host or a network device must know the IP address of another host or network
device to send data to it. In addition, the physical address of the destination device must also be
known because IP packets are encapsulated in frames for transmission across a physical network.
Therefore, the mapping from an IP address to a physical address is required. ARP maps IP
addresses to physical addresses.

1.2 ARP Features Supported by the AR150/200


This section describes ARP Features supported by the AR150/200.

The AR150/200 supports dynamic ARP, static ARP, proxy ARP, and ARPing.

ARP
ARP is classified into the following types:
l Static ARP: Mappings between IP addresses and MAC addresses are configured manually.
l Dynamic ARP: Dynamic ARP entries are maintained by the ARP protocol.

Proxy ARP
The AR150/200 supports the following types of proxy ARP:
l Routed proxy ARP
Routed proxy ARP implements communication between devices on the same network
segment but on different physical networks.
If a device connected to the AR150/200 is not configured with a default gateway address
(that is, the device does not know how to reach the intermediate system of the network),
the device cannot forward data packets.
Routed proxy ARP solves this problem. A device sends an ARP Request packet to request
the MAC address of the destination host. After receiving the packet, the AR150/200 enabled
with proxy ARP replies with its own MAC address. The AR150/200 then functions as the
gateway to route packets to the actual destination.
Proxy ARP can also shield topologies of physical networks so that internal hosts of Ethernet
A and Ethernet B on different physical networks but on the same network segment can
communicate.
l Intra-VLAN proxy ARP
If two users belong to the same VLAN but port isolation is configured in the VLAN, to
enable the two users to communicate, you must enable intra-VLAN proxy ARP on an
interface associated with the VLAN.
If an interface on the AR150/200 is enabled with intra-VLAN proxy ARP, it does not
discard the ARP request packet that is destined for another interface. Instead, it searches
for the corresponding ARP entry of the interface. If the ARP entry is found, the interface
sends the MAC address of the AR150/200 to the sender of the ARP request.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 3


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Proxy ARP within a VLAN implements the interworking between isolated users in the
same VLAN.
l Inter-VLAN proxy ARP
If two users belong to different VLANs, to implement communication between the two
users, you must enable inter-VLAN proxy ARP on an interface associated with the VLANs.
If an interface on the AR150/200 is enabled with inter-VLAN proxy ARP, it does not
discard the ARP request packet that is destined for another interface. Instead, it searches
for the corresponding ARP entry of the interface. If the ARP entry is found, the interface
sends the MAC address of the AR150/200 to the sender of the ARP request.
Inter-VLAN proxy ARP implements the following functions:
– Layer 3 communication between users in different VLANs
– Communication between users in sub-VLANs (you must enable inter-VLAN proxy
ARP on the VLANIF interface corresponding to the super-VLAN)

ARPing
ARPing is classified into ARP-Ping IP and ARP-Ping MAC. ARPing facilitates maintenance of
deployed Layer 2 features.

ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets.

ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending Internet Control
Management Protocol (ICMP) packets.

1.3 Configuring Static ARP


Static ARP entries record fixed mappings between IP addresses and MAC addresses. They are
configured manually by network administrators.

1.3.1 Establishing the Configuration Task


Before configuring static ARP, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the data required for the configuration. This will help
you complete the configuration task quickly and accurately.

Applicable Environment
Static ARP entries ensure communication between the local device and another specified device.
They use the specified MAC address to keep attackers from modifying mappings between IP
addresses and MAC addresses in static ARP entries.

When static ARP and the Virtual Router Redundancy Protocol (VRRP) are configured on the
router, the IP address in a static ARP entry cannot be set to the VRRP virtual IP address on a
sub-interface for dot1q VLAN tag termination, a sub-interface for VLAN tag termination, or a
VLANIF interface. Otherwise, an incorrect host route is generated, causing forwarding errors.

Pre-configuration Tasks
Before configuring static ARP, complete the following tasks:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 4


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up
l Setting network layer protocol parameters for the interfaces to ensure that the routing
protocol status on the interfaces is Up

Data Preparation
To configure static ARP, you need the following data.

No. Data

1 IP address and MAC address in a static ARP entry

2 Name of the VPN instance and ID of the VLAN that a static ARP entry
belongs to

3 Outbound interface of ARP packets

1.3.2 Configuring a Static ARP Entry


Static ARP entries are valid as long as the AR150/200 works properly.

Context
NOTE

To configure static ARP entries for double-tagged packets, run the arp static cevid command.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
arp static ip-address mac-address

A static ARP entry is configured.

----End

1.3.3 Configuring a Static ARP Entry in a VLAN


This section describes how to configure a static ARP entry in a VLAN.

Context
NOTE

To configure static ARP entries for double-tagged packets, run the arp static cevid command.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 5


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
arp static ip-address mac-address vid vlan-id interface interface-type interface-
number

A static ARP entry is configured in a VLAN.


When configuring a static ARP entry in a VLAN, you must specify the outbound interface so
that the packets are sent out from the specified outbound interface.

----End

1.3.4 Configuring a Static ARP Entry in a VPN Instance


To implement Layer 2 communication between devices in a VPN instance, you can configure
static ARP entries in the VPN instance.

Context
NOTE

To configure static ARP entries for double-tagged packets, run the arp static cevid command.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
arp static ip-address mac-address vpn-instance vpn-instance-name

A static ARP entry is configured for a VPN instance.

----End

1.3.5 Checking the Configuration

Procedure
l Run the display arp [ all ] command to check all ARP entries, including static ARP entries
and dynamic ARP entries.
l Run the display arp network net-number net-mask [ dynamic | static ] command to check
ARP entries on the specified network segment.
l Run the display arp static command to check static ARP entries.
l Run the display arp statistics { all | interface interface-type interface-number } command
to check statistics on ARP entries on the AR150/200 or the specified interface.
----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 6


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Example
# Display all the static ARP entries.
<Huawei> display arp static
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
1.1.1.1 0efc-0505-86e3 S--
10/-
129.102.0.1 0e00-fc01-0000 S--
11.0.0.1 aa00-fcc0-1200 S--
3/-
------------------------------------------------------------------------------
Total:3 Dynamic:0 Static:3 Interface:0

# Display all the ARP entries.


<Huawei> display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
129.102.0.1 00e0-fc01-0000 S--
118.118.118.1 0018-2000-0083 I - Vlanif11 vpna
10.1.1.1 0018-2000-0083 I - Vlanif10
100.1.1.116 0018-2000-0083 I - Eth
100.1.1.118 0001-0c01-3401 14 D-0 Eth
100.1.1.4 0016-ecb7-a879 18 D-0 Eth
------------------------------------------------------------------------------
Total:6 Dynamic:2 Static:1 Interface:3

1.4 Optimizing Dynamic ARP


If dynamic ARP is configured, the system resolves an IP address into an Ethernet MAC address.
Dynamic ARP entries are maintained dynamically by the ARP protocol. You can adjust
parameters of dynamic ARP entries such as the number of ARP probes and the aging time of
dynamic ARP entries to optimize forwarding performance of the AR150/200.

1.4.1 Establishing the Configuration Task


Before optimizing Dynamic ARP, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
Dynamic ARP entries are maintained dynamically by the ARP protocol. They can be aged out,
updated, or overridden by static ARP entries. When the aging time is reached or the interface is
Down, corresponding dynamic ARP entries are deleted.

The AR150/200 can dynamically create dynamic ARP entries. You can adjust parameters of
dynamic ARP entries to optimize forwarding performance of the AR150/200.

Pre-configuration Tasks
Before optimizing Dynamic ARP, complete the following tasks:

l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 7


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up
l Configuring the network layer protocol on the interfaces

Data Preparation
To optimize Dynamic ARP, you need the following data.

No. Data

1 Number of the interface where dynamic ARP entries are created

2 Maximum number of ARP probes

3 Aging time of dynamic ARP entries

1.4.2 Adjusting Parameters of Dynamic ARP Entries


When the AR150/200 frequently updates ARP entries, you can shorten the aging time of dynamic
ARP entries and the interval for ARP probes and increase the number of ARP probes.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


On the AR150/200, you can adjust the parameters of parameters of dynamic ARP entries on
Ethernet interfaces, Eth-Trunk interfaces, VLANIF interfaces, and VE interfaces.
Step 3 Run:
arp expire-time expire-time

The aging time of dynamic ARP entries is set.


By default, the aging time is 1200s.
Step 4 Run:
arp detect-times detect-times

The number of ARP probes is set.


By default, the maximum number of ARP probes is 3. When the aging time of a dynamic ARP
entry is reached, the AR150/200 sends an ARP probe packet to the peer device periodically. If
the AR150/200 does not receive an ARP Reply packet from the peer device after the specified
number of ARP probes, it deletes the ARP entry.
Step 5 (Optional) Run:
arp detect-mode unicast

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 8


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

An interface is configured to send ARP probe packets in unicast mode.

By default, an interface broadcasts ARP probe packets.

----End

1.4.3 Enabling ARP Suppression


If the system receives a great number of ARP packets from the same source at a time, it has to
update ARP entries repeatedly, causing performance deterioration. To ensure system
performance, you can enable ARP suppression. The system then only responds to the ARP
packets but does not update ARP entries.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
arp-suppress enable

ARP suppression is enabled.

By default, ARP suppression is disabled in the system but is enabled on VLANIF interfaces.

After ARP suppression is enabled, it takes effect for only Eth-Trunk interfaces and VLANIF
interfaces.

----End

1.4.4 Enabling Layer 2 Topology Detection


Layer 2 topology detection enables the system to update all the ARP entries in the VLAN that
a Layer 2 interface belongs to when the Layer 2 interface status changes from Down to Up.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
l2-topology detect enable

Layer 2 topology detection is enabled.

By default, Layer 2 topology detection is disabled.

----End

1.4.5 Checking the Configuration


You can view the dynamic ARP configuration.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 9


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Procedure
l Run the display arp [ all ] command to check all ARP entries, including static ARP entries
and dynamic ARP entries.
l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlan-
id ] ] command to check ARP entries on the specified interface.
l Run the display arp network net-number net-mask [ dynamic | static ] command to check
ARP entries on the specified network segment.
l Run the display arp dynamic command to check dynamic ARP entries.
l Run the display arp statistics { all | interface interface-type interface-number } command
to check statistics on ARP entries on the AR150/200 or the specified interface.
----End

Example
# Run the display arp interface command, and you can view ARP entries on Eth1/0/0.
<Huawei> display arp interface ethernet 1/0/0
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
192.168.1.11 0000-0a41-0201 I - Eth1/0/0 r1
192.168.1.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1

# Display all the dynamic ARP entries.


<Huawei> display arp dynamic
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.137.217.210 00e0-fc01-0203 I - Eth1/0/0
10.137.216.1 0025-9e38-a09e 20 D-0 Eth1/0/0
10.137.217.208 00e0-fc01-0205 16 D-0 Eth1/0/0
10.2.2.1 00e0-fc99-9999 I - Eth-Trunk0
10.6.3.34 00e0-fc01-0204 I - Eth2/0/0.1
192.168.20.1 00e0-fc99-9999 I - Vlanif100
10.0.0.1 00e0-fc99-9999 I - Vlanif200
------------------------------------------------------------------------------
Total:7 Dynamic:2 Static:0 Interface:5

1.5 Configuring Routed Proxy ARP


Routed proxy ARP implements communication between devices on the same network segment
but on different physical networks.

1.5.1 Establishing the Configuration Task


Before configuring routed proxy ARP, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 10


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Applicable Environment
If two hosts on different network segments are not configured with the default gateways, you
can enable routed proxy ARP to on a routing device connecting the two hosts to resolve IP
addresses between the two hosts.

Pre-configuration Tasks
Before configuring routed proxy ARP, complete the following tasks:
l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up

Data Preparation
To configure routed proxy ARP, you need the following data.

No. Data

1 Number of the interface where routed proxy ARP is to be enabled

2 IP address of the interface where routed proxy ARP is to be enabled

1.5.2 Configuring an IP Addresses for an Interface


The IP address of the interface enabled with routed proxy ARP must be on the same network
segment as the IP address of the connected host on a LAN.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number [.subinterface-number ]

The interface view is displayed.


Routed proxy ARP can be enabled on Ethernet interfaces, Ethernet sub-interfaces, VE interfaces,
Eth-Trunk interfaces, Eth-Trunk sub-interfaces, and VLANIF interfaces. The preceding
interfaces and sub-interfaces are Layer 3 interfaces and sub-interfaces.
Step 3 Run:
ip address ip-address { mask | mask-length }

An IP address is configured for the interface.


The IP address of the interface enabled with routed proxy ARP must be on the same network
segment as the IP address of the connected host on a LAN.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 11


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1.5.3 Configuring Routed Proxy ARP


Routed proxy ARP implements communication between devices on different subnets.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Routed proxy ARP can be enabled on Ethernet interfaces, Ethernet sub-interfaces, VE interfaces,
Eth-Trunk interfaces, Eth-Trunk sub-interfaces, and VLANIF interfaces. The preceding
interfaces and sub-interfaces are Layer 3 interfaces and sub-interfaces.

Step 3 Run:
arp-proxy enable

Routed proxy ARP is enabled on the interface.

By default, routed proxy ARP is disabled on an interface.

----End

1.5.4 Checking the Configuration


After configuring routed proxy ARP, you can view the configuration.

Procedure
l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlan-
id ] ] command to check ARP entries on the specified interface.
l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to
check ARP entries in the specified VPN instance.
l Run the display arp dynamic command to check dynamic ARP entries.
l Run the display arp statistics { all | interface interface-type interface-number } command
to check statistics on ARP entries on the AR150/200 or the specified interface.

----End

Example
# Run the display arp interface command, and you can view ARP entries on Eth1/0/0.
<Huawei> display arp interface ethernet 1/0/0
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
192.168.1.11 0000-0a41-0201 I - Eth1/0/0 r1
192.168.1.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 12


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

# Run the display arp vpn-instance command, and you can view all the ARP entries in the
VPN instance r1.
<Huawei> display arp vpn-instance r1
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.10.20.9 0018-2000-0083 I - Vlanif888
10.10.10.6 0018-2000-0083 I - Vlanif833
------------------------------------------------------------------------------
Total:2 Dynamic:0 Static:0 Interface:2

# Run the display arp statistics command, and you can view the statistics on ARP entries.
<Huawei> display arp statistics all
Dynamic:1 Static:0

1.6 Configuring Intra-VLAN Proxy ARP


Intra-VLAN proxy ARP enables hosts that are isolated at Layer 2 in a VLAN to communicate
with each other.

1.6.1 Establishing the Configuration Task


Before configuring intra-VLAN proxy ARP, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This will help
you complete the configuration task quickly and accurately.

Applicable Environment
If two users are connected to Layer 2 isolated interfaces in the same VLAN, you can enable
intra-VLAN proxy ARP to implement Layer 3 communication between the two users.

Pre-configuration Tasks
Before configuring intra-VLAN proxy ARP, complete the following tasks:

l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Configuring a VLAN
l Configuring port isolation in a VLAN

Data Preparation
To configure intra-VLAN proxy ARP, you need the following data.

No. Data

1 Number of the interface where intra-VLAN proxy ARP is to be enabled

2 IP address of the interface where intra-VLAN proxy ARP is to be enabled

3 VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 13


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1.6.2 Configuring an IP Address for an Interface


The IP address of the interface must be on the same network segment as the IP addresses in the
associated VLAN.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface { ethernet | eth-trunk } interface-number.sub-interface-number

The sub-interface view is displayed.


Or, run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Intra-VLAN proxy ARP can be enabled on VLANIF interfaces, Ethernet sub-interfaces, and
Eth-Trunk sub-interfaces.
Step 3 Run:
ip address ip-address { mask | mask-length }

An IP address is configured for the interface.


The IP address of the interface must be on the same network segment as the IP addresses in the
associated VLAN.

----End

1.6.3 (Optional) Configuring the VLAN ID of a Sub-interface


This section describes how to configure the VLAN ID of a sub-interface.

Context
NOTE

You must complete this task before you enable intra-VLAN proxy ARP on Ethernet sub-interfaces, or Eth-
Trunk sub-interfaces. You can skip step when you are enabling intra-VLAN proxy ARP on the VLANIF
interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface { ethernet | eth-trunk } interface-number.sub-interface-number

The sub-interface view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 14


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Step 3 Run:
control-vid vid dot1q-termination

The control VLAN and encapsulation mode of the sub-interface are configured.
Step 4 Run:
dot1q termination vid vid

The single VLAN ID for dot1q encapsulation on a sub-interface is configured.

----End

1.6.4 Enabling Intra-VLAN Proxy ARP


Intra-VLAN proxy ARP implements Layer 3 communication between isolated users in a VLAN.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface { ethernet | eth-trunk } interface-number.sub-interface-number

The sub-interface view is displayed.


Or, run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Step 3 Run:
arp-proxy inner-sub-vlan-proxy enable

Intra-VLAN proxy ARP is enabled.


By default, intra-VLAN proxy ARP is disabled.

----End

1.6.5 Checking the Configuration


After configuring intra-VLAN proxy ARP, you can view the intra-VLAN proxy ARP
configuration.

Procedure
l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlan-
id ] ] command to check ARP entries on the specified interface.
l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to
check ARP entries in the specified VPN instance.
l Run the display arp dynamic command to check dynamic ARP entries.
l Run the display arp statistics { all | interface interface-type interface-number } command
to check statistics on ARP entries on the AR150/200 or the specified interface.
----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 15


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Example
# Run the display arp interface command, and you can view ARP entries on Eth1/0/0.
<Huawei> display arp interface ethernet 1/0/0
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
192.168.1.11 0000-0a41-0201 I - Eth1/0/0 r1
192.168.1.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1

# Run the display arp vpn-instance command, and you can view all the ARP entries in the
VPN instance r1.
<Huawei> display arp vpn-instance r1
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.10.20.9 0018-2000-0083 I - Vlanif888
10.10.10.6 0018-2000-0083 I - Vlanif833
------------------------------------------------------------------------------
Total:2 Dynamic:0 Static:0 Interface:2

# Run the display arp statistics command, and you can view the statistics on ARP entries.
<Huawei> display arp statistics all
Dynamic:1 Static:0

1.7 Configuring Inter-VLAN Proxy ARP


Inter-VLAN proxy ARP enables hosts in different sub-VLANs of a super-VLAN to
communicate with each other.

1.7.1 Establishing the Configuration Task


Before configuring inter-VLAN proxy ARP, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the data required for the
configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
The VLAN aggregation technology isolates broadcast domain by using multiple VLANs on a
physical network so that different VLANs belong to the same subnet. This technology introduces
the super-VLAN and sub-VLAN. A super-VLAN contains one or more sub-VLANs in different
broadcast domains. A sub-VLAN does not occupy an independent subnet segment. In a super-
VLAN, IP addresses of hosts in different sub-VLANs are on the subnet segment corresponding
to the super-VLAN.

Sub-VLANs use the same Layer 3 interface to communicate. This reduces subnet IDs and subnet
default gateway addresses. The VLAN aggregation function allows different broadcast domains
to use the same subnet address, implements flexible addressing, and saves IP addresses.

Hosts in different sub-VLANs of a super-VLAN cannot communicate with each other. To enable
these hosts to communicate with each other, you can enable inter-VLAN proxy ARP on the sub-
interface or VLANIF interface corresponding to the super-VLAN.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 16


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Pre-configuration Tasks
Before configuring inter-VLAN proxy ARP, complete the following tasks:
l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Configuring VLAN aggregation

Data Preparation
To configure inter-VLAN proxy ARP, you need the following data.

No. Data

1 Number of the interface where inter-VLAN proxy ARP is to be enabled

2 IP address of the interface where inter-VLAN proxy ARP is to be enabled

3 VLAN ID associated with the interface to be enabled with proxy ARP between
VLANs

1.7.2 Configuring an IP Addresses for an Interface


The IP address of the interface must be on the same network segment as the IP address of the
user in a VLAN that the interface belongs to.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface { ethernet | eth-trunk } interface-number.sub-interface-number

The sub-interface view is displayed.


Or, run:
interface vlanif vlan-id

The VLANIF interface view is displayed.


Inter-VLAN proxy ARP can be enabled on VLANIF interfaces, Ethernet sub-interfaces, and
Eth-Trunk sub-interfaces.
Step 3 Run:
ip address ip-address { mask | mask-length }

An IP address is configured for the interface.


The IP address of the interface must be on the same network segment as the IP address of the
user in a VLAN that the interface belongs to.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 17


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1.7.3 (Optional) Configuring the VLAN ID of the Sub-interface


This section describes how to configure the VLAN ID of the sub-interface.

Context
NOTE

You must complete this task before you enable inter-VLAN proxy ARP on Ethernet sub-interfaces, or Eth-
Trunk sub-interfaces. You can skip this task if you are enabling inter-VLAN proxy ARP on the VLANIF
interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface { ethernet | eth-trunk } interface-number.sub-interface-number

The sub-interface view is displayed.

Step 3 Run:
control-vid vid dot1q-termination

The control VLAN and encapsulation mode of the sub-interface are configured.

Step 4 Run:
dot1q termination vid vid

The single VLAN ID for dot1q encapsulation on a sub-interface is configured.

----End

1.7.4 Enabling Inter-VLAN Proxy ARP


To implement communication between users in different sub-VLANs, enable inter-VLAN proxy
ARP on the sub-interface corresponding to the super-VLAN.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface { ethernet | eth-trunk } interface-number.sub-interface-number

The sub-interface view is displayed.

Or, run:
interface vlanif vlan-id

The VLANIF interface view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 18


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable

Inter-VLAN proxy ARP is enabled.


By default, inter-VLAN proxy ARP is disabled.

----End

1.7.5 Checking the Configuration


After configuring inter-VLAN proxy ARP, you can view the inter-VLAN proxy ARP
configuration.

Procedure
l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlan-
id ] ] command to check ARP entries on the specified interface.
l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to
check ARP entries in the specified VPN instance.
l Run the display arp dynamic command to check dynamic ARP entries.
l Run the display arp statistics { all | interface interface-type interface-number } command
to check statistics on ARP entries on the AR150/200 or the specified interface.
----End

Example
# Run the display arp interface command, and you can view ARP entries on Eth1/0/0.
<Huawei> display arp interface ethernet 1/0/0
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
192.168.1.11 0000-0a41-0201 I - Eth1/0/0 r1
192.168.1.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1

# Run the display arp vpn-instance command, and you can view all the ARP entries in the
VPN instance r1.
<Huawei> display arp vpn-instance r1
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.10.20.9 0018-2000-0083 I - Vlanif888
10.10.10.6 0018-2000-0083 I - Vlanif833
------------------------------------------------------------------------------
Total:2 Dynamic:0 Static:0 Interface:2

# Run the display arp statistics command, and you can view the statistics on ARP entries.
<Huawei> display arp statistics all
Dynamic:1 Static:0

1.8 Configuring ARP-Ping IP


ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 19


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1.8.1 Establishing the Configuration Task


Before configuring ARP-Ping IP, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets.
Before configuring an IP address for a device, ensure that this IP address is not in use by sending
ARP packets. You can configure ARP-Ping IP on the device.

Pre-configuration Tasks
Before configuring ARP-Ping IP, complete the following task:
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up

Data Preparation
To configure ARP-Ping IP, you need the following data.

No. Data

1 IP address to be checked

1.8.2 Checking an IP Address by Using ARP-Ping IP


ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP Request packets.

Context
ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets. You
can also use the ping command to check whether an IP address is in use, but the result of this
method may be inaccurate. The ping command uses Layer 3 packets as ICMP Echo Request
packets. If the destination host or the routing device enabled with the firewall function is
configured not to respond to the ICMP Echo Request packets, the destination host or the routing
device does not send ICMP Reply packets. Consequently, the IP address is considered unused.
ARP packets, which are Layer 2 protocol packets, can pass through the firewall that is configured
not to reply to ICMP Echo Request packets; therefore, the result of ARP-Ping IP is accurate.

Procedure
Step 1 Run:
arp-ping ip ip-address [ interface interface-type interface-number [ vlan-id vlan-
id ] ]

The AR150/200 is configured to check whether the IP address is in use on a LAN.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 20


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Example
l If the following information is displayed, the IP address is not used.
[Huawei] arp-ping ip 110.1.1.2
ARP-Pinging
110.1.1.2:

Error: Request timed


out.
Error: Request timed
out.
Error: Request timed
out.
Info: The IP address is not used by anyone!

l If the following information is displayed, the IP address is used.


[Huawei] arp-ping ip 128.1.1.1
ARP-Pinging 128.1.1.1:

128.1.1.1 is used by 00e0-517d-f202

1.9 Configuring ARP-Ping MAC


ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending Internet Control
Management Protocol (ICMP) packets.

1.9.1 Establishing the Configuration Task


Before configuring ARP-Ping MAC, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
If you know the specific MAC address but not the corresponding IP address on a network
segment, you can obtain the corresponding IP address by using ARP-Ping MAC to broadcast
ICMP packets. In this way, you can obtain the IP address mapping the MAC address on the
network segment.

Pre-configuration Tasks
Before configuring ARP-Ping MAC, complete the following task:

l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up

Data Preparation
To configure ARP-Ping MAC, you need the following data.

No. Data

1 MAC address to be checked

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 21


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

1.9.2 Checking a MAC Address by Using ARP-Ping MAC


ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending ICMP packets.

Procedure
Step 1 Run:
arp-ping mac mac-address { ip-address [ vpn-instance vpn-instance-name ] |
interface interface-type interface-number }

The AR150/200 is configured to check whether the MAC address is in use on a LAN.

----End

Example
l If the following information is displayed, the MAC address is not used.
<Huawei> arp-ping mac 0013-46e7-2ef5 interface Eth-Trunk 0
OutInterface: Eth-Trunk0 MAC[00-13-46-E7-2E-F5], press CTRL_C to
break
Error: Request timed
out
Error: Request timed
out
Error: Request timed
out

----- ARP-Ping MAC statistics


-----
3 packet(s)
transmitted
0 packet(s)
received
MAC[00-13-46-E7-2E-F5] not be
used

l If the following information is displayed, the MAC address is used.


<Huawei> arp-ping mac 00e0-fc03-0201 interface Vlanif 5
OutInterface: Vlanif5 MAC[00-E0-FC-03-02-01], press CTRL_C to break

----- ARP-Ping MAC statistics -----


1 packet(s) transmitted
1 packet(s) received

IP ADDRESS MAC ADDRESS


50.1.1.2 00-E0-FC-03-02-01

1.10 Maintaining ARP


This section describes how to maintain ARP.

1.10.1 Deleting ARP Entries


This section describes how to delete ARP entries.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 22


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Context

CAUTION
l After ARP entries are deleted, mappings between IP addresses and MAC addresses are
deleted. As a result, users may fail to access some devices. Exercise caution when you delete
ARP entries.
l Static ARP entries cannot be restored after being deleted. Exercise caution when you delete
static ARP entries.

Procedure
Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | packet
statistics | static } command in the user view to delete ARP entries.

----End

1.10.2 Monitoring the ARP Running Status


You can monitor the ARP running status by running display commands.

Context
To check the ARP running status during routine maintenance, run the following display
commands in any view.

Procedure
l Run the display arp [ all ] command to check all ARP entries, including static ARP entries
and dynamic ARP entries.
l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlan-
id ] ] command to check ARP entries on the specified interface.
l Run the display arp network net-number net-mask [ dynamic | static ] command to check
ARP entries on the specified network segment.
l Run the display arp static command to check static ARP entries.
l Run the display arp dynamic command to check dynamic ARP entries.
l Run the display arp statistics { all | interface interface-type interface-number } command
to check statistics on ARP entries on the AR150/200 or the specified interface.
----End

Example
# Run the display arp interface command, and you can view ARP entries on Eth1/0/0.
<Huawei> display arp interface ethernet 1/0/0
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
192.168.1.11 0000-0a41-0201 I - Eth1/0/0 r1
192.168.1.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 23


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1

# Run the display arp dynamic command, and you can view all the dynamic ARP entries.
<Huawei> display arp dynamic
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.137.217.210 00e0-fc01-0203 I - Eth1/0/0
10.137.216.1 0025-9e38-a09e 20 D-0 Eth1/0/0
10.137.217.208 00e0-fc01-0205 16 D-0 Eth1/0/0
10.2.2.1 00e0-fc99-9999 I - Eth-Trunk0
10.6.3.34 00e0-fc01-0204 I - Eth2/0/0.1
192.168.20.1 00e0-fc99-9999 I - Vlanif100
10.0.0.1 00e0-fc99-9999 I - Vlanif200
------------------------------------------------------------------------------
Total:7 Dynamic:2 Static:0 Interface:5

1.11 Configuration Examples

1.11.1 Example for Configuring Static ARP


Static ARP is configured to ensure communication security between enterprise departments.

Networking Requirements
As shown in Figure 1-1, the Router connects departments of a company and each department
joins different VLANs. Hosts in the headquarters office and the file backup server are allocated
manually configured IP addresses, and hosts in departments dynamically obtain IP addresses by
using DHCP. Hosts in the marketing department can access the Internet and are often attacked
by ARP packets. Attackers attack the Router and modify dynamic ARP entries on the Router.
As a result, communication between hosts in the headquarters office and external devices is
interrupted and hosts in departments fail to access the file backup server. The company requires
that static ARP entries be configured on the Router so that hosts in the headquarters office can
communicate with external devices and hosts in departments can access the file backup server.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 24


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Figure 1-1 Network diagram for configuring static ARP entries

File backup server


10.164.10.1/24
Ethernet2/0/0 0df0-fc01-003a 10.164.1.1/24
00e0-fc01-0001

Etherent0/0/1 Etherent0/0/0 PC A

Router
Etherent0/0/2
Marketing department Headquarters office
10.164.2.0/24 10.164.1.0/24
VLAN 20 VLAN 10

R&D department
10.164.3.0/24
VLAN 30

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure static ARP entries for hosts in the headquarters office on the Router to prevent
ARP entries of the hosts in the headquarters office from being modified in ARP attack
packets.
2. Configure a static ARP entry for the file backup server on the Router to prevent the ARP
entry of the file backup server from being modified in ARP attack packets.

Data Preparation
To complete the configuration, you need the following data:

l Interface connecting the Router and hosts in the headquarters office: Ethernet0/0/0
l ID of the VLAN that Ethernet0/0/0 joins: VLAN 10
l IP address of VLANIF10: 10.164.1.20/24
l Network segment where the IP addresses of hosts in the headquarters office are located:
10.164.1.0/24 (PC A with IP address 10.164.1.1 is used as an example. The IP address
10.164.1.1 maps the MAC address 00e0-fc01-0001.)
l Interface connecting the Router and the file backup server: Ethernet2/0/0
l IP address of Ethernet2/0/0: 10.164.10.10/24
l IP address of the file backup server: 10.164.10.1/24 (corresponding MAC address 0df0-
fc01-003a)

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 25


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Procedure
Step 1 Configure static ARP entries for the host in the headquarters office on the Router.
# Create VLAN 10.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan 10
[Router-vlan10] quit

# Add Ethernet0/0/0 to VLAN 10.


[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] port hybrid tagged vlan 10

# Configure an IP address for VLANIF 10.


[Router] interface vlanif 10
[Router-Vlanif10] ip address 10.164.1.20 255.255.255.0
[Router-Vlanif10] quit

# Configure static ARP entries for hosts in the headquarters office. Configuring a static ARP
entry for PC A is used as an example. In the static ARP entry, PCA IP address 10.164.1.1 maps
the MAC address 00e0-fc01-0001, and the VLAN ID is 10 and the outbound interface is
Ethernet0/0/0.
[Router] arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface ethernet 0/0/0

# Configure static ARP entries for other hosts in the headquarters office. The configuration
method is similar to that of PC A.
Step 2 Configure a static ARP entry for the file backup server on the Router.
# Configure an IP address for Ethernet2/0/0.
[Router] interface ethernet 2/0/0
[Router-Ethernet2/0/0] ip address 10.164.10.10 255.255.255.0
[Router-Ethernet2/0/0] quit

# Configure a static ARP entry for the file backup server: The IP address 10.164.10.1/24 maps
the MAC address 0df0-fc01-003a.
[Router] arp static 10.164.10.1 0df0-fc01-003a

Step 3 Verify the configuration.


# Run the display current-configuration command to view static ARP entries.
<Router> display current-configuration | include arp
arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface ethernet 0/0/0
arp static 10.164.1.2 00e0-fc01-0002 vid 10 interface ethernet 0/0/0
arp static 10.164.1.3 00e0-fc01-0003 vid 10 interface ethernet 0/0/0
arp static 10.164.10.1 0df0-fc01-003a

----End

Example
The following lists the configuration file of the Router.

#
sysname Router
#
vlan batch 10 20 30

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 26


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

#
interface Ethernet 0/0/0
port hybrid tagged vlan 10
#
interface Ethernet 0/0/1
port hybrid tagged vlan 20
#
interface Ethernet 0/0/2
port hybrid tagged vlan 30
##
interface Vlanif 10
ip address 10.2.2.2 255.255.255.0
#
interface Ethernet 2/0/0
ip address 10.164.10.10 255.255.255.0
#
arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface ethernet 0/0/0
arp static 10.164.1.2 00e0-fc01-0002 vid 10 interface ethernet 0/0/0
arp static 10.164.1.3 00e0-fc01-0003 vid 10 interface ethernet 0/0/0
arp static 10.164.10.1 0df0-fc01-003a
#
return

1.11.2 Example for Configuring Routed Proxy ARP


Routed proxy ARP implements communication between the two branches on the same network
segment but on different physical networks.

Networking Requirements
As shown in Figure 1-2, branch A and branch B of a company are located in different cities;
multiple routing devices are deployed between branches and routes are reachable; IP addresses
of the routing devices are on the same network segment 172.16.0.0/16. Branch A and branch B
belong to different broadcast domains; therefore, they cannot communicate on a LAN. Hosts of
branches are not configured with default gateway addresses; therefore, they cannot communicate
across network segments. The company requires that branch A and branch B communicate
without changing the host configurations.
NOTE
AR150/200 is RouterA or RouterB.

Figure 1-2 Network diagram for configuring routed proxy ARP

RouterA RouterC RouterD RouterB

Internet
Etherent0/0/0 Etherent0/0/0

VLAN10
Branch A VLAN20
Branch B
Host A Host B
172.16.1.2/16 172.16.2.2/16
0000-5e33-ee20 0000-5e33-ee10

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 27


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Add the interface connecting RouterA and branch A to VLAN 10 and add the interface
connecting RouterB and branch B to VLAN 20.
2. Enable routed proxy ARP on VLANIF interfaces of branch A and branch B to implement
communication between the two branches.

Data Preparation
To complete the configuration, you need the following data:
l Ethernet0/0/0 connecting RouterA and branch A
l Ethernet0/0/0 connecting RouterB and branch B
l IP address 172.16.1.1/24 of VLANIF 10
l MAC address 00e0-fc39-80aa of VLANIF 10
l IP address 172.16.2.1/24 of VLANIF 20
l MAC address 00e0-fc39-80bb of VLANIF 20

Procedure
Step 1 Configure RouterA.
# Create VLAN 10.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] vlan 10
[RouterA-vlan10] quit

# Add Ethernet0/0/0 to VLAN 10.


[RouterA] interface ethernet 0/0/0
[RouterA-Ethernet0/0/0] port link-type access
[RouterA-Ethernet0/0/0] port default vlan 10
[RouterA-Ethernet0/0/0] quit

# Configure an IP address for VLANIF 10.


[RouterA] interface vlanif 10
[RouterA-Vlanif10] ip address 172.16.1.1 255.255.255.0

# Enable routed proxy ARP on VLANIF 10.


[RouterA-Vlanif10] arp-proxy enable
[RouterA-Vlanif10] quit

Step 2 Configure RouterB.


The configuration of RouterB is similar to that of RouterA.
Step 3 Verify the configuration.
# Select host A at 172.16.1.2/16 in branch A and select host B at 172.16.2.2/16 in branch B.
Ping the IP address of host B from host A.
C:\Documents and Settings\Administrator>ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=255 time=10 ms

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 28


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms


Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=10 ms

--- 172.16.2.2 ping statistics ---


5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/10/10 ms

# View the ARP table of host A. You can see that the MAC address of host B is the MAC address
of VLANIF 10.
C:\Documents and Settings\Administrator>arp -a
Interface: 172.16.1.2 --- 0x2
Internet Address Physical Address Type
172.16.2.2 00e0-fc39-80aa dynamic

----End

Configuration Files
Configuration file of RouterA

#
sysname RouterA
#
vlan batch 10
#
interface Vlanif 10
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface ethernet 0/0/0
port link-type access
port default vlan 10
#
return

Configuration file of RouterB

#
sysname RouterB
#
vlan batch 20
#
interface Vlanif 20
ip address 172.16.2.1 255.255.255.0
arp-proxy enable
#
interface ethernet 0/0/0
port link-type access
port default vlan 20
#
return

1.11.3 Example for Configuring Intra-VLAN Proxy ARP


Intra-VLAN proxy ARP implements Layer 3 communication between enterprise departments
in a VLAN to prevent broadcast storms.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 29


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Networking Requirements
As shown in Figure 1-3, hosts of the accounting department are located in a VLAN. Hosts of
the accounting department are attacked by viruses when they access the Internet. The attacked
hosts send a large number of broadcast packets, causing broadcast storms in the VLAN. Even
hosts cannot communicate. The company requires that broadcast storms be prevented to ensure
communication between hosts and information security.

Figure 1-3 Networking diagram of intra-VLAN proxy ARP

Router
Ethernet0/0/0

PC B PC A
100.1.1.100/24 100.1.1.10/24
VLAN 10
Accounting Department

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure port isolation on the downstream interface of the Router to forbid Layer 2
communication and remove broadcast storms.
2. Enable intra-VLAN proxy ARP on the VLANIF interface to prevent broadcast storms and
Layer 3 communication between hosts in the accounting department.

Data Preparation
To complete the configuration, you need the following data:
l Interface connecting the Router and the accounting department: Ethernet0/0/0
l ID of the VLAN that Ethernet0/0/0 joins: VLAN 10
l IP address of VLANIF10: 100.1.1.12/24

Procedure
Step 1 Add Ethernet0/0/0 to VLAN 10.
# Create VLAN 10.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan 10

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 30


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

[Router-vlan10] quit

# Add Ethernet0/0/0 to VLAN 10.


[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] port hybrid tagged vlan 10

# Configure an IP address for VLANIF 10.


[Router] interface vlanif 10
[Router-Vlanif10] ip address 100.1.1.12 255.255.255.0
[Router-Vlanif10] quit

Step 2 Configure the Router.


Create VLAN 10 on the Router and add all interfaces to VLAN 10. Configure isolation for
downstream interfaces connected to users. The configuration details are not mentioned here.
Step 3 Configure IP addresses for PCs.
# Configure IP addresses for PCs and ensure that their IP addresses and the IP address of
VLANIF10 are on the same network segment.
# After the configuration is complete, each PC and the Router can be pinged successfully. PCs,
however, cannot be pinged.
Step 4 Enable intra-VLAN proxy ARP on VLANIF 10.
[Router] interface vlanif 10
[Router-Vlanif10] arp-proxy inner-sub-vlan-proxy enable
[Router-Vlanif10] quit

Step 5 Verify the configuration.


# Ping PC A and PC B. They can be pinged successfully.
[Router] ping 100.1.1.100
PING 100.1.1.100: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.100: bytes=56 Sequence=1 ttl=255 time=10 ms
Reply from 100.1.1.100: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 100.1.1.100: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 100.1.1.100: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 100.1.1.100: bytes=56 Sequence=5 ttl=255 time=10 ms

--- 100.1.1.100 ping statistics ---


5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/10/10 ms

----End

Configuration Files
Configuration file of the Router
#
sysname Router
#
vlan batch 10
#
interface Vlanif 10
ip address 100.1.1.12 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface ethernet 0/0/0
port hybrid tagged vlan 10

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 31


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

#
return

1.11.4 Example for Configuring Inter-VLAN Proxy ARP


Networking Requirements
As shown in Figure 1-4, sub-VLANs VLAN 2 and VLAN 3 compose super-VLAN 4.
Hosts in VLAN 2 and VLAN 3 cannot ping each other.
To implement communication between hosts in VLAN 2 and VLAN 3, configure inter-VLAN
proxy ARP.

Figure 1-4 Network diagram for configuring inter-VLAN proxy ARP

Router

VLAN2 VLAN3

VLAN4

VLAN2 VLAN3

Configuration Roadmap
The configuration roadmap is as follows:
1. Create and configure the super-VLAN and sub-VLANs.
2. Add interfaces to the sub-VLANs.
3. Create a VLANIF interface corresponding to the super-VLAN and assign an IP address to
the VLANIF interface.
4. Enable inter-VLAN proxy ARP.

Data Preparation
To complete the configuration, you need the following data:
l IDs of the super-VLAN and sub-VLANs
l Sub-VLAN 2 that Ethernet0/0/0 and Ethernet0/0/1 belong to
l Sub-VLAN 3 that Ethernet0/0/2 and Ethernet0/0/3 belong to

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 32


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

l IP address 10.10.10.1 and mask 255.255.255.0 of the VLANIF interface corresponding to


the super-VLAN

Procedure
Step 1 Create and configure the super-VLAN and sub-VLANs.
# Create sub-VLAN 2.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan 2
[Router-vlan2] quit

# Add Ethernet0/0/0 and Ethernet0/0/1 to sub-VLAN 2.


[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] port link-type access
[Router-Ethernet0/0/0] port default vlan 2
[Router-Ethernet0/0/0] quit
[Router] interface ethernet 0/0/1
[Router-Ethernet0/0/1] port link-type access
[Router-Ethernet0/0/1] port default vlan 2
[Router-Ethernet0/0/1] quit

# Create sub-VLAN 3.
[Router] vlan 3
[Router-vlan3] quit

# Add Ethernet0/0/2 and Ethernet0/0/3 to sub-VLAN 3.


[Router] interface ethernet 0/0/2
[Router-Ethernet0/0/2] port link-type access
[Router-Ethernet0/0/2] port default vlan 3
[Router-Ethernet0/0/2] quit
[Router] interface ethernet 0/0/3
[Router-Ethernet0/0/3] port link-type access
[Router-Ethernet0/0/3] port default vlan 3
[Router-Ethernet0/0/3] quit

# Create super-VLAN 4 and add sub-VLAN 2 and sub-VLAN 3 to super-VLAN 4.


[Router] vlan 4
[Router-vlan4] aggregate-vlan
[Router-vlan4] access-vlan 2
[Router-vlan4] access-vlan 3
[Router-vlan4] quit

Step 2 Create and configure VLANIF 4.


# Create VLANIF 4.
[Router] interface vlanif 4

# Configure an IP address for VLANIF 4.


[Router-Vlanif4] ip address 10.10.10.1 24

Step 3 Enable inter-VLAN proxy ARP on VLANIF 4.


[Router-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[Router-Vlanif4] quit

Step 4 Verify the configuration.


# Run the display current-configuration command, and you can view the configuration of the
super-VLAN, sub-VLANs, and VLANIF interface.
# Run the display arp command, and you can view all the ARP entries.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 33


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

<Router> display arp


IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN
------------------------------------------------------------------------------
10.10.10.1 0018-2000-0083 I - Vlanif4
10.10.10.2 00e0-fc00-0002 19 D-0 Ethernet0/0/0
2/-
10.10.10.3 00e0-fc00-0003 19 D-0 Ethernet0/0/1
2/-
10.10.10.4 00e0-fc00-0004 19 D-0 Ethernet0/0/2
3/-
10.10.10.5 00e0-fc00-0005 19 D-0 Ethernet0/0/3
3/-
------------------------------------------------------------------------------
Total:5 Dynamic:4 Static:0 Interface:1

----End

Example
The following lists only the configuration file of the Router.

#
sysname Router
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.10.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface ethernet 0/0/0
port link-type access
port default vlan 2
#
interface ethernet 0/0/1
port link-type access
port default vlan 2
#
interface ethernet 0/0/2
port link-type access
port default vlan 3
#
interface ethernet 0/0/3
port link-type access
port default vlan 3
#
return

1.11.5 Example for Configuring Layer 2 Topology Detection

Networking Requirements
As shown in Figure 1-5, two Ethernet interfaces are added to VLAN 100 in default mode. To
view changes of ARP entries, configure Layer 2 topology detection.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 34


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Figure 1-5 Network diagram for configuring Layer 2 topology detection

Router

Etherent 0/0/0 Etherent 0/0/1


VLANIF100
10.1.1.2/24

PC A PC B
VLAN100
10.1.1.1/24 10.1.1.3/24

Configuration Roadmap
The configuration roadmap is as follows:

1. Add two Ethernet interfaces to VLAN 100 in default mode.


2. Enable Layer 2 topology detection to view changes of ARP entries.

Data Preparation
To complete the configuration, you need the following data:

l Types and numbers of the interfaces to be added to a VLAN


l IP addresses of the VLANIF interface and the PCs

Procedure
Step 1 Create VLAN 100 and add the two Ethernet interfaces on the Router to VLAN 100 in default
mode.

# Create VLAN 100 and configure an IP addresses for the VLANIF interface.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan 100
[Router-vlan100] quit
[Router] interface vlanif 100
[Router-vlanif100] ip address 10.1.1.2 24
[Router-vlanif100] quit

# Add the two Ethernet interfaces to VLAN 100 in default mode.


[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] port link-type access
[Router-Ethernet0/0/0] port default vlan 100
[Router-Ethernet0/0/0] quit
[Router] interface ethernet 0/0/1
[Router-Ethernet0/0/1] port link-type access
[Router-Ethernet0/0/1] port default vlan 100
[Router-Ethernet0/0/1] quit

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 35


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

Step 2 Enable Layer 2 topology detection.


[Router] l2-topology detect enable

Step 3 Restart Ethernet 0/0/0 and view changes of ARP entries and aging time.
# View ARP entries on the Router. You can see that the Router has learned the MAC address
of the PC.
[Router] display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-
INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I - Vlanif100
10.1.1.1 00e0-c01a-4901 20 D-0 Ethernet0/0/0
10.1.1.3 00e0-de24-bf04 20 D-0 Ethernet0/0/1
-----------------------------------------------------------------------------
Total:3 Dynamic:2 Static:0 Interface:1

# Run the shutdown and undo shutdown commands on Ethernet0/0/0 and view the aging time
of ARP entries.
[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] shutdown
[Router-Ethernet0/0/0] undo shutdown
[Router-Ethernet0/0/0] display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I -
Vlanif100
10.1.1.3 00e0-de24-bf04 0 D-0 Ethernet0/0/1
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1

NOTE

According to the preceding information, the ARP entries learned from Ethernet0/0/1 are deleted after
Ethernet0/0/0 is shut down. After Ethernet0/0/0 is enabled and becomes Up, the aging time of ARP entries
learned from Ethernet0/0/1 changes to 0.

# When the aging time is 0, the Router sends an ARP probe packet for updating ARP entries.
[Router-Ethernet0/0/0] display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN
----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I -
Vlanif100
10.1.1.3 00e0-de24-bf04 20 D-0 Ethernet0/0/1
----------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1

NOTE

After ARP entries are updated, the aging time is restored to be the default value, 1200s.

----End

Configuration Files
Configuration file of the Router

#
sysname Router
#
l2-topolgy detect enable

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 36


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 1 ARP Configuration

#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface Ethernet 0/0/0
port link-type access
port default vlan 100
#
interface Ethernet 0/0/1
port link-type access
port default vlan 100
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 37


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

2 IP Address Configuration

About This Chapter

This chapter describes how to configure Internet protocol (IP) addresses for network devices so
that they can communicate.

2.1 IP Address Overview


This section describes the concept of IP addresses.
2.2 IP Addresses Supported by the AR150/200
This section describes the methods for setting IP addresses for the AR150/200.
2.3 Configuring IP Addresses for an Interface
This section describes how to configure IP addresses for an interface.
2.4 Configuring IP Address Unnumbered on an Interface
This section describes how to configure IP address unnumbered.
2.5 Configuration Examples
This section provides several IP address configuration examples.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 38


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

2.1 IP Address Overview


This section describes the concept of IP addresses.
Hosts on an IP network use IP addresses to communicate with each other.
An IP address is a 32-bit address that identifies every computer or web server on the Internet. It
consists of a network ID and a host ID.
The network ID identifies a network and the host ID identifies a specific network device on the
network. If multiple network devices have the same network ID, they reside on the same network
regardless of their physical locations.

2.2 IP Addresses Supported by the AR150/200


This section describes the methods for setting IP addresses for the AR150/200.

NOTE

IP addresses refer to IPv4 addresses in this document.

The AR150/200 supports the following methods for setting IP addresses:


l Setting static IP addresses for interfaces manually
l Configuring an interface to borrow an IP address from another interface
l Using the IP address negotiation function of PPP to assign IP addresses to interfaces
To save IP addresses, the AR150/200 supports the 31-bit address mask on a P2P interface. After
a 31-bit address mask is configured, there are two IP addresses on a subnet: the subnet address
and the broadcast address of the subnet. Both the addresses are called host addresses.
The AR150/200 supports the 32-bit address mask on a loopback interface.

2.3 Configuring IP Addresses for an Interface


This section describes how to configure IP addresses for an interface.

2.3.1 Establishing the Configuration Task


Before configuring IP addresses for an interface, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the data required for the
configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
To run IP services on an interface, you must configure IP addresses for the interface. Each
interface of the AR150/200 can be allocated multiple IP addresses, one of which is the primary
IP address and the others are secondary IP addresses.
Generally, an interface needs only the primary IP address. In special cases, the secondary IP
addresses need to be configured for the interface. For example, an interface of the AR150/200
is connects to a physical network, and hosts on this physical network belong to two network

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 39


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

segments. To allow the AR150/200 to communicate with all the hosts on the physical network,
configure a primary IP address and a secondary IP address for the interface.

NOTE

Layer 2 interfaces on the AR150/200 cannot be allocated IP addresses.

Pre-configuration Tasks
Before configuring IP addresses for an interface, complete the following tasks:
l Connecting interfaces and setting physical parameters of each interface so that the physical
status of the interfaces is Up
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up

Data Preparation
To configure IP addresses for an interface, you need the following data.

No. Data

1 Number of the interface

2 Primary IP address and subnet mask of the


interface

3 (Optional) Secondary IP address and subnet


mask of the interface

2.3.2 Configuring a Primary IP Address for an Interface


An interface has only one primary IP address.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ip address ip-address { mask | mask-length }

A primary IP address is configured for the interface.


An interface has only one primary IP address. If you configure a new primary address on an
interface that already has a primary IP address, the new IP address overrides the original one.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 40


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

2.3.3 (Optional) Configuring a Secondary IP Address for an


Interface
If an interface needs to communicate with hosts on different network segments, configure
secondary IP addresses for the interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ip address ip-address { mask | mask-length } sub

A secondary IP address is configured for the interface.


To configure multiple secondary IP addresses for an interface, repeat this step. Each interface
can be configured with a maximum of 31 secondary IP addresses.

----End

2.3.4 Checking the Configuration


Procedure
l Run the display ip interface [ interface-type interface-number ] command to check
information about the interface IP address.
l Run the display ip interface brief [ interface-type [ interface-number ] ] command to check
brief information about the interface IP address.
----End

Example
# Run the display ip interface command to view information about the IP address on
Ethernet1/0/0.
<Huawei> display ip interface ethernet 1/0/0
Ethernet1/0/0 current state : UP
Line protocol current state : UP
The Maximum Transmit Unit : 1500 bytes
input packets : 11022, bytes : 660443, multicasts : 0
output packets : 9634, bytes : 533292, multicasts : 0
Directed-broadcast packets:
received packets: 1796, sent packets: 0
forwarded packets: 0, dropped packets: 0
ARP packet input number: 52872
Request packet: 52852
Reply packet: 20
Unknown packet: 0
Internet Address is 10.137.217.210/23
Broadcast address : 10.137.217.255

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 41


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

TTL being 1 packet number: 0


TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0

# Run the display ip interface brief command to view brief information about the IP address
on Ethernet1/0/0.
<Huawei> display ip interface brief ethernet 1/0/0
*down: administratively down
(l): loopback
(s): spoofing
Interface IP Address/Mask Physical Protocol
Ethernet1/0/0 10.137.217.210/23 up up

2.4 Configuring IP Address Unnumbered on an Interface


This section describes how to configure IP address unnumbered.

2.4.1 Establishing the Configuration Task


Before configuring IP address unnumbered, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the data required for the
configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
In some application environments, an interface needs to be configured to borrow an IP address
from another interface to save IP addresses. If an interface is seldom used, a fixed IP address is
unnecessary. You can configure the interface to borrow an IP address from another interface.

Pre-configuration Tasks
Before configuring IP address unnumbered on an interface, complete the following tasks:
l Setting physical attributes of the IP unnumbered interface and the interface from which an
IP address will be borrowed
l Setting link layer protocols of the IP unnumbered interface and the interface from which
an IP address will be borrowed

Data Preparation
To configure IP address unnumbered on an interface, you need the following data.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 42


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

No. Data

1 Number, IP address, and mask of the interface


from which an IP address will be borrowed

2 Number of the IP unnumbered interface

NOTE

Only the configurations related to IP address unnumbered are described here. The procedure for configuring
a static route to the peer device is not mentioned here.
The IP unnumbered interface cannot be enabled with dynamic routing protocols because it does not have
an IP address itself. To implement communication between the AR150/200 and the peer device, configure
a static route to the peer device.

2.4.2 Configuring a Primary IP Address for the Interface from


Which an IP Address Will Be Borrowed

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The view of the interface from which an IP address will be borrowed is displayed.
The interface can be an Ethernet interface, a loopback interface, an Eth-Trunk interface, or a
VLANIF interface.
Step 3 Run:
ip address ip-address { mask | mask-length }

A primary IP address is configured for the interface from which an IP address will be borrowed.
An interface has only one primary IP address. If you configure a new primary address on an
interface that already has a primary IP address, the new IP address overrides the original one.

----End

2.4.3 Configuring IP Address Unnumbered on an Interface

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 43


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

interface interface-type interface-number

The IP unnumbered interface view is displayed.


ATM interfaces, tunnel interfaces, and interfaces encapsulated with the Point-to-Point Protocol
(PPP) or High-level Data Link Control (HDLC) can borrow IP addresses from other types of
interfaces.
P2P sub-interfaces encapsulated with frame relay (FR) can borrow IP addresses from other types
of interfaces.
Ethernet interfaces can borrow IP addresses from loopback interfaces.
Step 3 Run:
ip address unnumbered interface interface-type interface-number

The IP unnumbered interface is configured to borrow an IP address from the specified interface.

----End

2.4.4 Checking the Configuration

Procedure
l Run the display ip interface [ interface-type interface-number ] command to check
information about the interface IP address.
l Run the display ip interface brief [ interface-type [ interface-number ] ] command to check
brief information about the interface IP address.
----End

Example
# Run the display ip interface command to view information about Eth2/0/0 borrowing an IP
address from LoopBack0.
<Huawei> display ip interface ethernet 2/0/0

Ethernet2/0/0 is standby,
Line protocol current state : DOWN
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
Directed-broadcast packets:
received packets: 0, sent packets: 0
forwarded packets: 0, dropped packets: 0
ARP packet input number: 0
Request packet: 0
Reply packet: 0
Unknown packet: 0
Internet Address is unnumbered, using address of LoopBack0(202.117.23.45/24)
Broadcast address : 202.117.23.255
TTL being 1 packet number: 0
TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 44


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0

2.5 Configuration Examples


This section provides several IP address configuration examples.

2.5.1 Example for Configuring Primary and Secondary IP Addresses


for an Interface

Networking Requirements
As shown in Figure 2-1, Ethernet0/0/0 on the Router is connected to a LAN. On the LAN, two
hosts belong to network segment 172.16.1.0/24 and another two hosts belong to network segment
172.16.2.0/24. The Router is required to access the two network segments.

Figure 2-1 Network diagram for configuring IP addresses

172.16.1.0/24 Router

Ethernet 0/0/0
172.16.1.1/24
172.16.2.1/24 sub

172.16.2.0/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Plan IP addresses for interfaces.
2. Configure the primary and secondary IP addresses for an interface.

Data Preparation
To complete the configuration, you need the following data:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 45


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

l Primary IP address and subnet mask of the interface


l Secondary IP address and subnet mask of the interface

Procedure
Step 1 Configure primary and secondary IP addresses for Ethernet0/0/0 on Router.
<Huawei> system-view
[Huawei] sysname Router
[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] ip address 172.16.1.1 24
[Router-Ethernet0/0/0] ip address 172.16.2.1 24 sub

Step 2 Verify the configuration.

# Ping a host on network segment 172.16.1.0 from the Router. The ping operation succeeds.
<Router> ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128 time=25 ms
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128 time=27 ms
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128 time=26 ms
--- 172.16.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms

Ping a host on network segment 172.16.2.0 from the Router. The ping operation succeeds.
<Router> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25 ms
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26 ms
--- 172.16.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms

----End

Configuration Files
Configuration file of the Router

#
sysname Router
#
interface 0/0/0
ip address 172.16.1.1 255.255.255.0
ip address 172.16.2.1 255.255.255.0 sub
#
return

2.5.2 Example for Configuring IP Address Unnumbered on an


Interface

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 46


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

Context
As shown in Figure 2-2, Tunnel0/0/1 of RouterA connects to RouterC by a tunnel. Tunnel0/0/1
of RouterA and Tunnel0/0/1 of RouterC are seldom used. To save IP addresses, Tunnel0/0/1 of
RouterA is required to borrow the IP address of Loopback0 on RouterA, and Tunnel0/0/1 of
RouterC is required to borrow the IP address of Loopback0 on RouterC.

Figure 2-2 Network diagram of IP address unnumbered

RouterB

RouterA RouterC

LoopBack 0
LoopBack 0

9.9.9.9/32
6.6.6.6/32

Tunnel
Tunnel 0/0/1 Tunnel 0/0/1

PC 1 PC 2

Configuration Roadmap
The configuration roadmap is as follows:
l Configure IP addresses for Loopback0 interfaces on RouterA and RouterC.
l Configure OSPF.
l On RouterA, configure Tunnel0/0/1 to borrow the IP address of Loopback0.
l On RouterC, configure Tunnel0/0/1 to borrow the IP address of Loopback0.

Data Preparation
To complete the configuration, you need the following data:
l IP address of Loopback0 on RouterA
l IP address of Loopback0 on RouterC
NOTE

This example provides only the configurations of IP address unnumbered.

Procedure
Step 1 Configure RouterA.
# Configure an IP address for Loopback0.
<Huawei> system-view
[Huawei] sysname RouterA

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 47


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

[RouterA] interface loopback 0


[RouterA-LoopBack0] ip address 6.6.6.6 32
[RouterA-LoopBack0] quit

# Configure OSPF.
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit

# Configure Tunnel0/0/1 to borrow the IP address of Loopback0.


[RouterA] interface tunnel 0/0/1
[RouterA-Tunnel0/0/1] ip address unnumbered interface loopback 0
[RouterA-Tunnel0/0/1] quit

Step 2 Configure RouterC.


The configuration of RouterC is similar to that of RouterA, and is not mentioned here.
Step 3 Verify the configuration.
# Check the configuration on Tunnel0/0/1 of RouterA.
<RouterA> display ip interface Tunnel 0/0/1
Tunnel0/0/1 current state : UP
Line protocol current state : DOWN
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
Directed-broadcast packets:
received packets: 0, sent packets: 0
forwarded packets: 0, dropped packets: 0
Internet Address is unnumbered, using address of LoopBack0(6.6.6.6/32)
Broadcast address : 6.6.6.6
TTL being 1 packet number: 0
TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0

----End

Configuration Files
l Configuration file of RouterA

#
sysname RouterA
#
interface LoopBack0
ip address 6.6.6.6 255.255.225.255

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 48


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 2 IP Address Configuration

#
interface Tunnel 0/0/1
ip address unnumbered interface LoopBack0
#
ospf 1
area 0.0.0.0
network 6.6.6.6 0.0.0.0
#
return

l Configuration file of RouterC

#
sysname RouterC
#
interface LoopBack0
ip address 9.9.9.9 255.255.225.255
#
interface Tunnel 0/0/1
ip address unnumbered interface LoopBack0
#
ospf 1
area 0.0.0.0
network 9.9.9.9 0.0.0.0
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 49


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

3 Basic IPv6 Configuration

About This Chapter

The IPv6 protocol stack is a support for routing protocols and application protocols on an IPv6
network.

3.1 Introduction to IPv6


IPv6 is an upgraded version of IPv4 and solves many problems with IPv4.
3.2 IPv6 Supported by the AR150/200
The basic functions of IPv6 include IPv6 address configuration, IPv6 neighbor discovery, router
advertisement, ICMPv6 packet control, and Path MTU (PMTU) configuration. The IPv6
protocol stack is a support for routing protocols and application protocols.
3.3 Configuring an IPv6 Address for an Interface
Assigning an IPv6 address to a device on a network enables the device to communicate with the
other devices on the network.
3.4 Configuring IPv6 Neighbor Discovery
IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship
between neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the Address
Resolution Protocol (ARP), ICMP Router Discovery messages, and ICMP Redirect messages,
and introduces neighbor reachability detection.
3.5 Configuring IPv4/IPv6 Dual Stacks
To establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite and
the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.
3.6 Configuring PMTU
By setting the PMTU, you can select a proper MTU for packet transmission. In this manner,
packets do not have to be fragmented during transmission and loads on intermediate devices are
reduced. In addition, network resources are used more efficiently and the network throughput
reaches the optimal value.
3.7 Configuring TCP6
By setting TCP6 packets, you can improve the performance of the network.
3.8 Maintaining IPv6
This section describes how to maintain IPv6. Detailed operations include deleting information
about IPv6 operation and monitoring IPv6 operation.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 50


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

3.9 Configuration Examples


This section includes the networking requirements, precautions for configuration, and
configuration roadmap. An example is used to describe how to configure an IPv6 address and
Neighbor Discovery Protocol for an interface.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 51


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

3.1 Introduction to IPv6


IPv6 is an upgraded version of IPv4 and solves many problems with IPv4.

Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network
protocol of the second generation. It is a set of specifications designed by the Internet
Engineering Task Force (IETF). IPv6 is the upgraded version of IPv4. The most remarkable
difference between IPv6 and IPv4 is that the IP address lengthens from 32 bits to 128 bits.

3.2 IPv6 Supported by the AR150/200


The basic functions of IPv6 include IPv6 address configuration, IPv6 neighbor discovery, router
advertisement, ICMPv6 packet control, and Path MTU (PMTU) configuration. The IPv6
protocol stack is a support for routing protocols and application protocols.

The AR150/200 supports the IPv6 protocol suite and TCP6 protocol suite.

AR150/200 supports IPv6 on the following interfaces:


l Ethernet interfaces and sub-interfaces
l Gigabit-Ethernet interfaces and sub-interfaces
l Serial interfaces (Only the Serial interfaces configured with PPP or HDLC as the link
protocol support IPv6.)
l POS interfaces (Only the POS interfaces configured with PPP or HDLC as the link protocol
support IPv6.)
l Tunnel interfaces
l Loopback interfaces
l Eth-Trunk interfaces, Eth-Trunk sub-interfaces, and IP-Trunk interfaces
l VLANIF interfaces

IPv6 Address
A 128-bit IPv6 address has the following formats:

l X:X:X:X:X:X:X:X
In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group
are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are
separated by colons. Every "X" represents a group of hexadecimal values.
l X:X:X:X:X:X:d.d.d.d
This format is for the following types of addresses:
– IPv4-compatible IPv6 address
– IPv4-mapped IPv6 address
In this type of address, "X" represents the first six groups of numbers. Each "X" stands for
16 bits that are represented by hexadecimal numbers. "d" represents the subsequent four
group of numbers. Each "d" stands for eight bits that are represented by decimal numbers.
"d.d.d.d" is a standard IPv4 address.

An IPv6 address can be divided into two parts:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 52


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

l Network prefix: equals the network ID of an IPv4 address. It is of n bits.


l Interface identifier: equals the host ID in an IPv4 address. It is of 128-n bits.

Selection of Source and Destination Addresses


When network administrators need to specify or plan a source and a destination addresses, they
can define a group of address selection rules. An address selection policy table can be created
based on these rules. Similar to a routing table, this table can be queried based on the longest
match rule. The address is selected based on a source and a destination addresses.

IPv6 Neighbor Discovery


The IPv6 neighbor discovery (ND) is a group of messages and processes that define the
relationship between neighboring nodes. ND replaces the Address Resolution Protocol (ARP)
messages and the Internet Control Message Protocol (ICMP) device discovery messages. It also
provides additional functions.

IPv6 PMTU
Generally, the problem that different networks have different Maximum Transmission Units
(MTU) can be solved in the following ways:

l Devices fragment packets as required. The source host only needs to fragment packets;
however, the intermediate router not only needs to fragment packets, but also to reassemble
packets.
l The source host sends packets based on a proper MTU so that packets need not be
fragmented on the intermediate router. In such a case, packet processing burden on the
intermediate router can be reduced. During IPv6 packet transmission, only this way can be
adopted because IPv6 intermediate routers do not support packet fragmentation.

The Path MTU (PMTU) Discovery mechanism aims at finding a proper MTU value on the path
from the source to the destination.

IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing
protocols. This brings about Routing Information Base (RIB). The RIB is a base of the
Forwarding Information Base (FIB). Guided by route management policies, a device extracts a
minimum of necessary forwarding information from RIB and adds the information to the FIB.
Through the route management module, you can also add static routes into the FIB.

A FIB contains a group of minimum information needed by a device during packet forwarding.
An FIB entry usually contains the destination address, prefix length, transport port, next-hop
address, route flag, and time stamp. A device forwards packets according to FIB entries.

The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB
container (used on the forwarding plane). A FIB agent is responsible for interacting with the
RM module for delivering FIB entries to the forwarding engine, and to the I/O board in a
distributed system.

A FIB contains the following information:

l Destination address: indicates the network or host a packet is destined for.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 53


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

l Prefix length: indicates the length of the destination address prefix. From the prefix length,
you can infer that the destination address is a network address or a host address.
l Nexthop: indicates the address of the close next hop through which the packet reaches the
destination.
l Flag(s): identifies route features.
l Interface: indicates the outgoing interface of the packet.
l Timestamp: Indicates the time when an FIB entry is established.
l Tunnel ID: Indicates the ID of VPN Tunnel.
NOTE

The IPv6 function is used with a license. To use the IPv6 function, apply for and purchase the following
license from the Huawei local office:
l AR150&200 Value-Added Data Package

3.3 Configuring an IPv6 Address for an Interface


Assigning an IPv6 address to a device on a network enables the device to communicate with the
other devices on the network.

3.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for assigning an IPv6 address to an interface.

Applicable Environment
When a device communicates with an IPv6 device, you need to configure IPv6 address for the
interface. The AR150/200 supports configuring IPv6 addresses for the following interfaces:

l Ethernet interfaces and sub-interfaces


l Tunnel interfaces
l Loopback interfaces
l Eth-Trunk interfaces, Eth-Trunk sub-interfaces(support IPv6 only when they work in Layer
3 mode)
l VLANIF interfaces
l VE interfaces
l VT interfaces

You can configure 10 addresses for one interface. Addresses can be the link-local address and
the global unicast address.

The link-local address is used in ND, and in the communication between nodes on the local link
in the stateless address auto-configuration. The packets using the link-local address as the source
or destination address are not forwarded to other links.

The link-local address can be automatically generated or manually configured. After being
enable with automatic address generation capability, the system automatically generates a link-
local address. The link-local address configured manually must be a valid link-local address
(FE80::/10).

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 54


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

It is recommended to automatically generate a link-local address because the link-local address


is used only for the communication between link-local nodes. Commonly, it is used to implement
communication requirements of protocol and is not directly related to the communication
between users.
The global unicast address is equivalent to the IPv4 public address. It is used for data forwarding
across the pubic network, which is necessary for the communication between users.
An EUI-64 address has the same function as an global unicast address. The difference is that
only the network bits need to be specified for the EUI-64 address and the host bits are transformed
from the MAC addresses of the interface while a complete 128-bit address need to be specified
for the global unicast address. Note that the prefix length of the network bits in an EUI-64 address
must not be longer than 64 bits.
The EUI-64 address and the global unicast address can be configured simultaneously or
alternatively. However, the IP addresses configured for one interface cannot be in the same
network segment.

Pre-configuration Tasks
Before configuring IPv6 addresses, complete the following tasks:
l Configuring the physical features of the interface and ensuring that the status of the physical
layer of the interface is Up
l Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up

Data Preparation
To configure IPv6 addresses for an interface, you need the following data.

No. Data

1 Number of the interface

2 Link-local address configured manually

3 Global unicast address and prefix length

3.3.2 Enabling IPv6 Packet Forwarding Capability


You can perform other IPv6 configurations on an interface only when IPv6 is enabled in the
interface view. To enable IPv6 packet forwarding on an interface, you must configure IPv6 in
the system view.

Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The IPv6 function, however, is not enabled on the interface
and hence you cannot perform any IPv6 configurations.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 55


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

l If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface. Therefore, the device cannot forward IPv6 data.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6

The IPv6 packet forwarding capability is enabled.


By default, the IPv6 packet forwarding capability is disabled.
To enable a device to forward IPv6 packets, you must run this command in the system view;
otherwise, the device cannot forward IPv6 packets although you enable IPv6 on the interface.
Step 3 Run:
interface interface-type interface-number

The view of the interface to be enabled with the IPv6 capability is displayed.
Step 4 Run:
ipv6 enable

The IPv6 capability is enabled on the interface.


Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability
in the interface view.
By default, the IPv6 capability is disabled on the interface.

----End

3.3.3 Configuring an IPv6 Link-Local Address for an Interface


The local address of a link is used in the neighbor discovery protocol, and in the communications
between nodes on the local end of the link in stateless address auto-configuration. The local
address of a link is valid only for the link. A packet with a link-local address as the source or
destination address is forwarded only along the local link.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Perform the following as required.
Run:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 56


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

ipv6 address auto link-local

Auto generation of the IPv6 link-local address is enabled.

Or

Run:
ipv6 address ipv6-address link-local

The IPv6 link-local address is manually configured.

Besides configuring a link-local address through the preceding two commands, you can also
configure a global unicast IPv6 address for auto generating a link-local address. For details, see
Configuring an IPv6 Global Unicast Address for an Interface.

----End

3.3.4 Configuring an IPv6 Global Unicast Address for an Interface


A global unicast IP address is equal to an Internet IPv4 address and can be used for links whose
route prefixes can be aggregated. In this manner, routing entries can be reduced.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Step 3 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } or ipv6
address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

The global unicast address is configured on the interface.

----End

3.3.5 Configuring an IPv6 Anycast Address for an Interface


An anycast address is used to identify a group of interfaces.

Context
Anycast addresses and unicast addresses are in the same address range. An anycast address is
used to identify a group of interfaces on different nodes.

l Similar to a multicast address, an anycast address is listened to by multiple nodes.


Therefore, it is only used as a destination address.
l The packets destined for an anycast address are transmitted to an interface that is in the
interface group identified by the anycast address and is closest to the source node. (The
distance between an interface and the source node is calculated based on the routing

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 57


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

protocol). The packets destined for a multicast address are transmitted to a group of
interfaces with the multicast address.
When the 6to4 tunnel is used for the communication between the 6to4 network and the native
IPv6 network, the AR150/200 supports the configuration of an anycast address with the prefix
of 2002:c058:6301:: on the tunnel interface of the 6to4 relay route device.
Alternatively, you can configure a 6to4 address on the tunnel interface of the 6to4 relay route
device. When multiple 6to4 relay route devices are configured on the network, the difference
between the two methods is as follows:
l If an 6to4 address is used, you need to configure different addresses for tunnel interfaces
of all devices.
l If an anycast address is used, you need to configure the same address for the tunnel
interfaces of all devices. In this manner, the number of addresses is reduced.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast

An IPv6 anycast address is assigned to an interface.

----End

3.3.6 Checking the Configuration


You can view the configuration of the IPv6 address for an interface.

Prerequisites
The configurations of the IPv6 addresses are complete.

Procedure
l Run the display ipv6 interface [ interface-type interface-number | brief ] command to
check the IPv6 information of an interface.
l Run the display ipv6 statistics command to check the IPv6 packet statistics.
----End

Example
Run the display ipv6 interface command. If the IPv6 address of the interface is displayed, it
means that the configuration succeeds. For example:
<Huawei> display ipv6 interface ethernet 1/0/0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 58


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Ethernet1/0/0 current state : UP


IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00 [TENTATIVE]
Global unicast address(es):
2001::1, subnet is 2001::/64 [TENTATIVE]
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF04:5D00
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses

Run the display ipv6 interface command. If the configured IPv6 address and interface status
are displayed, it means that the configuration succeeds.
<Huawei> display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface Physical Protocol
Ethernet2/0/0 up up
[IPv6 Address] 2030::101:101
Ethernet2/0/1 up up
[IPv6 Address] 2001::1
LoopBack0 up up(s)
[IPv6 Address] Unassigned

Run the display ipv6 statistics command. If the statistics on IPv6 packets is displayed, it means
that the configuration succeeds.
<Huawei> display ipv6 statistics
IPv6 Protocol:

Sent packets:
Total : 3630
Local sent out : 3630 Forwarded : 0
Raw packets : 0 Discarded : 0
Fragmented : 0 Fragments : 0
Fragments failed : 0 Multicast : 0

Received packets:
Total : 3630 Local host : 3630
Hop count exceeded : 0 Header error : 0
Too big : 0 Routing failed : 0
Address error : 0 Protocol error : 0
Truncated : 0 Option error : 0
Fragments : 0 Reassembled : 0
Reassembly timeout : 0 Multicast : 0

3.4 Configuring IPv6 Neighbor Discovery


IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship
between neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the Address
Resolution Protocol (ARP), ICMP Router Discovery messages, and ICMP Redirect messages,
and introduces neighbor reachability detection.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 59


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

3.4.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for IPv6 neighbor discovery.

Applicable Environment
After an IPv6 address is configured for a node, the node checks whether this address can be used
and does not conflict with any other address. If a node is a host, a router needs to notify the host
of the optimal next hop address of a packet to be sent by the host to a specific destination. If a
node is a router, it needs to advertise its address, address prefix, and other configuration
parameters to instruct hosts to configure parameters. During IPv6 packet forwarding, a node
needs to know the neighboring nodes' link-layer addresses and check their reachability. The
Neighbor Discovery (ND) function can be used to meet the requirements.

Most of the ND configurations are implemented based on the interfaces.

The IPv6 ND configuration is supported on the following interfaces:

l Ethernet interface sand sub-interfaces


l Tunnel interfaces
l Eth-Trunk interfaces, Eth-Trunk sub-interfaces
l VLANIF interfaces

Pre-configuration Tasks
Before configuring IPv6 neighbor discovery, complete the following tasks:

l Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
l Configuring link layer parameters for the interface
l Configuring the IPv6 address for the interface

Data Preparation
To configure IPv6 neighbor discovery, you need the following data.

No. Data

1 Number of interface which needs to be configured with IPv6 ND

2 IPv6 address and MAC address of the static neighbor

3 Intervals, prefix, and life duration of RA messages

4 Flag bit of automatic configuration

5 Hop limit of ND

6 Sending times of DAD

7 Intervals for re-transmitting NS messages

8 NUD reachable time

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 60


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

No. Data

9 Interface MTU

3.4.2 Configuring Static Neighbors


By configuring a static neighbor, you can obtain the mapping of the IPv6 address and MAC
address of the neighbor.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run one of the following commands as required:
l To configure a static neighbor entry on a common Layer 3 interface, run the ipv6
neighbor ipv6-address mac-address command.
l To configure a static neighbor entry on a VLANIF interface, run the ipv6 neighbor ipv6-
address mac-address vid vlan-id interface-type interface-number command.
l To configure a static neighbor entry on a sub-interface for QinQ VLAN tag termination, run
the ipv6 neighbor ipv6-address mac-address vid vid [ cevid cevid ] command.
NOTE
If an interface is configured with dynamic QinQ, you cannot configure a static neighbor entry on it.

Static neighbors can be configured for interfaces and their sub-interfaces. You can configure up
to 300 neighbors on each interface.

----End

3.4.3 Enabling RA Message Advertising


After being enabled with router advertisement, the device can send router advertisement
messages, providing prefixes for hosts.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 61


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Step 3 Run:
(Optional)undo ipv6 nd ra halt

The function of advertising RA messages is enabled.

----End

3.4.4 Setting the Interval for Advertising RA Messages


The device periodically sends router advertisement messages containing information such as
prefixes and flag bits.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }

The interval for advertising RA messages is configured.


By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds.
The maximum interval can not be shorter than the minimum interval.
When the maximum interval is less than 9 seconds, the minimum interval is set to the same value
as the maximum interval.

----End

3.4.5 Configuring the Address Prefixes to Be Advertised


Nodes of the local links can perform address auto-configuration by using prefixes of these
addresses.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ipv6 nd ra prefix { ipv6-address ipv6-prefix-length | ipv6-prefix/ipv6-prefix-
length } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ]

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 62


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

The prefix of RA messages is configured.

----End

3.4.6 Configuring Other Information to Be Advertised


A router advertisement message carries information such as the maximum number of hops,
prefix option, neighbor hold time, and keepalive time.

Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can
configure the number of DAD messages which are sent continuously.
Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS
re-transmitting time interval is 1000ms.
Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. By default,
NUD value is 30000ms.
The MTU of the interface determines whether to fragment IP packets on the interface. Default
MTUs vary with interface types. The MTU on an Ethernet defaults to be 1500 bytes.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6 nd hop-limit limit

ND hop limit is configured.


The value of limit ranges from 1 to 255. By default, it is 64.
Step 3 Run:
interface interface-type interface-number

The interface view is displayed.


Step 4 Run:
ipv6 nd ra hop-limit limit

ND hop limit is configured.


The value of limit ranges from 0 to 255. By default, it is 64.

NOTE

l If the ipv6 nd ra hop-limit command has been run on an interface, the hop limit for an RA message
uses the value configured on the interface.
l If the ipv6 nd ra hop-limit command has not been run on an interface, the hop limit for an RA message
uses the value configured globally, that is, the value configured in the ipv6 nd hop-limit command.

Step 5 Run:
ipv6 nd ra router-lifetime ra-lifetime

The life duration of RA messages is configured.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 63


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

NOTE

l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval must
be less than or equal to the life duration.
l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.
l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration
is still 1800 seconds.

Step 6 Run:
ipv6 nd dad attempts value

Times to send DAD messages are configured.


Step 7 Run:
ipv6 nd ns retrans-timer interval

The interval for re-sending NS messages is set.


Step 8 Run:
ipv6 nd nud reachable-time value

The NUD reachable time is set.


Step 9 Run:
ipv6 mtu mtu

MTU of the interface is configured.

----End

Follow-up Procedure
If the IPv6 MTU value is changed, run the shutdown command and the undo shutdown
command orderly in the interface view to validate the configuration.

3.4.7 Configuring the Default Router Priority and Route


Information
RA packets that carry the default router priority and route information can be transmitted over
the local link. In this manner, a proper router can be selected to forward packets of a host.

Context
If a host is connected to multiple routers, the host must select a router to forward packets based
on the destination addresses of packets. The router can advertise the default router priority and
specified route information to the host so that the host can select a proper forwarding router
based on the destination addresses of packets.
After receiving the RA packets carrying the route information, the host updates its routing table.
When sending packets to another device, the host queries the routing table and selects a proper
route to send packets.
When receiving the RA packets that carry the priority of default routers, the host updates its
default router table. When sending packets to another device, if there is no route to be selected,
the host queries the default router table. Then, the host selects a router with the highest priority
on the local link to send packets. If the router is faulty, the host selects another router in
descending order of priority.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 64


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ipv6 nd ra preference { high | medium | low }

The default router priority is configured in RA packets.


Step 4 Run:
ipv6 nd ra route-information ipv6-address prefix-length lifetime route-lifetime
[ preference { high | medium | low } ]

Route information is configured in RA packets.

----End

3.4.8 Checking the Configuration


You can view the configuration of IPv6 neighbor discovery.

Prerequisites
The configurations of the IPv6 neighbor discovery function are complete.

Procedure
l Run the display ipv6 neighbors [ ipv6-address | [ vid vlan-id ] interface-type interface-
number | vpn-instance vpn-instance-name ]display ipv6 neighbors interface-type
interface-number| [vid vid ] | [cevid cevid] command to check the neighbor information in
the cache.
l Run the display ipv6 interface [ interface-type interface-number | brief ] command to
check the IPv6 information of an interface. If the interface is in the Up state, the
configuration is successful.
----End

Example
Run the display ipv6 neighbors command. If the cache of the neighbor information contains
neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.
<Huawei> display ipv6 neighbors ethernet 1/0/0
--------------------------------------------------------
IPv6 Address : 3003::2
Link-layer : 00e0-fc89-fe6e State : STALE
Interface : Eth1/0/0 Age : 7
VLAN : 10 CEVLAN: -
VPN name : vpn1 Is Router: TRUE
Secure FLAG : UN-SECURE

IPv6 Address : FE80::2E0:FCFF:FE89:FE6E

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 65


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Link-layer : 00e0-fc89-fe6e State : STALE


Interface : Eth1/0/0 Age : 7
VLAN : 10 CEVLAN: -
Is Router: TRUE
Secure FLAG : UN-SECURE
---------------------------------------------------------
Total: 2 Dynamic: 2 Static: 0

Run the display ipv6 interface command. If information about the IPv6 address on the interface
is displayed, it means that the configuration succeeds.
<Huawei> display ipv6 interface ethernet 1/0/0
Ethernet1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::1
Global unicast address(es):
2001::1, subnet is 2001::/64
5000::A19:A6FF:FECE:7D4B, subnet is 5000::/63
Joined group address(es):
FF02::1:FFCE:7D4B
FF02::2
FF02::1
FF02::1:FF00:1
MTU is 1280 bytes
ND DAD is disabled
ND reachable time is 10000 milliseconds
ND retransmit interval is 10000 milliseconds
Hosts use DHCP to obtain routable addresses.

Run the display ipv6 interface brief command. If information about the IPv6 address on the
interface and interface status are displayed, it means that the configuration succeeds.
<Huawei> display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface Physical Protocol
Ethernet2/0/2 up up
[IPv6 Address] 2030::101:101
Ethernet2/0/3 up up
[IPv6 Address] 2001::1
LoopBack0 up up(s)
[IPv6 Address] Unassigned

3.5 Configuring IPv4/IPv6 Dual Stacks


To establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite and
the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.

3.5.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for the IPv4/IPv6 dual protocol stack.

Applicable Environment
If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to be
enabled on the device.

Enabling the IPv4/IPv6 dual protocol stacks on the AR150/200 is a simple process. Enable the
IPv6 packet forwarding capacity in the system view and configure an IPv4 address or IPv6

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 66


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

address on the corresponding interface. The device can then forward IPv4 and IPv6 packets on
the corresponding interface.

Pre-configuration Tasks
Before configuring IPv6 tunnels, complete the following tasks:

l Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
l Configuring the link layer parameters for the interface

Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data.

No. Data

1 Type and number of the interface connected with the IPv4 network

2 IPv4 address and mask of the interface connected with the IPv4 network

3 Type and number of the interface connected with the IPv6 network

4 IPv6 address and prefix of the interface connected with the IPv6 network

3.5.2 Enabling IPv6 Packet Forwarding


To enable IPv6 packet forwarding, you need to enable IPv6 in both the interface view and the
system view.

Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:

l If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The interface on the device is not of the IPv6 capability
and hence you cannot perform any IPv6 configurations.
l If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the device cannot forward IPv6 data.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
ipv6

The IPv6 packet forwarding capability is enabled.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 67


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

To enable a device to forward IPv6 packets, you must run this command in the system view;
otherwise, the device cannot forward IPv6 packets although the interface is configured with an
IPv6 address.

By default, the IPv6 packet forwarding capability is disabled.

Step 3 Run:
interface interface-type interface-number

The view of the interface to be enabled with the IPv6 capability is displayed.

Step 4 Run:
ipv6 enable

The IPv6 capability is enabled on the interface.

Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability
in the interface view.

By default, the IPv6 capability is disabled on the interface.

----End

3.5.3 Configuring IPv4 and IPv6 Addresses for the Interface


You need to configure IPv4 and IPv6 addresses separately on the IPv4 and IPv6 networks.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view of the IPv4 network is displayed.

Step 3 Run:
ip address ip-address { mask | mask-length }

An IPv4 address is assigned to the interface.

Step 4 Run:
quit

Return to the system view.

Step 5 Run:
interface interface-type interface-number

The interface view of the IPv6 network is displayed.

Step 6 Perform the following configuration as required.


l Run:
ipv6 address auto link-local

The link-local address is set to be automatically generated.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 68


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

l Run:
ipv6 address ipv6-address link-local

The link-local address of the interface is configured.


l Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

The global unicast address is configured.


l Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

The IPv6 EUI-64 address is configured.

----End

3.5.4 Checking the Configuration


You can check the configuration of the IPv4/IPv6 stack.

Prerequisites
The IPv4/IPv6 stack has been configured.

Procedure
l Run the display this command in the interface view to view the information about the IPv4/
IPv6 stack.

----End

Example
EthRun the display this command to view information about the IPv4/IPv6 stack.
[Huawei-Ethernet1/0/0] display this
[V200R002C00]
#
interface GigabitEthernet0/0/1
ipv6 enable
ip address 20.1.1.1 255.255.255.0
ipv6 address 1002::1/64
ospfv3 1 area 0.0.0.0
#
return

3.6 Configuring PMTU


By setting the PMTU, you can select a proper MTU for packet transmission. In this manner,
packets do not have to be fragmented during transmission and loads on intermediate devices are
reduced. In addition, network resources are used more efficiently and the network throughput
reaches the optimal value.

3.6.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring the PMTU.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 69


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Applicable Environment
By setting PMTUs on interfaces, you can enable devices to send packets based on proper MTUs
across the network. This avoids packet fragmentation, reduces the burden of the devices,
implements efficient usage of network resources and achieves the best throughput.

Pre-configuration Tasks
Before configuring PMTUs, complete the following tasks:
l Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
l Configuring the link layer protocol for the interface

Data Preparation
To configure PMTUs, you need the following data.

No. Data

1 IPv6 address and PMTU value to be configured

2 PMTU aging time

3.6.2 Creating Static PMTU Entries


You can configure a static PMTU according to the lowest MTU of the path that a packet is to
traverse. This speeds up packet transmission.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6 pathmtu ipv6-address [ path-mtu ]

The PMTU value of a specified IPv6 address is configured.


By default, the PMTU of the IPv6 address is 1500 bytes.
l The maximum number of static PMTU entries is 300.
l The maximum number of dynamic and static PMTU entries on the public network is 512 for
the AR200 or AR1200, and 1024 for the AR2200 or AR3200.

----End

3.6.3 Configuring PMTU Aging Time


By setting the PMTU aging time, you can change the keepalive time of dynamic PMTU entries
in the cache. A static PMTU entry never ages.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 70


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ipv6 pathmtu age age-time

The aging time of PMTU is configured.


By default, the dynamic PMTU aging time is 10 minutes.
If the static PMTU exist, the dynamic PMTU dose not take effect.

----End

3.6.4 Checking the Configuration


You can view the configuration of a PMTU.

Prerequisites
The configurations of the PMTU are complete.

Procedure
l Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command to check
all PMTU items.
l Run the display ipv6 interface [ interface-type interface-number | brief ] command to
check the current MTU of the interface.
----End

Example
Run the display ipv6 pathmtu command. If the destination IPv6 address, the PMTU value, the
aging time and type are displayed, it means that the configuration succeeds.
<Huawei> display ipv6 pathmtu all
IPv6 Destination Address ZoneID PathMTU LifeTime(M) Type
fe80::12 0 1300 40 Dynamic
2222::3 0 1280 -- Static
-------------------------------------------------------------------------------
Total: 2 Dynamic: 1 Static: 1

Run the display ipv6 interface command. If the current MTU of the interface is displayed, it
means that the configuration succeeds.
<Huawei> display ipv6 interface ethernet 1/0/0
Ethernet1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00
Global unicast address(es):
2001::1, subnet is 2001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF04:5D00
FF02::2
FF02::1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 71


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

MTU is 1500 bytes


ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses

3.7 Configuring TCP6


By setting TCP6 packets, you can improve the performance of the network.

3.7.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring TCP6.

Applicable Environment
To optimize network performance, you need to adjust the TCP6 parameters.

Pre-configuration Tasks
Before configuring TCP6, complete the following tasks:

l Connecting and configuring the physical features for the interface and ensuring that the
status of the physical layer of the interface is Up
l Configuring the link layer protocol parameters for the interface and ensuring that the status
of the link layer protocol on the interface is Up

Data Preparation
To configure TCP6, you need the following data.

No. Data

1 Value of TCP6 FIN-WAIT timer

2 Value of TCP6 SYN-WAIT timer

3 Size of TCP6 Sliding Window

3.7.2 Configuring TCP6 Timers


By setting two TCP6 timers, you can control the TCP connection time.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 72


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Step 2 Run:
tcp ipv6 timer syn-timeout timer-value

The TCP6 SYN-WAIT timer is set.

By default, the SYN-WAIT timer is 75s.

Step 3 Run:
tcp ipv6 timer fin-timeout timer-value

The TCP6 FIN-WAIT timer is set.

By default, the FIN-WAIT timer is 600s.

----End

3.7.3 Configuring the Size of the TCP6 Sliding Window


By setting the sliding window size for TCP6, you can set the sizes of the receiving buffer and
transmitting buffer in the socket. In this manner, you can improve the performance of the
network.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
tcp ipv6 window window-size

The size of the TCP6 sliding window is configured.

The size of the TCP6 sliding window ranges from 1 KB to 32 KB. By default, the size of the
TCP6 sliding window is 8 KB.

----End

3.7.4 Checking the Configuration


You can view the configuration of TCP6.

Prerequisites
The configurations of the TCP6 function are complete.

Procedure
l Run the display tcp ipv6 statistics command to check related TCP6 statistics.
l Run the display tcp ipv6 status command to check the TCP6 connection status.
l Run the display udp ipv6 statistics command to check related UDP6 statistics.
l Run the display ipv6 socket [ socktype socket-type | task-id task-id socket-id socket-id ]
command to check the information of the specified socket.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 73


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Example
Run the display tcp ipv6 statistics, display tcp ipv6 status, and display udp ipv6 statistics
commands. If the connection status and statistic of TCP6 and UDP6 are displayed, it means that
the configuration succeeds.
<Huawei> display tcp ipv6 statistics
Received packets:
total: 0
total(64bit high-capacity counter): 0
packets in sequence: 0 (0 bytes)
window probe packets: 0
window update packets: 0
checksum error: 0
offset error: 0
short error: 0
duplicate packets: 0 (0 bytes)
partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets with data after window: 0 (0 bytes)
packets after close: 0
ACK packets: 0 (0 bytes)
duplicate ACK packets: 0
too much ACK packets: 0
packets dropped due to MD5 authentication failure: 0
packets dropped due to absence of MSO: 0
packets dropped due to presence of MSO: 0
packets received with MD5 Signature Option: 0

Sent packets:
total: 0
urgent packets: 0
total(64bit high-capacity counter): 0
control packets: 0 (including 0 RST)
window probe packets: 0
window update packets: 0
data packets: 0 (0 bytes)
data packets retransmitted: 0 (0 bytes)
ACK only packets: 0 (0 delayed)
packets sent with MD5 Signature Option: 0

Other Statistics:
retransmitted timeout: 0
connections dropped in retransmitted timeout: 0
keepalive timeout: 0
keepalive probe: 0
keepalive timeout, so connections disconnected: 0
initiated connections: 0
accepted connections: 0
established connections: 0
closed connections: 0 (dropped: 0, initiated dropped: 0)

<Huawei> display tcp ipv6 status


* - MD5 Authentication is enabled.
TCP6CB TID/SoID Local Address Foreign Address State VPNID
19df05d0 9/3 ::->23 ::->0 Listening 0
<Huawei> display udp ipv6 statistics
Received packets:
total: 0
total(64bit high-capacity counter): 0
checksum error: 0
shorter than header: 0
invalid message length: 0
no socket on port: 0
no multicast port: 0
not delivered, input socket full: 0
input packets missing pcb cache: 0
packets sent for external pre processing: 1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 74


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Sent packets:
total: 0
total(64bit high-capacity counter): 0

Run the display ipv6 socket command. If the related socket information is displayed, it means
that the configuration succeeds.
<Huawei> display ipv6 socket
SOCK_STREAM:
Task = VTYD(14), socketid = 4, Proto = 6,
LA = ::->22, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC

SOCK_DGRAM:
Task = VTYD(14), socketid = 3, Proto = 6,
LA = ::->23, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC

SOCK_RAW:

3.8 Maintaining IPv6


This section describes how to maintain IPv6. Detailed operations include deleting information
about IPv6 operation and monitoring IPv6 operation.

3.8.1 Resetting IPv6


This section describes clearance of information about IPv6 operation through the reset command.

Context

CAUTION
IPv6 statistics cannot restore after you clear it. So, confirm the action before you use the
command.

Procedure
l Run the reset ipv6 statistics command in the user view to clear statistics of processing
IPv6 packets after you confirm it.
l Run the reset ipv6 pathmtu { all | dynamic | static } command in the user view to clear
PMTU entries in the cache after you confirm it.
l Run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interface-
number] | interface-type interface-number [ dynamic | static ] } command in the user view
to clear IPv6 neighbor entries in the cache after you confirm it.
l Run the reset ipv6 address-policy command in the user view to clear address selection
policy entries.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 75


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

l Run the reset tcp ipv6 statistics command in the user view to clear all TCP6 statistics after
you confirm it.
l Run the reset udp ipv6 statistics command in the user view to clear all UDP6 statistics
after you confirm it.

----End

3.9 Configuration Examples


This section includes the networking requirements, precautions for configuration, and
configuration roadmap. An example is used to describe how to configure an IPv6 address and
Neighbor Discovery Protocol for an interface.

3.9.1 Example for Configuring an IPv6 Address for an Interface


This part provides an example for configuring the IPv6 address of an interface.

Networking Requirement
As shown in Figure 3-1, Router A and Router B are connected through GE interfaces. It is
required to configure IPv6 global unicast addresses for the interfaces and test the connectivity
between them.

The IPv6 global unicast addresses to be configured for the interfaces are 3001::1/64 and
3001::2/64.

Figure 3-1 Networking diagram of configuring an IPv6 address for an interface


Eth 1/0/0 Eth 1/0/0
3001::1/64 3001::2/64

RouterA RouterB

Configuration Roadmap
The configuration roadmap is as follows:

1. Enable IPv6 forwarding capability on devices.


2. Configure IPv6 global unicast addresses for the interfaces.

Data Preparation
To complement the configuration, you need the following data:

l Global unicast addresses of the interfaces

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 76


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Procedure
Step 1 Enable IPv6 packet forwarding on Router A and Router B.
# Configure Router A
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] ipv6

# Configure Router B
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] ipv6

Step 2 Configure IPv6 global unicast addresses for the interfaces.


# Configure Router A.
[RouterA] interface ethernet 1/0/0
[RouterA-Ethernet1/0/0] ipv6 enable
[RouterA-Ethernet1/0/0] ipv6 address 3001::1/64
[RouterA-Ethernet1/0/0] quit

# Configure Router B.
[RouterB] interface ethernet 1/0/0
[RouterB-Ethernet1/0/0] ipv6 enable
[RouterB-Ethernet1/0/0] ipv6 address 3001::2/64
[RouterB-Ethernet1/0/0] quit

Step 3 Verify the configuration.


If the configuration succeeds, you can view the configured IPv6 global unicast addresses and
status of the interface and the IPv6 protocol are both Up.
# Display interface information of Router A.
[RouterA] display ipv6 interface ethernet 1/0/0
Ethernet1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE01:E3
Global unicast address(es):
3001::1, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::2
FF02::1
FF02::1:FF01:E3
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses

# Display interface information of Router B.


[RouterB] display ipv6 interface ethernet 1/0/0
Ethernet1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::A19:A6FF:FE9B:6D3B
Global unicast address(es):
3001::2, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:2
FF02::2
FF02::1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 77


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

FF02::1:FF9B:6D3B
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses

# On Router A, ping the global unicast IPv6 address of Router B.


[RouterA] ping ipv6 3001::2
PING 3001::2 : 56 data bytes, press CTRL_C to break
Reply from 3001::2
bytes=56 Sequence=1 hop limit=64 time = 2 ms
Reply from 3001::2
bytes=56 Sequence=2 hop limit=64 time = 2 ms
Reply from 3001::2
bytes=56 Sequence=3 hop limit=64 time = 2 ms
Reply from 3001::2
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from 3001::2
bytes=56 Sequence=5 hop limit=64 time = 2 ms

--- 3001::2 ping statistics ---


5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/2 ms

----End

Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface ethernet1/0/0
ipv6 enable
ipv6 address 3001::1/64
#
return

l Configuration file of Router B


#
sysname RouterB
#
ipv6
#
interface ethernet1/0/0
ipv6 enable
ipv6 address 3001::2/64
#
return

3.9.2 Example for Configuring IPv6 Neighbor Discovery


This section describes how to configure IPv6 neighbor discovery.

Networking Requirements
As shown in Figure 3-2, two routers are connected through GE interfaces. Configure IPv6 link-
local address for the GE interfaces and enable the routers to send RA messages.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 78


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

Figure 3-2 Networking diagram for IPv6 neighbor discovery


Eth1/0/0 Eth 1/0/0

RouterA RouterB

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IPv6 forwarding capability on the router.
2. Configure the link-local unicast address on Ethernet 1/0/0.
3. Enable the routers to send RA messages on Ethernet 1/0/0.

Data Preparation
To complete the configuration, you need the following data:
l IPv6 link-local address for an interface.

Procedure
Step 1 Enable the IPv6 forwarding capability on the routers.
# Configure RouterA.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] ipv6

# Configure RouterB.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] ipv6

Step 2 Configure the link-local unicast address.


# Configure RouterA.
[RouterA] interface ethernet 1/0/0
[RouterA-Ethernet1/0/0] ipv6 enable
[RouterA-Ethernet1/0/0] ipv6 address auto link-local

# Configure RouterB.
[RouterB] interface ethernet 1/0/0
[RouterB-Ethernet1/0/0] ipv6 enable
[RouterB-Ethernet1/0/0] ipv6 address auto link-local

Step 3 Enable the routers to send RA messages.


# Enable RouterA to send RA messages.
[RouterA] interface ethernet 1/0/0
[RouterA-Ethernet1/0/0] undo ipv6 nd ra halt

# Enable RouterB to send RA messages.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 79


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

[RouterB] interface ethernet 1/0/0


[RouterB-Ethernet1/0/0] undo ipv6 nd ra halt

Step 4 Verify the configuration.


If the configuration succeeds, you can view the configured link-local unicast addresses. The
status of the interfaces and the IPv6 protocol are Up.
# Display information about Ethernet1/0/0 on RouterA.
[RouterA-Ethernet1/0/0] display this ipv6 interface
Ethernet1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE01:E3
No global unicast address configured
Joined group address(es):
FF02::1:FF01:E3
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
ND router advertisements hop-limit 64
ND default router preference medium
Hosts use stateless autoconfig for addresses

# Display information about GE 1/0/0 on RouterB.


[RouterB-Ethernet1/0/0] display this ipv6 interface
Ethernet1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::A19:A6FF:FE9B:6D3B
No global unicast address configured
Joined group address(es):
FF02::1:FF9B:6D3B
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
ND router advertisements hop-limit 64
ND default router preference medium
Hosts use stateless autoconfig for addresses

# Display the neighbor entries of RouterA.


[RouterA] display ipv6 neighbors
-----------------------------------------------------------------------------
IPv6 Address : FE80::A19:A6FF:FE9B:6D3B
Link-layer : 0819-a69b-6d3b State : STALE
Interface : Eth1/0/0 Age : 27
VLAN : - CEVLAN: -
Is Router : TRUE
Secure FLAG : UN-SECURE

-----------------------------------------------------------------------------
Total: 1 Dynamic: 1 Static: 0

# Display information about IPv6 neighbors of RouterB.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 80


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 3 Basic IPv6 Configuration

[RouterB] display ipv6 neighbors


-----------------------------------------------------------------------------
IPv6 Address : FE80::2E0:FCFF:FE01:E3
Link-layer : 00e0-fc01-00e3 State : STALE
Interface : Eth1/0/0 Age : 39
VLAN : - CEVLAN: -
Is Router : TRUE
Secure FLAG : UN-SECURE

-----------------------------------------------------------------------------
Total: 1 Dynamic: 1 Static: 0

----End

Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
ipv6
#
interface Ethernet1/0/0
ipv6 enable
ipv6 address auto link-local
undo ipv6 nd ra halt
#
return

l Configuration file of RouterB


#
sysname RouterB
#
ipv6
#
interface Ethernet1/0/0
ipv6 enable
ipv6 address auto link-local
undo ipv6 nd ra halt
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 81


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

4 DNS Configuration

About This Chapter

This chapter describes the principles and configuration procedures of the Domain Name System
(DNS) on the AR150/200, and provides configuration examples.

4.1 DNS Overview


This section describes the DNS concept.
4.2 DNS Features Supported by the AR150/200
The AR150/200 can function as the DNS client, DNS proxy/relay, or dynamic DNS (DDNS)
client.
4.3 Configuring a DNS Client
A DNS client uses domain names to communicate with other devices.
4.4 Configuring DNS Proxy or Relay
This section describes how to configure DNS proxy or relay.
4.5 Configuring a DDNS Client
The AR150/200 can function as the DDNS client to dynamically obtain latest mappings between
domain names of web sites and IP addresses on the DNS server. This allows your organization
to use domain names to access web sites.
4.6 Maintaining DNS
This section describes how to maintain DNS.
4.7 Configuration Examples
This section provides DNS configuration examples.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 82


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

4.1 DNS Overview


This section describes the DNS concept.
TCP/IP defines IP addresses to locate devices. It is difficult to remember the IP address of a
device; therefore, host names are designed in the form of strings. These host names are in one-
to-one mapping with IP addresses. Therefore, DNS is developed to provide a translation and
query mechanism between IP addresses and host names.
The DNS is a hierarchical naming system that designates meaningful names for devices on the
network and sets a DNS server to associate domain names with IP addresses. In this manner,
you can use the simple and meaningful domain names instead of the complicated IP addresses.

4.2 DNS Features Supported by the AR150/200


The AR150/200 can function as the DNS client, DNS proxy/relay, or dynamic DNS (DDNS)
client.

AR150/200 Functioning as a DNS Client


The AR150/200 can be used as a DNS Client. A DNS client provides the following functions:

l Static DNS resolution. Mappings between domain names and IP addresses are configured
manually. When a DNS client requests the IP address mapping a domain name, it searches
for the specified domain name in the static DNS table to obtain the mapping IP address.
l Dynamic DNS resolution. A DNS server searches for the IP address mapping a domain
name. When the DNS server receives a query message from a DNS client, it searches for
the IP address mapping the domain name in its DNS database. If no matching entry is found,
it sends a query message to an upper-level DNS server. This process continues until the
DNS server finds the corresponding IP address or detecting that the domain name does not
exist. The DNS server then sends a response to the DNS client.

AR150/200 Functioning as a DNS Proxy/Relay


The AR150/200 supports the DNS Proxy/Relay function. If no DNS server is deployed on a
LAN, a DNS client on the LAN can connect to an external DNS server through the
AR150/200 enabled with DNS proxy or relay. After the external DNS server translates the
domain name of the DNS client to an IP address, the DNS client can access the Internet.
DNS relay is similar to DNS proxy. The difference is that the DNS proxy searches for DNS
entries saved in the local cache after receiving DNS query messages from DNS clients. The DNS
relay, however, directly forwards DNS query messages to the DNS server, reducing the
workload.

AR150/200 Functioning as a DDNS Client


The AR150/200 can function as the DDNS client. After a Layer 3 interface or a VLANIF
interface of the AR150/200 is configured as a DDNS client, the AR150/200 notifies the DDNS
server about the new IP address when the IP address of the interface enabled with DDNS client
changes. The DDNS server dynamically updates the mapping between the domain name and
the IP address on the DNS server to ensure that the IP address can be resolved correctly.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 83


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

4.3 Configuring a DNS Client


A DNS client uses domain names to communicate with other devices.

4.3.1 Establishing the Configuration Task


Before configuring a DNS client, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the data required for the configuration. This will help
you complete the configuration task quickly and accurately.

Applicable Environment
IP addresses such as 202.112.131.109 are difficult to remember; therefore, most organizations
use abbreviations or meaningful names (also called domain names) such as www.sina.com.cn
to identify devices. Name resolvers or domain servers resolve mappings between IP addresses
and domain names.
A DNS client provides functions of a name resolver and completes resolution between IP
addresses and domain names.
If your organization seldom uses domain names to access other devices or there are no available
DNS servers, you must configure static DNS entries. To configure static DNS entries, you must
know mappings between domain names and IP addresses. When mappings between domain
names and IP addresses change, you must manually modify DNS entries.
If your organization uses domain names to access many devices and DNS servers are available,
you can configure dynamic DNS entries.

Pre-configuration Tasks
Before configuring a DNS client, complete the following tasks:
l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up
l Configuring a DNS server
l Configuring a route between the local routing device and the DNS server

Data Preparation
To configure a DNS client, you need the following data.

No. Data

1 Domain name and corresponding IP address in a static DNS entry

2 (Optional) IP address of a DNS server

3 (Optional) IP address of the local routing device

4 (Optional) Domain name suffix list

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 84


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

4.3.2 Configuring Static DNS


This section describes how to configure static DNS.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
ip host host-name ip-address

A static DNS entry is configured.

Each host name can be mapped to only one IP address. When multiple IP addresses are mapped
to a host name, only the latest configuration takes effect. If multiple host names need to be
resolved, repeat step 2.

----End

4.3.3 Configuring Dynamic DNS


This section describes how to configure dynamic DNS.

Context
To implement dynamic DNS, you need to enable dynamic DNS resolution, configure a DNS
server, and configure a source IP address for the local routing device and a domain name suffix.
If the local routing device uses an IP address allocated by the DHCP server and the information
delivered by the DHCP server to the local routing device contains the DNS server address and
the domain name suffix list, you only need to enable dynamic DNS resolution.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
dns resolve

Dynamic DNS resolution is enabled.

Step 3 (Optional) Run:


dns server ip-address

The IP address of the DNS server is configured.

Step 4 (Optional) Run:


dns server source-ip ip-address

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 85


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

The source IP address is specified for the local routing device to communicate with the DNS
client.

The local routing device uses the specified address to communicate with the DNS server. This
ensures communication security.

Step 5 (Optional) Run:


dns domain domain-name

A domain name suffix is configured.

----End

Follow-up Procedure
The system supports a maximum of six DNS servers, one specified source address, and 10
domain name suffixes. If multiple DNS servers are required, repeat step 3. If multiple domain
name suffixes are required, repeat step 5.

4.3.4 Checking the Configuration


After completing the DNS client configuration, you can view the configuration.

Procedure
l Run the display ip host command to check static DNS entries.
l Run the display dns server command to check the DNS server configuration.
l Run the display dns domain command to check the domain name suffix configuration.
l Run the display dns dynamic-host command to check dynamic DNS entries.

----End

Example
# Run the display ip host command to view static DNS entries.
<Huawei> display ip host
Host Age Flags Address
www.3322.org 0 static 10.138.90.34
members.3322.org 0 static 10.138.90.51
checkip.dyndns.com 0 static 10.138.90.51
members.dyndns.org 0 static 10.138.90.51

# Run the display dns server command to view the DNS server configuration.
<Huawei> display dns server
Type:
D:Dynamic S:Static

DNS Server Type IP Address


1 S 10.10.1.1
2 S 10.10.1.2

# Run the display dns domain command to view the domain name suffix configuration.
<Huawei> display dns domain
No Domain-name
1 com
2 net

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 86


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

# Run the display dns dynamic-host command to view dynamic DNS entries saved in the
domain name cache.
<Huawei> display dns dynamic-host
Host TTL Type Address(es)
sipx.autosrv.com 114 IP
192.168.2.18
sip.autosrv.com 237 IP
192.168.2.61
sip.autonaptr.com 117 IP
192.168.2.19
_sip._tcp.autosrv.com 55 SRV 0 0 0 sipx.autosrv.com
0 0 0 sip.autosrv.com
autonaptr.com 0 NAPTR 101 10 A SIP+D2T sip.autona

4.4 Configuring DNS Proxy or Relay


This section describes how to configure DNS proxy or relay.

4.4.1 Establishing the Configuration Task


Before configuring DNS proxy or relay, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
If no DNS server is deployed on a LAN, a DNS client on the LAN can connect to an external
DNS server through the AR150/200 enabled with DNS proxy or relay. After the external DNS
server translates the domain name of the DNS client to an IP address, the DNS client can access
the Internet.

DNS proxy or relay reduces network management costs. Changing the IP address of the DNS
server requires that you change only the configuration on the DNS proxy or relay.

Pre-configuration Tasks
Before configuring DNS proxy or relay, complete the following tasks:
l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up
l Configuring a DNS server
l Configuring routes between the local routing device and the DNS client and between the
local routing device and the DNS server

Data Preparation
No. Data

1 IP address of a DNS server

2 (Optional) IP address in response messages for DNS spoofing

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 87


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

No. Data

3 (Optional) Aging time of DNS entries

4.4.2 Configuring a DNS Server


This section describes how to configure a DNS server.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dns resolve

Dynamic DNS resolution is enabled.


Step 3 Run:
dns server ip-address

The IP address of the DNS server that the DNS proxy or relay access is configured.

----End

4.4.3 (Optional) Configuring DNS Spoofing


This section describes how to configure DNS spoofing.

Context
If the AR150/200 is enabled with DNS proxy or relay but is not configured with a DNS server
address or has no route to the DNS server, it does not forward or respond to DNS query messages
from DNS clients. If DNS spoofing is enabled, the AR150/200 uses the configured IP address
to respond to all DNS query messages.
In addition to enabling DNS proxy or relay, one of the following conditions must be met to make
DNS spoofing take effect:
l No DNS server is configured.
l A DNS server is configured, but dynamic DNS resolution is disabled.
l There is no route to the DNS server.
l There is no source IP address on the outbound interface connected to the DNS server.
If one of the preceding conditions is met, when the DNS proxy or relay receives an address
record query, it spoofs reply messages to any DNS query messages using the configured IP
address.

Procedure
Step 1 Run:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 88


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

system-view

The system view is displayed.


Step 2 Run:
dns proxy enable

DNS proxy is enabled.


Or, run:
dns relay enable

DNS relay is enabled.


DNS relay is similar to DNS proxy. The difference is that the DNS proxy searches for DNS
entries saved in the local cache after receiving DNS query messages from DNS clients. The DNS
relay, however, directly forwards DNS query messages to the DNS server, reducing the
workload.
Step 3 Run:
dns spoofing ip-address

DNS spoofing is enabled and an IP address in response messages is specified.

----End

4.4.4 (Optional) Setting the Aging Time of DNS Entries


This section describes how to set the Aging Time of DNS Entries.

Context
When the DNS proxy or relay is attacked, the DNS table becomes full. As a result, the DNS
proxy or relay cannot resolve new domain names into IP addresses. To solve the problem, you
can set the aging time of DNS entries so that the local routing device can delete expired DNS
entries.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dns proxy enable

DNS proxy is enabled.


Or run:
dns relay enable

DNS relay is enabled.


DNS relay is similar to DNS proxy. The difference is that the DNS proxy searches for DNS
entries saved in the local cache after receiving DNS query messages from DNS clients. The DNS
relay, however, directly forwards DNS query messages to the DNS server, reducing the
workload.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 89


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

Step 3 Run:
dns forward expire-time time

The aging time is set for DNS entries on the DNS proxy or relay.
By default, the aging time of DNS entries is 60s.

----End

4.4.5 Checking the Configuration


After configuring DNS proxy/relay, you can view the DNS table.

Procedure
l Run the display dns forward table [ source-ip ip-address ] command to check the DNS
table.
----End

Example
# Run the display dns forward table [ source-ip ip-address ] command to view the DNS table
of the DNS proxy or relay.
<Huawei> display dns forward table
Domain name : ma.huawei.com
Source IP : 1.1.1.3
Source port : 33025
Source packet id : 42564
Forward packet id : 1
Retry count : 2
Query type : 1

4.5 Configuring a DDNS Client


The AR150/200 can function as the DDNS client to dynamically obtain latest mappings between
domain names of web sites and IP addresses on the DNS server. This allows your organization
to use domain names to access web sites.

4.5.1 Establishing the Configuration Task


Before configuring a DDNS client, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
DNS can resolve domain names into IP addresses so that you can use domain names to access
network nodes. DNS just provides static mappings between domain names and IP addresses. It
cannot dynamically update the mapping when the IP address of a node changes. If you use the
original domain name to access the node, you cannot access the node because the IP address
mapping the domain name is incorrect.
The AR150/200 can function as the DDNS client. The AR150/200 notifies the DDNS server
about the new IP address when the IP address of the interface that provides web services changes.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 90


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

The DDNS server dynamically updates the mapping between the domain name and the IP
address on the DNS server to ensure that the IP address can be resolved correctly.

Pre-configuration Tasks
Before configuring a DDNS client, complete the following tasks:
l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up
l Registering routes on the DDNS server Web site
l Configuring a route between the local routing device and the DDNS server

Data Preparation
No. Data

1 URL in the DDNS server

2 (Optional) Interval for sending DDNS update requests

3 Number of the interface bound to a DDNS policy

4.5.2 Creating a DDNS Policy


Before using DDNS functions, you must create a DDNS policy in the system view.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
ddns policy policy-name

A DDNS policy is created and the DDNS policy view is displayed.

----End

4.5.3 Configuring a DDNS Policy


This section describes how to configure a DDNS policy.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 91


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

Step 2 Run:
ddns policy policy-name

A DDNS policy is created and the DDNS policy view is displayed.

Step 3 Run:
url request-url

The Uniform Resource Location (URL) in DDNS update requests is specified.

After a DDNS policy is created, enter the URL and specify a DDNS server in the URL. The
processes for the AR150/200 to request DDNS updates from different DDNS servers are
different; therefore, the URL configuration of DDNS servers is different.

l When the AR150/200 uses HTTP to communicate with the DDNS server provided by the
vendor at www.3322.org, the URL in a DDNS update request is:
http://username:password@members.3322.org/dyndns/
update'system=dyndns&hostname=<h>&ip=<a>
l When the AR150/200 uses TCP to communicate with the DDNS server provided by the
vendor at www.oray.cn, the URL in a DDNS update request is:
oray://username:password@phddnsdev.oray.net

Step 4 Run:
interval interval-time

The interval for sending DDNS update requests is set.

After the interval for sending DDNS update requests is set in the configured DDNS policy, the
AR150/200 sends DDNS update requests at intervals. By default, the interval for sending DDNS
update requests is 3600s.

----End

4.5.4 Binding a DDNS Policy to an Interface


You can bind a DDNS policy to an interface to update the mapping between the specified fully
qualified domain name (FQDN) and an IP address.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Step 3 Run:
ddns apply policy policy-name fqdn domain-name

The DDNS policy is bound to the interface.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 92


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

On the AR150/200, DDNS policies can only be bound to Layer 3 interfaces and VLANIF
interfaces.

----End

4.5.5 Checking the Configuration


After configuring a DDNS client, you can view the DDNS client configuration.

Procedure
l Run the display ddns policy policy-name command to view DDNS policy information.
l Run the display ddns interface interface-type interface-number command to view DDNS
policy information on the interface.
----End

Example
# Run the display ddns policy command to view information about the DDNS policy
JackPolicy.
<Huawei> display ddns policy JackPolicy
Policy name : JackPolicy
Policy interval time : 3600
Policy URL : oray://Jack:Jack2010@phddnsdev.oray.net
Policy bind count : 1

===== interface Ethernet1/0/0 ======


Statuses: START
Refresh: enable

# Run the display ddns interface command to view the DDNS policy information on VLANIF
100.
<Huawei> display ddns interface Vlanif 100
===== Policy JackPolicy =======
URL: oray://Jack:Jack2010@phddnsdev.oray.net
Statuses: START
Refresh: enable

4.6 Maintaining DNS


This section describes how to maintain DNS.

4.6.1 Deleting Dynamic DNS Entries of DNS Clients


This section describes how to delete dynamic DNS entries of DNS clients.

Procedure
Step 1 Run the reset dns dynamic-host command to delete dynamic DNS entries of DNS clients.
Dynamic DNS entries cannot be restored after being deleted. Exercise caution when you run the
command.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 93


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

4.6.2 Deleting DNS Entries of the DNS Proxy or Relay


When the DNS proxy or relay is attacked, the DNS table becomes full. The reset dns forward
table command can delete all DNS entries.

Procedure
Step 1 Run the reset dns forward table [ ip-address ] command to delete DNS entries of the DNS
proxy or relay.

----End

4.6.3 Manually Updating a DDNS Policy


This section describes how to manually update a DDNS policy.

Procedure
Step 1 Run the reset ddns policy policy-name [ interface-type interface-num ] command to update
mappings between all the IP addresses and host names in the DDNS policy are updated.

----End

4.7 Configuration Examples


This section provides DNS configuration examples.

4.7.1 Example for Configuring a DNS Client


Networking Requirements
As shown in Figure 4-1, RouterA functions as a DNS client and cooperates with the DNS server.
RouterA can access the host at 2.1.1.3/16 by domain name huawei.com. The domain name
suffixes are configured as com and net.
Static DNS entries of RouterB and RouterC are configured on RouterA so that RouterA can
manage RouterB and RouterC.

NOTE
AR150/200 is RouterA.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 94


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

Figure 4-1 Network diagram


Loopback0 Loopback0
4.1.1.1/32 4.1.1.2/32

RouterB RouterC
Eth1/0/0
1.1.1.2/16 3.1.1.1/16
Eth1/0/0 Eth2/0/0 Eth2/0/0
DNS Client 1.1.1.1/16 2.1.1.1/16 2.1.1.2/16 DNS Server
RouterA 3.1.1.2/16

huawei.com
2.1.1.3/16

Configuration Roadmap
The configuration roadmap is as follows:
1. Create static DNS entries.
2. Enable DNS resolution.
3. Configure an IP address for the DNS server.
4. Configure a domain name suffix.
5. Configure OSPF.

Data Preparation
To complete the configuration, you need the following data:
l Number and IP address of the interface connecting RouterA and RouterB.
l Domain names of RouterB and RouterC.
l IP address of the DNS server.
l Domain name suffix.

Procedure
Step 1 Configure RouterA.
# Configure an IP address for Eth1/0/0.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface Ethernet 1/0/0
[RouterA-Ethernet1/0/0] ip address 1.1.1.2 255.255.0.0
[RouterA-Ethernet1/0/0] quit

# Configure OSPF.
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 95


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit

# Create static DNS entries.


[RouterA] ip host DeviceB 4.1.1.1
[RouterA] ip host DeviceC 4.1.1.2

# Enable DNS resolution.


[RouterA] dns resolve

# Configure an IP address for the DNS server.


[RouterA] dns server 3.1.1.2

# Configure a domain name suffix as net.


[RouterA] dns domain net

# Configure a domain name suffix as com.


[RouterA] dns domain com

NOTE

You must configure OSPF on RouterB and RouterC so that a route between RouterA and the DNS server
can be generated. For details about OSPF configurations on RouterB and RouterC, see the configuration
files.

Step 2 Verify the configuration.

# Run the ping huawei.com command on RouterA. You can see that the ping operation succeeds
and the destination IP address is 2.1.1.3.
<RouterA> ping huawei.com
Trying DNS server (3.1.1.2)
PING huawei.com (2.1.1.3): 56 data bytes, press CTRL_C to break
Reply from 2.1.1.3: bytes=56 Sequence=1 ttl=126 time=6 ms
Reply from 2.1.1.3: bytes=56 Sequence=2 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=3 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=4 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=5 ttl=126 time=4 ms

--- huawei.com ping statistics ---


5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms

Run the display ip host command on RouterA. You can view mappings between host names
and IP addresses in static DNS entries.
<RouterA> display ip host
Host Age Flags Address
DeviceB 0 static 4.1.1.1
DeviceC 0 static 4.1.1.2

# Run the display dns dynamic-host command on RouterA. You can view information about
dynamic DNS entries in the domain name cache.
<RouterA> display dns dynamic-host
Host TTL Type Address(es)
huawei.com 114 IP
2.1.1.3

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 96


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

NOTE

The TTL field in the command output indicates the time left before a DNS entry is aged out, in seconds.

----End

Configuration Files
Configuration file of RouterA

#
sysname RouterA
#
ip host DeviceB 4.1.1.1
ip host DeviceC 4.1.1.2
#
dns resolve
dns server 3.1.1.2
dns domain net
dns domain com
#
interface Ethernet 1/0/0
ip address 1.1.1.2 255.255.0.0
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
#
return

Configuration file of RouterB

#
sysname RouterB
#
interface LoopBack0
ip address 4.1.1.1 255.255.255.255
#
interface Ethernet 1/0/0
ip address 1.1.1.1 255.255.0.0
#
interface Ethernet 2/0/0
ip address 2.1.1.1 255.255.0.0
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
network 2.1.0.0 0.0.255.255
network 4.1.1.1 0.0.0.0
#
return

Configuration file of RouterC

#
sysname RouterC
#
interface LoopBack0
ip address 4.1.1.2 255.255.255.255
#
interface Ethernet 1/0/0
ip address 3.1.1.1 255.255.0.0
#
interface Ethernet 2/0/0
ip address 2.1.1.2 255.255.0.0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 97


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

#
ospf 1
area 0.0.0.0
network 2.1.0.0 0.0.255.255
network 3.1.0.0 0.0.255.255
network 4.1.1.2 0.0.0.0
#
return

4.7.2 Example for Configuring DNS Proxy


Networking Requirements
As shown in Figure 4-2, no DNS server is deployed on NetworkA. Users on NetworkA access
the external DNS server to resolve domain names through RouterA enabled with DNS proxy.
If the route between RouterA and the DNS server is unreachable, the IP address configured for
DNS spoofing is returned.

NOTE
AR150/200 is RouterA.

Figure 4-2 Network diagram for configuring DNS proxy

RouterA
DNS Proxy Eth1/0/0 Eth2/0/0
1.1.1.2/16 2.1.1.2/16
NetworkA
Eth1/0/0
1.1.1.1/16 RouterB DNS Server
2.1.1.1/16

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a DNS server.
2. Configure DNS spoofing.

Data Preparation
To complete the configuration, you need the following data:
l IP address of the DNS server.
l Aging time of DNS entries.
l IP address configured by DNS spoofing.

Procedure
Step 1 Configure an IP address for Eth1/0/0.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface ethernet 1/0/0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 98


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

[RouterA-Ethernet1/0/0] ip address 1.1.1.1 255.255.0.0


[RouterA-Ethernet1/0/0] quit

Step 2 Configure a DNS server.


# Enable dynamic DNS resolution.
[RouterA] dns resolve

# Configure a DNS server that the DNS proxy or relay access.


[RouterA] dns server 2.1.1.1

# Enable DNS proxy.


[RouterA] dns proxy enable

# Set the aging time of DNS entries to 150s on the DNS proxy or relay.
[RouterA] dns forward expire-time 150

Step 3 Enable DNS spoofing and specify the IP address in response messages as 10.1.1.3.
[RouterA] dns spoofing 10.1.1.3

Step 4 Configure OSPF.


[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit

NOTE

You must configure OSPF on RouterB so that a route between RouterA and the DNS server can be
generated. For details about OSPF configurations on RouterB, see the configuration file.

Step 5 Verify the configuration.


# Run the display current-configuration command on RouterA to view the DNS proxy
configuration.
<RouterA> display current-configuration | include dns
dns resolve
dns server 2.1.1.1
dns proxy enable
dns spoofing 10.1.1.3
dns forward expire-time 150

----End

Configuration Files
Configuration file of RouterA

#
sysname RouterA
#
interface Ethernet 1/0/0
ip address 1.1.1.1 255.255.0.0
#
dns resolve
dns server 2.1.1.1
dns proxy enable
dns forward expire-time 150
#
dns spoofing 10.1.1.3

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 99


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
#
return

Configuration file of RouterB

#
sysname RouterB
#
interface Ethernet 1/0/0
ip address 1.1.1.2 255.255.0.0
#
interface Ethernet 2/0/0
ip address 2.1.1.2 255.255.0.0
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
network 2.1.0.0 0.0.255.255
#
return

4.7.3 Example for Configuring a DDNS Client


Networking Requirements
As shown in Figure 4-3, the domain name of RouterA is www.abc.com. RouterA obtains an IP
address from the DHCP server; therefore, the IP address may change. In this case, you must
enable the DDNS client function to obtain the latest mapping between the domain name and the
IP address. The DDNS service provider www.oray.com is used as the DDNS server. RouterA
functions as the DDNS client to send a request to the DDNS server when the IP address of
RouterA changes. Then the DDNS server instructs the DNS server to reconfigure the mapping
between the domain name and the IP address.
NOTE
AR150/200 is RouterA.

Figure 4-3 Network diagram


Loopback0 Loopback0
4.1.1.1/32 4.1.1.2/32
RouterA 1.1.1.2/16 RouterB RouterC Eth1/0/0
Eth1/0/0 3.1.1.1/16
Eth1/0/0 Eth2/0/0 Eth2/0/0
DDNS Client 1.1.1.1/16 2.1.1.1/16 2.1.1.2/16 DNS Server
3.1.1.2/16

DDNS Server
2.1.1.3/16

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 100


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Create a DDNS policy.
2. Configure the URL for the DDNS server.
3. Set the interval for sending DDNS update requests.
4. Bind a DDNS policy to an interface.

Data Preparation
To complete the configuration, you need the following data:
l Domain name of RouterA
l URL of the DDNS server
l User name and password for the DDNS client to log in to the DDNS server
l Interval for sending DDNS update requests

Procedure
Step 1 Configure RouterA.
# Create a DDNS policy.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] ddns policy mypolicy

# Configure the URL of the DDNS server.


[RouterA-ddns-policy-mypolicy] url oray://steven:nevets@phddnsdev.oray.net

# Set the interval for sending DDNS update requests.


[RouterA-ddns-policy-mypolicy] interval 3600
[RouterA-ddns-policy-mypolicy] quit

# Enable DNS resolution.


[RouterA] dns resolve

# Configure an IP address for the DNS server.


[RouterA] dns server 3.1.1.2

# Bind the DDNS policy to Eth1/0/0.


[RouterA] interface ethernet 1/0/0
[RouterA-Ethernet1/0/0] ip address 1.1.1.2 255.255.0.0
[RouterA-Ethernet1/0/0] ddns apply policy mypolicy fqdn www.abc.com
[RouterA-Ethernet1/0/0] quit

After the configuration is complete, when the IP address of Eth1/0/0 changes, RouterA instructs
the DNS server to establish a mapping between the domain name www.abc.com and the new IP
address through the DDNS server. By doing this, users on the Internet can resolve a new IP
address mapping the domain name www.abc.com.
# Configure OSPF.
[RouterA] ospf
[RouterA-ospf-1] area 0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 101


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

[RouterA-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255


[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit

NOTE

To implement communication between the DDNS client, DDNS server, and the DNS server, configure
OSPF on RouterB and RouterC. For details about OSPF configurations on RouterB and RouterC, see the
configuration files.

Step 2 Verify the configuration.


# Run the display ddns policy mypolicy command on RouterA, and you can view information
about the DDNS policy named mypolicy.
<RouterA> display ddns policy mypolicy
Policy name : mypolicy
Policy interval time : 3600
Policy URL : oray://steven:nevets@phddnsdev.oray.net
Policy bind count : 1

===== interface Ethernet1/0/0 ======


Statuses:
ESTABLISH
Refresh: enable

# Run the display ddns interface ethernet 1/0/0 command on RouterA, and you can view
information about the DDNS policy on Eth1/0/0.
<RouterA> display ddns interface ethernet 1/0/0
===== Policy mypolicy =======
URL: oray://steven:nevets@phddnsdev.oray.net

Statuses:
ESTABLISH
Refresh: enable

----End

Configuration Files
Configuration file of RouterA

#
sysname RouterA
#
ddns policy mypolicy
url oray://steven:nevets@phddnsdev.oray.net
#
interface Ethernet1/0/0
ip address 1.1.1.2 255.255.0.0
ddns apply policy mypolicy fqdn www.abc.com
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
#
return

Configuration file of RouterB

#
sysname RouterB
#
interface LoopBack0
ip address 4.1.1.1 255.255.255.255

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 102


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 4 DNS Configuration

#
interface Ethernet1/0/0
ip address 1.1.1.1 255.255.0.0
#
interface Ethernet2/0/0
ip address 2.1.1.1 255.255.0.0
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
network 2.1.0.0 0.0.255.255
network 4.1.1.1 0.0.0.0
#
return

Configuration file of RouterC

#
sysname RouterC
#
interface LoopBack0
ip address 4.1.1.2 255.255.255.255
#
interface Ethernet1/0/0
ip address 3.1.1.1 255.255.0.0
#
interface Ethernet2/0/0
ip address 2.1.1.2 255.255.0.0
#
ospf 1
area 0.0.0.0
network 2.1.0.0 0.0.255.255
network 3.1.0.0 0.0.255.255
network 4.1.1.2 0.0.0.0
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 103


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

5 NAT Configuration

About This Chapter

Network Address Translation (NAT) translates private addresses into public addresses. It
conserves IPv4 addresses and improves network security by shielding the private network
topology.

5.1 NAT Overview


NAT enables hosts on a private network to access the public network.
5.2 NAT Features Supported by the AR150/200
The AR150/200 supports the following NAT features: static NAT, port address translation
(PAT), internal server, NAT Application Level Gateway (ALG), NAT filtering, NAT mapping,
Easy IP, twice NAT, and NAT multi-instance.
5.3 Configuring NAT
To implement communication between the private network and the public network through
NAT, use Easy IP for a single user and an address pool for multiple users.
5.4 Configuration Examples
This section provides several configuration examples of NAT.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 104


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

5.1 NAT Overview


NAT enables hosts on a private network to access the public network.

Private Network Address and Public Network Address


A private network address, which is also called a private address, is the IP address of an internal
network or host. A public network address, which is also called a public address, is a unique IP
address on the Internet. The Internet Assigned Number Authority (IANA) defines the following
IP addresses as private addresses:
l Class A: 10.0.0.0-10.255.255.255
l Class B: 172.16.0.0-172.31.255.255
l Class C: 192.168.0.0-192.168.255.255
After planning the scale of the intranet, an enterprise chooses the proper private address segment.
The private address segments of enterprises can overlap each other. If an intranet does not use
the IP address in the defined private address segments, errors may occur during communication
with other networks.

Principle of NAT
As shown in Figure 5-1, the private address must be translated when a host on a private network
accesses the Internet or interworks with the hosts on a public network.

Figure 5-1 Networking of NAT


PC WWW client PC
10.1.1.10 10.1.1.48 ........

Router Internalnetwork

203.196.3.23 Externalnetwork

WWW Server
202.18.245.251

The private network uses network segment 10.0.0.0 and its public address is 203.196.3.23. The
host 10.1.1.48 on the private network accesses the server 202.18.245.251 on the public network
in Web mode.
The host sends a data packet, and uses port 6084 as the source port and port 80 as the destination
port. After the address is translated, the source address/port of the packet is changed to
203.196.3.23:32814, and the destination address/port remains unchanged. The AR150/200
maintains a mapping table between addresses and ports.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 105


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

After the web server responds to the host, the AR150/200 translates the destination IP address/
port in the returned data packet to 10.1.1.48:6084. In this way, the host on the private network
can access the server on the public network.

5.2 NAT Features Supported by the AR150/200


The AR150/200 supports the following NAT features: static NAT, port address translation
(PAT), internal server, NAT Application Level Gateway (ALG), NAT filtering, NAT mapping,
Easy IP, twice NAT, and NAT multi-instance.

Static NAT
Static NAT maps a private address to a public address. That is, the number of private addresses
is equal to the number of public addresses. Static NAT cannot save public addresses, but can
shield the topology of the private network.
When a packet is sent from a private network to the public network, static NAT translates the
source IP address of the packet to a public address. When the public network returns a response,
static NAT translates the destination IP address of the response packet to the private address.

PAT
Port address translation (PAT), which is also called network address port translation (NAPT),
maps a public address to multiple private addresses. Therefore, public addresses are saved. PAT
translates source IP addresses of packets from hosts that reside on the private network to a public
address. The translated port numbers of these packets are different, and the private addresses
can share a public address.
A mapping table between private addresses and ports is configured for PAT. Before packets
from different private addresses are sent to the public network, the PAT-enabled device replaces
the source addresses with the same public address. The source port numbers of the packets,
however, are replaced with different port numbers. When the public network returns response
packets to private networks, the PAT-enabled device translates the destination IP addresses to
private addresses according to the port numbers. Figure 5-2 shows how PAT translates IP
addresses and port numbers.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 106


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Figure 5-2 PAT working process


PAT
Datagram 1 Datagram 1
Src IP:192.168.1.3 Src IP: 202.169.10.1
Src Port:23 Src Port:10023

Datagram 2 Datagram 2
Src IP: 192.168.1.3 Src IP: 202.169.10.1
Src Port:80 Src Port:10080

192.168.1.3 Router

192.168.1.2

Datagram 3 Datagram 3
Src IP: 192.168.1.2 Src IP: 202.169.10.1
Src Port:23 Src Port:11023

Datagram 4 Datagram 4
Src IP: 192.168.1.2 Src IP: 202.169.10.1
Src Port:80 Src Port:11080

Internal Server
NAT can shield internal hosts. In applications, users on the public network may need to access
the internal hosts. For example, users on the public network need to access a Web server or a
file transfer protocol (FTP) server.

NAT allows you to flexibly configure IP addresses for internal servers. For example, you can
use 202.110.10.10 or even 202.110.10.12:8080 as the public address of a Web server, and use
202.110.10.11 as the public address of an FTP server. Multiple servers (Web servers for
example) can be provided for external user.

You can configure an internal server and map the public address and port to the internal server.
In this way, hosts on the public network can access the internal server.

NAT Mapping
The NAT function saves IPv4 addresses and improves network security. NAT implementation
of different vendors may be different; therefore, the applications using the simple traversal of
UDP through NAT (STUN), traversal using relay NAT (TURN), and Interactive Connectivity
Establishment (ICE) technologies may fail to traverse the NAT devices of these vendors. These
technologies are commonly used on the SIP proxy. NAT mapping enables these applications to
traverse the NAT devices.

NAT Filtering
A NAT device filters the traffic from external network to internal network. After a host on the
internal network sends an access request to a host on the external network, the host on the external

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 107


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

network transmits traffic to the internal host. The NAT device filters the traffic sent to the internal
host.

Easy IP
Easy IP takes the public IP address of the interface as the source address after NAT is performed.
In addition, it uses the Access Control List (ACL) to control the private addresses to be translated.

NAT ALG
Some protocols are sensitive to the NAT function and cannot work correctly without special
processing. Packets of these protocols contain the IP address and/or port number in the payload,
which affects protocol interaction.
The NAT ALG function allows such protocol packets to traverse NAT devices. It replaces the
IP address and port number in the payload to implement transparent transmission and relay of
protocol packets. The NAT ALG of the AR150/200 supports the domain name system (DNS),
FTP, Real-Time Streaming Protocol (RTSP) and Session Initiation Protocol (SIP).

Twice NAT
Basic NAT translates only the source or destination address of packets, whereas twice NAT
translates both the source and destination addresses. The twice NAT technology applies to the
scenario where IP addresses of hosts on private and public networks overlap. As shown in Figure
5-3, the IP address of PC1 on the private network is the same as the IP address of PC3 on the
public network. If PC2 on the private network sends a packet to PC3, the packet will be forwarded
to PC1. Twice NAT translates the overlapping IP address into a unique temporary address (based
on basic NAT) according to the mapping between the overlapping address pool and the
temporary address pool. In this way, packets can be forwarded correctly.

Figure 5-3 Networking of twice NAT

PC 1
10.0.0.1/24

PC 3
Router
www.web.com
10.0.0.1/24
PC 2
10.0.0.1/24
DNS Server

You can configure twice NAT on the AR150/200 as follows:


1. Configure basic NAT (many-to-many NAT): Configure an NAT address pool that contains
IP addresses 200.0.0.1 to 200.0.0.100 and apply it to the interface connecting to the WAN.
2. Configure the mapping from overlapping addresses to temporary addresses: 10.0.0.0 to
3.0.0.0.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 108


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

The mapping indicates that one overlapping address pool maps one temporary address pool. The
translation rules are as follows:

Temporary address = Start IP address in the temporary address pool + (Overlapping IP address
- Start IP address in the overlapping address pool)

Overlapping address = Start IP address in the overlapping address pool + (Temporary IP address
- Start IP address in the temporary address pool)

When PC2 on the private network accesses PC3 on the public network using the domain name,
packets are processed as follows:

1. PC2 sends a DNS request for resolving the domain name www.web.com of the web server.
After the DNS server resolves the DNS request, the AR150/200 receives the response
packet from the DNS server. The AR150/200 resolves the address 10.0.0.1 in the payload
of the response packet and detects that the address is an overlapping address (it is in the
overlapping address pool). The AR150/200 translates the address 10.0.0.1 into the
temporary address 3.0.0.1, and translates the destination address of the response packet
using basic NAT. Then the AR150/200 sends the packet to PC2.
2. PC2 sends an access request packet with the temporary address 3.0.0.1 corresponding to
www.web.com to access the public network. When the packet reaches the AR150/200, the
AR150/200 translates the source address of the packet using basic NAT and then translates
the destination address (temporary address) to the overlapping address 10.0.0.1.
3. The AR150/200 sends the packet to the WAN-side outbound interface. The packet is then
forwarded to PC3 hop by hop.
4. When the packet sent from PC3 to PC2 reaches the AR150/200, the AR150/200 checks the
source address 10.0.0.1, which is the overlapping address (it is in the overlapping address
pool). The AR150/200 translates the source address to the temporary address 3.0.0.1, and
translates the destination address using basic NAT. Then the AR150/200 sends it to PC2.

Source Address Associated with the VPN Before NAT Is Performed


The NAT-enabled AR150/200 allows users on private networks to access the public network
and allows users in different VPNs to access the public network through the same egress. In
addition, users in the VPNs with the same IP address can access the public network.

NAT Server Associated with VPNs


The NAT-enabled AR150/200 supports association between VPNs and NAT server, and allows
users on the public network to access hosts in the VPNs. This function is applicable when IP
addresses of multiple VPNs overlap.

5.3 Configuring NAT


To implement communication between the private network and the public network through
NAT, use Easy IP for a single user and an address pool for multiple users.

5.3.1 Establishing the Configuration Task


Before configuring NAT, familiarize yourself with the applicable environment, complete the
pre-configuration tasks, and obtain the required data.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 109


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Applicable Environment
NAT must be configured at the boundary between the private network and the public network
so that it can translate private and public addresses.

Pre-configuration Tasks
Before configuring NAT, complete the following task:
l Creating a basic ACL or an advanced ACL and configuring ACL rules

Data Preparation
To configure NAT, you need the following data.

No. Data

1 Number of the public address pool, start IP address, and end IP address

2 Number of the basic ACL or advanced ACL

3 Information about the internal server, including the protocol type, public address,
public port number, private address (the VPN instance may be included), and
(optional) private port number

4 Information about static NAT, including the protocol type, public address, public
port number, private address (the VPN instance may be included), (optional)
private port number, and subnet mask

5 Index of the overlapping address pool and temporary address pool, start IP
address, address pool length, and (optional) VPN instance

6 Domain name, public address, and public port number

5.3.2 Configuring an Address Pool


Configure a NAT address pool when multiple users on the private network need to access the
public network.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nat address-group group-index start-address end-address

A public address pool is configured.


A public address pool is a set of public addresses. When performing NAT on data packets from
the private network, the AR150/200 selects an IP address from the address pool as the source
address.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 110


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

The public address pool IDs are numerals. Up to 8 address pools can be configured.

By default, no public address pool is configured on the AR150/200.

----End

5.3.3 Associating an ACL with an Address Pool


Network administrators can use ACLs to control which users can access public networks using
NAT.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Step 3 Run:
nat outbound acl-number [ address-group group-index [ no-pat ] | interface
loopback interface-number ]

An ACL is associated with an address pool.

After an ACL is associated with an address pool, the AR150/200 translates source addresses of
data packets matching the ACL to an IP address in the address pool. Different IP address
translation entries can be configured on an interface.

In the command, no-pat indicates one-to-one NAT, that is, only the IP address is translated and
the port number is not translated

----End

5.3.4 Configuring Easy IP


Easy IP uses an interface IP address as the source address of data packets matching an ACL.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Step 3 Run:
nat outbound acl-number [ address-group group-index [ no-pat ] | interface
loopback interface-number ]

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 111


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Easy IP is configured.

----End

5.3.5 Configuring an Internal Server


Deploying a server on the private network improves security of the server and prevents attacks
from the public network. Users on the private and public networks can access the server.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Step 3 Run:
l nat server protocol { tcp | udp } global { global-address | current-interface } global-
port inside host-address [ host-port ] [ vpn-instance vpn-instance-name ] [ acl acl-
number ] [ description description ]
l nat server protocol { tcp | udp } global interface loopback interface-number global-
port [ vpn-instance vpn-instance-name ] inside host-address [ host-port ] [ vpn-instance
vpn-instance-name ] [ acl acl-number ] [ description description ]
l nat server [ protocol { protocol-number | icmp | tcp | udp } ] global global-address
inside host-address [ vpn-instance vpn-instance-name ] [ acl acl-number ] [ description
description ]

An internal server is configured.

Users on the public network can access the configured internal server. When a host on the public
network sends a connection request to the public address (global-address) of the internal server,
NAT translates the destination address of the request to a private address (host-address). The
AR150/200 then forwards the request the server.

NOTE

When configuring an internal server, ensure that global-address and host-address are different from
interface IP addresses and IP addresses in the user address pool.

----End

5.3.6 Configuring Static NAT


Static NAT maps a private address to a public address. Static NAT does not save public addresses
but shields the private network topology.

Procedure
Step 1 Run:
system-view

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 112


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
l nat static protocol { tcp | udp } global { global-address | current-interface } global-
port inside host-address [ host-port ] [ vpn-instance vpn-instance-name ] [ netmask
mask ] [ acl acl-number ] [ description description ]
l nat static protocol { tcp | udp } global interface loopback interface-number global-port
[ vpn-instance vpn-instance-name ]inside host-address [ host-port ] [ vpn-instance vpn-
instance-name ] [ netmask mask ] [ acl acl-number ] [ description description ]
l nat static [ protocol { protocol-number | icmp | tcp | udp } ] global global-address
inside host-address [ vpn-instance vpn-instance-name ] [ netmask mask ] [ acl acl-
number ] [ description description ]
Static NAT is configured.
NOTE

When configuring static NAT, ensure that global-address and host-address are different from interface IP
addresses and IP addresses in the user address pool.

----End

5.3.7 Enabling NAT ALG


Errors may occur when NAT translates protocol packets encapsulated in IP data packets. The
NAT ALG function ensures that the protocol packets are translated successfully.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nat alg { all | dns | ftp | rtsp | sip } enable

The NAT ALG function is enabled.


After the NAT ALG function is enabled for an application protocol, packets of the application
protocol can traverse the NAT server. The application protocol cannot work without the NAT
ALG function.
In the command, all indicates that NAT traversal applies to the DNS, FTP, SIP, and RTSP
protocols.

----End

5.3.8 Configuring NAT Filtering


A NAT device filters the traffic from external network to internal network. After an internal host
sends an access request to an external host, the external host transmits traffic to the internal host.
The NAT device filters the traffic sent to the internal host.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 113


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Context
NAT filtering has the following modes:
l Endpoint-independent filtering
l Address-dependent filtering
l Address and port-dependent filtering

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
nat filter-mode { endpoint-dependent | endpoint-independent | endpoint-and-port-
dependent }

The NAT filtering mode is set.


NAT filtering applies to the traffic from an external network to an internal network. The default
mode is endpoint-and-port-dependent. In this mode, the system uses the source IP address,
source port, destination IP address, destination port, and protocol number as the index to search
the NAT mapping table.

----End

5.3.9 Configuring NAT Mapping


NAT mapping allows applications using the STUN, TURN, and ICE technologies to traverse
the NAT server.

Context
The NAT function saves IPv4 addresses and improves network security. NAT mapping has the
following modes:
l Endpoint-independent mapping: reuses the port mapping for subsequent packets sent from
the same internal IP address and port to any external IP address and port.
l Address-dependent mapping: reuses the port mapping for subsequent packets sent from the
same internal IP address and port to the same external IP address, regardless of the external
port.
l Address and port-dependent mapping: reuses the port mapping for subsequent packets sent
from the same internal IP address and port to the same external IP address and port while
the mapping is still active.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 114


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

nat mapping-mode endpoint-independent [ tcp | udp ] [ dest-port port-number ]

The NAT mapping mode is set.

NAT mapping applies to the traffic from an internal network to an external network. The default
mode is address and port-dependent mapping.

----End

5.3.10 Configuring DNS Mapping


A private network may deploy different servers such as FTP servers and web servers, but has
no DNS server deployed. If hosts on the private network need to differentiate and access servers
using domain names, configure DNS mapping.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
nat dns-map domain-name global-address global-port { tcp | udp }

The mapping from a domain name to a public IP address, port number, and protocol type is
configured.

Up to 32 mapping entries can be configured on the AR150/200.

Step 3 Run:
nat alg { all | dns | ftp | rtsp | sip } enable

The NAT ALG function is enabled for DNS.

CAUTION
The NAT ALG function allows hosts on a private network to access servers on the private
network through the external DNS server.

----End

5.3.11 Configuring Twice NAT


Twice NAT translates both the source and destination IP addresses of a data packet. It applies
to the situation where IP addresses of internal hosts and external hosts overlap.

Context
When IP addresses of internal hosts and external hosts overlap, configure the mapping between
the overlapping address pool and the temporary address pool. Then the overlapping address is
translated to a unique temporary address and packets can be forwarded correctly. In addition,
configure outbound NAT to implement twice NAT.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 115


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
nat overlap-address map-index overlappool-startaddress temppool-startaddress pool-
length length [ inside-vpn-instance inside-vpn-instance-name ]

Twice NAT is configured.

The overlapping address pool and temporary address pool contain consecutive IP addresses. The
lengths of the two address pools are the same, and up to 255 IP addresses can be configured in
each of the two address pools.

Up to 8 mapping entries between the overlapping address pool and the temporary address pool
can be configured.

When the VPN instance in the NAT mapping is deleted, the twice NAT configuration is also
deleted.

----End

5.3.12 Checking the Configuration


After NAT is configured, you can view information about NAT.

Procedure
l Run the display nat alg command to check whether the NAT ALG function is enabled.
l Run the display nat address-group [ group-index ] [ verbose ] command to check the
configuration of the NAT address pool.
l Run the display nat dns-map [ domain-name ] command to check information about DNS
mapping.
l Run the display nat outbound [ acl acl-number | address-group group-index |
interface { Ethernet } interface-number.subnumber ] command to check information
about outbound NAT.
l Run the display nat overlap-address { map-index | all | inside-vpn-instance inside-vpn-
instance-name } command to check information about twice NAT.
l Run the display nat server [ global global-address | inside host-address [ vpn-instance
vpn-instance-name ] | interface interface-type interface-number.subnumber ] command to
check the configuration of the NAT server.
l Run the display nat static [ global global-address | inside host-address [ vpn-instance
vpn-instance-name ] | interface interface-type interface-name ] command to check the
configuration of static NAT.
l Run the display nat mapping table { all | number } command to view the NAT mapping
table information or number of entries in the table.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 116


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

5.4 Configuration Examples


This section provides several configuration examples of NAT.

5.4.1 Example for Configuring the NAT Server

Networking Requirements
As shown in Figure 5-4, a company is connected to the wide area network (WAN) through the
AR150/200 enabled with the network address translation (NAT) function. The company
provides the web server and FTP server for users on the public network to access. The private
IP address of the web server is 192.168.20.2:8080 and its public address is 202.169.10.5/24. The
private IP address of the FTP server is 10.0.0.3/24 and its public address is 202.169.10.33/24.and
the interface address of the AR150/200 connected to the carrier device is 202.169.10.2/24.

Figure 5-4 Network diagram for configuring the NAT server

WWW Server
192.168.20.2:8080

Eth0/0/0 Eth2/0/0

Eth0/0/1 Router
Host

FTP Server
10.0.0.3/24

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure IP addresses for interfaces and configure the NAT servers on the WAN-side
interface to allow external users to access the internal servers.
2. Configure a default route.
3. Enable the FTP NAT ALG function to allow the external FTP packets to traverse the NAT
servers.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 117


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Procedure
Step 1 Configure IP addresses for the interfaces on the AR150/200 and configure the NAT server on
the WAN-side interface.
<Huawei> system-view
[Huawei] vlan 100
[Huawei-vlan100] quit
[Huawei] interface vlanif 100
[Huawei-Vlanif100] ip address 192.168.20.1 24
[Huawei-Vlanif100] quit
[Huawei] interface Ethernet 0/0/0
[Huawei-Ethernet0/0/0] port link-type access
[Huawei-Ethernet0/0/0] port default vlan 100
[Huawei-Ethernet0/0/0] quit
[Huawei] vlan 200
[Huawei-vlan200] quit
[Huawei] interface vlanif 200
[Huawei-Vlanif200] ip address 10.0.0.1 24
[Huawei-Vlanif200] quit
[Huawei] interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1] port link-type access
[Huawei-Ethernet0/0/1] port default vlan 200
[Huawei-Ethernet0/0/1] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] ip address 202.169.10.1 24
[Huawei-Ethernet2/0/0] nat server protocol tcp global 202.169.10.5 www inside
192.168.20.2 8080
[Huawei-Ethernet2/0/0] nat server protocol tcp global 202.169.10.33 ftp inside
10.0.0.3 ftp
[Huawei-Ethernet2/0/0] quit

Step 2 On the AR150/200, configure a static route with the next hop address 202.169.10.2
[Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2

Step 3 Enable the NAT ALG function for FTP packets on the AR150/200.
[Huawei] nat alg ftp enable

Step 4 Verify the configuration.

Run the display nat server command on the AR150/200 to view the NAT server configuration.
[Huawei] display nat server
Nat Server Information:
Interface : Ethernet2/0/0
Global IP/Port : 202.169.10.5/80(www)
Inside IP/Port : 192.168.20.2/8080
Protocol : 6(tcp)
VPN instance-name : ----
Acl number : ----

Global IP/Port : 202.169.10.33/21(ftp)


Inside IP/Port : 10.0.0.3/21(ftp)
Protocol : 6(tcp)
VPN instance-name : ----
Acl number : ----

Total : 2

Run the display nat alg command on the AR150/200, and the command output is as follows:
[Huawei] display nat alg
NAT Application Level Gateway Information:
----------------------------------
Application Status
----------------------------------
dns Disabled

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 118


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

ftp Enabled
rtsp Disabled
sip Disabled
----------------------------------

Verify that external users can access the web server and FTP server.

----End

Configuration Files
#
vlan batch 100 200
#
nat alg ftp enable
#
interface Vlanif100
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif200
ip address 10.0.0.1 255.255.255.0
#
interface Ethernet0/0/0
port link-type access
port default vlan 100
#
interface Ethernet0/0/1
port link-type access
port default vlan 200
#
interface Ethernet2/0/1
ip address 202.169.10.1 255.255.255.0
nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080
nat server protocol tcp global 202.169.10.33 ftp inside 10.0.0.3 ftp
#
ip route-static 0.0.0.0 0.0.0.0 Ethernet 2/0/0
#
return

5.4.2 Example for Configuring Outbound NAT

Networking Requirements
As shown in Figure 5-5, the intranet of area A is connected to the wide area network (WAN)
through the AR150/200. The network address translation (NAT) function is enabled on the
AR150/200. To ensure the security of company A's intranet, you need to use the IP addresses
in the public address pool (202.169.10.100-202.169.10.200) to replace the host addresses of area
A on the network segment 192.168.20.0/24. The hosts of area A then can access servers on the
WAN.

The intranet of area B is also connected to the WAN through the AR150/200. Only a few public
IP addresses are allocated to area B. To save the public IP addresses and improve the security
of company B's intranet, you need to use the IP addresses in the public address pool
(202.169.10.80-202.169.10.83) to replace the host addresses of area B on the network segment
10.0.0.0/24. The hosts of company B then can access servers on the WAN.

On the AR150/200, the public address of Ethernet2/0/0 on the AR150/200 is 202.169.10.1/24


and the interface address of the AR150/200 connected to the carrier device is 202.169.10.2/24.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 119


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Figure 5-5 Network diagram for configuring outbound NAT

Area A
PC 1...PC n
192.168.20.0/24

Eth0/0/0 Eth2/0/0

Eth0/0/1 Router

Area B
PC 1...PC n
10.0.0.0/24

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure IP addresses for interfaces.


2. Configure a default route.
3. Configure outbound NAT on the WAN-side interface to allow internal hosts to access
external networks.

Procedure
Step 1 Configure IP addresses for the interfaces of the AR150/200.
<Huawei> system-view
[Huawei] vlan 100
[Huawei-vlan100] quit
[Huawei] interface vlanif 100
[Huawei-Vlanif100] ip address 192.168.20.1 24
[Huawei-Vlanif100] quit
[Huawei] interface Ethernet 0/0/0
[Huawei-Ethernet0/0/0] port link-type access
[Huawei-Ethernet0/0/0] port default vlan 100
[Huawei-Ethernet0/0/0] quit
[Huawei] vlan 200
[Huawei-vlan200] quit
[Huawei] interface vlanif 200
[Huawei-Vlanif200] ip address 10.0.0.1 24
[Huawei-Vlanif200] quit
[Huawei] interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1] port link-type access
[Huawei-Ethernet0/0/1] port default vlan 200
[Huawei-Ethernet0/0/1] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] ip address 202.169.10.1 24
[Huawei-Ethernet2/0/0] quit

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 120


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Step 2 On the AR150/200, configure a static route with the next hop address 202.169.10.2.
[Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2

Step 3 Configure outbound NAT on the AR150/200.


[Huawei] nat address-group 1 202.169.10.100 202.169.10.200
[Huawei] nat address-group 2 202.169.10.80 202.169.10.83
[Huawei] acl 2000
[Huawei-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255
[Huawei-acl-basic-2000] quit
[Huawei] acl 2001
[Huawei-acl-basic-2001] rule 5 permit source 10.0.0.0 0.0.0.255
[Huawei-acl-basic-2001] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] nat outbound 2000 address-group 1 no-pat
[Huawei-Ethernet2/0/0] nat outbound 2001 address-group 2
[Huawei-Ethernet2/0/0] quit

Step 4 Verify the configuration.


Run the display nat outbound command on the AR150/200, and the command output is as
follows:
[Huawei] display nat outbound
NAT Outbound Information:
-----------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
-----------------------------------------------------------------
Ethernet2/0/0 2000 1 no-pat
Ethernet2/0/0 2001 2 pat
-----------------------------------------------------------------
Total : 2

Perform the ping operation on the AR150/200.


<Huawei> ping -a 192.168.20.1 202.169.10.2
PING 202.169.10.2: 56 data bytes, press CTRL_C to break
Reply from 202.169.10.2: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=5 ttl=255 time=1 ms
<Huawei> ping -a 10.0.0.1 202.169.10.2
PING 202.169.10.2: 56 data bytes, press CTRL_C to break
Reply from 202.169.10.2: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 202.169.10.2: bytes=56 Sequence=5 ttl=255 time=1 ms

----End

Configuration Files
#
vlan batch 100 200
#
acl number 2000
rule 5 permit source 192.168.20.0 0.0.0.255
#
acl number 2001
rule 5 permit source 10.0.0.0
0.0.0.255
#
interface Vlanif100
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif200
ip address 10.0.0.1 255.255.255.0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 121


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

#
interface Ethernet0/0/0
port link-type access
port default vlan 100
#
interface Ethernet0/0/1
port link-type access
port default vlan
200
#
interface Ethernet2/0/0
ip address 202.169.10.1
255.255.255.0
nat outbound 2000 address-group 1 no-pat
nat outbound 2001 address-group 2
#
nat address-group 1 202.169.10.100 202.169.10.200
nat address-group 2 202.169.10.80
202.169.10.83
#
ip route-static 0.0.0.0 0.0.0.0 Ethernet 2/0/0
#
return

5.4.3 Example for Configuring Twice NAT

Networking Requirements
As shown in Figure 5-6, the IP address of PC1 on the private network is the same as the IP
address of host A on the public network. When PC2 sends a packet to host A, the packet may
be forwarded to PC1. In addition to the network address translation function, twice NAT of the
AR150/200 specifies the mapping between the overlapping address pool and the temporary
address pool. The overlapping IP address is translated to a unique temporary address so that
packets can be forwarded correctly.

Figure 5-6 Networking diagram for twice NAT configuration


www.Server.com
Host A
Company A 192.168.20.2/24
192.168.20.2/24
PC 1
PC 1

Eth0/0/0 Eth2/0/0

Eth0/0/1 Router 202.169.10.2

Company B
PC 2 DNS Server
10.0.0.3/24

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 122


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Configuration Roadmap
The configuration roadmap is as follows:

1. Configure IP addresses for interfaces.


2. Configure DNS mappings to allow users to access servers by using domain names.
3. Map the overlapping address pool to the temporary address pool.
4. Configure outbound NAT to allow internal users to access external networks.

Procedure
Step 1 Configure IP addresses for the interfaces of the AR150/200.
<Huawei> system-view
[Huawei] vlan 100
[Huawei-vlan100] quit
[Huawei] interface vlanif 100
[Huawei-Vlanif100] ip address 192.168.20.1 24
[Huawei-Vlanif100] quit
[Huawei] interface Ethernet 0/0/0
[Huawei-Ethernet0/0/0] port link-type access
[Huawei-Ethernet0/0/0] port default vlan 100
[Huawei-Ethernet0/0/0] quit
[Huawei] vlan 200
[Huawei-vlan200] quit
[Huawei] interface vlanif 200
[Huawei-Vlanif200] ip address 10.0.0.1 24
[Huawei-Vlanif200] quit
[Huawei] interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1] port link-type access
[Huawei-Ethernet0/0/1] port default vlan 200
[Huawei-Ethernet0/0/1] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] ip address 202.169.10.2 24
[Huawei-Ethernet2/0/0] quit

Step 2 Configure DNS mappings on the AR150/200.


[Huawei] nat alg dns enable
[Huawei] nat dns-map www.Server.com 192.168.20.2 80 tcp

Step 3 Configure the mapping between the overlapping address pool and the temporary address pool
on the AR150/200.
[Huawei] nat overlap-address 0 192.168.20.2 202.169.100.2 pool-length 254

Step 4 Configure a static route on the AR150/200 from the temporary address pool to outbound interface
Ethernet2/0/0.
[Huawei] ip route-static 202.169.100.2 32 ethernet 2/0/0 202.169.10.2

Step 5 Configure outbound NAT on outbound interface Ethernet2/0/0 of the AR150/200.


1. Create an ACL and configure an ACL rule to permit the packets of host A.
[Huawei] acl 3180
[Huawei-acl-adv-3180] rule permit ip source 192.168.20.0 0.0.0.255
[Huawei-acl-adv-3180] quit

2. Configure the NAT address pool for outbound NAT.


[Huawei] nat address-group 1 160.160.0.2 160.160.0.254

3. Configure outbound NAT on outbound interface Ethernet2/0/0.


[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] nat outbound 3180 address-group 1
[Huawei-Ethernet2/0/0] quit

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 123


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration

Step 6 Verify the configuration.

Run the display nat overlap-address all command on the AR150/200 to view the mapping
between address pools.
[Huawei] display nat overlap-address all
Nat Overlap Address Pool To Temp Address Pool Map Information:
-------------------------------------------------------------------------------
Id Overlap-Address Temp-Address Pool-Length Inside-VPN-Instance-Name
-------------------------------------------------------------------------------
0 192.168.20.2 202.169.100.2 254
-------------------------------------------------------------------------------
Total : 1

Run the display nat outbound command on the AR150/200 to view outbound NAT information.
[Huawei] display nat outbound
NAT Outbound Information:
-----------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
-----------------------------------------------------------------
Ethernet2/0/0 3180 1 pat
-----------------------------------------------------------------
Total : 1

----End

Configuration Files
#
vlan batch 100 200
#
acl number 3180
rule 5 permit ip source 192.168.20.0
0.0.0.255
#
nat alg dns enable
#
nat address-group 1 160.160.0.2
160.160.0.254
#
nat dns-map www.server.com 192.168.20.2 80 tcp
#
nat overlap-address 0 192.168.20.2 202.169.100.2 pool-length 254
#
ip route-static 202.169.100.2 255.255.255.255 Ethernet2/0/0 202.169.10.2
#
interface Vlanif100
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif200
ip address 10.0.0.1 255.255.255.0
#
interface Ethernet0/0/0
port link-type access
port default vlan 100
#
interface Ethernet0/0/1
port link-type access
port default vlan 200
#
interface Ethernet2/0/0
ip address 202.169.10.1 255.255.255.0
nat outbound 3180 address-group 1
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 124


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

6 DHCP Configuration

About This Chapter

The Dynamic Host Configuration Protocol (DHCP) dynamically assigns and manages IP
addresses and other configuration parameters from specified address pools to clients, ensuring
reasonable IP address allocation and high usage.

6.1 DHCP Overview


DHCP dynamically assigns IP addresses to users and manages configuration information in a
centralized manner.
6.2 DHCP Features Supported by the AR150/200
This section describes the DHCP features supported by the AR150/200
6.3 Configuring a DHCP Server Based on a Global Address Pool
After a DHCP server based on a global address pool is configured, all online users of the server
can obtain IP addresses from this address pool.
6.4 Configuring a DHCP Server Based on an Interface Address Pool
This section describes how to configure a DHCP server based on an interface address pool. After
the configuration, users that get online from this interface can obtain IP addresses and other
configuration information from the address pool.
6.5 Configuring a DHCP Relay Agent
This section describes how a DHCP client communicates with a DHCP server on another
network segment by using a DHCP relay agent to obtain an IP address and other configurations.
6.6 Configuring a DHCP/BOOTP Client
After a Layer 3 interface of the AR150/200 is specified to function as a DHCP/BOOTP client,
the interface can dynamically obtain an IP address and other configurations from the DHCP
server by using the DHCP/BOOTP protocol.
6.7 Configuring the DHCP Rate Limit Function
You can configure the highest rate at which DHCP packets are sent to the protocol stack in the
system view, VLAN view, or interface view. If different rates are configured in these views, the
rate configured in the interface view takes effect. If this rate does not take effect, the rate
configured in the VLAN view takes effect. If the rate configured in the VLAN view also does
not takes effect, the rate configured in the system view takes effect.
6.8 Maintaining DHCP

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 125


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

This section describes how to clear DHCP statistics and monitor DHCP status.
6.9 Configuration Examples
The DHCP configuration examples provide networking requirements, networking diagram,
precautions, configuration roadmaps, and configuration procedures.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 126


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

6.1 DHCP Overview


DHCP dynamically assigns IP addresses to users and manages configuration information in a
centralized manner.

As the network expands and becomes complex, the number of hosts often exceeds the number
of available IP addresses. As portable computers and wireless networks are widely used, the
positions of computers often change, causing IP addresses of the computers to be changed
accordingly. As a result, network configurations become increasingly complex. DHCP is
developed to solve the preceding problems.

DHCP uses the client/server model. A client sends a configuration request to the server, and the
server replies with requested configurations, such as an IP address to the client. This allows
dynamic configuration for clients.

The early DHCP protocol is applicable only to the scenario where the DHCP clients and DHCP
server reside on the same subnet. This requires that each subnet be configured with a DHCP
server, wasting resources. The DHCP relay function is used to solve this problem.

6.2 DHCP Features Supported by the AR150/200


This section describes the DHCP features supported by the AR150/200

AR150/200 Functioning as a DHCP Server


The AR150/200 can be used as a DHCP server to assign IP addresses to online users. After a
DHCP client sends a packet to the server to apply for configuration parameters such as an IP
address, a subnet mask, and a default gateway, the server responds with a packet carrying the
requested configurations according to a certain policy. Both the request packet and the response
packet are encapsulated as UDP packets.

When the AR150/200 functions as a server, create an address pool on the AR150/200 to provide
IP addresses to DHCP clients. The address pool can be a global address pool or an interface
address pool.

l After a DHCP server based on a global address pool is configured, all online users of the
server can obtain IP addresses from this address pool.
l After a DHCP server based on an interface address pool is configured, only users that get
online from this specified interface can obtain IP addresses from this address pool.

The AR150/200 allocates IP addresses to clients by using the global address pool or an interface
address pool.

AR150/200 Functioning as a DHCP Relay Agent


The AR150/200 supports the DHCP relay function. When the AR150/200 functions as a DHCP
relay agent, the client can communicate with a DHCP server on another network segment by
using the AR150/200, and obtain an IP address and other configuration parameters from the
global address pool of the DHCP server. In this manner, DHCP clients on multiple network
segments can share one DHCP server. This reduces costs and facilitates centralized management.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 127


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

AR150/200 Functioning as a DHCP/BOOTP Client


The AR150/200 supports the DHCP/BOOTP client function. After a Layer 3 interface of the
AR150/200 is configured as a DHCP/BOOTP client, the interface can dynamically obtain an IP
address and other configurations from a DHCP server by using the DHCP/BOOTP protocol.
This facilitates configuration and centralized management.

DHCP Rate Limit


The AR150/200 supports DHCP rate limit. This protects the DHCP protocol stack against attacks
by sending a large number of DHCP packets.

6.3 Configuring a DHCP Server Based on a Global Address


Pool
After a DHCP server based on a global address pool is configured, all online users of the server
can obtain IP addresses from this address pool.

6.3.1 Establishing the Configuration Task


Before configuring a DHCP server based on a global address pool, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the data required for
the configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
When the AR150/200 functions as a DHCP server, you can configure a global address pool on
the AR150/200. The AR150/200 then allocates IP addresses and configuration parameters to
clients from the global address pool.
The global address pool applies to the following scenarios:
DHCP clients and the AR150/200 used as a DHCP server are on the same network segment.
DHCP clients can obtain IP addresses and other configuration parameters from a global address
pool. Figure 6-1 shows the networking.

Figure 6-1 Application scenario 1 of a global address pool

DHCP Server
DHCP Client

DHCP clients and the AR150/200 functioning as a DHCP server are on different network
segments. DHCP clients can obtain IP addresses and other configuration parameters from a
global address pool through a DHCP relay agent. Figure 6-2 shows the networking.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 128


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Figure 6-2 Application scenario 2 of a global address pool

DHCP Server

Internet

DHCP Relay

DHCP Client

Pre-configuration Tasks
Before configuring a DHCP server based on a global address pool, complete the following tasks:

l Ensuring that the link between the DHCP client and the AR150/200 works properly
l (Optional) Configuring the DNS service on a DHCP client
l (Optional) Configuring the NetBIOS service on a DHCP client
l Configuring the routes destined to the DNS server and the NetBIOS server on the
AR150/200 (The routes are configured only after the DNS and NetBIOS servers are
configured.)
l (Optional) Configuring user-defined DHCP options on the DHCP server

Data Preparation
To configure the DHCP server based on a global address pool, you need the following data.

No. Data

1 Name of a global address pool, IP address range and lease, (optional) range of IP
addresses that cannot be assigned dynamically, and (optional) IP and MAC address
entries that need to be statically bound

2 Egress gateway of a DHCP client

3 (Optional) IP address of the DNS server and domain name of a DHCP client

4 (Optional) IP address of the NetBIOS server and the NetBIOS node type of a DHCP
client

5 (Optional) Code of a user-defined DHCP option, and ASCII string, hexadecimal


number, or IP address of the option

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 129


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

6.3.2 Configuring an Interface to Select a Global Address Pool for


IP Address Allocation
This section describes how to configure an interface to select a global address pool for IP address
allocation. After the configuration is complete, users who get online from this interface can
obtain IP addresses and other configuration parameters from a global address pool.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp enable

The DHCP service is enabled.


Step 3 Run:
interface interface-type interface-number

The interface view is displayed.


On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, or a VLANIF interface can be configured to select a global address pool for
IP address allocation.
Step 4 Run:
ip address ip address { mask | mask-length }

An IP address is configured for the interface.

l If a DHCP client and the AR150/200 functioning as the DHCP server are on the same network
segment, and no relay agent is deployed between them, the AR150/200 assigns IP addresses
on the same network segment as the interface to users who get online from the interface. If
no IP address is configured for the interface, or there is no address pool having the same
network segment as the interface, users cannot get online.
l If a DHCP client and the AR150/200 functioning as a DHCP server are on different network
segments, and a DHCP relay agent is deployed between them, the AR150/200 parses the
giaddr field of a DHCP request packet to obtain an IP address. If the IP address does not
match the corresponding address pool, the user cannot get online.
Step 5 Run:
dhcp select global

The interface is configured to select a global address pool for IP address allocation. After the
configuration, users who get online from this interface can obtain IP addresses and other
configuration parameters from a global address pool.

----End

6.3.3 Configuring Global Address Pool Attributes


This section describes how to configure attributes for a global address pool, including the IP
address range and lease, IP addresses that cannot be assigned dynamically, and IP addresses that

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 130


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

are bound manually. IP addresses in the global address pool can be assigned dynamically or
bound manually as required.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
ip pool ip-pool-name

The view of the global address pool is displayed.

By default, no global address pool is created on the AR150/200.

Step 3 Run:
network ip-address [ mask { mask | mask-length } ]

The range of dynamically assignable IP addresses in the global address pool is configured.

Only one address segment can be specified for an address pool. A mask can be used to set the
address range of the address pool.

NOTE

When configuring the range of dynamically assignable IP addresses in the global address pool, ensure that the
range is that same as the network segment on which the DHCP server interface address or the DHCP relay agent
interface address resides. This avoids incorrect assignment of IP addresses.

Step 4 (Optional) Run:


lease { day day [ hour hour [ minute minute ] ] | unlimited }

An IP address lease is configured.

By default, the IP address lease is one day.

The DHCP server can specify different IP address leases for different address pools. All IP
addresses in an address pool must have the same lease.

Step 5 (Optional) Run:


excluded-ip-address start-ip-address [ end-ip-address ]

The range of the IP addresses that cannot be dynamically assigned in the global address pool is
configured.

If an IP address has been assigned to a server, such as a DNS server, it cannot be assigned to a
DHCP client. You can run the excluded-ip-address command for one time to configure an IP
address that cannot be assigned dynamically. Running the excluded-ip-address command
multiple times specifies multiple IP addresses that cannot be dynamically assigned.

Step 6 Run:
gateway-list ip-address &<1-8>

The IP address of the gateway for the DHCP client is configured.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 131


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

NOTE

When a DHCP client is communicating with a server or a host outside the local network segment, the data
transmitted between them is forwarded or received by using the gateway.
To perform load balancing for traffic and improve network reliability, you can configure multiple gateways.
An address pool can be configured with a maximum of eight gateway addresses. Gateway addresses cannot
be subnet broadcast addresses.

Step 7 (Optional) Run:


static-bind ip-address ip-address mac-address mac-address

An IP address in the global address pool is statically bound to a MAC address.

If a user requires a fixed IP address, you can bind an unused IP address to the MAC address of
the user device.

NOTE

Before binding the IP address to a MAC address, ensure that the IP address is one of IP addresses that can be
dynamically assigned.

Step 8 (Optional) Run:


recycle start-ip-address [ end-ip-address ]

IP addresses that cannot be released from the IP address pool are recycled.

----End

6.3.4 (Optional) Configuring the DNS Service and NetBIOS Service


Dynamically on the DHCP Client
When functioning as the DHCP server, the AR150/200 is configured to dynamically allocate
carrier-provided DNS and NetBIOS configurations to the DHCP clients.

Context
The DNS and NetBIOS configurations have been specified before the DHPC server allocates
IP addresses to the DHCP client. If you do not have the configurations allocated by the carrier,
dynamically allocate the DNS and NetBIOS configurations to the DHCP client.
NOTE

If the static DNS, NetBIOS, and domain name are available in the address pool, use the static configurations.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
ip pool ip-pool-name

The IP address pool view is displayed.

Step 3 Run:
import all

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 132


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

The DHCP client is dynamically allocated the DNS and NetBIOS configurations.

----End

6.3.5 (Optional) Configuring the Static DNS Service on a DHCP


Client
This section describes how to specify the DNS domain name used by the DHCP client on the
network and the IP address of the DNS server.

Context
When a host accesses the Internet through the domain name, the domain name needs to be
resolved to the IP address. This is implemented by the DNS. To ensure that a DHCP client can
successfully connect to the Internet, the DHCP server needs to specify the DNS server address
when allocating the IP address to the client.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
ip pool ip-pool-name

The IP address view is displayed.

Step 3 Run:
domain-name domain-name

The DNS domain name that is assigned to the DHCP client is configured.

On the DHCP server, you can specify a DNS domain name used by the client for each address
pool.

Step 4 Run:
dns-list ip-address &<1-8>

The IP address of the DNS server connected to the DHCP client is configured.

To perform load balancing on traffic and improve network reliability, you can configure multiple
DNS servers. An address pool can be configured with a maximum of eight DNS server addresses.

----End

6.3.6 (Optional) Configuring the Static NetBIOS Service on a DHCP


Client
The NetBIOS server parses host names into IP addresses for the hosts that communicate based
on NetBIOS and runs the Windows operating system.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 133


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Context
NOTE

NetBIOS is short for the Network Basic Input/Output System.

Before a DHCP client communicates with hosts by using NetBIOS, the mapping between the
host names and IP addresses of the client and host needs to be established. The DHCP client can
be specified as one of the following NetBIOS nodes based on mappings between host names
and IP addresses:
l B-node: b indicates broadcast. B-nodes obtain mappings between host names and IP
addresses in broadcast mode.
l P-node: p indicates peer-to-peer. P-nodes obtain mappings between host names and IP
addresses from the NetBIOS server.
l M-node: m indicates mixed. M-nodes are the p-nodes that have some broadcast features.
l H-node: h indicates hybrid. H-nodes are the b-nodes that provide the peer-to-peer
communication mechanism.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip pool ip-pool-name

The IP address pool view is displayed.


Step 3 Run:
nbns-list ip-address &<1-8>

The IP address of the NetBIOS server connected to the DHCP client is configured.
An address pool can be configured with a maximum of eight NetBIOS server addresses.
Step 4 Run:
netbios-type { b-node | h-node | m-node | p-node }

A NetBIOS node type is specified for the DHCP client.


By default, the client is not specified to be any NetBIOS node type.

----End

6.3.7 (Optional) Configuring User-Defined DHCP Options of the


Global Address Pool
As DHCP develops, new DHCP options continue to be created. They can be manually added to
the attribute list of the DHCP server.

Context
If the Option attribute has been configured on the DHCP server and a DHCP client applies for
an IP address, the client can obtain the configurations in the Option field of the DHCPREPLY
packet from the server.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 134


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

NOTE

The DNS service, NetBIOS service, and IP address lease can be configured by commands. If these
commands are not supported by the device, you can run the option command to configure values for the
options corresponding to the DNS service, NetBIOS service, and IP address lease.
The related commands are as follows:
l DNS service: domain-name and dns-list
l Configuration command of the NetBIOS service: nbns-list and netbios-type
l IP address lease: lease

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
ip pool ip-pool-name

The IP address pool view is displayed.

Step 3 Run:
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | ip-
address ip-address &<1-8> }

User-defined DHCP options are configured.

The option command specifies the options that are sent in the DHCP packet by the server to the
client. Learn about the functions of options before running the option command. For descriptions
of common DHCP options, see RFC 2132.

----End

6.3.8 (Optional) Configuring the Function That Prevents Identical


IP Addresses
Before assigning an IP address to a client, the AR150/200 functioning as a DHCP server must
ping the IP address to prevent address conflicts.

Context
You can use the dhcp server ping command to check whether a response to the ping packet is
received within a specified period. If the AR150/200 does not receive a response packet within
the specified period, it sends ping packets continuously until the number of sent ping packets
reaches the upper limit. If the AR150/200 still does not receive a response packet, the IP address
is not used on the local network segment. This ensures that the IP address to be assigned is
unique.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 135


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Step 2 Run:
dhcp server ping packet number

The maximum number of ping packets that the AR150/200 can send to the same destination is
configured.
The default value is 0. The AR150/200 sends no ping packet and does not perform a ping.
Step 3 Run:
dhcp server ping timeout milliseconds

The timeout period to wait for a response packet is set for the AR150/200.
By default, the timeout period is 500 milliseconds.

----End

6.3.9 Checking the Configuration


This section describes how to check the configurations of the DHCP server based on the global
address pool.

Prerequisites
The configurations of the DHCP server based on the global address pool are complete.

Procedure
l Run the display dhcp server statistics command to check the statistics on the DHCP
server.
l Run the display ip pool name ip-pool-name [ low-ip-address high-ip-address | all |
expired | conflict | used ] command to check information about the configured global
address pool.
----End

Example
Run the display dhcp server statistics command to view statistics on the DHCP server.
<Huawei> display dhcp server statistics
DHCP Server Statistics:

Client Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Server Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0

Run the display ip pool name ip-pool-name command to view information about the IP address
pool named pool1.
<Huawei> display ip pool name pool1

Pool-Name : pool1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 136


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Pool-No : 2
Lease : 3 Days 0 Hours 0 Minutes
Domain-name : -
DNS-Server0 : 10.10.10.5
DNS-Server1 : 10.10.10.6
NBNS-Server0 : 20.20.20.5
Netbios-type : -
Position : Local Status : Unlocked
Gateway-0 : 10.10.10.10
Mask : 255.255.255.0
Vpn instance : --
--------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict
Disable
--------------------------------------------------------------------------
10.10.10.1 10.10.10.254 253 0 253 0 0
--------------------------------------------------------------------------

6.4 Configuring a DHCP Server Based on an Interface


Address Pool
This section describes how to configure a DHCP server based on an interface address pool. After
the configuration, users that get online from this interface can obtain IP addresses and other
configuration information from the address pool.

6.4.1 Establishing the Configuration Task


Before configuring a DHCP server based on an interface address pool, familiarize yourself with
the applicable environment, complete the pre-configuration tasks, and obtain the data required
for the configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
On the AR150/200 functioning as a DHCP server, you can configure an interface address pool.
As shown in Figure 6-3, interface address pools are applicable only to the scenario where a
DHCP client and a server are on the same network segment.

Figure 6-3 Application scenario of an interface address pool

DHCP Server
DHCP Client

Pre-configuration Tasks
Before configuring a DHCP server based on an interface address pool, complete the following
tasks:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 137


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

l Ensuring that the link between a DHCP client and the AR150/200 works properly
l (Optional) Configuring the DNS server
l (Optional) Configuring the NetBIOS server
l Configuring the routes destined to the DNS server and the NetBIOS server on the
AR150/200 (The routes can be configured only after the DNS and NetBIOS servers are
configured.)

Data Preparation
To configure a DHCP server based on an interface address pool, you need the following data.

No. Data

1 Number of the interface on which the interface address pool is enabled, IP address
range and lease, (optional) range of IP addresses that cannot be assigned dynamically,
and (optional) IP and MAC address entries that need to be bound statically

2 (Optional) IP address of the DNS server and domain name of a DHCP client

3 (Optional) IP address of the NetBIOS server and NetBIOS node type of a DHCP
client

4 (Optional) Code of a user-defined DHCP option, and ASCII string, hexadecimal


number, or IP address of the option

6.4.2 Configuring Interface Address Pool Attributes


This section describes how to configure the attributes for an interface address pool, including
IP address lease, IP addresses that cannot be assigned dynamically, and IP addresses that are
bound manually. IP addresses in the interface address pool can be assigned dynamically or bound
manually as required.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
dhcp enable

The DHCP service is enabled.

Step 3 Run:
interface interface-type interface-number

The interface view is displayed.

On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, or a VLANIF interface can be configured to select an interface address pool
for IP address allocation.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 138


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Step 4 Run:
ip address ip-address { mask | mask-length }

An IP address is configured for the interface.

Step 5 Run:
dhcp select interface

The AR150/200 is configured to select an interface address pool for IP address allocation.

The range of dynamically assignable IP addresses in the interface address pool is the network
segment to which the address of the interface belongs. The users whose IP addresses are in this
network segment can get online only from this interface.

Step 6 (Optional) Run:


dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }

An IP address lease is configured.

By default, the IP address lease is one day.

Step 7 (Optional) Run:


dhcp server excluded-ip-address start-ip-address [ end-ip-address ]

The IP address that cannot be assigned dynamically in the interface address pool is specified.

If an IP address has been assigned to a server, such as a DNS server, it cannot be assigned to a
DHCP client. You can run the dhcp server excluded-ip-address command at one time to
configure an IP address that cannot be assigned dynamically. Running the dhcp server
excluded-ip-address command multiple times specifies multiple IP addresses that cannot be
dynamically assigned.

Step 8 (Optional) Run:


dhcp server static-bind ip-address ip-address mac-address mac-address

An IP address in the interface address pool is bound to a MAC address manually.

If a user requires a fixed IP address, you can bind an unused IP address in the interface address
pool to the MAC address of the user device.

NOTE

Before binding the IP address to the MAC address, ensure that the IP address is dynamically assignable in the
interface address pool.

----End

6.4.3 (Optional) Configuring the DNS Service and NetBIOS Service


Dynamically on the DHCP Client
When functioning as the DHCP server, the AR150/200 is configured to dynamically allocate
carrier-provided DNS and NetBIOS configurations to the DHCP clients.

Context
The DNS and NetBIOS configurations have been specified before the DHPC server allocates
IP addresses to the DHCP client. If you do not have the configurations allocated by the carrier,
dynamically allocate the DNS and NetBIOS configurations to the DHCP client.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 139


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

NOTE

If the static DNS, NetBIOS, and domain name are available in the address pool, use the static configurations.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Interfaces on the AR150/200 that can work in the interface address pool mode are Ethernet
interfaces and sub-interfaces, Eth-trunk interfaces and sub-interfaces, and VLANIF interfaces.

Step 3 Run:
dhcp select interface

DHCP is enabled on the interface.

Step 4 Run:
dhcp server import all

The DHCP client is dynamically allocated the DNS and NetBIOS configurations.

----End

6.4.4 (Optional) Configuring the Static DNS Service on a DHCP


Client
This section describes how to specify the DNS domain name used by the DHCP client on the
network and the IP address of the DNS server.

Context
When a host accesses the Internet through the domain name, the domain name needs to be
resolved to the IP address. This is implemented by the DNS. To ensure that a DHCP client can
successfully connect to the Internet, the DHCP server needs to specify the DNS server address
when allocating the IP address to the client.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 140


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, and a VLANIF interface can be configured to select an interface address
pool for IP address allocation.
Step 3 Run:
dhcp server domain-name domain-name

The DNS domain name that is assigned to the DHCP client is configured.
Step 4 Run:
dhcp server dns-list ip-address &<1-8>

The IP address of the DNS server used by the DHCP client is configured.
To perform load balancing on traffic and improve network reliability, you can configure multiple
DNS servers. An address pool can be configured with a maximum of eight DNS server addresses.

----End

6.4.5 (Optional) Configuring the Static NetBIOS Service on a DHCP


Client
The NetBIOS server parses host names into IP addresses for the hosts that communicate by using
NetBIOS and run Windows Microsoft operating systems.

Context
Before a host on the DHCP client communicates with another host by using NetBIOS, the
mappings between the host names and IP addresses need to be established. The DHCP client
can be specified as one of the following NetBIOS nodes based on mappings between host names
and IP addresses:

l B-node: b indicates broadcast. B-nodes obtain mappings between host names and IP
addresses in broadcast mode.
l P-node: p indicates peer-to-peer. P-nodes obtain mappings between host names and IP
addresses from the NetBIOS server.
l M-node: m indicates mixed. M-nodes are the p-nodes that have some broadcast features.
l H-node: h indicates hybrid. H-nodes are the b-nodes that provide the peer-to-peer
communication mechanism.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, or a VLANIF interface can be configured to select an interface address pool
for IP address allocation.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 141


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Step 3 Run:
dhcp server nbns-list ip-address &<1-8>

The IP address of the NetBIOS server used by the DHCP client is configured.
An address pool can be configured with a maximum of eight NetBIOS server addresses.
Step 4 Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }

A NetBIOS node type is specified for the DHCP client.


By default, the client is not specified to be a NetBIOS node.

----End

6.4.6 (Optional) Configuring User-Defined DHCP Options of the


Interface Address Pool
As DHCP develops, new DHCP options continue to be created. You can add new options
manually to the attribute list of the DHCP server.

Context
If the Option attribute has been configured on the DHCP server and the DHCP client applies for
an IP address, the client can obtain the configurations in the Option field of the DHCP packet
from the server.

NOTE

The DNS service, NetBIOS service, and IP address lease can be configured by using commands. If these
commands are not supported by the device, you can run the option command to configure values for the
options corresponding to the DNS service, NetBIOS service, and IP address lease.
The related commands are as follows:
l DNS service: dhcp server domain-name and dhcp server dns-list
l NetBIOS service: dhcp server nbns-list and dhcp server netbios-type
l IP address lease: dhcp server lease

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, or a VLANIF interface can be configured to select an interface address pool
for IP address allocation.
Step 3 Run:
dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hex-
string | ip-address ip-address &<1-8> }

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 142


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

A user-defined DHCP option is configured.

The dhcp server option command specifies the options that are sent in the DHCPREPLY packet
by the server to the client. Learn about the functions of options before running the option
command. For descriptions of common DHCP options, see RFC 2132.

----End

6.4.7 (Optional) Configuring the Function That Prevents Identical


IP Addresses
Before assigning an IP address to a client, the AR150/200 functioning as a DHCP server must
ping the IP address to prevent address conflicts.

Context
You can use the dhcp server ping command to check whether a response to the ping packet is
received within a specified period. If the AR150/200 does not receive a response packet within
the specified period, it sends ping packets continuously until the number of sent ping packets
reaches the upper limit. If the AR150/200 still does not receive a response packet, the IP address
is not used on the local network segment. This ensures that the IP address to be assigned is
unique.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
dhcp server ping packet number

The maximum number of ping packets that the AR150/200 can send to the same destination is
configured.

The default value is 0. The AR150/200 sends no ping packet and does not perform a ping.

Step 3 Run:
dhcp server ping timeout milliseconds

The timeout period to wait for a response packet is set for the AR150/200.

By default, the timeout period is 500 milliseconds.

----End

6.4.8 Checking the Configuration


This section describes how to check the configurations of a DHCP server based on an interface
address pool.

Context
The configurations of a DHCP server based on an interface address pool are complete.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 143


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Procedure
l Run the display dhcp server statistics command to check the statistics on the DHCP
server.
l Run the display ip pool interface interface-name [ low-ip-address high-ip-address | all |
expired | conflict | used ] command to check information about the configured interface
address pool.
----End

Example
Run the display dhcp server statistics command to view the statistics on the DHCP server.
<Huawei> display dhcp server statistics

DHCP Server Statistics:

Client Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Server Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0

Run the display ip pool interface ip-pool-name command to view information about the
interface address pool on VLANIF 10.
<Huawei> display ip pool interface VLANIF10

Pool-name : vlanif10
Pool-No : 2
Lease : 1 Days 0 Hours 0 Minutes
Domain-name : -
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Position : Interface Status : Unlocked
Gateway-0 : 192.168.10.2
Mask : 255.255.255.0
VPN instance : --
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------
192.168.10.1 192.168.10.254 253 0 253 0 0 0
-----------------------------------------------------------------------------

6.5 Configuring a DHCP Relay Agent


This section describes how a DHCP client communicates with a DHCP server on another
network segment by using a DHCP relay agent to obtain an IP address and other configurations.

6.5.1 Establishing the Configuration Task


Before configuring a DHCP relay agent, familiarize yourself with the applicable environment,
complete pre-configuration tasks, and obtain the data required for the configuration. This will
help you complete the configuration task quickly and accurately.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 144


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Applicable Environment
A DHCP client can communicate with a DHCP server on another network segment by using the
AR150/200 functioning as a DHCP relay agent to obtain an IP address and other configurations
from the global address pool of the DHCP server. In this manner, DHCP clients on multiple
network segments can share one DHCP server. This reduces costs and facilitates centralized
management. Figure 6-4 shows the application scenario of a DHCP relay agent.

Figure 6-4 Application scenario of a DHCP relay agent


DHCP Server

Internet

DHCP Relay

DHCP Client

NOTE
AR150/200WAN-side Ethernet interfaces do not support DHCP relay.

Pre-configuration Tasks
Before configuring a DHCP relay agent, complete the following tasks:
l Configuring a DHCP server
l Configuring a route destined to the DHCP server on the AR150/200

Data Preparation
To configure a DHCP relay agent, you need the following data.

No. Data

1 Name of a DHCP server group

2 IP address of a DHCP server in the DHCP server group

3 Number and IP address of the interface on which the DHCP relay function is enabled

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 145


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

6.5.2 Configuring an Interface to Function as a DHCP Relay Agent


This section describes how to configure an interface to function as a DHCP relay agent. After
the configuration, the interface enabled with the DHCP relay function can forward the client's
request to the DHCP though the client and the server are on different network segments.

Context
NOTE

A DHCP packet can be relayed for a maximum of 16 times from a DHCP client to a DHCP server. A DHCP
packet that has been relayed more than 16 times is dropped.
A super VLAN interface that has been enabled with the DHCP relay function cannot be enabled with the
DHCP snooping function.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp enable

The DHCP function is enabled.


Step 3 Run:
interface interface-type interface-number

The interface view is displayed.


On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, or a VLANIF interface can be configured to function as a DHCP relay agent.
Step 4 Run:
ip address ip-address { mask | mask-length }

An IP address is configured for the interface.

NOTE

The IP address of the egress gateway that is configured in the IP address pool of the server must be consistent
with the IP address of the DHCP relay.

Step 5 Run:
dhcp select relay

The DHCP relay function is enabled on the interface.

----End

Follow-up Procedure
When the AR150/200 functions as a DHCP relay agent, it can forward the client's DHCP requests
to the DHCP server. Configure the IP address of the DHCP server on the interface that has been
enabled with the DHCP relay function. The AR150/200 supports the following methods by
which the IP address of the DHCP server is specified on the interface that functions as a DHCP
relay agent:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 146


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

l 6.5.3 Specifying a Server Group on the DHCP Relay Agent and 6.5.4 Binding a DHCP
Server Group to a DHCP Relay Interface.
l Run the dhcp relay server-ip ip-address command in the interface view to configure the
IP address of the DHCP server connected to the DHCP relay agent.

6.5.3 Specifying a Server Group on the DHCP Relay Agent


This section describes how to configure a DHCP server group and add server IP addresses to
the group.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
dhcp server group group-name

A DHCP server group is created and the DHCP server group view is displayed.
The AR150/200 supports a maximum of 64 DHCP server groups.
Step 3 Run:
dhcp-server ip-address [ ip-address-index ]

The IP address of a server is added to the DHCP server group.


A DHCP server group comprises a maximum of eight DHCP servers. If no indexes are specified
for the DHCP group servers, the system automatically assigns idle indexes to them.

----End

6.5.4 Binding a DHCP Server Group to a DHCP Relay Interface


This section describes how to bind a DHCP server group to an interface enabled with the DHCP
relay function. After this configuration, DHCP clients can access the DHCP server in the bound
server group.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, or a VLANIF interface can be configured to function as a DHCP relay agent.
Step 3 Run:
dhcp relay server-select group-name

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 147


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

A DHCP server group is bound to the interface.

----End

6.5.5 (Optional) Configuring the DHCP Relay Agent to Instruct the


DHCP Server to Reclaim the Client IP address
In some situations, a DHCP relay agent must send a request to the DHCP server to instruct the
server to reclaim the IP address of a client, for example, to log out a user.

Context
When a DHCP relay agent is configured to instruct the DHCP server to reclaim the IP address
of a DHCP client, the relay agent sends a DHCP Release packet to the DHCP server. After
receiving the packet, the DHCP server reclaims the lease of the IP address.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 (Optional) Run:


interface interface-type interface-number

The interface view is displayed.

On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface
or its sub-interface, or a VLANIF interface can be configured to function as a DHCP relay agent.

Step 3 Run:
dhcp relay release client-ip-address mac-address server-ip-address

A request packet is sent to the DHCP server to instruct the server to reclaim the IP address that
is obtained by a DHCP client.

----End

6.5.6 Checking the Configuration


This section describes how to check DHCP relay configurations.

Prerequisites
The DHCP relay configurations are complete.

Procedure
l Run the display dhcp relay { all | interface interface-type interface-number } command
to check the DHCP server group that is bound to the interface and information about the
DHCP group servers.
l Run the display dhcp relay statistics command to check the statistics on the DHCP relay
agent.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 148


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

l Run the display dhcp server group group-name command to check the configurations of
the DHCP server group.

----End

Example
Run the display dhcp relay interface interface-type interface-number command to view the
DHCP server group bound to VLANIF 100 and information about the DHCP group servers.
<Huawei> display dhcp relay interface vlanif 100

** Vlanif100 DHCP Relay Configuration **


DHCP server group name : group1
DHCP server IP [0] :10.10.10.10
DHCP server IP [1] :10.10.10.11
DHCP server IP [2] :10.10.10.12

Run the display dhcp relay statistics command to view the statistics on the DHCP relay agent.
<Huawei> display dhcp relay statistics
The statistics of DHCP RELAY:
DHCP packets received from clients : 0
DHCP DISCOVER packets received : 0
DHCP REQUEST packets received : 0
DHCP RELEASE packets received : 0
DHCP INFORM packets received : 0
DHCP DECLINE packets received : 0
DHCP packets sent to clients : 0
Unicast packets sent to clients : 0
Broadcast packets sent to clients : 0
DHCP packets received from servers : 0
DHCP OFFER packets received : 0
DHCP ACK packets received : 0
DHCP NAK packets received : 0
DHCP packets sent to servers : 0
DHCP Bad packets received : 0

Run the display dhcp server group group-name command to view the configurations of DHCP
server group 1.
<Huawei> display dhcp server group group1
Group-name : group1
Group-type : --
(0) Server-IP : 100.10.10.1
(1) Server-IP : 100.10.10.2
Gateway : --
VPN instance : --
1 DHCP server group(s) in total

6.6 Configuring a DHCP/BOOTP Client


After a Layer 3 interface of the AR150/200 is specified to function as a DHCP/BOOTP client,
the interface can dynamically obtain an IP address and other configurations from the DHCP
server by using the DHCP/BOOTP protocol.

6.6.1 Establishing the Configuration Task


Before configuring a DHCP/BOOTP client, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the data required for the
configuration. This will help you complete the configuration task quickly and accurately.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 149


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Applicable Environment
After a Layer 3 interface on the AR150/200 is configured to function as a DHCP/BOOTP client,
the interface can use the DHCP/BOOTP protocol to dynamically obtain an IP address and other
configurations from a DHCP server. This facilitates the configuration for users and centralized
management.

NOTE

After the DHCP/BOOTP client is configured, the DHCP server can assign an IP address to the DHCP/BOOTP
client. Therefore, a BOOTP server is not necessary.

Pre-configuration Tasks
Before configuring a DHCP/BOOTP client, complete the following tasks:
l Configuring a DHCP server
l (Optional) Configuring a DHCP relay agent
l Configuring a route destined to the DHCP relay agent or the DHCP server on the
AR150/200

Data Preparation
To configure a DHCP/BOOTP client, you need the following data.

No. Data

1 Name of a DHCP server group

2 IP addresses of DHCP servers in the DHCP server group

3 Number and IP address of the interface on which the DHCP relay function is enabled

6.6.2 (Optional) Configuring the DHCP/BOOTP Client Attributes


The DHCP/BOOTP client attributes can be used to establish the communication between the
DHCP/BOOTP client and the DHCP server.

Procedure
l Configure DHCP client attributes.
1. Run:
system-view

The system view is displayed.


2. Run:
dhcp enable

The DHCP service is enabled.


3. Run:
interface interface-type interface-number

The interface view is displayed.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 150


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-


trunk interface or its sub-interface, or a VE interface can be configured to function as
a DHCP client.
4. Run:
ip address dhcp client hostname hostname

A host name is configured for the DHCP client.


5. Run:
ip address dhcp client option61 client-name

An identifier is configured for the DHCP client.


6. Run:
ip address dhcp client request-option { dhcp-file-name | dns-domain | ftp-
user-ip | ftp-user-name | ftp-user-password | route | tftp-server-ip |
tftp-server-name }*

The list of options attributes is configured for the DHCP client.


l Configure BOOTP client attributes.
1. Run:
system-view

The system view is displayed.


2. Run:
dhcp enable

The DHCP service is enabled.


3. Run:
interface interface-type interface-number

The interface view is displayed.


On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-
trunk interface or its sub-interface, or a VE interface can be configured to function as
a BOOTP client.
4. Run:
ip address bootp client hostname hostname

A host name is configured for the BOOTP client.


----End

6.6.3 Enabling the DHCP/BOOTP Client


After the DHCP/BOOTP client function is enabled on an interface, the interface can obtain an
IP address and other configurations from the DHCP server.

Procedure
l Enable the DHCP client.
1. Run:
system-view

The system view is displayed.


2. Run:

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 151


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

dhcp enable

The DHCP service is enabled.


3. Run:
interface interface-type interface-number

The interface view is displayed.

On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-


trunk interface or its sub-interface, or a VE interface can be configured to function as
a DHCP client.
4. Run:
ip address dhcp-alloc

The DHCP client function is enabled on the AR150/200.


l Enable the BOOTP client.
1. Run:
system-view

The system view is displayed.


2. Run:
dhcp enable

The DHCP service is enabled.


3. Run:
interface interface-type interface-number

The interface view is displayed.

On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-


trunk interface or its sub-interface, or a VE interface can be configured to function as
a BOOTP client.
4. Run:
ip address bootp-alloc

The BOOTP client function is enabled on the AR150/200.

----End

6.6.4 Checking the Configuration


This section describes how to check the configurations of the DHCP/BOOTP client.

Prerequisites
The DHCP/BOOTP client configurations are complete.

Procedure
l Run the display current-configuration command to check the configurations of the
DHCP/BOOTP client.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 152


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Example
# Run the display current-configuration command to view the configurations of the DHCP
client.
[Huawei] display current-configuration
...
#
interface Ethernet1/0/0
ip address dhcp-alloc
#
...

# Run the display interface command to view the IP address that is obtained by the interface.
[Huawei] display interface ethernet 1/0/0
Ethernet1/0/0 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Huawei Series, Ethernet1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is allocated by DHCP, 22.22.22.222/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc11-000a
Last physical up time : 2007-12-01 10:48:50
Last physical down time : 2007-12-01 10:52:56
Current system time: 2007-12-01 16:52:01
Port Mode: COMMON COPPER
Speed : 100, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 1928 bits/sec,Record time: 2007-11-30 14:57:22
Output peak rate 7384 bits/sec,Record time: 2007-11-30 10:13:15

Input: 833 packets, 72696 bytes


Unicast: 59, Multicast: 757
Broadcast: 17, Jumbo: 0
Discard: 0, Total Error: 0

6.7 Configuring the DHCP Rate Limit Function


You can configure the highest rate at which DHCP packets are sent to the protocol stack in the
system view, VLAN view, or interface view. If different rates are configured in these views, the
rate configured in the interface view takes effect. If this rate does not take effect, the rate
configured in the VLAN view takes effect. If the rate configured in the VLAN view also does
not takes effect, the rate configured in the system view takes effect.

Applicable Environment
If network attackers send DHCP packets continuously, the DHCP protocol stack of the
AR150/200 is affected.
To protect the AR150/200 against the attacks by sending a large number of DHCP packets, you
can configure the highest rate at which DHCP packets are sent to the protocol stack on the
AR150/200. After the configuration is complete, the AR150/200 checks the rates at which DHCP
packets are sent to the AR150/200. Only a specific number of packets can be sent to the protocol
stack in a specified period and excess packets are discarded.

Procedure
l Configure the highest rate at which DHCP packets are sent to the protocol stack in the
system view.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 153


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

1. Run:
system-view

The system view is displayed.


2. Run:
dhcp enable

The DHCP function is enabled.


3. Run:
dhcp check dhcp-rate enable

The DHCP message checking is enabled.


By default, this function is disabled.
4. Run:
dhcp check dhcp-rate rate

The checking rate of DHCP messages sent to the DHCP protocol stack is configured.
By default, the rate does not exceed 100 pps. The DHCP messages that exceed the
rate are discarded.
5. (Optional) Run:
dhcp check dhcp-rate alarm enable

The DHCP message checking alarm is enabled.


By default, this function is disabled.
6. (Optional) Run:
dhcp check dhcp-rate alarm threshold threshold

The alarm threshold for the DHCP message checking is configured.


By default, the threshold is 100. If the number of packets that are discarded because
their sending rates exceed the upper limit is larger than the threshold, an alarm is
generated.
l Configure the highest rate at which DHCP packets are sent to the protocol stack in the
VLAN view.
1. Run:
system-view

The system view is displayed.


2. Run:
dhcp enable

The DHCP function is enabled.


3. Run:
vlan vlan-id

The VLAN view is displayed.


4. Run:
dhcp check dhcp-rate enable

The DHCP message checking is enabled.


By default, this function is disabled.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 154


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

5. Run:
dhcp check dhcp-rate rate

The checking rate of DHCP messages sent to the DHCP protocol stack is configured.
By default, the rate does not exceed 100 pps. The DHCP messages that exceed the
rate are discarded.
l Configure the highest rate at which DHCP packets are sent to the protocol stack in the
interface view.
1. Run:
system-view

The system view is displayed.


2. Run:
interface interface-type interface-number

The interface view is displayed.


3. Run:
dhcp check dhcp-rate enable

The DHCP message checking is enabled.


By default, this function is disabled.
4. Run:
dhcp check dhcp-rate rate

The checking rate of DHCP messages sent to the DHCP protocol stack is configured.
By default, the rate does not exceed 100 pps. The DHCP messages that exceed the
rate are discarded.
5. (Optional) Run:
dhcp alarm dhcp-rate enable

The DHCP message checking alarm on an interface is enabled.


By default, this function is disabled.
6. (Optional) Run:
dhcp alarm dhcp-rate threshold threshold

The alarm threshold for the DHCP message checking on an interface is configured.
By default, the threshold is 100. When the number of packets that are discarded
because their sending rates exceed the upper limit is larger than the threshold, an alarm
is generated.
----End

Checking the Configuration


# Run the display current-configuration | include dhcp command to check information about
the rate limit for DHCP packets in the system view.
<Huawei> display current-configuration | include dhcp
It will take a long time if the content you search is too much or the string you
input is too long, you can press CTRL_C to break
dhcp enable
dhcp check dhcp-rate enable

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 155


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

dhcp check dhcp-rate 90


dhcp check dhcp-rate alarm enable
dhcp check dhcp-rate alarm threshold 80

6.8 Maintaining DHCP


This section describes how to clear DHCP statistics and monitor DHCP status.

6.8.1 Clearing DHCP Statistics


This section describes how to clear statistics of a specified DHCP server group in routine
maintenance.

Context

CAUTION
DHCP statistics cannot be restored after you clear them. Exercise caution when running reset
commands.

Procedure
l Run the reset dhcp server statistics command in the user view to clear the statistics on a
DHCP server.
l Run the reset dhcp relay statistics command in the user view to clear the statistics on a
DHCP relay agent.

----End

6.8.2 Monitoring the Operating Status of DHCP


This section describes how to check the operating status of DHCP in any view for routine
maintenance.

Procedure
l Run the display dhcp relay { all | interface interface-type interface-number } command
to check the DHCP server group that is bound to the relay interface and information about
the group servers.
l Run the display dhcp relay statistics command to check the statistics on a DHCP relay
agent.
l Run the display dhcp server group [ group-name ] command to check the configurations
of the servers in the DHCP server group.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 156


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

6.9 Configuration Examples


The DHCP configuration examples provide networking requirements, networking diagram,
precautions, configuration roadmaps, and configuration procedures.

6.9.1 Example for Configuring a DHCP Server Based on a Global


Address Pool in the Scenario Where DHCP Clients and the DHCP
Server Are on the Same Network Segment
This section describes how to configure a DHCP server based on a global address pool in the
scenario where DHCP clients and the DHCP server are on the same network segment. After the
configuration is complete, the DHCP server can assign IP addresses in the global address pool
to DHCP clients.

Networking Requirements
As shown in Figure 6-5, the two offices of a company are deployed on the same network. To
save resources, all hosts in the two offices are assigned IP addresses by the Router that functions
as a DHCP server.
Office 1 belongs to the network segment 10.1.1.0/25, and all hosts in Office 1 are added to VLAN
10. These hosts use the DNS service but not the NetBIOS service. Office 2 belongs to the network
segment 10.1.1.128/25, and all hosts in Office 2 are added to VLAN 20. These hosts use both
DNS and NetBIOS services.
A global address pool needs to be configured on the Router. In addition, IP addresses need to
be dynamically assigned to the hosts in the two offices.

Figure 6-5 Networking diagram for configuring a DHCP server based on a global address pool
NetBIOS DHCP DHCP DHCP
server client client client

Etherent0/0/0 Etherent0/0/1
VLANIF10 VLANIF20
10.1.1.1/25 10.1.1.129/25

Router
DHCP server

DNS DHCP DHCP DHCP


server client client client

Network: 10.1.1.0/25 Network: 10.1.1.128/25


Office1 Office2

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 157


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Configuration Roadmap
The configuration roadmap is as follows:

1. Enable the DHCP function on the Router.


2. Create a global address pool for Office 1 and another for Office 2, and configure related
attributes for each address pool, such as the address range, egress gateway, NetBIOS server
address, and IP address lease.
3. Configure the address assignment method for VLANIF interfaces of the local DHCP server,
that is, configure the DHCP server to assign IP addresses in global address pools to clients.

Data Preparation
To complete the configuration, you need the following data:

1. Names of the global address pools created for Office 1 and Office 2: pool1 and pool2
respectively
2. Address ranges of pool1 and pool2: 10.1.1.0/25 and 10.1.1.128/25 respectively
3. IP addresses of egress gateways configured for Office 1 and Office 2: 10.1.1.1 and
10.1.1.129 respectively
4. IP address leases for Office 1 and Office 2: 10 days and 2 days respectively
5. IP address of the DNS server: 10.1.1.2
6. IP address of the NetBIOS server: 10.1.1.4
7. IP addresses of VLANIF 10 and VLANIF 20: 10.1.1.1 and 10.1.1.129 respectively

Procedure
Step 1 # Enable the DHCP function.
<Huawei> system-view
[Huawei] sysname Router
[Router] dhcp enable

Step 2 Create IP address pools and configure related attributes.

# Create pool1 and configure attributes for pool1, including address range, DNS server address,
egress gateway, and IP address lease.
[Router] ip pool pool1
[Router-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.128
[Router-ip-pool-pool1] dns-list 10.1.1.2
[Router-ip-pool-pool1] gateway-list 10.1.1.1
[Router-ip-pool-pool1] excluded-ip-address 10.1.1.2
[Router-ip-pool-pool1] excluded-ip-address 10.1.1.4
[Router-ip-pool-pool1] lease day 10
[Router-ip-pool-pool1] quit

# Create pool2 and configure attributes for pool2, including address range of pool2, DNS server
address, egress gateway, and IP address lease.
[Router] ip pool pool2
[Router-ip-pool-pool2] network 10.1.1.128 mask 255.255.255.128
[Router-ip-pool-pool2] dns-list 10.1.1.2
[Router-ip-pool-pool2] nbns-list 10.1.1.4
[Router-ip-pool-pool2] gateway-list 10.1.1.129
[Router-ip-pool-pool2] lease day 2
[Router-ip-pool-pool2] quit

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 158


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Step 3 Configure the address assignment method for VLANIF interfaces.


# Adds Ethernet 0/0/0 and Ethernet 0/0/1 to the corresponding VLANs.
[Router] vlan batch 10 20
[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] port hybrid pvid vlan 10
[Router-Ethernet0/0/0] port hybrid untagged vlan 10
[Router-Ethernet0/0/0] quit
[Router] interface ethernet 0/0/1
[Router-Ethernet0/0/1] port hybrid pvid vlan 20
[Router-Ethernet0/0/1] port hybrid untagged vlan 20
[Router-Ethernet0/0/1] quit

# Configure the clients connected to VLANIF 10 to obtain IP addresses from the global address
pool.
[Router] interface vlanif 10
[Router-Vlanif10] ip address 10.1.1.1 255.255.255.128
[Router-Vlanif10] dhcp select global
[Router-Vlanif10] quit

# Configure the clients connected to VLANIF 20 to obtain IP addresses from the global address
pool.
[Router] interface vlanif 20
[Router-Vlanif20] ip address 10.1.1.129 255.255.255.128
[Router-Vlanif20] dhcp select global
[Router-Vlanif20] quit

Step 4 Verify the configuration.


Run the display ip pool command on the Router. You can view the configurations of the IP
address pool.
[Router] display ip pool
-----------------------------------------------------------------------
Pool-name : pool1
Pool-No : 0
Position : Local Status : Unlocked
Gateway-0 : 10.1.1.1
Mask : 255.255.255.128
Vpn instance : --

-----------------------------------------------------------------------
Pool-name : pool2
Pool-No : 1
Position : Local Status : Unlocked
Gateway-0 : 10.1.1.129
Mask : 255.255.255.128
Vpn instance : --

IP address Statistic
Total :250
Used :0 Idle :248
Expired :0 Conflict :0 Disable :2

----End

Configuration Files
Configuration file of the Router
#
sysname Router

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 159


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

#
vlan batch 10 20
#
dhcp enable
#
ip pool pool1
ip pool pool2
#
ip pool pool1
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.128
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.4
dns-list 10.1.1.2
lease day 10 hour 0 minute 0
#
ip pool pool2
gateway-list 10.1.1.254
network 10.1.1.128 mask 255.255.255.128
dns-list 10.1.1.2
nbns-list 10.1.1.4
lease day 2 hour 0 minute 0
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.128
dhcp select global
#
interface Vlanif20
ip address 10.1.1.129 255.255.255.128
dhcp select global
#
interface Ethernet 0/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet 0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return

6.9.2 Example for Configuring a DHCP Server Based on an Interface


Address Pool in the Scenario Where DHCP Clients and the Server
Are on the Same Network Segment
This section describes how to configure a DHCP server based on an interface address pool. After
the configuration is complete, the clients can obtain IP address from the server that is on the
network of the DHCP client.

Networking Requirements
As shown in Figure 6-6, the two offices of a company are deployed on the same network. To
save resources, all hosts in the two offices are assigned IP addresses by the Router that functions
as a DHCP server.

Office 1 belongs to the network segment 10.1.1.0/24, and all hosts in Office 1 are added to VLAN
10. These hosts use the DNS and NetBIOS services. Office 2 belongs to the network segment
10.1.2.0/24, and all host in Office 2 are added to VLAN 20. These hosts do not use DNS and
NetBIOS services.

An interface address pool needs to be configured on the Router. In addition, IP addresses need
to be dynamically assigned to the hosts in the two offices.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 160


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Figure 6-6 Networking diagram for configuring a DHCP server based on an interface address
pool

Office1
NetBIOS Server DHCP DNS Server
10.1.1.3/24 Client 10.1.1.2/24

VLANIF10
10.1.1.1/24
Etherent0/0/0
Router
Etherent0/0/1 DHCP
VLANIF20 Server
10.1.2.1/24

DHCP DHCP DHCP


Client Client Client
Office2

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the DHCP function on the Router.
2. Configure two VLANIF interfaces, and configure IP addresses for the VLANIF interfaces
so that the interface address pool range can be determined.
3. Enable the interface address pool.
4. Configure address pool attributes for the clients, including the DNS server address,
NetBOIS server address, and IP address leases.

Data Preparation
To complete the configuration, you need the following data:
1. IP addresses of VLANIF 10 and VLANIF 20: 10.1.1.1 and 10.1.2.1 respectively
2. IP address leases for Office 1 and Office 2: 30 days and 20 days respectively
3. IP address of the DNS server: 10.1.1.2
4. IP address of the NetBIOS server: 10.1.1.3

Procedure
Step 1 Enable the DHCP service.
<Huawei> system-view
[Huawei] sysname Router

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 161


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

[Router] dhcp enable

Step 2 Configure the address assignment method for the VLANIF interfaces.
# Add Ethernet 0/0/0 and Ethernet 0/0/1 to the corresponding VLANs respectively.
[Router] vlan batch 10 20
[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] port hybrid pvid vlan 10
[Router-Ethernet0/0/0] port hybrid untagged vlan 10
[Router-Ethernet0/0/0] quit
[Router] interface ethernet 0/0/1
[Router-Ethernet0/0/1] port hybrid pvid vlan 20
[Router-Ethernet0/0/1] port hybrid untagged vlan 20
[Router-Ethernet0/0/1] quit

# Configure the clients connected to VLANIF 10 to obtain IP addresses from the interface address
pool.
[Router] interface vlanif 10
[Router-Vlanif10] ip address 10.1.1.1 255.255.255.0
[Router-Vlanif10] dhcp select interface
[Router-Vlanif10] quit

# Configure the clients connected to VLANIF 20 to obtain IP addresses from the interface address
pool.
[Router] interface vlanif 20
[Router-Vlanif20] ip address 10.1.2.1 255.255.255.0
[Router-Vlanif20] dhcp select interface
[Router-Vlanif20] quit

Step 3 Configure the attributes related to DNS and NetBOIS services for the interface address pool.
# Configure the DNS and NetBOIS services for VLANIF 10 address pool.
[Router] interface vlanif 10
[Router-Vlanif10] dhcp server domain-name huawei.com
[Router-Vlanif10] dhcp server dns-list 10.1.1.2
[Router-Vlanif10] dhcp server nbns-list 10.1.1.3
[Router-Vlanif10] dhcp server excluded-ip-address 10.1.1.2
[Router-Vlanif10] dhcp server excluded-ip-address 10.1.1.3
[Router-Vlanif10] dhcp server netbios-type b-node

Step 4 Configure the IP address lease for the interface address pool.
# Set the IP address lease for Office 1 to 30 days.
[Router] interface vlanif 10
[Router-Vlanif10] dhcp server lease day 30
[Router-Vlanif10] quit

# Set the IP address lease for Office 2 to 20 days.


[Router] interface vlanif 20
[Router-Vlanif20] dhcp server lease day 20
[Router-Vlanif20] quit

Step 5 Verify the configuration.


Run the display ip pool interface command on the Router. You can view the configurations of
the interface address pool.
[Router] display ip pool interface vlanif10
Pool-name : vlanif10
Pool-No : 0
Lease : 30 Days 0 Hours 0 Minutes
Domain-name : huawei.com
DNS-Server0 : 10.1.1.2

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 162


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

NBNS-Server0 : 10.1.1.3
Netbios-type : b-node
Position : Interface Status : Unlocked
Gateway-0 : 10.1.1.1
Mask : 255.255.255.0
VPN instance : --
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 0 251 0 0 2
-----------------------------------------------------------------------------
[Router] display ip pool interface vlanif20
Pool-name : vlanif20
Pool-No : 1
Lease : 20 Days 0 Hours 0 Minutes
Domain-name : -
DNS-Server0 : -
NBNS-Server0 : -
Netbios-type : -
Position : Interface Status : Unlocked
Gateway-0 : 10.1.2.1
Mask : 255.255.255.0
VPN instance : --
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------
10.1.2.1 10.1.2.254 253 0 253 0 0 0
-----------------------------------------------------------------------------

----End

Example
Configuration file of the Router
#
sysname Router
#
vlan batch 10 to 20
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 10.1.1.2
dhcp server netbios-type b-node
dhcp server nbns-list 10.1.1.3
dhcp server excluded-ip-address 10.1.1.2 10.1.1.3
dhcp server lease day 30 hour 0 minute 0
dhcp server domain-name huawei.com
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
dhcp select interface
dhcp server lease day 20 hour 0 minute 0
#
interface Ethernet 0/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet 0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 163


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

6.9.3 Example for Configuring a DHCP Server and a DHCP Relay


Agent When the DHCP Server and Clients Are on Different
Network Segments
This section describes how to configure a DHCP server and a DHCP relay agent when the DHCP
clients and DHCP server are on different network segments.

Networking Requirements
As shown in Figure 6-7, multiple offices of a company are in different commercial buildings,
and the hosts in one office are on the same VLAN. RouterB that functions as a DHCP server is
required to assign IP addresses to hosts in different offices.
Hosts in Office A of the company are on the network segment 20.20.20.0/24, and the DHCP
server is on the network segment 100.10.10.0/24. RouterA must be configured to function as a
DHCP relay agent to forward DHCP packets so that the DHCP clients can obtain IP addresses
and other configurations from the DHCP server.
On RouterA, the public address of Ethernet0/0/8 is 100.10.20.1/24 and the interface address of
RouterA connected to the carrier device is 100.10.20.2/24.
On RouterB, the public address of Ethernet3/0/0 is 100.10.10.1/24 and the interface address of
RouterB connected to the carrier device is 100.10.10.2/24.

Figure 6-7 Networking diagram for configuring the DHCP relay


RouterB
Etherent3/0/0

Internet DHCP Server


100.10.10.1/24

Etherent0/0/8
100.10.20.1/24

DHCP Relay RouterA


VLANIF100
Etherent2/0/0
20.20.20.1/24

DHCP DHCP DHCP


Client Client Client
VLAN100

OFFICE A

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 164


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the DHCP relay function on RouterA. RouterA can forward DHCP packets
between the hosts in Office A and hosts in other network segments.
2. Configure a global address pool 20.20.20.0/24 on RouterB. RouterB can assign IP addresses
in the global address pool to hosts in Office A on a different network segment.

Data Preparation
To complete the configuration, you need the following data:
1. Name of the DHCP server group: dhcpgroup1
2. IP address of the DHCP server: 100.10.10.1
3. VLAN that Office A belongs to: VLAN 100
4. IP address of VLANIF 100: 20.20.20.1
5. Name of the global address pool: pool1
6. Address range of pool1: 20.20.20.0/24
7. IP address of the egress gateway configured for Office A: 20.20.20.1

Procedure
l Configure the DHCP relay function on RouterA.
1. Create a DHCP server group and add a DHCP server to the group.
# Create a DHCP server group.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] dhcp server group dhcpgroup1

# Add a DHCP server to the DHCP server group.


[RouterA-dhcp-server-group-dhcpgroup1] dhcp-server 100.10.10.1
[RouterA-dhcp-server-group-dhcpgroup1] quit

2. Enable the DHCP relay function on VLANIF 100.


# Create a VLAN and add Ethernet 2/0/0 to the VLAN.
[RouterA] vlan batch 100
[RouterA] interface ethernet 2/0/0
[RouterA-Ethernet2/0/0] port hybrid pvid vlan 100
[RouterA-Ethernet2/0/0] port hybrid untagged vlan 100
[RouterA-Ethernet2/0/0] quit

# Enable the DHCP function globally and the DHCP relay function on VLANIF 100.
[RouterA] dhcp enable
[RouterA] interface vlanif 100
[RouterA-Vlanif100] dhcp select relay
[RouterA-Vlanif100] quit

3. Bind the DHCP server group to VLANIF 100.


# Configure an IP address for VLANIF 100.
[RouterA] interface vlanif 100
[RouterA-Vlanif100] ip address 20.20.20.1 24

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 165


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

# Bind the DHCP server group to VLANIF 100.


[RouterA-Vlanif100] dhcp relay server-select dhcpgroup1
[RouterA-Vlanif100] quit

l Configure a default route on RouterA.


[RouterA] ip route-static 0.0.0.0 0.0.0.0 100.10.20.2

l Configure RouterB to function as a DHCP server based on a global address pool.


1. Enable the DHCP service.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] dhcp enable

2. Configure Ethernet3/0/0 to select a global address pool for address allocation.


[RouterB] interface ethernet 3/0/0
[RouterB-Ethernet3/0/0] ip address 100.10.10.1 24
[RouterB-Ethernet3/0/0] dhcp select global
[RouterB-Ethernet3/0/0] quit

3. Create an address pool and configure related attributes.


[RouterB] ip pool pool1
[RouterB-ip-pool-pool1] network 20.20.20.0 mask 24
[RouterB-ip-pool-pool1] gateway-list 20.20.20.1
[RouterB-ip-pool-pool1] quit

4. Configure a static route from the DHCP server to RouterA. This ensures that the route
from the DHCP server to the network segment 20.20.20.0/24 is reachable. (The
configuration details are not provided here.)
l Configure a default route on RouterB.
[RouterA] ip route-static 0.0.0.0 0.0.0.0 100.10.10.2

l Verify the configuration.

# Run the display dhcp relay command on RouterA. You can view the DHCP relay
configurations on VLANIF 100.
[RouterA] display dhcp relay interface vlanif 100
** Vlanif100 DHCP Relay Configuration **
DHCP server group name : dhcpgroup1
DHCP server IP [0] :100.10.10.1

# Run the display ip pool command on RouterB. You can view the configurations of the
IP address pool.
[RouterB] display ip pool
-----------------------------------------------------------------------
Pool-name : pool1
Pool-No : 0
Position : Local Status : Unlocked
Gateway-0 : 10.1.1.1
Mask : 255.255.255.0
Vpn instance : --

IP address Statistic
Total :250
Used :0 Idle :248
Expired :0 Conflict :0 Disable :2

----End

Configuration Files
Configuration file of RouterA

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 166


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

#
sysname RouterA
#
vlan 100
#
dhcp enable
#
dhcp server group dhcpgroup1
dhcp-server 100.10.10.1
#
interface Vlanif100
ip address 20.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
#
interface Ethernet 2/0/0
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ip route-static 0.0.0.0 0.0.0.0 100.10.20.2
#
return

Configuration file of RouterB


#
sysname RouterB
#
vlan batch 20
#
dhcp enable
#
ip pool pool1
network 20.20.20.0 mask 255.255.255.0
gateway-list 20.20.20.1
#
interface Ethernet3/0/0
ip address 100.10.10.1 255.255.255.0
dhcp select global
#
ip route-static 0.0.0.0 0.0.0.0 100.10.10.2
#
return

6.9.4 Example for Configuring the DHCP and BOOTP Clients


This section describes how to configure the DHCP and BOOTP clients.

Networking Requirements
As shown in Figure 6-8, Router A functions as a DHCP client; Router B functions as a BOOTP
client; Router C functions as a DHCP server. Router A dynamically obtains an IP address, a
DNS server address, and a gateway address from Router C. Router B obtains an IP address from
an IP-MAC binding entry, a DNS server address, and a gateway address from Router C
functioning as a DHCP server.

NOTE
AR150/200 is RouterA, RouterC, or RouterD.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 167


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Figure 6-8 Networking diagram for configuring DHCP and BOOTP clients

Gateway

10.1.1.126/24

Eth1/0/0
10.1.1.1/24 10.1.1.2/24 Eth1/0/0 Eth1/0/0

RouterC RouterB RouterA


DNS Server
DHCP Server BOOTP Client DHCP Client

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the DHCP client function on Router A.
2. Enable the BOOTP client function on Router B.
3. Create a global address pool on Router C and configure related attributes.

Data Preparation
To complete the configuration, you need the following data:
1. MAC address of Eth 1/0/0 on Router B: a234-e211-a256
2. IP address of Eth1/0/0 on Router C: 10.1.1.1
3. IP address of the egress gateway configured for the DHCP client: 10.1.1.126
4. IP address of the DNS server connected to the DHCP client: 10.1.1.2

Procedure
l Configure the DHCP client function on Router A.
# Enable the DHCP service.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] dhcp enable

# Enable the DHCP client function on Eth 1/0/0.


[RouterA] interface ethernet 1/0/0
[RouterA-Ethernet1/0/0] ip address dhcp-alloc

l Configure the BOOTP client function on Router B.


# Enable the DHCP service.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] dhcp enable

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 168


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

# Enable the BOOTP client function on Eth 1/0/0.


[RouterB] interface ethernet 1/0/0
[RouterB-Ethernet1/0/0] ip address bootp-alloc

l Create a global address pool on Router C and configure related attributes.


1. Enable the DHCP service.
<Huawei> system-view
[Huawei] sysname RouterC
[RouterC] dhcp enable

2. Configure Eth 1/0/0 to select a global address pool for IP address allocation.
[RouterC] interface Ethernet 1/0/0
[RouterC-Ethernet1/0/0] ip address 10.1.1.1 24
[RouterC-Ethernet1/0/0] dhcp select global
[RouterC-Ethernet1/0/0] quit

3. Create an address pool and configure related attributes.


[RouterC] ip pool pool1
[RouterC-ip-pool-pool1] network 10.1.1.0 mask 24
[RouterC-ip-pool-pool1] gateway-list 10.1.1.126
[RouterC-ip-pool-pool1] static-bind ip-address 10.1.1.3 mac-address a234-
e211-a256
[RouterC-ip-pool-pool1] dns-list 10.1.1.2
[RouterC-ip-pool-pool1] quit

l Verify the configuration.


# Run the display current-configuration command on Router A. You can view the
configurations of the DHCP client function.
[RouterA] display current-configuration
...
#
interface Ethernet1/0/0
ip address dhcp-alloc
#
...

# Run the display interface command on Router A after the interface obtains an IP address.
You can view the IP address of the interface.
[RouterA] display interface ethernet 1/0/0
Ethernet1/0/0 current state : DOWN
Line protocol current state :
DOWN
Description:HUAWEI, Huawei Series, Ethernet1/0/0 Interface
Route Port,The Maximum Transmit Unit is
1500
Internet Address is allocated by DHCP,10.1.1.11/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-
fc11-000a
Last physical up time : 2007-12-01
10:48:50
Last physical down time : 2007-12-01
10:52:56
Current system time: 2007-12-01
16:52:01
Port Mode: COMMON
COPPER
Speed : 100, Loopback:
NONE
Duplex: FULL, Negotiation:
ENABLE
Mdi :
AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/
sec
Last 300 seconds output rate 0 bits/sec, 0 packets/

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 169


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

sec
Input peak rate 1928 bits/sec,Record time: 2007-11-30
14:57:22
Output peak rate 7384 bits/sec,Record time: 2007-11-30
10:13:15

Input: 833 packets, 72696


bytes
Unicast: 59, Multicast:
757
Broadcast: 17, Jumbo:
0
Discard: 0, Total Error: 0

# Run the display current-configuration command on Router B. You can view the
configurations of the BOOTP client function.
[RouterB] display current-configuration
...
#
interface Ethernet1/0/0
ip address bootp-alloc
#
...

# Run the display interface command on Router B after the interface obtains an IP address.
You can view the IP address of the interface.
[RouterB] display interface ethernet 1/0/0
Ethernet1/0/0 current state : DOWN
Line protocol current state :
DOWN
Description:HUAWEI, Huawei Series, Ethernet1/0/0 Interface
Route Port,The Maximum Transmit Unit is
1500
Internet Address is allocated by DHCP,10.1.1.22/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-
fc11-000a
Last physical up time : 2007-12-01
10:48:50
Last physical down time : 2007-12-01
10:52:56
Current system time: 2007-12-01
16:52:01
Port Mode: COMMON
COPPER
Speed : 100, Loopback:
NONE
Duplex: FULL, Negotiation:
ENABLE
Mdi :
AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/
sec
Last 300 seconds output rate 0 bits/sec, 0 packets/
sec
Input peak rate 1928 bits/sec,Record time: 2007-11-30
14:57:22
Output peak rate 7384 bits/sec,Record time: 2007-11-30
10:13:15

Input: 833 packets, 72696


bytes
Unicast: 59, Multicast:
757
Broadcast: 17, Jumbo:
0
Discard: 0, Total Error: 0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 170


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

# Run the display ip pool command on Router C. You can view the configuration about
the IP address pool of Router C.
[RouterB] display ip pool
-----------------------------------------------------------------------
Pool-name : pool1
Pool-No : 0
Position : Local Status : Unlocked
Gateway-0 : 10.1.1.126
Mask : 255.255.255.0
Vpn instance : --

IP address Statistic
Total :250
Used :1 Idle :248
Expired :0 Conflict :0 Disable :2

----End

Example
Configuration file of Router A
#
sysname RouterA
#
dhcp enable
#
interface Ethernet 1/0/0
ip address dhcp-alloc
#
return

Configuration file of Router B


#
sysname RouterB
#
dhcp enable
#
interface Ethernet 1/0/0
ip address bootp-alloc
#
return

Configuration file of Router C


#
sysname RouterC
#
dhcp enable
#
ip pool pool1
network 10.1.1.0 mask 24
gateway-list 10.1.1.126
static-bind ip-address 10.1.1.3 mac-address a234-e211-a256
dns-list 10.1.1.2
#
interface Ethernet 1/0/0
ip address 10.1.1.1 24
dhcp select global
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 171


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

6.9.5 Example for Configuring DHCP Rate Limit


This section describes how to configure the highest rate at which DHCP packets are sent to the
protocol stack and the alarm function of DHCP rate limit.

Networking Requirements
As shown in Figure 6-9, a department uses Router A to directly connect the client. Hosts in this
department function as DHCP clients and are assigned IP addresses by the DHCP server. If the
attacker sends a large number of DHCP packets to Router A, the CPU resources of Router A
will become insufficient. As a result, the requests of authorized users cannot be processed in
time. To avoid this problem, network administrators limit the rate at which DHCP packets are
sent to Router A. This allows Router A to effectively defend against DHCP attack packets, and
to process requests of authorized users in time.

Figure 6-9 Networking diagram for configuring the DHCP relay

DHCP Server
Internet

RouterB
DHCP Relay

RouterA

DHCP DHCP
Attacker
Client Client

Configuration Roadmap
The configuration roadmap is as follows:

l Configure the highest rate at which DHCP packets are sent to Router A in the system view.
This allows Router A to limit the rate at which DHCP packets are received within a normal
range.

Data Preparation
1. Highest rate at which DHCP packets are sent to the protocol stack: 90 pps
2. Alarm threshold: 80

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 172


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 6 DHCP Configuration

Procedure
Step 1 Enable the DHCP service.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] dhcp enable

Step 2 Configure the highest rate at which DHCP packets are sent to the protocol stack.
# Enable the system to check the rate at which DHCP packets are sent to the protocol stack.
[RouterA] dhcp check dhcp-rate enable

# Configure the highest rate at which DHCP packets are sent to the protocol stack.
[RouterA] dhcp check dhcp-rate 90

Step 3 Configure the alarm function.


# Enable the alarm function.
[RouterA] dhcp check dhcp-rate alarm enable

# Configure an alarm threshold.


[RouterA] dhcp check dhcp-rate alarm threshold 80

Step 4 Verify the configuration.


# Run the display current-configuration | include dhcp command on Router A. You can view
the DHCP function and DHCP rate limit have been enabled in the global view.
[RouterB] display current-configuration | include dhcp
It will take a long time if the content you search is too much or the string you
input is too long, you can press CTRL_C to break
dhcp enable
dhcp check dhcp-rate enable
dhcp check dhcp-rate 90
dhcp check dhcp-rate alarm enable
dhcp check dhcp-rate alarm threshold 80

----End

Configuration Files
Configuration file of Router A
#
sysname RouterA
#
dhcp enable
dhcp check dhcp-rate enable
dhcp check dhcp-rate 90
dhcp check dhcp-rate alarm enable
dhcp check dhcp-rate alarm threshold 80
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 173


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

7 IP Performance Configuration

About This Chapter

You can set parameters for IP packets to improve network performance.

7.1 IP Performance Overview


You can set parameters for IP packets to improve network performance.
7.2 IP Performance Features Supported by the AR150/200
This section describes IP performance features supported by the AR150/200.
7.3 Optimizing IP Performance
You can set parameters for IP packets to optimize network performance.
7.4 Configuring Load Balancing for IP Packet Forwarding
Unequal-Cost Multiple Path (UCMP) improves packet forwarding performance on a network.
7.5 Configuring TCP Attributes
You can configure TCP attributes to improve network performance.
7.6 Maintaining IP Performance
You can maintain IP performance by clearing IP performance statistics, and monitoring the IP
running status.
7.7 Configuration Examples
This section provides IP performance configuration examples.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 174


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

7.1 IP Performance Overview


You can set parameters for IP packets to improve network performance.

7.2 IP Performance Features Supported by the AR150/200


This section describes IP performance features supported by the AR150/200.

The AR150/200 supports the following IP performance features:


l Sending ICMP redirection packets
l Setting the TCP FIN-Wait timer
l Setting the TCP SYN-Wait timer
l Setting the packet receive or transmit buffer of a connection-oriented socket
l Configuring flow-based Equal-Cost Multipath Path during IP packet forwarding
l Collecting and displaying TCP traffic, IP traffic, UDP traffic, and socket monitor statistics
l Checking validity of source IP addresses
l Forwarding broadcast packets
l Controlling IP packets with source route options
l Fragmenting IP packets
l Setting the Aging Time of the PMTU
l Setting the MSS of TCP Packets on an Interface

7.3 Optimizing IP Performance


You can set parameters for IP packets to optimize network performance.

7.3.1 Establishing the Configuration Task


Before optimizing IP performance, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
On certain networks, you need to modify parameters for IP packets to optimize network
performance.

Pre-configuration Tasks
Before optimizing IP performance, complete the following tasks:

l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 175


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up
l Configuring IP addresses for interfaces
l Configuring an ACL

Data Preparation
To optimize IP performance, you need the following data.

No. Data

1 Number of the interface where validity of source addresses of received packets will
be checked

2 Number of an ACL and number of the interface that will forward broadcast packets

3 Number of the interface that will reset the DF field of packets

4 Number of the interface where ICMP redirection will be configured

7.3.2 Checking Validity of Source IP Addresses of Received Packets


You can enable an interface to check validity of source IP addresses of received packets. This
improves network security.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ip verify source-address

The interface is enabled to check validity of source IP addresses of received packets.


By default, an interface does not check validity of source IP addresses of received packets.
The AR150/200 only checks validity of source IP addresses of packets forwarded from an
interface to the CPU.

----End

7.3.3 Controlling IP packets with Source Route Options


By controlling IP packets with source route options, the AR150/200 can prevent malicious
attackers from detecting network topologies by using source route options. This improves
network security.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 176


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
discard srr

The interface is configured to discard IP packets with source route options.

----End

7.3.4 Configuring an Interface to Forward Broadcast Packets


By configuring an interface to forward broadcast packets, you can improve network
performance.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
ip forward-broadcast [ acl acl-number ]

The interface is configured to forward broadcast packets.


By default, an interface does not forward broadcast packets.

----End

7.3.5 Configuring an Outbound Interface to Fragment IP Packets


You can configure an outbound interface to fragment IP packets.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 177


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

The interface view is displayed.

NOTE

The function that resets the DF field is valid for outgoing packets; therefore, this function must be
configured on the outbound interface.

Step 3 Run:
clear ip df

The interface is configured to fragment outgoing IP packets.

By default, an interface does not fragment outgoing IP packets.

----End

7.3.6 Configuring an Interface to Send ICMP Redirection Packets


By configuring an interface to send ICMP redirection packets, the router can defend against
attacks by using ICMP packets.

Context
By default, an interface is enabled to send ICMP redirection packets.

CAUTION
If an interface is not enabled to send ICMP redirection packets, the router does not send ICMP
redirection packets.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

Step 3 Run:
icmp redirect send

The interface is enabled to send ICMP redirection packets.

----End

7.3.7 Setting the Mode in Which Protocol Packets Are Sent


You can set the mode in which protocol packets are sent to control IP unicast protocol packets.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 178


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

Context
By default, IP unicast protocol packets generated by the AR150/200 are scheduled first and can
preempt all the bandwidth.
You can change the priority of IP unicast protocol packets generated by the AR150/200 to
implement proper bandwidth allocation.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
ip soft-forward enhance enable

The enhanced IP forwarding function is enabled on the AR150/200.


Step 3 Run:
set priority

The DSCP priority of IP unicast protocol packets is set.

----End

7.3.8 Checking the Configuration


After optimizing IP performance, you can view the IP performance configuration.

Procedure
l Run the display udp statistics command to check the UDP traffic statistics.
l Run the display ip interface [ interface-type interface-number ] or display ip interface
brief [ interface-type interface-number ] command to check information about the
interface.
l Run the display ip statistics command to check the IP traffic statistics.
l Run the display icmp statistics command to check the ICMP traffic statistics.
l Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | socket-type
socket-type ] command to check the IP socket information.
----End

Example
# Run the display udp statistics command, and you can view the UDP traffic statistics.
<Huawei> display udp statistics
Received packets:
Total: 13228
Total(64bit high-capacity counter): 13228
checksum error: 0
shorter than header: 0, data length larger than packet: 0
unicast(no socket on port): 0
broadcast/multicast(no socket on port): 954
not delivered, input socket full: 0
input packets missing pcb cache: 0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 179


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

Sent packets:
Total: 11904
Total(64bit high-capacity counter): 11904

# Run the display ip interface command, and you can view information about the interface.
<Huawei> display ip interface ethernet 1/0/0
Ethernet1/0/0 current state : UP
Line protocol current state : DOWN
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
Directed-broadcast packets:
received packets: 0, sent packets: 0
forwarded packets: 0, dropped packets: 0
ARP packet input number: 0
Request packet: 0
Reply packet: 0
Unknown packet: 0
Internet protocol processing : disabled
Broadcast address : 0.0.0.0
TTL being 1 packet number: 0
TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0

# Run the display ip statistics command, and you can view the IP traffic statistics.
<Huawei> display ip statistics
Input: sum 31786 local 31786
bad protocol 0 bad format 0
bad checksum 0 bad options
discard srr 0 TTL exceeded 0
Output: forwarding 0 local 41289
dropped 0 no route 1
Fragment: input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0

# Run the display icmp statistics command, and you can view the ICMP traffic statistics.
<Huawei> display icmp statistics
Input: bad formats 0 bad checksum 0
echo 0 destination unreachable 0
source quench 0 redirects 0
echo reply 0 parameter problem 0
timestamp 0 information request 0
mask requests 0 mask replies 0
time exceeded 0
Mping request 0 Mping reply 0
Output:echo 0 destination unreachable 168
source quench 0 redirects 0
echo reply 0 parameter problem 0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 180


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

timestamp 0 information reply 0


mask requests 0 mask replies 0
time exceeded 0
Mping request 0 Mping reply 0

7.4 Configuring Load Balancing for IP Packet Forwarding


Unequal-Cost Multiple Path (UCMP) improves packet forwarding performance on a network.

7.4.1 Establishing the Configuration Task


Before configuring load balancing for IP packet forwarding, familiarize yourself with the
applicable environment, complete the pre-configuration tasks, and obtain the data required for
the configuration. This will help you complete the configuration task quickly and accurately.

Applicable Environment
On the AR150/200, there are multiple equal-cost routes over multiple equal-cost links to a
destination. Among the equal-cost links, there are high-speed links and low-speed links.

NOTE

If multiple routes to the same destination have the same preference, the same number of hops, and the same
cost, these routes are equal-cost routes.

By default, the AR150/200 uses the flow-based ECMP mode, in which traffic is evenly load
balanced among equal-cost links regardless of the bandwidth. In this mode, congestion may
occur on low-speed links and bandwidth of high-speed links cannot be used efficiently.
ECMP evenly load balances traffic over multiple equal-cost links, regardless of the bandwidth.
Consequently, traffic congestion may occur on low-speed links and bandwidth of high-speed
links cannot be used efficiently. To load balance traffic on the equal-cost links based on
bandwidth, configure UCMP.

Pre-configuration Tasks
Before configuring load balancing for IP packet forwarding, complete the following tasks:
l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical status of the interfaces is Up
l Setting parameters for data link layer protocols on interfaces to ensure that the data link
layer protocol status of the interfaces is Up

Data Preparation
To configure load balancing for IP packet forwarding, you need the following data.

No. Data

1 Number of the interface where UCMP will be enabled

2 (Optional) Number of the interface where the bandwidth will be configured manually

3 (Optional) Manually configured bandwidth

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 181


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

7.4.2 Configuring the Unequal-Cost Multiple Path During IP Packet


Forwarding
UCMP load balances traffic among equal-cost links based on bandwidth.

Context
ECMP evenly load balances traffic over multiple equal-cost links, regardless of the bandwidth.
Consequently, traffic congestion may occur on low-speed links and bandwidth of high-speed
links cannot be used efficiently. To load balance traffic on the equal-cost links based on
bandwidth, configure UCMP.
When configuring the UCMP function, manually set the bandwidth of an interface in the
following scenarios:
l Users need to adjust the bandwidth of equal-cost links so that the equal-cost links load
balance traffic based on the configured bandwidth.
l The outbound interface of the equal-cost route is a logical interface.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.

NOTE

To configure UCMP on a logical interface, you must perform step 3.

Step 3 (Optional) Run:


load-balance bandwidth bandwidth

The bandwidth is manually configured for the interface.


Step 4 Run:
load-balance unequal-cost enable

UCMP is enabled on the interface.


By default, UCMP is disabled on an interface.
Step 5 Run:
shutdown

The interface is shut down.


Step 6 Run:
undo shutdown

The interface is started.


Step 7 Run:
quit

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 182


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

Return to the system view.

To configure UCMP on other interfaces, repeat steps 2 through 7.

NOTE

Traffic is load balanced based on bandwidth only when UCMP is enabled on outbound interfaces of all the
equal-cost links and FIB entry updating is triggered. If UCMP is not enabled on any outbound interface,
the equal-cost links evenly load balance traffic even though FIB entry updating is triggered.

----End

7.4.3 Checking the Configuration


After setting the load balancing mode for IP packet forwarding, you can view the load balancing
configuration.

Procedure
l Run the display fib [ slot-id ] command to check the FIB table on a specified LPU.
l Run the display fib acl acl-number [ verbose ] command to check FIB entries matching
an ACL.
l Run the display fib [ slot-id ] destination-address1 [ destination-mask1 ] [ longer ]
[ verbose ] command to check FIB entries matching destination addresses.
l Run the display fib [ slot-id ] destination-address1 destination-mask1 destination-
address2 destination-mask2 [ verbose ] command to check FIB entries matching
destination addresses in the range of destination-address1 destination-mask1 to
destination-address2 destination-mask2.
l Run the display fib ip-prefix prefix-name [ verbose ] command to check FIB entries
matching the specified IP prefix list.
l Run the display fib interface interface-type interface-number command to check FIB
entries matching a specified interface.
l Run the display fib next-hop ip-address command to check FIB entries matching a
specified next hop address.
l Run the display fib [ slot-id ] statistics command to check the total number of FIB entries.

----End

Example
# Run the display fib command to view the summary of the FIB table.
<Huawei> display fib
Route Flags: G - Gateway Route, H - Host Route, U - Up Route
S - Static Route, D - Dynamic Route, B - Black Hole Route
------------------------------------------------------------------------------
FIB Table:
Total number of Routes : 4
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
127.0.0.1/32 127.0.0.1 HU t[49] InLoop0 0x0
127.0.0.0/8 127.0.0.1 U t[49] InLoop0 0x0
127.255.255.255/32 127.0.0.1 HU t[49] InLoop0 0x0
255.255.255.255/32 127.0.0.1 HU t[49] InLoop0 0x0

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 183


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

7.5 Configuring TCP Attributes


You can configure TCP attributes to improve network performance.

7.5.1 Establishing the Configuration Task


Before configuring TCP attributes, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain the data required for the configuration. This
will help you complete the configuration task quickly and accurately.

Applicable Environment
On certain networks, you need to adjust TCP parameters to improve network performance.

Pre-configuration Tasks
Before configuring TCP attributes, complete the following tasks:

l Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical layer status of the interfaces is Up
l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol
status on the interfaces is Up
l Setting network layer protocol parameters for interfaces to ensure that the routing protocol
status on the interfaces is Up

Data Preparation
To configure TCP attributes, you need the following data.

No. Data

1 Values of the SYN-Wait timer and FIN-Wait timer, and packet receive or transmit
buffer size of a connection-oriented socket

7.5.2 Setting Values of TCP Timers


You can set values of the SYN-Wait timer and FIN-Wait timer to control TCP connections.

Context
TCP uses the following timers:

l SYN-Wait timer: When SYN packets are sent, the SYN-Wait timer is started. If no response
packet is received after the SYN-Wait timer expires, the TCP connection is closed. The
value of the SYN-Wait timer ranges from 2 to 600, in seconds. The default value is 75s.
l FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer is started. If no response packet is received after the

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 184


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

FIN-Wait timer expires, the TCP connection is closed. The value of the FIN-Wait timer
ranges from 76 to 3600, in seconds. The default value is 675s.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
tcp timer syn-timeout interval

The value of the SYN-Wait timer is set.

Step 3 Run:
tcp timer fin-timeout interval

The value of the FIN-Wait (FIN_WAIT_2) timer is set.

----End

7.5.3 Setting the Aging Time of the PMTU


You can set a proper aging time of the path MTU (PMTU) to improve transmission efficiency
and network performance.

Context
When hosts on the same network communicate with each other, the MTU of the network is
important for the hosts. When hosts communicate with each other across multiple networks, it
is important to determine the minimum MTU on the network path because the MTUs of the link
layers on different networks are different. The minimum MTU on the network path is called the
PMTU.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
tcp timer pathmtu-age age-time

The aging time of the PMTU is set.

The aging time of an IPv4 PMTU is an integer ranging from 10 to 100, in minutes. The default
value is 0 minutes, that is, the PMTU never ages..

----End

7.5.4 Setting the Size of the TCP Sliding Window


You can set the size of the TCP sliding window, that is, the packet receive or transmit buffer
size of a connection-oriented socket, to improve network performance.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 185


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
tcp window window-size

The packet receive or transmit buffer size of a connection-oriented socket is set.


The value of window-size ranges from 1 to 32, in K bytes. The default value is 8K bytes.

----End

7.5.5 Setting the MSS of TCP Packets on an Interface


After the maximum segment size (MSS) of TCP packets on an interface is set, the size of received
or sent TCP packets is limited within the MSS so that network performance is improved.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


Step 3 Run:
tcp adjust-mss value

The MSS of TCP packets is set on the interface.


The MSS of TCP packets on an interface is an integer that ranges from 128 to 2048, in bytes.

----End

7.5.6 Checking the Configuration


After configuring TCP attributes, you can view the configuration.

Procedure
l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipv4-
address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port
remote-port-number ] ] command to check the TCP connection status.
l Run the display tcp statistics command to check the TCP traffic statistics.
----End

Example
# Run the display tcp status command to view the TCP connection status.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 186


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

<Huawei> display tcp status


TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State
0b148a24 90 /1 0.0.0.0:23 0.0.0.0:0 14849 Listening
0ba8fb2c 90 /11 100.1.1.116:23 100.1.1.4:1334 0 Established
0ba91254 90 /12 100.1.1.116:23 100.1.1.4:2266 0 Established

# Run the display tcp statistics command to view the TCP traffic statistics.
<Huawei> display tcp statistics
Received packets:
Total: 34574
Total(64bit high-capacity counter): 34574
packets in sequence: 2852 (3242 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0

duplicate packets: 6 (6 bytes), partially duplicate packets: 0 (0 bytes)


out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0

ACK packets: 3757 (126230 bytes)


duplicate ACK packets: 29083, too much ACK packets: 0

Sent packets:
Total: 35094
Total(64bit high-capacity counter): 35094
urgent packets: 0
control packets: 0 (including 1 RST)
window probe packets: 0, window update packets: 0

data packets: 5364 (126736 bytes), data packets retransmitted: 0 (0 byte


s)
ACK-only packets: 657 (626 delayed)

Other information:
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
Keep alive timeout: 29072, keep alive probe: 29072, Keep alive timeout,
so connections disconnected : 0
Initiated connections: 0, accepted connections: 16, established connecti
ons: 16
Closed connections: 13 ( dropped: 10, initiated dropped: 0)
Packets dropped with MD5 authentication: 0
Packets permitted with MD5 authentication: 0
Send Packets permitted with Keychain authentication: 0
Receive Packets permitted with Keychain authentication: 0
Receive Packets Dropped with Keychain authentication: 0

7.6 Maintaining IP Performance


You can maintain IP performance by clearing IP performance statistics, and monitoring the IP
running status.

7.6.1 Clearing IP Performance Statistics


You can run the following reset commands to clear IP performance statistics.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 187


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

Context

CAUTION
The IP/TCP/UDP traffic statistics cannot be restored after being cleared. Exercise caution when
you run the commands.

Procedure
l Run the reset ip statistics [ interface interface-type interface-number ] command in the
user view to clear the IP traffic statistics.
l Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the
user view to clear information in a socket monitor.
l Run the reset tcp statistics command in the user view to clear the TCP traffic statistics.
l Run the reset udp statistics command in the user view to clear the UDP traffic statistics.

----End

7.6.2 Monitoring the IP Running Status


You can monitor the IP running status by running display commands.

Context
In routine maintenance, you can run the following commands in any view to view the IP running
status.

Procedure
l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipv4-
address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port
remote-port-number ] ] command in any view to check the TCP connection status.
l Run the display tcp statistics command in any view to check the TCP traffic statistics.
l Run the display udp statistics command in any view to check the UDP traffic statistics.
l Run the display ip interface [ interface-type interface-number ] command in any view to
check information about an interface.
l Run the display ip statistics command in any view to check the IP traffic statistics.
l Run the display icmp statistics command in any view to check the ICMP traffic statistics.
l Run the display fib acl acl-number [ verbose ] command in any view to check FIB entries
matching the specified ACL.
l Run the display fib [ slot-id ] destination-address1 [ destination-mask1 ] [ longer ]
[ verbose ] command in any view to check FIB entries matching the specified destination
address.
l Run the display fib [ slot-id ] destination-address1 destination-mask1 destination-
address2 destination-mask2 [ verbose ] command in any view to check FIB entries
matching destination addresses in the range of destination-address1 destination-mask1 to
destination-address2 destination-mask2.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 188


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

l Run the display fib ip-prefix prefix-name [ verbose ] command in any view to check FIB
entries matching the specified IP prefix list.
l Run the display fib interface interface-type interface-number command in any view to
check FIB entries matching a specified interface.
l Run the display fib next-hop ip-address command in any view to check FIB entries
matching a specified next hop address.
l Run the display fib [ slot-id ] statistics command in any view to check the total number
of FIB entries.
l Run the display fib [ slot-id ] command in any view to check information about the FIB
table.
l Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
socket-type ] command in any view to check the IP socket information.
----End

7.7 Configuration Examples


This section provides IP performance configuration examples.

7.7.1 Example for Disabling the Sending of ICMP Redirection


Packets

Networking Requirements
As shown in Figure 7-1, to limit the sending of ICMP redirection packets, RouterA, RouterB,
and RouterC are required to be connected with each other by using layer 3 interfaces.

Figure 7-1 Network diagram of Disabling the Sending of ICMP Redirection Packets

RouterA

Eth1/0/0
1.1.1.1/24

Internet
Eth1/0/0 Eth1/0/0
2.2.2.2/24 1.1.1.2/24

RouterC RouterB

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 189


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IP address for each connected interface.
2. Configure static routes to indirectly connected devices.
3. Disable an interface from sending ICMP redirection packets.

Data Preparation
To complete the configuration, you need the following data:
l Static routes to indirectly connected devices.
l IP addresses of interfaces.

Procedure
Step 1 Configure IP addresses for interfaces.
# Configure RouterA.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface ethernet 1/0/0
[RouterA-Ethernet1/0/0] ip address 1.1.1.1 24
[RouterA-Ethernet1/0/0] quit

# Configure RouterB.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] interface ethernet 1/0/0
[RouterB-Ethernet1/0/0] ip address 1.1.1.2 24
[RouterB-Ethernet1/0/0] quit

# Configure RouterC.
<Huawei> system-view
[Huawei] sysname RouterC
[RouterC] interface ethernet 1/0/0
[RouterC-Ethernet1/0/0] ip address 2.2.2.2 24
[RouterC-Ethernet1/0/0] quit

Step 2 Configure static routes.


# Configure RouterA.
[RouterA] ip route-static 2.2.2.0 255.255.255.0 1.1.1.2

# Configure RouterB.
[RouterB] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1

Step 3 Disable Eth1/0/0 on RouterB from sending ICMP redirection packets.


[RouterB] interface ethernet 1/0/0
[RouterB-Ethernet1/0/0] undo icmp redirect send
[RouterB-Ethernet1/0/0] quit

Step 4 Verify the configuration.


# Enable ICMP packet debugging on RouterB.
<RouterB> debugging ip icmp

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 190


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 7 IP Performance Configuration

# Ping RouterA. You can see that RouterB does not send ICMP redirection packets. There is no
information about ICMP redirection packets in the debugging command output.
[RouterA] ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=3 ms

--- 2.2.2.2 ping statistics ---


5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms

----End

Configuration Files
l Configuration file of RouterA

#
sysname RouterA
#
interface Ethernet1/0/0
ip address 1.1.1.1 255.255.255.0
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return

l Configuration file of RouterB

#
sysname RouterB
#
interface Ethernet1/0/0
ip address 1.1.1.2 255.255.255.0
undo icmp redirect send
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
#
return

l Configuration file of RouterC

#
sysname RouterC
#
interface Ethernet1/0/0
ip address 2.2.2.2 255.255.255.0
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 191


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

8 IP Unicast PBR Configuration

About This Chapter

By configuring IP unicast PBR, you can improve the security of the network and perform load
balancing.

8.1 PBR Overview


This section describes the concept of PBR.
8.2 PBR Supported by the AR150/200
8.3 Configuring IP Policy-based Routing
By configuring IP unicast PBR, you can ensure that a certain packet is forwarded through a
specified outbound interface.
8.4 Configuration Examples
This section includes the networking requirements, precautions for configuration, and
configuration roadmap.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 192


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

8.1 PBR Overview


This section describes the concept of PBR.
IP unicast PBR is a routing mechanism based on user-defined policies rather than the destination
IP addresses of data packets. PBR provides security and load balancing.

8.2 PBR Supported by the AR150/200


The AR150/200 supports packet routing based on the source IP address and packet length of the
packets. Therefore, PBR can flexibly select routes. After a packet arrives, the system forwards
the packet according to PBR. If no PBR is configured, or if PBR is configured but no matching
entry exists, the system forwards the packet according to the Forwarding Information Base (FIB)
table.
The AR150/200 enforces the PBR to only the locally sent protocol packets, such as ICMP and
BGP packets.

NOTE

A traffic policy can be configured on the AR150/200's interface to redirect the data packets of which the
destination address is not the local address. This traffic policy is invalid for the local packets sent to the
CPU. It applies to the following situations:
l Load balancing: specifies a forwarding path for special packets.
l Security inspection: redirects certain packets to the firewall.
For details about the redirection configuration, see Configuring Redirection in the Huawei AR150&200
Series Enterprise Routers Configuration Guide - QoS.

8.3 Configuring IP Policy-based Routing


By configuring IP unicast PBR, you can ensure that a certain packet is forwarded through a
specified outbound interface.

8.3.1 Establishing the Configuration Task


This section describes the applicable environment, pre-configuration tasks, data preparation, and
configuration procedure for configuring IP unicast PBR.

Applicable Environment
An internal network is connected to an external network through a router. The router has multiple
egresses to the external network. You can use IP unicast PBR on the interface to control some
packets to pass the specified egress of the router.
To perform PBR on the packets generated by the router, you should configure the local PBR.

Pre-configuration Tasks
Before configuring IP unicast PBR, complete the following tasks:
l Configuring the interface between the router and other devices

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 193


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

l Configuring the link layer protocol of the interface


l Configuring the ACL used for packet matching
l Configuring the VPN first if you want the packet to enter VPN

Data Preparation
To configure IP Policy-based Routing, you need the following data.

No. Data

1 PBR name, the policy node number and the default


action to the packet

2 Maximum and the minimum byte number of the


packet

3 ACL number of the matched packets

4 New precedence of the packet

5 Default next hop or output interface of the packet


in the specified policy

6 Next hop or the output interface number of the


packet in the specified policy

7 VPN instance name to which the packet in the


specified policy belongs

8.3.2 Defining the Matching Rule of PBR


By defining the matching rule of PBR, you can determine the type of packets to which PBR is
applied.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
policy-based-route policy-name { deny | permit } node node-id

A policy or a policy node is created.

Step 3 Run:
if-match packet-length min-length max-length or if-match acl acl-number

The match rule of the IP packet length is set.

----End

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 194


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

Follow-up Procedure
Note the following when configuring PBR:

l You can use the policy to import the routes or to forward the IP packets.
l You can specify the routing policy by using the if-match and apply clauses.
l A single policy can include multiple if-match clauses, such as if-match acl and if-match
packet-length, which can be used in combination.
– If if-match acl acl-number is used repeatedly to set ACL rules, the new configuration
supersedes the old configuration.
– If if-match packet-length min-length max-length is used repeatedly to set ACL rules,
the new configuration supersedes the old configuration.
l permit means allowing the packets matching the rule to pass during the policy-based
routing; deny means denying the packets that match the rule to pass during the policy-based
routing.
l A routing policy contains several policy nodes. Each policy node is specified by a node-
id. The smaller the node-id is, the higher the preference of the policy node is. The policy
of a higher preference is first executed.

8.3.3 Defining Actions of PBR


This part describes how to define actions of PBR, including setting the outbound interface and
nexthop for a packet.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
policy-based-route policy-name { deny | permit } node node-id

A policy or a policy node is created.

Step 3 Run:
apply ip-precedence precedence

The precedence of the IP packet is set.

Step 4 Run:
apply ip-address default next-hop ip-address1 [ ip-address2 ]

The default next hop of the packet is specified.

NOTE
The default next hop cannot be a local IP address.

Step 5 Run:
apply default output-interface interface-type1 interface-number1 [ interface-type2
interface-number2 ]

The default outbound interface of the packet is specified.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 195


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

NOTE

The default outbound interface cannot be a broadcast interface, such as an Ethernet interface.

Step 6 Run:
apply ip-address next-hop ip-address1 [ ip-address2 ]

The next hop of the packet is specified.

NOTE
The next hop cannot be a local IP address.

Step 7 Run:
apply output-interface interface-type interface-number

The outbound interface of the packet is specified.

NOTE

The outbound interface cannot be a broadcast interface, such as an Ethernet interface.

Step 8 Run:
apply access-vpn vpn-instance vpn-instance-name &<1-6>

The VPN instance allowed to be accessed is specified.

The apply ip-precedence command is used to set the precedence of the packet. The value of
precedence ranges from 0 to 7. In addition, some key words can be used as the value of
precedence. Table 8-1 shows the relationship between key words and precedence.

Table 8-1 Relationship between keywords and precedence

Precedence Key Word

0 Routine

1 Priority

2 Immediate

3 Flash

4 Flash-override

5 Critical

6 Internet

7 Network

----End

Follow-up Procedure
Note the following when defining actions in PBR:

l A policy can include multiple apply clauses, which can be used in combination.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 196


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

l If multiple next hops are specified, the load balancing is complemented among multiple
next hops.
l If multiple outbound interfaces are specified, the load balancing is complemented among
multiple outbound interfaces.
l If outbound interfaces and next hops are configured at the same time, the load balancing is
implemented only on outbound interfaces.
l If you run the apply output-interface command to configure two egresses at first and then
run the command again to configure another one. The thirdly configured egress supersedes
only the first configured one.

8.3.4 Applying PBR


This part describes how to apply PBR.

Procedure
l Enabling local PBR
1. Run:
system-view

The system view is displayed.


2. Run:
ip local policy-based-route policy-name

The local PBR is enabled.


Here, PBR applies to only the local packets. You can configure only one local policy.
----End

8.3.5 Checking the Configuration


You can view the configuration of IP unicast PBR.

Prerequisites
The configurations of the IP Policy-based Routing function are complete.

Procedure
l Run the display ip policy-based-route command to check the enabled PBR.
l Run the display ip policy-based-route setup local command to check the configuration
of local PBR.
l Run the display ip policy-based-route statistics local command to check the statistics of
the local packet that is enabled with PBR.
l Run the display policy-based-route [ policy-name ] command to check the created policy.
----End

Example
Run the display ip policy-based-route command to check the enabled PBR.
<Huawei> display ip policy-based-route

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 197


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

policy Name interface


aaa local

Run the display ip policy-based-route setup local command. If configurations of the local PBR
are displayed, the configuration is successful.
<Huawei> display ip policy-based-route setup local
policy-based-route aaa permit node 5
if-match acl 2000
apply output-interface Ethernet1/0/0

Run the display ip policy-based-route statistics local command. If statistics of local PBR is
displayed, it means the configuration succeeds.
<Huawei> display ip policy-based-route statistics local
Local policy based routing information:
policy-based-route: aaa
permit node 21
Total denied: 0, forwarded: 0

8.4 Configuration Examples


This section includes the networking requirements, precautions for configuration, and
configuration roadmap.

8.4.1 Example for Configuring IP Unicast PBR


This section provides an example for configuring IP unicast PBR.

Networking Requirements
As shown in Figure 8-1, IP unicast PBR is applied to RouterA:

l The next hop address 150.1.1.2 is set for packets with 64 to 1400 bytes.
l The next hop address 151.1.1.2 is set for packets with 1401 to 1500 bytes.
l Packets with other lengths are routed based on destination addresses.

Figure 8-1 Networking diagram of IP unicast PBR configurations


Loopback0 Loopback0
10.1.1.1/24 10.1.2.1/24
Eth1/0/0 Eth1/0/0
150.1.1.1/24 150.1.1.2/24

Eth2/0/0 Eth2/0/0
RouterA RouterB
151.1.1.1/24 151.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows:

l Assign an IP address to each interface.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 198


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

l Configure static routes.


l Configure a PBR route that defines rules and actions.

Data Preparation
To complete the configuration, you need the following data:

l IP address and subnet mask of each interface


l Packet length and next hop address in the PBR route

Procedure
Step 1 Assign an IP address to each interface.

# Assign an IP address to each interface on RouterA.


<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface ethernet 1/0/0
[RouterA-Ethernet1/0/0] ip address 150.1.1.1 255.255.255.0
[RouterA-Ethernet1/0/0] quit
[RouterA] interface ethernet 2/0/0
[RouterA-Ethernet2/0/0] ip address 151.1.1.1 255.255.255.0
[RouterA-Ethernet2/0/0] quit

# Assign an IP address to each interface on RouterB.


<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] interface ethernet 1/0/0
[RouterB-Ethernet1/0/0] ip address 150.1.1.2 255.255.255.0
[RouterB-Ethernet1/0/0] quit
[RouterB] interface ethernet 2/0/0
[RouterB-Ethernet2/0/0] ip address 151.1.1.2 255.255.255.0
[RouterB-Ethernet2/0/0] quit

Step 2 Configure static routes.

# Configure a static route on RouterA.


[RouterA] ip route-static 10.1.2.0 24 150.1.1.2
[RouterA] ip route-static 10.1.2.0 24 151.1.1.2

# Configure a static route on RouterB.


[RouterB] ip route-static 10.1.1.0 24 150.1.1.1
[RouterB] ip route-static 10.1.1.0 24 151.1.1.1

Step 3 Configure a PBR route.

# Configure a PBR route lab1.


[RouterA] policy-based-route lab1 permit node 10
[RouterA-policy-based-route-lab1-10] if-match packet-length 64 1400
[RouterA-policy-based-route-lab1-10] apply ip-address next-hop 150.1.1.2
[RouterA-policy-based-route-lab1-10] quit
[RouterA] policy-based-route lab1 permit node 20
[RouterA-policy-based-route-lab1-20] if-match packet-length 1401 1500
[RouterA-policy-based-route-lab1-20] apply ip-address next-hop 151.1.1.2
[RouterA-policy-based-route-lab1-20] quit

# Enable local PBR.


[RouterA] ip local policy-based-route lab1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 199


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

Step 4 Verify the configuration.


# Run the debugging ip policy-based-route command on RouterA to debug the PBR route.
<RouterA> debugging ip policy-based-route
<RouterA> terminal debugging
<RouterA> terminal monitor

# On RouterA, ping the IP address of Loopback0 interface on RouterB and set the packet length
to 80 bytes.
<RouterA> ping -s 80 10.1.2.1
PING 100.1.2.1: 80 data bytes, press CTRL_C to break
Mar 9 2011 15:00:35.40.2 RouterA PBR/7/POLICY-ROUTING:IP Policy routing success
: next-hop : 150.1.1.2
Reply from 100.1.2.1: bytes=80 Sequence=1 ttl=254 time=1 ms
Reply from 100.1.2.1: bytes=80 Sequence=2 ttl=254 time=1 ms
Reply from 100.1.2.1: bytes=80 Sequence=3 ttl=254 time=1 ms
Reply from 100.1.2.1: bytes=80 Sequence=4 ttl=254 time=1 ms
Reply from 100.1.2.1: bytes=80 Sequence=5 ttl=254 time=1 ms

--- 100.1.2.1 ping statistics ---


5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

# The following information about the PBR route is displayed on RouterA:


<RouterA>
Mar 9 2011 15:00:37.50.2 RouterA PBR/7/POLICY-ROUTING:IP Policy routing success
: next-hop : 150.1.1.2
Mar 9 2011 15:00:37.50.3 RouterA PBR/7/POLICY-ROUTING:IP Policy routing success
: next-hop : 150.1.1.2
Mar 9 2011 15:00:37.50.4 RouterA PBR/7/POLICY-ROUTING:IP Policy routing success
: next-hop : 150.1.1.2
Mar 9 2011 15:00:37.50.5 RouterA PBR/7/POLICY-ROUTING:IP Policy routing success
: next-hop : 150.1.1.2

RouterA forwards the received packets from Ethernet1/0/0 because the next hop address in the
PBR route is 150.1.1.2.
# On RouterA, ping the IP address of Loopback0 interface on RouterB and set the packet length
to 1401 bytes.
<RouterA> ping -s 1401 10.1.2.1
PING 100.1.2.1: 1401 data bytes, press CTRL_C to break
Mar 9 2011 15:41:26.350.2 RouterA PBR/7/POLICY-ROUTING:IP Policy routing succes
s : next-hop : 151.1.1.2
Mar 9 2011 15:41:26.350.3 RouterA PBR/7/POLICY-ROUTING:IP Policy routing succes
s : next-hop : 151.1.1.2
Reply from 100.1.2.1: bytes=1401 Sequence=1 ttl=254 time=2 ms
Mar 9 2011 15:41:26.850.1 RouterA PBR/7/POLICY-ROUTING:IP Policy routing succes
s : next-hop : 151.1.1.2
Reply from 100.1.2.1: bytes=1401 Sequence=2 ttl=254 time=2 ms
Mar 9 2011 15:41:27.340.1 RouterA PBR/7/POLICY-ROUTING:IP Policy routing succes
s : next-hop : 151.1.1.2
Reply from 100.1.2.1: bytes=1401 Sequence=3 ttl=254 time=2 ms
Mar 9 2011 15:41:27.840.1 RouterA PBR/7/POLICY-ROUTING:IP Policy routing succes
s : next-hop : 151.1.1.2
Reply from 100.1.2.1: bytes=1401 Sequence=4 ttl=254 time=2 ms
Mar 9 2011 15:41:28.340.1 RouterA PBR/7/POLICY-ROUTING:IP Policy routing succes
s : next-hop : 151.1.1.2
Reply from 100.1.2.1: bytes=1401 Sequence=5 ttl=254 time=2 ms

--- 100.1.2.1 ping statistics ---


5 packet(s) transmitted
5 packet(s) received

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 200


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 8 IP Unicast PBR Configuration

0.00% packet loss


round-trip min/avg/max = 2/2/2 ms

RouterA forwards the received packets from Ethernet2/0/0 because the next hop address in the
PBR route is 151.1.1.2.

----End

Configuration Files
Configuration file of RouterA

#
sysname RouterA
#
interface Ethernet1/0/0
ip address 150.1.1.1 255.255.255.0
#
interface Ethernet2/0/0
ip address 151.1.1.1 255.255.255.0
#
ip route-static 10.1.2.0 255.255.255.0 150.1.1.2
ip route-static 10.1.2.0 255.255.255.0 151.1.1.2
#
policy-based-route lab1 permit node 10
if-match packet-length 64 1400
apply ip-address next-hop 150.1.1.2
policy-based-route lab1 permit node 20
if-match packet-length 1401 1500
apply ip-address next-hop 151.1.1.2
#
ip local policy-based-route lab1

Configuration file of RouterB

#
sysname RouterB
#
interface Ethernet1/0/0
ip address 150.1.1.2 255.255.255.0
#
interface Ethernet2/0/0
ip address 151.1.1.2 255.255.255.0
#
ip route-static 10.1.1.0 255.255.255.0 150.1.1.1
ip route-static 10.1.1.0 255.255.255.0 151.1.1.1

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 201


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

9 UDP Helper Configuration

About This Chapter

This chapter describes the principle and configuration of UDP helper, and provides configuration
examples.

9.1 UDP Helper Overview


This section describes the principle of UDP helper.
9.2 UDP Helper Features Supported by the AR150/200
This section describes the UDP helper features supported by the AR150/200.
9.3 Configuring UDP Helper
This section describes how to configure UDP helper to relay broadcast packets with a specified
UDP port.
9.4 Maintaining UDP Helper
This section describes how to maintain UDP helper.
9.5 Configuration Examples
This section provides a UDP helper configuration example.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 202


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

9.1 UDP Helper Overview


This section describes the principle of UDP helper.

A host on an intranet needs to obtain the configuration from a server by sending broadcast packets
such as UDP broadcast packets. If the host and the server are located in different broadcast
domains, broadcast packets cannot reach the server and the host cannot obtain the configuration
from the server.

The AR150/200 provides the UDP Helper function to solve this problem. It can relay broadcast
packets with specified UDP ports by converting broadcast packets into unicast packets and
sending the unicast packets to the specified destination server.

9.2 UDP Helper Features Supported by the AR150/200


This section describes the UDP helper features supported by the AR150/200.

After UDP helper is enabled on the AR150/200, the AR150/200 relays broadcast packets with
the default UDP ports to corresponding destination servers. Table 9-1 lists the default UDP
ports. Other UDP ports must be configured manually after UDP helper is enabled.

Table 9-1 List of default UDP ports

Protocol UDP Port Number

Trivial File Transfer 69


Protocol (TFTP)

Domain Name 53
System (DNS)

Time Service 37

NetBIOS Name 137


Service (NetBIOS-
NS)

NetBIOS Datagram 138


Service (NetBIOS-
DS)

Terminal Access 49
Controller Access
Control System
(TACACS)

The UDP helper function cannot relay Dynamic Host Configuration Protocol (DHCP) messages,
so the destination port numbers cannot be set to 67 or 68. To relay DHCP messages, enable the
DHCP relay function.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 203


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

9.3 Configuring UDP Helper


This section describes how to configure UDP helper to relay broadcast packets with a specified
UDP port.

9.3.1 Establishing the Configuration Task


Before configuring UDP helper, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the data required for the configuration. This will help
you complete the configuration task quickly and accurately.

Applicable Environment
A host on an intranet needs to obtain the configuration from a server by sending broadcast packets
such as UDP broadcast packets. If the host and the server are located in different broadcast
domains, broadcast packets cannot reach the server and the host cannot obtain the configuration
from the server.
The AR150/200 provides the UDP Helper function to solve this problem. It can relay broadcast
packets with specified UDP ports by converting broadcast packets into unicast packets and
sending the unicast packets to the specified destination server.

Pre-configuration Tasks
Before configuring UDP helper, complete the following task:
l Configuring a reachable route from the AR150/200 to the destination server

Data Preparation
To configure UDP helper, you need the following data.

No. Data

1 (Optional) UDP ports of packets need to be


relayed

2 Interface that relays packets of UDP ports and


IP address of the destination server

9.3.2 Enabling UDP Helper


This section describes how to enable UDP helper.

Context
After UDP helper is enabled, the Router checks the destination UDP port of a received broadcast
packet and determines whether to relay the packet:
l If the packet destination UDP port number is the same as the specified UDP port number
and the destination MAC address is a broadcast MAC address, the Router changes the

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 204


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

destination IP address in the IP packet header and sends the packet to a specified destination
server.
l If the destination UDP port number of packets is different from the specified UDP port
number, the Router discards the packet.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
udp-helper enable

UDP helper is enabled.

----End

9.3.3 (Optional) Configuring a UDP Port for Packets to Be Relayed


This section describes how to configure a UDP port for packets to be relayed.

Prerequisites
UDP helper has been enabled.

Context
After the UDP helper function is enabled, the AR150/200 relays broadcast packets with UDP
ports 37, 49, 53, 69, 137, and 138 by default. If the port number that needs to be configured is
in the range of default UDP port numbers, you can skip this configuration procedure.

The AR150/200 does not relay DHCP messages with UDP ports 67 or 68.

Perform the following operations on the AR150/200.

Procedure
Step 1 Run:
system-view

The system view is displayed.

Step 2 Run:
udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp |
time }

The UDP port of packets to be relayed is configured.

----End

9.3.4 Configuring a Destination Server


This section describes how to configure a destination server.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 205


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed.


Step 2 Run:
interface interface-type interface-number

The interface view is displayed.


The interface must be a VLANIF interface.
Step 3 Run:
udp-helper server ip-address

A destination server is configured.


After UDP helper is enabled, the interface forwards a received packet to the specified destination
server if the destination UDP port of the packet received by an interface is the same as the
specified UDP port.

----End

9.3.5 Checking the Configuration

Procedure
l Run the display udp-helper server command to check the numbers of the interfaces that
have relayed UDP packets, IP addresses of destination servers, and the number of forwarded
UDP packets.
l Run the display udp-helper port command to check the UDP port numbers of the packets
that need to be relayed.
----End

Example
# Run the display udp-helper server command to view UDP helper information.
<Huawei> display udp-helper server
Server-interface Server-Ip packet-num
------------------------------------------------------------------------
Vlanif20 1.1.1.2 0
Ethernet1/0/0.1 192.168.1.200 0

# Run the display udp-helper port command to view the UDP port numbers of the packets that
need to be relayed.
<Huawei> display udp-helper port
Udp-Port-Number Description
-------------------------------------------------------------
1 TCP Port Service Multiplexer
37 Time
49 Login Host Protocol
53 Domain Name Server
69 Trivial File Transfer
137 NETBIOS Name Service
138 NETBIOS Datagram Service

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 206


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

9.4 Maintaining UDP Helper


This section describes how to maintain UDP helper.

9.4.1 Clearing the UDP Helper Statistics

Context

CAUTION
UDP helper statistics cannot be restored after being cleared. Exercise caution when you run the
reset udp-helper packet command.

Procedure
Step 1 Run the reset udp-helper packet command in the user view to clear UDP helper statistics.

----End

9.5 Configuration Examples


This section provides a UDP helper configuration example.

9.5.1 Example for Configuring UDP Helper


Networking Requirements
As shown in Figure 9-1, the IP address of VLANIF 100 on the Router is 10.110.1.1/16; the IP
address of the NetBIOS-NS name server is 10.2.1.1/16. The Router and the NetBIOS-NS name
server are in different network segments, and there is a reachable route between the Router and
the NetBIOS-NS name server.
The Router is configured to forward broadcast packets with destination UDP port number 137
and destination IP addresses 255.255.255.255 and 10.110.255.255 to the NetBIOS-NS name
server. When the Router receives a broadcast NetBIOS-NS Register packet, it changes the
destination IP address to the IP address of the NetBIOS-NS name server and forwards the packet
to the NetBIOS-NS name server.

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 207


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

Figure 9-1 Network diagram for configuring UDP helper

Internet

NETBIOS-NS
Name Server
Ethernet0/0/0
10.2.1.1/16
VLANIF100
10.110.1.1/16
Router

PC1 PC2

Configuration Roadmap
The configuration roadmap is as follows:

1. Enable UDP helper on the Router.


2. Create a VLAN and a VLANIF interface, configure an IP address for the VLANIF interface,
and configure the destination server to which UDP packets will be relayed on the VLANIF
interface.
NOTE

After UDP helper is enabled on the Router, the Router forwards broadcast packets with destination UDP port
137 by default. The UDP port number, therefore, does not need to be configured here.

Data Preparation
To complete the configuration, you need the following data:

l VLANIF interface from which UDP packets will be relayed


l IP address of the destination server

Procedure
Step 1 Enable UDP helper.
<Huawei> system-view
[Huawei] sysname Router
[Router] udp-helper enable

Step 2 Add Ethernet0/0/0 to VLAN 100.


[Router] vlan 100
[Router-Vlan100] quit
[Router] interface ethernet 0/0/0
[Router-Ethernet0/0/0] port hybrid pvid vlan 100

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 208


Copyright © Huawei Technologies Co., Ltd.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 9 UDP Helper Configuration

[Router-Ethernet0/0/0] port hybrid untagged vlan 100


[Router-Ethernet0/0/0] quit

Step 3 Configure a destination server.


[Router] interface vlanif 100
[Router-Vlanif100] ip address 10.110.1.1 16
[Router-Vlanif100] udp-helper server 10.2.1.1
[Router-Vlanif100] quit
[Router] quit

Step 4 Verify the configuration.


The destination server configured on VLANIF 100 is the NetBIOS-NS name server.
<Router> display udp-helper server
Server-interface Server-Ip packet-num
Vlanif100 10.2.1.1 0

----End

Configuration Files
Configuration file of the Router

#
sysname Router
#
udp-helper enable
#
vlan batch 100
#
interface Ethernet0/0/0
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Vlanif100
ip address 10.110.1.1 255.255.0.0
udp-helper server 10.2.1.1
#
return

Issue 02 (2012-03-30) Huawei Proprietary and Confidential 209


Copyright © Huawei Technologies Co., Ltd.