Configuration Guide - IP Service(V100R006C00_01)Huawei

Quidway S7700 Smart Routing SwitchV100R006C00

Configuration Guide - IP Service

Issue 01

Date 2011-07-15

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 01 (2011-07-15) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

About This Document

Intended AudienceThis document describes the configurations of the IP services of the S7700, including the basicknowledge and configurations of secondary IP addresses, DHCP, DHCPv6, IP performance, IPunicast policy-based routing, UDP Helper, basic IPv6 functions, IPv6 over IPv4 tunnels, IPv4over IPv6 tunnels, and IP sessions. By reading this document, you can learn the concepts andconfiguration procedures of IP services.

This document is intended for:

l Policy planning engineers

l Installation and commissioning engineers

l NM configuration engineers

l Technical support engineers

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

DANGERIndicates a hazard with a high level of risk, which if notavoided, will result in death or serious injury.

WARNINGIndicates a hazard with a medium or low level of risk, whichif not avoided, could result in minor or moderate injury.

CAUTIONIndicates a potentially hazardous situation, which if notavoided, could result in equipment damage, data loss,performance degradation, or unexpected results.

TIP Indicates a tip that may help you solve a problem or savetime.

NOTE Provides additional information to emphasize or supplementimportant points of the main text.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service About This Document


ii

Command ConventionsThe command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated byvertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated byvertical bars. One item is selected or no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated byvertical bars. A minimum of one item or a maximum of allitems can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated byvertical bars. Several items or no item can be selected.

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Change HistoryUpdates between document issues are cumulative. Therefore, the latest document issue containsall changes made in previous issues.

Changes in Issue 01 (2011-07-15)Initial commercial release.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service About This Document


iii

Contents

About This Document.....................................................................................................................ii

1 IP Addresses Configuration........................................................................................................11.1 Introduction to IP Addresses..............................................................................................................................21.2 Features of IP Addresses Supported by the S7700.............................................................................................21.3 Configuring IP Addresses for Interfaces............................................................................................................3

1.3.1 Establishing the Configuration Task.........................................................................................................31.3.2 Configuring a Primary IP Address for an Interface...................................................................................31.3.3 (Optional) Configuring a Secondary IP Address for an Interface.............................................................41.3.4 Checking the Configuration.......................................................................................................................4

1.4 Configuring IP Address Unnumbered for Interfaces..........................................................................................51.4.1 Establishing the Configuration Task.........................................................................................................51.4.2 Configuring the Primary IP Address of the Interface That Lends an IP Address.....................................61.4.3 Configuring an Interface That Borrows an IP Address from Another Interface.......................................61.4.4 Checking the Configuration.......................................................................................................................7

1.5 Configuration Examples.....................................................................................................................................71.5.1 Example for Setting Primary and Secondary IP Addresses......................................................................71.5.2 Example for Configuring a Tunnel Interface to Borrow the IP Address of a Loopback Interface...........9

2 ARP Configuration......................................................................................................................122.1 Overview of ARP.............................................................................................................................................142.2 Features of ARP Supported by the S7700........................................................................................................142.3 Configuring Static ARP....................................................................................................................................16

2.3.1 Establishing the Configuration Task.......................................................................................................172.3.2 Configuring Common Static ARP Entries...............................................................................................172.3.3 Configuring Static ARP Entries in a VLAN...........................................................................................182.3.4 Configuring Static ARP Entries in a VPN Instance................................................................................192.3.5 Checking the Configuration.....................................................................................................................19

2.4 Optimizing Dynamic ARP................................................................................................................................202.4.1 Establishing the Configuration Task.......................................................................................................202.4.2 Modify the aging parameters of dynamic ARP.......................................................................................202.4.3 Enabling ARP Suppression Function......................................................................................................212.4.4 Enabling Layer 2 Topology Detection Function.....................................................................................212.4.5 Checking the Configuration.....................................................................................................................22

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service Contents


iv

2.5 Configuring Routed Proxy ARP.......................................................................................................................222.5.1 Establishing the Configuration Task.......................................................................................................222.5.2 Configure an IP Addresses for the Interface............................................................................................232.5.3 Enabling the Routed Proxy ARP Function..............................................................................................232.5.4 Checking the Configuration.....................................................................................................................24

2.6 Configuring Proxy ARP Within a VLAN........................................................................................................242.6.1 Establishing the Configuration Task.......................................................................................................242.6.2 Configure an IP Addresses for the Interface............................................................................................252.6.3 Enabling Proxy ARP Within a VLAN....................................................................................................252.6.4 Checking the Configuration.....................................................................................................................26

2.7 Configuring Proxy ARP Between VLANs.......................................................................................................262.7.1 Establishing the Configuration Task.......................................................................................................262.7.2 Configuring an IP Addresses for the Interface........................................................................................272.7.3 Enabling Proxy ARP Between VLANs...................................................................................................272.7.4 Checking the Configuration.....................................................................................................................28

2.8 Configuring ARP-Ping IP.................................................................................................................................282.8.1 Establishing the Configuration Task.......................................................................................................282.8.2 Detecting the IP Address by Using the arp-ping ip Command...............................................................29

2.9 Configuring ARP-Ping MAC...........................................................................................................................292.9.1 Establishing the Configuration Task.......................................................................................................292.9.2 Detecting the MAC Address by Using the arp-ping mac Command......................................................30

2.10 Maintaining ARP............................................................................................................................................302.10.1 Clearing ARP Entries............................................................................................................................312.10.2 Monitoring Network Operation Status of ARP.....................................................................................312.10.3 Debugging ARP.....................................................................................................................................31

2.11 Configuration Examples.................................................................................................................................322.11.1 Example for Configuring ARP..............................................................................................................322.11.2 Example for Configuring Routed Proxy ARP.......................................................................................352.11.3 Example for Configuring Intra-VLAN Proxy ARP..............................................................................372.11.4 Example for Configuring Inter-VLAN Proxy ARP..............................................................................392.11.5 Example for Configuring Layer 2 Topology Detection........................................................................42

3 DHCP Configuration..................................................................................................................453.1 Introduction to DHCP.......................................................................................................................................463.2 DHCP Features Supported by the S7700.........................................................................................................463.3 Configuring the DHCP Server Based on the Global Address Pool..................................................................48

3.3.1 Establishing the Configuration Task.......................................................................................................483.3.2 Configuring an Interface to Use Global Address Pool............................................................................503.3.3 Configuring Address Allocation Mode for Global Address Pool...........................................................513.3.4 (Optional) Configuring DNS for Global Address Pool...........................................................................523.3.5 (Optional) Configuring NetBIOS for Global Address Pool....................................................................533.3.6 (Optional) Configuring the Customized DHCP Option for the Global Address Pool............................543.3.7 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................55



v

3.3.8 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................553.3.9 Checking the Configuration.....................................................................................................................56

3.4 Configuring the DHCP Server Based on the VLANIF Interface Address Pool...............................................573.4.1 Establishing the Configuration Task.......................................................................................................573.4.2 Configuring Address Allocation Mode for Interface Address Pool........................................................593.4.3 (Optional) Configuring the DNS Service of the VLANIF Interface Address Pool.................................603.4.4 (Optional) Configuring the NetBIOS Service of the VLANIF Interface Address Pool..........................613.4.5 (Optional) Configuring the Customized DHCP Option of the VLANIF Interface Address Pool...........623.4.6 (Optional) Preventing Repetitive Allocation of an IP Address...............................................................623.4.7 (Optional) Configuring Automatic Saving of DHCP Data.....................................................................633.4.8 Checking the Configuration.....................................................................................................................64

3.5 Configuring the DHCP Relay Agent................................................................................................................653.5.1 Establishing the Configuration Task.......................................................................................................653.5.2 Configuring DHCP Relay on an Interface...............................................................................................663.5.3 Configuring a Destination DHCP Server Group.....................................................................................673.5.4 Binding an Interface to a DHCP Server Group.......................................................................................683.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCP Release Packet...................................693.5.6 Checking the Configuration.....................................................................................................................70

3.6 Maintaining DHCP...........................................................................................................................................713.6.1 Clearing DHCP Statistics........................................................................................................................713.6.2 Monitoring DHCP Operation..................................................................................................................71

3.7 Configuration Examples...................................................................................................................................723.7.1 Example for Configuring a DHCP Server Based on the Global Address Pool.......................................723.7.2 Example for Configuring the DHCP Server Based on the Interface Address Pool.................................753.7.3 Example for Configuring a DHCP Relay Agent.....................................................................................793.7.4 Example for Configuring a DHCP Relay Agent for VPN.......................................................................83

4 IP Session Configuration...........................................................................................................894.1 Introduction to the IP Session...........................................................................................................................904.2 IP Session Supported by the S7700..................................................................................................................904.3 Configuring IP Session.....................................................................................................................................91

4.3.1 Establishing the Configuration Task.......................................................................................................914.3.2 Enabling the IP Session Function............................................................................................................924.3.3 Binding a User Authentication Domain to a Sub-Interface.....................................................................924.3.4 (Optional) Setting the Format of DHCP User Name and the Password..................................................934.3.5 (Optional) Configuring the S7700 to Process Option Fields...................................................................944.3.6 (Optional) Setting ARP Detection Parameters........................................................................................954.3.7 (Optional) Setting the Type of a NAS Interface......................................................................................954.3.8 (Optional) Binding a VPN Instance to an Interface.................................................................................964.3.9 Checking the Configuration.....................................................................................................................96

4.4 Example for Configuring IP Session................................................................................................................974.4.1 Example for Configuring IP Session.......................................................................................................97

5 DHCPv6 Configuration............................................................................................................101



vi

5.1 Introduction to DHCPv6.................................................................................................................................1025.2 DHCPv6 Features Supported by the S7700...................................................................................................1035.3 Configuring DHCPv6 Relay...........................................................................................................................105

5.3.1 Establishing the Configuration Task.....................................................................................................1055.3.2 Enabling the DHCPv6 Relay Function..................................................................................................1055.3.3 (Optional) Configuring the Remote ID.................................................................................................1065.3.4 (Optional) Configuring Rate Limit of DHCPv6 Messages...................................................................1085.3.5 Checking the Configuration...................................................................................................................108

5.4 Maintaining DHCPv6.....................................................................................................................................1095.4.1 Clearing the Statistics About DHCPv6 Messages Passing Through the DHCP Relay Agent..............1095.4.2 Monitoring the Running Status of the DHCPv6 Relay Agent...............................................................109

5.5 Configuration Examples.................................................................................................................................1105.5.1 Example for Configuring DHCPv6 Relay.............................................................................................110

6 IP Performance Configuration................................................................................................1146.1 Introduction to IP Performance......................................................................................................................1156.2 IP Performance Supported by the S7700........................................................................................................1156.3 Optimizing IP Performance............................................................................................................................115

6.3.1 Establishing the Configuration Task.....................................................................................................1156.3.2 Enabling an Interface to Check the Source IP Addresses of Packets....................................................1166.3.3 Configuring Forcible Fragmentation of Outgoing Packets on an Interface..........................................1176.3.4 Setting ICMP Parameters......................................................................................................................1176.3.5 Setting TCP Parameters.........................................................................................................................1196.3.6 (Optional) Setting the Load Balancing Mode of IP Packet Forwarding...............................................1206.3.7 Checking the Configuration...................................................................................................................121

6.4 Maintaining IP Performance...........................................................................................................................1216.4.1 Clearing IP Performance Statistics........................................................................................................1226.4.2 Monitoring the Running Status of IP Performance...............................................................................1226.4.3 Debugging IP Performance...................................................................................................................123

6.5 Configuration Examples.................................................................................................................................1246.5.1 Example for Disabling the Sending of ICMP Redirection Packets.......................................................1246.5.2 Example for Disabling the Sending of ICMP Host Unreachable Packets.............................................1276.5.3 Example for Optimizing System Performance by Discarding Certain ICMP Packets..........................130

7 UDP Helper Configuration......................................................................................................1337.1 Introduction to UDP Helper...........................................................................................................................1347.2 UDP Helper Features Supported by the S7700..............................................................................................1347.3 Configuring UDP Helper................................................................................................................................135

7.3.1 Establishing the Configuration Task.....................................................................................................1357.3.2 Enabling the UDP Helper Function.......................................................................................................1357.3.3 Configuring the UDP Port on Which Packets Are Forwarded..............................................................1367.3.4 Configuring the Destination Server to Which Packets of the UDP Port Need to Be Forwarded..........1367.3.5 Checking the Configuration...................................................................................................................137

7.4 Maintaining UDP Helper................................................................................................................................137



vii

7.4.1 Clearing UDP Helper Statistics.............................................................................................................1377.4.2 Monitoring the Running Status of UDP Helper....................................................................................138

7.5 Configuration Examples.................................................................................................................................1387.5.1 Example for Configuring UDP Helper..................................................................................................138

8 DNS Configuration...................................................................................................................1418.1 Introduction to DNS.......................................................................................................................................1428.2 DNS Supported by the S7700.........................................................................................................................1428.3 Configuring DNS............................................................................................................................................142

8.3.1 Establishing the Configuration Task.....................................................................................................1428.3.2 Configuring Static DNS Entries............................................................................................................1438.3.3 Configuring Dynamic DNS...................................................................................................................1438.3.4 Checking the Configuration...................................................................................................................144

8.4 Maintaining DNS............................................................................................................................................1458.4.1 Clearing DNS Entries............................................................................................................................1458.4.2 Monitoring Network Operation Status of DNS.....................................................................................1468.4.3 Debugging DNS....................................................................................................................................146

8.5 Configuration Examples.................................................................................................................................1478.5.1 Example for Configuring DNS..............................................................................................................147

9 Basic Configurations of IPv6...................................................................................................1519.1 Introduction to IPv6........................................................................................................................................1529.2 IPv6 Features Supported by the S7700...........................................................................................................1529.3 Configuring an IPv6 Address for an Interface................................................................................................154

9.3.1 Establishing the Configuration Task.....................................................................................................1549.3.2 Enabling IPv6 Packet Forwarding Capability.......................................................................................1559.3.3 Configuring an IPv6 Link-Local Address for an Interface....................................................................1559.3.4 Configuring an IPv6 Global Unicast Address for an Interface..............................................................1569.3.5 Checking the Configuration...................................................................................................................157

9.4 Configuring IPv6 Neighbor Discovery...........................................................................................................1579.4.1 Establishing the Configuration Task.....................................................................................................1579.4.2 Configuring Static Neighbors................................................................................................................1589.4.3 Enabling RA Message Advertising.......................................................................................................1599.4.4 Setting the Interval for Advertising RA Messages................................................................................1599.4.5 Enabling Stateful Auto Configuration...................................................................................................1609.4.6 Configuring the Address Prefixes to Be Advertised.............................................................................1609.4.7 Configuring Other Information to Be Advertised.................................................................................1619.4.8 Checking the Configuration...................................................................................................................162

9.5 Maintaining IPv6............................................................................................................................................1639.5.1 Clearing IPv6 Statistics.........................................................................................................................1639.5.2 Monitoring the Running Status of IPv6.................................................................................................1649.5.3 Debugging IPv6.....................................................................................................................................164

9.6 Configuration Examples.................................................................................................................................1659.6.1 Example for Setting an IPv6 Address for an Interface..........................................................................165



viii

10 IPv6 DNS Configuration........................................................................................................16910.1 Introduction to IPv6 DNS.............................................................................................................................17010.2 IPv6 DNS Supported by the S7700..............................................................................................................17010.3 Configuring IPv6 DNS.................................................................................................................................170

10.3.1 Establishing the Configuration Task...................................................................................................17010.3.2 Configuring a Static IPv6 DNS Entry.................................................................................................17110.3.3 Configuring the Dynamic IPv6 DNS Services....................................................................................17110.3.4 Checking the Configuration.................................................................................................................172

10.4 Maintaining IPv6 DNS.................................................................................................................................17310.4.1 Clearing IPv6 DNS Entries..................................................................................................................17310.4.2 Monitoring Network Operation Status of IPv6 DNS..........................................................................174

10.5 Configuration Examples...............................................................................................................................17410.5.1 Example for Configuring IPv6 DNS...................................................................................................174

11 IPv6 over IPv4 Tunnel Configuration................................................................................. 17911.1 Introduction to IPv6 over IPv4.....................................................................................................................18011.2 IPv6 over IPv4 Supported by the S7700......................................................................................................18011.3 Configuring IPv4/IPv6 Dual Stacks.............................................................................................................185

11.3.1 Establishing the Configuration Task...................................................................................................18511.3.2 Enabling IPv6 Packet Forwarding.......................................................................................................18611.3.3 Configuring IPv4 and IPv6 Addresses for the Interface......................................................................18711.3.4 Checking the Configuration.................................................................................................................188

11.4 Configuring an IPv6 over IPv4 Tunnel........................................................................................................18811.4.1 Establishing the Configuration Task...................................................................................................18811.4.2 Enabling the Service Loopback Function on an Eth-Trunk Interface.................................................18811.4.3 Configuring an IPv6 over IPv4 Manual Tunnel..................................................................................18911.4.4 Configuring a 6to4 Tunnel..................................................................................................................19011.4.5 Configuring an ISATAP Tunnel..........................................................................................................19111.4.6 Configuring Routes in the Tunnel.......................................................................................................19211.4.7 Checking the Configuration.................................................................................................................193

11.5 Configuring 6PE...........................................................................................................................................19311.5.1 Establishing the Configuration Task...................................................................................................19311.5.2 Configuring IPv4/IPv6 Dual Protocol Stacks......................................................................................19411.5.3 Configuring MPLS..............................................................................................................................19511.5.4 Enabling 6PE Peer...............................................................................................................................19611.5.5 Checking the Configuration.................................................................................................................196

11.6 Maintaining IPv6 over IPv4 Tunnels............................................................................................................19711.6.1 Monitoring the Running Status of IPv6 over IPv4 Tunnel..................................................................19711.6.2 Debugging IPv6 over IPv4 Tunnel......................................................................................................197

11.7 Configuration Examples...............................................................................................................................19811.7.1 Example for Configuring an IPv6 over IPv4 Tunnel Manually..........................................................19811.7.2 Example for Configuring a 6to4 Tunnel..............................................................................................20311.7.3 Example for Configuring a 6to4 Relay................................................................................................207



ix

11.7.4 Example for Configuring an ISATAP Tunnel.....................................................................................21111.7.5 Example for Configuring 6PE.............................................................................................................214

12 IPv4 over IPv6 Tunnel Configuration.................................................................................22212.1 Introduction to IPv4 over IPv6.....................................................................................................................22312.2 IPv4 over IPv6 Supported by the S7700......................................................................................................22312.3 Configuring an IPv4 over IPv6 Tunnel........................................................................................................224

12.3.1 Establishing the Configuration Task...................................................................................................22412.3.2 Configuring a Tunnel Interface...........................................................................................................22412.3.3 Configuring Routes in the Tunnel.......................................................................................................22512.3.4 Checking the Configuration.................................................................................................................226

12.4 Maintaining IPv4 over IPv6 Tunnels............................................................................................................22712.4.1 Monitoring the Operation Status of IPv4 over IPv6 Tunnel...............................................................22712.4.2 Debugging IPv4 over IPv6 Tunnel......................................................................................................227

12.5 Configuration Examples...............................................................................................................................22812.5.1 Example for Configuring an IPv6 over IPv4 Tunnel..........................................................................228



x

1 IP Addresses Configuration

About This Chapter

By assigning IP addresses to network devices, you can enable data communications betweenthe network devices.

1.1 Introduction to IP AddressesIP is the core of the TCP/IP protocol suite. The packets of the Transmission Control Protocol(TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and InternetGroup Membership Protocol (IGMP) are all transmitted in the format of IP datagrams. Deviceson different networks communicate with each other using their network layer addresses, namelyIP addresses.

1.2 Features of IP Addresses Supported by the S7700IP addresses can be obtained through static manual configuration or borrowing.

1.3 Configuring IP Addresses for InterfacesAssigning an IP address to a device on a network enables the device to communicate with theother devices on the network.

1.4 Configuring IP Address Unnumbered for InterfacesIP address unnumbered refers to the situation that an interface that is not assigned an IP addressobtains an IP address by borrowing an IP address from another interface.

1.5 Configuration ExamplesThis section provides several examples of IP address configuration.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 1 IP Addresses Configuration


1

1.1 Introduction to IP AddressesIP is the core of the TCP/IP protocol suite. The packets of the Transmission Control Protocol(TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and InternetGroup Membership Protocol (IGMP) are all transmitted in the format of IP datagrams. Deviceson different networks communicate with each other using their network layer addresses, namelyIP addresses.

To communicate with each other on Internet Protocol (IP) networks, each host must be assignedan IP address.

An IP address is a 32-bit number that is composed of two parts, namely, the network ID andhost ID.

The network ID identifies a network and the host ID identifies a host on the network. If thenetwork IDs of hosts are the same, it indicates that the hosts are on the same network regardlessof their physical locations.

1.2 Features of IP Addresses Supported by the S7700IP addresses can be obtained through static manual configuration or borrowing.

The S7700 supports IP address configuration through the following methods:

l Manually configuring an IP address for an interface

l Borrowing an IP address from other interfaces

The S7700 supports the space overlapping of network segment addresses to save the addressspace.

l Different IP addresses in the overlapped network segments but not same can be configuredon different interfaces of the same device. For example, after an interface on a device isconfigured with the IP address 20.1.1.1/16, if another interface is configured with the IPaddress 20.1.1.2/24, the system prompts a message. However, the configuration is stillsuccessful; if another interface is configured with the IP address 20.1.1.2/16, the systemprompts an IP address conflict. The configuration fails.

l The primary IP address and the secondary IP address in the overlapped network segmentsbut not same can be configured on the same interface. For example, after the interface isconfigured with a primary IP address 20.1.1.1/24, if the secondary IP address is 20.1.1.2/16sub, the system prompts a message. However, the configuration is still successful.

l The primary IP address and the secondary IP address in the overlapped network segmentsbut not same can be configured on different interfaces of the same device. However, theprimary IP address and the secondary IP address cannot be the same. For example, after aninterface on a device is configured with the IP address 20.1.1.1/16, if another interface isconfigured with the IP address 20.1.1.2/24 sub, the system prompts a message. However,the configuration is still successful.

The S7700 supports 31-bit IP address masks. Therefore, there are only two IP addresses in anetwork segment, that is, the network address and broadcast address. The two IP addresses canbe used as host addresses.



2

1.3 Configuring IP Addresses for InterfacesAssigning an IP address to a device on a network enables the device to communicate with theother devices on the network.

1.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for assigning an IP address to an interface.

Applicable Environment

To start IP services on an interface, configure the IP address for the interface. You can assignseveral IP addresses to each interface. Among them, one is the primary IP address and the othersare secondary IP addresses.

Generally, you need to configure only a primary IP address for an interface. Secondary IPaddresses, however, are required in some cases. For instance, when a device connects to aphysical network through an interface, and computers on this network belong to two Class Cnetworks, you need to configure a primary IP address and a secondary IP address for this interfaceto ensure that the device can communication with all computers on this network.

Pre-configuration Tasks

Before configuring an IP addresses for an interface, complete the following tasks:

l Configuring the physical parameters for the interface and ensuring that the physical layerstatus of the interface is Up

l Configuring the link layer parameters for the interface and ensuring that the status of thelink layer protocol on the interface is Up

Data Preparation

To configure IP addresses for an interface, you need the following data.

No. Data

1 Interface number

2 Primary IP address and subnet mask of the interface

3 (Optional) Secondary IP address and subnet mask of the interface

1.3.2 Configuring a Primary IP Address for an InterfaceAn interface can have only one primary IP address.



3

Procedure

Step 1 Run:system-view

The system view is displayed.

Step 2 Run:interface vlanif vlan-id

The VLANIF interface view is displayed.

Step 3 Run:ip address ip-address { mask | mask-length }

A primary IP address is configured.

An interface has only one primary IP address. If the interface already has a primary IP address,the newly configured primary IP address replaces the original one.

----End

1.3.3 (Optional) Configuring a Secondary IP Address for anInterface

To enable an interface to communicate with several networks with different network IDs, youneed to assign a secondary IP address to this interface.

Procedure





Step 3 Run:ip address ip-address { mask | mask-length } sub

A secondary IP address is configured.

You can configure a maximum of 255 secondary IP addresses on an interface.

----End

1.3.4 Checking the ConfigurationYou can view the configuration of the IP address for an interface.

PrerequisiteThe configurations of the IP addresses for the interface are complete.



4

Procedurel Run the display ip interface [ brief ] [ interface-type [ interface-number ] ] command to

check the IP configuration on the interface.

l Run the display interface [ interface-type [ interface-number ] ] command to checkinterface information.

----End

1.4 Configuring IP Address Unnumbered for InterfacesIP address unnumbered refers to the situation that an interface that is not assigned an IP addressobtains an IP address by borrowing an IP address from another interface.

1.4.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring IP address unnumbered.


To save IP address resources in some cases, configure the IP address unnumbered on theinterface. You can also perform this configuration for an interface that is occasionally used ratherthan making the interface occupy an IP address constantly.

Restrictions on configuring IP address unnumbered on an interface are as follows:

l The interface of IP address borrower can not be an Ethernet interface.

l The interface of IP address lender cannot be IP address from other.

l Multiple interfaces can borrow the IP address from the interface of IP address lender.

l If the interface of IP address lender has multiple IP addresses, the IP address lender canonly be the primary IP address.

l If the interface of IP address borrower borrows an IP address from the interface with no IPaddress, the IP address borrower gets the IP adderss 0.0.0.0.

l The IP address of the virtual loopback interface can be borrowed by other interfaces. Theloopback interface, however, cannot borrow the IP address from other interfaces.


Before configuring IP address unnumbered on an interface, complete the following tasks:

l Configuring physical attributes for the IP address borrower and lender

l Configuring link layer protocols for the IP address borrower and lender

Data Preparation

To configure IP address unnumbered on an interface, you need the following data.



5

No. Data

1 Number, IP address, and mask of the interface that lends the IP address to otherinterfaces

2 Number of the interface that borrows an IP address from another interface

1.4.2 Configuring the Primary IP Address of the Interface ThatLends an IP Address

Only the primary IP address of an interface can be borrowed.

Procedure






The primary IP address of the interface is configured.

----End

1.4.3 Configuring an Interface That Borrows an IP Address fromAnother Interface

An Ethernet interface cannot borrow the IP address of another interface.

Procedure



Step 2 Run:interface tunnel interface-number

The TUNNEL interface view is displayed.

Step 3 Run:ip address unnumbered interface interface-type interface-number

The interface is configured to borrow an IP address from the specified interface.

----End



6

1.4.4 Checking the ConfigurationYou can view the borrowed IP address of an interface.

PrerequisiteThe configurations of IP address unnumbered are complete.

Procedurel Run the display ip interface [ brief ] [ interface-type [ interface-number ] ] command to

check the IP configuration on the interface.l Run the display interface [ interface-type [ interface-number ] ] command to check

interface information.

----End

1.5 Configuration ExamplesThis section provides several examples of IP address configuration.

1.5.1 Example for Setting Primary and Secondary IP AddressesThis section provides a configuration example of setting primary and secondary IP addresses.

Networking RequirementsAs shown in Figure 1-1, GigabitEthernet 1/0/1 of the Switch is connected to a LAN, in whichhosts belong to two different network segments, that is 172.16.1.0/24 and 172.16.2.0/24. It isrequired that the Switch can access the two network segments but the host in 172.16.1.0/24cannot interconnect with the host in 172.16.2.0/24.

Figure 1-1 Networking diagram for setting IP addresses

172.16.1.0/24

172.16.2.0/24

Switch

GE 1/0/1VLANIF 100

172.16.1.1/24172.16.2.1/24 sub



7

Configuration Roadmap

The configuration roadmap is as follows:

1. Analyze the address of the network segment to which each interface is connected.

2. Set the secondary IP addresses for an interface.

NOTE

Note that the primary and secondary IP addresses of the same interface or different secondary IP addressesof the same interface cannot be in the same network segment.

Data Preparation

To complete the configuration, you need the following data.

l Primary IP address and subnet mask of the interface

l Secondary IP address and subnet mask of the interface

Procedure

Step 1 Set the IP address for VLANIF 100 where GigabitEthernet 1/0/1 of the Switch belongs.<Quidway> system-view[Quidway] vlan 100[Quidway-Vlan100] quit[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 100[Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 100[Quidway-GigabitEthernet1/0/1] quit[Quidway] interface vlanif 100[Quidway-Vlanif100] ip address 172.16.1.1 24[Quidway-Vlanif100] ip address 172.16.2.1 24 sub

Step 2 Verify the configuration.

# Ping a host on network segment 172.16.2.0 from Switch. The ping succeeds.

<Quidway> ping 172.16.1.2PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128 time=26 ms --- 172.16.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 25/26/27 ms

Ping a host on network segment 172.16.2.0 from the Switch. The ping succeeds.

<Quidway> ping 172.16.2.2 PING 172.16.2.2: 56 data bytes, press CTRL_C to break Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25 ms Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26 ms --- 172.16.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received



8

0.00% packet loss round-trip min/avg/max = 25/25/26 ms

----End

Configuration FilesConfiguration file of the Switch

# sysname Quidway# vlan 100#interface Vlanif100 ip address 172.16.1.1 255.255.255.0 ip address 172.16.2.1 255.255.255.0 sub#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#return

1.5.2 Example for Configuring a Tunnel Interface to Borrow the IPAddress of a Loopback Interface

This section provides a configuration example of tunnel interface borrowing the IP address ofa Loopback interface.

Networking RequirementsAs shown in Figure 1-2, Tunnel 3/0/15 of Switch A is connected to Switch C through a tunnel.Tunnel 3/0/15 of Switch A is rarely used. To save IP addresses, configure Tunnel 3/0/15 ofSwitch A to borrow the IP address of Loopback0 of Switch A. Tunnel 3/0/15 of Switch C borrowsthe IP address of Loopback0 of Switch C.

Figure 1-2 Networking diagram for configuring a tunnel interface to borrow an IP address of aloopback interface

LoopBack 0

9.9.9.9/32

SwitchB

SwitchA SwitchC

Tunnel

PC 1 PC 2

Loop

Bac

k 0

116.

116.

116.

116/

32

Tunnel 3/0/15 Tunnel 3/0/15



9

Configuration RoadmapThe configuration roadmap is as follows:

l Set addresses of the Loopback0 interfaces of Switch A and Switch C.l Configure OSPF.l Configure Tunnel 3/0/15 of Switch A to borrow the IP address of Loopback0.l Configure Tunnel 3/0/15 of Switch C to borrow the IP address of Loopback0.

Data PreparationTo complete the configuration, you need the following data.

l IP address for Loopback0 of Switch Al IP address for Loopback0 of Switch Cl Index for Loopback0 of Switch Al Index for Loopback0 of Switch C

Procedure

Step 1 # Configure Switch A.

# Set an IP address for Loopback0 of Switch A.

<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] interface loopback 0[SwitchA-LoopBack0] ip address 116.116.116.116 32[SwitchA-LoopBack0] quit

Configure OSPF.

[SwitchA] ospf[SwitchA-ospf-1] area 0[SwitchA-ospf-1-area-0.0.0.0] network 116.116.116.116 0.0.0.0[SwitchA-ospf-1-area-0.0.0.0] quit[SwitchA-ospf-1] quit

# Configure Tunnel 3/0/15 to borrow the IP address of Loopback0.

[SwitchA] interface tunnel 3/0/15[SwitchA-Tunnel3/0/15] ip address unnumbered interface loopback 0[SwitchA-Tunnel3/0/15] quit

Step 2 Configure Switch C. The configuration procedure is the same as the configuration procedure ofSwitch A.


# Ping 9.9.9.9 on Switch A.

[SwitchA] ping 9.9.9.9 PING 9.9.9.9: 56 data bytes, press CTRL_C to break Reply from 9.9.9.9: bytes=56 Sequence=1 ttl=255 time=2 ms Reply from 9.9.9.9: bytes=56 Sequence=2 ttl=255 time=3 ms Reply from 9.9.9.9: bytes=56 Sequence=3 ttl=255 time=3 ms Reply from 9.9.9.9: bytes=56 Sequence=4 ttl=255 time=3 ms Reply from 9.9.9.9: bytes=56 Sequence=5 ttl=255 time=3 ms

--- 9.9.9.9 ping statistics --- 5 packet(s) transmitted



10

5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms

----End

Configuration Filesl Configuration file of Switch A

# sysname SwitchA#interface LoopBack0 ip address 116.116.116.116 255.255.225.255#interface Tunnel3/0/15 ip address unnumbered interface LoopBack0#ospf 1 area 0.0.0.0 network 116.116.116.116 0.0.0.0#return

l Configuration file of Switch C# sysname SwitchC#interface LoopBack0 ip address 9.9.9.9 255.255.225.255#interface Tunnel3/0/15 ip address unnumbered interface LoopBack0#ospf 1 area 0.0.0.0 network 9.9.9.9 0.0.0.0#return



11

2 ARP Configuration

About This Chapter

ARP can map an IP address to a MAC address and implements transmission of Ethernet frames.

2.1 Overview of ARPAn Ethernet device must support ARP. ARP implements dynamic mapping between Layer 3 IPaddresses and Layer 2 MAC addresses.

2.2 Features of ARP Supported by the S7700ARP can operate in either of two modes: static and dynamic. The extensions of ARP includeproxy ARP, gratuitous ARP, and ARP-Ping.

2.3 Configuring Static ARPStatic ARP indicates that there is a fixed mapping between an IP address and a MAC address.Static ARP needs to be configured by an administrator.

2.4 Optimizing Dynamic ARPIf dynamic ARP is configured, the system automatically resolutes an IP address into an EthernetMAC address.

2.5 Configuring Routed Proxy ARPProxy ARP enables devices whose IP addresses belong to the same network segment butdifferent physical networks to communicate with each other.

2.6 Configuring Proxy ARP Within a VLANBy configuring proxy ARP on a VLAN, you can interconnect isolated hosts on a VLAN.

2.7 Configuring Proxy ARP Between VLANsBy configuring inter-VLAN proxy ARP, you can interconnect hosts on different VLANs.

2.8 Configuring ARP-Ping IPARP-Ping IP is a method of detecting whether an IP address is used by another device on a localarea network (LAN) by sending ARP packets.

2.9 Configuring ARP-Ping MACARP-Ping MAC is a method of detecting whether a MAC address is used by another device ona LAN by sending ICMP packets.

2.10 Maintaining ARP

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 2 ARP Configuration


12

The operations of ARP maintenance include clearing ARP statistics and monitoring ARPoperating status.

2.11 Configuration ExamplesThis section provides several configuration examples of ARP.



13

2.1 Overview of ARPAn Ethernet device must support ARP. ARP implements dynamic mapping between Layer 3 IPaddresses and Layer 2 MAC addresses.

Each host or device on the Local Area Network (LAN) can be configured a 32-bit IP address tocommunicate with others. The assigned IP address is independent of the hardware address.

On the Ethernet, a host or a device transmits and receives Ethernet frames according to a 48-bitMedium Access Control (MAC) address. The MAC address is also called the physical addressor the hardware address, which is assigned to an Ethernet interface when equipment is produced.Therefore, on an interconnected network, an address resolution mechanism is required to providethe mapping between MAC addresses and IP addresses.

The Address Resolution Protocol (ARP) maps an IP address to the corresponding MAC address.

2.2 Features of ARP Supported by the S7700ARP can operate in either of two modes: static and dynamic. The extensions of ARP includeproxy ARP, gratuitous ARP, and ARP-Ping.

ARP is only used in the IPv4 environment and can only run on Ethernet links.

Introduction to ARP-PingARP-Ping consists of ARP-Ping IP and ARP-Ping MAC. ARP-Ping is developed to maintainthe deployed Layer 2 features.

Introduction to ARP-Ping IPARP-Ping IP uses ARP packets to check whether an IP address is used by another device on theLAN.

Before configuring an IP address for a device, you need to check that this IP address is not usedby another device on the network by sending the ARP packets. Then, you can take appropriateactions.

You can also run the ping command to check whether the IP address is used by another deviceon the network. If enabled with the firewall function that does not reply to Ping packets, thedestination host and device do not reply to Ping packets and think that the IP address is not inuse. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall. Inthis way, the preceding situation does not occur.

Principles of ARP-Ping IPARP-Ping IP sends ARP Request packets. The following describes how to implement ARP-PingIP:

1. After setting the specified IP address through command lines, you can send ARP Requestpackets and start the timeout timer.

2. After receiving an ARP Request packet, each device or host on the LAN replies with anARP Reply packet.



14

3. After receiving the ARP Reply packet, the source device compares the source IP addresscontained in the Reply packet with the IP address input in the command line. If they areconsistent, the MAC address corresponding to the input IP address is displayed and thetimeout timer of ARP Reply packets is disabled. The operation finishes.If the timeout timer of ARP Reply packets times out, it means that the IP address is not inuse.

As shown in Figure 2-1, Switch A and Gigabitethernet A are directly connected. You can runthe arp-ping ip command on Switch A to check whether the IP address 10.1.1.2 is in use.

Figure 2-1 Implementation procedure of ARP-Ping IP

Host B10.1.1.3/32

Host A10.1.1.2/32

GE1/0/010.1.1.1/24

SwitchA

Gigabitethernet A

Run the arp-ping ip 10.1.1.2 command on Switch A. After receiving the ARP Reply packetfrom Host A 10.1.1.2 on the network, Switch A displays the MAC address of Host A.Switch Adisplays the MAC address of Node B.

Through the command output, you can know whether the IP address is used by another host onthe network.

NOTE

Introduction to ARP-Ping MAC

ARP-Ping MAC uses ICMP packets to check whether a MAC address is used by another deviceon the LAN.

When you know a specific MAC address on a network segment but do not know thecorresponding IP address, you can obtain the IP address corresponding to the MAC address bysending the broadcast Internet Control Messages Protocol (ICMP) packets through ARP-PingMAC. In this way, you can query the IP address corresponding to the specific MAC address onthe network segment.

Principles of ARP-Ping MAC

ARP-Ping MAC sends broadcast ICMP Echo Request packets. The following describes how toimplement ARP-Ping MAC:

1. After setting the specified MAC address through the command line, you can send broadcastICMP Echo Request packets and start the timeout timer.



15

2. After receiving an ICMP Echo Request packet, each device or host on the LAN replies withan ICMP Echo Reply packet.

3. After receiving the ICMP Echo Reply packet, the source device compares the source MACaddress contained in the Echo Reply packet with the MAC address input in the commandline. If they are consistent, the IP address of the Echo Reply packet is displayed. Then thesource device prompts you that the MAC address is in use and disables the timeout timer.The operation finishes.

If the timeout timer of the ICMP Echo Reply packets times out, it means that the MACaddress is not in use.

NOTE

If the system denies the request for replying with the network segment address, the sender cannot receivethe ICMP Echo Reply packet.

As shown in Figure 2-2, Switch A and Gigabitethernet A are directly connected. You can runthe arp-ping mac command on Switch A to check whether the MAC address 0013-46E7-2EF5is in use.

Figure 2-2 Implementation procedure of ARP-Ping MAC

Host A0013-46E7-2EF5

GE1/0/010.1.1.1/24

SwitchA

Gigabitethernet A

The following describes how to implement ARP-Ping MAC on Switch A:

Run the arp-ping mac 0013-46E7-2EF5 10.1.1.0 or arp-ping mac 0013-46E7-2EF5gigabitethernet 1/0/0 command on Switch A. After receiving the ICMP Reply packets repliedby all the hosts on the network, Switch A displays the IP address of the host with the MACaddress 0013-46E7-2EF5.

Through the command output, you can obtain the IP address corresponding to the MAC address.

NOTE

The arp-ping mac command is applicable to the outgoing interface in one of the following types: theEthernet interface, Gigabit Ethernet interface, Eth-Trunk interface, and VLANIF interface.

2.3 Configuring Static ARPStatic ARP indicates that there is a fixed mapping between an IP address and a MAC address.Static ARP needs to be configured by an administrator.



16

2.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring static ARP.

Applicable EnvironmentStatic ARP is used in the following situations:

l For the packets whose destination IP address is on another network segment, static ARPcan help these packets traverse a gateway of the local network segment so that the gatewaycan forward the packets to their destination.

l When you need to filter out some packets with illegitimate destination IP addresses, staticARP can bind these illegitimate addresses to a nonexistent MAC address.

Pre-configuration TasksBefore configuring ARP, complete the following tasks:

l Configuring physical parameters for the interface and ensuring that the status of the physicallayer of the interface is Up

l Configuring link layer protocol parameters for the interface and ensuring that the status ofthe link layer protocol on the interface is Up

l Configuring the network layer protocol for the interface

Data PreparationTo configure ARP, you need the following data.

No. Data

1 IP address and MAC address of the static ARP entry

2 VPN instance name and VLAN ID to which the static ARP entry belongs

2.3.2 Configuring Common Static ARP EntriesStatic ARP entries are required for the communication between common interfaces.

ContextIf static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a devicesimultaneously, the virtual IP address of the VRRP backup group configured on the VLANIFinterface cannot be the IP address contained in the static ARP entries; otherwise, incorrect hostroutes are generated and thus packets cannot be normally forwarded.

Procedure




17


Step 2 Run:arp static ip-address mac-address

Configure common static ARP entries.

NOTE

Static ARP entries keep valid when a device works normally.

----End

2.3.3 Configuring Static ARP Entries in a VLANIn the scenario where two users belong to the same VLAN but user isolation is configured inthe VLAN, to implement communications between the two users, you need to enable static ARPwithin the VLAN on the member interface of the VLAN.

Context

If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a devicesimultaneously, the virtual IP address of the VRRP backup group configured on the VLANinterface cannot be the IP address contained in the static ARP entries; otherwise, incorrect hostroutes are generated and thus packets cannot be normally forwarded.

NOTE

To configure static ARP for the packets with double tags, run the arp static cevid command. For details,see the Quidway S7700 Smart Routing Switch Command Reference - Ethernet.

Procedure



Step 2 Configure static ARP entries in a Virtual Local Area Network (VLAN).

To configure static ARP entries in a VLAN, do as follows:

l Run the arp static ip-address mac-address [ vid vlan-id interface interface-type interface-number ] command.

To configure static ARP entries for VLANIF interfaces, if an ARP entry contains only theIP address and MAC address, and the VLAN ID and outbound interface of the ARP packetare not specified, the system selects the outbound interface automatically. If the VLAN IDand outbound interface are specified, the system forwards the packet from the specifiedoutbound interface.

If the interface corresponding to the VLAN is bound to a Virtual Private Network (VPN),the device can automatically associate the configured static ARP entry with the VPN. Thiscommand is applicable to port-based VLANs.

l Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlan-id command.



18

NOTE


----End

2.3.4 Configuring Static ARP Entries in a VPN InstanceTo implement Layer 2 interworking of the devices in a VPN instance, you can configure staticARP in the VPN instance.

Context

If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a devicesimultaneously, the virtual IP address of the VRRP backup group configured on the VLANIFinterface cannot be the IP address contained in the static ARP entries; otherwise, incorrect hostroutes are generated and thus packets cannot be normally forwarded.

Procedure



Step 2 Run:arp static ip-address mac-address vpn-instance vpn-instance-name

Configure static ARP entries in a VPN instance.

NOTE


----End

2.3.5 Checking the ConfigurationYou can view the configuration of static ARP.

PrerequisiteThe configurations of the ARP function are complete.

Procedurel Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to

check information about ARP mapping tables based on VPN instances.

l Run the display arp statistics { all } command to check the statistics for ARP entries.

l Run the display arp trackcommand to check the ARP entries learned by VLANIFinterfaces and view detailed information about the change of outbound interfaces.

----End



19

2.4 Optimizing Dynamic ARPIf dynamic ARP is configured, the system automatically resolutes an IP address into an EthernetMAC address.

2.4.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for optimizing dynamic ARP.

Applicable EnvironmentDynamic ARP is one of functions owned by a device or host. You do not need to run a commandto enable dynamic ARP but you can modify some parameters of dynamic ARP.

Pre-configuration TasksNone

Data PreparationOptimizing dynamic ARP, you need the following data.

No. Data

1 Aging detection times of the dynamic ARP entry

2 Aging time of the dynamic ARP entry

2.4.2 Modify the aging parameters of dynamic ARPIf the device needs to update ARP entries frequently, you can reduce the aging timeout periodof ARP entries, increase the number of aging detections for ARP entries, and reduce the agingdetection intervals of ARP entries.

Procedure





Step 3 Run:arp detect-times detect-times



20

The number of aging detection times of the dynamic ARP entries is configured.

Step 4 Run:arp expire-time expire-times

The timeout period for aging dynamic ARP entries is configured.

By default, the aging detection times of the dynamic ARP entries is three, and the aging timeoutperiod is 1200 seconds.

Step 5 Run:arp detect-mode unicast

The interface is configured to send ARP Aging Detection packets in unicast mode.

By default, an interface sends ARP Aging Detection packets in broadcast mode.

----End

2.4.3 Enabling ARP Suppression FunctionIf the system receives a great number of ARP packets from the same source at a time, the systemneeds to update ARP entries repeatedly. To ensure the performance of the system, you can enableARP suppression. In this manner, the system only responds to the ARP packets but does notupdate ARP entries.

Procedure



Step 2 Run:arp-suppress enable

ARP suppression is enabled on the current device.

----End

2.4.4 Enabling Layer 2 Topology Detection FunctionAfter Layer 2 topology detection is enabled, the system updates all the ARP entriescorresponding to the VLANs to which a Layer 2 interface belongs, if this Layer 2 interface goesUp.

Procedure



Step 2 Run:l2-topology detect enable

The Layer 2 topology detection function is enabled.



21

By default, this function is not enabled.

----End

2.4.5 Checking the ConfigurationYou can view the configuration of dynamic ARP.

PrerequisiteThe configurations of the ARP function are complete.

Procedurel Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlan-

id ] ] command to check information about ARP mapping tables based on interfaces.l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to

check information about ARP mapping tables based on VPN instances.l Run the display arp statistics { all } command to check the statistics for ARP entries.l Run the display arp trackcommand to check the ARP entries learned by VLANIF

interfaces and view detailed information about the change of outbound interfaces.

----End

2.5 Configuring Routed Proxy ARPProxy ARP enables devices whose IP addresses belong to the same network segment butdifferent physical networks to communicate with each other.

2.5.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring routed proxy ARP.


The two physical networks of an enterprise are in different subnets of the same IP network, andare separated by a device. You need to enable the proxy ARP on the device interface connectedto the physical networks. This enables communication between the two networks.

Network IDs of subnet hosts must be the same. You need not configure default gateways forhosts.


Before configuring routed proxy ARP, complete the following tasks:

l Configuring the physical parameters for the interface and ensuring that the status of thephysical layer of the interface is Up




22

Data PreparationTo configure routed proxy ARP, you need the following data.

No. Data

1 Number of the interface to be enabled with routed proxy ARP

2 IP address of the interface to be enabled with routed proxy ARP

2.5.2 Configure an IP Addresses for the InterfaceThe IP address assigned to a routed proxy ARP-enabled interface must be on the same networksegment with the IP address of the host on the LAN to which this interface connects.

Procedure





Routed proxy ARP can be enabled only on the VLANIF interface of the S7700.


The interface is configured with an IP address.

The IP address configured for the interface must be in the same network segment with that ofhosts in the LAN connected with this interface.

----End

2.5.3 Enabling the Routed Proxy ARP FunctionTo interconnect the subnets in the same IP network, you need to enable routed proxy ARP.

Procedure







23

Step 3 Run:arp-proxy enable

By default, the routed proxy ARP function is disabled on the interface.

After routed proxy ARP is enabled, you must reduce the aging time of ARP entries in the devieceso that the number of packets received but cannot be forwarded by the device is decreased. Toconfigure the aging time of ARP entries.

----End

2.5.4 Checking the ConfigurationYou can view the configuration of routed proxy ARP.

PrerequisiteThe configurations of the routed proxy ARP function are complete.



check information about ARP mapping tables based on VPN instances.l Run the display arp statistics command to check statistics about ARP entries.

----End

2.6 Configuring Proxy ARP Within a VLANBy configuring proxy ARP on a VLAN, you can interconnect isolated hosts on a VLAN.

2.6.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring proxy ARP on a VLAN.

Applicable EnvironmentIf two users are in the same VLAN but they are isolated from each other, to ensure the two userscan communicate, you need to enable proxy ARP within the VLAN on the interface associatedwith the VLAN.

Pre-configuration TasksBefore configuring proxy ARP within a VLAN, complete the following tasks:

l Configuring physical attributes for the interface and ensuring that the status of the physicallayer of the interface is Up

l Configuring the VLANl Configuring user isolation in the VLAN



24

Data PreparationTo configure proxy ARP within a VLAN, you need the following data.

No. Data

1 Number of the interface to be enabled with proxy ARP in a VLAN

2 IP address of the interface to be enabled with proxy ARP in a VLAN

3 VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN

2.6.2 Configure an IP Addresses for the InterfaceThe IP address assigned to an interface needs to be in the same network segment with the IPaddresses of the users of the VLANs associated to this interface.

Procedure





Intra-VLAN proxy ARP can be enabled on only the VLANIF interface of the S7700.



The IP address configured for the interface must be in the same network segment with that ofhosts in the VLAN associated with this interface.

----End

2.6.3 Enabling Proxy ARP Within a VLANTo interconnect isolated users on a VLAN, you need to enable intra-VLAN proxy ARP on theinterface associated to the VLAN.

Procedure






25


Step 3 Run:arp-proxy inner-sub-vlan-proxy enable

Proxy ARP within a VLAN is enabled.

----End

2.6.4 Checking the ConfigurationYou can view the configuration of intra-VLAN proxy ARP.

PrerequisiteThe configurations of the proxy ARP within a VLAN function are complete.




----End

2.7 Configuring Proxy ARP Between VLANsBy configuring inter-VLAN proxy ARP, you can interconnect hosts on different VLANs.

2.7.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring inter-VLAN proxy ARP.

Applicable EnvironmentIf two users belong to different VLANs and they need to communicate, you need to enable proxyARP between VLANs on the sub-interface associated with the VLAN.

IP addresses of hosts in a VLAN must be in the same network segment.

Pre-configuration TasksBefore configuring proxy ARP between VLANs, complete the following tasks:

l Configuring physical attributes for the interface and ensuring that the status of the physicallayer of the interface is Up

l Configuring VLAN aggregation

Data PreparationTo configure proxy ARP between VLANs, you need the following data.



26

No. Data

1 Number of the interface to be enabled with proxy ARP between VLANs

2 IP address of the interface to be enabled with proxy ARP between VLANs

3 VLAN ID associated with the interface to be enabled with proxy ARP betweenVLANs

2.7.2 Configuring an IP Addresses for the InterfaceThe IP address assigned to an interface needs to be in the same network segment with the IPaddresses of the users of all the VLANs associated to this interface.

Procedure





Inter-VLAN proxy ARP can be enabled only on the VLANIF interface of the S7700.



The IP address configured for the interface must be in the same network segment with that ofhosts in the VLAN associated with this interface.

----End

2.7.3 Enabling Proxy ARP Between VLANsTo interconnect users on different VLANs, you need to enable inter-VLAN proxy ARP on theVLANIF interfaces.

Procedure







27

Step 3 Run:arp-proxy inter-sub-vlan-proxy enable

Proxy ARP between VLANs is enabled.

----End

2.7.4 Checking the ConfigurationYou can view the configuration of inter-VLAN proxy ARP.

PrerequisiteThe configurations of Proxy ARP Between VLANs are complete.




----End

2.8 Configuring ARP-Ping IPARP-Ping IP is a method of detecting whether an IP address is used by another device on a localarea network (LAN) by sending ARP packets.

2.8.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring ARP-Ping IP.


In the LAN, to configure an IP address for a device, you need to use the arp-ping ip commandto check whether this IP address is used by another device in the network.

You can also run the ping command to check whether the IP address is used by another deviceon the network. If enabled with the firewall function that does not reply to Ping packets, thedestination host and device do not reply to Ping packets and think that the IP address is not inuse. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall. Inthis way, the preceding situation does not occur.


Before configuring ARP-Ping IP, complete the following tasks:

l Configuring parameters of the link layer protocol and IP addresses for the interfaces andensuring that the status of the link layer protocol on the interfaces is Up.



28

Data PreparationTo configure ARP-Ping IP, you need the following data.

No. Data

1 IP address to be checked

2.8.2 Detecting the IP Address by Using the arp-ping ip CommandARP-Ping IP detects whether an IP address is used by a device on a LAN by sending ARPrequests.

Procedure

Step 1 Run:

Check whether the IP address is in use.

The following information is displayed:

l If the following information is displayed, it means that the IP address is not in use.[Quidway] arp-ping ip 110.1.1.2 ARP-Pinging 110.1.1.2: Request timed out Request timed out Request timed out The IP address is not used by anyone!

l If the following information is displayed, it means that the IP address is in use.[Quidway] arp-ping ip 128.1.1.1 ARP-Pinging 128.1.1.1:128.1.1.1 is used by 00e0-517d-f202

----End

2.9 Configuring ARP-Ping MACARP-Ping MAC is a method of detecting whether a MAC address is used by another device ona LAN by sending ICMP packets.

2.9.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring ARP-Ping MAC.

Applicable EnvironmentTo check whether a MAC address is in use or query the IP address through the MAC address,you can use the arp-ping mac command.

Pre-configuration TasksBefore configuring ARP-Ping MAC, complete the following tasks:



29

l Configuring parameters of the link layer protocol and IP addresses for the interfaces andensuring that the status of the link layer protocol on the interfaces is Up.

Data PreparationTo configure ARP-Ping MAC, you need the following data.

No. Data

1 MAC address to be checked

2.9.2 Detecting the MAC Address by Using the arp-ping macCommand

ARP-Ping MAC detects whether an IP address is used by a device on a LAN by sending ICMPpackets.

Procedure

Step 1 Run:arp-ping mac mac-address { ip-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number }

Check whether the MAC address is in use. Alternatively, you can query the IP address throughthe MAC address.

The following information is displayed:

l If the following information is displayed, it means that the MAC address is not in use.[Quidway] arp-ping mac 00e0-517d-f201 interface gigabitethernet 1/0/0 OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-01], press CTRL_C to break Request timed out Request timed out Request timed out ----- ARP-Ping MAC statistics ----- 3 packet(s) transmitted 0 packet(s) received MAC[00-E0-51-7D-F2-01] not be used

l If the following information is displayed, it means that the MAC address is in use.[Quidway] arp-ping mac 00e0-517d-f202 interface gigabitethernet 1/0/0 OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-02], press CTRL_C to break ----- ARP-Ping MAC statistics ----- 1 packet(s) transmitted 1 packet(s) received IP ADDRESS MAC ADDRESS 128.1.1.1 00-E0-51-7D-F2-02

----End

2.10 Maintaining ARPThe operations of ARP maintenance include clearing ARP statistics and monitoring ARPoperating status.



30

2.10.1 Clearing ARP EntriesThis section describes ARP entries clearance through the reset command.

Context

CAUTIONl The mapping between the IP and MAC addresses is deleted after you clear ARP entries. So,

confirm the action before you use the command.

l The static ARP entries cannot restore after you clear it. So, confirm the action before youuse the command.

Procedure

Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | static } commandin the user view to clear the ARP entries in the ARP mapping table.

----End

2.10.2 Monitoring Network Operation Status of ARPThis section describes ARP operation monitoring through the display command.

Context

In routine maintenance, you can run the following command in any view to check the operationof ARP.


id ] ] command in any view to check the information about the ARP mapping table basedon interfaces.

l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command inany view to check the information about ARP mapping tables based on VPN instances.

l Run the display arp track command in any view to check the information about theoutbound interfaces change of ARP entries learned by VLANIF interfaces.

----End

2.10.3 Debugging ARPThis section describes ARP debugging through the debugging command.



31

Context

CAUTIONDebugging affects the performance of the system. Thus, after debugging, run the undodebugging all command to disable debugging immediately. When the CPU usage is close to100%, debugging ARP may cause the board resetting. So, confirm the action before you use thecommand.

When faults occur during ARP operation, run the following debugging command in the userview to debug ARP and locate the fault.

For more information, see chapter "Information Center Configuration" in the Quidway S7700Smart Routing Switch Configuration Guide-System Management. For descriptions about thedebugging commands, see the Quidway S7700 Smart Routing Switch Debugging Reference.

Procedurel Run the debugging arp packet [ interface interface-type interface-number | slot slot-id ]

command in the user view to debug ARP.

l Run the debugging arp-proxy [ inner-sub-vlan-proxy | inter-sub-vlan-proxy ][ interface interface-type interface-number ] command in the user view to debug proxyARP.

l Run the debugging arp process [slot slot-id | interface interface-type interface-number ]command in the user view to debug the processing of ARP packets.

----End

2.11 Configuration ExamplesThis section provides several configuration examples of ARP.

2.11.1 Example for Configuring ARP

Networking Requirements

As shown in Figure 2-3, GE 1/0/1 of the Switch is connected to the host through the LAN switch(LSW); GE 1/0/2 is connected to the server through the router. It is required that:

l GE 1/0/1 should be added to VLAN 2, and GE 1/0/2 should be added to VLAN 3.

l To adapt to fast changes of the network and ensure correct forwarding of packets, dynamicARP parameters need to be set on VLANIF 2 of the Switch.

l To ensure communication security between hosts and the server, and prevent invalid ARPpackets, a static ARP entry needs to be created on GE 1/0/2 of the Switch. In the ARP entry,the IP address of the router is 10.2.2.3 and the MAC address is 00e0-fc01-0000.



32

Figure 2-3 Networking diagram for configuring ARP

Internet

GE1/0/1

GE1/0/2

Switch

Server

LSW

Router

PC2

PC2

PC1



1. Create a VLAN and add an interface to the VLAN.2. Set dynamic ARP parameters on a VLANIF interface at the user side.3. Create a static ARP entry.

Data Preparation

To complete the configuration, you need the following data:

l GE 1/0/1 added to VLAN 2 and GE 1/0/2 added to VLAN 3l VLANIF 2 with the IP address being 2.2.2.2 and subnet mask being 255.255.255.0, aging

time of ARP entries being 60s, and number of detection times being 2l LSW with the IP address being 2.2.2.1 and subnet mask being 255.255.255.0l Interface connecting the router and the Switch, with the IP address being 10.2.2.3, subnet

mask being 255.255.255.0, and MAC address being 00e0-fc01-0000

Procedure

Step 1 Create a VLAN and add an interface to the VLAN.

# Create VLAN 2 and VLAN 3.



33

<Quidway> system-view[Quidway] vlan batch 2 3

# Add GE 1/0/1 to VLAN 2 and add GE 1/0/2 to VLAN 3.

[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port hybrid tagged vlan 2[Quidway-GigabitEthernet1/0/1] quit[Quidway] interface gigabitethernet 1/0/2[Quidway-GigabitEthernet1/0/2] port hybrid tagged vlan 3[Quidway-GigabitEthernet1/0/2] quit

Step 2 Set dynamic ARP parameters on a VLANIF interface.

# Create VLANIF2.

[Quidway] interface vlanif 2

# Assign an IP address to VLANIF 2.

[Quidway-Vlanif2] ip address 2.2.2.2 255.255.255.0

# Set the aging time of ARP entries to 60s.

[Quidway-Vlanif2] arp expire-time 60

# Set the number of detection times before deleting ARP entries to 2.

[Quidway-Vlanif2] arp detect-times 2[Quidway-Vlanif2] quit

Step 3 Create a static ARP entry.

# Create VLANIF 3.



[Quidway-Vlanif3] ip address 10.2.2.2 255.255.255.0[Quidway-Vlanif3] quit

# Create a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN ID3, and outgoing interface GE 1/0/2.

[Quidway] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface gigabitethernet 1/0/2[Quidway] quit


# Run the display current-configuration command. You can view the aging time of ARPentries, the number of detection times before deleting ARP entries, and the ARP mapping table.

<Quidway> display current-configuration | include arp arp expire-time 60 arp detect-times 2 arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2

----End

Configuration FilesThe following is the configuration file of the Switch.

# sysname Quidway#vlan batch 2 to 3



34

#interface Vlanif2ip address 2.2.2.2 255.255.255.0 arp expire-time 60 arp detect-times 2#interface Vlanif3 ip address 10.2.2.2 255.255.255.0#interface GigabitEthernet 1/0/1 port hybrid tagged vlan 2#interface GigabitEthernet 1/0/2 port hybrid tagged vlan 3# arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet1/0/2#return

2.11.2 Example for Configuring Routed Proxy ARP

Networking RequirementsAs shown in Figure 2-4, GE 1/0/0 and GE 1/0/1 of the Switch are connected to a LANrespectively, and the network IDs of the two LANs are 172.16.0.0/16. Host A and Host B arenot configured with the default gateway. It is required that routed proxy ARP should be enabledon the Switch so that hosts in the two LANs can communicate.

Figure 2-4 Networking diagram for configuring routed proxy ARP

Host B

Switch

172.16.1.1/24 172.16.2.1/24VLAN 2

GE1/0/1

172.16.2.2/16172.16.1.2/16Host A

Ethernet A Ethernet B

0000-5e33-ee20 0000-5e33-ee10

VLAN 3

GE1/0/0


1. Assign an IP Address to an interface.2. Enable routed proxy ARP on the interface.3. Configure the default route.

Data PreparationTo complete the configuration, you need the following data:



35

l IP addresses of the interfacesl Default routel IP addresses of the hosts

Procedure

Step 1 Create VLAN 2 and add GE 1/0/0 to VLAN 2.<Quidway> system-view[Quidway] vlan 2[Quidway-vlan2] quit[Quidway] interface gigabitethernet 1/0/0[Quidway-GigabitEthernet1/0/0] port link-type access[Quidway-GigabitEthernet1/0/0] port default vlan 2[Quidway-GigabitEthernet1/0/0] quit

Step 2 Create and configure VLANIF 2.[Quidway] interface vlanif 2[Quidway-Vlanif2] ip address 172.16.1.1 255.255.255.0

Step 3 Enable routed proxy ARP on VLANIF 2.[Quidway-Vlanif2] arp-proxy enable[Quidway-Vlanif2] quit

Step 4 Create VLAN 3 and add GE 1/0/1 to VLAN 3.[Quidway] vlan 3[Quidway-vlan3] quit[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port link-type access[Quidway-GigabitEthernet1/0/1] port default vlan 3[Quidway-GigabitEthernet1/0/1] quit

Step 5 Create and configure VLANIF 3.[Quidway] interface vlanif 3[Quidway-Vlanif3] ip address 172.16.2.1 255.255.255.0

Step 6 Enable routed proxy ARP on VLANIF 3.[Quidway-Vlanif3] arp-proxy enable[Quidway-Vlanif3] quit

Step 7 Configure the hosts.

# Assign IP address 172.16.1.2/16 to Host A.

# Assign IP address 172.16.2.2/16 to Host B.


# Ping Host B from Host A. The ping operation is successful.

----End


# sysname Quidway# vlan batch 2 to 3#interface Vlanif2 ip address 172.16.1.1 255.255.255.0



36

arp-proxy enable#interface Vlanif3 ip address 172.16.2.1 255.255.255.0 arp-proxy enable#interface GigabitEthernet1/0/0 port link-type access port default vlan 2 #interface GigabitEthernet1/0/1 port link-type access port default vlan 3 #return

2.11.3 Example for Configuring Intra-VLAN Proxy ARP


As shown in Figure 2-5, GE 1/0/1 and GE 1/0/0 of the Switch belong to sub-VLAN 2. Sub-VLAN 2 belong to super-VLAN 3. It is required that:

l Host A and host B in VLAN 2 should be isolated at Layer 2.

l Host A should communicate with host B at Layer 3 through intra-VLAN proxy ARP.

The IP address and subnet mask of the VLANIF interface in super-VLAN 3 should be 10.10.10.1and 255.255.255.0.

Figure 2-5 Networking diagram for configuring intra-VLAN proxy ARP

Switch

hostA10.10.10.2/2400-e0-fc-00-00-02

hostB10.10.10.3/24

00-e0-fc-00-00-03

GE1/0/0GE1/0/1

sub-VLAN2

Internet



1. Create and configure a super-VLAN and a sub-VLAN.2. Add an interface to the sub-VLAN.



37

3. Create a VLANIF interface of the super-VLAN and assign an IP address to the VLANIFinterface.

4. Enable intra-VLAN proxy ARP on the VLANIF interface of the super-VLAN.


l VLAN IDs of the super-VLAN and sub-VLANl GE 1/0/1 and GE 1/0/0 belonging to sub-VLAN 2l IP address and subnet mask of VLANIF 3 of super-VLAN 3 being 10.10.10.1 and

255.255.255.0

Procedure

Step 1 Configure the super-VLAN and sub-VLAN.

# Configure sub-VLAN 2.<Quidway> system-view[Quidway] vlan 2[Quidway-vlan2] quit

# Enable port isolation on GE 1/0/0 and GE 1/0/1.[Quidway] port-isolate mode l2[Quidway] interface gigabitethernet 1/0/0[Quidway-GigabitEthernet1/0/0] port-isolate enable[Quidway-GigabitEthernet1/0/0] quit[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port-isolate enable[Quidway-GigabitEthernet1/0/1] quit

# Add GE 1/0/0 and GE 1/0/1 to sub-VLAN 2.[Quidway] interface gigabitethernet 1/0/0[Quidway-GigabitEthernet1/0/0] port link-type access[Quidway-GigabitEthernet1/0/0] port default vlan 2[Quidway-GigabitEthernet1/0/0] quit[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port link-type access[Quidway-GigabitEthernet1/0/1] port default vlan 2[Quidway-GigabitEthernet1/0/1] quit

# Configure super-VLAN 3 and add sub-VLAN 2 to super-VLAN 3.[Quidway] vlan 3[Quidway-vlan3] aggregate-vlan[Quidway-vlan3] access-vlan 2[Quidway-vlan3] quit

Step 2 Create and configure VLANIF 3.

# Create VLANIF 3.



[Quidway-Vlanif3] ip address 10.10.10.1 24

Step 3 Enable intra-VLAN proxy ARP on VLANIF 3.

[Quidway-Vlanif3] arp-proxy inner-sub-vlan-proxy enable[Quidway-Vlanif3] quit




38

# Run the display current-configuration command. You can view the configurations of thesuper-VLAN, sub-VLAN, and VLANIF interface. For query results, see the followingconfiguration file.

# Run the display arp command to view all the ARP entries.

<Quidway> display arpIP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN------------------------------------------------------------------------------10.10.10.1 0018-2000-0083 I - Vlanif310.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0 2/-10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1 2/-------------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1

----End

Configuration FilesThe following lists the configuration file of the Switch.

# sysname Quidway# vlan batch 2 to 3 #vlan 3 aggregate-vlan access-vlan 2#interface Vlanif3 ip address 10.10.10.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable#interface GigabitEthernet1/0/0 port link-type access port default vlan 2 port-isolate enable group 1#interface GigabitEthernet1/0/1 port link-type access port default vlan 2 port-isolate enable group 1#return

2.11.4 Example for Configuring Inter-VLAN Proxy ARP

Networking RequirementsAs shown in Figure 2-6, VLAN 2 and VLAN 3 constitute super-VLAN 4. It is required that:l Hosts in the sub-VLANs 2 and 3 should not be pinged mutually.l Hosts in VLAN 2 and VLAN 3 should be pinged mutually after inter-VLAN proxy ARP

is enabled.



39

Figure 2-6 Networking diagram for configuring inter-VLAN proxy ARP

VLAN2 VLAN3

VLAN4

Switch

VLAN2 VLAN3


1. Configure a super-VLAN and a sub-VLAN.2. Add an interface to the sub-VLAN.3. Create an VLANIF interface of the super-VLAN and assign an IP address to the VLANIF

interface.4. Enable inter-VLAN proxy ARP.


l VLAN IDs of the super-VLAN and sub-VLANl GE 1/0/1 and GE 1/0/0 belonging to sub-VLAN 2l GE 2/0/0 and GE 2/0/1 belonging to sub-VLAN 3l IP address and subnet mask of VLANIF 4 in super-VLAN 4 being 10.10.10.1 and

255.255.255.0

Procedure

Step 1 Configure the super-VLAN and sub-VLAN.


# Add GE 1/0/0 and GE 1/0/1 to sub-VLAN 2.[Quidway] interface gigabitethernet 1/0/0[Quidway-GigabitEthernet1/0/0] port link-type access[Quidway-GigabitEthernet1/0/0] port default vlan 2



40

[Quidway-GigabitEthernet1/0/0] quit[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port link-type access[Quidway-GigabitEthernet1/0/1] port default vlan 2[Quidway-GigabitEthernet1/0/1] quit


# Add GE2/0/0 and GE2/0/1 to sub-VLAN 3.[Quidway] interface gigabitethernet 2/0/0[Quidway-GigabitEthernet2/0/0] port link-type access[Quidway-GigabitEthernet2/0/0] port default vlan 3[Quidway-GigabitEthernet2/0/0] quit[Quidway] interface gigabitethernet 2/0/1[Quidway-GigabitEthernet2/0/1] port link-type access[Quidway-GigabitEthernet2/0/1] port default vlan 3[Quidway-GigabitEthernet2/0/1] quit

# Configure super-VLAN 4 and add sub-VLAN 2 to super-VLAN 4.[Quidway] vlan 4[Quidway-vlan4] aggregate-vlan[Quidway-vlan4] access-vlan 2[Quidway-vlan4] access-vlan 3[Quidway-vlan4] quit

Step 2 Create and configure VLANIF 4.

# Create VLANIF 4.



[Quidway-Vlanif4] ip address 10.10.10.1 24

Step 3 Enable inter-VLAN proxy ARP on VLANIF 4.

[Quidway-Vlanif4] arp-proxy inter-sub-vlan-proxy enable[Quidway-Vlanif4] quit


# Run the display current-configuration command. You can view the configurations of thesuper-VLAN, sub-VLAN, and VLANIF interface. For query results, see the followingconfiguration file.

# Run the display arp command to view all the ARP entries.

<Quidway> display arpIP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN------------------------------------------------------------------------------10.10.10.1 0018-2000-0083 I - Vlanif410.10.10.2 00e0-fc00-0002 19 D-0 GE1/0/0 2/-10.10.10.3 00e0-fc00-0003 19 D-0 GE1/0/1 2/-10.10.10.4 00e0-fc00-0004 19 D-0 GE2/0/0 3/-10.10.10.5 00e0-fc00-0005 19 D-0 GE2/0/1 3/-------------------------------------------------------------------------------Total:5 Dynamic:4 Static:0 Interface:1

----End



41

Configuration Files

The following lists the configuration file of the Switch.

# sysname Quidway# vlan batch 2 to 4 #vlan 4 aggregate-vlan access-vlan 2 to 3#interface Vlanif4 ip address 10.10.10.1 255.255.255.0 arp-proxy inter-sub-vlan-proxy enable#interface GigabitEthernet1/0/0 port link-type access port default vlan 2#interface GigabitEthernet1/0/1 port link-type access port default vlan 2#interface GigabitEthernet2/0/0 port link-type access port default vlan 3#interface GigabitEthernet2/0/1 port link-type access port default vlan 3#return

2.11.5 Example for Configuring Layer 2 Topology Detection


As shown in Figure 2-7, two GE interfaces are added to VLAN 100 in default mode and the IPaddresses of the two GE interfaces are shown in the figure.

Figure 2-7 Networking diagram for configuring Layer 2 topology detection

PC A10.1.1.1/24

PC B10.1.1.3/24

VLANIF10010.1.1.2/24

Switch

VLAN100



42


1. Add two GE interfaces to VLAN 100 in default mode.2. Enable Layer 2 topology detection and view changes of ARP entries.


l Types and numbers of the interfaces to be added to a VLANl IP addresses of the VLANIF interface and the PCs

Procedure

Step 1 Create VLAN 100 and add the two GE interfaces of the Switch to VLAN 100 in default mode.

# Create VLANIF 100 and assign an IP addresses to VLANIF 100.

<Quidway> system-view[Quidway] vlan 100[Quidway-vlan100] quit[Quidway] interface vlanif 100[Quidway-vlanif100] ip address 10.1.1.2 24[Quidway-vlanif100] quit

# Add the two GE interfaces to VLAN 100 in default mode.

[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port link-type access[Quidway-GigabitEthernet1/0/1] port default vlan 100[Quidway-GigabitEthernet1/0/1] quit[Quidway] interface gigabitethernet 1/0/2[Quidway-GigabitEthernet1/0/2] port link-type access[Quidway-GigabitEthernet1/0/2] port default vlan 100[Quidway-GigabitEthernet1/0/2] quit

Step 2 # Enable Layer 2 topology detection.[Quidway] l2-topology detect enable

Step 3 Restart GE 1/0/1 and view changes of the ARP entries and aging time.

# View ARP entries on the Switch. You can find that the Switch has learnt the MAC address ofthe PC.

[Quidway] display arp allIP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN-----------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I - Vlanif10010.1.1.1 00e0-c01a-4901 20 D-0 GE1/0/110.1.1.3 00e0-de24-bf04 20 D-0 GE1/0/2-----------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1

# Run the shutdown command and then the undoshutdown command on GE 1/0/1 to view theaging time of ARP entries.

[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] shutdown[Quidway-GigabitEthernet1/0/1] undo shutdown[Quidway-GigabitEthernet1/0/1] display arp all



43

IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN----------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I - Vlanif100 10.1.1.3 00e0-de24-bf04 0 D-0 GE1/0/2------------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1

NOTE

According to the displayed information, the ARP entry learned from GE 1/0/1 is deleted after GE 1/0/1 isshut down. The aging time of ARP entries learned from GE 1/0/2 becomes 0 after GE1/0/1 is restored andbecomes Up again. When the aging time is 0, the Switch sends an ARP probe packet for updating ARPentries.

[Quidway-GigabitEthernet1/0/1] display arp allIP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN----------------------------------------------------------------------------10.1.1.2 00e0-c01a-4900 I - Vlanif100 10.1.1.3 00e0-de24-bf04 20 D-0 GE1/0/2----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1

NOTE

After the ARP entry is updated, the aging time is restored to the default value, 20 minutes.

----End


# sysname Quidway#L2-topolgy detect enable# vlan 100#interface Vlanif100 ip address 10.1.1.2 255.255.255.0#interface GigabitEthernet1/0/1 port link-type access port default vlan 100#interface GigabitEthernet1/0/2 port link-type access port default vlan 100#return



44

3 DHCP Configuration

About This Chapter

The DHCP technology is applicable to a variety of networks. It ensures proper IP addressallocation and saves IP addresses on networks.

3.1 Introduction to DHCPDynamic Host Configuration Protocol (DHCP) enables a client to dynamically obtain a valid IPaddress.

3.2 DHCP Features Supported by the S7700The S7700 can be used as a DHCP server or a DHCP relay agent.

3.3 Configuring the DHCP Server Based on the Global Address PoolA DHCP server can allocate IP addresses to clients by using the global address pool.

3.4 Configuring the DHCP Server Based on the VLANIF Interface Address PoolIf a DHCP server based on a VLANIF interface address pool is configured, all the users goingonline through this interface obtain IP addresses from the VLANIF interface address pool.

3.5 Configuring the DHCP Relay AgentBy using a DHCP relay agent, the DHCP clients on a local area network (LAN) can communicatewith the DHCP servers on other network segments, and obtain IP addresses from them. TheDHCP clients on different network segments can also use one DHCP server. This reduces costsand achieves centralized device management.

3.6 Maintaining DHCPAfter DHCP configurations are complete, you can clear DHCP statistics and monitor DHCPoperation.

3.7 Configuration ExamplesDHCP configuration examples explain the networking requirements, networking diagram,configuration notes, configuration roadmap, and configuration procedure. The configurationexamples involve various usage scenarios of DHCP.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 3 DHCP Configuration


45

3.1 Introduction to DHCPDynamic Host Configuration Protocol (DHCP) enables a client to dynamically obtain a valid IPaddress.

OverviewNetwork scales and complexity grow fast, so the network configurations become increasinglycomplicated. For example, the locations of hosts such as portable computers and wirelessnetwork terminals frequently change, and the number of hosts often exceeds the number ofavailable IP addresses. The DHCP is developed to solve the preceding problems.

DHCP works in the client/server model. A DHCP client requests the DHCP server forconfigurations, and the DHCP server sends the configurations to the client.

The DHCP protocol requires that the DHCP clients and DHCP server be in the same networksegment; therefore, each network segment needs a DHCP server. This wastes resources. DHCPrelay achieves address allocation between network segments.

DefinitionDHCP server

A DHCP server allocates IP addresses to clients. A client sends a packet to the server to requestfor configurations such as the IP address, subnet mask, and default gateway. After receiving thepacket, the server replies with a packet carrying the corresponding configurations according topolicies. Both the Request and Reply packets are encapsulated in UDP packets.

DHCP relay agent

A DHCP relay agent transparently transmits DHCP broadcast packets between the DHCP clientsand DHCP server that are on different network segments.

3.2 DHCP Features Supported by the S7700The S7700 can be used as a DHCP server or a DHCP relay agent.

Table 3-1 describes the DHCP usage scenarios where the S7700 is used.

Table 3-1 DHCP usage scenarios

Usage Scenario

DHCP server based on the global addresspool

The DHCP clients and DHCP server are onthe same network segment or on differentnetwork segments.

DHCP server based on the interface addresspool

The DHCP clients and DHCP server are onthe same network segment.

DHCP relay agent The DHCP clients and DHCP server aredifferent network segments.



46

Using the S7700 as a DHCP ServerThe S7700 can function as a DHCP server to allocate IP addresses to clients. A client sends apacket to the server to request for configurations such as the IP address, subnet mask, and defaultgateway. After receiving the packet, the server replies with a packet carrying the correspondingconfigurations according to policies. Both the Request and Reply packets are encapsulated inUDP packets.

The S7700 allocates IP addresses to clients by using the global address pool or an interfaceaddress pool.l Using the global address pool: When an interface of the S7700 receives a DHCP packet

from a DHCP client, the S7700 allocates an IP address to the client from the global addresspool. For details about configuring the global address pool, see 3.3 Configuring the DHCPServer Based on the Global Address Pool.

l Using an interface address pool: When an interface of the S7700 receives a DHCP packetfrom a DHCP client, the S7700 allocates an IP address to the client from the interfaceaddress pool. If there is no available address in the interface address pool, the S7700 usesthe global address pool that contains the addresses in the interface address pool. For detailsabout configuring the interface address pool, see 3.4 Configuring the DHCP Server Basedon the VLANIF Interface Address Pool.

NOTE

The S7700 supports the DHCP snooping function. For details about DHCP snooping, see the QuidwayS7700 Smart Routing Switch Configuration Guide - Security.

Using the S7700 as a DHCP Relay AgentWhen functioning as a DHCP relay agent, the S7700 forwards the DHCP packets to the DHCPservers or clients on different network segments. The DHCP clients on different networks canuse one DHCP server. The DHCP relay agent saves costs and facilitates device management.

After receiving a DHCP packet from a DHCP client, the S7700 functioning as a DHCP relayagent forwards the DHCP packet to a DHCP server, and then the DHCP server allocates an IPaddress to the client. For details about configuring the DHCP relay agent, see 3.5 Configuringthe DHCP Relay Agent.

ApplicationThe S7700 functions as a DHCP server and is in the same network segment as the DHCP clients.On this network, the DHCP server can use the global address pool or the interface address pool.

Figure 3-1 DHCP clients and DHCP server are on the same network segment

DHCP Server100.10.10.1/24

100.10.10.2/24

100.10.10.4/24100.10.10.3/24



47

An S7700 functions as a DHCP server and another one functions as a DHCP relay agent. TheDHCP server and DHCP clients are on different network segments. On this network, the DHCPserver can use only the global address pool.

Figure 3-2 DHCP clients and DHCP server are on different network segments

SwitchB

DHCP Server100.10.10.1/24Internet

DHCPClient

DHCPClient

DHCPClient

20.20.20.1/24

DHCP Relay

SwitchA

3.3 Configuring the DHCP Server Based on the GlobalAddress Pool

A DHCP server can allocate IP addresses to clients by using the global address pool.

3.3.1 Establishing the Configuration TaskBefore configuring the DHCP server based on the global address pool, familiarize yourself withthe applicable environment, complete the pre-configuration tasks, and obtain the required data.This helps you complete the configuration task quickly and accurately.

Applicable EnvironmentOn an enterprise network, if the computers are connected to the DHCP server through anothernetwork, the global address pool needs to be configured on the S7700 to allocate IP addressesto computers, as shown in Figure 3-3.



48

Figure 3-3 Networking diagram for configuring the DHCP server based on the global addresspool

DHCPclient

SwtichA

NetBIOSserver

DHCPclient

DNSserver

DHCPclient

DHCPclient

DHCPclient

DHCPclient

DHCP server

SwtichB SwtichC

When the S7700 functions as the DHCP server based on the global address pool, it must workwith the DHCP relay agent.


Before configuring the DHCP server based on the global address pool, complete the followingtasks:

l Ensuring that the link between the DHCP clients and the S7700 works properly and theDHCP clients can communicate with the S7700

l (Optional) Configuring the DNS server

l (Optional) Configuring the NetBIOS server

l Configuring routes from the S7700 to the DNS server and the NetBIOS server (The routesare required only when the servers are configured.)

l (Optional) Configuring the customized DHCP option

Data Preparation

Before configuring the DHCP server based on the global address pool, you need the followingdata.

No. Data

1 Address pool name, IP address range, IP address lease, IP addresses not to be allocatedin the IP address pool (optional), and IP address and MAC address that need to bestatically bound (optional)

2 Egress gateway of the DHCP clients

3 (Optional) IP address of the DNS server and domain name of the DHCP clients



49

No. Data

4 (Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCPclients

5 (Optional) Code of the customized DHCP option and corresponding ASCII characterstring, hexadecimal numeral, or IP address

3.3.2 Configuring an Interface to Use Global Address PoolWhen a DHCP server receives a DHCP packet from a client, the server can allocate an IP addressto the client from the global address pool.

Context

Perform the following steps on the DHCP server.

Procedure



Step 2 Run:dhcp enable

The DHCP function is enabled.



Step 4 Run:ip address ip address { mask | mask-length}

An IP address is allocated to the VLANIF interface.

If there is no DHCP relay agent between the DHCP clients and S7700, the S7700 allocates IPaddresses that are in the same network segment as the interface address to the clients connectedto this interface.

If the VLANIF interface is not configured with an IP address or no address pool is on the samenetwork segment as the interface address, the clients cannot go online.

If there is a DHCP relay agent between the DHCP clients and S7700, the S7700 parses thegateway address in the received DHCP packets forwarded by the DHCP relay agent. If thegateway address does not match an entry in the address pool, the clients cannot go online.

Step 5 Run:dhcp select global



50

The DHCP function is enabled on the interface and the DHCP server allocates IP addresses toclients by using the global address pool.

----End

3.3.3 Configuring Address Allocation Mode for Global AddressPool

According to the requirements of clients, you can select the static binding mode or the dynamicallocation mode for the address pool, but the two modes cannot be enabled simultaneously forthe same IP address in the global address pool.

ContextUp to 256 address pools can be configured on the S7700, including the global address pools andinterface address pools. The number of address pools of each type is not limited. To use thedynamic allocation mode, you must specify the range of addresses to be allocated; to use thestatic binding mode, only one address can be allocated to a client. The global address poolattributes include the IP address range, IP address lease, IP addresses not to be automaticallyallocated, and IP addresses to be statically bound to MAC addresses.


Procedure



Step 2 Run:ip pool ip-pool-name

The global address pool view is displayed.

By default, no global address pool exists on the S7700.

Step 3 Run:network ip-address [ mask { mask | mask-length } ]

The range of IP addresses in the address pool is set.

An address pool can contain only one address segment. The address range of the address poolis set by the mask, and must be within the network segment where the gateway is located.

Step 4 Run:lease { day day [ hour hour [ minute minute ] ] | unlimited }

The lease of IP addresses is set.

By default, the IP address lease is one day.

Different address pools on a DHCP server can be set with different IP address leases, but the IPaddresses in one address pool must be set with the same lease.

Step 5 (Optional) Run:excluded-ip-address start-ip-address [ end-ip-address ]



51

The IP addresses that cannot be automatically allocated in the DHCP address pool are configured.

Some IP addresses are reserved for other services, for example, the IP address of the DNS servercannot be allocated to clients. You can run the excluded-ip-address command to configure theIP addresses that are not allocated in the DHCP address pool. If you run the excluded-ip-address command multiple times, you can set multiple IP address ranges that cannot beautomatically allocated in the DHCP address pool.

Step 6 (Optional) Run:static-bind ip-address ip-address mac-address mac-address

An IP address in the address pool is bound to a MAC address.

When a client requires a fixed IP address, bind an idle IP address in the address pool to the MACaddress of the client.

Step 7 Run:gateway-list ip-address &<1-8>

The egress gateway is configured for the global address pool.

NOTE

To load balance the traffic and improve the reliability of the network, you can configure multiple egressgateways. An IP address pool can be configured with up to eight gateway addresses. The gateway addresscannot be a broadcast address of a subnet.

When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egressgateway address is the same as the egress gateway address of the DHCP relay agent.

----End

3.3.4 (Optional) Configuring DNS for Global Address PoolEach client has a domain name. To enable DHCP clients to communicate by using their domainnames and prevent IP address conflicts, the DHCP server needs to specify domain names forthese clients when allocating IP addresses to them.

Context

On the DHCP server, the domain-name command specifies a domain name for each globaladdress pool. When allocating IP addresses to clients, the DHCP server also sends the domainnames to the clients. During domain name resolution, users only need to enter a part of thedomain name, and then the system uses a complete domain name for resolution.


Procedure




The IP address pool view is displayed.



52

Step 3 Run:domain-name domain-name

The DNS domain name to be allocated to the DHCP client is configured.

On the DHCP server, you can specify a DNS domain name for each address pool. If the DNSdomain name is configured, the DNS server used by the DHCP client is also specified.

Step 4 Run:dns-list ip-address &<1-8>

The IP address of the DNS server is configured for the DHCP client.

To load balance the traffic and improve the reliability of the network, configure multiple DNSservers. Each address pool can be configured with a maximum of eight DNS servers.

----End

3.3.5 (Optional) Configuring NetBIOS for Global Address PoolDHCP clients running on the Microsoft Windows operating system use the Network Basic InputOutput System (NetBIOS) protocol for communication. The NetBIOS server translates hostnames to IP addresses for the clients.

ContextPerform the following steps on the DHCP server.

NOTE

NetBIOS: Network Basic Input Output System.

When a DHCP client uses the NetBIOS protocol for communication, the host names must bemapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classifiedinto the following types:

l b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcastmode.

l p-node: indicates a node in peer-to-peer mode. This node obtains the mappings bycommunicating with the NetBIOS server.

l m-node: indicates a node in mixed mode, that is, the p-type node with some broadcastfeatures.

l h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-endcommunication mechanism.

Procedure







53

Step 3 Run:nbns-list ip-address &<1-8>

The NetBIOS server address of the DHCP client is configured.

Each IP address pool can be configured with up to eight NetBIOS server addresses.

Step 4 Run:netbios-type { b-node | h-node | m-node | p-node }

The NetBIOS type is set for DHCP clients.

By default, the NetBIOS node type is not specified for DHCP clients.

----End

3.3.6 (Optional) Configuring the Customized DHCP Option for theGlobal Address Pool

DHCP provides various options. To use these options, add them to the attribute list of the DHCPserver manually.

ContextWhen a DHCP client requests an IP address from the DHCP server, the server returns a DHCPReply packet containing the option field.

NOTE

The option command configures basic functions, such as the DNS service, NetBIOS service, and IP addresslease. The system also provides commands to configure these functions separately. These commands takeprecedence over the option command. If no configuration command of these functions is run, the relatedoptions configured by using the option command take effect.

Related commands:

l DNS service: domain-name and dns-list

l NetBIOS service: nbns-list and netbios-type

l Lease: lease


Procedure





Step 3 Run:option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string &<1-10> | ip-address ip-address &<1-8> }

The DHCP option is configured.



54

After the option command is used, the specified option is carried by the DHCP Reply packetreturned by the DHCP server. Before using this command, ensure that you know the functionsof the option to be configured. For details on the DHCP options, see RFC 2132.

----End

3.3.7 (Optional) Preventing Repetitive Allocation of an IP AddressTo prevent repetitive IP address allocation, the DHCP server pings the IP address to be allocatedbefore allocating it to a client.


After the dhcp server ping command is executed, the DHCP server can prevent repetitive IPaddress allocation. The DHCP server pings an IP address to be allocated. If there is no responseto the ping packet within a certain period, the DHCP server continues to send ping packets tothis IP address until the number of ping packets reaches the maximum value. If there is still noresponse, this IP address is not in use, and the DHCP server allocates the IP address to a client.

Procedure



Step 2 Run:dhcp server ping packet number

The maximum number of ping packets is set.

By default, the maximum number of ping packets to be sent by the S7700 is 0. That is, theS7700 does not ping the IP addresses to be allocated.

Step 3 Run:dhcp server ping timeout milliseconds

The period in which the S7700 waits for the response is set.

By default, the period in which the S7700 waits for the response is 500 ms.

----End

3.3.8 (Optional) Configuring Automatic Saving of DHCP DataYou can configure the S7700 to save DHCP data to the storage device. When a fault occurs, youcan restore data from the storage device.


When the S7700 functions as the DHCP server, you can enable the function of saving DHCPdata so that IP address information is saved to the storage device periodically.



55

ProcedureStep 1 Run:

system-view


Step 2 Run:dhcp server database enable

The S7700 automatically saves DHCP data to the CF card.

After the dhcp server database enable command is executed, the system generates thelease.txt and conflict.txt files in the CF card. The two files save the address lease informationand address conflict information.

Step 3 Run:dhcp server database write-delay interval

The interval for saving DHCP data is set.

By default, DHCP data is not automatically saved to CF card. After the S7700 is configured toautomatically save DHCP data, the S7700 saves data every 7200 seconds by default and thelatest data overwrites the previous data.

Step 4 Run:dhcp server database recover

The DHCP data in the storage device is restored.

After the dhcp server database recover command is executed, the S7700 restores the DHCPdata in the CF card.

----End

3.3.9 Checking the ConfigurationThis section describes how to verify the configurations of the DHCP server based on the globaladdress pool.

PrerequisiteThe configurations of the DHCP server based on the global address pool are complete.

Procedurel Run the display dhcp server statistics command to view the statistics about the DHCP

server.l Run the display ip pool name ip-pool-name [ low-ip-address high-ip-address | all |

expired | conflict | used ] command to view information about the global address pool.

----End

ExampleRun the display dhcp server statistics command. The similar information is displayed.

<Quidway> display dhcp server statisticsServer Statistics:



56

Client Request: 6 Dhcp Discover: 1 Dhcp Request: 4 Dhcp Decline: 0 Dhcp Release: 1 Dhcp Inform: 0 Server Reply: 4 Dhcp Offer: 1 Dhcp Ack: 3 Dhcp Nak: 0 Bad Messages: 0

Run the display ip pool name ip-pool-name command to view the IP address pool namedhuawei. The similar information is displayed.

<Quidway> display ip pool name huaweiPool-Name : huawei Pool-No : 2 Lease : 3 Days 0 Hours 0 Minutes Domain-name : - DNS-Server0 : 10.10.10.5 DNS-Server1 : 10.10.10.6 NBNS-Server0 : 20.20.20.5 Netbios-type : - Position : Local Status : Unlocked Gateway-0 : 10.10.10.10 Mask : 255.255.255.0 Vpn instance : -- -------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable -------------------------------------------------------------------------- 10.10.10.1 10.10.10.254 253 0 253 0 0 --------------------------------------------------------------------------

3.4 Configuring the DHCP Server Based on the VLANIFInterface Address Pool

If a DHCP server based on a VLANIF interface address pool is configured, all the users goingonline through this interface obtain IP addresses from the VLANIF interface address pool.

3.4.1 Establishing the Configuration TaskBefore configuring the DHCP server based on the interface address pool, familiarize yourselfwith the applicable environment, complete the pre-configuration tasks, and obtain the requireddata. This helps you complete the configuration task quickly and accurately.

Applicable EnvironmentIf the DHCP clients and the DHCP server are on the same network segment, the interface addresspool needs to be configured on the S7700 to allocate IP addresses for the clients, as shown inFigure 3-4.



57

Figure 3-4 Networking diagram for configuring the DHCP server based on the interface addresspool

DHCP Server

Client

Client

Client

The interface address pool takes precedence over the global address pool. If an address pool isconfigured on an interface, the clients connected to the interface obtain IP addresses from theinterface address pool even if a global address pool is configured. On an S7700, only VLANIFinterfaces can be configured with address pools.


Before configuring the DHCP server based on the VLANIF interface address pool, completethe following tasks:

l Ensuring that the link between the DHCP clients and the S7700 works properly and theDHCP clients can communicate with the S7700

l (Optional) Configuring the DNS server

l (Optional) Configuring the NetBIOS server

l Configuring routes from the S7700 to the DNS server and the NetBIOS server (The routesare required only when the servers are configured.)

Data Preparation

Before configuring the DHCP server based on the VLANIF interface address pool, you need thefollowing data.

No. Data

1 Number of the VLANIF interface configured with an address pool, IP address range,IP address lease, IP addresses not to be allocated in the IP address pool (optional),and IP address and MAC address that need to be statically bound (optional)

2 (Optional) Egress gateway of the DHCP clients

3 (Optional) IP address of the DNS server and domain name of the DHCP clients

4 (Optional) IP address of the NetBIOS server and NetBIOS node type of the DHCPclients



58

No. Data

5 (Optional) Code of the customized DHCP option and corresponding ASCII characterstring, hexadecimal numeral, or IP address

3.4.2 Configuring Address Allocation Mode for Interface AddressPool

According to the requirements of clients, you can select the static binding mode or the dynamicallocation mode for the address pool, but you cannot enable the two modes for the same DHCPaddress pool.

ContextThe interface address pool takes precedence over the global address pool.

Procedure




The DHCP function is enabled.





Step 5 Run:dhcp select interface

The S7700 is configured to use the interface address pool.

The interface address pool is actually the network segment to which the interface belongs, andsuch an interface address pool takes effect only on this interface.

Step 6 Run:dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }

The lease of IP addresses is set.

By default, the IP address lease is one day.

Step 7 (Optional) Run:dhcp server excluded-ip-address start-ip-address [ end-ip-address ]



59

The IP addresses that cannot be automatically allocated in the DHCP address pool are configured.

Some IP addresses are reserved for other services, for example, the IP address of the DNS servercannot be allocated to clients. You can run the dhcp server excluded-ip-address command toexclude these IP addresses. If you run the dhcp server excluded-ip-address command multipletimes, you can set multiple IP address ranges that cannot be automatically allocated in the DHCPaddress pool.

Step 8 (Optional) Run:dhcp server static-bind ip-address ip-address mac-address mac-address

An IP address in the address pool is bound to a MAC address.

When a client requires a fixed IP address, bind an idle IP address in the address pool to the MACaddress of the client.

----End

3.4.3 (Optional) Configuring the DNS Service of the VLANIFInterface Address Pool

Each client has a domain name. To enable DHCP clients to communicate by using their domainnames and prevent IP address conflicts, the DHCP server needs to specify domain names forthese clients when allocating IP addresses to them.

Context

On the DHCP server, the dhcp server domain-name command specifies a domain name foreach interface address pool. When allocating IP addresses to clients, the DHCP server also sendsthe domain names to the clients. During domain name resolution, users only need to enter a partof the domain name, and then the system uses a complete domain name for resolution.


Procedure





Step 3 Run:dhcp server domain-name domain-name

The DNS domain name is configured for the DHCP client.

Step 4 Run:dhcp server dns-list ip-address &<1-8>

The DNS server address is configured for the DHCP client.



60

To load balance the traffic and improve the reliability of the network, configure multiple DNSservers. Each address pool can be configured with a maximum of eight DNS servers.

----End

3.4.4 (Optional) Configuring the NetBIOS Service of the VLANIFInterface Address Pool

DHCP clients running on the Microsoft Windows operating system use the Network Basic InputOutput System (NetBIOS) protocol for communication. The NetBIOS server translates hostnames to IP addresses for the clients.


When a DHCP client uses the NetBIOS protocol for communication, the host names must bemapped to IP addresses. Based on the modes of obtaining mapping, NetBIOS nodes are classifiedinto the following types:

l b-node: indicates a node in broadcast mode. This node obtains the mappings in broadcastmode.

l p-node: indicates a node in peer-to-peer mode. This node obtains the mappings bycommunicating with the NetBIOS server.

l m-node: indicates a node in mixed mode, that is, the p-type node with some broadcastfeatures.

l h-node: indicates a node in hybrid mode, that is, a b-type node enabled with the end-to-endcommunication mechanism.

Procedure





Step 3 Run:dhcp server nbns-list ip-address &<1-8>

The NetBIOS server address is configured for the DHCP client.

Each IP address pool can be configured with up to eight NetBIOS server addresses.

Step 4 Run:dhcp server netbios-type { b-node | h-node | m-node | p-node }

The NetBIOS type is set for DHCP clients.

By default, the NetBIOS node type is not specified for DHCP clients.

----End



61

3.4.5 (Optional) Configuring the Customized DHCP Option of theVLANIF Interface Address Pool

DHCP provides various options. To use these options, add them to the attribute list of the DHCPserver manually.

ContextWhen a DHCP client requests an IP address from the DHCP server, the server returns a DHCPReply packet containing the option field.

NOTE

The option command configures basic functions, such as the DNS service, NetBIOS service, and IP addresslease. The system also provides commands to configure these functions separately. These commands takeprecedence over the option command.

Related commands:

l DNS service: dhcp server domain-name and dhcp server dns-list

l NetBIOS service: dhcp server nbns-list and dhcp server netbios-type

l Lease: dhcp server lease


Procedure





Step 3 Run:dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string &<1-10> | ip-address ip-address &<1-8> }

The DHCP option is configured.

After the dhcp server option command is run, the specified option is carried by the DHCPReply packet returned by the DHCP server. Before using this command, ensure that you knowthe functions of the option to be configured. For details on the DHCP options, see RFC 2132.

----End

3.4.6 (Optional) Preventing Repetitive Allocation of an IP AddressTo prevent repetitive IP address allocation, the DHCP server pings the IP address to be allocatedbefore allocating it to a client.




62

After the dhcp server ping command is executed, the DHCP server can prevent repetitive IPaddress allocation. The DHCP server pings an IP address to be allocated. If there is no responseto the ping packet within a certain period, the DHCP server continues to send ping packets tothis IP address until the number of ping packets reaches the maximum value. If there is still noresponse, this IP address is not in use, and the DHCP server allocates the IP address to a client.

Procedure



Step 2 Run:dhcp server ping packet number

The maximum number of ping packets is set.

By default, the maximum number of ping packets to be sent by the S7700 is 0. That is, theS7700 does not ping the IP addresses to be allocated.

Step 3 Run:dhcp server ping timeout milliseconds

The period in which the S7700 waits for the response is set.

By default, the period in which the S7700 waits for the response is 500 ms.

----End

3.4.7 (Optional) Configuring Automatic Saving of DHCP DataYou can configure the S7700 to save DHCP data to the storage device. When a fault occurs, youcan restore data from the storage device.


When the S7700 functions as the DHCP server, you can enable the function of saving DHCPdata so that IP address information is saved to the storage device periodically.

Procedure



Step 2 Run:dhcp server database enable

The S7700 automatically saves DHCP data to the CF card.

After the dhcp server database enable command is executed, the system generates thelease.txt and conflict.txt files in the CF card. The two files save the address lease informationand address conflict information.



63

Step 3 Run:dhcp server database write-delay interval

The interval for saving DHCP data is set.

By default, DHCP data is not automatically saved to CF card. After the S7700 is configured toautomatically save DHCP data, the S7700 saves data every 7200 seconds by default and thelatest data overwrites the previous data.

Step 4 Run:dhcp server database recover

The DHCP data in the storage device is restored.

After the dhcp server database recover command is executed, the S7700 restores the DHCPdata in the CF card.

----End

3.4.8 Checking the ConfigurationThis section describes how to view the configuration of the DHCP server based on the VLANIFinterface address pool.

PrerequisiteThe configurations of the DHCP server based on the VLANIF interface address pool arecomplete.

Procedurel Run the display dhcp server statistics command to view the statistics about the DHCP

server.l Run the display ip pool interface interface-name [ start-ip-address high-ip-address | all |

expired | conflict | used ] command to view information about the interface address pool.

----End

ExampleRun the display dhcp server statistics command. The similar information is displayed.

<Quidway> display dhcp server statisticsServer Statistics:

Client Request: 6 Dhcp Discover: 1 Dhcp Request: 4 Dhcp Decline: 0 Dhcp Release: 1 Dhcp Inform: 0 Server Reply: 4 Dhcp Offer: 1 Dhcp Ack: 3 Dhcp Nak: 0 Bad Messages: 0

Run the display ip pool interface ip-pool-name command to view interface address pool onVLANIF 10. The similar information is displayed.



64

<Quidway> display ip pool interface vlanif10Pool-name : vlanif10 Pool-No : 2 Lease : 1 Days 0 Hours 0 Minutes Domain-name : - DNS-server0 : - NBNS-server0 : - Netbios-type : - Position : Interface Status : Unlocked Gateway-0 : 192.168.10.2 Mask : 255.255.255.0 VPN instance : -- ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 192.168.10.1 192.168.10.254 253 0 253 0 0 0 -----------------------------------------------------------------------------

3.5 Configuring the DHCP Relay AgentBy using a DHCP relay agent, the DHCP clients on a local area network (LAN) can communicatewith the DHCP servers on other network segments, and obtain IP addresses from them. TheDHCP clients on different network segments can also use one DHCP server. This reduces costsand achieves centralized device management.

3.5.1 Establishing the Configuration TaskBefore configuring the DHCP relay agent, familiarize yourself with the applicable environment,complete the pre-configuration tasks, and obtain the required data. This helps you complete theconfiguration task quickly and accurately.

Applicable EnvironmentIf no DHCP server is configured on the local network, the DHCP relay function can be enabledon an S7700 to forward DHCP Request packets to the DHCP servers on other networks. Toensure that the DHCP clients obtain IP addresses, the DHCP server must use a global addresspool, and no address pool can be configured on the interface connected to the DHCP relay agent.



65

Figure 3-5 Network diagram of DHCP relay

SwitchB

DHCP Server100.10.10.1/24Internet

DHCPClient

DHCPClient

DHCPClient

20.20.20.1/24

DHCP Relay

SwitchA


Before configuring the DHCP relay agent, complete the following tasks:

l Configuring the DHCP server

l Configuring a route from the S7700 to the DHCP server

Data Preparation

To configure the DHCP relay agent, you need the following data.

No. Data

1 Name of the DHCP server group

2 IP addresses of the DHCP servers in a DHCP server group

3 Number and IP address of the interface enabled with the DHCP relay function

3.5.2 Configuring DHCP Relay on an InterfaceWhen the network where a DHCP client resides does not have a DHCP server, a DHCP relayagent can be configured to forward the DHCP packets of the client to a DHCP server.



66

ContextNOTE

A DHCP packet is forwarded between a DHCP client and a DHCP server at most 16 times, and then theDHCP packet is discarded.

If DHCP relay is enabled in a super-VLAN, DHCP snooping cannot be enabled in this super-VLAN.

Procedure




DHCP is enabled globally.





NOTE

When configuring an egress gateway address for the address pool on a DHCP server, ensure that this egressgateway address is the same as the egress gateway address of the DHCP relay agent.

Step 5 Run:dhcp select relay

The DHCP relay function is enabled for the VLANIF interface.

----End

Follow-up ProcedureWhen functioning as a DHCP relay agent, the S7700 forwards the DHCP Request packets fromDHCP clients to the DHCP server. After the DHCP relay function is enabled on the VLANIFinterface, set the DHCP server address on the VLANIF interface in either of the following ways:l Configure a destination DHCP server group and bind the group to the interface. For details,

see 3.5.3 Configuring a Destination DHCP Server Group and 3.5.4 Binding anInterface to a DHCP Server Group.

l Run the dhcp relay server-ip ip-address command in the VLANIF interface view toconfigure the destination DHCP server address.

3.5.3 Configuring a Destination DHCP Server GroupGenerally, a DHCP relay agent serves multiple DHCP servers. The DHCP servers that shareone DHCP relay agent can be added to a server group to facilitate server management. TheDHCP server group allocates IP addresses for the users connected to the DHCP relay agent.



67

ContextPerform the following steps on the DHCP relay agent.

Procedure



Step 2 Run:dhcp server group group-name

A DHCP server group is created and the DHCP server group view is displayed.

A maximum of 64 DHCP server groups can be configured globally.

Step 3 Run:dhcp-server ip-address [ ip-address-index ]

A DHCP server is added to the DHCP server group.

Up to 20 DHCP servers can be added to a DHCP server group. If you do not specify the serverindex, the system allocates an idle index to the server.

Step 4 (Optional) Run:vpn-instance vpn-instance-name

A VPN instance is bound to the DHCP server group.

----End

3.5.4 Binding an Interface to a DHCP Server GroupMultiple VLANIF interfaces can be bound to a DHCP server group; however, a VLANIFinterface can belong to only one DHCP server group. That is, the DHCP Request packets on aVLANIF interface can be relayed to only one DHCP server group.

ContextPerform the following steps on the DHCP relay agent.

Procedure





Step 3 Run:dhcp relay server-select group-name

The VLANIF interface is bound to a DHCP server group.



68

You can also run dhcp relay server-ip command to specify a server for the VLANIF interface.

Step 4 (Optional) Run:ip binding vpn-instance vpn-instance-name

A VPN instance is bound to the VLANIF interface.

If a user connected to the S7700 interface is in a private network, bind the interface to a VPNinstance. The bound VPN instance must be the same as the VPN instance bound to the DHCPserver group. For details on binding a VPN instance to a DHCP server group, see 3.5.3Configuring a Destination DHCP Server Group.

----End

3.5.5 (Optional) Configuring the DHCP Relay Agent to Send DHCPRelease Packet

If a user is forcibly disconnected, the IP address of the user needs to be released manually onthe DHCP server.

Context

When the IP address of a user expires, the DHCP server renews the IP address for the user if itdoes not receive the DHCP Release packet. You can configure the DHCP relay agent to activelysend DHCP Release packets to the DHCP server. The DHCP server then releases the expiredIP addresses.

Perform the following steps on the DHCP relay agent.

Procedure



Step 2 (Optional) Run:interface vlanif vlan-id


Step 3 Run:dhcp relay release client-ip-address mac-address [ server-ip-address ]

The DHCP relay agent is configured to send DHCP Release packets to the DHCP server.

l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ]command in the system view:

– If no DHCP server is specified, the DHCP relay agent will send DHCP Release packetsto the servers in all DHCP server groups bound to the DHCP relay interfaces.

– If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets tothe specified DHCP server.

l When you use the dhcp relay release client-ip-address mac-address [ server-ip-address ]command in the VLANIF interface view:



69

– If no DHCP server is specified, the DHCP relay agent will send DHCP Release packetsto all the servers in the DHCP server group bound to this VLANIF interface.

– If a DHCP server is specified, the DHCP relay agent will send DHCP Release packets tothe specified DHCP server.

----End

3.5.6 Checking the ConfigurationAfter the DHCP relay function is configured, you can use commands to view the configurationresult.

PrerequisiteThe DHCP relay configurations are complete.

Procedurel Run the display dhcp relay { all | interface interface-type interface-number } command

to view the DHCP server group on a VLANIF interface and the servers in the DHCP servergroup.

l Run the display dhcp relay statistics command to view packet statistics on the DHCPrelay agent.

l Run the display dhcp server group group-name command to view the DHCP server groupconfiguration.

----End

ExampleRun the display dhcp relay interface interface-type interface-number command to view theDHCP server group on VLANIF 100 and the servers in the DHCP server group. If the similarinformation is displayed, the configuration succeeds.

<Quidway> display dhcp relay interface vlanif 100DHCP relay agent running information of interface Vlanif100 : Server IP address [01] : 10.2.2.3 Gateway address in use : 10.2.2.2

Run the display dhcp relay statistics command. If the similar information is displayed, theconfiguration succeeds.

<Quidway> display dhcp relay statisticsThe statistics of DHCP RELAY: DHCP packets received from clients : 0 DHCP DISCOVER packets received : 0 DHCP REQUEST packets received : 0 DHCP RELEASE packets received : 0 DHCP INFORM packets received : 0 DHCP DECLINE packets received : 0 DHCP packets sent to clients : 0 Unicast packets sent to clients : 0 Broadcast packets sent to clients : 0 DHCP packets received from servers : 0 DHCP OFFER packets received : 0 DHCP ACK packets received : 0 DHCP NAK packets received : 0 DHCP packets sent to servers : 0 DHCP Bad packets received : 0



70

Run the display dhcp server group group-name command to view the configuration of DHCPserver group group1. If the similar information is displayed, the configuration succeeds.

<Quidway> display dhcp server group group1Group-name : group1 (0) Server-IP : 100.10.10.1 (1) Server-IP : 100.10.10.2 Gateway : -- VPN instance : --

3.6 Maintaining DHCPAfter DHCP configurations are complete, you can clear DHCP statistics and monitor DHCPoperation.

3.6.1 Clearing DHCP StatisticsDuring routine maintenance, you can use the reset commands to clear the statistics about thespecified DHCP server group.

Context

CAUTIONDHCP statistics cannot be restored after they are cleared. Exercise caution when running thereset commands.

Procedurel To clear DHCP server statistics, run the reset dhcp server statistics command in the user

view.

l To clear DHCP relay agent statistics, run the reset dhcp relay statistics command in theuser view.

----End

3.6.2 Monitoring DHCP OperationDuring routine maintenance, you can use the following commands in any view to monitor DHCPoperation status.

Procedurel Run the display dhcp relay { all | interface interface-type interface-number } command

to view the DHCP server group on a VLANIF interface and the servers in the DHCP servergroup.

l Run the display dhcp relay statistics command to view packet statistics on the DHCPrelay agent.



71

l Run the display dhcp server group [ group-name ] command to view the servers in theDHCP server group.

----End

3.7 Configuration ExamplesDHCP configuration examples explain the networking requirements, networking diagram,configuration notes, configuration roadmap, and configuration procedure. The configurationexamples involve various usage scenarios of DHCP.

3.7.1 Example for Configuring a DHCP Server Based on the GlobalAddress Pool

This section describes how to configure a global address pool to allocate IP addresses for clientswhen the clients and DHCP server are in the same network segment.

Networking RequirementsAn enterprise has two offices that are in the same network segment. To reduce networkconstruction cost, the enterprise uses one DHCP server to allocate IP addresses for the computersin the two offices.

As shown in Figure 3-6, SwitchA functions as the DHCP server, and SwitchB and SwitchC areuser access switches. A global address pool or an interface address pool can be configured onSwitchA. This section describes how to configure a global address pool. Address pool10.1.1.0/24 consists of two network segments: 10.1.1.0/25 and 10.1.1.128/25. The IP addressesof the VLANIF interfaces on the DHCP server are 10.1.1.1/25 and 10.1.1.129/25.

There are a few computers in network segment 10.1.1.0/25 and the computer locations are fixed.The lease of an IP address in 10.1.1.0/25 is 10 days, the DNS address is 10.1.1.2, no NetBIOSaddress is set, and the IP address of the egress gateway is 10.1.1.126.

There are many computers in network segment 10.1.1.128/25 and the computers are often movedfrom one place to another. The lease of an IP address in 10.1.1.128/25 is 2 days, the DNS addressis 10.1.1.2, the NetBIOS address is 10.1.1.4, and the IP address of the egress gateway is10.1.1.254.



72

Figure 3-6 Networking diagram for configuring the DHCP server based on the global addresspool

DHCPclient

SwtichA

NetBIOSserver

DHCPclient

DNSserver

DHCPclient

DHCPclient

DHCPclient

DHCPclient

VLANIF1010.1.1.1/25

VLANIF2010.1.1.129/25

Network: 10.1.1.0/25 Network: 10.1.1.128/25

GE 1/0/1 GE 1/0/2

DHCP server

SwtichB SwtichC


1. Enable the DHCP server function on SwitchA.2. Create a global address pool on SwitchA and set the attributes of the address pool, including

the range of the address pool, egress gateway, NetBIOS address, and address lease.3. Configure VLANIF interfaces to use the global address pool to allocate IP addresses.


Number and range of the global address pool on SwitchA

NOTE

The following configurations are performed on SwitchA.

Procedure

Step 1 Enable DHCP.<Quidway> system-view[Quidway] dhcp enable

Step 2 Create address pools and set the attributes of the address pools.

# Set the attributes of IP address pool 1, including the address pool range, DNS address, egressgateway address, and address lease.

[Quidway] ip pool 1[Quidway-ip-pool-1] network 10.1.1.0 mask 255.255.255.128[Quidway-ip-pool-1] dns-list 10.1.1.2



73

[Quidway-ip-pool-1] gateway-list 10.1.1.126[Quidway-ip-pool-1] excluded-ip-address 10.1.1.2[Quidway-ip-pool-1] excluded-ip-address 10.1.1.4[Quidway-ip-pool-1] lease day 10[Quidway-ip-pool-1] quit

# Set the attributes of IP address pool 2, including the address pool range, DNS address, egressgateway address, NetBIOS address, and address lease.

[Quidway] ip pool 2[Quidway-ip-pool-2] network 10.1.1.128 mask 255.255.255.128[Quidway-ip-pool-2] dns-list 10.1.1.2[Quidway-ip-pool-2] nbns-list 10.1.1.4[Quidway-ip-pool-2] gateway-list 10.1.1.254[Quidway-ip-pool-2] lease day 2[Quidway-ip-pool-2] quit

Step 3 Set the address allocation mode on the VLANIF interfaces.

# Add GE 1/0/1 to VLAN 10 and GE 1/0/2 to VLAN 20.

[Quidway] vlan batch 10 20[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 10[Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 10[Quidway-GigabitEthernet1/0/1] quit[Quidway] interface gigabitethernet 1/0/2[Quidway-GigabitEthernet1/0/2] port hybrid pvid vlan 20[Quidway-GigabitEthernet1/0/2] port hybrid untagged vlan 20[Quidway-GigabitEthernet1/0/2] quit

# Configure the clients on VLANIF 10 to obtain IP addresses from the global address pool.

[Quidway] interface vlanif 10[Quidway-Vlanif10] ip address 10.1.1.1 255.255.255.128[Quidway-Vlanif10] dhcp select global[Quidway-Vlanif10] quit

# Configure the clients on VLANIF 20 to obtain IP addresses from the global address pool.

[Quidway] interface vlanif 20[Quidway-Vlanif20] ip address 10.1.1.129 255.255.255.128[Quidway-Vlanif20] dhcp select global[Quidway-Vlanif20] quit


Run the display ip pool command on the S7700, and you can view the configuration of the IPaddress pool.

[Quidway] display ip pool ----------------------------------------------------------------------- Pool-name : 2 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : 10.1.1.254 Mask : 255.255.255.128 VPN instance : --

----------------------------------------------------------------------- Pool-name : 1 Pool-No : 2 Position : Local Status : Unlocked Gateway-0 : 10.1.1.126 Mask : 255.255.255.128 VPN instance : --

IP address Statistic



74

Total :250 Used :0 Idle :248 Expired :0 Conflict :0 Disable :2

----End

Configuration FilesConfiguration file of the SwitchA# sysname Quidway# vlan batch 10 20#dhcp enable# ip pool 1 ip pool 2 #ip pool 1 gateway-list 10.1.1.126 network 10.1.1.0 mask 255.255.255.128 excluded-ip-address 10.1.1.2 excluded-ip-address 10.1.1.4 dns-list 10.1.1.2 lease day 10 hour 0 minute 0#ip pool 2 gateway-list 10.1.1.254 network 10.1.1.128 mask 255.255.255.128 dns-list 10.1.1.2 nbns-list 10.1.1.4 lease day 5 hour 0 minute 0#interface Vlanif10 ip address 10.1.1.1 255.255.255.128 dhcp select global #interface Vlanif20 ip address 10.1.1.129 255.255.255.128 dhcp select global #interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 #interface GigabitEthernet1/0/2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 #return

3.7.2 Example for Configuring the DHCP Server Based on theInterface Address Pool

A DHCP server can allocate IP addresses for the clients in the same network segment by usingan interface address pool.

Networking RequirementsA campus has two equipment rooms, which are in different network segments. A switch needsto be configured as a DHCP server to allocate IP addresses for the computers in the twoequipment rooms.



75

The DHCP server is connected to the access switches of the two equipment rooms, and allocatesIP addresses for the computers by using two interface address pools.

As shown in Figure 3-7, SwitchA functions as the DHCP server, and SwitchB and SwitchC arethe access switches. The two VLANIF interface address pools need to be configured on GE1/0/1 and GE 1/0/2 of SwitchA.

Figure 3-7 Networking diagram for configuring a DHCP server based on a VLANIF interfaceaddress pool

DHCPClient

DHCPServer

NetBIOS Server DNS Server 10.1.1.2/2410.1.1.3/24

VLANIF1010.1.1.1/24

VLANIF1110.1.2.1/24

GE1/0/1

GE1/0/2

DHCPClient

DHCPClient

DHCPClient

SwitchA

SwitchC

SwitchB



1. Configure SwitchA as a DHCP server.

2. Create VLANIF interfaces and allocate IP addresses to VLANIF interfaces to determinethe range of address pools.

3. Enable the VLANIF interface address pools.

4. Set the address pool attributes, including the DNS server address, NetBIOS server address,and IP address lease.

Data Preparation


l IP addresses of the interfaces

l DNS server address and NetBIOS server address

l Address lease in the address pool



76

Procedure


Step 2 Add interfaces to VLANs.

# Add GE 1/0/1 to VLAN 10.

[Quidway] vlan batch 10 to 11[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 10[Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 10[Quidway-GigabitEthernet1/0/1] quit

# Add GE 1/0/2 to VLAN 11.

[Quidway] interface gigabitethernet 1/0/2[Quidway-GigabitEthernet1/0/2] port hybrid pvid vlan 11[Quidway-GigabitEthernet1/0/2] port hybrid untagged vlan 11[Quidway-GigabitEthernet1/0/2] quit

Step 3 Allocate IP addresses to VLANIF interfaces.

# Allocate an IP address to VLANIF 10.

[Quidway] interface vlanif 10[Quidway-Vlanif10] ip address 10.1.1.1 24[Quidway-Vlanif10] quit

# Allocate an IP address to VLANIF 11.

[Quidway] interface vlanif 11[Quidway-Vlanif11] ip address 10.1.2.1 24[Quidway-Vlanif11] quit

Step 4 Enable the VLANIF interface address pool.

# Configure the clients on VLANIF 10 to obtain IP addresses from the interface address pool.

[Quidway] interface vlanif 10[Quidway-Vlanif10] dhcp select interface[Quidway-Vlanif10] quit

# Configure the clients on VLANIF 11 to obtain IP addresses from the interface address pool.

[Quidway] interface vlanif 11[Quidway-Vlanif11] dhcp select interface[Quidway-Vlanif11] quit

Step 5 Configure the DNS service and NetBIOS services of the address pool.

# Configure the DNS service and NetBIOS service of VLANIF 10 address pool.

[Quidway] interface vlanif 10[Quidway-Vlanif10] dhcp server domain-name huawei.com[Quidway-Vlanif10] dhcp server dns-list 10.1.1.2[Quidway-Vlanif10] dhcp server nbns-list 10.1.1.3[Quidway-Vlanif10] dhcp server excluded-ip-address 10.1.1.2[Quidway-Vlanif10] dhcp server excluded-ip-address 10.1.1.3[Quidway-Vlanif10] dhcp server netbios-type b-node

Step 6 Set IP address leases of IP address pools.

# Set the IP address lease of VLANIF 10 address pool to 30 days.



77

[Quidway] interface vlanif 10[Quidway-Vlanif10] dhcp server lease day 30[Quidway-Vlanif10] quit

# Set the IP address lease of VLANIF 11 address pool to 20 days.

[Quidway] interface vlanif 11[Quidway-Vlanif11] dhcp server lease day 20[Quidway-Vlanif11] quit


Run the display ip pool interface command on SwitchA to view the configuration of theinterface address pool.

[Quidway] display ip pool interface vlanif10 Pool-Name : vlanif10 Pool-No : 0 Lease : 30 Days 0 Hours 0 Minutes Domain-name : huawei.com DNS-Server0 : 10.1.1.2 NBNS-Server0 : 10.1.1.3 Netbios-type : b-node Position : Interface Status : Unlocked Gateway-0 : 10.1.1.1 Mask : 255.255.255.0 VPN instance : -- ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 10.1.1.1 10.1.1.254 253 0 251 0 0 2 -----------------------------------------------------------------------------[Quidway] display ip pool interface vlanif11 Pool-Name : vlanif11 Pool-No : 1 Lease : 20 Days 0 Hours 0 Minutes Domain-name : - DNS-Server0 : - NBNS-Server0 : - Netbios-type : - Position : Interface Status : Unlocked Gateway-0 : 10.1.2.1 Mask : 255.255.255.0 VPN instance : -- ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 10.1.2.1 10.1.2.254 253 0 253 0 0 0 -----------------------------------------------------------------------------

----End

Configuration FilesConfiguration file of SwitchA# sysname Quidway# vlan batch 10 to 11#dhcp enable#interface Vlanif10 ip address 10.1.1.1 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 10.1.1.2 10.1.1.3 dhcp server dns-list 10.1.1.2 dhcp server netbios-type b-node



78

dhcp server nbns-list 10.1.1.3 dhcp server lease day 30 hour 0 minute 0 dhcp server domain-name huawei.com#interface Vlanif11 ip address 10.1.2.1 255.255.255.0 dhcp select interface dhcp server lease day 20 hour 0 minute 0#interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10#interface GigabitEthernet1/0/2 port hybrid pvid vlan 11 port hybrid untagged vlan 11 #return

3.7.3 Example for Configuring a DHCP Relay AgentWhen the DHCP server and DHCP clients are in different network segments, a DHCP relayagent is required.

Networking RequirementsAn enterprise has multiple offices, which are distributed in different office buildings. The officesin a building belong to the same local area network (LAN), and the buildings belong to differentLANs. The enterprise uses a DHCP server to allocate IP addresses to all clients.

As shown in Figure 3-8, the DHCP clients are in the network segment 20.20.20.0/24 and theDHCP server is in the network segment 100.10.10.0/24. A Switch enabled with DHCP relay isrequired between the clients and server. By using the DHCP relay agent, the DHCP clients canobtain IP addresses from the DHCP server.

The DHCP server and the clients are in different network segments, and an interface-basedaddress pool cannot allocate IP addresses to the clients in different network segments. A globaladdress pool in the network segment 20.20.20.0/24 is required, and the DHCP server must havea reachable route to the network segment 20.20.20.0/24.



79

Figure 3-8 DHCP relay agent networking diagram

SwitchA

DHCP ServerInternet

DHCPClient

DHCPClient

DHCPClient

VLANIF10020.20.20.1/24

VLAN100

GE1/0/1

DHCP Relay

SwitchB

VLANIF20100.10.10.1/24

GE1/0/0


Configure SwitchA as a DHCP relay agent. The configuration roadmap is as follows:

1. Configure a DHCP server group on SwitchA and add SwitchB to the DHCP server group.

2. Enable DHCP relay on VLANIF 100.

3. Bind the DHCP server group to VLANIF 100 and specify the DHCP server for the DHCPrelay agent.

Configure SwitchB as the DHCP server. The configuration roadmap is as follows:

1. Configure a reachable route from the DHCP server to GE 1/0/1 of the DHCP relay agent.

2. Enable the DHCP function on the server. Configure the clients connected to GE 1/0/0 ofthe server to obtain IP addresses from the global address pool.

3. Create a global address pool on the DHCP server to allocate IP addresses to clients.

Data Preparation


l Name of the DHCP server group

l IP address of the DHCP server in the DHCP server group

l Number and IP address of the interface enabled with DHCP relay



80

Procedure

Step 1 Create a DHCP server group and add DHCP servers to the DHCP server group.

# Create a DHCP server group.

<Quidway> system-view[Quidway] dhcp server group dhcpgroup1

# Add DHCP servers to the DHCP server group.

[Quidway-dhcp-server-group-dhcpgroup1] dhcp-server 100.10.10.1[Quidway-dhcp-server-group-dhcpgroup1] quit

Step 2 Enable DHCP relay on the VLANIF interface.

# Create a VLAN and add GE 1/0/1 to the VLAN.

[Quidway] vlan 100[Quidway-Vlan100] quit[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port link-type trunk[Quidway-GigabitEthernet1/0/1] port trunk allow-pass vlan 100[Quidway-GigabitEthernet1/0/1] quit

# Enable DHCP globally, and then enable DHCP Relay on the VLANIF 100 interface.

[Quidway] dhcp enable[Quidway] interface vlanif 100[Quidway-Vlanif100] dhcp select relay [Quidway-Vlanif100] quit

Step 3 Bind a VLANIF interface to a specified DHCP server group.

# Assign an IP address to the VLANIF interface.

[Quidway] interface vlanif 100[Quidway-Vlanif100] ip address 20.20.20.1 24

# Bind the VLANIF interface to a specified DHCP server group.

[Quidway-Vlanif100] dhcp relay server-select dhcpgroup1[Quidway-Vlanif100] quit

Step 4 Configure the DHCP server.


[Quidway] vlan 20[Quidway-Vlan20] quit[Quidway] interface gigabitethernet 1/0/0[Quidway-GigabitEthernet1/0/0] port link-type trunk[Quidway-GigabitEthernet1/0/0] port trunk allow-pass vlan 20[Quidway-GigabitEthernet1/0/0] quit

# Enable the DHCP function and configure the clients connected to VLANIF 20 to obtain IPaddresses from the global address pool.

<Quidway> system-view[Quidway] dhcp enable[Quidway] interface vlanif 20[Quidway-Vlanif20] ip address 100.10.10.1 24[Quidway-Vlanif20] dhcp select global[Quidway-Vlanif20] quit

Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static routefrom the DHCP server to the Switch. Ensure that the route between the DHCP server and networksegment 20.20.20.0/24 is reachable.



81

[Quidway] ip pool 1[Quidway-ip-pool-1] network 20.20.20.0 mask 24[Quidway-ip-pool-1] quit

# Configure a static route from the address pool to the DHCP relay agent to ensure that the DHCPserver has a reachable route to the network segment 20.20.20.0/24.(The configuration procedureis not provided here.)


# Run the display dhcp relay command on SwitchA to view the DHCP relay configuration onthe interface.

[Quidway] display dhcp relay interface vlanif100 DHCP relay agent running information of interface Vlanif100 : Server group name : dhcpgroup1 Gateway address in use : 100.10.10.1

# Run the display ip pool command on SwitchB to view the address pool configuration.

[Quidway] display ip pool ----------------------------------------------------------------------- Pool-Name : 1 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : - Mask : 255.255.255.0 Vpn instance : -- IP address Statistic Total :250 Used :0 Idle :248 Expired :0 Conflict :0 Disable :2

----End

Configuration FilesConfiguration file of SwitchA# sysname Quidway# vlan 100# dhcp enable#dhcp server group dhcpgroup1 dhcp-server 100.10.10.1#interface Vlanif100 ip address 20.20.20.1 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1#interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 100 #return

Configuration file of SwitchB# sysname Quidway# vlan batch 20#dhcp enable #



82

ip pool 1 network 20.20.20.0 mask 255.255.255.0 #interface Vlanif20 ip address 100.10.10.1 255.255.255.0 dhcp select global #interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20 #return

3.7.4 Example for Configuring a DHCP Relay Agent for VPNThis section describes how to configure a DHCP relay agent for a VPN.

Networking RequirementsAn enterprise establishes a VPN for employees to communicate with each other. The DHCPserver is not in the VPN. Users in the VPN need to obtain IP addresses from the DHCP server.

As shown in Figure 3-9, the DHCP clients are located in VPNA, which is in network segment20.20.20.0/24; the DHCP server is located in network segment 10.10.10.0/24. The DHCPpackets need to be relayed by the Switch enabled with the DHCP relay function. The DHCPclients on the VPN then can apply for IP addresses from the DHCP server.

An address pool containing network segment 20.20.20.0/24 is configured on the DHCP server.The DHCP server has a reachable route to 20.20.20.0/24.

Figure 3-9 Networking diagram for configuring the DHCP relay for a VPN

Swtich

DHCP Server：10.10.10.1/24

Internet

VLANIF10020.20.20.1/24

GE1/0/0DHCP Relay：

DHCP Client

vpna

Loopback11.1.1.1/32

Loopback12.2.2.2/32

PE：

VLANIF10110.10.10.2/24

GE1/0/0



83



1. Create a DHCP server group and add a DHCP server to the group.2. Enable DHCP relay on VLANIF 100 so that the Switch functions as the DHCP relay agent.3. Create a VPN instance and bind the DHCP server group and VLANIF interface to the VPN

instance.4. Bind the specified DHCP server group to VLANIF 100 so that the packets passing VLANIF

100 are forwarded to the specified server.

Data Preparation


l Name of the DHCP server group

l IP addresses of the DHCP servers

l Number and IP address of the interface enabled with the DHCP relay function

l Name of the VPN instance that the client belongs to

Procedure

Step 1 Create a DHCP server group and add DHCP server to the group.

# Create a DHCP server group.

<Quidway> system-view[Quidway] sysname Switch[Switch] dhcp server group dhcpgroup1

# Add a DHCP server to the DHCP server group.

[Switch-dhcp-server-group-dhcpgroup1] dhcp-server 10.10.10.1[Switch-dhcp-server-group-dhcpgroup1] quit

Step 2 Enable the DHCP relay function on the VLANIF interface.


[Switch] vlan 100[Switch-Vlan100] quit[Switch] interface gigabitethernet 1/0/0[Switch-GigabitEthernet1/0/0] port link-type trunk[Switch-GigabitEthernet1/0/0] port trunk allow-pass vlan 100[Switch-GigabitEthernet1/0/0] quit

# Enable global DHCP and enable the DHCP relay function on the VLANIF interface.

[Switch] dhcp enable[Switch] interface vlanif 100[Switch-Vlanif100] dhcp select relay[Switch-Vlanif100] quit

Step 3 Create a VPN instance and bind the DHCP server group and VLANIF interface to the VPNinstance.



84

NOTE

The following lists how to create a VPN instance and bind the VPN instance on the Switch in Figure3-9. The configuration procedure is not mentioned here. For details, see the Quidway S7700 Smart RoutingSwitch Configuration Guide - VPN.

# Create a VPN instance.

[Switch] ip vpn-instance vpna[Switch-vpn-instance-vpna] route-distinguisher 1:1[Switch-vpn-instance-vpna] vpn-target 2:2 both[Switch-vpn-instance-vpna] quit

# Bind the DHCP server group to the VPN instance.

[Switch] dhcp server group dhcpgroup1[Switch-dhcp-server-group-dhcpgroup1] vpn-instance vpna[Switch-dhcp-server-group-dhcpgroup1] quit

# Bind the VLANIF interface to the VPN instance.

[Switch] interface vlanif 100[Switch-Vlanif100] ip binding vpn-instance vpna

Step 4 Bind the VLANIF interface to the specified DHCP server group.

# Set the IP address of the VLANIF interface.

[Switch] interface vlanif 100[Switch-Vlanif100] ip address 20.20.20.1 24

# Specify a DHCP server for the VLANIF interface.

[Switch-Vlanif100] dhcp relay server-select dhcpgroup1

Step 5 Configure the DHCP server and PE.

# Configure an IP address pool 20.20.20.0/24 on the DHCP server and configure a static routefrom the DHCP server to the Switch. Ensure that the route between the DHCP server and networksegment 20.20.20.0/24 is reachable.

<Quidway> system-view[Quidway] sysname SERVER[SERVER] ip pool 1[SERVER-ip-pool-1] network 20.20.20.0 mask 255.255.255.0[SERVER-ip-pool-1] gateway-list 20.20.20.1[SERVER-ip-pool-1] quit[SERVER] ip route-static 20.20.20.0 255.255.255.0 10.10.10.2

# Configure the PE connected to the DHCP server and the Switch in Figure 3-9 to be in thesame VPN instance and ensure that the VPN target of the DHCP server corresponds to the VPNtarget of the Switch.

<Quidway> system-view[Quidway] sysname PE[PE] vlan 101[PE-Vlan101] quit[PE] interface gigabitethernet 1/0/0[PE-GigabitEthernet1/0/0] port link-type trunk[PE-GigabitEthernet1/0/0] port trunk allow-pass vlan 101[PE-GigabitEthernet1/0/0] quit[PE] ip vpn-instance vpna[PE-vpn-instance-vpna] route-distinguisher 1:1[PE-vpn-instance-vpna] vpn-target 2:2 both[PE-vpn-instance-vpna] quit[PE] interface vlanif 101[PE-Vlanif101] ip binding vpn-instance vpna



85

[PE-Vlanif101] ip address 10.10.10.2 24[PE-Vlanif101] quit

Step 6 Configure MP-IBGP to exchange VPN routing information.

NOTE

After configuring the routing and MPLS capability between the PE and Switch, configure MP-IBGP toexchange VPN routing information.

# Configure the PE.

[PE] bgp 100[PE-bgp] peer 1.1.1.1 as-number 100[PE-bgp] peer 1.1.1.1 connect-interface loopback 1[PE-bgp] ipv4-family vpnv4[PE-bgp-af-vpnv4] peer 1.1.1.1 enable[PE-bgp-af-vpnv4] quit[PE-bgp] quit

# Configure the Switch.

[Switch] bgp 100[Switch-bgp] peer 2.2.2.2 as-number 100[Switch-bgp] peer 2.2.2.2 connect-interface loopback 1[Switch-bgp] ipv4-family vpnv4[Switch-bgp-af-vpnv4] peer 2.2.2.2 enable[Switch-bgp-af-vpnv4] quit

After the configuration, run the display bgp peer command on the PE, and you can see that theBGP peer relationship between the PEs is in Established state.

[PE] display bgp peer

BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

1.1.1.1 4 100 12 6 0 00:02:21 Established 0


Run the display dhcp relay command on the Switch to view the DHCP relay configuration onthe interface.

[Switch] display dhcp relay interface vlanif100 DHCP relay agent running information of interface Vlanif100 : DHCP server group name : dhcpgroup1 DHCP server IP [0] :10.10.10.1 DHCP server IP [1] :255.255.255.255 DHCP server IP [2] :255.255.255.255 DHCP server IP [3] :255.255.255.255 DHCP server IP [4] :255.255.255.255 DHCP server IP [5] :255.255.255.255 DHCP server IP [6] :255.255.255.255 DHCP server IP [7] :255.255.255.255 DHCP server IP [8] :255.255.255.255 DHCP server IP [9] :255.255.255.255 DHCP server IP [10] :255.255.255.255 DHCP server IP [11] :255.255.255.255 DHCP server IP [12] :255.255.255.255 DHCP server IP [13] :255.255.255.255 DHCP server IP [14] :255.255.255.255 DHCP server IP [15] :255.255.255.255 DHCP server IP [16] :255.255.255.255



86

DHCP server IP [17] :255.255.255.255 DHCP server IP [18] :255.255.255.255 DHCP server IP [19] :255.255.255.255

----End

Configuration FilesConfiguration file of the Switch# sysname Switch# vlan 100# dhcp enable#ip vpn-instance vpna route-distinguisher 1:1 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity#dhcp server group dhcpgroup1 dhcp-server 10.10.10.1 0 vpn-instance vpna #interface Vlanif100 ip binding vpn-instance vpna ip address 20.20.20.1 255.255.255.0 dhcp select relay dhcp relay server-select dhcpgroup1#interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 100#bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface loopback 1 ipv4-family vpnv4 peer 2.2.2.2 enable#return

Configuration file of the DHCP server# sysname SERVER#ip pool 1 network 20.20.20.0 mask 255.255.255.0 gateway-list 20.20.20.1#ip route-static 20.20.20.0 255.255.255.0 10.10.10.2#return

Configuration file of the PE# sysname PE# vlan 101#ip vpn-instance vpna route-distinguisher 1:1 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity#interface Vlanif101 ip binding vpn-instance vpna



87

ip address 10.10.10.2 255.255.255.0#interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 101#bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface loopback 1 ipv4-family vpnv4 peer 1.1.1.1 enable#return



88

4 IP Session Configuration

About This Chapter

This chapter describes the basic principle and configuration of the IP session function andprovides configuration examples.

4.1 Introduction to the IP SessionThis section describes the concepts related to the IP session.

4.2 IP Session Supported by the S7700The S7700 supports the access of IP sessions to Layer 3 sub-interfaces, but does not support theaccess to main interfaces.

4.3 Configuring IP SessionThis section describes how to create an IP session and set related parameters.

4.4 Example for Configuring IP SessionThis section provides an example for configuring the IP Session function.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 4 IP Session Configuration


89

4.1 Introduction to the IP SessionThis section describes the concepts related to the IP session.

IP session, also called DHCP proxy, is an application of the DHCP protocol. It manages DHCPusers.

l The DHCP proxy authenticates and authorizes access users with the local, remote (RADIUSor HWTACACS), and non-authentication policies.

l After the status of access users becomes stable, the DHCP proxy is able to manage thespecified user, for example, carry out accounting for the user again or disconnect the userfrom the network.

Typical Application of IP Session

Figure 4-1 Typical application of IP session

DHCP clients

SwitchB SwitchA

DHCP server

AAA server

As shown in Figure 4-1, SwitchB is the access device of DHCP users, the IP session service isrun on the aggregation switch SwitchA. SwitchA allocates IP addresses to users through theDHCP server, and the AAA server authenticates and authorizes users. Thus the users can beonline once they power on the computer. The DHCP server can be a remote server or a localserver. If a local server is used, it indicates that the S7700 functions as the DHCP server.

NOTE

For the configurations of AAA and user management function on the S7700, see the Quidway S7700 SmartRouting Switch Configuration Guide - Security.

4.2 IP Session Supported by the S7700The S7700 supports the access of IP sessions to Layer 3 sub-interfaces, but does not support theaccess to main interfaces.

NOTE

At present, the IP session function is only supported on the G48VA, S24XA, T24XA, G24CFAT.A board supporting Layer 3 interfaces can be configured with a maximum of 4096 sessions.Trunk sub-interfaces support IP sessions. The member interfaces of a trunk interface cannot be located ondifferent boards or subcards.



90

The S7700 can terminate DHCP packets on sub-interfaces. You can configure a remote DHCPserver or a local DHCP server to allocate IP addresses. You need to configure the IP sessionaccess function on the Layer 3 sub-interface. This indicates that the sub-interface can terminateDHCP packets. In addition, you need to configure the access domain and authentication modefor the users on this sub-interface. After the IP session function is enabled on the interface, thedefault values of other parameters are generated automatically. You can change the parametervalues through commands.l The IP sessions can access sub-interfaces.l The DHCP packets can be sent to the CPU.l The DHCP packets can be processed, for example, parsed and encapsulated.l The users can be authenticated.l The users can be charged based on the online duration.l The ARP probe can be performed for online users.

If a user goes offline abnormally (that is, the user does not request the server to release theaddress), the S7700 can detect this user by performing ARP probe on online users. Thenthe S7700 deletes the data of the offline user to ensure the effective resource usage.

l Users can join multicast groups.After a DHCP user, maybe IPTV terminal, joins a multicast group, the user can receive thevideo data normally.

4.3 Configuring IP SessionThis section describes how to create an IP session and set related parameters.

4.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, and data preparationfor configuring IP session.

Applicable EnvironmentWhen a user connects to the S7700, the S7700 authenticates the user, performs leasemanagement, and forwards data.

NOTE

To make access users go online successfully, you must configure a static route between the egress gatewayand the DHCP server on the S7700. The address of the egress gateway is set according to the actual situationand the configuration of the static route is described in IP Static Route Configuration.

Pre-configuration TasksBefore configuring IP session, complete the following tasks:

l Setting physical parameters of a sub-interfacel Creating a VPN instance

Data PreparationTo configure IP session, you need the following data.



91

No. Data

1 User name and password

2 Name of the user authentication domain

3 VLAN ID on the interface, which cannot bean existing one

4.3.2 Enabling the IP Session FunctionBefore enabling IP session on a sub-interface, you must enable DHCP globally.

Procedure




DHCP is enabled globally.

Step 3 Run:interface interface-type interface-number.subinterface-number

The sub-interface view is displayed.

Currently, the IP session function can be enabled only in other sub-interfaces view except forthe XGE sub-interface.

Step 4 Run:ip-session enable

The IP session function is enabled.

----End

4.3.3 Binding a User Authentication Domain to a Sub-InterfaceIf a user authentication domain is bound to a sub-interface, when a user goes online, theS7700 selects the bound domain to authenticate and authorize the user.

Procedure



Step 2 Run:aaa



92

The AAA view is displayed.

Step 3 Run:domain domain-name

The authentication domain is created.

Step 4 Run:quit

Return to the AAA view.

Step 5 Run:quit

Return to the system view.



Step 7 Run:authentication-domain domain-name

A user authentication domain is bound to the sub-interface. When a user goes online, theS7700 selects the bound domain to authenticate and authorize the user.

By default, the user authentication domain bound to a sub-interface is the global default domain.You can change the domain by running the domain command in the system view.

----End

4.3.4 (Optional) Setting the Format of DHCP User Name and thePassword

The format of the DHCP user name needs to be set in server authentication.

Procedure



Step 2 Run:dhcp user-name format-include { ip-address | mac-address | option82 | sysname }

The format of the DHCP user name and the sequence of elements in the user name are specified.

By default, the DHCP user name is in the following format: system name + "-" + slot ID (twodigits, prefixed 0 if it contains only one digit) + subcard ID (one digit, set to 0 if the subcarddoes not exist) + port number (two digits, prefixed 0 if it contains only one digit) + outer VLANID (four digits, prefixed 0 if it contains less than four digits) + inner VLAN ID (five digits,prefixed 0 if it contains less than five digits) + @ + access domain name, for example,Quidway-02024000000768@domain1.



93

If the user name is generated according to the Option 82 field and the user name contains non-ASCII characters, the non-ASCII characters are displayed as "..." forexample, ...session1@domain1.

Step 3 Run:dhcp user-password { cipher cipher-password | simple simple-password }

The password of DHCP user is set.

By default, the DHCP password is vlan in plain text mode.

----End

4.3.5 (Optional) Configuring the S7700 to Process Option FieldsThrough the IP session function, the S7700 can process the Option 82 field of DHCP messagesand select the service policy according to the Option 60 field.

Procedure





Step 3 Run:dhcp option82 insert enable

The function of appending the Option 82 field to DHCP messages is enabled.

Or, run:

dhcp option82 rebuild enable

The function of forcibly appending the Option 82 field to DHCP messages is enabled.

By default, the S7700 does not process the Option 82 field of DHCP messages.

After the dhcp option82 insert enable or dhcp option82 rebuild enable command is used, theS7700 replaces the Option 82 field of DHCP messages of the online IP session user. The Option82 field is generated according to the configuration and is used for sending DHCP messages tothe remote DHCP server.

Step 4 Run:dhcp service-policy option60

The service policy associated with the service scheme for users going online is configured.

By default, users connected to a sub-interface go online through the service scheme in the domainbound to the sub-interface.

After the dhcp service-policy option60 command is used, the S7700 selects the related servicepolicy according to the Option 60 field in DHCP messages.

----End



94

4.3.6 (Optional) Setting ARP Detection ParametersARP detection is configured on sub-interfaces. If the ARP detection interval is 0, it indicatesthat ARP detection is disabled.

ContextBy using the DHCP protocol, a server leases IP addresses to clients. The clients then need toapply for new IP addresses when the leases expire. In actual applications, the situation that aclient that already has a leased IP address is abnormally disconnected but no release packet issent to the DHCP server is often encountered.

In this case, the S7700 needs to regularly send ARP detection packets to check whether usersremain online. Upon the timeout of the ARP detection, users are disconnected. In addition,DHCP Release packets are constructed and sent to the DHCP server to enable the DHCP serverto release the IP address.

Procedure





Step 3 Run:dhcp user-detect retransmit times interval interval

The interval and number of detection times are set.

By default, the detection interval is 30 seconds and the number of detection timeout times is 5.

----End

4.3.7 (Optional) Setting the Type of a NAS InterfaceWhen a user is being authenticated, the NAS interface type encapsulated in the RADIUS attributeis reported. By default, the NAS interface type is ethernet.

Procedure





Step 3 Run:



95

dhcp nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3-fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }

The NAS interface type is set.

By default, the NAS interface type is ethernet.

----End

4.3.8 (Optional) Binding a VPN Instance to an InterfaceA user can go online only when the VPN instance of the IP address pool through which the userconnects to the VPN is the same as the VPN instance bound to the sub-interface.

Procedure



Step 2 Run:ip vpn-instance vpn-instance-name

The VPN instance is created.

Step 3 Run:quit




Step 5 Run:vpn-instance vpn-instance-name

The VPN instance is bound to the interface.

----End

4.3.9 Checking the ConfigurationThis section describes how to check the configuration of IP session.

PrerequisiteAll configurations of IP session are complete.

Procedurel Run the display session-interface [ interface-type interface-number ] command to check

information about the sub-interface enabled with IP session.

----End



96

4.4 Example for Configuring IP SessionThis section provides an example for configuring the IP Session function.

4.4.1 Example for Configuring IP SessionThis section provides a configuration example of IP session.


As shown in Figure 4-2, STB-A is connected to GE 1/0/1.100 of the Switch; STB-B is connectedto GE 1/0/2.100 of the Switch.

You need to configure IP session on the Switch so that STB-A and STB-B users can be onlineonce they power on STB-A and STB-B.

Figure 4-2 Networking diagram of IPTV

Radius server

DHCP server

Multicast server

Router

Swtich

STB-A STB-B

GE1/0/1.100GE1/0/2.100

10.10.10.10

Loopback020.20.20.20/32



1. Enable global DHCP.2. Enable the IP session function.3. Bind the user authentication domain to a sub-interface.4. Set IP session-related parameters for the sub-interface.



97

5. Configure a DHCP server group.6. Configure an egress gateway.7. Configure a static route.


l Physical parameters on the sub-interfacel VLAN ID of the interfacel Type of the NAS interfacel ARP detection parameterl Name of the DHCP server group: dhcp-groupl Gateway address: 20.20.20.20l IP address of the DHCP server: 10.10.10.10

ContextNOTE

Only IP session-related configurations are involved in this example. The AAA configurations, RADIUSconfigurations, multicast-related configurations, and router-related configurations are not described in thisexample.

Procedure

Step 1 Enable DHCP globally.<Quidway> system-view[Quidway] dhcp enable

Step 2 Enable the IP session function on sub-interfaces.

# Enable the IP session function on GE1/0/1.100.

[Quidway] interface gigabitethernet 1/0/1.100[Quidway-GigabitEthernet1/0/1.100] ip-session enable[Quidway-GigabitEthernet1/0/1.100] quit

# Enable the IP session function on GE1/0/2.100.

[Quidway] interface gigabitethernet 1/0/2.100[Quidway-GigabitEthernet1/0/2.100] ip-session enable[Quidway-GigabitEthernet1/0/2.100] quit

Step 3 Bind user authentication domains to sub-interfaces.

# Bind the user authentication domain stb-a to GE 1/0/1.100.

[Quidway] aaa[Quidway-aaa] domain stb-a[Quidway-aaa-domain-stb-a] quit[Quidway-aaa] quit[Quidway] interface gigabitethernet 1/0/1.100[Quidway-GigabitEthernet1/0/1.100] authentication-domain stb-a[Quidway-GigabitEthernet1/0/1.100] quit

# Bind the user authentication domain stb-b to GE 1/0/2.100.

[Quidway] aaa[Quidway-aaa] domain stb-b



98

[Quidway-aaa-domain-stb-b] quit[Quidway-aaa] quit[Quidway] interface gigabitethernet 1/0/2.100[Quidway-GigabitEthernet1/0/2.100] authentication-domain stb-b[Quidway-GigabitEthernet1/0/2.100] quit

Step 4 Set sub-interface-related parameters on the S7700.

# Set the detection interval to 60s and number of detection times to 8 for GE 1/0/1.100.

[Quidway] interface gigabitethernet 1/0/1.100[Quidway-GigabitEthernet1/0/1.100] control-vid 100 dot1q-termination[Quidway-GigabitEthernet1/0/1.100] dot1q termination vid 100[Quidway-GigabitEthernet1/0/1.100] dhcp user-detect retransmit 8 interval 60[Quidway-GigabitEthernet1/0/1.100] quit

# Set the detection interval to 60s and number of detection times to 8 for GE 1/0/2.100.

[Quidway] interface gigabitethernet 1/0/2.100[Quidway-GigabitEthernet1/0/2.100] control-vid 100 dot1q-termination[Quidway-GigabitEthernet1/0/2.100] dot1q termination vid 100[Quidway-GigabitEthernet1/0/2.100] dhcp user-detect retransmit 8 interval 60[Quidway-GigabitEthernet1/0/2.100] quit

Step 5 Set the format of the DHCP user name to mac-address and the password in simple mode to stb.[Quidway] dhcp user-name format-include mac-address[Quidway] dhcp user-password simple stb

Step 6 Configure a DHCP server group.[Quidway] dhcp server group dhcp-group[Quidway-dhcp-server-group-dhcp-group] dhcp-server 10.10.10.10[Quidway-dhcp-server-group-dhcp-group] gateway 20.20.20.20 [Quidway-dhcp-server-group-dhcp-group] quit

Step 7 Configure an egress gateway.[Quidway] interface loopback 0[Quidway-LoopBack0] ip address 20.20.20.20 32[Quidway-LoopBack0] quit

Step 8 Configure a static route.[Quidway] ip route-static 10.10.10.0 255.255.255.0 NULL 0


# View configuration on GE 1/0/1.100.

<Quidway> display session-interface gigabitethernet 1/0/1.100

Access type : Enable IPSessIF state : Updated Authentication default domain : stb-a Nas port type : ethernet (15) Vpn Instance : User detect interval : 60 (s) User detect retransmit times : 8 Option82 policy : none (0) Service policy : default (0)

# View configuration on GE 1/0/2.100.

<Quidway> display session-interface gigabitethernet 1/0/2.100

Access type : Enable IPSessIF state : Updated Authentication default domain : stb-b Nas port type : ethernet (15) Vpn Instance : User detect interval : 60 (s)



99

User detect retransmit times : 8 Option82 policy : none (0) Service policy : default (0)

----End


# sysname Quidway# dhcp enable#dhcp server group dhcp-group# dhcp user-name format-include mac-address dhcp user-password simple stb#dhcp server group dhcp-group dhcp-server 10.10.10.10 0 gateway 20.20.20.20#aaa domain stb-a domain stb-b#interface GigabitEthernet1/0/1.100 ip-session enable authentication-domain stb-a dhcp user-detect retransmin 8 interval 60 control-vid 100 dot1q-termination dot1q termination vid 100#interface GigabitEthernet1/0/2.100 ip-session enable authentication-domain stb-b dhcp user-detect retransmin 8 interval 60 control-vid 100 dot1q-termination dot1q termination vid 100#interface NULL0#interface LoopBacl0 ip address 20.20.20.20 255.255.255.255# ip route-static 10.10.10.0 255.255.255.0 NULL0#return



100

5 DHCPv6 Configuration

About This Chapter

Currently, the S7700 can function as only the DHCP relay agent on IPv6 networks. Thisdocument describes how to configure Dynamic Host Configuration Protocol for IPv6 (DHCPv6)relay.

5.1 Introduction to DHCPv6DHCPv6 is designed for IPv6 addressing and is used to allocate IPv6 addresses and othernetwork configuration parameters to hosts.

5.2 DHCPv6 Features Supported by the S7700Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as theDHCPv6 server or client.

5.3 Configuring DHCPv6 RelayWhen the DHCPv6 client and the DHCPv6 server are on different links, you need to deployDHCPv6 relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, theDHCPv6 relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client andthe DHCPv6 server.

5.4 Maintaining DHCPv6This section describes how to clear the statistics about DHCPv6 messages passing through theDHCPv6 relay agent and monitor the running status of the DHCPv6 relay agent.

5.5 Configuration ExamplesThis section provides a configuration example of DHCPv6 relay.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 5 DHCPv6 Configuration


101

5.1 Introduction to DHCPv6DHCPv6 is designed for IPv6 addressing and is used to allocate IPv6 addresses and othernetwork configuration parameters to hosts.

Advantages of Addresses Allocated by DHCPv6Compared with other IPv6 address allocation modes (manual configuration and stateless addressauto-configuration through the network prefix in router advertisement messages), DHCPv6 hasthe following advantages:l Controls address allocation better. The device enabled with DHCPv6 can record the address

allocated to the host and allocate a special address to the specified host. This facilitatesnetwork management.

l Provides network configuration parameters including the IP address of the DNS server andthe domain name for hosts in addition to IPv6 addresses.

Basic Concepts of DHCPv6l Multicast address

In DHCPv6, the client does not need to be configured with the IP address of the DHCPv6server. Instead, the client locates the DHCPv6 server by sending Solicit messages whosedestination address is a multicast address.DHCPv6 uses the following multicast addresses:– FF02::1:2 (All_DHCP_Relay_Agents_and_Servers): indicates the multicast address of

all the DHCP servers and relay agents. The address is the link-scoped multicast addressand is used for communication between a DHCP client and its neighboring server orrelay agent on the link. All the DHCP servers and relay agents are members of themulticast group.

– FF05::1:3 (All_DHCP_Servers): indicates the multicast address of all the DHCPservers. The address is the site-scoped address and is used for communication betweenDHCP relay agents and DHCP servers within a site. All DHCP servers within a site aremembers of this multicast group.

l UDP port numberDHCPv6 messages are transmitted through UDPv6. DHCP clients listen on port 546 forDHCP messages, and DHCP servers and relay agents listen on port 547 for DHCPmessages.

l DUIDThe DHCP Unique Identifier (DUID) identifies a DHCPv6-enabled device including theDHCPv6 client and is used for verification between DHCPv6-enabled devices.The S7700 uses the DUID Based on hardware type, Link-layer Address and Time (DUID-LLT) to identify DHCPv6-enabled devices.Figure 5-1 shows the format of the DUID-LLT.



102

Figure 5-1 DUID-LLT format

0 3115

DUID type Hardware type

Time

Link layer address

– DUID type: The value of the DUID type is 0x0001.– Hardware type: The hardware type supported by the device is Ethernet and the value is

0x0006.– Time: time when the DUID is generated. Before the DUID is generated, the system time

must be configured or the clock source is available.– Link layer address: The value is the link layer address of any interface. The interface

has a unique link layer address. The link layer address is the MAC address.

5.2 DHCPv6 Features Supported by the S7700Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as theDHCPv6 server or client.

Typical Networking of DHCPv6Figure 5-2 shows a typical networking of DHCPv6. The DHCPv6 client communicates withthe DHCPv6 server through the link-scoped multicast address to obtain the IPv6 address andother network configuration parameters. If the DHCPv6 server and the DHCPv6 client arelocated on different links, the DHCPv6 relay agent is required to forward messages. In this case,you do not need to deploy a DHCPv6 server on each link. The costs are thus saved andconcentrated management is implemented easily.



103

Figure 5-2 Typical networking of DHCPv6

DHCPv6 client DHCPv6 client


DHCPv6 relay agent

DHCPv6 server

IPv6 network

NOTE

Currently, the S7700 supports only the DHCPv6 relay function, and cannot function as the DHCPv6 serveror client.

DHCPv6 Relay Function Supported by the S7700l Forwards messages from DHCPv6 clients.

If the S7700 is the first-hop DHCPv6 relay agent, it receives DHCPv6 messages fromDHCPv6 clients. Then the S7700 resolves, encapsulates, and forwards the receivedDHCPv6 messages.

l Forwards messages from DHCPv6 relay agents.

If the S7700 is the non-first-hop DHCPv6 relay agent, it receives DHCPv6 messages fromDHCPv6 relay agents. Then the S7700 resolves, encapsulates, and forwards the receivedDHCPv6 messages.

l Forwards messages from DHCPv6 servers.

If the S7700 is the last-hop DHCPv6 relay agent, it receives DHCPv6 messages fromDHCPv6 servers. Then the S7700 resolves, encapsulates, and forwards the receivedDHCPv6 messages.

l Appends the remote ID.

The S7700 can append or forcibly append the remote ID in Relay-Forward messages.

l Limits the rate of DHCPv6 messages to be forwarded.

To prevent a large number of messages of clients or relay agents from attacking the device,the S7700 can limit the rate of DHCPv6 messages to be forwarded. An alarm is generatedwhen the number of discarded packets exceeds the threshold.

l Collects statistics on forwarded DHCPv6 messages.

If the S7700 is enabled with the DHCPv6 relay function, the S7700 collects statistics onDHCPv6 messages passing through the DHCP relay agent.



104

5.3 Configuring DHCPv6 RelayWhen the DHCPv6 client and the DHCPv6 server are on different links, you need to deployDHCPv6 relay agents between the DHCPv6 client and the DHCPv6 server. In this manner, theDHCPv6 relay agents transmit DHCPv6 messages exchanged between the DHCPv6 client andthe DHCPv6 server.

5.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, and data preparationfor configuring DHCPv6 relay.


When the DHCPv6 client applies to the DHCPv6 server on a different link for the IP address,you need to deploy relay agents between the DHCPv6 client and the DHCPv6 server. In thismanner, the relay agents transmit DHCPv6 messages exchanged between the DHCPv6 clientand the DHCPv6 server.


Before configuring DHCPv6 relay, complete the following tasks:

l Configuring the DHCPv6 server

l Configuring the route between the S7700 and DHCPv6 server

Data Preparation

To configure DHCPv6 relay, you need the following data.

No. Data

1 Type and number of the interface where DHCPv6 relay is enabled (the interface typeis VLANIF)

2 Type and number of the interface where the function of appending the remote ID toDHCPv6 relay messages is enabled (the interface type can be Ethernet, GE, orXGE)

3 (Optional) Maximum transmission rate of DHCPv6 messages and alarm threshold ofthe number of DHCPv6 messages discarded

5.3.2 Enabling the DHCPv6 Relay FunctionYou can enable the DHCPv6 relay function on a VLANIF interface of the S7700, set the IPv6address of the DHCPv6 server or the next hop relay agent, and specify the outbound interfaceof relay messages.



105


system-view



DHCP is enabled.

Step 3 Run:ipv6

The IPv6 packet forwarding capability is enabled.



Step 5 Run:ipv6 enable

The IPv6 capability is enabled on the interface.

Step 6 Run:ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

The IPv6 address is configured on the interface.

Step 7 Run:dhcpv6 relay destination ipv6-address [ interface interface-type interface-number ]

The DHCPv6 relay function is enabled on the VLANIF interface, the IPv6 address of theDHCPv6 server or the next hop relay agent is set, and the outbound interface of relay messagesis specified.

By default, the DHCPv6 relay function is disabled on a VLANIF interface.

l If the configured IPv6 address is a global address or a site address, the outbound interfacedoes not need to be specified. The DHCPv6 server sends the relay messages to the IPv6address by searching for a route.

l If the configured IPv6 address is a local address or a multicast address, the outbound interfaceof the DHCPv6 server or the next hop relay agent needs to be specified.

On the S7700, up to eight interfaces can be enabled with the DHCPv6 relay function and eachinterface can be configured with up to eight destination addresses.

----End

5.3.3 (Optional) Configuring the Remote IDThe remote ID carries information about a client and identifies a client.

ContextThe DHCPv6 server can make decisions about address allocation, parameter setting, and prefixagent according to the remote ID. The format of the remote ID is defined by the vendor. Usually,



106

the remote ID carries the phone number and user name in a dial-up connection, or the peer IPaddress and access interface in a point-to-point connection. Currently, a remote ID can containa maximum of 247 bytes.

When the S7700 functions as the DHCPv6 relay agent, it processes the remote ID as follows:l The S7700 directly receives messages from DHCPv6 clients. When constructing a Relay-

Forward message, the S7700 adds the remote ID to the Relay-Forward message accordingto the configuration.

l If the Relay-Reply message received by the S7700 from the DHCPv6 server contains theremote ID, the S7700 removes the remote ID from the Relay-Reply message beforeforwarding it to DHCPv6 clients or other relay agents.

Procedure



Step 2 Run:dhcpv6 remote-id format { default | user-defined text }

The format of the remote ID in DHCPv6 messages is set.

By default, the default format of the remote ID in DHCPv6 messages is used.

Step 3 Run:interface interface-type interface-number

The interface view is displayed.

The interface can be an Ethernet interface, a GE interface or an XGE interface.

Step 4 Run:dhcpv6 remote-id insert enable

The function of appending the remote ID to DHCPv6 relay messages is enabled.

Or, run:

dhcpv6 remote-id rebuild enable

The function of forcibly appending the remote ID to DHCPv6 relay messages is enabled.

l After the dhcpv6 remote-id insert enable command is used, if the original DHCPv6messages do not carry the remote ID, the S7700 appends the remote ID to the DHCPv6messages. If the original DHCPv6 messages carry the remote ID, the S7700 sends the DHCPmessages directly.

l After the dhcpv6 remote-id rebuild enable command is used, if the original DHCPv6messages do not carry the remote ID, the S7700 appends the remote ID to the DHCPv6messages. If the original DHCPv6 messages carry the remote ID, the S7700 deletes theoriginal remote ID from the DHCP messages and appends a new remote ID to the DHCPmessages.

If you run the dhcpv6 remote-id insert enable and dhcpv6 remote-id rebuild enablecommands simultaneously on an interface, the command that you run later takes effect.

----End



107

5.3.4 (Optional) Configuring Rate Limit of DHCPv6 MessagesTo prevent a large number of messages of clients or relay agents from attacking the device, theS7700 can limit the rate of DHCPv6 messages to be forwarded.

ContextAfter rate limit of DHCPv6 messages is enabled, excessive DHCPv6 messages are discardedwhen the rate of DHCPv6 messages exceeds the limit. When the number of discarded DHCPv6messages exceeds the threshold, the S7700 supports the log function.

Procedure




DHCP is enabled.

Step 3 Run:dhcpv6 packet-rate packet-rate

Rate limit of DHCPv6 messages is enabled and the maximum transmission rate of DHCPv6messages is set.

By default, rate limit of DHCPv6 messages is disabled on the S7700.

Step 4 Run:dhcpv6 packet-rate drop-alarm enable

The alarm function for DHCPv6 messages discarded when the rate of DHCPv6 messagesexceeds rate limit.

After the log function is enabled, if the number of DHCPv6 messages that pass through theS7700 every second exceeds the rate limit, they are discarded. By default, S7700 sends logswhen the number of discarded DHCPv6 messages exceeds 100.

Step 5 Run:dhcpv6 packet-rate drop-alarm threshold threshold

The log threshold for DHCPv6 messages discarded is set when the rate of DHCPv6 messagesexceeds rate limit.

----End

5.3.5 Checking the ConfigurationThis section describes how to check the configuration of DHCPv6 relay.

PrerequisiteThe configurations of DHCPv6 relay are complete.



108

Procedurel Run the display dhcpv6 relay [ interface interface-type interface-number ] command to

check the configuration about the interface enabled with the DHCPv6 relay function.

Currently, the interface type can only be the VLANIF interface.l Run the display dhcpv6 relay statistics [ interface interface-type interface-number ]

command to check the statistics about DHCPv6 messages passing through the DHCPv6relay agent.

Currently, the interface type can only be the VLANIF interface.

----End

5.4 Maintaining DHCPv6This section describes how to clear the statistics about DHCPv6 messages passing through theDHCPv6 relay agent and monitor the running status of the DHCPv6 relay agent.

5.4.1 Clearing the Statistics About DHCPv6 Messages PassingThrough the DHCP Relay Agent

If the S7700 is enabled with the DHCPv6 relay function, the system collects statistics aboutDHCPv6 messages passing through the DHCP relay agent. To clear the statistics about DHCPv6messages passing through the DHCPv6 relay agent, you can use the command in the user viewor system view.

Context

CAUTIONStatistics cannot be restored after being cleared. So, confirm the action before you use thecommand.

Procedurel Run the reset dhcpv6 relay statistics [ interface interface-type interface-number ]

command to clear the statistics about DHCPv6 messages passing through the DHCPv6relay agent.

The interface must be the VLANIF interface. If no interface is specified, all the statisticsabout DHCPv6 messages are cleared. If the interface is specified, the statistics aboutDHCPv6 messages on the specified interface are cleared.

----End

5.4.2 Monitoring the Running Status of the DHCPv6 Relay AgentThis section describes how to use the display commands to monitor the running status of theDHCPv6 relay agent.



109

Procedurel Run the display dhcpv6 relay [ interface interface-type interface-number ] command to

check the configuration about the interface enabled with the DHCPv6 relay function.l Run the display dhcpv6 relay statistics [ interface interface-type interface-number ]

command to check the statistics about DHCPv6 messages passing through the DHCPv6relay agent.

----End

5.5 Configuration ExamplesThis section provides a configuration example of DHCPv6 relay.

5.5.1 Example for Configuring DHCPv6 RelayThis section provides a configuration example of DHCPv6 relay.

Networking RequirementsAs shown in Figure 5-3, the DHCPv6 client address is 2000::/64 and the DHCPv6 server addressis 3000::3/64. The DHCPv6 client and the DHCPv6 server are on different links; therefore, aDHCPv6 relay agent is required to forward DHCPv6 messages.

It is required that the Switch should function as the DHCPv6 relay agent to forward DHCPv6messages exchanged between the DHCPv6 client and the DHCPv6 server. In addition, theSwitch functions as the gateway device of the network at 2000::/64. By specifying the M flagbit and O flag bit in RA messages, hosts on the network are enabled to obtain IPv6 addressesand other network configuration parameters through DHCPv6.

Figure 5-3 Networking for configuring DHCPv6 relay



DHCPv6 relay agentDHCPv6 server

SwitchGE1/0/1VLANIF102000::1/64

GE1/0/2VLANIF203000::1/64

3000::3/64


1. Enable DHCP.



110

2. Create VLANIF interfaces and set IPv6 addresses of the VLANIF interfaces.3. Enable the DHCPv6 relay function and set the DHCPv6 server address.4. Configure the Switch as the gateway.


l IPv6 addresses of the interfacesl IP address of the DHCPv6 server

Procedure


Step 2 Add interfaces to VLANs.

# Add GigabitEthernet1/0/1 to VLAN 10.


# Add GigabitEthernet1/0/2 to VLAN 20.


Step 3 Set IPv6 addresses of VLANIF interfaces.

# Enable the IPv6 packet forwarding function.

[Quidway] ipv6

# Set the IPv6 address of VLANIF 10.

[Quidway] vlan batch 10 20[Quidway] interface vlanif 10[Quidway-Vlanif10] ipv6 enable[Quidway-Vlanif10] ipv6 address 2000::1 64[Quidway-Vlanif10] quit

# Set the IPv6 address of VLANIF 20.

[Quidway] interface vlanif 20[Quidway-Vlanif20] ipv6 enable[Quidway-Vlanif20] ipv6 address 3000::1 64[Quidway-Vlanif20] quit

Step 4 Enable the DHCPv6 relay function.

# Enable the DHCPv6 relay function on VLANIF 10 and set the IP address of the DHCPv6server.

[Quidway] interface vlanif 10[Quidway-Vlanif10] dhcpv6 relay destination 3000::3

Step 5 Configure the Switch as the gateway.



111

# Configure the Switch to send RA messages and configure M and O flag bits.[Quidway-Vlanif10] undo ipv6 nd ra halt[Quidway-Vlanif10] ipv6 nd autoconfig managed-address-flag[Quidway-Vlanif10] ipv6 nd autoconfig other-flag[Quidway-Vlanif10] quit


Run the display dhcpv6 relay command on the Switch, and you can view the configuration ofDHCPv6 relay.[Quidway] display dhcpv6 relay Interface Mode Destination------------------------------------------------------------------Vlanif10 Relay 3000::3 ------------------------------------------------------------------

Run the display dhcpv6 relay statistics on the Switch, and you can view the statistics aboutDHCP messages passing through the DHCPv6 relay agent.[Quidway] display dhcpv6 relay statisticsMessageType Receive Send Error Solicit 0 0 0 Advertise 0 0 0 Request 0 0 0 Confirm 0 0 0 Renew 0 0 0 Rebind 0 0 0 Reply 0 0 0 Release 0 0 0 Decline 0 0 0 Reconfigure 0 0 0 Information-request 0 0 0 Relay-forward 0 0 0 Relay-reply 0 0 0 UnknownType 0 0 0

----End

Configuration FilesConfiguration file of the Switch# sysname Quidway# vlan batch 10 20# ipv6 #dhcp enable#interface Vlanif10 ipv6 enable ipv6 address 2000::1/64 undo ipv6 nd ra halt ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag dhcpv6 relay destination 3000::3 #interface Vlanif20 ipv6 enable ipv6 address 3000::1/64 #interface GigabitEthernet1/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10#



112

interface GigabitEthernet1/0/2 port hybrid pvid vlan 20 port hybrid untagged vlan 20#return



113

6 IP Performance Configuration

About This Chapter

This chapter describes the basic concepts of IP performance, and provides configurationprocedures and examples of IP performance.

6.1 Introduction to IP PerformanceOn certain networks, you need to change IP parameters to optimize the performance of networks.Here, IP performance parameters supported by the S7700 are described.

6.2 IP Performance Supported by the S7700This section describes the IP Performance features supported by the S7700.

6.3 Optimizing IP PerformanceThis section describes how to optimize IP performance of a certain network by setting IPperformance parameters.

6.4 Maintaining IP PerformanceThis section describes how to maintain IP performance.

6.5 Configuration ExamplesThis section provides several configuration examples of IP performance.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 6 IP Performance Configuration


114

6.1 Introduction to IP PerformanceOn certain networks, you need to change IP parameters to optimize the performance of networks.Here, IP performance parameters supported by the S7700 are described.

6.2 IP Performance Supported by the S7700This section describes the IP Performance features supported by the S7700.

The S7700 supports the following IP performance parameters that can be changed:l Sending of Internet Control Message Protocol (ICMP) host unreachable packetsl Sending of ICMP redirection packetsl Sending ICMP Port Unreachable packetsl Discarding the ICMP packets whose TTL values are 1l Discarding the ICMP packets that carry optionsl Discarding ICMP Destination Unreachable packetsl Load balancing mode of IP packet forwarding

NOTEOn the S7700, you can set the load balancing mode for only the packets sent by the CPU.

l Timeout interval of the TCP FIN-Wait timerl Timeout interval of the TCP SYN-Wait timerl Size of the packet receive or transmit buffer of the connection-oriented socketl Forcible fragmentation of packets on an interface at the outbound directionl Statistics on Transmission Control Protocol (TCP), IP, User Datagram Protocol (UDP),

and socket monitor traffic

6.3 Optimizing IP PerformanceThis section describes how to optimize IP performance of a certain network by setting IPperformance parameters.

6.3.1 Establishing the Configuration Task

Applicable EnvironmentOn certain networks, you need to change IP performance parameters to optimize theperformance. To optimize the performance, you need to set parameters.

Pre-configuration TasksBefore optimizing IP performance, complete the following tasks:

l Connecting interfaces and setting physical parameters of the interfaces to ensure that thephysical layer of the interfaces is in the Up state



115

l Setting parameters of the link layer protocol for the interfaces to ensure that the status ofthe link layer protocol on the interfaces is Up

l Assigning IP addresses to interfacesl Configuring access control lists (ACLs)

Data PreparationTo optimize IP performance, you need the following data.

No. Data

1 Number of the interface on which the Don't Fragment (DF) field of packets needs tobe deleted

2 Number of the interface on which ICMP redirection and ICMP host unreachable needto be configured

3 Timeout interval of the TCP SYN-Wait timer, timeout interval of the TCP FIN-Waittimer, receive or transmit buffer of the socket

6.3.2 Enabling an Interface to Check the Source IP Addresses ofPackets

ContextDo as follows on the S7700.

Procedure



Step 2 Run:vlan vlan-id

A VLAN is created.

Step 3 Run:quit




Step 5 Run:ip verify source-address

The interface is enabled to check the source IP addresses.



116

The S7700 only checks the source IP addresses of the packets sent from the interface to the CPU.

----End

6.3.3 Configuring Forcible Fragmentation of Outgoing Packets onan Interface

Context

Do as follows on the S7700.

Procedure



Step 2 Run:vlan vlan-id

A VLAN is created.

Step 3 Run:quit




NOTE

The DF field is deleted from the packet sent from an interface; therefore, you need to configure this functionon an outgoing interface.

Step 5 Run:clear ip df

The interface is configured to delete the DF field.

By default, outgoing packets are not fragmented forcibly on an interface.

----End

6.3.4 Setting ICMP Parameters

Context

By default, the S7700 is enabled to send ICMP redirection packets and ICMP host unreachablepackets. The fast ICMP reply function is disabled on a S7700.



117

CAUTIONl If the S7700 is disabled from sending ICMP redirection packets, the S7700 does not send

ICMP redirection packets in any case.

l If the S7700 is disabled from sending ICMP host unreachable packets, the S7700 does notsend ICMP host unreachable packets in any case.


Procedure



Step 2 Run:icmp-reply fast

The fast ICMP reply function is enabled.

NOTE

After the fast ICMP reply function is enabled on the S7700, the S7700 can respond to ICMP Echo requestpackets quickly in the following situations:

l The S7700 does not have the ARP entry of the device that initiates the ping. However, the S7700 cannotlearn the ARP entry of this device in this case.

l The S7700 does not have a route to the device that initiates the ping.

l The checksum of the received ICMP Echo request packet is incorrect.

Step 3 Run:icmp ttl-exceeded drop { slot slot-id | all }

The LPU is configured to discard the ICMP packets whose TTL values are 1.

Step 4 Run:icmp with-options drop { slot slot-id | all }

The LPU is configured to discard the ICMP packets that carry options.

Step 5 Run:icmp unreachable drop

The S7700 is configured to discard the ICMP Destination Unreachable packets.

Step 6 Run:icmp port-unreachable send

The S7700 is configured to send ICMP Port Unreachable packets.

Step 7 Run:icmp host-unreachable send

The S7700 is configured to send ICMP Host Unreachable packets.



118

NOTE

The relationship between the icmp host-unreachable send (system view) and the icmp host-unreachablesend (interface view) commands are as follows:

l When the S7700 is disabled from sending ICMP Host Unreachable packets, all the interfaces of theS7700 do not send the ICMP Host Unreachable packets even if you run the undo icmp host-unreachablesend (interface view) command in the interface view.

l When the S7700 is enabled to send ICMP Host Unreachable packets, all the interfaces of the S7700 cansend ICMP Host Unreachable packets, which conforms to the default setting. In this case, you can run theundo icmp host-unreachable send (interface view) command to disable a specified interface from sendingthe ICMP Host Unreachable packets.



Step 9 Run:icmp redirect send

The interface is enabled to send ICMP redirection packets.

Step 10 Run:icmp host-unreachable send

The interface is enabled to send ICMP host unreachable packets.

----End

6.3.5 Setting TCP Parameters

ContextYou can set the following TCP parameters:

l SYN-Wait timer: When sending packets with the SYN flag, TCP starts the SYN-Wait timer.If no response is received before the SYN-Wait timer expires, the TCP connection ends.The timeout interval of the TCP SYN-Wait timer is an integer that ranges from 2 to 600,in seconds. By default, the value is 75s.

l FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 toFIN_WAIT_2, the FIN-Wait timer is enabled. If no packet with the FIN flag is receivedbefore the FIN-Wait timer expires, the TCP connection ends. The timeout interval of theTCP FIN-Wait timer is an integer that ranges from 76 to 3600, in seconds. By default, thevalue is 675s.

l Size of the packet receive or transmit buffer: The value is an integer that ranges from 1 to32, in Kbytes. By default, the value is 8 Kbytes.

If you run the tcp window command repeatedly in the same system view, the latest configurationoverrides the previous configuration.


Procedure




119


Step 2 Run:tcp timer syn-timeout interval

The timeout interval of the TCP SYN-Wait timer is set.

Step 3 Run:tcp timer fin-timeout interval

The timeout interval of the TCP FIN-Wait timer (FIN_WAIT_2) is set.

Step 4 Run:tcp window window-size

The size of the packet receive or transmit buffer is set.

----End

6.3.6 (Optional) Setting the Load Balancing Mode of IP PacketForwarding

ContextNOTE

Currently, the S7700 supports only the flow-based load balancing.

When flow-based load balancing mode is adopted, the S7700 performs the Hash algorithm basedon the protocol type, source IP address and mask, destination IP address and mask, source portnumber, and destination port number, and then selects a route for forwarding packets accordingto the Hash value.

By default, the flow-based load balancing mode is adopted.


Procedure



Step 2 Run:load-balance flow [ all | slot slot-id ]

The load balancing mode is configured for IP packet forwarding.

NOTE

The value of slot-id can only be 0. That is, on the S7700, you can set the load balancing mode for only thepackets sent by the CPU.

----End



120

6.3.7 Checking the Configuration

PrerequisiteThe configurations of optimizing IP performance are complete.

Procedurel Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ip-

address ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remote-port-number ] ] command to check the TCP connection status.

l Run the display tcp statistics command to check the statistics on TCP traffic.

l Run the display udp statistics command to check the statistics on UDP traffic.

l Run the display ip statistics command to check the statistics on IP traffic.

l Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-typesocket-type ] command to check information about the created IPv4 socket.

l Run the display icmp statistics command to check the statistics on ICMP traffic.

l Run the display rawlink statistics command to check the Rawlink statistics.

l Run the display fib [ slot-id ] command to check the Forwarding Information Base (FIB)table on the Line Processing Unit (LPU).

l Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] commandto check information about the FIB table.

l Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ]command to check information about the FIB entries that match ACL rules in a certainformat.

l Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interface-number command to check information about the FIB entries with the outgoing interfaceas a specified interface.

l Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name[ verbose ] command to check information about the FIB entries that match a specified IPprefix list.

l Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1[ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIBentries that match destination IP addresses in a specified range.

l Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address commandto check information about the FIB entries that match the specified next hop address.

l Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command tocheck the total number of FIB entries.

----End

6.4 Maintaining IP PerformanceThis section describes how to maintain IP performance.



121

6.4.1 Clearing IP Performance Statistics

Context

CAUTIONThe statistics on IP, TCP, or UDP traffic cannot be restored after you clear them. So, confirmthe action before you use the command.

Procedurel Run the reset ip statistics [ interface interface-type interface-number ] command in the

user view to clear the statistics on IP traffic.l Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the

user view to clear the information about the socket monitor.l Run the reset tcp statistics command in the user view to clear the statistics on TCP traffic.l Run the reset udp statistics command in the user view to clear the statistics on UDP traffic.l Run the reset rawlink statistics command in the user view to clear the Rawlink statistics.

----End

6.4.2 Monitoring the Running Status of IP Performance

ContextIn routine maintenance, you can run the following command in any view to view the runningstatus of IP performance.

Procedurel Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ip-

address ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remote-port-number ] ] command to check the TCP connection status.

l Run the display tcp statistics command to check the statistics on TCP traffic.l Run the display udp statistics command to check the statistics on UDP traffic.l Run the display ip statistics command to check the statistics on IP traffic.l Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type

socket-type ] command to check information about the created IPv4 socket.l Run the display icmp statistics command to check the statistics on ICMP traffic.l Run the display rawlink statistics command to check the Rawlink statistics.l Run the display fib [ slot-id ] command to check the FIB table on the LPU.l Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] [ verbose ] command

to check information about the FIB table.l Run the display fib [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ]

command to check information about the FIB entries that match ACL rules in a certainformat.



122

l Run the display fib [ vpn-instance vpn-instance-name ] interface interface-type interface-number command to check information about the FIB entries with the outgoing interfaceas a specified interface.

l Run the display fib [ vpn-instance vpn-instance-name ] ip-prefix prefix-name[ verbose ] command to check information about the FIB entries that match a specified IPprefix list.

l Run the display fib [ slot-id ][ vpn-instance vpn-instance-name ] destination-address1[ destination-mask1 ] [ longer ] [ verbose ] command to check information about the FIBentries that match destination IP addresses in a specified range.

l Run the display fib [ vpn-instance vpn-instance-name ] next-hop ip-address commandto check information about the FIB entries that match the specified next hop address.

l Run the display fib [ slot-id ] [ vpn-instance vpn-instance-name ] statistics command tocheck the total number of FIB entries.

----End

6.4.3 Debugging IP Performance

Context

CAUTIONDebugging affects the performance of the system. So, after debugging, run the undo debuggingall command to disable it immediately.

When an IP, TCP, UDP, RAWIP, or RAWLINK fault occurs, run the following debuggingcommands in the user view to locate the fault.

For details on debugging commands, see the Quidway S7700 Smart Routing Switch DebuggingReference.

Procedurel Run the debugging ip packet [ error ] [ acl acl-number ] [ verbose ] command in the user

view to debug IP packets.l Run the debugging ip icmp [ verbose ] command in the user view to debug ICMP packets.l Run the debugging udp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip dest-

address ] [ dest-port dest-port ] or debugging udp packet [ task-id task-id ] [ socket-idsocket-id ] command in the user view to debug UDP packets.

l Run the debugging tcp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip dest-address ] [ dest-port dest-port ] [ flag flag-number ] or debugging tcp packet [ task-idtask-id ] [ socket-id socket-id ] [ flag flag-number ] command in the user view to debugUDP packets.

l Run the debugging tcp event [ local-ip local-address ] [ local-port local-port ] [ remote-ip remote-address ] [ remote-port remote-port ] or debugging tcp event [ task-id task-id ] [ socket-id socket-id ] command in the user view to debug TCP events.

l Run the debugging tcp md5 [ src-ip src-address ] [ src-port src-port ] [ dest-ip dest-address ] [ dest-port dest-port ] or debugging tcp md5 [ task-id task-id ] [ socket-id



123

socket-id ] command in the user view to debug TCP Message Digest Algorithm 5 (MD5)authentication.

l Run the debugging rawip packet [ src-ip src-address ] [ dest-ip dest-address ][ protocol protocol-number ] [ verbose verbose-number ] or debugging rawip packet[ task-id task-id ] [ socket-id socket-id ] [ verbose verbose-number ] command in the userview to debug RAWIP packets.

l Run the debugging rawlink packet [ src-mac src-mac ] [ dest-mac dest-mac ][ verbose verbose-number ] or debugging rawlink packet [ task-id task-id ] [ socket-idsocket-id ] [ verbose verbose-number ] command in the user view to debug RAWLINKpackets.

----End

6.5 Configuration ExamplesThis section provides several configuration examples of IP performance.

6.5.1 Example for Disabling the Sending of ICMP RedirectionPackets

This section provides a configuration example of disabling the sending of ICMP redirectionpackets.


As shown in Figure 6-1, to limit the sending of ICMP redirection packets, Switch A, Switch B,and Switch C are required and these devices are connected through their GE interfaces.

Figure 6-1 Networking diagram for disabling the sending of ICMP redirection packets

Internet

SwitchA

SwitchBSwitchC

GE1/0/0VLANIF101.1.1.1/24

VLANIF101.1.1.2/24

GE1/0/0GE1/0/0VLANIF102.2.2.2/24



124


1. Assign IP addresses to interfaces on routing devices.2. Configure static routes to indirectly connected devices.3. Disable the sending of ICMP redirection packets on an interface.


l Static routes to indirectly connected devicesl IP address of the interface

Procedure

Step 1 Assign IP addresses to VLANIF interfaces.

# Configure Switch A.

<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] vlan 10[SwitchA-Vlan10] quit[SwitchA] interface gigabitethernet 1/0/0[SwitchA-GigabitEthernet1/0/0] port hybrid tagged vlan 10[SwitchA-GigabitEthernet1/0/0] quit[SwitchA] interface vlanif 10[SwitchA-Vlanif10] ip address 1.1.1.1 24[SwitchA-Vlanif10] quit

# Configure Switch B.

<Quidway> system-view[Quidway] sysname SwitchB[SwitchB] vlan 10[SwitchB-Vlan10] quit[SwitchB] interface gigabitethernet 1/0/0[SwitchB-GigabitEthernet1/0/0] port hybrid tagged vlan 10[SwitchB-GigabitEthernet1/0/0] quit[SwitchB] interface vlanif 10[SwitchB-Vlanif10] ip address 1.1.1.2 24[SwitchB-Vlanif10] quit

# Configure Switch C.

<Quidway> system-view[Quidway] sysname SwitchC[SwitchC] vlan 10[SwitchC-Vlan10] quit[SwitchC] interface gigabitethernet 1/0/0[SwitchC-GigabitEthernet1/0/0] port hybrid tagged vlan 10[SwitchC-GigabitEthernet1/0/0] quit[SwitchC] interface vlanif 10[SwitchC-Vlanif10] ip address 2.2.2.2 24[SwitchC-Vlanif10] quit

Step 2 Configure static routes.


[SwitchA] ip route-static 2.2.2.0 255.255.255.0 1.1.1.2



125


[SwitchB] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1

Step 3 Disable the sending of ICMP redirection packets on VLANIF 10 of Switch B.[SwitchB] interface vlanif 10[SwitchB-Vlanif10] undo icmp redirect send[SwitchB-Vlanif10] quit


# Debug ICMP packets on Switch B.

<SwitchB> debugging ip icmp

# Run the ping command on Switch A. You can view that Switch B does not send host redirectionpackets. No ICMP redirection packet is displayed in the output of the debugging command.

[SwitchA] ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=3 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=3 ms Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=3 ms Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=3 ms Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=3 ms

--- 2.2.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms

----End


# sysname SwitchA#vlan batch 10#interface vlanif 10 ip address 1.1.1.1 255.255.255.0#interface GigabitEthernet1/0/0 port hybrid tagged vlan 10# ip route-static 2.2.2.0 255.255.255.0 1.1.1.2#return

l Configuration file of Switch B# sysname SwitchB#vlan batch 10#interface vlanif 10 ip address 1.1.1.2 255.255.255.0 undo icmp redirect send#interface GigabitEthernet1/0/0 port hybrid tagged vlan 10# ip route-static 2.2.2.0 255.255.255.0 1.1.1.1



126

#return

l Configuration file of Switch C# sysname SwitchC#vlan batch 10#interface vlanif 10 ip address 2.2.2.2 255.255.255.0#interface GigabitEthernet1/0/0 port hybrid tagged vlan 10#return

6.5.2 Example for Disabling the Sending of ICMP Host UnreachablePackets

This section provides a configuration example of disabling the sending of ICMP hostunreachable packets.

Networking RequirementsAs shown in Figure 6-2, to limit the sending of ICMP redirection packets, Switch A, Switch B,and Switch C are required and these devices are connected through their GigabitEthernetinterfaces.

Figure 6-2 Networking diagram for disabling the sending of ICMP host unreachable packets

SwitchA

SwitchC

GE1/0/1VLANIF101.1.1.1/24

GE1/0/2VLANIF112.2.2.2/24

SwitchB

GE1/0/1VLANIF101.1.1.2/24

GE1/0/2VLANIF112.2.2.1/24


1. Assign IP addresses to interfaces on Switches.2. Configure static routes to indirectly connected devices.3. Enable the sending of ICMP host unreachable packets in the interface view.



127

NOTE

By default, the sending of ICMP host unreachable packets is enabled on the interface view. If theconfiguration is not changed, you can skip this configuration.


l Static routes to indirectly connected devicesl IP address of the interface

Procedure

Step 1 Configure Switch A.


<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] vlan 10[SwitchA-Vlan10] quit[SwitchA] interface gigabitethernet1/0/1[SwitchA-GigabitEthernet1/0/1] port hybrid tagged vlan 10[SwitchA-GigabitEthernet1/0/1] quit[SwitchA] interface vlanif 10[SwitchA-Vlanif10] ip address 1.1.1.1 24 [SwitchA-Vlanif10] quit

# Configure a static route on Switch A.

[SwitchA] ip route-static 2.2.2.0 24 1.1.1.2

Step 2 Configure Switch B.

# Assign an IP address to VLANIF 10 on Switch B and disable the sending of ICMP hostunreachable packets.

<Quidway> system-view[Quidway] sysname SwitchB[SwitchB] vlan 10[SwitchB-Vlan10] quit[SwitchB] interface gigabitethernet1/0/1[SwitchB-GigabitEthernet1/0/1] port hybrid tagged vlan 10[SwitchB-GigabitEthernet1/0/1] quit[SwitchB] interface vlanif 10[SwitchB-Vlanif10] ip address 1.1.1.2 24 [SwitchB-Vlanif10] quit[SwitchB] vlan 11[SwitchB-Vlan11] quit[SwitchB] interface gigabitethernet1/0/2[SwitchB-GigabitEthernet1/0/2] port hybrid tagged vlan 11[SwitchB-GigabitEthernet1/0/2] quit[SwitchB] interface vlanif 11[SwitchB-Vlanif11] ip address 2.2.2.1 24 [SwitchB-Vlanif11] icmp host-unreachable send[SwitchB-Vlanif11] quit

Step 3 Configure Switch C.

# Assign an IP address to VLANIF 11 on Switch C.

<Quidway> system-view[Quidway] sysname SwitchC[SwitchC] vlan 11[SwitchC-Vlan11] quit



128

[SwitchC] interface gigabitethernet1/0/2[SwitchC-GigabitEthernet1/0/2] port hybrid tagged vlan 11[SwitchC-GigabitEthernet1/0/2] quit[SwitchC] interface vlanif 11[SwitchC-Vlanif11] ip address 2.2.2.2 24 [SwitchC-Vlanif11] quit


# Debug ICMP packets on Switch A.

<SwitchA> debugging ip icmp<SwitchA> terminal monitor<SwitchA> terminal debugging

# Run the ping 2.2.2.3 command on Switch A. According to the received packet captured bythe tester on Switch A, Switch B sends host unreachable packets.

[SwitchA] ping 2.2.2.3

----End


# sysname SwitchA#vlan 10#interface vlanif 10 ip address 1.1.1.1 255.255.255.0#interface GigabitEthernet1/0/1 port hybrid tagged vlan 10# ip route-static 2.2.2.0 255.255.255.0 1.1.1.2#return

l Configuration file of Switch B# sysname SwitchB#vlan batch 10 to 11#interface vlanif 10 ip address 1.1.1.2 255.255.255.0#interface vlanif 11 ip address 2.2.2.1 255.255.255.0#interface GigabitEthernet1/0/1 port hybrid tagged vlan 10#interface GigabitEthernet1/0/2 port hybrid tagged vlan 11#return

l Configuration file of Switch C# sysname SwitchC#vlan 11#interface vlanif 11 ip address 2.2.2.2 255.255.255.0



129

#interface GigabitEthernet1/0/2 port hybrid tagged vlan 11#return

6.5.3 Example for Optimizing System Performance by DiscardingCertain ICMP Packets

This section provides a configuration example of optimizing system performance by discardingcertain ICMP packets.

Networking RequirementAs shown in Figure 6-3, the Switch functions as the convergence device. The enterprise users,individual users, and DSLAMs are attached to the Switch. The Switch is connected to the Internetthrough a BRAS. To reduce the workload on the Switch, you need to configure the Switch todiscard certain ICMP packets. The ICMP packets to be discarded have any of the followingcharacteristics:l The TTL values of the packets are 1.l The packets carry options.l The destination addresses of the packets are unreachable.

Figure 6-3 Networking for configuring ICMP security function

S9300

BRAS

DSLAM

Enterpriseuser

Individualuser

Internet

Usernetwork



130

Configuration RoadmapPerform the configurations in the system view of the Switch. The configuration roadmap is asfollows:

l Configure the Switch to discard the ICMP packets whose TTL values are 1.l Configure the Switch to discard the ICMP packets that carry options.l Configure the Switch to discard the ICMP packets whose destination addresses are

unreachable.

Data PreparationNone

Procedure

Step 1 Configure the Switch to discard certain ICMP packets.

# Configure the Switch to discard the ICMP packets whose TTL values are 1.

<Quidway> system-view[Quidway] icmp ttl-exceeded drop all

# Configure the Switch to discard the ICMP packets that carry options.

[Quidway] icmp with-options drop all

# Configure the Switch to discard the ICMP packets whose destination addresses areunreachable.

[Quidway] icmp unreachable drop


# Run the display this command in the system view to display the configuration of the ICMPsecurity function.

[Quidway] display this# icmp unreachable drop icmp ttl-exceeded drop slot 1 icmp with-options drop slot 1 icmp ttl-exceeded drop slot 2 icmp with-options drop slot 2 icmp ttl-exceeded drop slot 3 icmp with-options drop slot 3

----End

Configuration Files

# sysname Quidway # icmp unreachable drop icmp ttl-exceeded drop slot 1 icmp with-options drop slot 1 icmp ttl-exceeded drop slot 2 icmp with-options drop slot 2 icmp ttl-exceeded drop slot 3 icmp with-options drop slot 3



131

# return



132

7 UDP Helper Configuration

About This Chapter

This chapter describes the principle of UDP helper, and provides configuration procedures andexamples of UDP helper.

7.1 Introduction to UDP HelperThis section describes the principle of UDP helper.

7.2 UDP Helper Features Supported by the S7700This section describes the UDP Helper features supported by the S7700.

7.3 Configuring UDP HelperThis section describes how to configure UDP helper to forward IP broadcast packets of aspecified UDP port.

7.4 Maintaining UDP HelperThis section describes how to maintain UDP helper.

7.5 Configuration ExamplesThis section provides several configuration examples of UDP helper.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 7 UDP Helper Configuration


133

7.1 Introduction to UDP HelperThis section describes the principle of UDP helper.

The S7700 on a network needs to obtain network configurations or query the name of anotherdevice by sending broadcast packets. The S7700, however, cannot obtain the requiredinformation if the S7700 and the server or the device to be queried are in different broadcastdomains.

To address the preceding problem, the S7700 provides the UDP helper function. Through theUDP helper function, the S7700 can convert broadcast packets on a specified User DatagramProtocol (UDP) port into unicast packets to be sent to a specified destination server, or forwardbroadcast packets on a subnet to another subnet.

7.2 UDP Helper Features Supported by the S7700This section describes the UDP Helper features supported by the S7700.

After the UDP helper function is enabled on the S7700, the S7700 forwards broadcast packetsof six default UDP ports to corresponding destination servers in unicast mode. Other UDP portsmust be configured manually.

Table 7-1 lists the default ports.

Table 7-1 Lists of default UDP ports on which packets are forwarded after the UDP helperfunction is enabled

Protocol UDP Port Number

Trivial File TransferProtocol (TFTP)

69

Domain NameSystem (DNS)

53

Time Service 37

NetBIOS NameService (NetBIOS-NS)

137

NetBIOS DatagramService (NetBIOS-DS)

138

Terminal AccessController AccessControl System(TACACS)

49



134

The UDP helper function cannot be used to send DHCP messages, that is, the number of theUDP port cannot be 67 or 68. To forward Dynamic Host Configuration Protocol (DHCP)messages, you need to enable the DHCP relay function.

7.3 Configuring UDP HelperThis section describes how to configure UDP helper to forward IP broadcast packets of aspecified UDP port.

7.3.1 Establishing the Configuration Task

Applicable EnvironmentWhen an S7700 on a network needs to obtain network configurations or query the name ofanother device by sending broadcast packets, you can enable the UDP helper function if theS7700 and the device to be queried are in different broadcast domains.

Pre-configuration TasksBefore configuring the UDP helper function, complete the following task:l Configuring a reachable route between the S7700 and the server

Data PreparationTo configure the UDP helper function, you need the following data.

No. Data

1 UDP port on which packets are forwarded

2 VLANIF interface and IP address of thedestination server that sends packets of UDPports

7.3.2 Enabling the UDP Helper Function

ContextAfter the UDP Helper function is enabled, the S7700 checks the destination UDP port of thereceived packet and determines whether to relay the packet. Then the S7700 performs theoperations as follows:

l If the destination UDP port number of packets matches the UDP port number on whichpackets need to be forwarded and the destination MAC address is the broadcast MACaddress, the S7700 changes the destination IP address in the IP packet header and sendsthem to a specified destination server.

l If the destination UDP port number of packets does not match the UDP port number onwhich packets need to be forwarded, the S7700 discards them.



135

Procedure



Step 2 Run:udp-helper enable

The UDP helper function is enabled.

----End

7.3.3 Configuring the UDP Port on Which Packets Are Forwarded

Prerequisite

The UDP helper function is enabled.

Context

After the UDP helper function is enabled, the S7700 forwards broadcast packets of UDP ports37 (Time), 49 (TACACS), 53 (DNS), 69 (TFTP), 137 (NetBIOS-NS), and 138 (NetBIOS-DS)by default. If the port number that needs to be configured is in the range of default UDP portnumbers, you can skip this configuration procedure.

The S7700 does not forward DHCP messages of UDP ports 67 and 68.


Procedure



Step 2 Run:udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }

The UDP port on which packets need to be forwarded are configured.

----End

7.3.4 Configuring the Destination Server to Which Packets of theUDP Port Need to Be Forwarded

Context




136

Procedure





Step 3 Run:udp-helper server ip-address

The destination server to which UDP packets are forwarded is configured.

After the UDP Helper function is enabled, if the destination UDP port of the packet received bythe VLANIF interface is the same as the UDP port for packet relay, the packet is forwarded tothe destination server configured on the VLANIF interface.

----End


PrerequisiteThe configurations of the UDP helper function are complete.

Procedurel Run the display udp-helper server [ interface vlanif vlan-id ] command to check

information about UDP packets forwarded on the interface

----End

Example

Run the display udp-helper server command to check the number of the VLANIF interfacethat relays UDP packets, the IP address of the destination server, and the number of forwardedUDP packets.

<Quidway> display udp-helper server interface Vlanif 100vlan-interface Server-Ip packet-numVlanif100 10.10.10.10 20

7.4 Maintaining UDP HelperThis section describes how to maintain UDP helper.

7.4.1 Clearing UDP Helper Statistics



137

Context

CAUTIONThe UDP helper statistics cannot be restored after you clear them. So, confirm the action beforeyou use the command.

Procedure

Step 1 Run the reset udp-helper packet command in the user view to clear the UDP helper statistics.

----End

7.4.2 Monitoring the Running Status of UDP Helper

Context

In routine maintenance, you can run the following command in any view to view the runningstatus of UDP helper.

Procedure

Step 1 Run the display udp-helper server [ interface vlanif vlan-id ] command to check the numberof the VLANIF interface that forwards UDP packets, the IP address of the destination server,and the number of forwarded UDP packets.

----End

7.5 Configuration ExamplesThis section provides several configuration examples of UDP helper.

7.5.1 Example for Configuring UDP HelperThis section provides a configuration example of UDP helper.


As shown in Figure 7-1, the IP address of VLANIF 100 on the Switch is 10.110.1.1/16; the IPaddress of the NetBIOS-NS name server is 10.2.1.1/16. The Switch and the NetBIOS-NS nameserver are on different network segments, but the route between the Switch and the NetBIOS-NS name server is reachable.

The Switch is configured to forward broadcast packets with the destination UDP port numberas 137 and the destination IP address as 255.255.255.255 and broadcast packets with thedestination IP address as 10.110.255.255 to the NetBIOS-NS name server.



138

When receiving broadcast packets of NetBIOS-NS Register, the Switch changes the packetswhose destination IP address is the IP address of the NetBIOS-NS name server. Then, theSwitch forwards the packets to the specified NetBIOS-NS name server.

Figure 7-1 Networking diagram for configuring UDP helper

Switch

NETBIOS-NSName Server10.2.1.1/16

Internet

PC1 PC2

VLANIF10010.110.1.1/16


1. Enable the UDP helper function on the Switch.2. After the UDP helper function is enabled on the Switch, the Switch forwards broadcast

packets with the destination UDP port as 137 by default. The UDP port number, therefore,does not need to be configured here.

3. Create a VLAN, assign the IP address and configure the destination server to which packetsof UDP ports are forwarded on the VLANIF interface.


l VLANIF interface of the destination server to which packets of UDP ports are forwardedl IP address of the destination server

Procedure

Step 1 Enable the UDP helper function.<Quidway> system-view[Quidway] udp-helper enable

Step 2 Configure the destination server to which packets of UDP ports are forwarded.[Quidway] vlan 100[Quidway-Vlan100] quit[Quidway] interface vlanif 100



139

[Quidway-Vlanif100] ip address 10.110.1.1 16[Quidway-Vlanif100] udp-helper server 10.2.1.1[Quidway-Vlanif100] quit[Quidway] quit


The destination server to which packets of UDP ports are forwarded on VLANIF 100 is theNetBIOS-NS name server.

<Quidway> display udp-helper server interface Vlanif 100vlan-interface Server-Ip packet-numVlanif100 10.2.1.1 0

----End


# sysname Quidway# vlan batch 100# udp-helper enable#interface Vlanif100 ip address 10.110.1.1 255.255.0.0 udp-helper server 10.2.1.1#return



140

8 DNS Configuration

About This Chapter

By configuring the Domain Name System (DNS), you can enable network devices tocommunicate with other through their domain names.

8.1 Introduction to DNSAfter each host on the Internet is assigned a domain name, you can set up a mapping betweenthe domain name and IP address of a host through. In this manner, you can use domain names,which are easy to memorize and are of significance, instead of complicated IP addresses.

8.2 DNS Supported by the S7700Domain name resolution can be performed in either dynamic mode or static mode.

8.3 Configuring DNSBy configuring the DNS, you can set up a mapping between a domain name and an IP address.In this manner, you can enable the device to communicate with other devices.

8.4 Maintaining DNSThe operations of DNS maintenance include clearing DNS statistics and monitoring the DNSoperating status.

8.5 Configuration ExamplesThis section provides a configuration example of DNS.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 8 DNS Configuration


141

8.1 Introduction to DNSAfter each host on the Internet is assigned a domain name, you can set up a mapping betweenthe domain name and IP address of a host through. In this manner, you can use domain names,which are easy to memorize and are of significance, instead of complicated IP addresses.

The Domain Name System (DNS) is a host naming mechanism provided by TCP/IP, with whichhosts can be named in the form of character string. This system assumes a hierarchical namingstructure. It designates a meaningful name for the device in the Internet and associates the namewith the IP address through a domain name resolution server. In this manner, you can use domainnames that are easy to remember instead of memorizing complex IP addresses.

8.2 DNS Supported by the S7700Domain name resolution can be performed in either dynamic mode or static mode.

DNS has two resolution modes: dynamic DNS resolution and static DNS resolution. To resolvea domain name, the system first uses static DNS resolution. If this mode fails, the system usesdynamic DNS resolution. To improve resolution efficiency, you can put common domain namesin a static domain name resolution table.

The S7700 supports static resolution and dynamic resolution.

8.3 Configuring DNSBy configuring the DNS, you can set up a mapping between a domain name and an IP address.In this manner, you can enable the device to communicate with other devices.

8.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring the DNS.

Applicable EnvironmentIf local users accessing devices need to communicate with other devices by using domain names,you can configure DNS on the device. An DNS entry is an mapping between a domain nameand an IP address.

If local users communicate with other devices hardly through the domain name or if the DNSserver is unavailable, configure static DNS. Prior to configuring static DNS, you must know themapping between the domain name and the IP address. In case of a change in the mapping, youmust modify the DNS entry manually.

You can configure dynamic DNS on the device if local users frequently use domain names forcommunicating with other devices and the DNS server is available.

Pre-configuration TasksBefore configuring DNS, complete the following tasks:



142

l Configuring physical attributes of the interface and ensuring that the physical layer statusof the interface is Up

l Configuring parameters of the link layer protocol of the interface and ensuring that the linklayer protocol status of the interface is Up

l Configuring routes between the local device and the DNS server

l Configuring the DNS server

Data Preparation

To configure DNS, you need the following data.

No. Data

1 Domain name and the corresponding IP address in a static DNS entry

2 IP address of a DNS server

3 Domain name or the domain name list of a dynamic DNS entry

8.3.2 Configuring Static DNS EntriesYou can create a table of mappings between domain names and IP addresses and add commonly-used domain names to this table. When a client needs to use the IP address corresponding to adomain name, the client can search the table for the required IP address. This improves theefficiency of domain name resolution.

Procedure



Step 2 Run:ip host host-name ip-address

The IP address corresponding to the host name is configured.

A host name corresponds to only one IP address. When you configure an IP address for a hostfor several times, only the IP address configured at the latest is valid. To resolve several hostnames, repeat Step 2.

You can configure a maximum of 50 static DNS entries.

----End

8.3.3 Configuring Dynamic DNSTo perform dynamic domain name resolution, you need a special domain name resolution server,which runs a server program. This server provides mappings between domain names and IPaddresses and receives resolution requests from the client.



143

Procedure



Step 2 Run:dns resolve

Dynamic domain name resolution is enabled.

Step 3 Run:dns server ip-address

A DNS server is specified.

Step 4 (Optional) Run:dns server source-ip source-ip-address

The IP address of the local device is specified.

The local device uses the specified IP address to communicate with the DNS server, whichensures communication security.

Step 5 Run:dns domain domain-name

The suffix of the domain name is added.

----End

Follow-up Procedure

The system supports the configuration of a maximum of 6 domain name servers, 1 sourceaddress, and 10 domain name suffixes.

To configure more than one domain name server, repeat Step 3.

To configure more than one domain name suffix, repeat Step 5.

8.3.4 Checking the ConfigurationYou can view the configuration of the DNS.

PrerequisiteThe configurations of the DNS function are complete.

Procedurel Run the display ip host command to check the information about the static DNS entry

table.l Run the display dns server command to check the configurations about DNS servers.l Run the display dns domain command to check the configurations about domain name

suffixes.



144

l Run the display dns dynamic-host command to check the information about dynamic DNSentries in the domain name cache.

----End

ExampleRun the display ip host command. If static DNS entries including the mappings between hostnames and IP addresses, are displayed, it means that the configuration succeeds. For example:<Quidway> display ip hostHost Age Flags Addresshw 0 static 10.1.1.1gww 0 static 192.168.1.1

Run the display dns server command. If IP addresses of all domain servers are displayed, itmeans that the configuration succeeds. For example:<Quidway> display dns serverIPv4 Dns Servers :Domain-server IpAddress 1 172.16.1.1 2 172.16.1.2

IPv6 Dns Servers :No configured servers.

Run the display dns domain command. If the list of suffixes of domain names is displayed, itmeans that the configuration succeeds. For example:<Quidway> display dns domainNo Domain-name1 com2 net

Run the display dns dynamic-host command. If information about the dynamic domain namecache is displayed, it means that the configuration succeeds. For example:<Quidway> display dns dynamic-hostNo Domain-name IpAddress TTL Alias1 www.huawei.com 91.1.1.1 35212 www.huawei.com.cn 87.1.1.1 3000

8.4 Maintaining DNSThe operations of DNS maintenance include clearing DNS statistics and monitoring the DNSoperating status.

8.4.1 Clearing DNS EntriesThis section describes DNS entry clearance through the reset command.

Context

CAUTIONDNS entries cannot be restored after being cleared. So, confirm the action before you use thiscommand.



145

Procedure

Step 1 Run the reset dns dynamic-host command in the user view to clear dynamic DNS entriesstatistics in the domain name cache.

----End

8.4.2 Monitoring Network Operation Status of DNSThis section describes DNS operation monitoring through the display command.

ContextIn routine maintenance, you can run the following command in any view to check the operationof DNS.

Procedurel Run the display ip host command to check the information about the static DNS entry

table.l Run the display dns server command to check configurations about DNS servers.l Run the display dns domain command to check configurations about domain name

suffixes.l Run the display dns dynamic-host command to check the information about dynamic DNS

entries in the domain name cache.

----End

8.4.3 Debugging DNSThis section describes DNS debugging through the debugging command.

Context

CAUTIONDebugging affects the performance of the system. So after debugging, run the undo debuggingall command to disable it immediately.

Run the following debugging command in the user view to debug DNS and locate the fault.

For more information, refer to the chapter "Information Center Configuration" in the QuidwayS7700 Smart Routing Switch Configuration Guide - System Management. For descriptions aboutthe debugging commands, refer to the Quidway S7700 Smart Routing Switch DebuggingReference.

Procedure

Step 1 Run the debugging dns command in the user view to debug dynamic DNS.

----End



146

8.5 Configuration ExamplesThis section provides a configuration example of DNS.

8.5.1 Example for Configuring DNSThis section provides a configuration example of DNS.

Networking RequirementsAs shown in Figure 8-1, Switch A acts as a DNS client, being required to access the host2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes"com" and "net".

On Switch A, configure static DNS entries of Switch B and Switch C so that Switch A cancommunicate with them by using domain names.

Figure 8-1 Networking diagram of DNS

Loopback04.1.1.1/32

Loopback04.1.1.2/32

GE1/0/1

1.1.1.2/16

GE1/0/2

1.1.1.1/16

GE1/0/1

2.1.1.1/16

GE1/0/1

2.1.1.2/16

GE1/0/2

3.1.1.1/16

SwitchA

SwitchB SwitchC

huawei.com2.1.1.3/16

DNS Server3.1.1.2/16

DNS Client

VLANIF 100

VLANIF 100VLANIF 101 VLANIF 100

VLANIF 101


1. Configure static DNS entries.2. Enable DNS resolution.3. Configure an IP address for the DNS server.4. Configure suffixes of domain names.


l Domain names of Switch B and Switch Cl IP address of the DNS server



147

l Suffixes of domain names

Procedure


# Configure static DNS entries.

<SwitchA> system-view[SwitchA] ip host SwitchB 4.1.1.1[SwitchA] ip host SwitchC 4.1.1.2

# Enable DNS resolution.

[SwitchA] dns resolve

# Configure an IP address for the DNS server.

[SwitchA] dns server 3.1.1.2

# Configure a domain name suffix "net".

[SwitchA] dns domain net

# Configure a domain name suffix "com".

[SwitchA] dns domain com[SwitchA] quit

NOTE

To complete DNS resolution, configuring routes from Switch A to the DNS server is mandatory. Forprocedures for configuring routes, refer to the Quidway S7700 Smart Routing Switch Configuration Guide- IP Routing.


# Run the ping huawei.com command on Switch A to ping the IP address 2.1.1.3. The pingsucceeds.

<SwitchA> ping huawei.comTrying DNS server (3.1.1.2) PING huawei.com (2.1.1.3): 56 data bytes, press CTRL_C to break Reply from 2.1.1.3: bytes=56 Sequence=1 ttl=126 time=6 ms Reply from 2.1.1.3: bytes=56 Sequence=2 ttl=126 time=4 ms Reply from 2.1.1.3: bytes=56 Sequence=3 ttl=126 time=4 ms Reply from 2.1.1.3: bytes=56 Sequence=4 ttl=126 time=4 ms Reply from 2.1.1.3: bytes=56 Sequence=5 ttl=126 time=4 ms

--- huawei.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/6 ms

# Run the display ip host command on Switch A to view static DNS entries, including mappingsbetween host names and IP addresses.

<SwitchA> display ip hostHost Age Flags AddressSwitchB 0 static 4.1.1.1SwitchC 0 static 4.1.1.2

# Run the display dns dynamic-host command on Switch A to view dynamic DNS entries inthe domain name cache.



148

<SwitchA> display dns dynamic-hostNo Domain-name IpAddress TTL Alias1 huawei.com 2.1.1.3 3579

NOTE

TTL value in the above display indicates the lifetime of an entry. It is in seconds.

----End


# sysname SwitchA#vlan batch 100# ip host SwitchB 4.1.1.1 ip host SwitchC 4.1.1.2# dns resolve dns server 3.1.1.2 dns domain net dns domain com#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface vlanif100 ip address 1.1.1.2 255.255.0.0#rip 1 network 1.0.0.0#return

l Configuration file of Switch B# sysname SwitchB#vlan batch 100 101#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet1/0/2 port hybrid pvid vlan 101 port hybrid untagged vlan 101#interface LoopBack0 ip address 4.1.1.1 255.255.255.255#interface vlanif100 ip address 2.1.1.1 255.255.0.0#interface vlanif101 ip address 1.1.1.1 255.255.0.0#rip 1 network 2.0.0.0 network 1.0.0.0 network 4.0.0.0#return



149

l Configuration file of Switch C# sysname SwitchC#vlan batch 100 101#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet1/0/2 port hybrid pvid vlan 101 port hybrid untagged vlan 101#interface LoopBack0 ip address 4.1.1.2 255.255.255.255#interface vlanif100 ip address 2.1.1.2 255.255.0.0#interface vlanif101 ip address 3.1.1.1 255.255.0.0#rip 1 network 2.0.0.0 network 3.0.0.0network 4.0.0.0#return



150

9 Basic Configurations of IPv6

About This Chapter

This chapter describes the basic concept and configurations of IPv6.

ContextNOTE

The IPv6 functions of the S7700 are restricted through the license.

Generally, the IPv6 commands can be run on a new device, but the corresponding IPv6 functions cannottake effect. To make the IPv6 functions effective on the S7700, contact local office of Huawei to buy thelicense.

9.1 Introduction to IPv6This section describes the basic principle of IPv6.

9.2 IPv6 Features Supported by the S7700The S7700 supports the IPv6 protocol suite and TCP6 protocol suite.

9.3 Configuring an IPv6 Address for an InterfaceAssigning an IPv6 address to a device on a network enables the device to communicate with theother devices on the network.

9.4 Configuring IPv6 Neighbor DiscoveryIPv6 neighbor discovery (ND) is a packet transmission process to identify the relationshipbetween neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the AddressResolution Protocol (ARP), ICMP Device Discovery messages, and ICMP Redirect messages,and introduces neighbor reachability detection.

9.5 Maintaining IPv6This section describes how to maintain IPv6. Detailed operations include deleting informationabout IPv6 operation and monitoring IPv6 operation.

9.6 Configuration ExamplesThis section provides a configuration example of IPv6 addresses.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 9 Basic Configurations of IPv6


151

9.1 Introduction to IPv6This section describes the basic principle of IPv6.

Basic ConceptsInternet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard networkprotocol of 2nd generation. It is designed by Internet Engineering Task Force as an upgradedversion of IPv4. The major feature of IPv6 is the larger address space: addresses in IPv6 are 128bits long versus 32 bits in IPv4.

Overview of IPv6 AddressesA 128-bit IPv6 address has two formats:

l X:X:X:X:X:X:X:XIn this format, a 128-bit IP address is divided into eight groups. The 16 bits of each groupare represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups areseparated by ":". Every "X" represents four hexadecimal characters.

l X:X:X:X:X:X:d.d.d.dAddresses in this format are classified into two types:– IPv4-compatible IPv6 addresses– IPv4-mapped IPv6 addressesIPv4-compatible IPv6 addresses are used to configure the IPv6 over IPv4 tunnel.Each "X" stands for 16 bits that are represented by four hexadecimal characters. Each "d"stands for 8 bits that are represented by decimal numbers. "d.d.d.d" is a standard IPv4address.

An IPv6 address can be divided into two parts:

l Network prefix: n bits, equivalent to the network ID in the IPv4 address.l Interface identifier: 128-n bits, equivalent to the host ID in the IPv4 address.

9.2 IPv6 Features Supported by the S7700The S7700 supports the IPv6 protocol suite and TCP6 protocol suite.

IPv6 Features Supported by the S7700The S7700 supports the setting of IPv6 addresses on a VLANIF, Loopback interface.

Each interface supports a maximum of 20 IPv6 addresses, including link-local addresses andthe global unicast addresses.

The link-local address is used in the neighbor discovery protocol and used in the communicationbetween the nodes on the local link in the stateless address auto-configuration. The packetswhose source or destination address is the link-local address are forwarded on only the locallink.

A link-local address can be set automatically or manually. After the command to enable thesystem to automatically set link-local addresses is run, the system automatically sets a link-local



152

address for an interface. The link-local address manually set must be a valid link-local address(FE80::/10).

Automatically generated link-local addresses are recommended because link-local addresses areused only for communications between link-local nodes usually to satisfy the communicationrequest of protocols and irrelevant to communications between users.

A global unicast address is equal to an IP address on the IPv4 public network, which is used toforward data on the public network and mandatory for communications between users.

An EUI-64 address is equivalent to a global unicast address in view of functions. For an EUI-64address, however, only the network bits need to be specified. Its host bits are transformed fromthe MAC address of the interface. For a global unicast address, complete 128 bits of the addresshave to be specified.

IPv6 Neighbor Discovery

IPv6 neighbor discovery (ND) is a packet transmission process to identify relationships betweenneighboring nodes. The ND protocol replaces the Address Resolution Protocol (ARP), ICMPRedirect message, and ICMP Router Discovery message on an IPv4 network and provides otherfunctions.

IPv6 FIB

Connecting network topologies of different types needs the configuration of different routingprotocols. This brings about Routing Information Base (RIB). The RIB is a base of the FIB.Guided by route management policies, the S7700 obtains minimum necessary forwardinginformation from the RIB and adds the information to the FIB. Through the route managementmodule, you can also add static routes into the FIB.

Forwarding Information Base (FIB) contains minimum necessary information needed by anS7700 to forward packets. An FIB entry usually contains the destination address, prefix length,transport port, next-hop address, route flag, time stamp. An S7700 forwards packets accordingto FIB entries.

The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIBcontainer (used on the forwarding plane). The control plane (FibAgent) is responsible forinteracting with the RM module and downloading the FIB to the forwarding engine. For adistributed system, the FIB needs to be downloaded to the I/O board.

A FIB contains the following information:

l Destination address: indicates the network or host a packet is destined for.

l Prefix length: indicates the length of the destination address prefix. From the prefix length,you can infer that the destination address is a network address or a host address.

l Nexthop: indicates the address of the next hop through which the packet reaches thedestination.

l Flag(s): identifies route characteristics.

l Interface: indicates the outgoing interface of the packet.

l Timestamp: time when an FIB entry is generated.



153

9.3 Configuring an IPv6 Address for an InterfaceAssigning an IPv6 address to a device on a network enables the device to communicate with theother devices on the network.

9.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for assigning an IPv6 address to an interface.

Applicable EnvironmentWhen a device communicates with an IPv6 device, you need to configure IPv6 address for theinterface.

An EUI-64 address has the same function as an global unicast address. The difference is thatonly the network bits need to be specified for the EUI-64 address and the host bits are transformedfrom the MAC addresses of the interface while a complete 128-bit address need to be specifiedfor the global unicast address. Note that the prefix length of the network bits in an EUI-64 addressmust not be longer than 64 bits.

The EUI-64 address and the global unicast address can be configured simultaneously oralternatively. However, the IP addresses configured for one interface cannot be in the samenetwork segment.

Pre-configuration TasksBefore configuring IPv6 addresses, complete the following tasks:

l Configuring the physical features of the interface and ensuring that the status of the physicallayer of the interface is Up


Data PreparationTo configure IPv6 addresses for an interface, you need the following data.

No. Data

1 Number of the interface

2 Link-local address configured manually

3 Global unicast address and prefix length



154

9.3.2 Enabling IPv6 Packet Forwarding CapabilityYou can perform other IPv6 configurations on an interface only when IPv6 is enabled in theinterface view. To enable IPv6 packet forwarding on an interface, you must configure IPv6 inthe system view.

ContextTo enable a device to forward IPv6 packets, you must enable the IPv6 capability in both thesystem view and the interface view. This is because:

l If you run the ipv6 command only in the system view, only the IPv6 packet forwardingcapability is enabled on a device. The IPv6 function, however, is not enabled on the interfaceand hence you cannot perform any IPv6 configurations.

l If you run the ipv6 enable command only in the interface view, the IPv6 capability isenabled only on an interface but the IPv6 protocol status on the interface is Down.Therefore, the device cannot forward IPv6 data.

Procedure



Step 2 Run:ipv6


By default, the IPv6 packet forwarding capability is disabled.

To enable a device to forward IPv6 packets, you must run this command in the system view;otherwise, the IPv6 protocol status of the interface is Down and the device cannot forward IPv6packets although you enable IPv6 on the interface.


The view of the VLANIF interface to be enabled with the IPv6 capability is displayed.



Before performing IPv6 configurations in the interface view, you must enable the IPv6 capabilityin the interface view.

By default, the IPv6 capability is disabled on the interface.

----End

9.3.3 Configuring an IPv6 Link-Local Address for an InterfaceThe local address of a link is used in the neighbor discovery protocol, and in the communicationsbetween nodes on the local end of the link in stateless address auto-configuration. The local



155

address of a link is valid only for the link. A packet with a link-local address as the source ordestination address is forwarded only along the local link.

Procedure





Step 3 Perform the following as required.

Run:

ipv6 address auto link-local

Auto generation of the IPv6 link-local address is enabled.

Or

Run:

ipv6 address ipv6-address link-local

The IPv6 link-local address is manually configured.

Besides configuring a link-local address through the preceding two commands, you can alsoconfigure a global unicast IPv6 address for auto generating a link-local address. For details, seeConfiguring an IPv6 Global Unicast Address for an Interface.

----End

9.3.4 Configuring an IPv6 Global Unicast Address for an InterfaceA global unicast IP address is equal to an Internet IPv4 address and can be used for links whoseroute prefixes can be aggregated. In this manner, routing entries can be reduced.

Procedure






You can enable the IPv6 capability.

Step 4 Run:



156

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } or ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

The global unicast address is configured on the interface.

----End


PrerequisiteAll configurations of the IPv6 address are complete.

Procedurel Run the display ipv6 interface [ interface-type interface-number | brief ] command to

check IPv6 information about the interface.

l Run the display ipv6 statistics command to view statistics on IPv6 packets.

----End

9.4 Configuring IPv6 Neighbor DiscoveryIPv6 neighbor discovery (ND) is a packet transmission process to identify the relationshipbetween neighboring nodes. The Neighbor Discovery Protocol (NDP) replaces the AddressResolution Protocol (ARP), ICMP Device Discovery messages, and ICMP Redirect messages,and introduces neighbor reachability detection.

9.4.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for IPv6 neighbor discovery.


Most of the ND configurations are implemented based on the interfaces.


Before configuring IPv6 neighbor discovery, complete the following tasks:

l Configuring the physical features for the interface and ensuring that the status of thephysical layer of the interface is Up

l Configuring link layer parameters for the interface

l Configuring the IPv6 address for the interface

Data Preparation

To configure IPv6 neighbor discovery, you need the following data.



157

No. Data

1 Number of interface which needs to be configured with IPv6 ND

2 IPv6 address and MAC address of the static neighbor

3 Intervals, prefix, and life duration of RA messages

4 Flag bit of automatic configuration

5 Hop limit of ND

6 Sending times of DAD

7 Intervals for re-transmitting NS messages

8 NUD reachable time

9 Interface MTU

9.4.2 Configuring Static NeighborsBy configuring a static neighbor, you can obtain the mapping of the IPv6 address and MACaddress of the neighbor.

Procedure







Step 4 Run one of the following commands as required:

l To configure a static neighbor entry on a common Layer 3 interface, run the ipv6neighbor ipv6-address mac-address command.

l To configure a static neighbor entry on a VLANIF interface, run the ipv6 neighbor ipv6-address mac-address vid vlan-id interface-type interface-number command.

Static neighbors can be configured for VLANIF interfaces. You can configure up to 300neighbors on each interface.

----End



158

9.4.3 Enabling RA Message AdvertisingAfter being enabled with switch advertisement, the device can send router advertisementmessages, providing prefixes for hosts.

Procedure







Step 4 Run:undo ipv6 nd ra halt

The function of advertising RA messages is enabled.

----End

9.4.4 Setting the Interval for Advertising RA MessagesThe device periodically sends router advertisement messages containing information such asprefixes and flag bits.

Procedure







Step 4 Run:ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }

The interval for advertising RA messages is configured.

By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds.

The maximum interval can not be shorter than the minimum interval.



159

When the maximum interval is less than 9 seconds, the minimum interval is set to the same valueas the maximum interval.

----End

9.4.5 Enabling Stateful Auto ConfigurationAfter being enabled with stateful auto-configuration, the host can obtain an IPv6 address throughstateful auto-configuration, for example, the DHCP server.

Procedure







Step 4 Run:ipv6 nd autoconfig managed-address-flag

The flag bit for stateful auto configuration addresses is set.

If this flag is set, hosts use the stateful protocol for address auto-configuration in addition to anyaddresses auto-configured using stateless address auto-configuration.

Step 5 Run:ipv6 nd autoconfig other-flag

The flag bit for other stateful configurations is set.

When this flag is set, hosts use the stateful protocol for auto-configuration of other (non-address)information.

----End

9.4.6 Configuring the Address Prefixes to Be AdvertisedNodes of the local links can perform address auto-configuration by using prefixes of theseaddresses.

Procedure



Step 2 Run:



160

interface vlanif vlan-id




Step 4 Run:ipv6 nd ra prefix { ipv6-address ipv6-prefix-length | ipv6-prefix/ipv6-prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ]

The prefix of RA messages is configured.

----End

9.4.7 Configuring Other Information to Be AdvertisedA router advertisement message carries information such as the maximum number of hops,prefix option, neighbor hold time, and keepalive time.

ContextDuplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You canconfigure the number of DAD messages which are sent continuously.

Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NSre-transmitting time interval is 1000ms.

Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. By default,NUD value is 30000ms.

The MTU of the interface determines whether to fragment IP packets on the interface. DefaultMTUs vary with interface types. The MTU on an GigabitEthernet interface defaults to be 1500bytes.

Procedure



Step 2 Run:ipv6 nd hop-limit limit

ND hop limit is configured.

The value of limit ranges from 1 to 255. By default, it is 64.






161


Step 5 Run:ipv6 nd ra router-lifetime ra-lifetime

The life duration of RA messages is configured.

NOTE

l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval mustbe less than or equal to the life duration.

l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.

l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the durationis still 1800 seconds.

Step 6 Run:ipv6 nd dad attempts value

Times to send DAD messages are configured.

Step 7 Run:ipv6 nd ns retrans-timer interval

The interval for re-sending NS messages is set.

Step 8 Run:ipv6 nd nud reachable-time value

The NUD reachable time is set.

Step 9 Run:ipv6 mtu mtu

MTU of the interface is configured.

----End

Follow-up ProcedureIf the IPv6 MTU value is changed, run the shutdown command and the undo shudowncommand orderly in the interface view to validate the configuration.

9.4.8 Checking the ConfigurationYou can view the configuration of IPv6 neighbor discovery.

PrerequisiteThe configurations of the IPv6 neighbor discovery function are complete.

Procedurel Run the display ipv6 neighbors [ ipv6-address | [ vid vlan-id ] interface-type interface-

number ] command to check the neighbor information in the cache.l Run the display ipv6 interface [ interface-type interface-number | brief ] command to

check the IPv6 information of an interface.

----End



162

ExampleRun the display ipv6 neighbors command. If the cache of the neighbor information containsneighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.

<Quidway> display ipv6 neighbors VLANIF10--------------------------------------------------------IPv6 Address : 3003::2Link-layer : 00e0-fc89-fe6e State : STALEInterface : VLANIF10 Age : 7VPN name : vpn1 VLAN : -Is Router :TRUEIPv6 Address : FE80::2E0:FCFF:FE89:FE6ELink-layer : 00e0-fc89-fe6e State : STALEInterface : VLANIF10 Age : 7VPN name : vpn1 VLAN : -Is Router :TRUE---------------------------------------------------------Total: 2 Dynamic: 2 Static: 0

Run the display ipv6 interface brief command. If information about the IPv6 address on theinterface and interface status are displayed, it means that the configuration succeeds.

<Quidway> display ipv6 interface brief*down: administratively down(l): loopback(s): spoofingInterface Physical ProtocolVLANIF20 up up[IPv6 Address] 2030::101:101VLANIF30 up up[IPv6 Address] 2001::1LoopBack0 up up(s)[IPv6 Address] Unassigned

9.5 Maintaining IPv6This section describes how to maintain IPv6. Detailed operations include deleting informationabout IPv6 operation and monitoring IPv6 operation.

9.5.1 Clearing IPv6 Statistics

Context

CAUTIONStatistics cannot be restored after being cleared. So, confirm the action before you run thecommand.

Procedurel To clear statistics about processing IPv6 packets, run the reset ipv6 statistics command in

the user view.l To clear the IPv6 neighbor cache entry, run the reset ipv6 neighbors { all | dynamic |

static | vid vlan-id [ interface-type interface-number] | interface-type interface-number }command in the user view.



163

l To clear statistics about TCP6, run the reset tcp ipv6 statistics command in the user view.l To clear statistics about UDP6, run the reset udp ipv6 statistics command in the user view.

----End

9.5.2 Monitoring the Running Status of IPv6

ContextIn routine maintenance, you can run the following commands in any view to display the runningof IPv6.

Procedurel Run the display ipv6 interface [ interface-type interface-number | brief ] command in any

view to view information about IPv6 on an interface.l Run the display ipv6 statistics command in any view to view statistics on IPv6 packets.l Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ]

command in any view to view the cache content of neighbors.l Run the display tcp ipv6 statistics command in any view to view statistics on TCP6

packets.l Run the display tcp ipv6 status command in any view to view the status of a TCP6

connection.l Run the display udp ipv6 statistics command in any view to view statistics on UDP6

packets.l Run the display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] command in any

view to view information about the specified socket.l Run the display ipv6 fib [ existing-slot-id ] command in any view to view information

about FIB.

----End

9.5.3 Debugging IPv6This section describes IPv6 debugging through the debugging command.

Context

CAUTIONDebugging affects the performance of the system. So, after debugging, execute the undodebugging all command to disable it immediately.

Run the following debugging commands in the user view to debug IPv6 and locate the fault.

For the procedures of displaying the debugging information, refer to the chapter "InformationCenter Configuration" in the S7700 Smart Routing Switch Configuration Guide - SystemManagement. For descriptions about the debugging commands, refer to the S7700 SmartRouting Switch Debugging Reference.



164

Procedurel Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6.

l Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status andND messages.

l Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view todebug IPv6 packet.

l Run the debugging ipv6 pathmtu command in the user view to debug PMTU.

l Run the debugging tcp ipv6 { event | packet } [ task-id task id | socket-id socket id ]command in the user view to debug TCP6.

l Run the debugging udp ipv6 packet [ task-id task id | socket-id socket id ] command inthe user view to debug UDP6.

----End

9.6 Configuration ExamplesThis section provides a configuration example of IPv6 addresses.

9.6.1 Example for Setting an IPv6 Address for an InterfaceThis section provides a configuration example of IPv6 address for an interface.


As shown in Figure 9-1, two Switches are connected through GE 1/0/1. The GE 1/0/1 interfacesof Switch A and Switch B correspond to their VLANIF 100 interfaces. You need to set IPv6global unicast addresses for the VLANIF 100 interfaces and check the Layer 3 interconnectionbetween them.

The IPv6 global unicast addresses for the interfaces are 3001::1/64 and 3001::2/64.

Figure 9-1 Networking diagram for setting IPv6 addresses

GE 1/0/1VLANIF 1003001::1/64

GE 1/0/1VLANIF 1003001::2/64

SwitchA SwitchB



1. Enable the IPv6 forwarding capability on the Switch.

2. Set IPv6 global unicast addresses for the interfaces.



165


l Global unicast address of an interface

Procedure

Step 1 Enable the IPv6 forwarding capability on the Switch.


<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] ipv6


<Quidway> system-view[Quidway] sysname SwitchB[SwitchB] ipv6

Step 2 Configure the IPv6 global unicast address for the interfaces.


[SwitchA] vlan 100[SwitchA-Vlan100] quit[SwitchA] interface gigabitethernet 1/0/1[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100[SwitchA-GigabitEthernet1/0/1] quit[SwitchA] interface vlanif 100[SwitchA-Vlanif100] ipv6 enable[SwitchA-Vlanif100] ipv6 address 3001::1/64[SwitchA-Vlanif100] quit


[SwitchB] vlan 100[SwitchB-Vlan100] quit[SwitchB] interface gigabitethernet 1/0/1[SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100[SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100[SwitchB-GigabitEthernet1/0/1] quit[SwitchB] interface vlanif 100[SwitchB-Vlanif100] ipv6 enable[SwitchB-Vlanif100] ipv6 address 3001::2/64[SwitchB-Vlanif100] quit


If the configuration succeeds, you can view the configured global unicast addresses. The statusof the interface and the IPv6 protocol are Up.

# Display information about the interface on Switch A.

[SwitchA] display ipv6 interface vlanif 100Vlanif100 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::218:20FF:FE00:83 [TENTATIVE] Global unicast address(es): 3001::1, subnet is 3001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF00:1 FF02::1:FF00:83 FF02::2



166

FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses

# Display information about the interface on Switch B.[SwitchB] display ipv6 interface vlanif 100Vlanif100 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::2E0:FCFF:FE33:11 [TENTATIVE] Global unicast address(es): 3001::2, subnet is 3001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF00:2 FF02::1:FF33:11 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses

# On Switch A, ping the link-local address of Switch B. Note that you need to use the parameter-i to specify the interface of the link-local address.[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100 PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=1 hop limit=64 time = 7 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=3 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=4 hop limit=64 time = 3 ms Reply from FE80::2E0:FCFF:FE33:11 bytes=56 Sequence=5 hop limit=64 time = 3 ms

--- FE80::2E0:FCFF:FE33:11 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/7 ms

# On Switch A, ping the IPv6 global unicast address of Switch B.[SwitchA] ping ipv6 3001::2 PING 3001::2 : 56 data bytes, press CTRL_C to break Reply from 3001::2 bytes=56 Sequence=1 hop limit=64 time = 12 ms Reply from 3001::2 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from 3001::2 bytes=56 Sequence=3 hop limit=64 time = 3 ms Reply from 3001::2 bytes=56 Sequence=4 hop limit=64 time = 3 ms Reply from 3001::2 bytes=56 Sequence=5 hop limit=64 time = 3 ms

--- 3001::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/4/12 ms

----End



167


# sysname SwitchA#ipv6# vlan 100#interface Vlanif100 ipv6 enable ipv6 address 3001::1/64#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#return

l Configuration file of Switch B# sysname SwitchB#ipv6# vlan 100#interface Vlanif100 ipv6 enable ipv6 address 3001::2/64#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#return



168

10 IPv6 DNS Configuration

About This Chapter

By configuring the IPv6 Domain Name System (DNS), you can enable network devices tocommunicate with other through their domain names.

10.1 Introduction to IPv6 DNSAfter each host on the Internet is assigned a domain name, you can set up mapping between thedomain name and IP address of a host. In this manner, you can use domain names, which areeasy to memorize and are of significance, instead of complicated IP addresses.

10.2 IPv6 DNS Supported by the S7700IPv6 domain name resolution can be performed in either dynamic mode or static mode.

10.3 Configuring IPv6 DNSBy configuring the IPv6 DNS, you can set up a mapping between a domain name and an IPv6address. In this manner, you can enable the device to communicate with other devices.

10.4 Maintaining IPv6 DNSThis section describes how to maintain the IPv6 DNS. Detailed operations include deleting IPv6DNS entries and monitoring IPv6 DNS operation.

10.5 Configuration ExamplesThis section provides several configuration examples of IPv6 DNS.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 10 IPv6 DNS Configuration


169

10.1 Introduction to IPv6 DNSAfter each host on the Internet is assigned a domain name, you can set up mapping between thedomain name and IP address of a host. In this manner, you can use domain names, which areeasy to memorize and are of significance, instead of complicated IP addresses.

IPv6 DNS has two resolution modes: dynamic IPv6 DNS resolution and static IPv6 DNSresolution. To resolve a domain name, the system first uses static IPv6 DNS resolution. If thismode fails, the system uses dynamic IPv6 DNS resolution. To improve resolution efficiency,you can put common domain names in a static domain name resolution table.

10.2 IPv6 DNS Supported by the S7700IPv6 domain name resolution can be performed in either dynamic mode or static mode.

IPv6 domain name system (DNS) is similar to IPv4 DNS. For configurations of IPv4 DNS, referto "DNS Configuration."

10.3 Configuring IPv6 DNSBy configuring the IPv6 DNS, you can set up a mapping between a domain name and an IPv6address. In this manner, you can enable the device to communicate with other devices.

10.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring the IPv6 DNS.


DNS needs to be configured if the local users log on to a device using domain names tocommunicate with other devices. The IPv6 DNS entries show the mapping between domainnames and IPv6 addresses.

If users seldom use the domain name to access other devices, or if the DNS server is unavailable,a static DNS needs to be configured. To configure a static IPv6 DNS, the network administratorneeds to know the relation between domain names and IPv6 addresses, and manually modifythe IPv6 DNS entry when the relation changes.

If the users need to use the domain name to access many devices, and the DNS server is available,a dynamic DNS can be configured. The dynamic DNS needs to be supported by a DNS server.


Before configuring IPv6 DNS, configure the route between a local device and a DNS server.

Data Preparation

To configure IPv6 DNS, you need the following data.



170

No. Data

1 Domain name of the static IPv6 DNS entry and the corresponding IPv6 address

2 IPv6 address of the IPv6 DNS server

3 Domain name of the dynamic IPv6 DNS or the domain name list

10.3.2 Configuring a Static IPv6 DNS EntryYou can create a table of mappings between domain names and IPv6 addresses and add commondomain names to this table. When a client needs to use the IPv6 address corresponding to adomain name, the client can search the table for the required IPv6 address. This improves theefficiency of domain name resolution.


system-view


Step 2 Run:ipv6


Step 3 Run:ipv6 host host-name ipv6-address

The host name and the corresponding IPv6 address are configured.

If the same host is configured with IPv6 addresses for several times (the maximum times is 8IPv6 addresses), the IPv6 address configured earliest is used when needing to find the host withthe IPv6 address, such as ping this host.

----End

10.3.3 Configuring the Dynamic IPv6 DNS ServicesTo perform dynamic domain name resolution, you need a special domain name resolution server,which runs a server program. This server provides mappings between domain names and IPv6addresses and receives resolution requests from the client.

ContextIf the IPv6 DNS server is configured with a link-local address, the interface name should alsobe configured with the IPv6 address.

Figure 10-1 DNS server connecting IPv4 and IPv6 networks

IPv4 link

DNS serverDNS IPv4 client DNS IPv6 client

IPv6 link



171

CAUTIONIf multiple DNS servers are configured, the servers are queried in the order of configuration tillproper response is received. If both IPv4 and IPv6 servers are configured, the A query is firstsent to the IPv4 server, while AAAA query packets are first sent to the IPv6 server.

The DNS domains are configured on a device and the domain names can be searched. If theDNS fails in searching for a host name, it appends a domain name to the host name following a"." and continues the DNS search. You can configure some commonly used domain names like"com", and "net". For example, if the search for the host name "huawei" fails, the system thensearches for "huawei.com" or "huawei.net".

Do as follows on the switch:

Procedure



Step 2 Run:dns resolve

The dynamic domain name resolution is enabled.

Step 3 Run:dns server ipv6 ipv6-address [ interface-type interface-number ]

The IPv6 DNS server is configured.

Step 4 Run:dns server ipv6 source-ip ipv6-address

The IPv6 address of the local device is specified.

After the source IPv6 address is specified for the local device, the local device uses the specifiedsource IPv6 address to communicate with the IPv6 DNS server to ensure the security of check.

Step 5 Run:dns domain domain-name

The suffix of domain names is added.

----End

10.3.4 Checking the ConfigurationYou can view the configuration of the IPv6 DNS.

PrerequisiteThe configurations of the IPv6 DNS function are complete.



172

Procedurel Run the display ipv6 host command to check the static IPv6 DNS table.

l Run the display dns server command to check the configuration of the DNS server.

l Run the display dns domain command to check the configuration of the suffix list of thedomain name.

l Run the display dns ipv6 dynamic-host command to check the cache of the dynamicdomain name.

----End

Example

Run the display ipv6 host command. If the static IPv6 DNS entries, including the host nameand the IPv6 address, are displayed, it means that the configuration succeeds. For example:

<Quidway> display ipv6 hostHost Age Flags IPv6Address (es)RTB 0 static 20::1RTA 0 static 20::2

Run the display dns server command. If the IPv6 addresses of all DNS servers are displayed,it means that the configuration succeeds. For example:

<Quidway> display dns serverIPv4 Dns Servers :Domain-server IpAddress 1 169.254.65.125IPv6 Dns Servers:Domain-server Ipv6Address (Interface Name) 1 3001::2 2 FE80::2 GigabitEthernet6/0/0

Run the display dns domain command. If the suffixes of the domain names are displayed, itmeans that the configuration succeeds. For example:

<Quidway> display dns domainNo Domain-name1 com2 net

Run the display dns ipv6 dynamic-host command. If information about the cache of thedynamic domain name is displayed, it means that the configuration succeeds. For example:

<Quidway> display dns ipv6 dynamic-hostNo Domain-name Ipv6address TTL1 huawei6 3001::2 6

10.4 Maintaining IPv6 DNSThis section describes how to maintain the IPv6 DNS. Detailed operations include deleting IPv6DNS entries and monitoring IPv6 DNS operation.

10.4.1 Clearing IPv6 DNS EntriesThis section describes IPv6 DNS entry clearance through the reset command.



173

Context

CAUTIONIPv6 DNS entries cannot be restored after being cleared. So, confirm the action before you usethis command.

Procedure

Step 1 Run the reset dns ipv6 dynamic-host command in the user view to clear dynamic IPv6 DNSentries statistics in the domain name cache.

----End

10.4.2 Monitoring Network Operation Status of IPv6 DNSThis section describes IPv6 DNS operation monitoring through the display command.

ContextIn routine maintenance, you can run the following commands in any view to check the operationof IPv6 DNS.

Procedurel Run:

display dns domain

Domain names are checked.l Run:

display dns server

Configurations of the DNS server are checked.l Run:

display dns ipv6 dynamic-host

Contents about the cache of the IPv6 dynamic domain names are checked.l Run:

display ipv6 host

The static DNS table is checked.

----End

10.5 Configuration ExamplesThis section provides several configuration examples of IPv6 DNS.

10.5.1 Example for Configuring IPv6 DNSThis section provides a configuration example of IPv6 DNS.



174

Networking RequirementsAs shown in Figure 10-2, Switch A, functioning as the IPv6 DNS client and working jointlywhose IPv6 DNS server, can access the host with the IP address as 2002::1/64 based on thedomain name huawei.com.

On Switch A, the static IPv6 DNS entries of Switch B and Switch C are configured. This ensuresthat Switch A can manage both the routers based on the domain names Switch B and Switch C.

Figure 10-2 Networking diagram of IPv6 DNS configurations

Loopback04.1.1.1/32

Loopback04.1.1.2/32

GE1/0/1

2001::1/64

GE1/0/1

2001::2/64

GE1/0/2

2002::2/64

GE1/0/2

2002::3/64

GE1/0/1

2003::1/64

SwitchA

SwitchB SwitchC

huawei.com2002::1/64

DNS server2003::2/64

DNS client

VLANIF100

VLANIF101 VLANIF100 VLANIF100

VLANIF101


1. Configure static IPv6 DNS entries.2. Enable the DNS resolution function.3. Configure IPv6 address of the IPv6 DNS server.4. Set the domain name suffix.


l Domain names of Switch B and Switch Cl IPv6 address of the IPv6 DNS serverl Domain name suffix

Procedure


# Configure static IPv6 DNS entries.

<SwitchA> system-view



175

[SwitchA] ipv6 host RouterB 2001::2[SwitchA] ipv6 host RouterC 2002::3

# Enable the DNS resolution function.

[SwitchA] dns resolve

# Configure the IPv6 address of the IPv6 DNS server.

[SwitchA] dns server ipv6 2003::2

# Set the domain name suffix to ".net".

[SwitchA] dns domain net

# Set the domain name suffix to ".com".

[SwitchA] dns domain com[SwitchA] quit

NOTE

To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server.For details of how to configure the route, see Configuration example of IP static route in the QuidwayS7700 Smart Routing Switch Configuration Guide - IP Routing.


# Run the ping ipv6 huawei.com command on Switch A. You can find that the Ping operationsucceeds, and the destination IP address is 2002::1.

<SwitchA> ping ipv6 huawei.com Resolved Host ( huawei.com -> 2002::1) PING huawei.com : 56 data bytes, press CTRL_C to break Reply from 2002::1: bytes=56 Sequence=1 ttl=126 time=6 ms Reply from 2002::1: bytes=56 Sequence=2 ttl=126 time=4 ms Reply from 2002::1: bytes=56 Sequence=3 ttl=126 time=4 ms Reply from 2002::1: bytes=56 Sequence=4 ttl=126 time=4 ms Reply from 2002::1: bytes=56 Sequence=5 ttl=126 time=4 ms

--- huawei.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/6 ms

# Run the display ipv6 host command on SwitchA. You can view the mapping relationshipsbetween the host names in static IPv6 DNS entries and the IPv6 addresses.

<SwitchA> display ipv6 hostHost Age Flags IPv6Address (es)SwitchB 0 static 2001::2SwitchC 0 static 2002::3

Run the display dns ipv6 dynamic-host command on SwitchA. You can view information aboutdynamic IPv6 DNS entries in the dynamic cache.

<SwitchA> display dns ipv6 dynamic-hostNo Domain-name Ipv6address TTL 1 huawei.com 2002::1 3579

NOTE

TTL in the command output indicates the life time of the entry, in seconds.

----End



176

Configuration Filesl Configuration file of Switch Al #

sysname SwitchA#vlan batch 100# ipv6# ipv6 host SwitchB 2001::2 ipv6 host SwitchC 2002::3# dns resolve dns server ipv6 2003::2 dns domain net dns domain com#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface vlanif100 ipv6 enable ipv6 address 2001::1/64#return

l Configuration file of Switch B# sysname SwitchB#vlan batch 100 101# ipv6#interface GigabitEthernet1/0/1 port hybrid pvid vlan 101 port hybrid untagged vlan 101#interface GigabitEthernet1/0/2 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface vlanif100 ipv6 enable ipv6 address 2002::2/64#interface vlanif101 ipv6 enable ipv6 address 2001::2/64#return

l Configuration file of Switch C# sysname SwitchC#vlan batch 100 101# ipv6#interface GigabitEthernet1/0/1 port hybrid pvid vlan 101 port hybrid untagged vlan 101#interface GigabitEthernet1/0/2 port hybrid pvid vlan 100 port hybrid untagged vlan 100



177

#interface vlanif100 ipv6 enable ipv6 address 2002::3/64#interface vlanif101ipv6 enable ipv6 address 2003::1/64#return



178

11 IPv6 over IPv4 Tunnel Configuration

About This Chapter

The IPv6 over IPv4 tunnel technology is developed to address the problem in the transition fromIPv4 networks to IPv6 networks.

11.1 Introduction to IPv6 over IPv4An IPv6 packet is transparently transmitted after being encapsulated into an IPv4 packet.

11.2 IPv6 over IPv4 Supported by the S7700You can configure manual IPv6 over IPv4 tunnels or 6to4 tunnels to interconnect IPv6 networks.

11.3 Configuring IPv4/IPv6 Dual StacksTo establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite andthe IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.

11.4 Configuring an IPv6 over IPv4 TunnelYou can interconnect IPv6 networks by using IPv4 networks.

11.5 Configuring 6PEBy performing this configuration task, you can interconnect IPv6 networks through the existingMPLS network.

11.6 Maintaining IPv6 over IPv4 TunnelsThis section describes how to maintain an IPv6 over IPv4 tunnel, including how to monitor anIPv6 over IPv4 tunnel.

11.7 Configuration ExamplesThis section provides configuration examples of IPv6 over IPv4 tunnel.

Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Service 11 IPv6 over IPv4 Tunnel Configuration


179

11.1 Introduction to IPv6 over IPv4An IPv6 packet is transparently transmitted after being encapsulated into an IPv4 packet.

During the transition from the IPv4 Internet to the IPv6 Internet, IPv4 networks have been widelydeployed while IPv6 domains are isolated and dispersed around the world. It is not economicalto connect these isolated sites with private lines.

The usual method is tunnel technology. This technology creates tunnels over IPv4 networks toconnect isolated IPv6 domains. This is similar to the situation where the tunnel technology isused to deploy VPNs on the IP networks.

The tunnel used to connect isolated IPv6 domains over IPv4 networks is called IPv6 over IPv4tunnel. To implement this tunnel, enable IPv4/IPv6 dual stacks on the devices at the border ofthe IPv4 network and the IPv6 network.

11.2 IPv6 over IPv4 Supported by the S7700You can configure manual IPv6 over IPv4 tunnels or 6to4 tunnels to interconnect IPv6 networks.

Dual StacksThe simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve acomplete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure11-1 shows a single stack structure and a dual stack structure.

Figure 11-1 Single stack and dual stack structures (Ethernet)

IPv6

TCP UDP

IPv4/IPv6 Application

Ethernet

Protocol ID:0x0800

Protocol ID:0x86DD

IPv4

TCP UDP

IPv4 Application

Ethernet

Protocol ID:0x0800

IPv4 Stack Dual Stack

The characteristics of the dual-stack structure are as follows:

l Supported by multiple link layer protocolsMultiple link layer protocols, such as Ethernet, support dual stacks. The link layer in theabove diagram is the Ethernet. For an Ethernet frame with the protocol ID field value of0x0800 indicates that the network layer has IPv4 packets. The ID field value of 0x86DDindicates that the network has IPv6 packets.



180

l Supported by multiple applicationsMultiple applications such as DNS, FTP and Telnet support dual stacks. The upperapplication, such as DNS, can select TCP or UDP as its transport layer protocol. However,it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.

IPv6 over IPv4 Tunnel

Figure 11-2 shows principles of the IPv6 over IPv4 tunnel technology.

1. Enabling IPv4/IPv6 dual stacksEnable IPv4/IPv6 dual stacks on the border device.

2. Encapsulating IPv6 packetsAfter receiving a packet from the IPv6 network, the border device takes the received IPv6packet as the payload, adds an IPv4 packet header before the payload and encapsulates itinto an IPv4 packet if it finds that the destination of the packet is not for itself.

3. Transmitting the encapsulated packetIn the IPv4 network, the encapsulated packet is transmitted to the peer border device.

4. Decapsulating the packetThe peer border device decapsulates the packet, removes the IPv4 packet header, andforwards the resulting IPv6 packet to the remote IPv6 network.

Figure 11-2 Schematic diagram of IPv6 over IPv4 tunnel

IPv6 IPv6

IPv6 Header IPv6 Data IPv6 Header IPv6 Data

Dual StackRouter

IPv6 host IPv6 hostTunnel

Dual StackRouter

IPv4

IPv4 Header IPv6 Header IPv6 Data

The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 overIPv4 tunnel. Tunnels can be classified according to their setup modes.

The common IPv6 over IPv4 tunnel modes include:

l IPv6 over IPv4 manual tunnelsl 6to4 tunnelsl Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnelsl 6PE

IPv6 over IPv4 Manual Tunnel

An IPv6 over IPv4 manual tunnel is set up by configuring the border devices of two tunnel ends.The source IPv4 address and destination IPv4 address of such a tunnel must be configuredstatically.



181

A manual tunnel is equivalent to a permanent link between two IPv6 networks over an IPv4backbone network. It is the fixed channel for regular and secure communication between thetwo border devices.

The manual tunnel can be used between isolated IPv6 networks. It can also be used between aborder device and a host. In this case, the host and the device on both ends of the tunnel mustsupport the IPv4 and the IPv6 protocol stacks.

6to4 TunnelA 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over anIPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6network and the IPv4 network. The border device on both the ends of the 6to4 tunnel mustsupport the IPv4 and the IPv6 dual protocol stacks at the same time.

The key difference between the 6to4 tunnel and the manual tunnel is that the former can be apoint-to-multipoint connection, and the latter is only a point-to-point connection. Hence, thedevices of the 6to4 tunnel are not configured in pairs.

The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. Youneed not specify the IPv4-compatible IPv6 address for it.

The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the followingformat:

2002:IPv4 address: subnet ID:interface ID

The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address mustbe configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both thesubnet ID and the interface ID are allocated in the isolated IPv6 domains.

As shown in Figure 11-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address ofthe host or device in Site1 is the IPv4 address of the interface through which Switch A accessesthe IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or devicein Site2 is the IPv4 address of the interface through which Switch B accesses the IPv4 network.Switch A and Switch B are both 6to4 devices.

Figure 11-3 6to4 tunnel and 6to4 relay

6to4NetworkSite1

IPv4Network

IPv6Internet

Site3

6to4Router

6to4Relay

SwitchASwitchC

6to4Network

Site2

6to4Router

SwitchB



182

When the host in Site1 accesses the host in Site2, the process concerned is as follows:

1. The IPv6 packet is transmitted to Switch A.

2. Switch A checks the destination address of the IPv6 packet and finds that the address is the6to4 address, from which Switch A obtains the remote IPv4 address of the 6to4 tunnel.

3. Switch A encapsulates this IPv6 packet into the IPv4 packet. The destination address ofIPv4 packet header is the remote IPv4 address of the tunnel, and its source address is thelocal IPv4 address of the tunnel.

4. Switch A forwards the IPv4 packet in the IPv4 network to Switch B.

5. Switch B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6 packetto the destination host in Site2.

The above process implements the communication between the 6to4 networks. To implementthe communication between the 6to4 network and native IPv6 network, a 6to4 relay device isneeded. The so-called native IPv6 network means that both its internal host and device are notconfigured with the 6to4 address.

The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network.One side of the 6to4 relay device is connected to the native IPv6 network; the other side isconnected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device.

As shown in Figure 11-3, when the host in the 6to4 network accesses the IPv6 Internet, theprocess concerned is as follows:

1. The IPv6 packet is routed to Switch A.

2. A 6to4 tunnel is created between Switch A and Switch C.

3. The IPv6 packet is encapsulated into the IPv4 packet and is sent to Switch C.

4. Switch C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends theIPv6 packet to the destination host in the IPv6 Internet.

ISATAP Tunnel

The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device.

The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows:

Prefix (64bit)::5EFE:IPv4-Address

When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in asame IPv4 network), the IPv4 address embedded into the ISATAP address can be either a publicnetwork address or a private network address.

As shown in Figure 11-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is asfollows:

1. The IPv4/IPv6 host sends a request message to a device.

The IPv4/IPv6 host uses the link-local address in the ISATAP format to send a routerrequest message to the ISATAP device. It encapsulates the message into the IPv4 packet.

2. The ISATAP device responds to the request message.



183

The ISATAP device uses a router notification message to respond to the request. The routernotification message contains the ISATAP prefix, which is manually configured on thedevice.

3. The IPv4/IPv6 host obtains its IPv6 address.The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with5EFE:IPv4-Address, and uses this address to access the IPv6 host.

Figure 11-4 ISATAP tunnel

IPv6Network

IPv4/IPv6 Host

IPv6 Host

ISATAP Tunnel

IPv4Network

ISATAPSwitch 2.1.1.1

FE80::5EFE:0201:01013FFE::5EFE:0201:0101

The principle of an IPv4 or IPv6 host accessing an IPv6 network is as follows:

1. The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps givenabove.

2. The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host inthe IPv6 network.

3. An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6host.

6PEOn an IPv4 backbone network where the MPLS is deployed, the ISP can use the IPv6 ProviderEdge (6PE) technology to provide the interconnection capacity for the IPv6 networks ofdispersed users. 6PE is the PE with the IPv6 capacity.

Figure 11-5 shows the principle of interconnecting isolated IPv6 domains through 6PE.

1. When the 6PE device receives an IPv6 packet from the CE, it directly labels the packet totranslate the packet into an MPLS packet that can be transmitted over the IPv4 backbonenetwork.

2. The MPLS packet is forwarded to the remote 6PE through the LSP.3. The remote 6PE removes the label and finds the IPv6 routing table according to the

destination address in the resulting IPv6 packet header.4. The remote 6PE then sends the packet to the destination host in the remote IPv6 network

through the remote CE.



184

Figure 11-5 Networking diagram of 6PE

6PERouter

IPv6Customer

site

IPv6Customer

site

6PERouter

CE CE

IPv4/MPLSIBGP

PE

Note the following points when you connect isolated IPv6 sites through a 6PE tunnel:

l Enable IPv4, MPLS and IPv6 on 6PE.l MP-BGP also needs to be enabled between 6PEs to receive or send IPv6 routes from/to the

remote 6PE.l The IGP over ISP's IPv4 backbone network can be OSPF or IS-IS.l Static routing protocol, IGP or EBGP can work between CE and 6PE.

When ISPs tend to extend their IPv4 or MPLS networks with IPv6 traffic exchange capabilityon MPLS, they only need to update their PE devices.

11.3 Configuring IPv4/IPv6 Dual StacksTo establish an IPv6 over IPv4 tunnel, you need to configure both the IPv4 protocol suite andthe IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network.

11.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for the IPv4/IPv6 dual protocol stack.

Applicable EnvironmentIf a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to beenabled on the device.

Enabling the IPv4/IPv6 dual protocol stacks on the S7700 is a simple process. Enable the IPv6packet forwarding capacity in the system view and configure an IPv4 address or IPv6 addresson the corresponding interface. The device can then forward IPv4 and IPv6 packets on thecorresponding interface.

Pre-configuration TasksBefore configuring IPv6 tunnels, complete the following tasks:



185


l Configuring the link layer parameters for the interface

Data Preparation

To configure IPv4/IPv6 dual stacks, you need the following data.

No. Data

1 Type and number of the interface connected with the IPv4 network

2 IPv4 address and mask of the interface connected with the IPv4 network

3 Type and number of the interface connected with the IPv6 network

4 IPv6 address and prefix of the interface connected with the IPv6 network

11.3.2 Enabling IPv6 Packet ForwardingTo enable IPv6 packet forwarding, you need to enable IPv6 in both the interface view and thesystem view.

Context

To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both thesystem view and the interface view. This is because:

l If you run the ipv6 command only in the system view, only the IPv6 packet forwardingcapability is enabled on a device. The interface on the device is not of the IPv6 capabilityand hence you cannot perform any IPv6 configurations.

l If you run the ipv6 enable command only in the interface view, the IPv6 capability isenabled only on an interface but the IPv6 protocol status on the interface is Down and thedevice cannot forward IPv6 data.

Procedure



Step 2 Run:ipv6


To enable a device to forward IPv6 packets, you must run this command in the system view;otherwise, the IPv6 protocol status on the interface is Down and the device cannot forward IPv6packets although the interface is configured with an IPv6 address.

By default, the IPv6 packet forwarding capability is disabled.



186


The view of the interface to be enabled with the IPv6 capability is displayed.



Before performing IPv6 configurations in the interface view, you must enable the IPv6 capabilityin the interface view.

By default, the IPv6 capability is disabled on the interface.

----End

11.3.3 Configuring IPv4 and IPv6 Addresses for the InterfaceYou need to configure IPv4 and IPv6 addresses separately on the IPv4 and IPv6 networks.

Procedure




The interface view of the IPv4 network is displayed.


An IPv4 address is assigned to the interface.

Step 4 Run:quit




Step 6 Perform the following configuration as required.l Run:

ipv6 address auto link-localThe link-local address is set to be automatically generated.

l Run:ipv6 address ipv6-address link-localThe link-local address of the interface is configured.

l Run:ipv6 address { ipv6-address | prefix-length }



187

The global unicast address is configured.l Run:

ipv6 address { ipv6-address | prefix-length } eui-64The IPv6 EUI-64 address is configured.

----End


PrerequisiteAll configurations are complete.

Procedure

Step 1 Run the display ipv6 interface command to view the IPv6 information about the interface.

----End

11.4 Configuring an IPv6 over IPv4 TunnelYou can interconnect IPv6 networks by using IPv4 networks.

11.4.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring an IPv6 over IPv4 tunnel.

Applicable EnvironmentTo enable communication between two IPv6 networks over the IPv4 network, configure an IPv6over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.

Pre-configuration TasksBefore configuring an IPv6 over IPv4 tunnel, complete the following tasks:


l Configuring the link layer protocol for the interface and ensuring that the status of the linklayer protocol on the interface is Up

l Configuring the IPv4/IPv6 dual-protocol stacks

Data PreparationTo configure an IPv6 over IPv4 tunnel, you need the following data.

11.4.2 Enabling the Service Loopback Function on an Eth-TrunkInterface



188

ContextBefore enabling the service loopback function on an Eth-Trunk interface, note the following:

l Before enabling the service loopback function, create an Eth-Trunk, add member interfacesto the Eth-Trunk and keep it in the Up state.

l Only one interface enabled with the service loopback function is needed on a device.


Procedure



Step 2 Run:interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed.

Step 3 Run:service type tunnel

The Eth-Trunk interface is enabled with the service loopback function.



Step 5 Run:eth-trunk trunk-id

The interface is added to the Eth-Trunk.

----End

11.4.3 Configuring an IPv6 over IPv4 Manual TunnelA manual IPv6 over IPv4 tunnel is a P2P tunnel. The source address and destination address ofa manual IPv6 over IPv4 tunnel are both manually assigned. The source address and destinationaddress of a manual IPv6 over IPv4 tunnel on the same device must be unique. A manual IPv6over IPv4 tunnel acts as a permanent link that crosses an IPv4 network and connects two IPv6networks. Border devices can communicate with each other securely and regularly throughmanual IPv6 over IPv4 tunnels.

ContextNote the following when configuring an IPv6 over IPv4 manual tunnel:

l Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface.l When the specified source interface of the tunnel is a physical interface, it is recommended

to set the tunnel ID to be the same as the number of the physical interface.l You need to conduct the following configurations on the devices on both the ends of the

tunnel. During the configuration, note that the source address of the local tunnel end is the



189

destination address set for the remote tunnel end; the destination address of the local tunnelend is the source address set for the remote tunnel end.

Procedure




The tunnel interface is created.

Step 3 Run:tunnel-protocol ipv6-ipv4

The tunnel is specified be an IPv6 over IPv4 manual tunnel.

Step 4 Run:source { ip-address | interface-type interface-number }

The source address or source interface of the tunnel is specified.

Step 5 Run:destination dest-ip-address

The destination address of the tunnel is specified.

NOTE

The destination address of the tunnel can be the address of a physical interface or the address of a loopbackinterface.


IPv6 is enabled on the interface.


The tunnel interface is configured with an IPv6 address.

----End

11.4.4 Configuring a 6to4 TunnelA 6to4 tunnel is a P2MP tunnel and can interconnect IPv6 networks which are isolated fromeach other through an IPv4 network.

ContextNote the following when configuring a 6to4 tunnel:

l Before configuring other parameters of the tunnel, create a tunnel interface.l When the specified source interface of the tunnel is a physical interface, it is recommended

to set the tunnel ID to be the same as the number of the physical interface.



190

l When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. Thedestination address of the tunnel is automatically obtained from the destination IP addressfield carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnelmust be unique.

l On the border device, configure a 6to4 address on the interface that is connected with the6to4 network, and configure an IPv4 address on the interface that is connected with theIPv4 network. To make the tunnel support the routing protocol, configure an IP address forthe tunnel interface.

Procedure




A tunnel interface is created.

Step 3 Run:tunnel-protocol ipv6-ipv4 6to4

The tunnel is specified as a 6to4 tunnel.






The interface is configured with an IPv6 address.

----End

Follow-up ProcedureThe configuration of 6to4 relay needed to access the IPv6 network, is similar to the 6to4 tunnel.For the configuration example, see "Example for Configuring 6to4 Relay."

11.4.5 Configuring an ISATAP TunnelIntra-site Automatic Tunnel Addressing Protocol (ISATAP) tunnels are used in the situationwhere IPv4/IPv6 hosts in an IPv4 network need to access an IPv6 network. An ISATAP tunnelcan be established between an ISATAP host and an ISATAP device.

ContextNote the following when configuring an ISATAP tunnel:



191

l Before configuring other parameters of the tunnel, create a tunnel interface.l When the specified source interface of the tunnel is a physical interface, it is recommended

to set the tunnel ID to be the same as the number of the physical interface.l When configuring an ISATAP tunnel, you need to specify only the source address of the

tunnel. The destination address of the tunnel is automatically obtained from the destinationIP address field carried in the original IPv6 packet. Note that the source interface of theISATAP tunnel must be unique.

l The IPv6 address configured on the tunnel interface is an ISATAP address with a prefixlength of 64 bits.


system-view



A tunnel interface is created.

Step 3 Run:tunnel-protocol ipv6-ipv4 isatap

The tunnel is specified as an ISATAP tunnel.




The tunnel interface is configured with an IPv6 address.

Step 6 Run:undo ipv6 nd ra halt

The device is allowed to advertise routes.

----End

11.4.6 Configuring Routes in the TunnelPackets can be normally forwarded only when routes exist on both the source device anddestination device of the tunnel.

ContextConfiguring routes in the tunnel comprises configuring static routes and dynamic routes.

NOTE

Currently, the tunnel interface of the S7700 cannot be configured with routing protocols.

l When configuring a static route, you need to run the ipv6 route-static dest-ipv6-addressprefix-length { interface-type interface-number nexthop-ipv6-address | nexthop-ipv6-



192

address } command to configure a route destined for the destination address (the destinationaddress specified before the packet encapsulation, rather than the destination address of thetunnel). In addition, you need to set the next hop address to the address of the interface onthe remote end of the tunnel.


PrerequisiteAll configurations of the IPv6 over IPv4 tunnel are complete.

Procedure

Step 1 Run the display ipv6 interface tunnel interface-number command to view the IPv6 attributeof the tunnel interface.

----End

11.5 Configuring 6PEBy performing this configuration task, you can interconnect IPv6 networks through the existingMPLS network.

11.5.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring 6PE.

Applicable EnvironmentTo interconnect IPv6 networks over the existing MPLS network, 6PE must be configured on thePE devices.

Pre-configuration TasksBefore configuring 6PE, complete the following tasks:

l Configuring the physical features of interfaces and ensuring that the status of the physicallayer of the interface is Up

l Configuring the link layer protocols on interface and ensuring that the status of the linklayer protocol on the interface is Up

l Configuring routes from 6PE to CEl Configuring routes to the backbone network

Data PreparationTo configure 6PE, you need the following data.

No. Data

1 Interface number and IPv6 address of the 6PE's interface connected with CE devices



193

No. Data

2 Interface number and IPv4 address of the 6PE's interface

3 Interface number and IPv4 address of the loopback interface to be created

4 LSP triggering policy

5 IPv4 address of the peer of the 6PE

11.5.2 Configuring IPv4/IPv6 Dual Protocol StacksYou need to enable the IPv4/IPv6 dual stack on the border device of the IPv4 and IPv6 networks.

Procedure



Step 2 Run:ipv6

The IPv6 packet forwarding is enabled.





Step 5 Run:quit






Step 8 Run:ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

Or

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }



194


Step 9 Run:quit


----End

11.5.3 Configuring MPLSThis section describes how to configure the basic functions of MPLS including LSP setup andLDP enabling.

Procedure



Step 2 Run:mpls lsr-id ip-address

The LSR ID is specified.

Step 3 Run:mpls

MPLS is enabled and the MPLS view is displayed.

Step 4 Run:quit


Step 5 Run:mpls ldp

MPLS LDP is enabled.

Step 6 Run:quit

Exit the system view.



Step 8 Run:mpls

MPLS is enabled on the interface.

Step 9 Run:mpls ldp



195

MPLS LDP is enabled on the interface.

----End

11.5.4 Enabling 6PE PeerBy configuring a particular 6PE peer, you can configure a particular 6PE peer to exchangerouting information with the peer configured in the IPv6 view.

Procedure



Step 2 Run:bgp as-number

The BGP view is displayed.

Step 3 Run:peer ipv4-address as-number as-number

The IP address and the AS number of a specified BGP peer are specified.

Step 4 Run:peer ipv4-address connect-interface interface-type interface-number

PE peer is specified to connect with a specified interface.

Step 5 Run:ipv6-family

The BGP-IPv6 unicast address family view is displayed.

Step 6 Run:peer peer-ipv4-address enable

6PE peer is enabled.

Step 7 Run:peer peer-ipv4-address label-route-capability

Label routing capacity is enabled for 6PE.

----End


PrerequisiteAll configurations are complete.

Procedure

Step 1 Run the display mpls lsp command to view information about LSP.



196

Step 2 Run the display bgp ipv6 routing-table command to view information about IPv6 BGP routes.

----End


11.6.1 Monitoring the Running Status of IPv6 over IPv4 TunnelThis section describes how to monitor an IPv6 over IPv4 tunnel.

ContextIn routine maintenance, you can run the following command in any view to check the operationof IPv6 over IPv4 tunnel.

ProcedureStep 1 Run the display ipv6 interface tunnel { interface-number } command in any view to check the

operation status of the tunnel interface.

----End

11.6.2 Debugging IPv6 over IPv4 TunnelThis section describes how to debug an IPv6 over IPv4 tunnel.

Context


If an operation fault occurs on the IPv6 tunnel, run the following debugging commands in theuser view to debug the IPv6 tunnel. View information about debugging, locate the fault, andanalyze the cause.

For the procedure of displaying the debugging information, refer to the chapter "InformationCenter Configuration" in the S7700 Smart Routing Switch Configuration Guide - SystemManagement. For descriptions about the debugging commands, refer to the S7700 SmartRouting Switch Debugging Reference.

ProcedureStep 1 Run the debugging tunnel { all | control | error | keepalive | packet | timer } [ interface

tunnel interface-type interface-number ] command in the user view to debug tunnel information.

----End



197


11.7.1 Example for Configuring an IPv6 over IPv4 Tunnel ManuallyThis section provides a configuration example of manual IPv6 over IPv4 tunnel.


As shown in Figure 11-6, two IPv6 networks are connected to Switch B on the IPv4 backbonenetwork respectively through Switch A and Switch C. To enable the communication betweentwo IPv6 networks, manually configure an IPv6 over IPv4 tunnel between Switch A andSwitch C.

Figure 11-6 Networking diagram for configuring the IPv6 over IPv4 tunnel manually

IPv6 IPv6

IPv4network

GE 1/0/1VLANIF 100

192.168.50.1/24

GE 1/0/2VLANIF 200

192.168.51.1/24

GE 1/0/1VLANIF 100

192.168.50.2/24

GE 1/0/1VLANIF 200

192.168.51.2/24

Dualstack

Dualstack

SwitchB

SwitchA SwitchC



1. Enabling the service loopback function on an Eth-Trunk interface.2. Set the IP address for the VLANIF interface mapping with the physical interface.3. Configure IPv6 addresses, source interface, and destination addresses for the tunnel

interfaces.4. Set the tunnel protocol to IPv6-IPv4.

Data Preparation


l IP addresses of interfaces



198

l IPv6 address, source address, and destination address of the tunnel

Procedure


# Enabling the service loopback function on an Eth-Trunk interface.

CAUTIONThe interface must be idle. That is, the interface does not transmit services.

<Quidway> system-view[Quidway] interface eth-trunk 1[Quidway-Eth-Trunk1] service type tunnel[Quidway-Eth-Trunk1] quit[Quidway] interface gigabitethernet 1/0/3[Quidway-GigabitEthernet1/0/3] eth-trunk 1[Quidway-GigabitEthernet1/0/3] quit

# Assign IP addresses to interfaces.

<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] ipv6[SwitchA] vlan 100[SwitchA-Vlan100] quit[SwitchA] interface gigabitethernet1/0/1[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100[SwitchA-GigabitEthernet1/0/1] quit[SwitchA] interface vlanif 100[SwitchA-Vlanif100] ip address 192.168.50.2 255.255.255.0[SwitchA-Vlanif100] quit

# Set the tunnel protocol to IPv6-IPv4.

[SwitchA] interface tunnel 1/0/1[SwitchA-Tunnel1/0/1] tunnel-protocol ipv6-ipv4

# Bind the tunnel interface to the Eth-Trunk.

[SwitchA-Tunnel1/0/1] eth-trunk 1

# Set IPv6 address and destination address for the tunnel interface.

[SwitchA-Tunnel1/0/1] ipv6 enable[SwitchA-Tunnel1/0/1] ipv6 address 3001::1/64[SwitchA-Tunnel1/0/1] source vlanif 100[SwitchA-Tunnel1/0/1] destination 192.168.51.2[SwitchA-Tunnel1/0/1] quit

Configure a static route.

[SwitchA] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1


Assign IP addresses to interfaces.

<Quidway> system-view[Quidway] sysname SwitchB[SwitchB] ipv6[SwitchB] vlan 100



199

[SwitchB-Vlan100] quit[SwitchB] vlan 200[SwitchB-Vlan200] quit[SwitchB] interface gigabitethernet1/0/1[SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100[SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100[SwitchB-GigabitEthernet1/0/1] quit[SwitchB] interface gigabitethernet1/0/2[SwitchB-GigabitEthernet1/0/2] port hybrid pvid vlan 200[SwitchB-GigabitEthernet1/0/2] port hybrid untagged vlan 200[SwitchB-GigabitEthernet1/0/2] quit[SwitchB] interface vlanif 100[SwitchB-Vlanif100] ip address 192.168.50.1 255.255.255.0[SwitchB-Vlanif100] quit[SwitchB] interface vlanif 200[SwitchB-Vlanif200] ip address 192.168.51.1 255.255.255.0[SwitchB-Vlanif200] quit

Step 3 Configure Switch C.



<Quidway> system-view[Quidway] interface eth-trunk 1[Quidway-Eth-Trunk1] service type tunnel[Quidway-Eth-Trunk1] quit[Quidway] interface gigabitethernet1/0/1[Quidway-GigabitEthernet1/0/3] eth-trunk 1[Quidway-GigabitEthernet1/0/3] quit

Assign IP addresses to interfaces.

<Quidway> system-view[Quidway] sysname SwitchC[SwitchC] ipv6[SwitchC] vlan 200[SwitchC-Vlan200] quit[SwitchC] interface gigabitethernet1/0/1[SwitchC-GigabitEthernet1/0/1] port hybrid pvid vlan 200[SwitchC-GigabitEthernet1/0/1] port hybrid untagged vlan 200[SwitchC-GigabitEthernet1/0/1] quit[SwitchC] interface vlanif 200[SwitchC-Vlanif200] ip address 192.168.51.2 255.255.255.0[SwitchC-Vlanif200] quit

# Set the tunnel protocol to IPv6-IPv4.

[SwitchC] interface tunnel 1/0/1[SwitchC-Tunnel1/0/1] tunnel-protocol ipv6-ipv4

# Bind the tunnel interface to the Eth-Trunk.

[SwitchC-Tunnel1/0/1] eth-trunk 1

# Set IPv6 address and destination address for the tunnel interface.

[SwitchC-Tunnel1/0/1] ipv6 enable[SwitchC-Tunnel1/0/1] ipv6 address 3001::2/64[SwitchC-Tunnel1/0/1] source vlanif 200[SwitchC-Tunnel1/0/1] destination 192.168.50.2[SwitchC-Tunnel1/0/1] quit



200

# Configure a static route.[SwitchC] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1


# On Switch C, ping the IPv4 address of VLANIF 100 of Switch A. Switch C can receive theresponse packet from Switch A.[SwitchC] ping 192.168.50.2 PING 192.168.50.2: 56 data bytes, press CTRL_C to break Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=84 ms Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=25 ms Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=3 ms Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=24 ms


# On Switch C, ping the IPv6 address of Tunnel 1/0/1 of Switch A. Switch C can receive theresponse packet from Switch A.[SwitchC] ping ipv6 3001::1 PING 3001::1 : 56 data bytes, press CTRL_C to break Reply from 3001::1 bytes=56 Sequence=1 hop limit=255 time = 28 ms Reply from 3001::1 bytes=56 Sequence=2 hop limit=255 time = 27 ms Reply from 3001::1 bytes=56 Sequence=3 hop limit=255 time = 26 ms Reply from 3001::1 bytes=56 Sequence=4 hop limit=255 time = 27 ms Reply from 3001::1 bytes=56 Sequence=5 hop limit=255 time = 26 ms --- 3001::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 26/26/28 ms

----End


# sysname SwitchA#ipv6#vlan batch 100#interface Vlanif100 192.168.50.2 255.255.255.0#interface Eth-Trunk1 service type tunnel#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet1/0/3 eth-trunk 1



201

#interface Tunnel1/0/1 ipv6 enable ipv6 address 3001::1/64 tunnel-protocol ipv6-ipv4 source Vlanif100 destination 192.168.51.2#ip route-static 192.168.51.0 255.255.255.0 192.168.50.1#return

l Configuration file of Switch B# sysname SwitchB#vlan batch 100 200#interface Vlanif100 192.168.50.1 255.255.255.0#interface Vlanif200 192.168.51.1 255.255.255.0#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200#return

l Configuration file of Switch C# sysname SwitchC#ipv6#vlan batch 200#interface Vlanif200 192.168.51.2 255.255.255.0#interface Eth-Trunk1 service type tunnel#

interface GigabitEthernet1/0/1 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface GigabitEthernet1/0/3 eth-trunk 1#interface Tunnel1/0/1 ipv6 enable ipv6 address 3001::2/64 tunnel-protocol ipv6-ipv4 source Vlanif200 destination 192.168.50.2#ip route-static 192.168.50.0 255.255.255.0 192.168.51.1#return



202

11.7.2 Example for Configuring a 6to4 TunnelThis section provides a configuration example of 6to4 tunnel.

Networking RequirementsAs shown in Figure 11-7, Switch A and Switch B are connected to a 6to4 network and an IPv4backbone network respectively. To enable communication between two 6to4 network hosts, youneed to manually configure an 6to4 tunnel between Switch A and Switch B.

To enable communication between 6to4 networks, configure 6to4 addresses for the hosts on the6to4 network. A 6to4 address has a 48-bit prefix, which is in the format 2002:IPv4 address. Asshown in Figure 11-7, the IPv4 address of the interface through which Switch A is connectedto the IPv4 network is 2.1.1.1. Therefore, the 6to4 address prefix of the 6to4 network whereSwitch A is located is 2002:0201:0101::.

Figure 11-7 Networking diagram for configuring a 6to4 tunnel

IPv4

SwitchA SwitchB

GE 1/0/1VLANIF 100

2.1.1.1

GE 1/0/2VLANIF 200

2002:201:101:1::1/64

GE 1/0/1VLANIF 100

2.1.1.2

GE 1/0/2VLANIF 200

2002:201:102:1::1/64

PC1IPv6

PC2IPv6

Tunnel 1/0/12002:201:101::1/64

Tunnel 1/0/12002:201:102::1/64

2002:201:101:1::2 2002:201:102:1::2


1. Enabling the service loopback function on an Eth-Trunk interface.2. Configure the IPv4/IPv6 stack on the Switch.3. Configure a 6to4 tunnel on the Switch.4. Configure related routes on the Switch.


l IPv4 and IPv6 addresses of interfacesl Source tunnel interface



203

ProcedureStep 1 # Configure Switch A.




# Configure the IPv4/IPv6 stack.<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] ipv6[SwitchA] vlan batch 100 200[SwitchA] interface gigabitethernet1/0/1[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100[SwitchA-GigabitEthernet1/0/1] quit[SwitchA] interface vlanif 100[SwitchA-Vlanif100] ip address 2.1.1.1 8[SwitchA-Vlanif100] quit[SwitchA] interface gigabitethernet1/0/2[SwitchA-GigabitEthernet1/0/2] port hybrid pvid vlan 200[SwitchA-GigabitEthernet1/0/2] port hybrid untagged vlan 200[SwitchA-GigabitEthernet1/0/2] quit[SwitchA] interface vlanif 200[SwitchA-Vlanif200] ipv6 enable[SwitchA-Vlanif200] ipv6 address 2002:0201:0101:1::1/64[SwitchA-Vlanif200] quit

# Configure a 6to4 tunnel.[S7700-A] interface tunnel 1/0/1[SwitchA-Tunnel0/0/1] eth-trunk 1[SwitchA-Tunnel1/0/1] tunnel-protocol ipv6-ipv4 6to4[SwitchA-Tunnel1/0/1] ipv6 enable[SwitchA-Tunnel1/0/1] ipv6 address 2002:0201:0101::1/64[SwitchA-Tunnel1/0/1] source vlanif 100[SwitchA-Tunnel1/0/1] quit

# Configure a route to other 6to4 networks.[SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/1

Step 2 # Configure Switch B.





204


# Configure the IPv4/IPv6 stack.

<Quidway> system-view[Quidway] sysname SwitchB[SwitchB] ipv6[SwitchB] vlan batch 100 200[SwitchB] interface gigabitethernet1/0/1[SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100[SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100[SwitchB-GigabitEthernet1/0/1] quit[SwitchB] interface vlanif 100[SwitchB-Vlanif100] ip address 2.1.1.2 8[SwitchB-Vlanif100] quit[SwitchB] interface gigabitethernet1/0/2[SwitchB-GigabitEthernet1/0/2] port hybrid pvid vlan 200[SwitchB-GigabitEthernet1/0/2] port hybrid untagged vlan 200[SwitchB-GigabitEthernet1/0/2] quit[SwitchB] interface vlanif 200[SwitchB-Vlanif200] ipv6 enable[SwitchB-Vlanif200] ipv6 address 2002:0201:0102:1::1/64[SwitchB-Vlanif200] quit

# Configure a 6to4 tunnel.

[SwitchB] interface tunnel 1/0/1[SwitchB-Tunnel0/0/1] eth-trunk 1[SwitchB-Tunnel1/0/1] tunnel-protocol ipv6-ipv4 6to4[SwitchB-Tunnel1/0/1] ipv6 enable[SwitchB-Tunnel1/0/1] ipv6 address 2002:0201:0102::1/64[SwitchB-Tunnel1/0/1] source vlanif 100[SwitchB-Tunnel1/0/1] quit

# Configure a route to other 6to4 networks.

[SwitchB] ipv6 route-static 2002:: 16 tunnel 1/0/1

NOTE

There must be a reachable route between SwitchA and SwitchB. In this example, the routing protocol needsto be configured on GigabitEthernet1/0/1 of SwitchA and SwitchB to ensure a reachable route betweenSwitchA and SwitchB. For the configuration procedure, see the Quidway S7700 Smart Routing SwitchConfiguration Guide - IP Routing.


# View the IPv6 status of Tunnel 1/0/1 on Switch A, and you can find that the status is Up.

[SwitchA] display ipv6 interface tunnel 1/0/1Tunnel1/0/1 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::201:101 [TENTATIVE] Global unicast address(es): 2002:201:101::1, subnet is 2002:201:101::/64 [TENTATIVE] Joined group address(es): FF02::1:FF01:101 FF02::1:FF00:1 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses



205

# On Switch A, ping the 6to4 address of VLANIF 200 of Switch B. Switch A can receive theresponse packet from Switch B.

[SwitchA] ping ipv6 2002:0201:0102:1::1 PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break Reply from 2002:201:102:1::1 bytes=56 Sequence=1 hop limit=255 time = 8 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=2 hop limit=255 time = 25 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=3 hop limit=255 time = 4 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=4 hop limit=255 time = 5 ms Reply from 2002:201:102:1::1 bytes=56 Sequence=5 hop limit=255 time = 5 ms

--- 2002:0201:0102:1::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 4/9/25 ms

----End


# sysname SwitchA#ipv6#vlan batch 100 200#interface Vlanif100 ip address 2.1.1.1 255.0.0.0#interface Vlanif200 ipv6 enable ipv6 address 2002:201:101:1::1/64#interface Eth-Trunk1 service type tunnel#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200#GigabitEthernet1/0/3 eth-trunk 1#interface Tunnel1/0/1 eth-trunk 1 ipv6 enable ipv6 address 2002:201:101:1::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100#ipv6 route-static 2002:: 16 Tunnel 0/0/1#return

l Configuration file of Switch B



206

# sysname SwitchB#ipv6#vlan batch 100 200#interface Vlanif100 ip address 2.1.1.2 255.0.0.0#interface Vlanif200 ipv6 enable ipv6 address 2002:201:102:1::1/64#interface Eth-Trunk1 service type tunnel#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface GigabitEthernet1/0/3 eth-trunk 1#interface Tunnel1/0/1 ipv6 enable ipv6 address 2002:201:102:1::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100#ipv6 route-static 2002:: 16 Tunnel 0/0/1#return

11.7.3 Example for Configuring a 6to4 RelayThis section provides a configuration example of 6to4 relay.

Networking RequirementsAs shown in Figure 11-8, Switch A is a 6to4 device and is connected to an IPv6 network.Switch B is a 6to4 relay device and is connected to the IPv6 Internet (2001::/64). Switch A andSwitch B are connected through an IPv4 backbone network. To enable communication betweenthe 6to4 network and the IPv6 network, you need to configure a 6to4 tunnel between Switch Aand Switch B.

The configuration of a tunnel between a 6to4 relay device and a common 6to4 device is similarto configuration of a tunnel between common 6to4 devices. A static route to the IPv6 networkmust be configured on the common 6to4 device so that the 6to4 network and the IPv6 networkcan communicate with each other.



207

Figure 11-8 Networking diagram for configuring the 6to4 relay

IPv4

SwitchA SwitchB

GE 1/0/0VLANIF 100

2.1.1.1

GE 2/0/0VLANIF 200

2002:201:101:1::1/64

GE 1/0/0VLANIF 100

2.1.1.2

GE 2/0/0VLANIF 2002001::1/64

PC1IPv6

PC2IPv6

Tunnel 1/0/02002:201:101::1/64

Tunnel 1/0/02002:201:102::1/64

2002:201:101:1::2 2001::2/64


1. Configure IPv4/IPv6 stacks on devices.2. Configure a 6to4 tunnel on devices.3. Configure related static routes on devices.


l IPv4 and IPv6 addresses of interfacesl Source tunnel interfacel Static route to an indirectly connected device

Procedure

Step 1 # Configure Switch A.

# Configure the IPv4/IPv6 stack.

<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] ipv6[SwitchA] vlan batch 100 200[SwitchA] interface gigabitethernet 1/0/0[SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 100[SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 100[SwitchA-GigabitEthernet1/0/0] quit[SwitchA] interface vlanif 100[SwitchA-Vlanif100] ip address 2.1.1.1 255.0.0.0[SwitchA-Vlanif100] quit[SwitchA] interface gigabitethernet 2/0/0[SwitchA-GigabitEthernet2/0/0] port hybrid pvid vlan 200



208

[SwitchA-GigabitEthernet2/0/0] port hybrid untagged vlan 200[SwitchA-GigabitEthernet2/0/0] quit[SwitchA] interface vlanif 200[SwitchA-Vlanif200] ipv6 enable[SwitchA-Vlanif200] ipv6 address 2002:0201:0101:1::1/64[SwitchA-Vlanif200] quit


[S7700-A] interface tunnel 1/0/0[SwitchA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4[SwitchA-Tunnel1/0/0] ipv6 enable[SwitchA-Tunnel1/0/0] ipv6 address 2002:0201:0101::1/64[SwitchA-Tunnel1/0/0] source vlanif 100[SwitchA-Tunnel1/0/0] quit

# Configure a static route to 2002::/16.

[SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/0

# Configure a default route to the local IPv6 network.

[SwitchA] ipv6 route-static :: 0 2002:0201:0102::1


Configure the IPv4/IPv6 stack

<Quidway> system-view[Quidway] sysname SwitchB[SwitchB] ipv6[SwitchB] vlan batch 100 200[SwitchB] interface gigabitethernet 1/0/0[SwitchB-GigabitEthernet1/0/0] port hybrid pvid vlan 100[SwitchB-GigabitEthernet1/0/0] port hybrid untagged vlan 100[SwitchB-GigabitEthernet1/0/0] quit[SwitchB] interface vlanif 100[SwitchB-Vlanif100] ip address 2.1.1.2 255.0.0.0[SwitchB-Vlanif100] quit[SwitchB] interface gigabitethernet 2/0/0[SwitchB-GigabitEthernet2/0/0] port hybrid pvid vlan 200[SwitchB-GigabitEthernet2/0/0] port hybrid untagged vlan 200[SwitchB-GigabitEthernet2/0/0] quit[SwitchB] interface vlanif 200[SwitchB-Vlanif200] ipv6 enable[SwitchB-Vlanif200] ipv6 address 2001::1/64[SwitchB-Vlanif200] quit


[SwitchB] interface tunnel 1/0/0[SwitchB-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4[SwitchB-Tunnel1/0/0] ipv6 enable[SwitchB-Tunnel1/0/0] ipv6 address 2002:0201:0102::1/64[SwitchB-Tunnel1/0/0] source vlanif 100[SwitchB-Tunnel1/0/0] quit

# Configure a static route to 2002::/16.

[SwitchB] ipv6 route-static 2002:: 16 tunnel 1/0/0


# On Switch A, the IPv6 address of VLANIF 200 on Switch B can be successfully pinged.

[SwitchA] ping ipv6 2001::1 PING 2001::1 : 56 data bytes, press CTRL_C to break Reply from 2001::1 bytes=56 Sequence=1 hop limit=255 time = 29 ms Reply from 2001::1



209

bytes=56 Sequence=2 hop limit=255 time = 5 ms Reply from 2001::1 bytes=56 Sequence=3 hop limit=255 time = 5 ms Reply from 2001::1 bytes=56 Sequence=4 hop limit=255 time = 5 ms Reply from 2001::1 bytes=56 Sequence=5 hop limit=255 time = 26 ms

--- 2001::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 5/14/29 ms

----End


#sysname SwitchA#ipv6#vlan batch 100 200#interface Vlanif100 ip address 2.1.1.1 255.0.0.0#interface Vlanif200 ipv6 enable ipv6 address 2002:201:101:1::1/64#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface Tunnel 1/0/0 ipv6 enable ipv6 address 2002:201:101::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100#ipv6 route-static :: 0 2002:201:102::1#ipv6 route-static 2002:: 16 Tunnel 1/0/0#return

l Configuration file of Switch B#sysname SwitchB#ipv6#vlan batch 100 200#interface Vlanif100 ip address 2.1.1.2 255.0.0.0#interface Vlanif200 ipv6 enable ipv6 address 2001::1/64#interface GigabitEthernet1/0/0



210

port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface Tunnel 1/0/0 ipv6 enable ipv6 address 2002:201:102::1/64 tunnel-protocol ipv6-ipv4 6to4 source vlanif100#ipv6 route-static 2002:: 16 Tunnel 1/0/0#return

11.7.4 Example for Configuring an ISATAP TunnelThis section provides a configuration example of ISATAP tunnel.

Network RequirementsAs shown in Figure 11-9, an IPv6 host in the IPv4 network running the Windows XP systemneeds to access the IPv6 network through a border device. Both the IPv6 host and the borderdevice support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host andthe border device.

Figure 11-9 Networking diagram of the ISATAP tunnel

IPv4network

ISATAP hostIPv6 host

2.1.1.2FE80::5EFE:0201:0102

2001::5EFE:0201:0102

ISATAP

GE1/0/2VLANIF 2002.1.1.1/8

GE1/0/1VLANIF 1003001::1/64

3001::2

IPv6network

Switch


1. Enabling the service loopback function on an Eth-Trunk interface.2. Configure IPv4/IPv6 dual protocol stacks.3. Configure an ISATAP tunnel.4. Configure static routes from the IPv6 host to the ISATAP host.


l IPv4 or IPv6 addresses of interfaces



211

l Source interface of the tunnell VLAN that the physical interface of the Switch belongs to

Procedure

Step 1 Configure the ISATAP device.




# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.

<Quidway> system-view[Quidway] ipv6[Quidway] vlan batch 100 200[Quidway] interface gigabitethernet 1/0/1[Quidway-GigabitEthernet1/0/1] port hybrid pvid vlan 100[Quidway-GigabitEthernet1/0/1] port hybrid untagged vlan 100[Quidway-GigabitEthernet1/0/1] quit[Quidway] interface gigabitethernet 1/0/2[Quidway-GigabitEthernet1/0/2] port hybrid pvid vlan 200[Quidway-GigabitEthernet1/0/2] port hybrid untagged vlan 200[Quidway-GigabitEthernet1/0/2] quit[Quidway] interface vlanif 100[Quidway-Vlanif100] ipv6 enable[Quidway-Vlanif100] ipv6 address 3001::1/64[Quidway-Vlanif100] quit[Quidway] interface vlanif 200[Quidway-Vlanif200] ip address 2.1.1.1 255.0.0.0[Quidway-Vlanif200] quit

# Configure an ISATAP tunnel.

[Quidway] interface tunnel 1/0/2[Quidway-Tunnel0/0/2] eth-trunk 1[Quidway-Tunnel1/0/2] tunnel-protocol ipv6-ipv4 isatap[Quidway-Tunnel1/0/2] ipv6 enable[Quidway-Tunnel1/0/2] ipv6 address 2001::/64 eui-64[Quidway-Tunnel1/0/2] source vlanif 200[Quidway-Tunnel1/0/2] undo ipv6 nd ra halt[Quidway-Tunnel1/0/2] quit

Step 2 Configure the ISATAP host.

NOTE

The ISATAP host needs to run IPv6 and needs to be enabled with the IPv6 function.

# Configure a static route to the border device. (The pseudo interface number of the host is 2.You can run the ipv6 if command to view the interface corresponding to the automatic tunnelingpseudo interface.)



212

C:\> netsh interface ipv6 isatap set router 2.1.1.1

Step 3 Configure the IPv6 host.

# Configure a static route on the IPv6 host to the border device, so hosts in different networkscan communicate through the ISATAP tunnel.

C:\> netsh interface ipv6 set route 2001::/64 3001::1


Check the status of the Tunnel 1/0/2 on the ISATAP device and find it is Up.

[Quidway] display ipv6 interface tunnel 1/0/2Tunnel1/0/2 current state : UPIPv6 protocol current state : UPIPv6 is enabled, link-local address is FE80::5EFE:201:101 [TENTATIVE] Global unicast address(es): 2001::5EFE:201:101, subnet is 2001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF01:101 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisement max interval 600 seconds, min interval 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses

# On the ISATAP device, ping the global unicast IP address of the tunnel interface on theISATAP host.

[Quidway] ping ipv6 2001::5efe:2.1.1.2 PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break Reply from 2001::5EFE:201:102 bytes=56 Sequence=1 hop limit=64 time = 4 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=2 hop limit=64 time = 3 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=3 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=4 hop limit=64 time = 2 ms Reply from 2001::5EFE:201:102 bytes=56 Sequence=5 hop limit=64 time = 2 ms

--- 2001::5efe:2.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/4 ms

# On the ISATAP host, ping the global unicast IP address of the ISATAP device.

C:\> ping6 2001::5efe:2.1.1.1

Pinging 2001::5efe:2.1.1.1from 2001::5efe:2.1.1.2 with 32 bytes of data:

Reply from 2001::5efe:2.1.1.1: bytes=32 time=1msReply from 2001::5efe:2.1.1.1: bytes=32 time=1msReply from 2001::5efe:2.1.1.1: bytes=32 time=1msReply from 2001::5efe:2.1.1.1: bytes=32 time=1msPing statistics for 2001::5efe:2.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms



213

# The ISATAP host can ping through the IPv6 host.

C:\> ping6 3001::2

Pinging 3001::2 with 32 bytes of data:

Reply from 3001::2: time<1msReply from 3001::2: time<1msReply from 3001::2: time<1msReply from 3001::2: time<1ms

Ping statistics for 3001::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

----End

Configuration FilesThe configuration file of the ISATAP device is as follows:

# sysname Quidway#vlan batch 100 200#ipv6#interface Vlanif100 ipv6 enable ipv6 address 3001::1/64#interface Vlanif200 ip address 2.1.1.1 255.0.0.0#interface Eth-Trunk1 service-type tunnel#interface GigabitEthernet1/0/3 eth-trunk 1#interface Tunnel1/0/2 ipv6 enable ipv6 address 2001::/64 eui-64 undo ipv6 nd ra halt tunnel-protocol ipv6-ipv4 isatap source Vlanif200#interface GigabitEthernet1/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200#return

11.7.5 Example for Configuring 6PEThis section provides a configuration example of 6PE.



214

Networking RequirementsNOTE

To run MPLS-related commands, you need to purchase a license.

As shown in Figure 11-10, PE1 and PE2 support the 6PE feature, and CE1 and CE2 support theIPv6 protocol. Between PE devices is the IPv4/MPLS network of carriers. IBGP connections ofIPv4 need to be set up between PEs. IGP adopts the OSPF routing protocol. The CE device islocated on an IPv6 network. The PE device and CE device exchange routing information in staticrouting mode through the IPv6 address.

Use the 6PE feature to connect IPv6 networks of users through the IPv4/MPLS network ofcarriers.

Figure 11-10 Networking diagram for configuring the 6PE

GE 2/0/0VLANIF 2004.3.5.1/24

GE 2/0/0VLANIF 2004.3.5.2/24IPv4/MPLS

GE 1/0/0VLANIF 100

3000:435::1/64

GE 1/0/0VLANIF 100

3000:435::2/64

GE 1/0/0VLANIF 100

3000:1065::1/64

GE 1/0/0VLANIF 100

3000:1065::2/64

PE 1 PE 2

CE 1 CE 2

IPv6Customer

site

IPv6Customer

site



1. Configure the 6PE to enable the IPv6 capability and configure an IPv4/IPv6 stack.2. Configure the 6PE to enable the MPLS capability.3. Configure a peer of the 6PE.4. Set the IPv6 address and static route for the CE interface.

Data Preparation


l IP addresses of interfaces

l LSR ID



215

Configuration Procedure1. Configure the 6PE to enable the IPv6 capability and configure an IPv4/IPv6 stack.

# Configure PE1 to enable the IPv6 capability.<Quidway> system-view[Quidway] sysname PE1[PE1] ipv6# Configure PE2 to enable the IPv6 capability.<Quidway> system-view[Quidway] sysname PE2[PE2] ipv6# Set the IPv6 address for VLANIF 100 of PE1 and the IP address for Loopback0.[PE1] vlan batch 100 200[PE1] interface gigabitethernet 1/0/0[PE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100[PE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100[PE1-GigabitEthernet1/0/0] quit[PE1] interface vlanif 100[PE1-Vlanif100] ipv6 enable[PE1-Vlanif100] ipv6 address 3000:435::1 64[PE1-Vlanif100] quit[PE1] interface loopback 0[PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255[PE1-LoopBack0] quit# Set the IPv6 address for VLANIF 100 of PE2 and the IP address for Loopback0.[PE2] vlan batch 100 200[PE2] interface gigabitethernet 1/0/0[PE2-GigabitEthernet1/0/0] port hybrid pvid vlan 100[PE2-GigabitEthernet1/0/0] port hybrid untagged vlan 100[PE2-GigabitEthernet1/0/0] quit[PE2] interface vlanif 100[PE2-Vlanif100] ipv6 enable[PE2-Vlanif100] ipv6 address 3000:1065::1 64[PE2-Vlanif100] quit[PE2] interface loopback 0[PE2-LoopBack0] ip address 2.2.2.9 255.255.255.255[PE2-LoopBack0] quit

2. Configure the 6PE to enable the MPLS capability.NOTE

The PE devices are directly connected in this example, you need to run the label advertise commandto enable the egress node to assign labels normally to the penultimate hop.

# Set the IP address for VLANIF 200 of PE1 and enable MPLS and LDP.[PE1] mpls lsr-id 1.1.1.9[PE1] mpls[PE1-mpls] lsp-trigger all[PE1-mpls] label advertise non-null[PE1-mpls] quit[PE1] mpls ldp[PE1-mpls-ldp] quit[PE1] interface gigabitethernet 2/0/0[PE1-GigabitEthernet2/0/0] port hyrbid pvid vlan 200[PE1-GigabitEthernet2/0/0] port hyrbid untagged vlan 200[PE1-GigabitEthernet2/0/0] quit[PE1] interface vlanif 200[PE1-Vlanif200] ip address 4.3.5.1 255.255.255.0[PE1-Vlanif200] mpls[PE1-Vlanif200] mpls ldp[PE1-Vlanif200] quit# Set the IP address for VLANIF 200 of PE2 and enable MPLS and LDP.[PE2] mpls lsr-id 2.2.2.9[PE2] mpls



216

[PE2-mpls] lsp-trigger all[PE2-mpls] label advertise non-null[PE2-mpls] quit[PE2] mpls ldp[PE2-mpls-ldp] quit[PE2] interface gigabitethernet 2/0/0[PE2-GigabitEthernet2/0/0] port hyrbid pvid vlan 200[PE2-GigabitEthernet2/0/0] port hyrbid untagged vlan 200[PE2-GigabitEthernet2/0/0] quit[PE2] interface vlanif 200[PE2-Vlanif200] ip address 4.3.5.2 255.255.255.0[PE2-Vlanif200] mpls[PE2-Vlanif200] mpls ldp[PE2-Vlanif200] quit

# Configure OSPF on PE1 and trigger the setup of the LSP.[PE1] ospf[PE1-ospf-1] area 0[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[PE1-ospf-1-area-0.0.0.0] network 4.3.5.0 0.0.0.255[PE1-ospf-1-area-0.0.0.0] quit[PE1-ospf-1] quit

# Configure OSPF on PE2 and trigger the setup of the LSP.[PE2] ospf[PE2-ospf-1] area 0[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0[PE2-ospf-1-area-0.0.0.0] network 4.3.5.0 0.0.0.255[PE2-ospf-1-area-0.0.0.0] quit[PE2-ospf-1] quit

3. Configure a peer of the 6PE.# Configure IBGP on PE1, enable the peer 6PE capability, and import the direct and staticroutes of IPv6.[PE1] bgp 65100[PE1-bgp] peer 2.2.2.9 as-number 65100[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0[PE1-bgp] ipv6-family[PE1-bgp-af-ipv6] import-route direct[PE1-bgp-af-ipv6] import-route static[PE1-bgp-af-ipv6] peer 2.2.2.9 enable[PE1-bgp-af-ipv6] peer 2.2.2.9 label-route-capability[PE1-bgp-af-ipv6] quit[PE1-bgp] quit

# Configure IBGP on PE2, enable the peer 6PE capability, and import the direct and staticroutes of IPv6.[PE2] bgp 65100[PE2-bgp] peer 1.1.1.9 as-number 65100[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0[PE2-bgp] ipv6-family[PE2-bgp-af-ipv6] import-route direct[PE2-bgp-af-ipv6] import-route static[PE2-bgp-af-ipv6] peer 1.1.1.9 enable[PE2-bgp-af-ipv6] peer 1.1.1.9 label-route-capability[PE2-bgp-af-ipv6] quit[PE2-bgp] quit

4. Set the IPv6 address and static route for the CE interface.# Configure CE1 to set up the connection between the IPv6 and PE1.<Quidway> system-view[Quidway] sysname CE1[CE1] ipv6[CE1] vlan batch 100[CE1] interface gigabitethernet 1/0/0[CE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100[CE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100



217

[CE1-GigabitEthernet1/0/0] quit[CE1] interface vlanif 100[CE1-Vlanif100] ipv6 enable[CE1-Vlanif100] ipv6 address 3000:435::2 64[CE1-Vlanif100] quit[CE1] ipv6 route-static :: 0 vlanif 100# Configure CE2 to set up the IPv6 connection with PE1.<Quidway> system-view[Quidway] sysname CE2[CE2] ipv6[CE2] vlan batch 100[CE2] interface gigabitethernet 1/0/0[CE2-GigabitEthernet1/0/0] port hybrid pvid vlan 100[CE2-GigabitEthernet1/0/0] port hybrid untagged vlan 100[CE2-GigabitEthernet1/0/0] quit[CE2] interface vlanif 100[CE2-Vlanif100] ipv6 enable[CE2-Vlanif100] ipv6 address 3000:1065::2 64[CE2-Vlanif100] quit[CE2] ipv6 route-static :: 0 vlanif 100

5. Verify the configuration.# Display the LSP information about PE1.[PE1] display mpls lsp----------------------------------------------------------- LSP Information: LDP LSP-----------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name2.2.2.9/32 NULL/3 -/Vlanif200----------------------------------------------------------- LSP Information: BGP IPV6 LSP----------------------------------------------------------- FEC : 3000:435::/64 In Label : 109568 Out Label : ----- In Interface : ----- OutInterface : ----- Vrf Name :# Display IPv6 routing information about PE1.[PE1] display bgp ipv6 routing-table

Total Number of Routes: 5

BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete

*> Network : ::1 PrefixLen : 128 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : ?

*> Network : 3000:435:: PrefixLen : 64 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : NULL/109568 Path/Ogn : ?

*> Network : 3000:435::1 PrefixLen : 128 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : ?

*>i Network : 3000:1065:: PrefixLen : 64 NextHop : ::FFFF:2.2.2.9 LocPrf : 100 MED : 0 PrefVal : 0



218

Label : 109568/NULL Path/Ogn : ?

*> Network : FE80:: PrefixLen : 10 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : ? # The IPv6 address of CE2 can be pinged successfully from CE1.[CE1] ping ipv6 3000:1065::2PING 3000:1065::2 : 56 data bytes, press CTRL_C to break Reply from 3000:1065::2 bytes=56 Sequence=1 hop limit=63 time = 50 ms Reply from 3000:1065::2 bytes=56 Sequence=2 hop limit=63 time = 1 ms Reply from 3000:1065::2 bytes=56 Sequence=3 hop limit=63 time = 1 ms Reply from 3000:1065::2 bytes=56 Sequence=4 hop limit=63 time = 1 ms Reply from 3000:1065::2 bytes=56 Sequence=5 hop limit=63 time = 1 ms

--- 3000:1065::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/10/50 ms

Configuration Filesl Configuration file of PE1

# sysname PE1# ipv6#vlan batch 100 200#mpls lsr-id 1.1.1.9 mpls lsp-trigger all label advertise non-null#mpls ldp#interface Vlanif100 ipv6 enable ipv6 address 3000:435::1/64#interface Vlanif200 ip address 4.3.5.1 255.255.255.0 mpls mpls ldp#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface LoopBack0 ip address 1.1.1.9 255.255.255.255#bgp 65100 peer 2.2.2.9 as-number 65100 peer 2.2.2.9 connect-interface LoopBack0



219

# ipv4-family unicast peer 2.2.2.9 enable # ipv6-family import-route direct import-route static peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability#ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 4.3.5.0 0.0.0.255#return

l Configuration file of PE2# sysname PE2# ipv6#vlan batch 100 200#mpls lsr-id 2.2.2.9 mpls lsp-trigger all label advertise non-null#mpls ldp#interface Vlanif100 ipv6 enable ipv6 address 3000:1065::1/64#interface Vlanif200 ip address 4.3.5.2 255.255.255.0 mpls mpls ldp#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface LoopBack0 ip address 2.2.2.9 255.255.255.255#bgp 65100 peer 1.1.1.9 as-number 65100 peer 1.1.1.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv6-family undo synchronization import-route direct import-route static peer 1.1.1.9 enable peer 1.1.1.9 label-route-capability#ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0



220

network 4.3.5.0 0.0.0.255#return

l Configuration file of CE1# sysname CE1# ipv6#vlan batch 100#interface Vlanif100 ipv6 enable ipv6 address 3000:435::2 64#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#ipv6 route-static :: 0 Vlanif100#return

l Configuration file of CE2# sysname CE2# ipv6#interface Vlanif100 ipv6 enable ipv6 address 3000:1065::2 64#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#ipv6 route-static :: 0 Vlanif100#return



221

12 IPv4 over IPv6 Tunnel Configuration

About This Chapter

The IPv4 over IPv6 tunnel technology is used to interconnect isolated IPv4 networks during thetransition from IPv4 Internet into the IPv6 Internet.

12.1 Introduction to IPv4 over IPv6You can create tunnels on the IPv6 networks to connect IPv4 isolated sites so that IPv4 isolatedsites can access other IPv4 networks through the IPv6 Internet.

12.2 IPv4 over IPv6 Supported by the S7700This section describes how to interconnect IPv4 networks through IPv6 networks.

12.3 Configuring an IPv4 over IPv6 TunnelThis configuration task enables transmission of an IPv4 packet added with an IPv6 header onthe device configured with the IPv4/IPv6 dual stack.





222

12.1 Introduction to IPv4 over IPv6You can create tunnels on the IPv6 networks to connect IPv4 isolated sites so that IPv4 isolatedsites can access other IPv4 networks through the IPv6 Internet.

During the transition from the IPv4 Internet to the IPv6 Internet, IPv6 networks have been widelydeployed, whereas IPv4 networks are isolated. The tunnel technology can be adopted to establishtunnels over IPv6 networks to connect isolated IPv4 networks. This is similar to the situationwhere the tunnel technology is used to deploy VPNs on IP networks. The tunnel used to connectisolated IPv4 networks over IPv6 networks is called an IPv4 over IPv6 tunnel.

12.2 IPv4 over IPv6 Supported by the S7700This section describes how to interconnect IPv4 networks through IPv6 networks.

The S7700 supports the enabling of IPv4 and IPv6 protocol stacks on the devices at the borderof IPv6 and IPv4 networks.

Figure 12-1 Networking diagram of an IPv4 over IPv6 tunnel

Dual StackSwitch

IPv4Host

IPv4network

IPv6network

IPv4network

Dual StackSwitch

IPv4HostIPv4 over IPv6 Tunnel

IPv4Payload

IPv6Header

IPv4Header

IPv4Payload

IPv4Header

IPv4Payload

IPv4Header

Figure 12-1 shows the principles of the IPv4 over IPv6 tunnel technology.

1. Enabling IPv4/IPv6 dual stacksEnable IPv4 and IPv6 protocol stacks on the border device.

2. Encapsulating IPv6 packetsAfter receiving a packet from the IPv4 network, the border device takes the received IPv4packet as the payload, adds an IPv6 packet header before the payload, and encapsulates itinto an IPv6 packet if the device finds that the destination of the packet is not itself.

3. Transmitting the encapsulated packet



223

In the IPv6 network, the encapsulated packet is transmitted to the peer border device.

4. Decapsulating the packet

The peer border device decapsulates the packet, removes the IPv6 packet header, andforwards the decapsulated IPv4 packet to the remote IPv4 network.

12.3 Configuring an IPv4 over IPv6 TunnelThis configuration task enables transmission of an IPv4 packet added with an IPv6 header onthe device configured with the IPv4/IPv6 dual stack.

12.3.1 Establishing the Configuration TaskThis section describes the applicable environment, pre-configuration tasks, data preparation, andconfiguration procedure for configuring an IPv6 over IPv4 tunnel.


To implement communication between IPv4 networks over the IPv6 network, configure an IPv4over IPv6 tunnel on the border device of IPv4 and IPv6 networks.


Before configuring an IPv4 over IPv6 tunnel, complete the following tasks:

l Implementing the IP connectivity between the source and destination interfaces

l Configuring IPv4 and IPv6 protocol stacks

Data Preparation

To configure an IPv4 over IPv6 tunnel, you need the following data.

No. Data

1 Number of the tunnel interface

2 Source IPv6 address or source interface of the tunnel interface

3 Destination IPv6 address of the tunnel interface

4 IPv4 address of the tunnel interface or the interface from which the IPv4 address isborrowed

12.3.2 Configuring a Tunnel InterfaceTo configure a tunnel interface, you need to configure the source and destination addresses ofthe tunnel.



224

Procedure




The tunnel interface is created and the tunnel interface view is displayed.

Step 3 Run:tunnel-protocol ipv4-ipv6

The tunnel is specified as an IPv4 over IPv6 tunnel.

Step 4 Run:source { source-ip-address | interface-type interface-number }

The source IPv6 address or source interface of the tunnel interface is specified.

Step 5 Run:destination ip-address

The destination IPv6 address of the Tunnel interface is configured.

Step 6 Run one of the following commands to specify the IP address of the tunnel interface:l Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IPv4

address of the tunnel interface.l Run the ip address unnumbered interface interface-type interface-number command to

configure the tunnel interface to borrow an IPv4 address.

----End

12.3.3 Configuring Routes in the TunnelPackets can be normally forwarded only when routes exist on both the source device anddestination device of the tunnel. Do as follows on the devices on both ends of the tunnel.

Procedure



Step 2 Choose one of the following methods to configure the route with the outgoing interface as thetunnel interface:l Run the ip route-static ip-address { mask | mask-length } tunnel interface-number command

to configure static routes. When configuring the static routes, you must configure the bothends of the tunnel. Note that the destination address is the destination IPv4 address of thepacket to be encapsulated with the IPv4 over IPv6 tunnel; the next hop is the local tunnelinterface.

l Configure dynamic routes. You can use the Border Gateway Protocol (BGP) or the InteriorGateway Protocol (IGP), excluding Intermediate System-to-Intermediate System (IS-IS).Detailed configurations are not mentioned here.



225

When configuring a dynamic routing protocol, you must enable it on the tunnel interface andthe interface on the link through which the IPv4 network is connected to the IPv6 network.

----End

12.3.4 Checking the ConfigurationYou can view the configuration of an IPv4 over IPv6 tunnel.

PrerequisiteThe configurations of the IPv4 over IPv6 Tunnel function are complete.

Procedurel Run the display interface tunnel [ interface-number ] command to check the working

status of the tunnel interface.l Run the display ip routing-table command to check the routing table.

----End

ExampleRun the display interface tunnel command. If the status of the tunnel interface is Up, it meansthat the configuration succeeds. For example:

<Quidway> display interface tunnel 2/0/0Tunnel2/0/0 current state : UPLine protocol current state : UPLast line protocol up time : 2010-06-22, 19:33:19Description : HUAWEI, Quidway Series, Tunnel2/0/0 Interface, Route PortRoute Port,The Maximum Transmit Unit is 1452 bytesInternet Address is 10.1.1.1/30Encapsulation is TUNNEL6, loopback not setTunnel protocol/transport (IPv6 or IPV4) over IPv6Tunnel Source 2001::1 (Pos2/0/0)Tunnel Destination 2002::2Tunnel Encapsulation limit 4Tunnel Traffic class not setTunnel Flow label not setTunnel Hop limit 64 5 minutes input rate 10 bits/sec, 0 packets/sec 5 minutes output rate 14 bits/sec, 0 packets/sec 493 packets input, 38480 bytes 0 input error 447 packets output, 53144 bytes 0 output error

Run the display ip routing-table command. If the route with the outgoing interface as the tunnelinterface is displayed in the IPv4 routing table, it means that the configuration succeeds. Forexample:

<Quidway> display ip routing-tableRouting Tables: Public Destinations : 11 Routes : 11Destination/Mask Proto Pre Cost NextHop Interface 10.1.1.0/24 Direct 0 0 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 127.0.0.1 InLoopBack0 10.2.1.0/24 Static 60 0 40.1.1.1 Tunnel2/0/0 20.1.1.0/24 Direct 0 0 20.1.1.1 Pos2/0/0 20.1.1.1/32 Direct 0 0 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 20.1.1.2 Pos1/0/0 30.1.1.0/24 OSPF 10 3124 20.1.1.2 Pos1/0/0



226

40.1.1.0/24 Direct 0 0 40.1.1.1 Tunnel2/0/0 40.1.1.1/32 Direct 0 0 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoopBack0

Run the ping -a source-ipv4-address dest-ipv4-address command. The local tunnel interfacecan ping through the destination tunnel interface.


12.4.1 Monitoring the Operation Status of IPv4 over IPv6 TunnelThis section describes how to monitor an IPv4 over IPv6 tunnel.

ContextIn routine maintenance, you can run the following command in any view to check the operationof IPv4 over IPv6 tunnel.

Procedurel Run the display interface tunnel [ interface-number ] command in any view to check the

operation status of the tunnel interface.l Run the display interface tunnel interface-number command in any view to check the

IPv4 attributes of the tunnel interface.

----End

12.4.2 Debugging IPv4 over IPv6 TunnelThis section describes how to debug an IPv4 over IPv6 tunnel.

Context


If an operation fault occurs on the IPv4 tunnel, run the following debugging commands in theuser view to debug the IPv4 tunnel. View information about debugging, locate the fault, andanalyze the cause.

For the procedure of displaying the debugging information, refer to the chapter "InformationCenter Configuration" in the S7700 Smart Routing Switch Configuration Guide - SystemManagement. For descriptions about the debugging commands, refer to the S7700 SmartRouting Switch Debugging Reference.



227

Procedure

Step 1 Run the debugging tunnel { all | control | error | keepalive | packet | timer } [ interfacetunnel interface-type interface-number ] command in the user view to debug tunnel information.

----End


12.5.1 Example for Configuring an IPv6 over IPv4 TunnelThis section provides a configuration example of IPv6 over IPv4 tunnel.


Figure 12-2 Networking diagram for configuring the IPv4 over IPv6 tunnel

IPv6

IPv4

IPv4

GE 1/0/0VLANIF 10010.1.2.2/30

GE1/0/0VLANIF 10010.1.2.1/30

GE2/0/0VLANIF 20010.1.3.1/30

GE1/0/0VLANIF 20010.1.3.2/30

GE 2/0/0VLANIF 2002001::1/64

GE1/0/0VLANIF 2002001::2/64

GE 1/0/0VLANIF 1002002::2/64

GE 2/0/0VLANIF 1002002::1/64

SwitchA

SwitchE

SwitchB

SwitchC

SwitchD

As shown in Figure 12-2, two IPv4 networks are connected to an IPv6 network throughSwitch A and Switch E. The border devices on the IPv6 network Switch B and Switch D supportIPv4/IPv6 stack. An IPv4 over IPv6 tunnel needs to be set up between Switch B and Switch Dto enable the interconnection of the two IPv4 networks that are isolated physically.


1. Set an IPv4 over IPv6 tunnel on the border devices at both ends of the IPv6 network.



228

2. Configure the route that is forwarded through the tunnel interface.


l Routing protocols used on the IPv6 network and IPv4 networkl Source and destination IPv6 addresses at both ends of the tunnell IPv4 address of the tunnel interface

Configuration Procedure1. Set the IPv6 address and the IPv6 feature of IS-IS for the physical interface of the IPv6

network to implement IP connectivity of the IPv6 network.# Configure Switch B.<Quidway> system-view[Quidway] sysname SwitchB[SwitchB] ipv6[SwitchB] vlan batch 100 200[SwitchB] interface gigabitethernet 2/0/0[SwitchB-GigabitEthernet2/0/0] port hybrid pvid vlan 200[SwitchB-GigabitEthernet2/0/0] port hybrid untagged vlan 200[SwitchB-GigabitEthernet2/0/0] quit[SwitchB] interface vlanif 200[SwitchB-Vlanif200] ipv6 enable[SwitchB-Vlanif200] ipv6 address 2001::1 64[SwitchB-Vlanif200] quit[SwitchB] isis 1[SwitchB-isis-1] network-entity 10.0000.0000.0001.00[SwitchB-isis-1] ipv6 enable topology standard[SwitchB-isis-1] quit[SwitchB] interface vlanif 200[SwitchB-Vlanif200] isis ipv6 enable 1[SwitchB-Vlanif200] quit# Configure Switch C.<Quidway> system-view[Quidway] sysname SwitchC[SwitchC] ipv6[SwitchC] vlan batch 100 200[SwitchC] interface gigabitethernet 1/0/0[SwitchC-GigabitEthernet1/0/0] port hybrid pvid vlan 200[SwitchC-GigabitEthernet1/0/0] port hybrid untagged vlan 200[SwitchC-GigabitEthernet1/0/0] quit[SwitchC] interface gigabitethernet 2/0/0[SwitchC-GigabitEthernet2/0/0] port hybrid pvid vlan 100[SwitchC-GigabitEthernet2/0/0] port hybrid untagged vlan 100[SwitchC-GigabitEthernet2/0/0] quit[SwitchC] interface vlanif 100[SwitchC-Vlanif100] ipv6 enable[SwitchC-Vlanif100] ipv6 address 2002::1 64[SwitchC-Vlanif100] quit[SwitchC] interface vlanif 200[SwitchC-Vlanif200] ipv6 enable[SwitchC-Vlanif200] ipv6 address 2001::2 64[SwitchC-Vlanif200] quit[SwitchC] isis 1[SwitchC-isis-1] network-entity 10.0000.0000.0002.00[SwitchC-isis-1] ipv6 enable topology standard[SwitchC-isis-1] quit[SwitchC] interface vlanif 100[SwitchC-Vlanif100] isis ipv6 enable 1[SwitchC-Vlanif100] quit[SwitchC] interface vlanif 200



229

[SwitchC-Vlanif200] isis ipv6 enable 1[SwitchC-Vlanif200] quit

# Configure Switch D.<Quidway> system-view[Quidway] sysname SwitchD[SwitchD] ipv6[SwitchD] vlan batch 100 200[SwitchD] interface gigabitethernet 1/0/0[SwitchD-GigabitEthernet1/0/0] port hybrid pvid vlan 100[SwitchD-GigabitEthernet1/0/0] port hybrid untagged vlan 100[SwitchD-GigabitEthernet1/0/0] quit[SwitchD] interface vlanif 100[SwitchD-Vlanif100] ipv6 enable[SwitchD-Vlanif100] ipv6 address 2002::2 64[SwitchD-Vlanif100] quit[SwitchD] isis 1[SwitchD-isis-1] network-entity 10.0000.0000.0003.00[SwitchD-isis-1] ipv6 enable topology standard[SwitchD-isis-1] quit[SwitchD] interface vlanif 100[SwitchD-Vlanif100] isis ipv6 enable 1[SwitchD-Vlanif100] quit

2. Set the IPv4 address and OSPF for the physical interface of the IPv4 network to implementIP connectivity of the IPv4 network.# Configure Switch A.<Quidway> system-view[Quidway] sysname SwitchA[SwitchA] vlan batch 100[SwitchA] interface gigabitethernet 1/0/0[SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 100[SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 100[SwitchA-GigabitEthernet1/0/0] quit[SwitchA] interface vlanif 100[SwitchA-Vlanif100] ip address 10.1.2.2 30[SwitchA-Vlanif100] quit[SwitchA] ospf 1[SwitchA-ospf-1] area 0[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3[SwitchA-ospf-1-area-0.0.0.0] quit[SwitchA-ospf-1] quit

# Configure Switch B.<SwitchB> system-view[SwitchB] vlan batch 100 200[SwitchB] interface gigabitethernet 1/0/0[SwitchB-GigabitEthernet1/0/0] port hybrid pvid vlan 100[SwitchB-GigabitEthernet1/0/0] port hybrid untagged vlan 100[SwitchB-GigabitEthernet1/0/0] quit[SwitchB] interface vlanif 100[SwitchB-Vlanif100] ip address 10.1.2.1 30[SwitchB-Vlanif100] quit[SwitchB] ospf 1[SwitchB-ospf-1] area 0[SwitchB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3[SwitchB-ospf-1-area-0.0.0.0] quit[SwitchB-ospf-1] quit

# Configure Switch D.<SwitchD> system-view[SwitchD] vlan batch 100 200[SwitchD] interface gigabitethernet 2/0/0[SwitchD-GigabitEthernet2/0/0] port hybrid pvid vlan 200[SwitchD-GigabitEthernet2/0/0] port hybrid untagged vlan 200[SwitchD-GigabitEthernet2/0/0] quit[SwitchD] interface vlanif 200[SwitchD-Vlanif200] ip address 10.1.3.1 30



230

[SwitchD-Vlanif200] quit[SwitchD] ospf 1[SwitchD-ospf-1] area 0[SwitchD-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3[SwitchD-ospf-1-area-0.0.0.0] quit[SwitchD-ospf-1] quit# Configure Switch E.<Quidway> system-view[Quidway] sysname SwitchE[SwitchE] vlan batch 200[SwitchE] interface gigabitethernet 1/0/0[SwitchE-GigabitEthernet1/0/0] port hybrid pvid vlan 200[SwitchE-GigabitEthernet1/0/0] port hybrid untagged vlan 200[SwitchE-GigabitEthernet1/0/0] quit[SwitchE] interface vlanif 200[SwitchE-Vlanif200] ip address 10.1.3.2 30[SwitchE-Vlanif200] quit[SwitchE] ospf 1[SwitchE-ospf-1] area 0[SwitchE-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3[SwitchE-ospf-1-area-0.0.0.0] quit[SwitchE-ospf-1] quit

3. Configure tunnel interfaces.# Create a tunnel interface, set the IPv4 address, source IPv6 address (or source interface),destination IPv6 interface for the tunnel interface.# Configure Switch B.[SwitchB] interface tunnel 2/0/0[SwitchB-Tunnel2/0/0] tunnel-protocol ipv4-ipv6[SwitchB-Tunnel2/0/0] ip address 10.1.1.1 30[SwitchB-Tunnel2/0/0] source vlanif 200[SwitchB-Tunnel2/0/0] destination 2002::2[SwitchB-Tunnel2/0/0] quit# Configure Switch D.[SwitchD] interface tunnel 1/0/0[SwitchD-Tunnel1/0/0] tunnel-protocol ipv4-ipv6[SwitchD-Tunnel1/0/0] ip address 10.1.1.2 30[SwitchD-Tunnel1/0/0] source vlanif 100[SwitchD-Tunnel1/0/0] destination 2001::1[SwitchD-Tunnel1/0/0] quit

4. Configure static routes.# Configure a static route between Switch A and Switch E.# Configure Switch A.[SwitchA] ip route-static 10.1.3.2 255.255.255.252 vlanif 100 10.1.2.1Configure Switch E.[SwitchE] ip route-static 10.1.2.2 255.255.255.252 vlanif 200 10.1.3.1# Configure a static route through the tunnel.# Configure Switch B.[SwitchB] ip route-static 10.1.1.2 255.255.255.252 tunnel 1/0/0# Configure Switch D.[SwitchD] ip route-static 10.1.2.2 255.255.255.252 10.1.1.2

5. Verify the configuration.After the preceding configurations are complete, view the tunnel interface on Switch B andSwitch D. You can find that the protocol status of the tunnel interface is Up.[SwitchB] display interface tunnel 2/0/0Tunnel2/0/0 current state : UPLine protocol current state : UP



231

Description : HUAWEI, Quidway Series, Tunnel2/0/0 Interface, Route PortRoute Port,The Maximum Transmit Unit is 1500Internet Address is 10.1.1.1/30Encapsulation is TUNNEL6, loopback not setTunnel protocol/transport (IPv6 or IPV4) over IPv6Tunnel Source 2001::1 (Vlanif200)Tunnel Destination 2002::2Tunnel Encapsulation limit 4Tunnel Traffic class not setTunnel Flow label not setQoS max-bandwidth : 64 KbpsOutput queue : (Urgent queue : Size/Length/Discards) 0/50/0Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 5 minutes input rate 10 bits/sec, 0 packets/sec 5 minutes output rate 14 bits/sec, 0 packets/sec 493 packets input, 38480 bytes 0 input error 447 packets output, 53144 bytes 0 output errorView the IPv4 routing table on Switch B and Switch D. You can find that the routingoutbound interface directing at the remote end of the IPv4 network is a tunnel interface.[SwitchB] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.0/30 Direct 0 0 D 10.1.1.1 Tunnel2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.1 Vlanif100 10.1.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.2/32 Direct 0 0 D 10.1.2.2 Vlanif100 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0# On Switch A, ping the IPv4 address of VLANIF 200 of Switch E. Switch A can receivethe response packet from Switch E.[SwitchA] ping 10.1.3.2 PING 10.1.3.2: 56 data bytes, press CTRL_C to break Reply from 10.1.3.2: bytes=56 Sequence=1 ttl=254 time=20 ms Reply from 10.1.3.2: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 10.1.3.2: bytes=56 Sequence=5 ttl=254 time=1 ms



# sysname SwitchA#vlan batch 100#interface Vlanif100 ip address 10.1.2.2 255.255.255.252#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100



232

port hybrid untagged vlan 100# ip route-static 10.1.3.2 255.255.255.252 vlanif 100 10.1.2.1#ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.3#return

l Configuration file of Switch B# sysname SwitchB# ipv6#vlan batch 100 200isis 1 network-entity 10.0000.0000.0001.00 # ipv6 enable topology standard ##interface Vlanif100 ip address 10.1.2.1 255.255.255.252 #interface Vlanif200 ipv6 enable ipv6 address 2001::1/64 isis ipv6 enable 1#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface Tunnel2/0/0 ip address 10.1.1.1 255.255.255.252 tunnel-protocol ipv4-ipv6 source Vlanif200 destination 2002::2# ip route-static 10.1.1.2 255.255.255.252 tunnel 1/0/0#ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.3#return

l Configuration file of Switch C# sysname SwitchC# ipv6#vlan batch 100 200isis 1 network-entity 10.0000.0000.0002.00 # ipv6 enable topology standard ##interface Vlanif100 ivp6 enable ipv6 address 2002::1/64 isis ipv6 enable 1



233

#interface Vlanif200 ivp6 enable ipv6 address 2001::2/64 isis ipv6 enable 1#inteface GigabitEthernet1/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface GigabitEthernet2/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#return

l Configuration file of Switch D# sysname SwitchD# ipv6#vlan batch 100 200#isis 1 network-entity 10.0000.0000.0003.00 # ipv6 enable topology standard ##interface Vlanif100 ipv6 enable ipv6 address 2002::2/64 isis ipv6 enable 1#interface Vlanif200 ip address 10.1.3.1 255.255.255.252 undo shutdown#interface GigabitEthernet1/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100#interface GigabitEthernet2/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200#interface Tunnel1/0/0 ip address 10.1.1.2 255.255.255.252 tunnel-protocol ipv4-ipv6 source Vlanif100 destination 2001::1# ip route-static 10.1.2.2 255.255.255.252 10.1.1.2#ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.3#return

l Configuration file of Switch E# sysname SwitchE#vlan batch 200#interface Vlanif200 ip address 10.1.3.2 255.255.255.252#



234

interface GigabitEthernet1/0/0 port hybrid pvid vlan 200 port hybrid untagged vlan 200# ip route-static 10.1.2.2 255.255.255.252 vlanif 200 10.1.3.1#ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.3#return



235

Configuration Guide - IP Service(V100R006C00_01)Huawei

Documents

bytes32 time1ms

contextin

preventing

ge 100 belonging

neighbor discovery

dhcp relay

dhcpv6 relay

global unicast