Uploaded by NIB SOLAN

Configuration Guide - IP Services(V600R001C00 03)

advertisement
HUAWEI NetEngine80E/40E Router
V600R001C00
Configuration Guide - IP Services
Issue
03
Date
2010-03-31
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2010. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:
Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
About This Document
About This Document
Purpose
This document describes multiple IP services supported by the NE80E/40E and basic
configurations of IP addresses, ARP, DNS, DHCP, COPS, ANCP, IP performance, ACL, IPv6,
ACL6, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
HUAWEI NetEngine80E/40E
Router
V600R001C00
Intended Audience
This document is intended for:
l
Commissioning Engineer
l
Data Configuration Engineer
l
Network Monitoring Engineer
l
System Maintenance Engineer
Organization
This document is organized as follows.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
About This Document
iv
Chapter
Description
1 IP Addresses
Configuration
This chapter describes the fundamentals of IP addresses,
including its classes, methods and important characteristics.
It also describes steps for configuring IP addresses and
provides typical configuration examples.
2 ARP Configuration
This chapter describes the principle of ARP and steps for
configuring ARP, and provides typical configuration
examples.
3 DNS Configuration
This chapter describes the principle of DNS and steps for
configuring DNS, and provides typical configuration
examples.
4 DHCP Configuration
This chapter describes the principle of DHCP and steps for
configuring DHCP, and provides typical configuration
examples.
5 COPS Configuration
This chapter describes the principle of COPS and steps for
configuring COPS, and provides typical configuration
examples.
6 ANCP Configuration
This chapter describes the principle of ANCP and steps for
configuring ANCP, and provides typical configuration
examples.
7 IP Performance
Configuration
This chapter describes basic concepts about IP performance
and steps for configuring IP performance, and provides
typical configuration examples.
8 ACL Configuration
This chapter describes basic concepts about ACL and steps
for configuring ACL, and provides typical configuration
examples.
9 Basic IPv6 Configuration
This chapter describes basic concepts about IPv6 and steps
for configuring IPv6, and provides typical configuration
examples.
10 IPv6 DNS Configuration
This chapter describes basic IPv6 applications and steps for
configuring IPv6 applications, and provides typical
configuration examples.
11 ACL6 Configuration
This chapter describes basic concepts about ACL6 and steps
for configuring ACL6, and provides typical configuration
examples.
12 IPv6 over IPv4 Tunnel
Configuration
This chapter describes basic concepts about IPv6 over IPv4
tunnels and steps for configuring IPv6 over IPv4 tunnels, and
provides typical configuration examples.
13 IPv4 over IPv6 Tunnel
Configuration
This chapter describes basic concepts about IPv4 over IPv6
tunnels and steps for configuring IPv4 over IPv6 tunnels, and
provides typical configuration examples.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
About This Document
Chapter
Description
A Glossary
This appendix collates frequently used glossaries in this
document.
B Acronyms and
Abbreviations
This appendix collates frequently used acronyms and
abbreviations in this document.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates a hazard with a high level of risk that, if
not avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk
which, if not avoided, could result in minor or
moderate injury.
Indicates a potentially hazardous situation that, if
not avoided, could cause device damage, data loss,
and performance degradation, or unexpected results.
Provides additional information to emphasize or
supplement important points of the main text.
Indicates a tip that may help you solve a problem or
save your time.
General Conventions
The general conventions that may be found in this document are defined as follows.
Issue 03 (2010-03-31)
Convention
Description
Times New Roman
Normal paragraphs are in Times New Roman.
boldface
Names of files, directories, folders, and users are in
boldface. For example, log in as user root.
Italic
Book titles are in italics.
Courier New
Terminal display is in Courier New.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
About This Document
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italic.
[]
Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by
vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets
and separated by vertical bars. One or none is selected.
{ x | y | ... }*
Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can
be selected.
[ x | y | ... ]*
Optional alternative items are grouped in square brackets
and separated by vertical bars. Many or none can be
selected.
&<1-n>
This parameter before the & sign can be repeated 1 to n
times.
#
A line starting with the # sign is comments.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Convention
Description
boldface
Buttons, menus, parameters, tabs, windows, and dialog
titles are in boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">"
signs. For example, choose File > Create > Folder.
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
vi
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
About This Document
Format
Description
Key 1+Key 2
Press the keys concurrently. For example, pressing Ctrl
+Alt+A means the three keys should be pressed
concurrently.
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action
Description
Click
Select and release the primary mouse button without
moving the pointer.
Double-click
Press the primary mouse button twice continuously and
quickly without moving the pointer.
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Updates in Issue 03 (2010-03-31)
Third commercial release.
Updates in Issue 02 (2009-12-10)
Second commercial release.
Updates in Issue 01 (2009-09-05)
Initial commercial release.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vii
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
Contents
About This Document...................................................................................................................iii
1 IP Addresses Configuration.....................................................................................................1-1
1.1 IP Addresses Overview...................................................................................................................................1-2
1.1.1 Introduction to IP Addresses..................................................................................................................1-2
1.1.2 Features of IP Addresses Supported by the NE80E/40E....................................................................... 1-2
1.2 Configuring IP Addresses for Interfaces.........................................................................................................1-3
1.2.1 Establishing the Configuration Task......................................................................................................1-3
1.2.2 Configuring a Primary IP Address for an Interface............................................................................... 1-4
1.2.3 (Optional) Configuring a Secondary IP Address for an Interface..........................................................1-4
1.2.4 Checking the Configuration...................................................................................................................1-5
1.3 Configuring IP Address Negotiation on Interfaces.........................................................................................1-6
1.3.1 Establishing the Configuration Task......................................................................................................1-6
1.3.2 Configuring a Server to Assign an IP Address for a Client Through Negotiation.................................1-7
1.3.3 Configuring a Client to Obtain an IP Address Through Negotiation.....................................................1-8
1.3.4 Checking the Configuration...................................................................................................................1-9
1.4 Configuring IP Address Unnumbered for Interfaces....................................................................................1-10
1.4.1 Establishing the Configuration Task....................................................................................................1-10
1.4.2 Configuring the Primary IP Address of the Interface That Lends an IP Address................................1-11
1.4.3 Configuring an Interface That Borrows an IP Address from Another Interface..................................1-11
1.4.4 Checking the Configuration.................................................................................................................1-12
1.5 Maintaining IP Addresses.............................................................................................................................1-13
1.5.1 Monitoring Network Operation Status of IP Addresses.......................................................................1-13
1.6 Configuration Examples................................................................................................................................1-13
1.6.1 Example for Configuring Primary and Secondary IP Addresses.........................................................1-14
1.6.2 Example for Obtaining an IP Address Through Negotiation...............................................................1-15
1.6.3 Example for Configuring IP Address Unnumbered.............................................................................1-18
1.6.4 Example for Configuring IP Address Overlapping on the Same Device.............................................1-20
1.6.5 Example for Configuring an IP Address with a 31-bit Mask...............................................................1-25
2 ARP Configuration....................................................................................................................2-1
2.1 Introduction to ARP........................................................................................................................................2-3
2.1.1 Overview of ARP...................................................................................................................................2-3
2.1.2 Features of ARP Supported by the NE80E/40E.....................................................................................2-3
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ix
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
2.2 Configuring Static ARP.................................................................................................................................. 2-6
2.2.1 Establishing the Configuration Task......................................................................................................2-6
2.2.2 Configuring Common Static ARP Entries.............................................................................................2-7
2.2.3 Configuring Static ARP Entries in a VLAN..........................................................................................2-7
2.2.4 Configuring Static ARP Entries in a VPN Instance...............................................................................2-8
2.2.5 Checking the Configuration...................................................................................................................2-9
2.3 Optimizing Dynamic ARP............................................................................................................................2-10
2.3.1 Establishing the Configuration Task....................................................................................................2-10
2.3.2 Modify the aging parameters of dynamic ARP....................................................................................2-10
2.3.3 Enabling ARP Suppression Function...................................................................................................2-11
2.3.4 Enabling Layer 2 Topology Detection Function..................................................................................2-12
2.3.5 Checking the Configuration.................................................................................................................2-12
2.4 Configuring Routed Proxy ARP...................................................................................................................2-13
2.4.1 Establishing the Configuration Task....................................................................................................2-13
2.4.2 Configure an IP Addresses for the Interface........................................................................................2-14
2.4.3 Enabling the Routed Proxy ARP Function..........................................................................................2-14
2.4.4 Checking the Configuration.................................................................................................................2-15
2.5 Configuring Proxy ARP Within a VLAN.....................................................................................................2-16
2.5.1 Establishing the Configuration Task....................................................................................................2-16
2.5.2 Configure an IP Addresses for the Interface........................................................................................2-17
2.5.3 Configuring the VLAN Associated with the Sub-interface.................................................................2-18
2.5.4 Enabling Proxy ARP Within a VLAN.................................................................................................2-18
2.5.5 Checking the Configuration.................................................................................................................2-19
2.6 Configuring Proxy ARP Between VLANs...................................................................................................2-20
2.6.1 Establishing the Configuration Task....................................................................................................2-20
2.6.2 Configuring an IP Addresses for the Interface.....................................................................................2-21
2.6.3 Configuring the VLAN Associated with the Sub-interface.................................................................2-21
2.6.4 Enabling Proxy ARP Between VLANs...............................................................................................2-22
2.6.5 Checking the Configuration.................................................................................................................2-23
2.7 Configuring ARPing-IP.................................................................................................................................2-24
2.7.1 Establishing the Configuration Task....................................................................................................2-24
2.7.2 Detecting the IP Address by Using the arp-ping ip Command............................................................2-24
2.8 Configuring ARPing-MAC...........................................................................................................................2-25
2.8.1 Establishing the Configuration Task....................................................................................................2-25
2.8.2 Detecting the MAC Address by Using the arp-ping mac Command...................................................2-26
2.9 Configuring the Association Between ARP and Interface Status.................................................................2-26
2.9.1 Establishing the Configuration Task....................................................................................................2-27
2.9.2 Configuring the Association Between ARP and Interface Status........................................................2-28
2.9.3 (Optional) Adjusting Parameters about the Association Between ARP and Interface Status..............2-28
2.10 Maintaining ARP.........................................................................................................................................2-29
2.10.1 Clearing ARP Statistics......................................................................................................................2-30
2.10.2 Monitoring Network Operation Status of ARP..................................................................................2-30
x
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
2.11 Configuration Examples..............................................................................................................................2-30
2.11.1 Example for Configuring Routed Proxy ARP....................................................................................2-31
2.11.2 Example for Configuring Proxy ARP Within a VLAN.....................................................................2-33
2.11.3 Example for Configuring Proxy ARP Between VLANs...................................................................2-35
2.11.4 Example for Configuring the Association Between ARP and Interface Status.................................2-37
2.11.5 Example for Configuring Layer 2 Topology Detection.....................................................................2-41
3 DNS Configuration....................................................................................................................3-1
3.1 DNS Overview................................................................................................................................................3-2
3.1.1 Introduction to DNS...............................................................................................................................3-2
3.1.2 DNS Supported by the NE80E/40E.......................................................................................................3-2
3.2 Configuring DNS............................................................................................................................................ 3-2
3.2.1 Establishing the Configuration Task......................................................................................................3-2
3.2.2 Configuring Static DNS Entries.............................................................................................................3-3
3.2.3 Configuring Dynamic DNS....................................................................................................................3-4
3.2.4 Checking the Configuration...................................................................................................................3-4
3.3 Maintaining DNS............................................................................................................................................ 3-5
3.3.1 Clearing DNS Entries.............................................................................................................................3-6
3.3.2 Monitoring Network Operation Status of DNS......................................................................................3-6
3.4 Configuration Examples..................................................................................................................................3-6
3.4.1 Example for Configuring DNS.............................................................................................................. 3-6
4 DHCP Configuration.................................................................................................................4-1
4.1 DHCP Overview............................................................................................................................................. 4-3
4.1.1 Introduction to DHCP............................................................................................................................ 4-3
4.1.2 DHCP Supported by the NE80E/40E.....................................................................................................4-3
4.2 Configuring the Global Address Pool-based DHCP Server............................................................................4-3
4.2.1 Establishing the Configuration Task......................................................................................................4-4
4.2.2 Configuring the DHCP Global Address Pool........................................................................................ 4-5
4.2.3 Configure Static IP Address Binding.....................................................................................................4-6
4.2.4 Configuring DNS Services for the DHCP Client...................................................................................4-7
4.2.5 Configuring NetBIOS Services for the DHCP Client............................................................................4-7
4.2.6 Configuring Egress Gateway for the DHCP Client............................................................................... 4-8
4.2.7 Configuring DHCP Self-Defined Options............................................................................................. 4-9
4.2.8 Assigning IP Addresses in the Global Address Pool to the DHCP Clients on the Specified Interface
.......................................................................................................................................................................4-10
4.2.9 Checking the Configuration.................................................................................................................4-11
4.3 Configuring the Interface Address Pool-based DHCP Server......................................................................4-13
4.3.1 Establishing the Configuration Task....................................................................................................4-13
4.3.2 Configuring the Interface Address Pool...............................................................................................4-14
4.3.3 Configuring DNS on the Interface Address Pool.................................................................................4-15
4.3.4 Configuring NetBIOS on the Interface Address Pool..........................................................................4-16
4.3.5 Configuring DHCP Self-Defined Options...........................................................................................4-17
4.3.6 Checking the Configuration.................................................................................................................4-18
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xi
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
4.4 Configuring the Sub-interface Address Pool-based DHCP Server...............................................................4-20
4.4.1 Establishing the Configuration Task....................................................................................................4-20
4.4.2 Enabling Address Pools on Sub-interfaces..........................................................................................4-21
4.4.3 Configuring Address Pools on Ethernet Sub-interfaces.......................................................................4-22
4.4.4 Configuring DNS on Address Pools of Sub-interfaces........................................................................4-23
4.4.5 Configuring NetBIOS on Address Pools of Sub-interfaces.................................................................4-24
4.4.6 Configuring the DHCP Self-Defined Options for Address Pools of Sub-interfaces...........................4-25
4.4.7 Checking the Configuration.................................................................................................................4-26
4.5 Configuring VLANIF Interface Address Pool-based DHCP Server.............................................................4-28
4.5.1 Establishing the Configuration Task....................................................................................................4-28
4.5.2 Enabling Address Pools on VLANIF Interfaces..................................................................................4-29
4.5.3 Configuring the Address Pool on the VLANIF Interface....................................................................4-30
4.5.4 Configuring DNS on the Address Pool of the VLANIF Interface.......................................................4-31
4.5.5 Configuring NetBIOS on the Address Pool of the VLANIF Interface................................................4-32
4.5.6 Configuring DHCP Self-Defined Options for the Address Pool of the VLANIF Interface................4-34
4.5.7 Checking the Configuration.................................................................................................................4-35
4.6 Configuring the Security Function for DHCP...............................................................................................4-35
4.6.1 Establishing the Configuration Task....................................................................................................4-36
4.6.2 Starting the Detection of the Pseudo DHCP Server on a DHCP Server..............................................4-36
4.6.3 Avoiding Repetitive IP Address Assignment.......................................................................................4-37
4.6.4 Saving DHCP Data...............................................................................................................................4-37
4.6.5 Restoring DHCP Data..........................................................................................................................4-38
4.6.6 Checking the Configuration.................................................................................................................4-38
4.7 Configuring DHCP Relay.............................................................................................................................4-39
4.7.1 Establishing the Configuration Task....................................................................................................4-39
4.7.2 Configuring Relay................................................................................................................................4-40
4.7.3 Checking the Configuration.................................................................................................................4-42
4.8 Maintaining DHCP........................................................................................................................................4-42
4.8.1 Resetting DHCP...................................................................................................................................4-43
4.8.2 Releasing Conflicting IP Addresses.....................................................................................................4-43
4.8.3 (Optional) Requesting the DHCP Server to Release IP Addresses of the Client.................................4-44
4.8.4 Clearing DHCP Statistics.....................................................................................................................4-45
4.8.5 Monitoring Network Operation Status of DHCP.................................................................................4-45
4.9 Configuration Examples................................................................................................................................4-46
4.9.1 Example for Configuring the Global Address Pool-based DHCP Server............................................4-46
4.9.2 Example for Configuring the Interface Address Pool-based DHCP Server........................................4-49
4.9.3 Example for Configuring the Sub-interface Address Pool-based DHCP Server.................................4-51
4.9.4 Example for Configuring the VLANIF Interface Address Pool-based DHCP Server.........................4-54
4.9.5 Example for Configuring DHCP Relay...............................................................................................4-57
4.9.6 Example for Configuring the DHCP Option Association....................................................................4-60
5 COPS Configuration..................................................................................................................5-1
5.1 COPS Overview..............................................................................................................................................5-2
xii
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
5.1.1 Introduction to COPS.............................................................................................................................5-2
5.1.2 COPS Features Supported by the NE80E/40E.......................................................................................5-3
5.2 Configuring the COPS Server Group..............................................................................................................5-4
5.2.1 Establishing the Configuration Task......................................................................................................5-4
5.2.2 Creating a COPS Server Group..............................................................................................................5-5
5.2.3 Configuring the COPS Server................................................................................................................5-5
5.2.4 Setting the PEP ID for the COPS Server................................................................................................5-6
5.2.5 (Optional) Setting the Flow Keeping Time of the COPS Server...........................................................5-7
5.2.6 (Optional) Setting the Shared Key of the COPS Server.........................................................................5-7
5.2.7 Activating the COPS Server Group.......................................................................................................5-8
5.2.8 Configuring the Global Parameters of COPS........................................................................................5-9
5.2.9 Checking the Configuration.................................................................................................................5-10
5.3 Configuration Examples................................................................................................................................5-10
5.3.1 Example for Configuring COPS Interfaces to Report Online and Offline Messages..........................5-10
6 ANCP Configuration.................................................................................................................6-1
6.1 ANCP Overview.............................................................................................................................................6-2
6.1.1 Introduction to the ANCP Protocol........................................................................................................6-2
6.1.2 Applicable Environment........................................................................................................................6-3
6.2 Configuring the ANCP Server........................................................................................................................6-5
6.2.1 Establishing the Configuration Task......................................................................................................6-5
6.2.2 Enabling ANCP......................................................................................................................................6-6
6.2.3 Configuring the Source Interface of an ANCP Connection...................................................................6-7
6.2.4 (Optional) Configuring Parameters of ANCP Sessions.........................................................................6-7
6.2.5 Configuring ANCP Neighbor Profiles...................................................................................................6-8
6.2.6 (Optional) Configuring Bandwidth Adjustment Factors........................................................................6-9
6.2.7 (Optional) Configuring ANCP Message Damping..............................................................................6-10
6.2.8 (Optional) Configuring ANCP OAM Detection..................................................................................6-11
6.2.9 (Optional) Adjusting the Upstream and Downstream Bandwidths of a User Automatically..............6-12
6.2.10 Checking the Configuration...............................................................................................................6-12
6.3 Configuring the ANCP Proxy.......................................................................................................................6-14
6.3.1 Establishing the Configuration Task....................................................................................................6-14
6.3.2 Enabling ANCP....................................................................................................................................6-15
6.3.3 Configuring the Source Interface of an ANCP Connection.................................................................6-16
6.3.4 (Optional) Configuring Parameters of ANCP Sessions.......................................................................6-16
6.3.5 Configuring the ANCP Neighbor Profile.............................................................................................6-17
6.3.6 (Optional) Configuring Bandwidth Adjustment Factors......................................................................6-18
6.3.7 (Optional) Enabling the Function of Configuring ANCP Access Lines..............................................6-19
6.3.8 (Optional) Configuring ANCP Message Damping..............................................................................6-20
6.3.9 (Optional) Configuring ANCP OAM Detection..................................................................................6-21
6.3.10 Checking the Configuration...............................................................................................................6-22
6.4 Configuring the Association Between ANCP and HQoS in the ANCP Proxy Scenario..............................6-23
6.4.1 Establishing the Configuration Task....................................................................................................6-24
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xiii
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
6.4.2 Configuring the Mode of the Association Between ANCP and HQoS................................................6-25
6.4.3 Configuring the QoS Profile and Scheduling Parameters....................................................................6-25
6.4.4 Configuring the BRAS to Deliver the QoS Policy Name....................................................................6-26
6.4.5 Applying the QoS Profile to the Interface............................................................................................6-27
6.4.6 Enabling ANCP on the Interface and Associating the Interface with the ANCP Neighbor Profile
.......................................................................................................................................................................6-27
6.4.7 Checking the Configuration.................................................................................................................6-28
6.5 Maintaining ANCP........................................................................................................................................6-30
6.5.1 Clearing ANCP Running Information..................................................................................................6-30
6.6 Configuration Examples................................................................................................................................6-30
6.6.1 Example for Configuring the ANCP Server........................................................................................ 6-31
6.6.2 Configuring router as the ANCP Proxy and Configuring ANCP-HQoS Association.........................6-34
7 IP Performance Configuration.................................................................................................7-1
7.1 IP Performance Overview...............................................................................................................................7-2
7.1.1 Introduction to IP Performance..............................................................................................................7-2
7.1.2 IP Performance Supported by the NE80E/40E......................................................................................7-2
7.2 Improving IP Performance..............................................................................................................................7-3
7.2.1 Establishing the Configuration Task......................................................................................................7-3
7.2.2 Configuring the Maximum Transmission Unit of the Interface.............................................................7-4
7.2.3 Configuring ICMP Attributes.................................................................................................................7-5
7.2.4 Checking the Configuration...................................................................................................................7-5
7.3 Configuring TCP.............................................................................................................................................7-7
7.3.1 Establishing the Configuration Task......................................................................................................7-7
7.3.2 Configuring TCP Timer.........................................................................................................................7-8
7.3.3 Specifying the Size of a TCP Sliding Window......................................................................................7-8
7.3.4 Checking the Configuration...................................................................................................................7-9
7.4 Configuring Load Balancing for IP Packet Forwarding............................................................................... 7-10
7.4.1 Establishing the Configuration Task....................................................................................................7-10
7.4.2 Configuring the Load Balancing Mode of IP Packet Forwarding........................................................7-11
7.4.3 Configuring Interface Unequal-Cost Multiple Path During IP Packet Forwarding.............................7-12
7.4.4 Configuring Global Unequal-Cost Multiple Path During IP Packet Forwarding................................7-13
7.4.5 Checking the Configuration.................................................................................................................7-13
7.5 Maintaining IP Performance......................................................................................................................... 7-14
7.5.1 Clearing IP Performance Statistics.......................................................................................................7-14
7.5.2 Monitoring Network Operation Status of IP Performance...................................................................7-15
7.6 Configuration Examples................................................................................................................................7-16
7.6.1 Example for Limiting Transmission of ICMP Host-Unreachable Packets..........................................7-16
7.6.2 Example for Configuring Interface Unequal-Cost Multiple Path During IP Packet Forwarding........7-18
7.6.3 Example for Configuring Global Unequal-Cost Load Balancing for IP Packet Forwarding.............. 7-24
8 ACL Configuration....................................................................................................................8-1
8.1 ACL Overview................................................................................................................................................8-2
8.1.1 Introduction to ACL...............................................................................................................................8-2
xiv
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
8.1.2 ACL Supported by the NE80E/40E.......................................................................................................8-2
8.2 Configuring an Interface-based ACL..............................................................................................................8-2
8.2.1 Establishing the Configuration Task......................................................................................................8-3
8.2.2 (Optional) Creating a Time Range.........................................................................................................8-3
8.2.3 Creating an Interface-based ACL...........................................................................................................8-4
8.2.4 (Optional) Configuring ACL Descriptions............................................................................................8-4
8.2.5 (Optional) Configuring ACL Step..........................................................................................................8-5
8.2.6 Checking the Configuration...................................................................................................................8-5
8.3 Configuring a Basic ACL................................................................................................................................8-6
8.3.1 Establishing the Configuration Task......................................................................................................8-6
8.3.2 (Optional) Creating a Time Range.........................................................................................................8-7
8.3.3 Creating a Basic ACL............................................................................................................................8-7
8.3.4 (Optional) Configuring ACL Descriptions............................................................................................8-8
8.3.5 (Optional) Configuring ACL Step..........................................................................................................8-8
8.3.6 Checking the Configuration...................................................................................................................8-9
8.4 Configuring an Advanced ACL....................................................................................................................8-10
8.4.1 Establishing the Configuration Task....................................................................................................8-10
8.4.2 (Optional) Creating a Time Range.......................................................................................................8-11
8.4.3 Creating an Advanced ACL.................................................................................................................8-11
8.4.4 (Optional) Configuring ACL Descriptions..........................................................................................8-12
8.4.5 (Optional) Configuring ACL Step........................................................................................................8-13
8.4.6 Checking the Configuration.................................................................................................................8-13
8.5 Configuring an ACL Based on the Ethernet Frame Header..........................................................................8-14
8.5.1 Establishing the Configuration Task....................................................................................................8-14
8.5.2 Creating an ACL Based on the Ethernet Frame Header......................................................................8-15
8.5.3 (Optional) Configuring ACL Descriptions..........................................................................................8-15
8.5.4 (Optional) Configuring ACL Step........................................................................................................8-16
8.5.5 Checking the Configuration.................................................................................................................8-16
8.6 Configuring an UCL......................................................................................................................................8-17
8.6.1 Establishing the Configuration Task....................................................................................................8-17
8.6.2 (Optional) Creating a Time Range.......................................................................................................8-18
8.6.3 Creating an UCL..................................................................................................................................8-18
8.6.4 (Optional) Configuring ACL Descriptions..........................................................................................8-19
8.6.5 (Optional) Configuring ACL Step........................................................................................................8-20
8.6.6 Checking the Configuration.................................................................................................................8-20
8.7 Configuring a Named ACL...........................................................................................................................8-21
8.7.1 Establishing the Configuration Task....................................................................................................8-21
8.7.2 (Optional) Creating a Time Range.......................................................................................................8-22
8.7.3 Creating a Named ACL........................................................................................................................8-22
8.7.4 (Optional) Configuring named ACL Descriptions...............................................................................8-23
8.7.5 (Optional) Configuring named ACL Step............................................................................................8-24
8.7.6 Checking the Configuration.................................................................................................................8-24
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xv
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
8.8 Maintaining an ACL......................................................................................................................................8-25
8.8.1 Clearing ACL Statistics........................................................................................................................8-25
8.8.2 Monitoring Network Operation Status of ACL....................................................................................8-26
8.9 Configuration Examples................................................................................................................................8-26
8.9.1 Example for Configuring a Traffic Policy Based on Complex Traffic Classification.........................8-26
8.9.2 Example for Configuring the Security Function of Access Devices....................................................8-34
8.9.3 Example for Configuring an ACL Rule that Is Based on the VPN Instance....................................... 8-37
9 Basic IPv6 Configuration..........................................................................................................9-1
9.1 Basic IPv6 Overview.......................................................................................................................................9-2
9.1.1 Introduction to IPv6...............................................................................................................................9-2
9.1.2 IPv6 Supported by the NE80E/40E........................................................................................................9-2
9.2 Configuring an IPv6 Address for an Interface................................................................................................9-3
9.2.1 Establishing the Configuration Task......................................................................................................9-4
9.2.2 Enabling IPv6 Packet Forwarding Capability........................................................................................9-5
9.2.3 Configuring an IPv6 Link-Local Address for an Interface....................................................................9-6
9.2.4 Configuring an IPv6 Global Unicast Address for an Interface..............................................................9-6
9.2.5 Checking the Configuration...................................................................................................................9-7
9.3 Configuring IPv6 Neighbor Discovery...........................................................................................................9-8
9.3.1 Establishing the Configuration Task......................................................................................................9-8
9.3.2 Configuring Static Neighbors.................................................................................................................9-9
9.3.3 Enabling RA Message Advertising......................................................................................................9-10
9.3.4 Setting the Interval for Advertising RA Messages...............................................................................9-10
9.3.5 Enabling Stateful Auto Configuration..................................................................................................9-11
9.3.6 Configuring the Address Prefixes to Be Advertised............................................................................9-11
9.3.7 Configuring Other Information to Be Advertised................................................................................9-12
9.3.8 Checking the Configuration.................................................................................................................9-13
9.4 Configuring PMTU.......................................................................................................................................9-14
9.4.1 Establishing the Configuration Task....................................................................................................9-15
9.4.2 Creating Static PMTU Entries..............................................................................................................9-15
9.4.3 Configuring PMTU Aging Time..........................................................................................................9-16
9.4.4 Checking the Configuration.................................................................................................................9-16
9.5 Enabling the FIB Cache................................................................................................................................ 9-17
9.5.1 Establishing the Configuration Task....................................................................................................9-17
9.5.2 Enabling the FIB Cache....................................................................................................................... 9-17
9.5.3 Checking the Configuration.................................................................................................................9-18
9.6 Configuring TCP6.........................................................................................................................................9-19
9.6.1 Establishing the Configuration Task....................................................................................................9-19
9.6.2 Configuring TCP6 Timers....................................................................................................................9-20
9.6.3 Configuring the Size of the TCP6 Sliding Window.............................................................................9-20
9.6.4 Checking the Configuration.................................................................................................................9-21
9.7 Maintaining IPv6...........................................................................................................................................9-22
9.7.1 Resetting IPv6......................................................................................................................................9-23
xvi
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
9.7.2 Monitoring Network Operation Status of IPv6....................................................................................9-23
9.8 Configuration Examples................................................................................................................................9-24
9.8.1 Example for Configuring an IPv6 Address for an Interface................................................................9-24
9.8.2 Example for Configuring IPv6 Neighbor Discovery...........................................................................9-27
10 IPv6 DNS Configuration......................................................................................................10-1
10.1 IPv6 DNS Overview....................................................................................................................................10-2
10.1.1 Introduction to IPv6 DNS..................................................................................................................10-2
10.1.2 IPv6 DNS Supported by the NE80E/40E...........................................................................................10-2
10.2 Configuring IPv6 DNS................................................................................................................................10-2
10.2.1 Establishing the Configuration Task..................................................................................................10-2
10.2.2 Configuring a Static IPv6 DNS Entry................................................................................................10-3
10.2.3 Configuring the Dynamic IPv6 DNS Services...................................................................................10-3
10.2.4 Checking the Configuration...............................................................................................................10-4
10.3 Maintaining IPv6 DNS................................................................................................................................10-5
10.3.1 Clearing IPv6 DNS Entries................................................................................................................10-6
10.3.2 Monitoring Network Operation Status of IPv6 DNS.........................................................................10-6
10.4 Configuration Examples..............................................................................................................................10-6
10.4.1 Example for Configuring IPv6 DNS..................................................................................................10-7
11 ACL6 Configuration..............................................................................................................11-1
11.1 ACL6 Overview..........................................................................................................................................11-2
11.1.1 Introduction to ACL6.........................................................................................................................11-2
11.1.2 ACL6 Supported by the NE80E/40E.................................................................................................11-2
11.2 Configuring an Interfaced-based ACL6......................................................................................................11-2
11.2.1 Establishing the Configuration Task..................................................................................................11-2
11.2.2 (Optional) Configuring the Valid Time Range of ACL6...................................................................11-3
11.2.3 Creating an Interfaced-based ACL6...................................................................................................11-3
11.2.4 Checking the Configuration...............................................................................................................11-4
11.3 Configuring a Basic ACL6..........................................................................................................................11-5
11.3.1 Establishing the Configuration Task..................................................................................................11-5
11.3.2 (Optional) Configuring the Valid Time Range of ACL6...................................................................11-5
11.3.3 Creating a Basic ACL6......................................................................................................................11-6
11.3.4 Checking the Configuration...............................................................................................................11-6
11.4 Configuring an Advanced ACL6................................................................................................................11-7
11.4.1 Establishing the Configuration Task..................................................................................................11-7
11.4.2 (Optional) Configuring the Valid Time Range of ACL6...................................................................11-8
11.4.3 Creating an Advanced ACL6.............................................................................................................11-8
11.4.4 Checking the Configuration...............................................................................................................11-9
11.5 Configuring a Named ACL6.....................................................................................................................11-10
11.5.1 Establishing the Configuration Task................................................................................................11-10
11.5.2 (Optional) Configuring the Valid Time Range of ACL6.................................................................11-11
11.5.3 Creating a Named ACL6..................................................................................................................11-12
11.5.4 Checking the Configuration.............................................................................................................11-13
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xvii
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
11.6 Maintaining ACL6....................................................................................................................................11-13
11.6.1 Clearing ACL6 Statistics..................................................................................................................11-14
11.6.2 Monitoring Network Operation Status of ACL6..............................................................................11-14
11.7 Configuration Examples............................................................................................................................11-14
11.7.1 Example for Configuring an ACL6 to Filter IPv6 Packets..............................................................11-14
12 IPv6 over IPv4 Tunnel Configuration................................................................................12-1
12.1 IPv6 over IPv4 Tunnel Overview................................................................................................................12-2
12.1.1 Introduction to IPv6 over IPv4...........................................................................................................12-2
12.1.2 IPv6 over IPv4 Supported by the NE80E/40E...................................................................................12-2
12.2 Configuring IPv4/IPv6 Dual Stacks............................................................................................................12-8
12.2.1 Establishing the Configuration Task..................................................................................................12-8
12.2.2 Enabling IPv6 Packet Forwarding......................................................................................................12-9
12.2.3 Configuring IPv4 and IPv6 Addresses for the Interface..................................................................12-10
12.3 Configuring an IPv6 over IPv4 Tunnel.....................................................................................................12-11
12.3.1 Establishing the Configuration Task................................................................................................12-11
12.3.2 Configuring an IPv6 over IPv4 Manual Tunnel...............................................................................12-12
12.3.3 Configuring an IPV6 over IPv4 GRE Tunnel..................................................................................12-13
12.3.4 Configuring an IPv6 over IPv4 Automatic Tunnel..........................................................................12-14
12.3.5 Configuring a 6to4 Tunnel...............................................................................................................12-15
12.3.6 Configuring an ISATAP Tunnel......................................................................................................12-16
12.3.7 Configuring Routes in the Tunnel....................................................................................................12-17
12.3.8 Checking the Configuration.............................................................................................................12-18
12.4 Configuring 6PE........................................................................................................................................12-19
12.4.1 Establishing the Configuration Task................................................................................................12-19
12.4.2 Configuring IPv4/IPv6 Dual Protocol Stacks..................................................................................12-20
12.4.3 Configuring MPLS...........................................................................................................................12-21
12.4.4 Enabling 6PE Peer............................................................................................................................12-22
12.5 Maintaining IPv6 over IPv4 Tunnels........................................................................................................12-22
12.5.1 Monitoring the Running Status of IPv6 over IPv4 Tunnel..............................................................12-23
12.6 Configuration Examples............................................................................................................................12-23
12.6.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel..........................................................12-23
12.6.2 Example for Configuring an IPv6 over IPv4 GRE Tunnel..............................................................12-27
12.6.3 Example for Configuring an IPv6 over IPv4 Automatic Tunnel.....................................................12-31
12.6.4 Example for Configuring a 6to4 Tunnel..........................................................................................12-34
12.6.5 Example for Configuring 6to4 Relay...............................................................................................12-38
12.6.6 Example for Configuring an ISATAP Tunnel.................................................................................12-41
12.6.7 Example for Configuring 6PE..........................................................................................................12-44
13 IPv4 over IPv6 Tunnel Configuration................................................................................13-1
13.1 IPv4 over IPv6 Tunnel Overview................................................................................................................13-2
13.1.1 Introduction to IPv4 over IPv6...........................................................................................................13-2
13.1.2 IPv4 over IPv6 Supported by the NE80E/40E...................................................................................13-2
13.2 Configuring an IPv4 over IPv6 Tunnel.......................................................................................................13-3
xviii
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Contents
13.2.1 Establishing the Configuration Task..................................................................................................13-3
13.2.2 Configuring a Tunnel Interface..........................................................................................................13-4
13.2.3 Configuring Routes in the Tunnel......................................................................................................13-5
13.2.4 Configuring Other Items for an IPv4 over IPv6 Tunnel.................................................................... 13-5
13.2.5 Checking the Configuration...............................................................................................................13-6
13.3 Maintaining IPv4 over IPv6 Tunnels..........................................................................................................13-7
13.3.1 Monitoring the Operation Status of IPv4 over IPv6 Tunnel..............................................................13-8
13.4 Configuration Examples..............................................................................................................................13-8
13.4.1 Example for Configuring an IPv4 over IPv6 Tunnel.........................................................................13-8
A Glossary.....................................................................................................................................A-1
B Acronyms and Abbreviations.................................................................................................B-1
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xix
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Figures
Figures
Figure 1-1 Configuring primary and secondary IP addresses for an interface...................................................1-14
Figure 1-2 Networking diagram of allocating IP address through negotiation..................................................1-16
Figure 1-3 Networking diagram of an IP address unnumbered configuration...................................................1-18
Figure 1-4 Networking diagram of configuring IP address overlapping on the same device............................1-21
Figure 1-5 Networking diagram of configuring an IP address with a 31-bit mask............................................1-25
Figure 2-1 Implementation procedure of ARP-Ping IP........................................................................................2-4
Figure 2-2 Implementation procedure of ARP-Ping MAC..................................................................................2-5
Figure 2-3 Schematic diagram of transmission device existing between devices..............................................2-27
Figure 2-4 Networking diagram of configuring proxy ARP..............................................................................2-31
Figure 2-5 Networking diagram of configuring proxy ARP in a VLAN...........................................................2-34
Figure 2-6 Networking diagram of configuring proxy ARP between VLANs..................................................2-36
Figure 2-7 Networking diagram of configuring the association between ARP and interface status................. 2-37
Figure 2-8 Networking diagram of configuring Layer 2 topology detection.....................................................2-42
Figure 3-1 Networking diagram of DNS..............................................................................................................3-7
Figure 4-1 Networking diagram of the DHCP server and the client that are in the same network segment..... 4-46
Figure 4-2 Networking diagram of the DHCP server based on the address pool on the interface.................... 4-50
Figure 4-3 Networking diagram of the DCHP server based on the address pools on the sub-interfaces.......... 4-52
Figure 4-4 Networking diagram of the DHCP server based on the address pool on the VLANIF interface
.............................................................................................................................................................................4-55
Figure 4-5 Networking diagram for configuring DHCP relay...........................................................................4-58
Figure 4-6 Networking diagram of configuring the DHCP option association..................................................4-61
Figure 5-1 Typical networking diagram of COPS configuration.......................................................................5-11
Figure 6-1 Networking diagram of configuring an ANCP server........................................................................6-3
Figure 6-2 Networking diagram of configuring an ANCP proxy........................................................................6-4
Figure 6-3 Networking diagram of configuring the ANCP server.....................................................................6-32
Figure 6-4 Networking diagram of configuring router as the ANCP proxy and configuring ANCP-HQoS
association...........................................................................................................................................................6-35
Figure 7-1 Networking diagram of configuring ICMP host unreachable packets............................................. 7-16
Figure 7-2 Networking diagram of configuring UCMP.....................................................................................7-19
Figure 7-3 Networking diagram of configuring unequal-cost load balancing...................................................7-24
Figure 8-1 Diagram for configuring a traffic policy based on the complex traffic classification......................8-27
Figure 8-2 Networking of configuring the security function of access devices.................................................8-35
Figure 8-3 Typical networking of configuring an ACL rule..............................................................................8-38
Figure 9-1 Networking diagram of configuring an IPv6 address for an interface............................................. 9-24
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xxi
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Figures
Figure 9-2 Example for configuring IPv6 neighbor discovery..........................................................................9-27
Figure 10-1 DNS server connecting IPv4 and IPv6 networks...........................................................................10-3
Figure 10-2 Networking diagram of IPv6 DNS configurations.........................................................................10-7
Figure 11-1 Networking diagram of configuring an ACL6 to filter IPv6 packets...........................................11-15
Figure 12-1 Single stack and dual stack structures (Ethernet)...........................................................................12-2
Figure 12-2 Schematic diagram of IPv6 over IPv4 tunnel.................................................................................12-3
Figure 12-3 6to4 tunnel and 6to4 relay..............................................................................................................12-5
Figure 12-4 ISATAP tunnel...............................................................................................................................12-7
Figure 12-5 Networking diagram of 6PE...........................................................................................................12-7
Figure 12-6 Networking diagram of the IPv6 over IPv4 manual tunnel..........................................................12-24
Figure 12-7 Networking diagram of the IPv6 over IPv4 GRE tunnel..............................................................12-27
Figure 12-8 Networking diagram of the IPv6 over IPv4 automatic tunnel......................................................12-32
Figure 12-9 Networking diagram of the 6to4 tunnel........................................................................................12-35
Figure 12-10 Networking diagram of accessing the IPv6 network through 6to4 relay...................................12-38
Figure 12-11 Networking diagram of the ISATAP tunnel...............................................................................12-41
Figure 12-12 Networking diagram of 6PE.......................................................................................................12-44
Figure 13-1 Networking diagram of an IPv4 over IPv6 tunnel..........................................................................13-2
Figure 13-2 Networking diagram of an IPv4 over IPv6 tunnel..........................................................................13-8
xxii
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
1
IP Addresses Configuration
About This Chapter
This chapter describes the basic concepts and working mechanism of IP addresses. It also
describes the procedure for configuring IP addresses and provides typical configuration
examples.
1.1 IP Addresses Overview
This section describes the concepts of IP addresses and how to use an IP address.
1.2 Configuring IP Addresses for Interfaces
This section describes how to configure IP addresses for interfaces.
1.3 Configuring IP Address Negotiation on Interfaces
This section describes how to configure the interface on the client to obtain the interface from
the server through PPP negotiation.
1.4 Configuring IP Address Unnumbered for Interfaces
This section describes how to configure an interface to borrow the IP address from other
interfaces.
1.5 Maintaining IP Addresses
This section describes how to view IP address configurations.
1.6 Configuration Examples
This section provides several examples for configuring IP addresses.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
1.1 IP Addresses Overview
This section describes the concepts of IP addresses and how to use an IP address.
1.1.1 Introduction to IP Addresses
1.1.2 Features of IP Addresses Supported by the NE80E/40E
1.1.1 Introduction to IP Addresses
To communicate with each other on Internet Protocol (IP) networks, each host must be assigned
an IP address.
An IP address is a 32-bit number that is composed of two parts, namely, the network ID and
host ID.
The network ID identifies a network and the host ID identifies a host on the network. If the
network IDs of hosts are the same, it indicates that the hosts are on the same network regardless
of their physical locations.
1.1.2 Features of IP Addresses Supported by the NE80E/40E
The NE80E/40E supports IP address configuration through the following methods:
l
Manually configuring an IP address for an interface
l
Obtaining an IP address through negotiation
l
Borrowing an IP address from other interfaces
The NE80E/40E supports the space overlapping of network segment addresses to save the
address space.
l
Different IP addresses in the overlapped network segments but not same can be configured
on different interfaces of the same device. For example, after an interface on a device is
configured with the IP address 20.1.1.1/16, if another interface is configured with the IP
address 20.1.1.2/24, the system prompts a message. However, the configuration is still
successful; if another interface is configured with the IP address 20.1.1.2/16, the system
prompts an IP address conflict. The configuration fails.
l
The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on the same interface. For example, after the interface is
configured with a primary IP address 20.1.1.1/24, if the secondary IP address is 20.1.1.2/16
sub, the system prompts a message. However, the configuration is still successful.
l
The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on different interfaces of the same device. However, the
primary IP address and the secondary IP address cannot be the same. For example, after an
interface on a device is configured with the IP address 20.1.1.1/16, if another interface is
configured with the IP address 20.1.1.2/24 sub, the system prompts a message. However,
the configuration is still successful.
The NE80E/40E supports 31-bit IP address masks. Therefore, there are only two IP addresses
in a network segment, that is, the network address and broadcast address. The two IP addresses
can be used as host addresses.
1-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
You can assign the IP addresses with 31-bit masks to Point-to-Point (P2P), Point-to-Multipoint
(P2MP), NBMA Address Resolution Protocol (NBMA),broadcast, and loopback interfaces. For
non-P2P interfaces, if a 31-bit mask is configured, the system prompts acknowledgement
information to protect P2MP orbroadcast links. For example, if an Ethernet interface on a device
is assigned an IP address with a 31-bit mask, this device can access only the host in the directly
connected subnet. It cannot access all hosts in the subnet. In the backbone network of a broadcast
link, if a P2P link exists, you can configure the IP addresses with 31-bit masks.
1.2 Configuring IP Addresses for Interfaces
This section describes how to configure IP addresses for interfaces.
1.2.1 Establishing the Configuration Task
1.2.2 Configuring a Primary IP Address for an Interface
1.2.3 (Optional) Configuring a Secondary IP Address for an Interface
1.2.4 Checking the Configuration
1.2.1 Establishing the Configuration Task
Applicable Environment
To start IP services on an interface, configure the IP address for the interface. You can assign
several IP addresses to each interface. Among them, one is the primary IP address and the others
are secondary IP addresses.
Generally, you need to configure only a primary IP address for an interface. Secondary IP
addresses, however, are required in some cases. For instance, when a device connects to a
physical network through an interface, and computers on this network belong to two Class C
networks, you need to configure a primary IP address and a secondary IP address for this interface
to ensure that the device can communication with all computers on this network.
Pre-configuration Tasks
Before configuring an IP addresses for an interface, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the physical layer
status of the interface is Up
l
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IP addresses for an interface, you need the following data.
Issue 03 (2010-03-31)
No.
Data
1
Interface number
2
Primary IP address and subnet mask of the interface
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
No.
Data
3
(Optional) Secondary IP address and subnet mask of the interface
1.2.2 Configuring a Primary IP Address for an Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ip address ip-address { mask | mask-length }
A primary IP address is configured.
An interface has only one primary IP address. If the interface already has a primary IP address,
the newly configured primary IP address replaces the original one.
----End
1.2.3 (Optional) Configuring a Secondary IP Address for an
Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ip address ip-address { mask | mask-length } sub
1-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
A secondary IP address is configured.
A secondary IP address with a 31-bit mask can be configured for an interface.
You can configure a maximum of 255 secondary IP addresses on an interface.
----End
1.2.4 Checking the Configuration
Prerequisite
The configurations of the IP addresses for the interface are complete.
Procedure
l
Run the display ip interface [ brief ] [ interface-type interface-number ] command to check
the IP configuration on the interface.
l
Run the display interface [ interface-type [ interface-number ] ] [ | { begin | exclude |
include } regular-expression ] command to check interface information.
----End
Example
Run the display ip interface command to check that the physical status and link protocol status
of the interface are Up.
<HUAWEI> display ip interface brief gigabitethernet 1/1/0
*down: administratively down
!down: FIB overload down
(l): loopback
(s): spoofing
Interface
IP Address/Mask
Physical
GigabitEthernet1/1/0
172.16.13.2/24
up
up
Protocol
Run the display interface command to check information about the IP address and subnet mask
of the interface.
<HUAWEI> display interface gigabitethernet 1/1/0
GigabitEthernet1/1/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-11-16, 12:26:17
Description : GigabitEthernet1/1/0 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 172.16.13.2/24
Internet Address is 172.16.13.150/25 Sub
Internet Address is 172.16.13.200/28 Sub
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc08-2b73
Media type is twisted pair, loopback not set, promiscuous mode not set
100Mbps-speed mode, full-duplex mode, link type is autonegotiation
Last 300 seconds input rate 338 bits/sec, 0 packets/sec
Last 300 seconds output rate 514 bits/sec, 0 packets/sec
Input: 1065 packets, 1571513 bytes
0 broadcasts, 1065 multicasts
0 errors, 0 runts, 0 giants,
0 CRC, 0 collisions, 0 align errors,
0 other errors
Output:2866 packets, 2708571 bytes
0 broadcasts, 2866 multicasts
0 errors, 0 underruns, 0 collisions
0 packets had been deferred
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
1.3 Configuring IP Address Negotiation on Interfaces
This section describes how to configure the interface on the client to obtain the interface from
the server through PPP negotiation.
1.3.1 Establishing the Configuration Task
1.3.2 Configuring a Server to Assign an IP Address for a Client Through Negotiation
1.3.3 Configuring a Client to Obtain an IP Address Through Negotiation
1.3.4 Checking the Configuration
1.3.1 Establishing the Configuration Task
Applicable Environment
When devices are connected through the PPP link, the client interface can obtains the IP address
from the server through PPP negotiation. This is usually applicable to the situation when the
client connects to the Internet Service Provider (ISP) to access the Internet through the PPP link
such as dial-up. In this case, the ISP device assigns an IP address to the client through PPP
negotiation.
Pre-configuration Tasks
Before configuring IP addresses for interfaces through PPP negotiation, complete the following
tasks:
l
Configuring physical parameters of the interface and the link layer protocol PPP on the
server
l
Configuring IP addresses for interfaces on the server and making the link layer protocol
Up
l
Configuring physical parameters on the interface and the link layer protocol PPP on the
client
Data Preparation
To configure IP addresses for interfaces through PPP negotiation, you need the following data.
1-6
No.
Data
1
Number of the interface connecting the server to the client
2
ID of the address pool on the server or IP address assigned to the client
3
Range of IP addresses when an address pool is used
4
Number of the interface connecting the client to the server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
1.3.2 Configuring a Server to Assign an IP Address for a Client
Through Negotiation
Context
Do as follows on the router functioning as a server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
NOTE
If there is only one client, the address pool is unnecessary. In this case, skip Steps 2, 3, and 4, and do not
use the keyword pool in Step 6. Instead, directly assign the specified IP address to the client.
Step 2 (Optional) Run:
aaa
The AAA view is displayed.
Step 3 (Optional) Run:
ip pool pool-number start-address [ end-address ]
The local IP address pool is configured.
Step 4 (Optional) Run:
Quit the AAA view.
Step 5 Run:
interface interface-type interface-number
The interface view is displayed.
Obtaining an IP address through negotiation is applied to only the interface encapsulated with
PPP.
Step 6 Run:
remote address { ip-address | pool [ pool-number ] }
An IP address is assigned to the client.
Step 7 Run:
restart
The interface is restarted.
----End
Postrequisite
During preceding configurations, the address pool can also be configured in the domain view.
For details, see the HUAWEI NetEngine80E/40E Router Configuration Guide - Security.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
l
If the server authenticates the client, the address is selected from the address pool of the
domain that the client belongs to by default.
l
If the server does not authenticate the client and needs to assign an IP address to the client,
the address is selected from the system address pool.
The IP address or the address pool assigned to the peer must differ from the IP address of the
local device.
1.3.3 Configuring a Client to Obtain an IP Address Through
Negotiation
Context
Do as follows on the router working as a client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Obtaining an IP address through negotiation is applied to only the interface encapsulated with
PPP.
Step 3 Run:
ip address ppp-negotiate
The client is configured to obtain an IP address through negotiation.
----End
Postrequisite
If an interface without an IP address supports PPP while the remote peer is configured with an
IP address, enable IP address negotiation on the local interface. This enables the local interface
to obtain an IP address that is generated through PPP negotiation and is assigned by the remote
peer.
When you configure to obtain an IP address through negotiation on the interface, note the
following:
1-8
l
You can configure IP address negotiation on only the PPP-encapsulated interface. When
the status of the PPP protocol is Down, the IP address generated through negotiation is
deleted.
l
After IP address negotiation is configured on the interface, the configuration of IP address
for this interface is not needed any more. You can obtain a new IP address through
negotiation, and the original IP address configured before the IP address negotiation is
deleted.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
l
You cannot configure a secondary IP address for the interface configured with IP address
negotiation.
l
If you re-configure negotiation on this interface, the IP address generated through the
previous negotiation is deleted and a new IP address is obtained.
l
If the address generated through negotiation is deleted, the interface is in the non-address
state.
1.3.4 Checking the Configuration
Prerequisite
The configurations of IP address negotiation on interfaces are complete.
Procedure
l
Run the display ip interface [ brief ] [ interface-type interface-number ] command to check
the IP configuration on the interface.
l
Run the display interface [ interface-type [ interface-number ] ] [ | { begin | exclude |
include } regular-expression ] command to check interface information.
----End
Example
Run the display ip interface command to check that the physical status and link protocol status
of the interface are Up.
<HUAWEI> display ip interface brief gigabitethernet 1/1/0
*down: administratively down
!down: FIB overload down
(l): loopback
(s): spoofing
Interface
IP Address/Mask
Physical
Protocol
GigabitEthernet1/1/0
192.168.1.10/24
up
up
Run the display interface command to check information about the IP address and subnet mask
of the interface.
<HUAWEI> display interface pos 1/0/0
Pos1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-11-07, 11:44:08
Description : Pos1/0/0 Interface
Route Port,The Maximum Transmit Unit is 4470 bytes, Hold timer is 10(sec)
Internet Address is 192.168.1.10/24
Link layer protocol is PPP
LCP opened, IPCP opened
The Vendor PN is FTRJ1321P1BTL
Port BW: 2.5G, Transceiver max BW: 2.5G, Transceiver Mode: SingleMode
WaveLength: 1310nm, Transmission Distance: 5km
Rx Power: -2.81dBm, Tx Power: -1.91dBm
Physical layer is Packet Over SDH
Scramble enabled, clock master, CRC-32, loopback: none
Flag J0 "NetEngine
"
Flag J1 "NetEngine
"
Flag C2 22(0x16)
SDH alarm:
section layer: none
line
layer: none
path
layer: none
SDH error:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
section layer: B1 61575
line
layer: B2 12002824 REI 16835916
path
layer: B3 65535
Statistics last cleared:never
Last 300 seconds input rate 16 bits/sec, 0 packets/sec
Last 300 seconds output rate 40 bits/sec, 0 packets/sec
Input: 3510 packets, 57372 bytes
Input error: 0 shortpacket, 0 longpacket, 4 CRC, 0 lostpacket
Output: 7270 packets, 344198 bytes
Output error: 0 lostpackets
Output error: 0 overrunpackets, 0 underrunpackets
1.4 Configuring IP Address Unnumbered for Interfaces
This section describes how to configure an interface to borrow the IP address from other
interfaces.
1.4.1 Establishing the Configuration Task
1.4.2 Configuring the Primary IP Address of the Interface That Lends an IP Address
1.4.3 Configuring an Interface That Borrows an IP Address from Another Interface
1.4.4 Checking the Configuration
1.4.1 Establishing the Configuration Task
Applicable Environment
To save IP address resources in some cases, configure the IP address unnumbered on the
interface. You can also perform this configuration for an interface that is occasionally used rather
than making the interface occupy an IP address constantly.
Restrictions on configuring IP address unnumbered on an interface are as follows:
l
The interface of IP address borrower can not be an Ethernet interface.
l
The interface of IP address lender cannot be IP address from other.
l
Multiple interfaces can borrow the IP address from the interface of IP address lender.
l
If the interface of IP address lender has multiple IP addresses, the IP address lender can
only be the primary IP address.
l
If the interface of IP address borrower borrows an IP address from the interface with no IP
address, the IP address borrower gets the IP adderss 0.0.0.0.
l
The IP address of the virtual loopback interface can be borrowed by other interfaces. The
loopback interface, however, cannot borrow the IP address from other interfaces.
Pre-configuration Tasks
Before configuring IP address unnumbered on an interface, complete the following tasks:
1-10
l
Configuring physical attributes for the IP address borrower and lender
l
Configuring link layer protocols for the IP address borrower and lender
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Data Preparation
To configure IP address unnumbered on an interface, you need the following data.
No.
Data
1
Number, IP address, and mask of the interface that lends the IP address to other
interfaces
2
Number of the interface that borrows an IP address from another interface
NOTE
The configuration here only describes how to configure an unnumbered interface to borrow an IP address.
Dynamic routing protocols cannot be enabled on an interface without an IP address. Therefore, you need
to manually configure a static route to the remote network segment to realize communication between
devices.
1.4.2 Configuring the Primary IP Address of the Interface That
Lends an IP Address
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ip address ip-address { mask | mask-length }
The primary IP address of the interface is configured.
An interface can also obtain the primary IP address through PPP negotiation.
----End
1.4.3 Configuring an Interface That Borrows an IP Address from
Another Interface
Context
Do as follows on the router:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ip address unnumbered interface interface-type interface-number
The interface is configured to borrow an IP address from the specified interface.
The ATM interface, tunnel interface, and the interface encapsulated with frame relay, PPP or
HDLC can borrow the IP address from an Ethernet interface or other interfaces.
----End
1.4.4 Checking the Configuration
Prerequisite
The configurations of IP address unnumbered are complete.
Procedure
l
Run the display ip interface [ brief ] [ interface-type interface-number ] command to check
the IP configuration on the interface.
l
Run the display interface [ interface-type [ interface-number ] ] [ | { begin | exclude |
include } regular-expression ] command to check interface information.
----End
Example
Run the display ip interface command. If the physical status and link protocol status of the
interface are Up, it means that the configuration succeeds.
Run the display interface command. If information about the IP address and mask of the
interface is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display interface pos 6/0/0
Pos6/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2008-01-30, 12:06:08
Description: Pos6/0/0 Interface
Route Port,The Maximum Transmit Unit is 4470, Hold timer is 10(sec)
Internet Address is unnumbered, using address of GigabitEthernet3/0/9(120.1.1.1/
24)
Link layer protocol is PPP
LCP opened, IPCP opened
The Vendor PN is FTRJ1321P1BTL
Port BW: 2.5G, Transceiver max BW: 2.5G, Transceiver Mode: SingleMode
WaveLength: 1310nm, Transmission Distance: 5km
Rx Power: -7.19dBm, Tx Power: -5.76dBm
Physical layer is Packet Over SDH
1-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Scramble enabled, clock master, CRC-32, loopback: none
Flag J0 "NetEngine
"
Flag J1 "NetEngine
"
Flag C2 22(0x16)
SDH alarm:
section layer: none
line
layer: none
path
layer: none
SDH error:
section layer: B1 0
line
layer: B2 0 REI 1370245
path
layer: B3 0 REI 56395
Statistics last cleared:never
Last 300 seconds input rate 24 bits/sec, 0 packets/sec
Last 300 seconds output rate 24 bits/sec, 0 packets/sec
Input: 1420 packets, 23131 bytes
Input error: 2 shortpacket, 0 longpacket, 1 CRC, 0 lostpacket
Output: 1421 packets, 23150 bytes
Output error: 0 lostpackets
Output error: 0 overrunpackets, 0 underrunpackets
1.5 Maintaining IP Addresses
This section describes how to view IP address configurations.
1.5.1 Monitoring Network Operation Status of IP Addresses
1.5.1 Monitoring Network Operation Status of IP Addresses
Context
In routine maintenance, you can run the following commands in any view to check the operation
of IP addresses.
Procedure
l
Run the display ip interface [ brief ] [ interface-type interface-number ] command in any
view to check the IP address configuration on the interface.
l
Run the display interface [ interface-type [ interface-number ] ] [ | { begin | exclude |
include } regular-expression ] command in any view to check information about the
interface.
----End
1.6 Configuration Examples
This section provides several examples for configuring IP addresses.
1.6.1 Example for Configuring Primary and Secondary IP Addresses
1.6.2 Example for Obtaining an IP Address Through Negotiation
1.6.3 Example for Configuring IP Address Unnumbered
1.6.4 Example for Configuring IP Address Overlapping on the Same Device
1.6.5 Example for Configuring an IP Address with a 31-bit Mask
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
1.6.1 Example for Configuring Primary and Secondary IP Addresses
Networking Requirements
As shown in Figure 1-1, GE 1/0/1 of the device connects to a LAN in which computers belong
to one of the two network segments: 172.16.1.0/24 and 172.16.2.0/24. It is required that the
device can communicate with the two network segments. At the same time, the hosts of the two
network segments cannot communicate with each other.
Figure 1-1 Configuring primary and secondary IP addresses for an interface
172.16.1.0/24
Router
GE1/0/1
172.16.1.1/24
172.16.2.1/24 sub
172.16.2.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Analyze the address of the network segment to which the interface connects.
2.
Configure the primary IP address for the interface and then configure one or more secondary
IP addresses for the interface.
NOTE
The primary IP address and the secondary IP address in the overlapped network segments but not same
can be configured on the same interface. The secondary IP addresses of an interface cannot be in the same
network segment.
Data Preparation
To complete the configuration, you need the following data:
l
Primary IP address and subnet mask of the interface
l
Secondary IP address and subnet mask of the interface
Procedure
Step 1 Configure the device.
# Configure the primary and secondary IP addresses for GE 1/0/1 of the device.
1-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
<HUAWEI> system-view
[HUAWEI] sysname Router
[Router] interface gigabitethernet 1/0/1
[Router-GigabitEthernet1/0/1] ip address 172.16.1.1 255.255.255.0
[Router-GigabitEthernet1/0/1] ip address 172.16.2.1 255.255.255.0 sub
[Router-GigabitEthernet1/0/1] undo shutdown
[Router-GigabitEthernet1/0/1] quit
Step 2 Verify the configuration.
# Ping the host on the network segment 172.16.1.0 from the device. The ping succeeds.
[Router] ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128 time=25
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128 time=27
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128 time=26
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128 time=26
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128 time=26
--- 172.16.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms
ms
ms
ms
ms
ms
# Ping the host on the segment 172.16.2.0 from the device. The ping succeeds.
[Router] ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26
--- 172.16.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
ms
ms
ms
ms
ms
# The hosts of the two network segments cannot ping through each other.
----End
Configuration Files
The following lists the configuration file of the device:
#
sysname Router
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 172.16.1.1 255.255.255.0
ip address 172.16.2.1 255.255.255.0 sub
#
return
1.6.2 Example for Obtaining an IP Address Through Negotiation
Networking Requirements
As shown in Figure 1-2, Router A allocates an IP address for POS 1/0/0 on Router B through
PPP negotiation.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Figure 1-2 Networking diagram of allocating IP address through negotiation
Ethernet
POS 1/0/0
192.168.1.1/24
POS 1/0/0
RouterA
Ethernet
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a local IP address pool.
2.
Configure an IP address for the local interface.
3.
Specify an IP address or address pool for the remote end.
4.
Enable obtaining an IP address through negotiation on the remote end.
Data Preparation
To complete the configuration, you need the following data:
l
IP address and subnet mask of the local interface
l
The range of the IP address to be allocated to the remote end
Procedure
Step 1 Configure Router A.
# Configure a local IP address pool.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] aaa
[RouterA-aaa] ip pool 1 192.168.1.10 192.168.1.20
[RouterA-aaa] quit
# Configure an IP address for POS 1/0/0.
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] ip address 192.168.1.1 255.255.255.0
# Configure POS 1/0/0 to allocate an IP address to the remote end.
[RouterA-Pos1/0/0]
[RouterA-Pos1/0/0]
[RouterA-Pos1/0/0]
[RouterA-Pos1/0/0]
remote address pool 1
shutdown
undo shutdown
quit
Step 2 Configure Router B.
# Enable obtaning an IP address of the interface through PPP negotiation.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ip address ppp-negotiate
[RouterB-Pos1/0/0] undo shutdown
1-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
[RouterB-Pos1/0/0] quit
Step 3 Verify the configuration.
Router B can ping through POS 1/0/0 on Router A.
[RouterB] ping 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=156 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=63 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=62 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=63 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=63 ms
--- 192.168.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/81/156 ms
# View the status of POS 1/0/0 on Router B.
[RouterB] display interface pos 1/0/0
Pos1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-12-07, 17:12:39
Description : Pos1/0/0 Interface
Route Port,The Maximum Transmit Unit is 4470, Hold timer is 10(sec)
Internet Address is negotiated, 192.168.1.10/32
Link layer protocol is PPP
LCP opened, IPCP opened
The Vendor PN is FTRJ1321P1BTL
Port BW: 2.5G, Transceiver max BW: 2.5G, Transceiver Mode: SingleMode
WaveLength: 1310nm, Transmission Distance: 5km
Rx Power: -2.81dBm, Tx Power: -1.91dBm
Physical layer is Packet Over SDH
Scramble enabled, clock master, CRC-32, loopback: none
Flag J0 "NetEngine
"
Flag J1 "NetEngine
"
Flag C2 22(0x16)
SDH alarm:
section layer: none
line
layer: none
path
layer: none
SDH error:
section layer: B1 61575
line
layer: B2 12002824 REI 16835916
path
layer: B3 65535
Statistics last cleared:never
Last 300 seconds input rate 16 bits/sec, 0 packets/sec
Last 300 seconds output rate 40 bits/sec, 0 packets/sec
Input: 3510 packets, 57372 bytes
Input error: 0 shortpacket, 0 longpacket, 4 CRC, 0 lostpacket
Output: 7270 packets, 344198 bytes
Output error: 0 lostpackets
Output error: 0 overrunpackets, 0 underrunpackets
If the information "Internet Address is negotiated, 192.168.1.10/32" is displayed, it means that
the address negotiation succeeds.
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
aaa
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
ip pool 1 192.168.1.10 192.168.1.20
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
remote address pool 1
ip address 192.168.1.1 255.255.255.0
#
return
Configuration file of Router B
l
#
sysname RouterB
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address ppp-negotiate
#
return
1.6.3 Example for Configuring IP Address Unnumbered
Networking Requirements
As shown in Figure 1-3, an enterprise builds its intranet through the ISDN. Router A and Router
B connect to a local LAN through the GE interfaces. The devices connect to each other through
the dialing ports. Each device connects to the LAN through GE 1/0/0 and connects to the ISDN
through POS 2/0/0. To save IP address resources, the dialing ports are planed to borrow the IP
addresses from the GE interfaces.
Figure 1-3 Networking diagram of an IP address unnumbered configuration
RouterB
RouterA
Ethernet
Ethernet
ISDN
GE1/0/0 POS 2/0/0
172.16.10.1/24
POS 2/0/0 GE1/0/0
172.16.20.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses to be borrowed.
2.
Configure the interfaces to borrow IP addresses from other interfaces.
Data Preparation
To complete the configuration, you need the following data:
1-18
l
IP address of the interface that lends an IP address
l
Number of the interface that lends an IP address
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Procedure
Step 1 Configure Router A.
# Configure an IP address for GE 1/0/0.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 172.16.10.1 255.255.255.0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
# Configure the POS interface to borrow an IP address from the GE interface.
[RouterA] interface pos 2/0/0
[RouterA-Pos2/0/0] ip address unnumbered interface gigabitethernet 1/0/0
[RouterA-Pos2/0/0] link-protocol ppp
[RouterA-Pos2/0/0] undo shutdown
[RouterA-Pos2/0/0] quit
# Configure an Ethernet route to Router B.
[RouterA] ip route-static 172.16.20.0 255.255.255.0 pos 2/0/0
Step 2 Configure Router B.
# Configure an IP address for GE 1/0/0.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ip address 172.16.20.1 255.255.255.0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] quit
# Configure the POS interface to borrow an IP address from the GE interface.
[RouterB] interface pos 2/0/0
[RouterB-Pos2/0/0] ip address unnumbered interface gigabitethernet 1/0/0
[RouterB-Pos2/0/0] link-protocol ppp
[RouterB-Pos2/0/0] undo shutdown
[RouterB-Pos2/0/0] quit
# Configure an Ethernet route to Router A.
[RouterB] ip route-static 172.16.10.0 255.255.255.0 pos 2/0/0
Step 3 Verify the configuration.
# Router A can ping through the address of the host connected to Router B.
[RouterA] ping 172.16.20.2
PING 172.16.20.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.20.2: bytes=56 Sequence=1 ttl=254 time=25
Reply from 172.16.20.2: bytes=56 Sequence=2 ttl=254 time=25
Reply from 172.16.20.2: bytes=56 Sequence=3 ttl=254 time=26
Reply from 172.16.20.2: bytes=56 Sequence=4 ttl=254 time=26
Reply from 172.16.20.2: bytes=56 Sequence=5 ttl=254 time=26
--- 172.16.20.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
ms
ms
ms
ms
ms
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-19
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address unnumbered interface GigabitEthernet1/0/0
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.10.1 255.255.255.0
#
ip route-static 172.16.20.0 255.255.255.0 Pos2/0/0
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address unnumbered interface GigabitEthernet1/0/0
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.20.1 255.255.255.0
#
ip route-static 172.16.10.0 255.255.255.0 Pos2/0/0
#
return
1.6.4 Example for Configuring IP Address Overlapping on the Same
Device
Networking Requirements
As shown in Figure 1-4, Network A and Network B are independent from each other. They
access the Internet through different paths. Using the same Layer 2 network provided by ISP 1,
Network A and Network B can access each other.
It is required to use Router B to connect Network A and Network B to the Layer 2 network
provided by ISP 1 by using the IP addresses 192.168.1.11/24 and 192.168.1.12/24.
1-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Figure 1-4 Networking diagram of configuring IP address overlapping on the same device
GE1/0/0
192.168.1.1/24
RouterA
AS:100
Layer2
network
r1
GE1/0/0
192.168.1.11/24
r2
GE3/0/0
192.168.1.12/24
POS2/0/0
10.1.1.1/24
POS4/0/0
20.1.1.1/24
POS2/0/0
10.1.1.2/24
RouterB
ISP1 AS:200
RouterC
Network A
POS4/0/0
20.1.1.2/24
RouterD
Network B
Procedure
Step 1 Configure a VPN instance.
# On Router B, create a VPN instance for Network A, and bind the VPN instance to the upstream
interface GE 1/0/0 and the downstream interface POS 2/0/0.
<HUAWEI> system-view
[HUAWEI] sysname B
[RouterB] ip vpn-instance r1
[RouterB-vpn-instance-r1] route-distinguisher 100:1
[RouterB-vpn-instance-r1] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ip binding vpn-instance r1
[RouterB-GigabitEthernet1/0/0] ip address 192.168.1.11 24
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface pos 2/0/0
[RouterB-Pos2/0/0] ip binding vpn-instance r1
[RouterB-Pos2/0/0] ip address 10.1.1.1 24
[RouterB-Pos2/0/0] undo shutdown
[RouterB-Pos2/0/0] quit
# On Router B, create a VPN instance for Network B, and bind the VPN instance to the upstream
interface GE 3/0/0 and the downstream interface POS 4/0/0.
[RouterB] ip vpn-instance r2
[RouterB-vpn-instance-r2] route-distinguisher 100:2
[RouterB-vpn-instance-r2] quit
[RouterB] interface gigabitethernet 3/0/0
[RouterB-GigabitEthernet3/0/0] ip binding vpn-instance r2
[RouterB-GigabitEthernet3/0/0] ip address 192.168.1.12 24
[RouterB-GigabitEthernet3/0/0] undo shutdown
[RouterB-GigabitEthernet3/0/0] quit
[RouterB] interface pos 4/0/0
[RouterB-Pos4/0/0] ip binding vpn-instance r2
[RouterB-Pos4/0/0] ip address 20.1.1.1 24
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-21
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
[RouterB-Pos4/0/0] undo shutdown
[RouterB-Pos4/0/0] quit
# On Router B, configure static routes for the two VPN instances.
[RouterB] ip route-static vpn-instance r1 0.0.0.0 0 192.168.1.1
[RouterB] ip route-static vpn-instance r2 0.0.0.0 0 192.168.1.1
Step 2 Set up the EBGP neighbor relationship between Router A and the two upstream interfaces on
Router B respectively.
# Configure Router B.
[RouterB] bgp 200
[RouterB-bgp] router-id 100.1.1.1
[RouterB-bgp] ipv4-family vpn-instance r1
[RouterB-bgp-r1] peer 192.168.1.1 as-number 100
[RouterB-bgp-r1] import-route direct
[RouterB-bgp-r1] quit
[RouterB-bgp] ipv4-family vpn-instance r2
[RouterB-bgp-r2] peer 192.168.1.1 as-number 100
[RouterB-bgp-r2] import-route direct
[RouterB-bgp-r2] quit
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 192.168.1.1 24
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] bgp 100
[RouterA-bgp] peer 192.168.1.11 as-number 200
[RouterA-bgp] peer 192.168.1.12 as-number 200
[RouterA-bgp] quit
Step 3 Configure IP addresses and static routes for Router C and Router D on the local network.
# Configure the IP address and static route for Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] interface pos 2/0/0
[RouterC-Pos2/0/0] ip address 10.1.1.2 24
[RouterC-Pos2/0/0] undo shutdown
[RouterC-Pos2/0/0] quit
[RouterC] ip route-static 0.0.0.0 0 10.1.1.1
# Configure the IP address and static route for Router D.
<HUAWEI> system-view
[HUAWEI] sysname RouterD
[RouterD] interface pos 4/0/0
[RouterD-Pos4/0/0] ip address 20.1.1.2 24
[RouterD-Pos4/0/0] undo shutdown
[RouterD-Pos4/0/0] quit
[RouterD] ip route-static 0.0.0.0 0 20.1.1.1
Step 4 Verify the configuration.
# After the configurations, view the private routing table on Router B. The routes of the two
local networks connected to Router B belong to two VPN instances (r1 and r2) respectively.
This indicates that the routes are isolated.
[RouterB] display ip routing-table vpn-instance r1
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: r1
1-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
Destinations : 6
Destination/Mask
Proto
0.0.0.0/0
10.1.1.0/24
10.1.1.1/32
10.1.1.2/32
192.168.1.0/24
192.168.1.11/32
Static
Direct
Direct
Direct
Direct
Direct
Routes : 6
Pre
Cost
60
0
0
0
0
0
0
0
0
0
0
0
Flags
RD
D
D
D
D
D
NextHop
192.168.1.1
10.1.1.1
127.0.0.1
10.1.1.2
192.168.1.11
127.0.0.1
Interface
GigabitEthernet1/0/0
Pos2/0/0
InLoopBack0
Pos2/0/0
GigabitEthernet1/0/0
InLoopBack0
[RouterB] display ip routing-table vpn-instance r2
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: r2
Destinations : 6
Routes : 6
Destination/Mask
0.0.0.0/0
20.1.1.0/24
20.1.1.1/32
20.1.1.2/32
192.168.1.0/24
192.168.1.12/32
Proto
Pre
Static
Direct
Direct
Direct
Direct
Direct
Cost
60
0
0
0
0
0
0
0
0
0
0
0
Flags
RD
D
D
D
D
D
NextHop
192.168.1.1
20.1.1.1
127.0.0.1
20.1.1.2
192.168.1.12
127.0.0.1
Interface
GigabitEthernet3/0/0
Pos4/0/0
InLoopBack0
Pos4/0/0
GigabitEthernet3/0/0
InLoopBack0
# Run the display ip routing-table command on Router A. The command output shows that
the public routing table on Router A contains routes to the two local networks.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 8
Routes : 8
Destination/Mask
Proto
Pre
10.1.1.0/24
10.1.1.2/32
20.1.1.0/24
20.1.1.2/32
127.0.0.0/8
127.0.0.1/32
192.168.1.0/24
192.168.1.1/32
BGP
BGP
BGP
BGP
Direct
Direct
Direct
Direct
255
255
255
255
0
0
0
0
Cost
0
0
0
0
0
0
0
0
Flags
D
D
D
D
D
D
D
D
NextHop
Interface
192.168.1.11
192.168.1.11
192.168.1.12
192.168.1.12
127.0.0.1
127.0.0.1
192.168.1.1
127.0.0.1
GigabitEthernet1/0/0
GigabitEthernet1/0/0
GigabitEthernet1/0/0
GigabitEthernet1/0/0
InLoopBack0
InLoopBack0
GigabitEthernet1/0/0
InLoopBack0
Network A and Network B can ping through each other.
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
bgp 100
peer 192.168.1.11 as-number 200
peer 192.168.1.12 as-number 200
#
ipv4-family unicast
undo synchronization
peer 192.168.1.11 enable
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
peer 192.168.1.12 enable
#
return
l
Configuration file of Router B.
#
sysname RouterB
#
ip vpn-instance r1
route-distinguisher 100:1
#
ip vpn-instance r2
route-distinguisher 100:2
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance r1
ip address 192.168.1.11 255.255.255.0
#
interface GigabitEthernet3/0/0
undo shutdown
ip binding vpn-instance r2
ip address 192.168.1.12 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip binding vpn-instance r1
ip address 10.1.1.1 255.255.255.0
#
interface Pos4/0/0
link-protocol ppp
undo shutdown
ip binding vpn-instance r2
ip address 20.1.1.1 255.255.255.0
#
bgp 200
router-id 100.1.1.1
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpn-instance r1
peer 192.168.1.1 as-number 100
import-route direct
#
ipv4-family vpn-instance r2
peer 192.168.1.1 as-number 100
import-route direct
#
ip route-static vpn-instance r1 0.0.0.0 0.0.0.0 192.168.1.1
ip route-static vpn-instance r2 0.0.0.0 0.0.0.0 192.168.1.1
#
return
l
Configuration file of Router C
#
sysname RouterC
#
interface pos 2/0/0
link-protocol ppp
undo shutdown
ip address 10.1.1.2 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
#
return
l
Configuration file of Route D
#
1-24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
sysname RouterD
#
interface pos 4/0/0
link-protocol ppp
undo shutdown
ip address 20.1.1.2 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 20.1.1.1
#
Return
1.6.5 Example for Configuring an IP Address with a 31-bit Mask
Networking Requirements
As shown in Figure 1-5, Router A and Router B are connected through a PPP link.
Figure 1-5 Networking diagram of configuring an IP address with a 31-bit mask
POS1/0/0
10.1.1.1/31
POS1/0/0
10.1.1.0/31
RouterB
RouterA
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure an IP address with a 31-bit mask for POS 1/0/0 on Router A.
2.
Configure an IP address with a 31-bit mask for POS 1/0/0 on Router B.
Data Preparation
To complete the configuration, you need the following data:
l
IP address and mask of POS 1/0/0 on Router A
l
IP address and mask of POS 1/0/0 on Router B
Procedure
Step 1 Configure an IP address for each interface.
# Configure an IP address for POS 1/0/0 on Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] ip address 10.1.1.1 31
[RouterA-Pos1/0/0] undo shutdown
[RouterA-Pos1/0/0] quit
# Configure an IP address for POS 1/0/0 on Router B.
<HUAWEI> system-view
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
1 IP Addresses Configuration
[HUAWEI] sysname RouterB
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ip address 10.1.1.0 31
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
Step 2 Verify the configuration.
# After the preceding configurations, you can check the routing table on Router A. You can find
that in the routing table, the network address and the broadcast address of the network segment
are both used as host addresses.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 5
Routes : 5
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
10.1.1.0/31 Direct 0
0
D 10.1.1.1
Pos1/0/0
10.1.1.0/32 Direct 0
0
D 10.1.1.0
Pos1/0/0
10.1.1.1/32 Direct 0
0
D 127.0.0.1
InLoopBack0
127.0.0.0/8
Direct 0
0
D 127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D 127.0.0.1
InLoopBack0
# After the preceding configurations, you can check the routing table on Router B. You can find
that in the routing table, the network address and the broadcast address of the network segment
are both used as host addresses.
[RouterB] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 5
Routes : 5
Destination/Mask
Proto Pre Cost
Flags NextHop
Interface
10.1.1.0/31 Direct 0
0
D 10.1.1.0
Pos1/0/0
10.1.1.0/32 Direct 0
0
D 127.0.0.1
InLoopBack0
10.1.1.1/32 Direct 0
0
D 10.1.1.1
Pos1/0/0
127.0.0.0/8
Direct 0
0
D 127.0.0.1
InLoopBack0
127.0.0.1/32 Direct 0
0
D 127.0.0.1
InLoopBack0
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.1.1.1 255.255.255.254
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.1.1.0 255.255.255.254
#
return
1-26
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2
ARP Configuration
About This Chapter
This chapter describes the principle of ARP and the procedure for configuring ARP, and provides
typical configuration examples.
2.1 Introduction to ARP
This section describes the basic principle and concepts of the Address Resolution Protocol
(ARP).
2.2 Configuring Static ARP
This section describes how to configure static ARP.
2.3 Optimizing Dynamic ARP
2.4 Configuring Routed Proxy ARP
This section describes how to configure routed proxy ARP to make different sub-networks
communicate with each other.
2.5 Configuring Proxy ARP Within a VLAN
This section describes how to implement communication between hosts in the same VLAN
configured with user isolation.
2.6 Configuring Proxy ARP Between VLANs
This section describes how to implement communication between hosts in different VLANs.
2.7 Configuring ARPing-IP
This section describes how to configure ARPing-IP.
2.8 Configuring ARPing-MAC
This section describes how to configure ARPing-MAC.
2.9 Configuring the Association Between ARP and Interface Status
This section describes how to control the protocol status of the interface through ARP probes.
2.10 Maintaining ARP
This section describes how to display ARP configurations, clear ARP statistics and debug ARP.
2.11 Configuration Examples
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
This section provides some configurations example, such as Routed Proxy ARP, Proxy ARP
Within a VLAN and Proxy ARP Between VLANs.
2-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.1 Introduction to ARP
This section describes the basic principle and concepts of the Address Resolution Protocol
(ARP).
2.1.1 Overview of ARP
2.1.2 Features of ARP Supported by the NE80E/40E
2.1.1 Overview of ARP
Each host or device on the Local Area Network (LAN) has a 32-bit IP address to communicate
with others. The assigned IP address is independent of the hardware address.
On the Ethernet, a host or a device transmits and receives Ethernet frames according to a 48-bit
Medium Access Control (MAC) address. The MAC address is also called the physical address
or the hardware address, which is assigned to an Ethernet interface when an equipment is
produced. Therefore, on an interconnected network, an address resolution mechanism is required
to provide the mapping between MAC addresses and IP addresses.
The Address Resolution Protocol (ARP) maps an IP address to the corresponding MAC address.
2.1.2 Features of ARP Supported by the NE80E/40E
ARP is classified into dynamic ARP and static ARP. The NE80E/40E supports dynamic ARP,
static ARP, and proxy ARP.
Introduction to ARPing
ARPing consists of ARP-Ping IP and ARP-Ping MAC. ARPing is developed to maintain the
deployed Layer 2 features.
Introduction to ARP-Ping IP
ARP-Ping IP uses ARP packets to check whether an IP address is used by another device on the
LAN.
Before configuring an IP address for a device, you need to check that the IP address is not used
by another device on the network by sending ARP packets.
You can also run the ping command to check whether the IP address is used by another device
on the network. If enabled with the firewall function that does not reply to Ping packets, the
destination host and device do not reply to Ping packets and think that the IP address is not in
use. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall. In
this way, the preceding situation does not occur.
Principles of ARP-Ping IP
ARP-Ping IP sends ARP Request packets. The following describes how to implement ARP-Ping
IP:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
1.
After setting the specified IP address through command lines, you can send ARP Request
packets and start the timeout timer.
2.
After receiving an ARP Request packet, each device or host on the LAN replies with an
ARP Reply packet.
3.
After receiving the ARP Reply packet, the source device compares the source IP address
contained in the Reply packet with the IP address input in the command line. If they are
consistent, the MAC address corresponding to the input IP address is displayed and the
timeout timer of ARP Reply packets is disabled. The operation finishes.
If the timeout timer of ARP Reply packets times out, it means that the IP address is not in
use.
As shown in Figure 2-1, Router A and Gigabitethernet A are directly connected. You can run
the arp-ping ip command on Router A to check whether the IP address 10.1.1.2 is in use.
Figure 2-1 Implementation procedure of ARP-Ping IP
Host B
Host A
10.1.1.3/32 10.1.1.2/32
GE1/0/0
10.1.1.1/24
RouterA
Gigabitethernet A
Run the arp-ping ip 10.1.1.2 command on Router A. After receiving the ARP Reply packet
from Host A 10.1.1.2 on the network, Router A displays the MAC address of Host A.
Through the command output, you can know whether the IP address is used by another host on
the network.
NOTE
The arp-ping ip command is applicable to the outgoing interface in one of the following types: the Gigabit
Ethernet interface, and Eth-Trunk interface, VLANIF interface, member interface of the VLANIF interface,
Ethernet interface, (including the Layer 2 interfaces into which these interfaces are switched).
Introduction to ARP-Ping MAC
ARP-Ping MAC uses ICMP packets to check whether a MAC address is used by another device
on the LAN.
When you know a specific MAC address on a network segment but do not know the
corresponding IP address, you can obtain the IP address corresponding to the MAC address by
sending the broadcast Internet Control Messages Protocol (ICMP) packets through ARP-Ping
MAC. In this way, you can query the IP address corresponding to the specific MAC address on
the network segment.
2-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Principles of ARP-Ping MAC
ARP-Ping MAC sends broadcast ICMP Echo Request packets. The following describes how to
implement ARP-Ping MAC:
1.
After setting the specified MAC address through the command line, you can send broadcast
ICMP Echo Request packets and start the timeout timer.
2.
After receiving an ICMP Echo Request packet, each device or host on the LAN replies with
an ICMP Echo Reply packet.
3.
After receiving the ICMP Echo Reply packet, the source device compares the source MAC
address contained in the Echo Reply packet with the MAC address input in the command
line. If they are consistent, the IP address of the Echo Reply packet is displayed. Then the
source device prompts you that the MAC address is in use and disables the timeout timer.
The operation finishes.
If the timeout timer of the ICMP Echo Reply packets times out, it means that the MAC
address is not in use.
NOTE
If the system denies the request for replying with the network segment address, the sender cannot receive
the ICMP Echo Reply packet.
As shown in Figure 2-2, Router A and Gigabitethernet A are directly connected. You can run
the arp-ping mac command on Router A to check whether the MAC address 0013-46E7-2EF5
is in use.
Figure 2-2 Implementation procedure of ARP-Ping MAC
Host A
0013-46E7-2EF5
GE1/0/0
10.1.1.1/24
RouterA
Gigabitethernet A
The following describes how to implement ARP-Ping MAC on Router A:
Run the arp-ping mac 0013-46E7-2EF5 10.1.1.0 or arp-ping mac 0013-46E7-2EF5
gigabitethernet 1/0/0 command on Router A. After receiving the ICMP Reply packets replied
by all the hosts on the network, Router A displays the IP address of the host with the MAC
address 0013-46E7-2EF5.
Through the command output, you can obtain the IP address corresponding to the MAC address.
NOTE
The arp-ping mac command is applicable to the outgoing interface in one of the following types: Gigabit
Ethernet interface, VLANIF interface, the Ethernet interface, and Eth-Trunk interface.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.2 Configuring Static ARP
This section describes how to configure static ARP.
2.2.1 Establishing the Configuration Task
2.2.2 Configuring Common Static ARP Entries
2.2.3 Configuring Static ARP Entries in a VLAN
2.2.4 Configuring Static ARP Entries in a VPN Instance
2.2.5 Checking the Configuration
2.2.1 Establishing the Configuration Task
Applicable Environment
Static ARP is used in the following situations:
l
For the packets whose destination IP address is on another network segment, static ARP
can help these packets traverse a gateway of the local network segment so that the gateway
can forward the packets to their destination.
l
When you need to filter out some packets with illegitimate destination IP addresses, static
ARP can bind these illegitimate addresses to a nonexistent MAC address.
Pre-configuration Tasks
Before configuring ARP, complete the following tasks:
l
Configuring physical parameters for the interface and ensuring that the status of the physical
layer of the interface is Up
l
Configuring link layer protocol parameters for the interface and ensuring that the status of
the link layer protocol on the interface is Up
l
Configuring the network layer protocol for the interface
Data Preparation
To configure ARP, you need the following data.
2-6
No.
Data
1
IP address and MAC address of the static ARP entry
2
VPN instance name and VLAN ID to which the static ARP entry belongs
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.2.2 Configuring Common Static ARP Entries
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the Dot1q
termination sub-interface, QinQ termination sub-interface, or VLANIF interface cannot be the
IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and
thus packets cannot be normally forwarded.
NOTE
To configure static ARP for the packets with double tags, run the arp static cevid command. For details,
see the HUAWEI NetEngine80E/40E Router Command Reference - LAN Access and MAN Access.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
arp static ip-address mac-address
Configure common static ARP entries.
NOTE
Static ARP entries keep valid when a device works normally.
----End
2.2.3 Configuring Static ARP Entries in a VLAN
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the Dot1q
termination sub-interface, QinQ termination sub-interface, or VLANIF interface cannot be the
IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and
thus packets cannot be normally forwarded.
NOTE
To configure static ARP for the packets with double tags, run the arp static cevid command. For details,
see the HUAWEI NetEngine80E/40E Router Command Reference - LAN Access and MAN Access.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
The system view is displayed.
Step 2 Configure static ARP entries in a Virtual Local Area Network (VLAN).
To configure static ARP entries in a Virtual Local Area Network (VLAN), do as follows:
l
Run the arp static ip-address mac-address vid vlan-id interface interface-type interfacenumber command.
If the interface corresponding to the VLAN is bound to a Virtual Private Network (VPN),
the device can automatically associate the configured static ARP entry with the VPN. This
command is applicable to port-based VLANs.
l
Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlanid command.
This command is applicable to the sub-interface that supports VLAN and can be bound to
the VPN.
NOTE
Static ARP entries keep valid when a device works normally.
----End
2.2.4 Configuring Static ARP Entries in a VPN Instance
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the Dot1q
termination sub-interface, QinQ termination sub-interface, or VLANIF interface cannot be the
IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and
thus packets cannot be normally forwarded.
NOTE
To configure static ARP for the packets with double tags, run the arp static cevid command. For details,
see the HUAWEI NetEngine80E/40E Router Command Reference - LAN Access and MAN Access.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
arp static ip-address mac-address vpn-instance vpn-instance-name
Configure static ARP entries in a VPN instance.
NOTE
Static ARP entries keep valid when a device works normally.
----End
2-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.2.5 Checking the Configuration
Prerequisite
The configurations of the ARP function are complete.
Procedure
l
Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] [ | { begin | exclude | include } regular-expression ] command to check information
about ARP mapping tables based on interfaces.
l
Run the display arp slot slot-id [ network net-number [ net-mask ] ] [ dynamic | static ]
[ | { begin | exclude | include } regular-expression] command to check information about
ARP mapping tables based on slots.
l
Run the display arp vpn-instance vpn-instance-name slot slot-id [ dynamic | static ] [ |
{ begin | exclude | include } regular-expression ] command to check information about
ARP mapping tables based on VPN instances.
l
Run the display arp statistics { all | slot slot-id } command to check the statistics for ARP
entries.
----End
Example
Run the display arp interface command. If all the ARP entries of the interface are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp interface gigabitethernet 1/0/0
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 15
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp slot command. If all the ARP entries of the interface board are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.12
0000-0a41-0202
I GE1/0/1
r2
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/1
r2
192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:4
Dynamic:2
Static:0
Interface:2
Run the display arp vpn-instance command. If all the ARP entries of the VPN instance are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp vpn-instance r1 slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 12
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Run the display arp statistics { all | slot slot-id } command. If the statistics for ARP entries are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp statistics all
Dynamic:20
Static:10
2.3 Optimizing Dynamic ARP
2.3.1 Establishing the Configuration Task
2.3.2 Modify the aging parameters of dynamic ARP
2.3.3 Enabling ARP Suppression Function
2.3.4 Enabling Layer 2 Topology Detection Function
2.3.5 Checking the Configuration
2.3.1 Establishing the Configuration Task
Applicable Environment
Dynamic ARP is one of functions owned by a device or host. You do not need to run a command
to enable dynamic ARP but you can modify some parameters of dynamic ARP.
Pre-configuration Tasks
None
Data Preparation
Optimizing dynamic ARP, you need the following data.
No.
Data
1
ID of the Ethernet interface or the virtual Ethernet interface to which the dynamic
ARP entry belongs
2
Aging detection times of the dynamic ARP entry
3
Aging time of the dynamic ARP entry
2.3.2 Modify the aging parameters of dynamic ARP
Context
Do as follows on the router:
2-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The Ethernet interface view or the virtual Ethernet interface view is displayed.
Step 3 Run:
arp detect-times detect-times
The number of aging detection times of the dynamic ARP entries is configured.
Step 4 Run:
arp expire-time expire-times
The timeout period for aging dynamic ARP entries is configured.
By default, the aging detection times of the dynamic ARP entries is three, and the aging timeout
period is 1200 seconds.
Step 5 Run:
arp detect-mode unicast
The interface is configured to send ARP Aging Detection packets in unicast mode.
By default, an interface sends ARP Aging Detection packets in broadcast mode.
----End
2.3.3 Enabling ARP Suppression Function
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
arp-suppress enable
ARP suppression is enabled on the current device.
The ARP suppression function can be enabled only on the Eth-Trunk interface, and VLANIF
interface.
By default, ARP suppression is disabled and only VLANIF interfaces are suppressed.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.3.4 Enabling Layer 2 Topology Detection Function
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
l2-topology detect enable
The Layer 2 topology detection function is enabled.
By default, this function is not enabled.
----End
2.3.5 Checking the Configuration
Prerequisite
The configurations of the ARP function are complete.
Procedure
l
Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] [ | { begin | exclude | include } regular-expression ] command to check information
about ARP mapping tables based on interfaces.
l
Run the display arp slot slot-id [ network net-number [ net-mask ] ] [ dynamic | static ]
[ | { begin | exclude | include } regular-expression] command to check information about
ARP mapping tables based on slots.
l
Run the display arp vpn-instance vpn-instance-name slot slot-id [ dynamic | static ] [ |
{ begin | exclude | include } regular-expression ] command to check information about
ARP mapping tables based on VPN instances.
l
Run the display arp statistics { all | slot slot-id } command to check the statistics for ARP
entries.
----End
Example
Run the display arp interface command. If all the ARP entries of the interface are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp interface gigabitethernet 1/0/0
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 15
D-6
GE1/0/0
r1
2-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp slot command. If all the ARP entries of the interface board are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.12
0000-0a41-0202
I GE1/0/1
r2
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/1
r2
192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:4
Dynamic:2
Static:0
Interface:2
Run the display arp vpn-instance command. If all the ARP entries of the VPN instance are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp vpn-instance r1 slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 12
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp statistics { all | slot slot-id } command. If the statistics for ARP entries are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp statistics all
Dynamic:20
Static:10
2.4 Configuring Routed Proxy ARP
This section describes how to configure routed proxy ARP to make different sub-networks
communicate with each other.
2.4.1 Establishing the Configuration Task
2.4.2 Configure an IP Addresses for the Interface
2.4.3 Enabling the Routed Proxy ARP Function
2.4.4 Checking the Configuration
2.4.1 Establishing the Configuration Task
Applicable Environment
The two physical networks of an enterprise are in different subnets of the same IP network, and
are separated by a device. You need to enable the proxy ARP on the device interface connected
to the physical networks. This enables communication between the two networks.
Network IDs of subnet hosts must be the same. You need not configure default gateways for
hosts.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Pre-configuration Tasks
Before configuring routed proxy ARP, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
l
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure routed proxy ARP, you need the following data.
No.
Data
1
Number of the interface to be enabled with routed proxy ARP
2
IP address of the interface to be enabled with routed proxy ARP
2.4.2 Configure an IP Addresses for the Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interfaces supporting routed proxy ARP include GE interfaces, GE sub-interfaces, Ethernet
interfaces, Ethernet sub-interfaces, virtual Ethernet interfaces, VLANIF interfaces, Eth-Trunk
interfaces, and Eth-Trunk sub-interfaces.
Step 3 Run:
ip address ip-address { mask | mask-length }
The interface is configured with an IP address.
The IP address configured for the interface must be in the same network segment with that of
hosts in the LAN connected with this interface.
----End
2.4.3 Enabling the Routed Proxy ARP Function
2-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
arp-proxy enable
By default, the routed proxy ARP function is disabled on the interface.
After routed proxy ARP is enabled, you must reduce the aging time of ARP entries in the host
so that the number of packets received but cannot be forwarded by the device is decreased. To
configure the aging time of ARP entries, run the arp expire-time expire-time command.
----End
2.4.4 Checking the Configuration
Prerequisite
The configurations of the routed proxy ARP function are complete.
Procedure
l
Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] [ | { begin | exclude | include } regular-expression ] command to check information
about ARP mapping tables based on interfaces.
l
Run the display arp slot slot-id [ network net-number [ net-mask ] ] [ dynamic | static ]
[ | { begin | exclude | include } regular-expression] command to check information about
ARP mapping tables based on slots.
l
Run the display arp vpn-instance vpn-instance-name slot slot-id [ dynamic | static ] [ |
{ begin | exclude | include } regular-expression ] command to check information about
ARP mapping tables based on VPN instances.
l
Run the display arp statistics { all | slot slot-id } command to check statistics about ARP
entries.
----End
Example
Run the display arp interface command. If all the ARP entries of the interface are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp interface gigabitethernet 1/0/0
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
INTERFACE
VPN-INSTANCE
2-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 15
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp slot command. If all the ARP entries of the interface board are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.12
0000-0a41-0202
I GE1/0/1
r2
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/1
r2
192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:4
Dynamic:2
Static:0
Interface:2
Run the display arp vpn-instance command. If all the ARP entries of the VPN instance are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp vpn-instance r1 slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 12
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp statistics { all | slot slot-id } command. If statistics about ARP entries are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp statistics all
Dynamic:20
Static:10
2.5 Configuring Proxy ARP Within a VLAN
This section describes how to implement communication between hosts in the same VLAN
configured with user isolation.
2.5.1 Establishing the Configuration Task
2.5.2 Configure an IP Addresses for the Interface
2.5.3 Configuring the VLAN Associated with the Sub-interface
2.5.4 Enabling Proxy ARP Within a VLAN
2.5.5 Checking the Configuration
2.5.1 Establishing the Configuration Task
Applicable Environment
If two users are in the same VLAN but they are isolated from each other, to ensure the two users
can communicate, you need to enable proxy ARP within the VLAN on the interface associated
with the VLAN.
2-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Pre-configuration Tasks
Before configuring proxy ARP within a VLAN, complete the following tasks:
l
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
l
Configuring the VLAN
l
Configuring user isolation in the VLAN
Data Preparation
To configure proxy ARP within a VLAN, you need the following data.
No.
Data
1
Number of the interface to be enabled with proxy ARP in a VLAN
2
IP address of the interface to be enabled with proxy ARP in a VLAN
3
VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN
2.5.2 Configure an IP Addresses for the Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterface-number
Or
interface vlanif vlan-id
The interface view is displayed.
The interfaces supporting routed proxy ARP in a VLAN include VLANIF interfaces, Ethernet
sub-interfaces, GE sub-interfaces, and Eth-Trunk sub-interfaces.
Step 3 Run:
ip address ip-address { mask | mask-length }
The interface is configured with an IP address.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
The IP address configured for the interface must be in the same network segment with that of
hosts in the VLAN associated with this interface.
----End
2.5.3 Configuring the VLAN Associated with the Sub-interface
Context
NOTE
This step is required when you enable proxy ARP in a VLAN on the Ethernet sub-interfaces, GE subinterfaces, or Eth-Trunk sub-interfaces.To enable proxy ARP in a VLAN on the VLANIF interface, skip
this step.
Do as follows on the router that uses sub-interfaces to implement interworking in a VLAN:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterface-number
The sub-interface view is displayed.
Step 3 Run:
vlan-type low-vid [ high-vid ]
The Ethernet sub-interface is encapsulated with 802.1Q and the VLAN ID associated with the
sub-interface is configured.
In the NE80E/40E, one sub-interface can be associated with one VLAN.
By default, the sub-interface is not encapsulated and the associated VLAN ID is not configured.
----End
2.5.4 Enabling Proxy ARP Within a VLAN
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
2-18
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterface-number
Or
interface vlanif vlan-id
The interface view is displayed.
Step 3 Run:
arp-proxy inner-sub-vlan-proxy enable
Proxy ARP within a VLAN is enabled.
----End
2.5.5 Checking the Configuration
Prerequisite
The configurations of the proxy ARP within a VLAN function are complete.
Procedure
l
Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] [ | { begin | exclude | include } regular-expression ] command to check information
about ARP mapping tables based on interfaces.
l
Run the display arp slot slot-id [ network net-number [ net-mask ] ] [ dynamic | static ]
[ | { begin | exclude | include } regular-expression] command to check information about
ARP mapping tables based on slots.
l
Run the display arp vpn-instance vpn-instance-name slot slot-id [ dynamic | static ] [ |
{ begin | exclude | include } regular-expression ] command to check information about
ARP mapping tables based on VPN instances.
l
Run the display arp statistics { all | slot slot-id } command to check statistics about ARP
entries.
----End
Example
Run the display arp interface command. If all the ARP entries of the interface are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp interface gigabitethernet 1/0/0
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 15
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp slot command. If all the ARP entries of the interface board are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.12
0000-0a41-0202
I GE1/0/1
r2
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-19
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/1
r2
192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:4
Dynamic:2
Static:0
Interface:2
Run the display arp vpn-instance command. If all the ARP entries of the VPN instance are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp vpn-instance r1 slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 12
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp statistics { all | slot slot-id } command. If statistics about ARP entries are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp statistics all
Dynamic:20
Static:10
2.6 Configuring Proxy ARP Between VLANs
This section describes how to implement communication between hosts in different VLANs.
2.6.1 Establishing the Configuration Task
2.6.2 Configuring an IP Addresses for the Interface
2.6.3 Configuring the VLAN Associated with the Sub-interface
2.6.4 Enabling Proxy ARP Between VLANs
2.6.5 Checking the Configuration
2.6.1 Establishing the Configuration Task
Applicable Environment
If two users belong to different VLANs and they need to communicate, you need to enable proxy
ARP between VLANs on the sub-interface associated with the VLAN.
Sub-VLANs in a super-VLAN cannot communicate with each other. To solve this problem,
enable proxy ARP between VLANs on the VLANIF interface corresponding to the superVLAN.
Implementing communication between VLANs through proxy ARP occupies fewer resources
than through than through configuring a VLANIF interface for each sub-VLAN.
IP addresses of hosts in a VLAN must be in the same network segment.
Pre-configuration Tasks
Before configuring proxy ARP between VLANs, complete the following tasks:
2-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
l
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
l
Configuring VLAN aggregation
Data Preparation
To configure proxy ARP between VLANs, you need the following data.
No.
Data
1
Number of the interface to be enabled with proxy ARP between VLANs
2
IP address of the interface to be enabled with proxy ARP between VLANs
3
VLAN ID associated with the interface to be enabled with proxy ARP between
VLANs
2.6.2 Configuring an IP Addresses for the Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number.sub-interface-number
Or
interface vlanif vlan-id
The interface view is displayed.
The interfaces supporting routed proxy ARP between VLANs include VLANIF interfaces,
Ethernet sub-interfaces, GE sub-interfaces, and Eth-Trunk sub-interfaces.
Step 3 Run:
ip address ip-address { mask | mask-length }
The interface is configured with an IP address.
The IP address configured for the interface must be in the same network segment with that of
hosts in the VLAN associated with this interface.
----End
2.6.3 Configuring the VLAN Associated with the Sub-interface
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-21
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Context
NOTE
This step is required when you enable proxy ARP between VLANs on the Ethernet sub-interfaces, GE subinterfaces, or Eth-Trunk sub-interfaces. To enable proxy ARP between VLANs on the VLANIF interface,
skip this step.
Do as follows on the router that uses sub-interfaces to implement interworking between VLANs:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterface-number
The sub-interface view is displayed.
Step 3 Run:
vlan-type low-vid [ high-vid ]
The Ethernet sub-interface is encapsulated with 802.1Q and the VLAN ID associated with the
sub-interface is configured.
In the NE80E/40E, one sub-interface can be associated with one VLAN.
By default, the sub-interface is not encapsulated and the associated VLAN ID is not configured.
----End
2.6.4 Enabling Proxy ARP Between VLANs
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number.sub-interface-number
Or
interface vlanif vlan-id
The interface view is displayed.
The interfaces supporting routed proxy ARP between VLANs include Eth-Trunk sub-interfaces,
VLANIF interfaces, Ethernet sub-interfaces,and GE sub-interfaces.
2-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable
Proxy ARP between VLANs is enabled.
----End
2.6.5 Checking the Configuration
Prerequisite
The configurations of Proxy ARP Between VLANs are complete.
Procedure
l
Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] [ | { begin | exclude | include } regular-expression ] command to check information
about ARP mapping tables based on interfaces.
l
Run the display arp slot slot-id [ network net-number [ net-mask ] ] [ dynamic | static ]
[ | { begin | exclude | include } regular-expression ] command to check information about
ARP mapping tables based on slots.
l
Run the display arp vpn-instance vpn-instance-name slot slot-id [ dynamic | static ] [ |
{ begin | exclude | include } regular-expression ] command to check information about
ARP mapping tables based on VPN instances.
l
Run the display arp statistics { all | slot slot-id } command to check statistics about ARP
entries.
----End
Example
Run the display arp interface command. If all the ARP entries of the interface are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp interface gigabitethernet 1/0/0
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 15
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp slot command. If all the ARP entries of the interface board are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display arp slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.12
0000-0a41-0202
I GE1/0/1
r2
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/1
r2
192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 17
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:4
Dynamic:2
Static:0
Interface:2
Run the display arp vpn-instance command. If all the ARP entries of the VPN instance are
displayed, it means that the configuration succeeds. For example:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
<HUAWEI> display arp vpn-instance r1 slot 1
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
-----------------------------------------------------------------------------192.168.1.11
0000-0a41-0201
I GE1/0/0
r1
192.168.1.1
0000-0a41-0200 12
D-6
GE1/0/0
r1
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Run the display arp statistics { all | slot slot-id } command. If statistics about ARP entries are
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display arp statistics all
Dynamic:20
Static:10
2.7 Configuring ARPing-IP
This section describes how to configure ARPing-IP.
2.7.1 Establishing the Configuration Task
2.7.2 Detecting the IP Address by Using the arp-ping ip Command
2.7.1 Establishing the Configuration Task
Applicable Environment
In the LAN, to configure an IP address for a device, you need to use the arp-ping ip command
to check whether this IP address is used by another device in the network.
The arp-ping ip command is mainly used in the maintenance of the deployed Lay 2 features.
For example, in the L2VPN networking, such as the virtual private LAN segment (VPLS) and
virtual private wire service (VPWS) that the Ethernet or VLAN is used to access, you can run
the arp-ping ip command on the PE or CE to check whether the IP address is used by the local
or remote host.
Pre-configuration Tasks
Before configuring ARPing-IP, complete the following tasks:
l
Configuring parameters of the link layer protocol and IP addresses for the interfaces and
ensuring that the status of the link layer protocol on the interfaces is Up.
Data Preparation
To configure ARPing-IP, you need the following data.
No.
Data
1
IP address to be checked
2.7.2 Detecting the IP Address by Using the arp-ping ip Command
2-24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Context
Do as follows on the device:
Procedure
Step 1 Run:
arp-ping ip ip-address [ interface interface-type interface-number [ vlan-id vlanid ] ]
Check whether the IP address is in use.
NOTE
When the specified outgoing interface is a Layer 2 interface, you need to configure vlan-id vlan-id; when
the specified outgoing interface is a Layer 3 interface, you cannot configure vlan-id vlan-id.
The following information is displayed:
l
If the following information is displayed, it means that the IP address is not in use.
[HUAWEI] arp-ping ip 110.1.1.2
ARP-Pinging 110.1.1.2:
Request timed out
Request timed out
Request timed out
The IP address is not used by anyone!
l
If the following information is displayed, it means that the IP address is in use.
[HUAWEI] arp-ping ip 128.1.1.1
ARP-Pinging 128.1.1.1:
128.1.1.1 is used by 00e0-517d-f202
----End
2.8 Configuring ARPing-MAC
This section describes how to configure ARPing-MAC.
2.8.1 Establishing the Configuration Task
2.8.2 Detecting the MAC Address by Using the arp-ping mac Command
2.8.1 Establishing the Configuration Task
Applicable Environment
To check whether a MAC address is in use or query the IP address through the MAC address,
you can use the arp-ping mac command.
Pre-configuration Tasks
Before configuring ARPing-MAC, complete the following tasks:
l
Issue 03 (2010-03-31)
Configuring parameters of the link layer protocol and IP addresses for the interfaces and
ensuring that the status of the link layer protocol on the interfaces is Up.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Data Preparation
To configure ARPing-MAC, you need the following data.
No.
Data
1
MAC address to be checked
2.8.2 Detecting the MAC Address by Using the arp-ping mac
Command
Context
Do as follows on the device:
Procedure
Step 1 Run:
arp-ping mac mac-address { ip-address [ vpn-instance vpn-instance-name ] |
interface interface-type interface-number }
Check whether the MAC address is in use. Alternatively, you can query the IP address through
the MAC address.
The following information is displayed:
l
If the following information is displayed, it means that the MAC address is not in use.
[HUAWEI] arp-ping mac 00e0-517d-f201 interface gigabitethernet 1/0/0
OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-01], press CTRL_C to
break
Request timed out
Request timed out
Request timed out
----- ARP-Ping MAC statistics ----3 packet(s) transmitted
0 packet(s) received
MAC[00-E0-51-7D-F2-01] not be used
l
If the following information is displayed, it means that the MAC address is in use.
[HUAWEI] arp-ping mac 00e0-517d-f202 interface gigabitethernet 1/0/0
OutInterface: GigabitEthernet1/0/0 MAC[00-E0-51-7D-F2-02], press CTRL_C to
break
----- ARP-Ping MAC statistics ----1 packet(s) transmitted
1 packet(s) received
IP ADDRESS
MAC ADDRESS
128.1.1.1
00-E0-51-7D-F2-02
----End
2.9 Configuring the Association Between ARP and Interface
Status
This section describes how to control the protocol status of the interface through ARP probes.
2-26
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.9.1 Establishing the Configuration Task
2.9.2 Configuring the Association Between ARP and Interface Status
2.9.3 (Optional) Adjusting Parameters about the Association Between ARP and Interface Status
2.9.1 Establishing the Configuration Task
Applicable Environment
If transmission devices exist over a link (between devices in the diagram), the actual physical
path is segmented by the transmission devices although communication ends and transmission
devices are directly connected at the network layer. In such a case, if the link or remote end fails,
the local end must take a long time to detect the fault.
To solve the preceding problem, configure the association between the Bidirectional Forwarding
Detection (BFD) status and the interface status. For details, refer to the chapter "BFD
Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability.
For the device that does not support the BFD function, the NE80E/40E provides the ARP and
interface status association function so that local interfaces can correctly judge the forwarding
status of the remote end and change its protocol status accordingly (Up or Down). Fast
convergence of routes is thus triggered.
Figure 2-3 Schematic diagram of transmission device existing between devices
RouterA
RouterB
Pre-configuration Task
Before configuring the association between ARP and interface status, complete the following
tasks:
l
Configuring physical parameters for interfaces to make the physical statuses of interfaces
Up.
l
Configuring link layer parameters and IP addresses for interfaces to make the link protocol
status of interfaces Up.
Data Preparation
To configure the association between ARP and interface status, you need the following data.
Issue 03 (2010-03-31)
No.
Data
1
Destination IP address of an ARP probe packet
2
Interval for sending ARP probe packets
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-27
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
No.
Data
3
Maximum times that no response is received for the continually sent ARP probe
packets before the protocol status of an interface turns Down
4
Probe mode
2.9.2 Configuring the Association Between ARP and Interface
Status
Context
Do as follows on the router to perform probes:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the interface to be enabled with the association between ARP and interface status
is displayed.
NOTE
The association between ARP and interface status can be configured only on Ethernet interfaces, Ethernet
sub-interfaces, Gigabit Ethernet interfaces, and Gigabit Ethernet sub-interfaces.
Step 3 Run:
arp status-detect ip-address
The association between ARP and interface status and the destination IP address of the probe
are configured. The probed IP address must be the IP address of the directly-connected device.
The device to be probed need not be configured.
----End
2.9.3 (Optional) Adjusting Parameters about the Association
Between ARP and Interface Status
Context
Do as follows on the router to perform probes:
2-28
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The view of the interface to be enabled with the association between ARP and interface status
is displayed.
Step 3 Run:
arp status-detect interval detect-interval
The interval for sending ARP probe packets is set.
By default, the interval is 1000 ms.
Step 4 Run:
arp status-detect times detect-times
The maximum times that no response is received for the continually sent ARP probe packets
before the protocol status of an interface turns Down are set.
By default, the maximum times are 3.
Step 5 Run:
arp status-detect mode loose
The probe mode is set to loose.
By default, the probe mode is strict.
l
In loose mode, probe packets are sent only when the protocol status turns Up. The remote
end declares the protocol to be Up when receiving any types of legal ARP packets.
l
In strict mode, probe packets are sent no matter the protocol status is Up or Down. The device
declares the protocol to be Up only when receiving legal ARP response packets.
NOTE
When you configure ARP probe on both ends, configure the strict mode at least on one end. That is, two
ends cannot be configured with the loose mode concurrently. .This is because when the interface on one
end is Down, the protocol status of the remote end turns Down because of a timeout probe. If the probe
mode is set to loose, both ends never send probe packets actively, which results in the deadlock state.
----End
Postrequisite
The device to be probed need not be configured.
2.10 Maintaining ARP
This section describes how to display ARP configurations, clear ARP statistics and debug ARP.
2.10.1 Clearing ARP Statistics
2.10.2 Monitoring Network Operation Status of ARP
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-29
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.10.1 Clearing ARP Statistics
Context
CAUTION
The mapping between the IP and MAC addresses is deleted after you clear ARP statistics. So,
confirm the action before you use the command.
Procedure
Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | slot slot-id |
static } command in the user view to clear the ARP entries in the ARP mapping table.
----End
2.10.2 Monitoring Network Operation Status of ARP
Context
In routine maintenance, you can run the following command in any view to check the operation
of ARP.
Procedure
l
Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] [ | { begin | exclude | include } regular-expression ] command in any view to check
the information about the ARP mapping table based on interfaces.
l
Run the display arp slot slot-id [ network net-number [ net-mask ] ] [ dynamic | static ]
[ | { begin | exclude | include } regular-expression ] command in any view to check the
information about ARP mapping tables based on slots.
l
Run the display arp vpn-instance vpn-instance-name slot slot-id [ dynamic | static ] [ |
{ begin | exclude | include } regular-expression ] command in any view to check the
information about ARP mapping tables based on VPN instances.
----End
2.11 Configuration Examples
This section provides some configurations example, such as Routed Proxy ARP, Proxy ARP
Within a VLAN and Proxy ARP Between VLANs.
2.11.1 Example for Configuring Routed Proxy ARP
2.11.2 Example for Configuring Proxy ARP Within a VLAN
2.11.3 Example for Configuring Proxy ARP Between VLANs
2.11.4 Example for Configuring the Association Between ARP and Interface Status
2-30
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.11.5 Example for Configuring Layer 2 Topology Detection
2.11.1 Example for Configuring Routed Proxy ARP
Networking Requirements
As shown in Figure 2-4, two devices are connected through serial lines. Each device has a GE
1/0/0 interface connecting with a local network. The network segment of the two local networks
is 172.16.0.0/16. No default gateways are specified for Host A and Host B. The device should
be configured with proxy ARP, enabling hosts in two local networks to communicate with each
other.
Figure 2-4 Networking diagram of configuring proxy ARP
Host A
Host B
172.16.1.2/16
0000-5e33-ee20
172.16.2.2/16
0000-5e33-ee10
GE1/0/0
172.16.1.1/24 RouterA
00e0-fc39-80aa
POS2/0/0
172.17.3.1/24
GE1/0/0
RouterB 172.16.2.1/24
00e0-fc39-80bb
POS2/0/0
172.17.3.2/24
Ethernet A
Ethernet B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for interfaces.
2.
Enable proxy ARP on interfaces.
3.
Configure the default routes.
Data Preparation
To complete the configuration, you need the following data:
l
IP address for related interfaces
l
Default routes
l
IP address of the host
Procedure
Step 1 Configure Router A.
# Configure an IP address for GE 1/0/0.
<HUAWEI> system-view
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-31
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 172.16.1.1 255.255.255.0
# Enable proxy ARP.
[RouterA-GigabitEthernet1/0/0] arp-proxy enable
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
# Configure a static route.
[RouterA] ip route-static 0.0.0.0 0 pos 2/0/0 172.17.3.2
# Configure an IP address for POS 2/0/0.
[RouterA] interface pos 2/0/0
[RouterA-Pos2/0/0] ip address 172.17.3.1 255.255.0.0
[RouterA-Pos2/0/0] undo shutdown
[RouterA-Pos2/0/0] quit
Step 2 Configure Router B.
# Configure an IP address for GE 1/0/0.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ip address 172.16.2.1 255.255.255.0
# Enable proxy ARP.
[RouterB-GigabitEthernet1/0/0] arp-proxy enable
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] quit
# Configure a static route.
[RouterB] ip route-static 0.0.0.0 0 pos 2/0/0 172.17.3.1
# Configure an IP address for POS 2/0/0.
[RouterB] interface pos 2/0/0
[RouterB-Pos2/0/0] ip address 172.17.3.2 255.255.0.0
[RouterB-Pos2/0/0] undo shutdown
[RouterB-Pos2/0/0] quit
Step 3 Configure the host.
# Configure the IP address of Host A to 172.16.1.2/16.
# Configure the IP address of Host B to 172.16.2.2/16.
Step 4 Verify the configuration.
# Host A can ping through Host B.
# The ARP table of Host A shows that the MAC address of Host B is the MAC address of
GE1/0/0 on Router A.
C:\Documents and Settings\Administrator> arp -a
Interface: 172.16.1.2 --- 0x2
Internet Address
Physical Address
Type
172.16.2.2
00e0-fc39-80aa
dynamic
----End
2-32
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 172.17.3.1 255.255.255.0
#
ip route-static 0.0.0.0 0 Pos2/0/0 172.17.3.2
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.2.1 255.255.255.0
arp-proxy enable
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 172.17.3.2 255.255.255.0
#
ip route-static 0.0.0.0 0 Pos2/0/0 172.17.3.1
#
return
2.11.2 Example for Configuring Proxy ARP Within a VLAN
Networking Requirements
As shown in Figure 2-5, DSLAM is connected to the sub-interface Eth-Trunk1.10 of the device.
Eth-Trunk1.10 is associated with VLAN 10.
PC A and PC B are two users connected with DSLAM. On DSLAM, the interfaces connected
with PC A and PC B belong to the same VLAN. User isolation in a VLAN is configured on
DSLAM.
To implement communication between PC A and PC B, enable proxy ARP within a VLAN on
Eth-Trunk1.10 of the device.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-33
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Figure 2-5 Networking diagram of configuring proxy ARP in a VLAN
Router
Eth-trunk 1.10(Proxy ARP)
100.1.1.12/24
DSLAM
PC A
PC B
VLAN 10
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure an IP addresses for Eth-Trunk1.10.
2.
Configure the VLAN associated with the sub-interface.
3.
Enable proxy ARP in a VLAN on Eth-Trunk1.10.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of Eth-Trunk1.10
l
VLAN ID associated with Eth-Trunk1.10
Procedure
Step 1 Configure an IP address for Eth-Trunk1.10.
<HUAWEI> system-view
[HUAWEI] sysname router
[router] interface eth-trunk 1
[router-Eth-Trunk] undo shutdown
[router-Eth-Trunk] quit
[router] interface eth-trunk 1.10
[router-Eth-Trunk1.10] ip address 100.1.1.12 255.255.255.0
[router-Eth-Trunk1.10] undo shutdown
[router-Eth-Trunk1.10] quit
Step 2 Configure IP addresses for PCs.
# Configure IP addresses for PCs. The IP addresses must be in the same network segment with
the IP address of Eth-Trunk1.10.
2-34
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
# After the configurations, PCs and the device can ping through each other but PCs cannot ping
through each other.
Step 3 Associate Eth-Trunk1.10 with VLAN 10.
[router] interface eth-trunk 1.10
[router-Eth-Trunk1.10] vlan-type dot1q 10
Step 4 Enable proxy ARP in VLAN 10 on Eth-Trunk1.10.
[router-Eth-Trunk1.10] arp-proxy inner-sub-vlan-proxy enable
[router-Eth-Trunk1.10] quit
Step 5 Verify the configuration.
# PC A and PC B can ping through each other.
----End
Configuration Files
The configuration file of the device is as follows:
#
sysname router
#
interface Eth-Trunk1
undo shutdown
mac-address 00e0-271e-f652
#
interface Eth-Trunk1.10
undo shutdown
vlan-type dot1q 10
ip address 100.1.1.12 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
return
2.11.3 Example for Configuring Proxy ARP Between VLANs
Networking Requirements
As shown in Figure 2-6, VLAN 2 and VLAN 3 compose a super-VLAN, VLAN 4.
The sub-VLANs (VLAN 2 and VLAN 3) cannot ping through each other.
To implement communication between VLAN 2 and VLAN 3, configure proxy ARP between
VLANs.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-35
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Figure 2-6 Networking diagram of configuring proxy ARP between VLANs
RouterA
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure an IP addresses for VLANIF4.
2.
Enable proxy ARP between VLANs on VLANIF4.
Data Preparation
To complete the configuration, you need IP addresses of interfaces.
Procedure
Step 1 Configure an IP address for the VLANIF interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface vlanif 4
[RouterA-Vlanif4] ip address 100.1.1.12 255.255.255.0
[RouterA-Vlanif4] undo shutdown
[RouterA-Vlanif4] quit
Step 2 Configure IP addresses for PCs.
# Configure IP addresses for PCs. The IP addresses must be in the same network segment with
the IP address of VLANIF4.
# After configurations, PCs and the device can ping through each other but PCs in VLAN 2 and
PCs in VLAN 3 cannot ping through each other.
Step 3 Configure proxy ARP between VLANs.
[RouterA] interface vlanif 4
[RouterA-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
[RouterA-Vlanif4] quit
Step 4 Verify the configuration.
2-36
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
l
PCs in VLAN 2 and PCs in VLAN 3 can ping through each other.
l
Check the ARP table on the PC.
# You can find that in the ARP tables of PCs in VLAN 2, the MAC addresses of all PCs in
VLAN 3 are the MAC address of VLANIF4 on the device.
----End
Configuration Files
The configuration file of Router A is as follows:
#
sysname RouterA
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
undo shutdown
ip address 100.1.1.12 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
Return
2.11.4 Example for Configuring the Association Between ARP and
Interface Status
Networking Requirements
As shown in Figure 2-7, two devices are connected through a Layer 2 switch. If a fault occurs
on the GE interface of Router A but the GE interface of Router B is Up because the link between
the switch and Router B works normally. The protocol status of the GE interface of Router B is
also Up. It is required to configure the association between ARP and interface status on Router
B to probe the status of the GE interface of Router A. Router B can then rapidly change its
protocol status according to the interface status change of Router A.
Figure 2-7 Networking diagram of configuring the association between ARP and interface status
GE 1/0/0
10.1.1.1/24
RouterA
GE 1/0/0
10.1.1.2/24
Switch
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 03 (2010-03-31)
Configure an IP address for each interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-37
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
2.
Enable the association between ARP and interface status on the interface.
3.
Adjust parameters about the association between ARP and interface status to optimize
performance.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of the interfaces
l
Destination IP address of an ARP probe packet
l
Interval for sending ARP probe packets
l
Maximum times that no response is received for the continually sent ARP probe packets
before the protocol of an interface turns Down
Procedure
Step 1 Configuring an IP address for each interface
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 24
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] quit
# Ping Router A on Router B. The ping succeeds. Run the display interface command on Router
A and Router B to view statuses of the GE interfaces. You can find that the physical status and
protocol status of the GE interfaces are Up.
[RouterB] ping 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=60 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=100 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=70 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=70 ms
--- 10.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/82/110 ms
[RouterA] display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-12-22, 16:52:54
Description : GigabitEthernet1/0/0 Interface, Route Port
Route Port,The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-5e13-0101
The Vendor PN is SCP6F86-GL-CWH
Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode
2-38
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
WaveLength: 850nm, Transmission Distance: 300m
Rx Power: -8.00dBm, Tx Power: -5.13dBm
Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Receive
Enable and Send Enable
Last physical up time
: 2007-12-22, 16:52:54
Last physical down time : 2007-12-22, 16:52:54
Statistics last cleared:never
Last 300 seconds input rate: 208 bits/sec, 0 packets/sec
Last 300 seconds output rate: 544 bits/sec, 1 packets/sec
Input: 882114 bytes, 10877 packets
Output: 2147780 bytes, 31585 packets
Input:
Unicast: 0 packets, Multicast: 7368 packets
Broadcast: 3509 packets, JumboOctets: 0 packets
CRC: 0 packets, Symbol: 0 packets
Overrun: 0 packets
InRangeLength: 0 packets
LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets
Fragment: 0 packets, Undersized Frame: 0 packets
RxPause: 0 packets
Output:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 31585 packets, JumboOctets: 0 packets
Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets
TxPause: 0 packets
[RouterB] display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-12-22, 16:53:41
Description : GigabitEthernet1/0/0 Interface, Route Port
Route Port,The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.1.1.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-5e13-0100
The Vendor PN is SCP6F86-GL-CWH
Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode
WaveLength: 850nm, Transmission Distance: 300m
Rx Power: -8.00dBm, Tx Power: -5.13dBm
Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Receive
Enable and Send Enable
Last physical up time
: 2007-12-22, 16:53:41
Last physical down time : 2007-12-22, 16:53:41
Statistics last cleared:never
Last 300 seconds input rate: 208 bits/sec, 0 packets/sec
Last 300 seconds output rate: 544 bits/sec, 1 packets/sec
Input: 882114 bytes, 10877 packets
Output: 2147780 bytes, 31585 packets
Input:
Unicast: 0 packets, Multicast: 7368 packets
Broadcast: 3509 packets, JumboOctets: 0 packets
CRC: 0 packets, Symbol: 0 packets
Overrun: 0 packets
InRangeLength: 0 packets
LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets
Fragment: 0 packets, Undersized Frame: 0 packets
RxPause: 0 packets
Output:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 31585 packets, JumboOctets: 0 packets
Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets
Step 2 Run the shutdown command on the GE interface of Router A to simulate a fault.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] shutdown
# Run the display interface command on Router B to view the status of the GE interfaces. You
can find that the physical status and protocol status of the GE interfaces are Up. Router B,
however, cannot ping through Router A.
[RouterB] display interface gigabitethernet 1/0/0
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-39
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-12-22, 16:53:41
Description : GigabitEthernet1/0/0 Interface, Route Port
Route Port,The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.1.1.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-5e13-0100
The Vendor PN is SCP6F86-GL-CWH
Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode
WaveLength: 850nm, Transmission Distance: 300m
Rx Power: -8.00dBm, Tx Power: -5.13dBm
Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Receive
Enable and Send Enable
Last physical up time
: 2007-12-22, 16:53:41
Last physical down time : 2007-12-22, 16:53:41
Statistics last cleared:never
Last 300 seconds input rate: 208 bits/sec, 0 packets/sec
Last 300 seconds output rate: 544 bits/sec, 1 packets/sec
Input: 882114 bytes, 10877 packets
Output: 2147780 bytes, 31585 packets
Input:
Unicast: 0 packets, Multicast: 7368 packets
Broadcast: 3509 packets, JumboOctets: 0 packets
CRC: 0 packets, Symbol: 0 packets
Overrun: 0 packets
InRangeLength: 0 packets
LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets
Fragment: 0 packets, Undersized Frame: 0 packets
RxPause: 0 packets
Output:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 31585 packets, JumboOctets: 0 packets
Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets
[RouterB] ping 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.1.1.1 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
Step 3 Enable the association between ARP and interface status on Router B.
# Specify the IP address of the GE interface of Router A as the destination IP address of the
probe.
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] arp status-detect 10.1.1.1
Step 4 Adjust parameters about the association between ARP and interface status on Router B.
# Set the interval for sending ARP probe packets to 3 seconds.
[RouterB-GigabitEthernet1/0/0] arp status-detect interval 3000
# Set the probe times to five.
[RouterB-GigabitEthernet1/0/0] arp status-detect times 5
[RouterB-GigabitEthernet1/0/0] quit
# After about 15 seconds (three seconds x five times), the GE interface status of Router B is Up
and the protocol status turns Down.
[RouterB]
Sep 16 2007 15:37:45 RouterB %%01IFNET/4/LINK_STATE(l): Line protocol on interfa
2-40
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
ce GigabitEthernet1/0/0 has turned into DOWN state.
[RouterB] display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : DOWN
Description : GigabitEthernet1/0/0 Interface, Route Port
Route Port,The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.1.1.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-5e13-0100
The Vendor PN is SCP6F86-GL-CWH
Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode
WaveLength: 850nm, Transmission Distance: 300m
Rx Power: -8.00dBm, Tx Power: -5.13dBm
Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Receive
Enable and Send Enable
Last physical up time
: 2007-12-22, 16:54:41
Last physical down time : 2007-12-22, 16:53:41
Statistics last cleared:never
Last 300 seconds input rate: 208 bits/sec, 0 packets/sec
Last 300 seconds output rate: 544 bits/sec, 1 packets/sec
Input: 882114 bytes, 10877 packets
Output: 2147780 bytes, 31585 packets
Input:
Unicast: 0 packets, Multicast: 7368 packets
Broadcast: 3509 packets, JumboOctets: 0 packets
CRC: 0 packets, Symbol: 0 packets
Overrun: 0 packets
InRangeLength: 0 packets
LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets
Fragment: 0 packets, Undersized Frame: 0 packets
RxPause: 0 packets
Output:
Unicast: 0 packets, Multicast: 0 packets
Broadcast: 31585 packets, JumboOctets: 0 packets
Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface GigabitEthernet1/0/0
undo shutdown
arp status-detect 10.1.1.1
arp status-detect times 5
arp status-detect interval 3000
ip address 10.1.1.2 255.255.255.0
#
return
2.11.5 Example for Configuring Layer 2 Topology Detection
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-41
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
Networking Requirements
As shown in Figure 2-8, configure VLAN 100 as the default VLAN of the two GE interfaces
on the device enabled with the portswitch function. Configure the IP addresses of the two GE
interfaces based on the figure.
Figure 2-8 Networking diagram of configuring Layer 2 topology detection
GE 1/0/1
GE 1/0/2
VLANIF100
10.1.1.2/24
VLAN100
PC A
10.1.1.1/24
PC B
10.1.1.3/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable portswitch on two GE interfaces and configure them to join VLAN 100 by default.
2.
Enable Layer 2 topology detection and view changes of ARP entries.
Data Preparation
To complete the configuration, you need the following data:
l
Types and numbers of the interfaces to be added to a VLAN
l
IP addresses of the VLANIF interface and the PCs
Procedure
Step 1 Create VLAN 100 and configure VLAN 100 to be the default VLAN of the two GE interfaces
on the device.
# Create VLAN 100 and configure an IP address for the VLANIF interface.
<HUAWEI> system-view
[HUAWEI] sysname router
[router] vlan 100
[router-vlan100] quit
[router] interface vlanif 100
[router-vlanif100] undo shutdown
[router-vlanif100] ip address 10.1.1.2 24
[router-vlanif100] quit
2-42
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
# Configure the two GE interfaces to join VLAN 100 by default.
[router] interface gigabitethernet 1/0/1
[router-GigabitEthernet1/0/1] undo shutdown
[router-GigabitEthernet1/0/1] portswitch
[router-GigabitEthernet1/0/1] port default vlan 100
[router-GigabitEthernet1/0/1] quit
[router] interface gigabitethernet 1/0/2
[router-GigabitEthernet1/0/2] undo shutdown
[router-GigabitEthernet1/0/2] portswitch
[router-GigabitEthernet1/0/2] port default vlan 100
[router-GigabitEthernet1/0/2] quit
Step 2 Enable the Layer 2 topology detection function.
[router] l2-topology detect enable
Step 3 Restart GE 1/0/1 and view changes of ARP entries and aging time.
# View ARP entries on the device. You can find that the device has learnt the MAC address of
the PC.
[router] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPNINSTANCE
VLAN/CEVLAN PVC
----------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.1
00e0-c01a-4901 20
DF6
GE1/0/1
100/10.1.1.3
00e0-de24-bf04 20
DF6
GE1/0/2
100/----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
# Run the shutdown command and then the undoshutdown command on GE 1/0/1 to view the
aging time of ARP entries.
[router] interface gigabitethernet 1/0/1
[router-GigabitEthernet1/0/1] shutdown
[router-GigabitEthernet1/0/1] undo shutdown
[router-GigabitEthernet1/0/1] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 0
DF6
GE1/0/2
100/-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
NOTE
From the preceding display, you can find that the ARP entries learnt from GE 1/0/1 are deleted after GE
1/0/1 is shut down and the aging time of the ARP entries learnt from GE 1/0/2 changes to 0. When the
aging time is 0, the device sends an ARP probe packet for updating ARP entries.
[router-GigabitEthernet1/0/1] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN PVC
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 20
DF6
GE1/0/2
100/---------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2-43
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
2 ARP Configuration
NOTE
After the entry is updated, the aging time restores the default value, 20 minutes.
----End
Configuration Files
The configuration file of router is as follows:
#
sysname router
#
L2-topolgy detect enable
#
vlan 100
#
interface Vlanif100
undo shutdown
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port default vlan 100
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port default vlan 100
#
return
2-44
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
3
DNS Configuration
About This Chapter
This chapter describes the static and dynamic DNS concepts and their configuration steps, along
with typical examples.
3.1 DNS Overview
This section describes the basic principle and concepts of Domain Name System (DNS).
3.2 Configuring DNS
This section describes how to use the domain name to communicate with other devices.
3.3 Maintaining DNS
This section describes how to clear DNS entries and debug DNS.
3.4 Configuration Examples
This section provides a configuration example of DNS.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
3.1 DNS Overview
This section describes the basic principle and concepts of Domain Name System (DNS).
3.1.1 Introduction to DNS
3.1.2 DNS Supported by the NE80E/40E
3.1.1 Introduction to DNS
The Domain Name System (DNS) is a host naming mechanism provided by TCP/IP, with which
hosts can be named in the form of character string. This system assumes a hierarchical naming
structure. It designates a meaningful name for the device in the Internet and associates the name
with the IP address through a domain name resolution server. In this manner, you can use domain
names that are easy to remember instead of memorizing complex IP addresses.
3.1.2 DNS Supported by the NE80E/40E
DNS has two resolution modes: dynamic DNS resolution and static DNS resolution. To resolve
a domain name, the system first uses static DNS resolution. If this mode fails, the system uses
dynamic DNS resolution. To improve resolution efficiency, you can put common domain names
in a static domain name resolution table.
The NE80E/40E supports static resolution and dynamic resolution.
3.2 Configuring DNS
This section describes how to use the domain name to communicate with other devices.
3.2.1 Establishing the Configuration Task
3.2.2 Configuring Static DNS Entries
3.2.3 Configuring Dynamic DNS
3.2.4 Checking the Configuration
3.2.1 Establishing the Configuration Task
Applicable Environment
If local users accessing devices need to communicate with other devices by using domain names,
you can configure DNS on the device. An DNS entry is an mapping between a domain name
and an IP address.
If local users communicate with other devices hardly through the domain name or if the DNS
server is unavailable, configure static DNS. Prior to configuring static DNS, you must know the
mapping between the domain name and the IP address. In case of a change in the mapping, you
must modify the DNS entry manually.
3-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
You can configure dynamic DNS on the device if local users frequently use domain names for
communicating with other devices and the DNS server is available.
Pre-configuration Tasks
Before configuring DNS, complete the following tasks:
l
Configuring physical attributes of the interface and ensuring that the physical layer status
of the interface is Up
l
Configuring parameters of the link layer protocol of the interface and ensuring that the link
layer protocol status of the interface is Up
l
Configuring routes between the local device and the DNS server
l
Configuring the DNS server
Data Preparation
To configure DNS, you need the following data.
No.
Data
1
Domain name and the corresponding IP address in a static DNS entry
2
IP address of a DNS server
3
Domain name or the domain name list of a dynamic DNS entry
3.2.2 Configuring Static DNS Entries
Context
You can configure a maximum of 50 static DNS entries.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ip host host-name ip-address
The IP address corresponding to the host name is configured.
A host name corresponds to only one IP address. When you configure an IP address for a host
for several times, only the IP address configured at the latest is valid. To resolve several host
names, repeat Step 2.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
3.2.3 Configuring Dynamic DNS
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dns resolve
Dynamic domain name resolution is enabled.
Step 3 Run:
dns server ip-address
A DNS server is specified.
Step 4 (Optional) Run:
dns server source-ip source-ip-address
The IP address of the local device is specified.
The local device uses the specified IP address to communicate with the DNS server, which
ensures communication security.
Step 5 Run:
dns domain domain-name
The suffix of the domain name is added.
----End
Postrequisite
The system supports the configuration of a maximum of 6 domain name servers, 1 source
address, and 10 domain name suffixes.
To configure more than one domain name server, repeat Step 3.
To configure more than one domain name suffix, repeat Step 5.
3.2.4 Checking the Configuration
Prerequisite
The configurations of the DNS function are complete.
3-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
Procedure
l
Run the display ip host command to check the information about the static DNS entry
table.
l
Run the display dns server command to check the configurations about DNS servers.
l
Run the display dns domain command to check the configurations about domain name
suffixes.
l
Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.
----End
Example
Run the display ip host command. If static DNS entries including the mappings between host
names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display ip host
Host
Age
Flags
hw
0
static
gww
0
static
Address
10.1.1.1
192.168.1.1
Run the display dns server command. If IP addresses of all domain servers are displayed, it
means that the configuration succeeds. For example:
<HUAWEI> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
172.16.1.1
2
172.16.1.2
IPv6 Dns Servers :
No configured servers.
Run the display dns domain command. If the list of suffixes of domain names is displayed, it
means that the configuration succeeds. For example:
<HUAWEI> display dns domain
No
Domain-name
1
com
2
net
Run the display dns dynamic-host command. If information about the dynamic domain name
cache is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display dns dynamic-host
No Domain-name
IpAddress
1
www.huawei.com
91.1.1.1
2
www.huawei.com.cn
87.1.1.1
TTL
3521
3000
Alias
3.3 Maintaining DNS
This section describes how to clear DNS entries and debug DNS.
3.3.1 Clearing DNS Entries
3.3.2 Monitoring Network Operation Status of DNS
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
3.3.1 Clearing DNS Entries
Context
CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this
command.
Procedure
Step 1 Run the reset dns dynamic-host command in the user view to clear dynamic DNS entries
statistics in the domain name cache.
----End
3.3.2 Monitoring Network Operation Status of DNS
Context
In routine maintenance, you can run the following command in any view to check the operation
of DNS.
Procedure
l
Run the display ip host command to check the information about the static DNS entry
table.
l
Run the display dns server command to check configurations about DNS servers.
l
Run the display dns domain command to check configurations about domain name
suffixes.
l
Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.
----End
3.4 Configuration Examples
This section provides a configuration example of DNS.
3.4.1 Example for Configuring DNS
3.4.1 Example for Configuring DNS
3-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
Networking Requirements
As shown in Figure 3-1, Router A acts as a DNS client, being required to access the host
2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes
"com" and "net".
On Router A, configure static DNS entries of Router B and Router C so that Router A can
communicate with them by using domain names.
Figure 3-1 Networking diagram of DNS
Loopback0
4.1.1.1/32
GE1/0/0 RouterB
1.1.1.2/16
DNS Client
RouterA
GE1/0/1
1.1.1.1/16
Loopback0
4.1.1.2/32
RouterC
GE1/0/0
2.1.1.1/16
GE1/0/1
3.1.1.1/16
GE1/0/0
DNS Server
2.1.1.2/16
3.1.1.2/16
huawei.com
2.1.1.3/16
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure static DNS entries.
2.
Enable DNS resolution.
3.
Configure an IP address for the DNS server.
4.
Configure suffixes of domain names.
Data Preparation
To complete the configuration, you need the following data:
l
Domain names of Router B and Router C
l
IP address of the DNS server
l
Suffixes of domain names
Procedure
Step 1 Configure Router A.
# Configure static DNS entries.
<RouterA> system-view
[RouterA] ip host RouterB 4.1.1.1
[RouterA] ip host RouterC 4.1.1.2
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
# Enable DNS resolution.
[RouterA] dns resolve
# Configure an IP address for the DNS server.
[RouterA] dns server 3.1.1.2
# Configure a domain name suffix "net".
[RouterA] dns domain net
# Configure a domain name suffix "com".
[RouterA] dns domain com
[RouterA] quit
NOTE
To complete DNS resolution, configuring routes from Router A to the DNS server is mandatory. For
procedures for configuring routes, refer to the NE80E/40E Router Configuration Guide - IP Routing.
Step 2 Verify the configuration.
# Run the ping huawei command on Router A to ping the IP address 2.1.1.3. The ping succeeds.
<RouterA> ping huawei.com
Trying DNS server (3.1.1.2)
PING huawei.com (2.1.1.3): 56 data bytes, press CTRL_C to break
Reply from 2.1.1.3: bytes=56 Sequence=1 ttl=126 time=6 ms
Reply from 2.1.1.3: bytes=56 Sequence=2 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=3 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=4 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=5 ttl=126 time=4 ms
--- huawei.com ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms
# Run the display ip host command on Router A to view static DNS entries, including mappings
between host names and IP addresses.
<RouterA> display ip host
Host
Age
RouterB
0
RouterC
0
Flags Address
static 4.1.1.1
static 4.1.1.2
# Run the display dns dynamic-host command on Router A to view dynamic DNS entries in
the domain name cache.
<RouterA> display dns dynamic-host
No Domain-name
IpAddress
1
huawei.com
2.1.1.3
TTL
3579
Alias
NOTE
TTL value in the above display indicates the lifetime of an entry. It is in seconds.
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
ip host RouterB 4.1.1.1
3-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3 DNS Configuration
ip host RouterC 4.1.1.2
#
dns resolve
dns server 3.1.1.2
dns domain net
dns domain com
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.2 255.255.0.0
#
rip 1
network 1.0.0.0
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 2.1.1.1 255.255.0.0
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 1.1.1.1 255.255.0.0
#
interface LoopBack0
ip address 4.1.1.1 255.255.255.255
#
rip 1
network 2.0.0.0
network 1.0.0.0
network 4.0.0.0
#
return
l
Configuration file of Router C
#
sysname RouterC
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 2.1.1.2 255.255.0.0
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 3.1.1.1 255.255.0.0
#
interface LoopBack0
ip address 4.1.1.2 255.255.255.255
#
rip 1
network 2.0.0.0
network 3.0.0.0
network 4.0.0.0
#
return
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
4
DHCP Configuration
About This Chapter
This chapter describes the DHCP fundamentals including DHCP service, DHCP server, and
relay agent. It also includes configuration steps for DHCP Server based on different parameters,
DHCP relay agent, and security functions in DHCP service, along with typical examples.
4.1 DHCP Overview
This section describes the principle and concepts of Dynamic Host Configuration Protocol
(DHCP).
4.2 Configuring the Global Address Pool-based DHCP Server
If a large number of clients need to be assigned with IP addresses, a global address pool-based
DHCP server is usually configured on the network segment where the clients reside. Configuring
a relay agent on the same network segment to forward packets between the clients and DHCP
servers is an alternative method of configuring a global address pool-based DHCP server. In this
manner, the communications between the clients and DHCP servers on other network segments
can be realized. This saves bandwidths and facilitates the centralized management of IP
addresses by the DHCP server.
4.3 Configuring the Interface Address Pool-based DHCP Server
If a few clients need to be assigned with IP addresses, an interface address pool-based DHCP
server is usually configured on the network segment where the clients reside.
4.4 Configuring the Sub-interface Address Pool-based DHCP Server
This section describes how to assign IP addresses by using address pools on Ethernet subinterfaces to reduce repeated configurations.
4.5 Configuring VLANIF Interface Address Pool-based DHCP Server
This section describes how to configure a DHCP server that uses the address pool of the VLANIF
interface.
4.6 Configuring the Security Function for DHCP
This section describes how to enhance the security of the DHCP service.
4.7 Configuring DHCP Relay
This section describes how to enable DHCP relay so that DHCP relay can forward DHCP
requests from local clients to the DHCP server on other networks.
4.8 Maintaining DHCP
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
This section describes how to clear the statistics about DHCP and debug DHCP.
4.9 Configuration Examples
This section provides several configuration examples of the DHCP server and DHCP relay.
4-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
4.1 DHCP Overview
This section describes the principle and concepts of Dynamic Host Configuration Protocol
(DHCP).
4.1.1 Introduction to DHCP
4.1.2 DHCP Supported by the NE80E/40E
4.1.1 Introduction to DHCP
With the rapid growth in network scale and complexity, network configuration becomes more
difficult. The location of hosts changes (such as laptops and wireless network) and the number
of hosts has exceeded that of the available IP addresses. The Dynamic Host Configuration
Protocol (DHCP) is developed to solve these problems.
4.1.2 DHCP Supported by the NE80E/40E
The NE80E/40E supports the following DHCP applications, ensures the security of DHCP
services, and provides the DHCP relay agent function.
l
Global address pool
l
Address pool on the physical interface
l
Address pool on the VLANIF interface
NOTE
The NE80E/40E supports the configuration of the DHCP address pools containing the IP addresses with
31-bit masks. This configuration, however, is not recommended because the IP addresses with 31-bit masks
currently cannot be assigned to users.
4.2 Configuring the Global Address Pool-based DHCP
Server
If a large number of clients need to be assigned with IP addresses, a global address pool-based
DHCP server is usually configured on the network segment where the clients reside. Configuring
a relay agent on the same network segment to forward packets between the clients and DHCP
servers is an alternative method of configuring a global address pool-based DHCP server. In this
manner, the communications between the clients and DHCP servers on other network segments
can be realized. This saves bandwidths and facilitates the centralized management of IP
addresses by the DHCP server.
4.2.1 Establishing the Configuration Task
4.2.2 Configuring the DHCP Global Address Pool
4.2.3 Configure Static IP Address Binding
4.2.4 Configuring DNS Services for the DHCP Client
4.2.5 Configuring NetBIOS Services for the DHCP Client
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
4.2.6 Configuring Egress Gateway for the DHCP Client
4.2.7 Configuring DHCP Self-Defined Options
4.2.8 Assigning IP Addresses in the Global Address Pool to the DHCP Clients on the Specified
Interface
4.2.9 Checking the Configuration
4.2.1 Establishing the Configuration Task
Applicable Environment
In a large network, hosts in the network may not be directly connected with the device through
Ethernet interfaces. To obtain IP addresses from the device dynamically, you need to configure
a global address pool-based DHCP server.
The global address pool-based DHCP server usually works together with the DHCP relay agent.
Pre-configuration Tasks
Before configuring the global address pool-based DHCP server, complete the following tasks:
l
Configuring the interface of the device
l
Configuring the egress gateway for the client
l
(Optional) Configuring the DNS server
l
(Optional) Configuring the NetBIOS server
l
(If the DNS server and the NetBIOS server are not configured, you do not need to configure
the routes.) Configuring the routes to the DNS server and the NetBIOS server
l
(Optional) Configuring the DHCP customized option
Data Preparation
To configure the global address pool-based DHCP server, you need the following data.
4-4
No.
Data
1
Name and the address range of the address pool, which is configured based on the
number of clients
2
Range of the IP addresses that cannot be dynamically assigned to hosts
3
IP addresses and the MAC addresses that need to be bound statically
4
Lease of the IP address
5
(Optional) IP address of the DNS server and the domain name of the DHCP client
6
(Optional) IP address of the NetBIOS server and the NetBIOS node type of the DHCP
client
7
(Optional) Coding of the DHCP self-defined options and the corresponding ASCII
strings or hexadecimal number or IP address
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
4.2.2 Configuring the DHCP Global Address Pool
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp enable
DHCP is enabled.
Step 3 Run:
dhcp server ip-pool pool-name
A DHCP address pool is created and the DHCP address pool view is displayed.
NOTE
Each DHCP server can be configured with a maximum of 128 global address pools.
Step 4 Run:
network ip-address [ mask { mask | mask-length } ]
The address pool range is configured.
NOTE
Currently, an address pool can be configured with only one address segment and the address range is set
through the mask.
NE80E/40E supports the configuration of the DHCP address pools containing the IP addresses with 31bit masks. This configuration, however, is not recommended because the IP addresses with 31-bit masks
currently cannot be assigned to users.
Step 5 Run:
expired { day day [ hour hour [ minute minute ] ] | unlimited }
The lease of the IP addresses dynamically assigned to hosts is configured. By default, the IP
lease is one day.
NOTE
The DHCP server can specify the IP lease for each address pool. The IP lease may vary with address pools.
The addresses in the same DHCP address pool, however, have the same IP lease.
Step 6 Run:
quit
Back to the system view.
Step 7 Run:
dhcp server forbidden-ip start-ip-address [ end-ip-address ]
The range of IP addresses that cannot be dynamically assigned is configured.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
NOTE
After repeatedly running the dhcp server forbidden-ip command, you can configure multiple IP address
segments that cannot be automatically assigned. When using the undo dhcp server forbidden-ip command
to delete the setting, ensure that the specified parameters are consistent with the previously configured
parameters. That is, you cannot delete only partial originally configured addresses.
----End
4.2.3 Configure Static IP Address Binding
Context
Based on the clients' needs, you can adopt either static address binding or dynamic address
assignation. However, you cannot configure the same DHCP address pool with these two modes
at the same time.
Dynamic address distribution needs specification of the address range for assignment, while
static address binding can be regarded as a special DHCP address pool with only one address.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server ip-pool pool-name
A DHCP address pool is created and the DHCP address pool view is displayed.
Step 3 Run:
static-bind ip-address ip-address [ mask { mask | mask-length } ]
Certain IP addresses are statically bound.
NOTE
The NE80E/40E supports the statically bound address pools to be assigned the IP addresses with 31-bit
masks. This configuration, however, is not recommended because the IP addresses with 31-bit masks
currently cannot be assigned to users.
Step 4 Run:
static-bind mac-address mac-address
MAC addresses of certain clients are statically bound.
----End
Postrequisite
Some clients may need fixed IP addresses that are bound with their MAC addresses. When the
client with a specific MAC address uses DHCP to apply for an IP address, the DHCP server
finds out the fixed IP address bound with the MAC address and assigns it to the client.
4-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
NOTE
The static-bind ip-address command must be used together with the static-bind mac-address command.
The new configuration supersedes the previous one when you use the two commands for several times
4.2.4 Configuring DNS Services for the DHCP Client
Context
The configurition is optional.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server ip-pool pool-name
The DHCP address pool view is displayed.
Step 3 Run:
domain-name domain-name
The domain name of the DHCP client is configured.
Step 4 Run:
dns-list ip-address &<1-8>
The IP address of the DNS server of the DHCP client is configured.
----End
Postrequisite
On the DHCP server, designate a domain name for the client per address pool basis.
When a host accesses the Internet by using the domain name, the DNS server resolves the domain
name into an IP address. Therefore, to ensure that the client can successfully access the Internet,
the DHCP server also needs to specify the DNS server address for the client when it assigns IP
addresses.
To perform load balancing and improve the network reliability, you can configure several DNS
servers and egress gateways.
4.2.5 Configuring NetBIOS Services for the DHCP Client
Context
The configurition is optional.
Do as follows on the router:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server ip-pool pool-name
The DHCP address pool view is displayed.
Step 3 Run:
nbns-list ip-address &<1-8>
The IP address of the NetBIOS server of the DHCP client is configured.
Step 4 Run:
netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS node type of the DHCP client is configured.
By default, the node type of the DHCP client is not specified.
----End
Postrequisite
For the client using the OS of Microsoft, Windows Internet Naming Service (WINS) server
provides resolution from the host name to the IP address. This is given to the host that uses
NetBIOS protocol for communication. Most of the Windows clients need to be configured with
WINS.
When a DHCP client communicates in a WAN by adopting the NetBIOS protocol, a mapping
between the host name and the IP address should be set up. The following lists the types of
NetBIOS nodes for obtaining mappings:
l
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
relation by means of broadcast.
l
Type p nodes (p-node): "p" stands for peer-to-peer, namely, type p nodes obtain the
mapping relation by means of communicating with NetBIOS servers.
l
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
l
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
4.2.6 Configuring Egress Gateway for the DHCP Client
Context
Do as follows on the router:
Procedure
Step 1 Run:
4-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
system-view
The system view is displayed.
Step 2 Run:
dhcp server ip-pool pool-name
The DHCP address pool view is displayed.
Step 3 Run:
gateway-list ip-address &<1-8>
The egress gateway of the DHCP client is configured.
When a DHCP client wants to access a server (or host) that is not on the local network, an egress
gateway needs to be configured on the local network.
To perform load balancing and improve the network reliability, you can configure several DNS
servers and egress gateways.
----End
4.2.7 Configuring DHCP Self-Defined Options
Context
NOTE
Configuring DHCP self-defined options are optional. Services, such as DNS on the client, NETBIOS, and
IP lease cannot be configured through this command but through the commands early mentioned.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server ip-pool pool-name
The DHCP address pool view is displayed.
Step 3 Run:
option code { ascii ascii-string | hex hex-string | ip-address ip-address &<1-8> }
The DHCP self-defined options are configured.
----End
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in the Option filed of DHCP response packets.
You need to add the options to the attribute tables of the DHCP servers. For example,
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
l
To configure the IP address of a log server to 10.110.204.1, use the command option 7 ipaddress 10.110.204.1.
l
To configure the TTL of the client packet to 64, use the command option 23 hex 40.
NOTE
Using the option command, you can specify the options to be included in the DHCP response packets.
Before using this command, you need to know the function of each option: Option 77 identifies user types
or applications of DHCP client. Based on User Class in the Option field, the DHCP server selects the proper
address pool and configuration parameters. Option77 usually is configured on the client.
4.2.8 Assigning IP Addresses in the Global Address Pool to the
DHCP Clients on the Specified Interface
Context
Do as follows on the router:
Procedure
l
Assigning IP addresses to the clients on the current interface
1.
Run:
system-view
The system view is displayed.
2.
Perform the following as required.
–
Run:
interface interface-type interface-number
The interface view is displayed.
–
Run:
interface { ethernet | gigabitethernet } interface-number.subinterface-number
The sub-interface view is displayed.
3.
Run:
dhcp select global
The IP addresses in the global address pool are assigned.
NOTE
For the DHCP implementation on the NE80E/40E, the address pool specified for the Ethernet
sub-interface is applied to allocating IP addresses for users in the VLAN.
l
Assigning IP addresses to the clients on multiple interfaces
1.
Run:
system-view
The system view is displayed.
2.
Perform the following as required to specify a global address pool:
–
Run:
dhcp select global interface interface-type interface-number
The global address pool is specified for an interface.
4-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
–
4 DHCP Configuration
Run:
dhcp select global interface { ethernet | gigabitethernet } interfacenumber.sub-interface-number1 [ to { ethernet | gigabitethernet }
interface-number.sub-interface-number2 ]
The global address pool is specified for multiple Ethernet sub-interfaces.
NOTE
If multiple Ethernet sub-interfaces are specified, all sub-interfaces must be on the same
physical interface.
–
Run:
dhcp select global all
The global address pool is specified for all interfaces.
This command is used to specify a global address pool for all the Ethernet interface,
Ethernet sub-interfaces,VLANIF interface, GE interface, and GE sub-interfaces
that are configured with IP addresses.
l
Assigning IP addresses to the clients in VLANs
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp select global vlan vlan-id1 [ to vlan-id2 ] &<1-10>
The IP addresses in the global address pool are assigned.
----End
4.2.9 Checking the Configuration
Prerequisite
The configurations of the global address pool-based DHCP server are complete.
Procedure
l
Run the display dhcp server free-ip command to check the available address information
in the DHCP address pool.
l
Run the display dhcp server expired { all | interface [ interface-type interface-number ]
| ip ip-address | pool [ pool-name ] | vlan vlan-id } command to check the expired lease in
the DHCP address pool.
l
Run the display dhcp server ip-in-use { all | interface [ interface-type interfacenumber ] | ip ip-address | pool [ pool-name ] | vlan vlan-id } command to check the address
binding information.
l
Run the display dhcp server statistics command to check the statistics of DHCP server.
l
Run the display dhcp server tree { all | interface [ interface-type interface-number ] |
pool [ pool-name ] | vlan vlan-id } command to check the information on the tree-structure
of the DHCP address pool.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Example
Run the display dhcp server free-ip command. If there are unused IP addresses in the address
pool, it means that the configuration succeeds.
<HUAWEI>
IP Range
IP Range
IP Range
display dhcp server free-ip
from 5.5.5.1
to
from 202.38.160.1
to
from 202.38.160.4
to
5.5.5.254
202.38.160.1
202.38.160.126
Run the display dhcp server expired command. If information about the expired leases of IP
addresses in DHCP address pools is displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server expired all
Global pool:
IP address
Hardware address
Lease expiration
2.2.2.2
44444-4444-4444
NOT Used
Interface pool:
IP address
Hardware address
Lease expiration
Type
Manual
Type
Run the display dhcp server ip-in-use command. If the binding information of IP address, such
as the hardware address and the IP lease, is displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server ip-in-use all
Global pool:
IP address Hardware address
Lease expiration
2.2.2.2
4444-4444-4444
NOT Used
Interface pool:
IP address Hardware address
Lease expiration
5.5.5.1
0050-ba28-930a Jul 5 2006 13: 00:10 PM
Type
Manual
Type
Auto:COMMITED
Run the display dhcp server statistics command. If statistics of the DHCP server, including
the number of DHCP address pools, the number of the automatic binding, the manual binding
and the expired binding and the number of DHCP packets is displayed, it means that the
configuration succeeds.
<HUAWEI> display dhcp
Global Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Interface Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Boot Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Dhcp Inform:
Boot Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:
HA Message:
BatchBackup send
BatchBackup recv
BatchBackup send
BatchBackup recv
4-12
server statistics
5
0
1
0
1
1
0
0
6
1
4
0
1
0
4
1
3
0
0
msg:
msg:
lease:
lease:
0
0
0
0
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Run the display dhcp server tree command. If the tree structure of the DHCP address pool,
including DNS, the IP lease and Option parameters, is displayed, it means that the configuration
succeeds.
<HUAWEI> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 gigabitethernet
Parent node:5
option 1 ip-address 255.255.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Interface pool:
Pool name: GigabitEthernet11/2/0
network 5.5.5.0 mask 255.255.255.0
option 1 ip-address 255.255.255.0
gateway-list 5.5.5.5
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
4.3 Configuring the Interface Address Pool-based DHCP
Server
If a few clients need to be assigned with IP addresses, an interface address pool-based DHCP
server is usually configured on the network segment where the clients reside.
4.3.1 Establishing the Configuration Task
4.3.2 Configuring the Interface Address Pool
4.3.3 Configuring DNS on the Interface Address Pool
4.3.4 Configuring NetBIOS on the Interface Address Pool
4.3.5 Configuring DHCP Self-Defined Options
4.3.6 Checking the Configuration
4.3.1 Establishing the Configuration Task
Applicable Environment
In a small network, some hosts are connected to a device through the Ethernet interface. You
can configure the DHCP server on the Ethernet interface of the device. This will enable the hosts
to obtain IP addresses from the router dynamically.
For the interface address pool-based DHCP server, single address pool and egress gateway need
not be configured. After you configure an IP address on the Ethernet interface of the device, all
the addresses of the network segment which this IP address is on are assignable and this IP
address is also the address of the egress gateway of this network segment.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Pre-configuration Tasks
Before configuring the interface address pool-based DHCP server, complete the following tasks:
l
Configuring the Ethernet interface of the device
l
(Optional) Configuring the DNS server
l
(Optional) Configuring the NetBIOS server
l
(If the DNS server and the NetBIOS server are not configured, you do not need to configure
the routes.) Configuring the routes to the DNS server and the NetBIOS server
l
(Optional) Configuring the DHCP customized option
Data Preparation
To configure the interface address pool-based DHCP server, you need the following data.
No.
Data
1
Number, IP address and the subnet mask of the Ethernet interface of the device
2
IP addresses and the MAC addresses that need to be bound statically
3
Lease of the IP address (It can be some days, hours, or minutes)
4
(Optional) IP address of the DNS server and the domain name of the DHCP client
5
(Optional) IP address of the NetBIOS server and the NetBIOS node type of the DHCP
client
6
(Optional) Coding of the DHCP self-defined options and the corresponding ASCII
strings or hexadecimal number or IP address
4.3.2 Configuring the Interface Address Pool
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp enable
DHCP is enabled.
Step 3 Run:
interface interface-type interface-number
4-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
The Ethernet interface view is displayed.
Step 4 Run:
ip address ip-address { mask | mask-length }
The IP address of the interface is configured.
The address pool on an interface actually is the network segment to which the interface belongs,
and such an interface address pool takes effect only on this interface.
NOTE
You can configure address pools on GE interfaces, GE sub-interfaces, Eth-Trunk interfaces, Ethernet
interfaces, Ethernet sub-interfaces, VE interfaces, and VLANIF interfaces.NE80E/40E supports the
address pools on these interfaces to be assigned the IP addresses with 31-bit masks. This configuration,
however, is not recommended because the IP addresses with 31-bit masks currently cannot be assigned to
users.
Step 5 Run:
dhcp select interface
The interface address pool is enabled.
Step 6 Run:
dhcp server static-bind ip-address ip-address mac-address mac-address
Certain IP addresses and MAC addresses are bound with the address pool.
Step 7 Perform the following as required.
l
To configure the IP lease, run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
By default, the IP lease is one day.
l
To configure the IP lease of an interface, run the quit command to return to the system view.
Then run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
interface interface-type interface-number
The lease of the IP address of an interface is configured.
By default, the IP lease is one day.
----End
Postrequisite
The interface address pool has a higher priority than the global address pool. If an address pool
is configured on an interface, clients obtain IP addresses preferentially from the interface address
pool though a global address pool is configured.
Similarly, although a global address pool and the IP lease have been configured on a device and
clients have obtained IP addresses from the global address pool, the leases of IP addresses in the
global address pool are deleted once the interfaces connecting the device to the clients are
configured with address pools in the same network segment with the global address pool. Then
after the leases of the IP addresses obtained from the global address pool expire, the clients
obtain IP addresses preferentially from the interface address pool.
4.3.3 Configuring DNS on the Interface Address Pool
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Context
The configurition is optional.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
dhcp server domain-name domain-name
The domain name of the DHCP client is configured.
Step 4 Run:
dhcp server dns-list ip-address &<1-8>
The IP address of the DNS server is specified for the DHCP client.
----End
4.3.4 Configuring NetBIOS on the Interface Address Pool
Context
The configurition is optional.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
dhcp server nbns-list ip-address &<1-8>
The IP address of the NetBIOS server is specified for the DHCP client.
Step 4 Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS node type of the DHCP client is configured.
4-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
By default, the NetBIOS node type is not specified for the DHCP client.
----End
Postrequisite
For the client using the OS of Microsoft, WINS server provides the resolution from the host
name to the IP address for the host that uses the NetBIOS protocol to communicate. In this way,
most of the Windows network clients need to be configured with WINS.
When a DHCP client communicates in a WAN, by adopting NetBIOS protocol, a mapping
between the host name and the IP address should be set. The types of NetBIOS nodes for
obtaining mappings are as follows:
l
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
relation by means of broadcast.
l
Type p nodes (p-node): "p" stands for peer-to-peer; that is, type p nodes obtain the mapping
relation by means of communicating with NetBIOS servers.
l
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
l
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
4.3.5 Configuring DHCP Self-Defined Options
Context
NOTE
Configuring DHCP self-defined options is optional. Services, such as DNS on the client, NETBIOS and
IP lease cannot be configured through this command but through the related command described above.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ipaddress &<1-8> }
The DHCP self-defined options are configured.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in Option filed of DHCP response packets.
You can add new options to the attribute list of the DHCP server by manual definition. For
example,
l
To configure the IP address of the log server to 10.110.204.1, run the dhcp server option
7 ip-address 10.110.204.1 command.
l
To configure the TTL of the client packet to 64, run the dhcp server option 23 hex 40
command.
4.3.6 Checking the Configuration
Prerequisite
The configurations of the interface address pool-based DHCP server are complete.
Procedure
l
Run the display dhcp server free-ip command to check the available address information
in the DHCP address pool.
l
Run the display dhcp server expired { all | interface [ interface-type interface-number ]
| ip ip-address | pool [ pool-name ] | vlan vlan-id } command to check the expired lease in
the DHCP address pool.
l
Run the display dhcp server ip-in-use { all | interface [ interface-type interfacenumber ] | ip ip-address | pool [ pool-name ] | vlan vlan-id } command to check the address
binding information.
l
Run the display dhcp server statistics command to check the statistics of DHCP server.
l
Run the display dhcp server tree { all | interface [ interface-type interface-number ] |
pool [ pool-name ] | vlan vlan-id } command to check the information on the tree-structure
of the DHCP address pool.
----End
Example
Run the display dhcp server free-ip command. If there are unused IP addresses in the address
pool, it means that the configuration succeeds.
<HUAWEI>
IP Range
IP Range
IP Range
display dhcp server free-ip
from 5.5.5.1
to
from 202.38.160.1
to
from 202.38.160.4
to
5.5.5.254
202.38.160.1
202.38.160.126
Run the display dhcp server expired command. If information about the expired leases of IP
addresses in DHCP address pools is displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server expired all
Global pool:
IP address
Hardware address
Lease expiration
2.2.2.2
44444-4444-4444
NOT Used
Interface pool:
IP address
Hardware address
Lease expiration
4-18
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Type
Manual
Type
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Run the display dhcp server ip-in-use command. If the binding information of IP address, such
as the hardware address and the IP lease, is displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server ip-in-use all
Global pool:
IP address Hardware address
Lease expiration
2.2.2.2
4444-4444-4444
NOT Used
Interface pool:
IP address Hardware address
Lease expiration
5.5.5.1
0050-ba28-930a Jul 5 2006 13: 00:10 PM
Type
Manual
Type
Auto:COMMITED
Run the display dhcp server statistics command. If statistics of the DHCP server, including
the number of DHCP address pools, the number of the automatic binding, the manual binding
and the expired binding and the number of DHCP packets is displayed, it means that the
configuration succeeds.
<HUAWEI> display dhcp
Global Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Interface Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Boot Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Dhcp Inform:
Boot Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:
HA Message:
BatchBackup send
BatchBackup recv
BatchBackup send
BatchBackup recv
server statistics
5
0
1
0
1
1
0
0
6
1
4
0
1
0
4
1
3
0
0
msg:
msg:
lease:
lease:
0
0
0
0
Run the display dhcp server tree command. If the tree structure of the DHCP address pool,
including DNS, the IP lease and Option parameters, is displayed, it means that the configuration
succeeds.
<HUAWEI> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 gigabitethernet
Parent node:5
option 1 ip-address 255.255.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Interface pool:
Pool name: GigabitEthernet11/2/0
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-19
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
network 5.5.5.0 mask 255.255.255.0
option 1 ip-address 255.255.255.0
gateway-list 5.5.5.5
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
4.4 Configuring the Sub-interface Address Pool-based
DHCP Server
This section describes how to assign IP addresses by using address pools on Ethernet subinterfaces to reduce repeated configurations.
4.4.1 Establishing the Configuration Task
4.4.2 Enabling Address Pools on Sub-interfaces
4.4.3 Configuring Address Pools on Ethernet Sub-interfaces
4.4.4 Configuring DNS on Address Pools of Sub-interfaces
4.4.5 Configuring NetBIOS on Address Pools of Sub-interfaces
4.4.6 Configuring the DHCP Self-Defined Options for Address Pools of Sub-interfaces
4.4.7 Checking the Configuration
4.4.1 Establishing the Configuration Task
Applicable Environment
For the interface address pool-based DHCP server, single address pool and egress gateway need
not be configured. After you configure an IP address on the Ethernet interface of the device, all
the addresses of the network segment which this IP address is on are assignable and this IP
address is also the address of the egress gateway of this network segment.
In the NE80E/40E, Ethernet sub-interfaces are applied only to implementing communication
between different VLANs. Therefore, to configure a DHCP server that is based on the address
pool on the Ethernet sub-interface, encapsulate the sub-interface with 802.1Q first.
Pre-configuration Tasks
Before configuring the sub-interface address pool-based DHCP server, complete the following
tasks:
4-20
l
Configuring the Ethernet sub-interfaces of the device
l
(Optional) Configuring the DNS server
l
(Optional) Configuring the NetBIOS server
l
(If the DNS server and the NetBIOS server are not configured, you do not need to configure
the routes.) Configuring the routes to the DNS server and the NetBIOS server
l
(Optional) Configuring the DHCP customized option
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Data Preparation
To configure the sub-interface address pool-based DHCP server, you need the following data.
No.
Data
1
Number, IP address and the subnet mask of the Ethernet sub-interface of the device
2
IP addresses and the MAC addresses that need to be bound statically
3
Lease of the IP address (It can be some days, hours, or minutes)
4
(Optional) IP address of the DNS server and the domain name of the DHCP client
5
(Optional) IP address of the NetBIOS server and the NetBIOS node type of the DHCP
client
6
(Optional) Coding of the DHCP self-defined options and the corresponding ASCII
strings or hexadecimal number or IP address
4.4.2 Enabling Address Pools on Sub-interfaces
Context
Do as follows on the DHCP server:
Procedure
l
Enabling address pools in the sub-interface view
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number.sub-interface-number
The Ethernet sub-interface view is displayed.
3.
Run:
ip address ip-address { mask | mask-length }
The IP address of the Ethernet sub-interface is displayed.
4.
Run:
dhcp select interface
The address pool on the sub-interface is enabled to allocate IP addresses to clients.
l
Enabling address pools on one sub-interface or multiple sub-interfaces in the system view
1.
Run:
system-view
The system view is displayed.
2.
Issue 03 (2010-03-31)
Perform the following as required:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-21
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
–
Run:
dhcp select interface interface interface-type interface-number.subinterface-number
The address pool on one sub-interface is enabled to allocate IP addresses to clients.
–
Run:
dhcp select interface interface interface-type interface-number.subinterface-number1 to interface-type interface-number.sub-interfacenumber2
The address pools on multiple sub-interfaces are enabled to allocate IP addresses
to clients.
NOTE
Before configuring this command, you need to create sub-interfaces and configure IP addresses
for them.
Running this command in the system view equals configuring the dhcp select interface
command in each sub-interface view.
----End
4.4.3 Configuring Address Pools on Ethernet Sub-interfaces
Context
Do as follows on the DHCP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp enable
DHCP is enabled.
Step 3 Run:
interface interface-type interface-number.sub-interface-number
The Ethernet sub-interface view is displayed.
Step 4 Run:
vlan-type vlan-id1 [ vlan-id2 ]
The sub-interface is encapsulated with 802.1Q.
Step 5 Run:
dhcp server static-bind ip-address ip-address mac-address mac-address
Certain IP addresses and MAC addresses are bound with the address pool.
Step 6 The following steps are optional, so perform them as required.
Run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
4-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
The IP lease of the sub-interface is configured. By default, the IP lease is one day.
Or
Run:
quit
Return to the system view.
Run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
{ interface interface-type interface-number.sub-interface-number1 [ to interfacetype interface-number.sub-interface-number2 ] | all }
The leases of the IP addresses of several sub-interfaces are configured. By default, the IP lease
is one day.
----End
Postrequisite
The IP address and its mask of the Ethernet sub-interface determine the range of the sub-interface
address pool. If you need to configure the address pool for multiple Ethernet sub-interfaces,
repeat Steps 3, 4, 5, and 6.
4.4.4 Configuring DNS on Address Pools of Sub-interfaces
Context
The configurition is optional.
Do as follows on the DHCP server:
Procedure
l
Configuring DNS on sub-interfaces
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number.sub-interface-number
The Ethernet sub-interface view is displayed.
3.
Run:
dhcp server domain-name domain-name
Domain names are configured for the clients of the sub-interface.
4.
Run:
dhcp server dns-list ip-address &<1-8>
The IP address of the DNS server is specified for the clients of the sub-interface.
l
Configuring DNS on one or multiple sub-interfaces
1.
Issue 03 (2010-03-31)
Run:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
system-view
The system view is displayed.
2.
Run:
dhcp server domain-name domain-name { all | interface interface-type
interface-number sub-interface-number1 [ to interface-type interfacenumber.sub-interface-number2 ] }
The domain name of the DHCP client is configured.
3.
Run:
dhcp server dns-list ip-address &<1-8> { all | interface interface-type
interface-number sub-interface-number1 [ to interface-type interfacenumber.sub-interface-number2 ] }
The IP address of the DNS server is specified for the DHCP client.
----End
4.4.5 Configuring NetBIOS on Address Pools of Sub-interfaces
Context
The configurition is optional.
Do as follows on the DHCP server:
Procedure
l
Configuring NetBIOS on sub-interfaces
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number.sub-interface-number
The sub-interface view is displayed.
3.
Run:
dhcp server nbns-list ip-address &<1-8>
The IP address of the NetBIOS server is specified for the DHCP clients of the subinterface.
4.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS node type is specified for the DHCP clients of the sub-interface.
l
Configuring NetBIOS on one or multiple sub-interfaces
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp server nbns-list ip-address &<1-8> { all | interface interface-type
interface-number.sub-interface-number1 [ to interface-type interfacenumber.sub-interface-number2 ] }
4-24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
The IP address of the NetBIOS server is specified on the DHCP client.
3.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node } { all |
interface interface-type interface-number.sub-interface-number1 [ to
interface-type interface-number.sub-interface-number2 ] }
The NetBIOS node type is specified for the DHCP client.
By default, the node type of the client is not specified.
----End
Postrequisite
For the client using the OS of Microsoft, WINS server provides the resolution from the host
name to the IP address. This is given to the host that uses the NetBIOS protocol to communicate.
Thus, most of the Windows network clients need to be configured with WINS.
When a DHCP client communicates in a WAN by adopting the NetBIOS protocol, a mapping
between the host name and the IP address should be set up. There are four types of NetBIOS
nodes for obtaining mappings:
l
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
by means of broadcast.
l
Type p nodes (p-node): "p" stands for peer-to-peer; that is, type p nodes obtain the mapping
relation by means of communicating with NetBIOS servers.
l
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
l
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
4.4.6 Configuring the DHCP Self-Defined Options for Address
Pools of Sub-interfaces
Context
NOTE
Configuring DHCP self-defined options is optional. Services, such as DNS on the client, NETBIOS and
IP lease cannot be configured through this command but through the related command described above.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ipaddress &<1-8>} { all | interface interface-type interface-number.sub-interfacenumber1 [ to interface-type interface-number.sub-interface-number2 ] }
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
The DHCP self-defined options are configured.
----End
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in Option filed of DHCP response packets.
You can add new options to the attribute list of the DHCP server by manual definition. For
example,
l
To configure the IP address of the log server to 10.110.204.1, run the dhcp server option
7 ip-address 10.110.204.1 command.
l
To configure the TTL of the client packet to 64, run the dhcp server option 23 hex 40
command.
NOTE
Using the option command, you can specify the options that need be included in the DHCP response
packets.
Before using this command, you need to know the function of each option: Option 77 identifies user types
or applications of the DHCP client. Based on User Class in the Option field, the DHCP server selects the
proper address pool and configuration parameters. Option77 usually is configured on the client.
4.4.7 Checking the Configuration
Prerequisite
The configurations of the sub-interface address pool-based DHCP server are complete.
Procedure
l
Run the display dhcp server free-ip command to check the available address information
in the DHCP address pool.
l
Run the display dhcp server expired { all | interface [ interface-type interface-number ]
| ip ip-address | pool [ pool-name ] | vlan vlan-id } command to check the expired lease in
the DHCP address pool.
l
Run the display dhcp server ip-in-use { all | interface [ interface-type interfacenumber ] | ip ip-address | pool [ pool-name ] | vlan vlan-id } command to check the address
binding information.
l
Run the display dhcp server statistics command to check the statistics of DHCP server.
l
Run the display dhcp server tree { all | interface [ interface-type interface-number ] |
pool [ pool-name ] | vlan vlan-id } command to check the information on the tree-structure
of the DHCP address pool.
----End
Example
Run the display dhcp server free-ip command. If there are unused IP addresses in the address
pool, it means that the configuration succeeds.
<HUAWEI> display dhcp server free-ip
4-26
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
IP Range from 5.5.5.1
IP Range from 202.38.160.1
IP Range from 202.38.160.4
to
to
to
5.5.5.254
202.38.160.1
202.38.160.126
Run the display dhcp server expired command. If information about the expired leases of IP
addresses in DHCP address pools is displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server expired all
Global pool:
IP address
Hardware address
Lease expiration
2.2.2.2
44444-4444-4444
NOT Used
Interface pool:
IP address
Hardware address
Lease expiration
Type
Manual
Type
Run the display dhcp server ip-in-use command. If the binding information of IP address, such
as the hardware address and the IP lease, is displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server ip-in-use all
Global pool:
IP address Hardware address
Lease expiration
2.2.2.2
4444-4444-4444
NOT Used
Interface pool:
IP address Hardware address
Lease expiration
5.5.5.1
0050-ba28-930a Jul 5 2006 13: 00:10 PM
Type
Manual
Type
Auto:COMMITED
Run the display dhcp server statistics command. If statistics of the DHCP server, including
the number of DHCP address pools, the number of the automatic binding, the manual binding
and the expired binding and the number of DHCP packets is displayed, it means that the
configuration succeeds.
<HUAWEI> display dhcp
Global Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Interface Pool:
Pool Number:
Binding
Auto:
Manual:
Expire:
Boot Request:
Dhcp Discover:
Dhcp Request:
Dhcp Decline:
Dhcp Release:
Dhcp Inform:
Boot Reply:
Dhcp Offer:
Dhcp Ack:
Dhcp Nak:
Bad Messages:
HA Message:
BatchBackup send
BatchBackup recv
BatchBackup send
BatchBackup recv
server statistics
5
0
1
0
1
1
0
0
6
1
4
0
1
0
4
1
3
0
0
msg:
msg:
lease:
lease:
0
0
0
0
Run the display dhcp server tree command. If the tree structure of the DHCP address pool,
including DNS, the IP lease and Option parameters, is displayed, it means that the configuration
succeeds.
<HUAWEI> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 255.255.255.0
Child node:6
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-27
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 gigabitethernet
Parent node:5
option 1 ip-address 255.255.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Interface pool:
Pool name: GigabitEthernet11/2/0
network 5.5.5.0 mask 255.255.255.0
option 1 ip-address 255.255.255.0
gateway-list 5.5.5.5
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
4.5 Configuring VLANIF Interface Address Pool-based
DHCP Server
This section describes how to configure a DHCP server that uses the address pool of the VLANIF
interface.
4.5.1 Establishing the Configuration Task
4.5.2 Enabling Address Pools on VLANIF Interfaces
4.5.3 Configuring the Address Pool on the VLANIF Interface
4.5.4 Configuring DNS on the Address Pool of the VLANIF Interface
4.5.5 Configuring NetBIOS on the Address Pool of the VLANIF Interface
4.5.6 Configuring DHCP Self-Defined Options for the Address Pool of the VLANIF Interface
4.5.7 Checking the Configuration
4.5.1 Establishing the Configuration Task
Applicable Environment
The interface address pool on the VLANIF interface, is used for devices to support the switched
Ethernet interface. Because the switched Ethernet interface cannot be configured with IP
addresses directly, you need to create a VLANIF interface and then configure DHCP address
pools on the VLANIF interface.
Pre-configuration Tasks
Before configuring the VLANIF interface address pool-based DHCP server, complete the
following tasks:
4-28
l
Creating a VLANIF interface
l
(Optional) Configuring the DNS server
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
l
(Optional) Configuring the NetBIOS server
l
(If the DNS server and the NetBIOS server are not configured, you do not need to configure
the routes.) Configuring routes to the DNS server and the NetBIOS server
l
(Optional) Configuring the DHCP customized option
Data Preparation
To configure the VLANIF interface address pool-based DHCP server, you need the following
data.
No.
Data
1
Number, IP address and subnet mask of the VLANIF interface
2
IP addresses in the address pools of VLANIF interface and the MAC addresses to be
bound with the IP addresses
3
Lease of the IP address (It can be some days, hours, or minutes)
4
(Optional) IP address of the DNS server and the domain name of the DHCP client
5
(Optional) IP address of the NetBIOS server and the NetBIOS node type of the DHCP
client
6
(Optional) Coding of the DHCP self-defined options and the corresponding ASCII
strings or hexadecimal number or IP address
4.5.2 Enabling Address Pools on VLANIF Interfaces
Context
Do as follows on the DHCP server:
Procedure
l
Enabling address pools in the VLANIF interface view
1.
Run:
system-view
The system view is displayed.
2.
Run:
vlan vlan-id
A VLAN is created.
3.
Run:
quit
Back to the system view.
4.
Run:
interface vlanif vlan-id
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-29
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
The VLANIF interface is displayed.
5.
Run:
ip address ip-address { mask | mask-length }
The IP address of the VLANIF interface is configured.
6.
Run:
dhcp select interface
The address pool on the VLANIF interface is enabled.
l
Enabling address pools on one VLANIF interface or multiple VLANIF interfaces in the
system view
1.
Run:
system-view
The system view is displayed.
2.
Run:
vlan vlan-id
A VLAN is created.
3.
Run:
quit
Back to the system view.
4.
Run:
interface vlanif vlan-id
The VLANIF interface is displayed.
5.
Run:
ip address ip-address { mask | mask-length }
The IP address of the VLANIF interface is configured.
6.
Run:
quit
Back to the system view.
7.
Run:
dhcp select interface vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
The address pool on the specified VLANIF interface is enabled.
NOTE
Running this command in the system view equals configuring the dhcp select interface
command in each VLANIF interface view.
----End
4.5.3 Configuring the Address Pool on the VLANIF Interface
Context
Do as follows on the DHCP server:
4-30
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp enable
DHCP is enabled.
Step 3 Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.
Step 4 Run:
dhcp select interface
The address pool on the interface is enabled.
Step 5 Run:
dhcp server static-bind ip-address ip-address mac-address mac-address
Certain IP addresses and MAC addresses are bound with the address pool.
Step 6 The following steps are optional, so perform them as required.
l
If you want to configure the IP lease for the local VLANIF interface, do as follows.
Run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
The IP lease of the VLANIF interface is configured. By default, the IP lease is one day.
l
If you want to configure the IP lease for several VLANIF interface, do as follows.
Run:
quit
Return to the system view.
Run:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
The leases of the IP addresses of several VLANIF interfaces are configured. By default, the
IP lease is one day.
----End
Postrequisite
The IP address and its mask of the VLANIF interface determine the range of the address pool
on the VLANIF interface. If you need to configure several address pools for VLANIF interfaces,
repeat Steps 3, 4, 5, and 6.
4.5.4 Configuring DNS on the Address Pool of the VLANIF
Interface
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-31
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Context
The configurition is optional.
Do as follows on the DHCP server:
Procedure
l
Configuring DNS on VLANIF interfaces
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface vlanif vlan-id
The VLAIF interface view is displayed.
3.
Run:
dhcp server domain-name domain-name
Domain names are configured for the clients of the VLANIF interface.
4.
Run:
dhcp server dns-list ip-address &<1-8>
The IP address of the DNS server is specified for the clients of the VLANIF interface.
l
Configuring DNS on one or multiple VLANIF interfaces
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp server domain-name domain-name vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The domain name of the DHCP client is configured.
3.
The following steps are optional, so perform them as required.
Run:
dhcp server dns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The IP address of the DNS server is specified for the DHCP client.
----End
4.5.5 Configuring NetBIOS on the Address Pool of the VLANIF
Interface
Context
The configurition is optional.
Do as follows on the DHCP server:
4-32
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Procedure
l
Configuring NetBIOS on VLANIF interfaces
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.
3.
Run:
dhcp server nbns-list ip-address &<1-8>
The IP address of the NetBIOS server is specified for the DHCP clients of the VLANIF
interface.
4.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
The NetBIOS node type is specified for the DHCP clients of the VLANIF interface.
l
Configuring NetBIOS on one or multiple VLANIF interfaces
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp server nbns-list ip-address &<1-8> vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10>
The IP address of the NetBIOS server is specified for the DHCP client.
3.
Run:
dhcp server netbios-type { b-node | h-node | m-node | p-node } vlan { vlanid1 [ to vlan-id2 ] } &<1-10>
The NetBIOS node type is specified for the DHCP client.
By default, the node type of the client is not specified.
----End
Postrequisite
Before using the NetBIOS service, make sure that
l
The NetBIOS server is configured correctly
l
There are routes between the device and the NetBIOS server.
For the client using the OS of Microsoft, WINS server provides the resolution from the host
name to the IP address for the host that uses the NetBIOS protocol to communicate. In this way,
most of the Windows network clients need to be configured with WINS.
When a DHCP client communicates on a WAN, by adopting NetBIOS protocol, a mapping
between the host name and the IP address should be set up. The types of NetBIOS nodes for
obtaining mappings are as follows:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-33
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
l
Type b nodes (b-node): "b" stands for broadcast; that is, type b nodes obtain the mapping
relation by means of broadcast.
l
Type p nodes (p-node): "p" stands for peer-to-peer; that is, type p nodes obtain the mapping
relation by means of communicating with NetBIOS servers.
l
Type m nodes (m-node): "m" stands for mixed. Type m nodes are the type p nodes owning
part of the broadcasting features.
l
Type h nodes (h-node): "h" stands for hybrid. Type h nodes are type b nodes owning the
"peer-to-peer" communicating mechanism.
4.5.6 Configuring DHCP Self-Defined Options for the Address
Pool of the VLANIF Interface
Context
NOTE
Configuring DHCP self-defined options is optional. Services, such as DNS on the client, NETBIOS and
IP lease cannot be configured through the option code command but through the related command
described above.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ipaddress &<1-8> } { all | vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> }
The DHCP self-defined options are configured.
The DHCP self-defined options are optional. You can configure it when needed.
----End
Postrequisite
The Option field in DHCP packets carries the control information and parameters that are not
defined in some common protocols. If the DHCP server is configured with Option, the DHCP
client gets the configuration information saved in Option filed of DHCP response packets.
You can add new options to the attribute list of the DHCP server by manual definition. For
example,
4-34
l
To configure the IP address of the log server to 10.110.204.1, run the dhcp server option
7 ip-address 10.110.204.1 command.
l
To configure the TTL of the client packet to 64, run the dhcp server option 23 hex 40
command.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
NOTE
Using the option command, you can specify the options that need be included in the DHCP response
packets.
Before using this command, you need to know the function of each option: Option 77 applies to identify
user types or applications of DHCP client. Based on User Class in the Option field, the DHCP server selects
proper address pool and configuration parameters. Option 77 usually is configured by the client.
4.5.7 Checking the Configuration
Prerequisite
The configurations of the VLANIF interface address pool-based DHCP server are complete.
Procedure
l
Run the display dhcp server tree vlan vlan-id command to check the information on the
tree-structure of DHCP address pool on VLANIF interface.
l
Run the display dhcp server ip-in-use vlan vlan-id command to check the information on
the DHCP address bound with the specified VLANIF interface.
l
Run the display dhcp server expired vlan vlan-id command to check the expired lease in
the DHCP address pool of the specified VLANIF interface.
----End
Example
Run the display dhcp server tree vlan command. If the tree structure information of DHCP
address pools on VLANIF interfaces, such as DNS, IP lease and Option parameters, is displayed,
it means that the configuration succeeds.
<HUAWEI> display dhcp server tree vlan 2
Interface pool:
Pool name: Vlanif2
network 50.1.1.0 mask 255.255.255.0
gateway-list 50.1.1.1
expired day 1 hour 0 minute 0
Run the display dhcp server ip-in-use vlan command. If the binding information of IP address
on VLANIF interfaces, such as the hardware address and the IP lease, is displayed, it means that
the configuration succeeds.
<HUAWEI> display dhcp server ip-in-use vlan 2
IP address
Hardware address
Lease expiration
50.1.1.12
0023-0034-0053 NOT Used
Type
Manual
Run the display dhcp server expired vlan command. If the expired IP address in the address
pool on VLANIF interfaces is displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server expired vlan 2
IP address
Hardware address
Lease expiration
Type
4.6 Configuring the Security Function for DHCP
This section describes how to enhance the security of the DHCP service.
4.6.1 Establishing the Configuration Task
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-35
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
4.6.2 Starting the Detection of the Pseudo DHCP Server on a DHCP Server
4.6.3 Avoiding Repetitive IP Address Assignment
4.6.4 Saving DHCP Data
4.6.5 Restoring DHCP Data
4.6.6 Checking the Configuration
4.6.1 Establishing the Configuration Task
Applicable Environment
After configuring the DHCP server, you need configure the security function of the DHCP
service. This enhances security of the DHCP service and prevents other pseudo DHCP servers
from allocating invalid IP addresses for clients. By viewing logs, the administrator determines
whether invalid DHCP servers allocate invalid IP addresses for clients.
Pre-configuration Tasks
l
Before configuring the security function of DHCP, complete the DHCP server
configuration.
Data Preparation
To configure the security function of DHCP service, you need the following data.
No.
Data
1
Interval at which ping packets are sent and the number of ping packets
2
Interval for saving the DHCP data
4.6.2 Starting the Detection of the Pseudo DHCP Server on a DHCP
Server
Context
If a private DHCP server exists in the network, users cannot obtain correct IP addresses and thus
cannot log in to the network because this private DHCP server will interact with the DHCP client
during address application. Such a private DHCP server is called a pseudo DHCP server.
The logs contain IP addresses of all the DHCP servers that allocate IP addresses for clients. By
viewing these logs, the administrator can determine whether a pseudo DHCP servers exists.
Do as follows on the DHCP server:
Procedure
Step 1 Run:
system-view
4-36
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
The system view is displayed.
Step 2 Run:
dhcp server detect
Detecting the pseudo DHCP server is enabled on the DHCP server.
By default, this function is disabled.
----End
4.6.3 Avoiding Repetitive IP Address Assignment
Context
Do as follows on the DHCP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server ping timeout milliseconds
The time for waiting the response after the ping packets is sent by the DHCP server is configured.
Step 3 Run:
dhcp server ping packets number
The maximum number of ping packets sent by the DHCP server is configured.
By default, the maximum number of ping packets being sent is 2 and the longest waiting time
for ping response packets is 500 ms.
----End
Postrequisite
Before assigning addresses to a client, the DHCP server should detect the IP address to avoid
address collision.
Using the ping command, you can check if there is a ping response of the address to be assigned
within the specific time. If there is no response after a specific time, the DHCP server re-sends
ping packets to this address until it reaches the maximum number of ping packets allowed to be
sent. If there is still no response, it indicates that the IP address is not in use. In this way, it is
ensured that a unique IP address is assigned to the client.
4.6.4 Saving DHCP Data
Context
Do as follows on the DHCP server:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-37
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server database enable
Saving the DHCP data to the hard disk is enabled.
Step 3 Run:
dhcp server database write-delay seconds
The time delay for saving the data is set.
By default, DHCP data cannot be saved to the hard disk. If the function is enabled, the default
interval for saving the current DHCP data is 300 seconds, and the new data overwrites the
previous data.
----End
Postrequisite
The system can save the current DHCP data to the hard disk and restore the data from the hard
disk when the device fails.
The DHCP data is saved with a fixed file name on the hard disk. Normally, the IP leasing
information is saved in lease.txt file and the address collision information is saved in
conflict.txt file. Back up these two files to other directories because they are replaced regularly.
4.6.5 Restoring DHCP Data
Context
Do as follows on the DHCP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp server database recover
DHCP data is restored on the hard disk.
----End
4.6.6 Checking the Configuration
Prerequisite
The configurations of the security function for DHCP are complete.
4-38
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Procedure
l
Run the display dhcp server conflict { all | ip ip-address } command to check the statistics
of DHCP address collisions.
l
Run the display dhcp server database command to check the storage path and file
information of the DHCP database.
----End
Example
Run the display dhcp server conflict command. If the conflicted IP address and the time when
the conflict occurs are displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server conflict all
Address
Discover Time
10.110.1.2 Jan 11 2003 11:57: 7 PM
Run the display dhcp server database command. If the saved path of the DHCP data is
displayed, it means that the configuration succeeds.
<HUAWEI> display dhcp server database
Status: disable
Recover from files after reboot: disable
File saving lease items: hda1:/dhcp/lease.txt
File saving conflict items: hda1:/dhcp/conflict.txt
Save Interval: 300 (seconds)
4.7 Configuring DHCP Relay
This section describes how to enable DHCP relay so that DHCP relay can forward DHCP
requests from local clients to the DHCP server on other networks.
4.7.1 Establishing the Configuration Task
4.7.2 Configuring Relay
4.7.3 Checking the Configuration
4.7.1 Establishing the Configuration Task
Applicable Environment
When there is no DHCP server configured on the local network, enable the DHCP relay function
on the other devices in the network. Thus, the DHCP relay can forward the DHCP requests from
local clients to the DHCP server on the other network. To ensure that the client can normally
obtain the IP address, the server must be the DHCP server based on the global address pool.That
is, the interface connecting the DHCP server to the DHCP relay must not be configured with
any interface address pool.
NOTE
The relay between the server and the client cannot exceed four. Otherwise, the DHCP packet is discarded.
Pre-configuration Tasks
Before configuring the DHCP relay, complete the following tasks:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-39
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
l
Configuring the DHCP server
l
Configuring the interface of the relay
l
Configuring the routes from the relay to the DHCP server
Data Preparation
To configure the DHCP relay, you need the following data.
No.
Data
1
IP address of the DHCP server
2
Number of the interface to be enabled the DHCP relay function
3
Number of the VLAN to be enabled the DHCP relay function
4
(Option) IP address to be released and the corresponding MAC address
5
DHCP option that needs to be associated with the DHCP server address and the relay
agent address.
4.7.2 Configuring Relay
Context
When a client and a DHCP server are not on the same network segment, you can configure the
address of the interface that functions as the DHCP relay agent of the DHCP server. In this
manner, the client can send a Request packet that is forwarded by the DHCP replay agent to the
DHCP server, and then the client can be assigned with an IP address.
On the relay device, you can also configure the association between the DHCP option and the
DHCP server address and the association between the DHCP option and the relay agent address.
According to the option field in the DHCP Request packet, the relay agent can identify the type
of the client and thus forward the Request packet to the corresponding DHCP server. This helps
the DHCP server assign the IP addresses of different network segments to the clients with
different services.
If no DHCP option is configured to associate with either the DHCP server address or the relay
agent address, the relay device needs to check whether a DHCP server address is configured on
the interface (that is, the interface functions as the relay agent of the DHCP server). If the
interface is configured with the relay function, the relay agent forwards packets to the
corresponding DHCP server; otherwise, the packets are discarded.
You can configure relay in the interface view and system view.
NOTE
Because the DHCP client may send broadcast packets during DHCP configuration, the interface where IP
relay is enabled should support the broadcast mode. This IP address must be in the same network segment
with the IP addresses in the address pool on the DHCP server. The number of address of the DHCP server
for which the interface functions as the relay agent is up to 20.
Do as follows on the router acting as the DHCP relay:
4-40
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Procedure
l
Configure DHCP relay function in the interface view.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The interface view is displayed.
3.
Run:
ip address ip-address { mask | mask-length }
The primary IP address of the interface is configured.
4.
(Optional) Run:
ip address ip-address { mask | mask-length } sub
The secondary IP address of the interface is configured.
5.
Run:
dhcp select relay
The DHCP relay function is enabled.
6.
Run:
ip relay address ip-address [ dhcp-option { 60 [ option-text ] | code } ]
The address of the DHCP server for which the interface functions as the relay agent
is configured. It is optional to associate the DHCP option with the DHCP server
address.
7.
(Optional) Run:
ip relay giaddr ip-address [ dhcp-option { 60 [ option-text ] | code } ]
The DHCP option is configured to associate with the primary or secondary IP address
of the interface.
By default, the primary IP address of the interface on the relay device functions as the
relay agent address.
l
Configuring the DHCP relay function in the system view.
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp select relay { all | interface interface-type interface-number.sub-interfacenumber1 [ to interface-type interface-number.sub-interface-number2 ] | interface
interface-type interface-number | vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> }
The DHCP relay function is enabled globally.
3.
Issue 03 (2010-03-31)
Run:
ip relay address ip-address { all | interface interface-type interface-number.subinterface-number1 [ to interface-type interface-number.sub-interface-number2 ] |
interface interface-type interface-number | vlan vlan-id }
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-41
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
The IP address of the DHCP server for which the multiple interfaces function as the
relay agent are configured.
----End
4.7.3 Checking the Configuration
Prerequisite
The configurations of the DHCP relay are complete.
Procedure
l
Run the display dhcp relay statistics command to check the related statistics of the DHCP
relay.
l
Run the display dhcp relay address { all | interfaceinterface-type interface-number |
vlanvlan-id } command to check the DHCP configuration of the interface enabled with the
DHCP relay function.
----End
Example
Run the display dhcp relay address command to view the DHCP configurations of all
interfaces.
<HUAWEI> display dhcp relay address all
** GigabitEthernet1/0/0 DHCP Relay Address **
*:option is none, (*):option-text is none
Dhcp Option
Relay Agent IP
Server IP
*
10.1.1.1
70.1.1.2
101.40.1.2
45
20.1.1.1
101.40.1.2
60(*)
30.1.1.1
202.40.1.2
60(abc)
40.1.1.1
202.40.1.2
Run the display dhcp relay statistics command. If statistics of DHCP relay, such as the number
of wrong DHCP packets and the number of various DHCP packet, is displayed, it means that
the configuration succeeds.
<HUAWEI> display dhcp relay statistics
Bad Packets received:
DHCP packets received from clients:
DHCP DISCOVER packets received:
DHCP REQUEST packets received:
DHCP INFORM packets received:
DHCP DECLINE packets received:
DHCP packets received from servers:
DHCP OFFER packets received:
DHCP ACK packets received:
DHCP NAK packets received:
DHCP packets sent to servers:
DHCP packets sent to clients:
Unicast packets sent to clients:
Broadcast packets sent to clients:
0
2
1
1
0
0
2
1
1
0
1
1
0
0
4.8 Maintaining DHCP
This section describes how to clear the statistics about DHCP and debug DHCP.
4-42
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
4.8.1 Resetting DHCP
4.8.2 Releasing Conflicting IP Addresses
4.8.3 (Optional) Requesting the DHCP Server to Release IP Addresses of the Client
4.8.4 Clearing DHCP Statistics
4.8.5 Monitoring Network Operation Status of DHCP
4.8.1 Resetting DHCP
Context
CAUTION
Resetting DHCP binding through the reset dhcp command interrupts the operation of the DHCP
server. Please confirm that before you want to clear the information of DHCP binding.
Procedure
l
Run the reset dhcp server ip-in-use ip-address command in the user view to reset the
information about the binding of the specified IP address.
l
Run the reset dhcp server ip-in-use pool [ pool-name ] command in the user view to reset
the information about the dynamic address bindings of the global address pool.
l
Run the reset dhcp server ip-in-use interface [ interface-type interface-number ]
command in the user view to reset the information about the dynamic address bindings of
the interface address pool.
l
Run the reset dhcp server ip-in-use vlan vlan-id command in the user view to reset the
information about dynamic IP address bindings on the address pool of the VLANIF
interface.
l
Run the reset dhcp server ip-in-use all command in the user view to reset the information
about the dynamic address bindings of all the address pools.
----End
4.8.2 Releasing Conflicting IP Addresses
Context
The DHCP server detects the conflicting IP addresses through the ping command while the
DHCP client detects the conflicting IP address through sending ARP packets.
CAUTION
After the conflicting IP addresses are released, they can be reallocated by the DHCP server.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-43
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Procedure
l
Run the reset dhcp server conflict ip ip-address command to release the conflicting IP
addresses in the specified address pool.
l
Run the reset dhcp server conflict all command to release all conflicting IP addresses.
----End
4.8.3 (Optional) Requesting the DHCP Server to Release IP
Addresses of the Client
Context
Do as follows on the router acting as the DHCP relay:
Procedure
l
Requesting all the DHCP servers to release an IP address.
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp relay release client-ip-address mac-address
The DHCP servers are required to release the IP address which is applied by the client.
l
Requesting the specified DHCP server to release an IP address.
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp relay release client-ip-address mac-address server-ip-address
The specified DHCP server is required to release the IP address which is applied by
the client.
l
Requesting the DHCP server connected with the interface to release an IP address.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The interface view is displayed.
3.
Run:
dhcp relay release client-ip-address mac-address [ server-ip-address ]
The DHCP server connected with the interface on the DHCP relay is required to
release the IP address which is applied by the client.
----End
4-44
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
4.8.4 Clearing DHCP Statistics
Context
CAUTION
DHCP statistics cannot be restored after you clear it. So, confirm the action before you use the
command.
Procedure
l
Run the reset dhcp server statistics command in the user view to clear the DHCP server
statistics.
l
Run the reset dhcp relay statistics command in the user view to clear the DHCP relay
statistics.
----End
4.8.5 Monitoring Network Operation Status of DHCP
Context
In routine maintenance, you can run the following command in any view to check the operation
of DHCP.
Procedure
l
Run the display dhcp server free-ip command in any view to check the information about
available IP addresses in the DHCP address pool.
l
Run the display dhcp server expired { all | interface [ interface-type interface-number ]
| ip ip-address | pool [ pool-name ] | vlan vlan-id } command in any view to check the
information about the IP addresses with expired leases in the DHCP address pool.
l
Run the display dhcp server ip-in-use { all | interface [ interface-type interfacenumber ] | ip ip-address | pool [ pool-name ] | vlan vlan-id } command in any view to check
the information about address bindings.
l
Run the display dhcp server statistics command in any view to check the statistics about
the DHCP server.
l
Run the display dhcp server tree { all | interface [ interface-type interface-number ] |
pool [ pool-name ] | vlan vlan-id } command in any view to check the information about
the tree structure of the DHCP address pool.
l
Run the display dhcp server conflict { all | ip ip-address } command in any view to check
the information about the conflict addresses in the DHCP address pool.
l
Run the display dhcp server database command in any view to check the path at which
DHCP database is saved and file information about the database.
l
Run the display interface [ interface-type interface-number ] command in any view to
check the relay address of the interface.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-45
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
l
Run the display dhcp relay address { all | interface interface-type interface-number |
vlan vlan-id } command in any view to check configurations about the DHCP relay address.
----End
4.9 Configuration Examples
This section provides several configuration examples of the DHCP server and DHCP relay.
4.9.1 Example for Configuring the Global Address Pool-based DHCP Server
4.9.2 Example for Configuring the Interface Address Pool-based DHCP Server
4.9.3 Example for Configuring the Sub-interface Address Pool-based DHCP Server
4.9.4 Example for Configuring the VLANIF Interface Address Pool-based DHCP Server
4.9.5 Example for Configuring DHCP Relay
4.9.6 Example for Configuring the DHCP Option Association
4.9.1 Example for Configuring the Global Address Pool-based
DHCP Server
Networking Requirements
As shown in Figure 4-1, a DHCP server dynamically assigns the IP addresses to a client in the
same network segment. The address pool segment 10.1.1.0/24 is divided into two segments:
10.1.1.0/25 and 10.1.1.128/25. The IP addresses of the two Ethernet interfaces on the DHCP
server are 10.1.1.1/25 and 10.1.1.129/25.
The IP lease of the segment 10.1.1.0/25 is 10 days and 12 hours, with domain name as
huawei.com, DNS address as 10.1.1.2, egress device address as 10.1.1.126 and without the
NetBIOS address.
The IP lease of the segment 10.1.1.128/25 is 5 days, with DNS address as 10.1.1.2, egress device
address as 10.1.1.254, and NetBIOS address as 10.1.1.4.
Figure 4-1 Networking diagram of the DHCP server and the client that are in the same network
segment
NetBIOS
server
DHCP
client
GE1/0/0
10.1.1.1/25
DHCP
client
DHCP
client
GE1/0/1
10.1.1.129/25
DHCP
server
DNS DHCP
server client
Network: 10.1.1.0/25
4-46
DHCP
client
DHCP
client
Network: 10.1.1.128/25
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, the NetBIOS server and the egress gateway.
3.
Configure an address pool, including the address range and the domain name, and configure
the IP address of the DNS server.
4.
Configure related attributes for the address pool, such as the address range, the egress
gateway, the IP address of the NetBIOS server and the IP lease.
This example covers the configurations of three address pools. Address pool 0 is configured
with the common attribute of all client; address pool 1 and address pool 2 are configured
with different attributes of various clients.
In this example, you can configure only address pool 1 and address pool 2. They cannot
adopt configurations of the root address pool. You need to configure attributes for them
respectively.
Data Preparation
To complete the configuration, you need the following data:
l
IP address that need not be assigned automatically
l
Address pool number
Procedure
Step 1 Configure the DHCP server.
# Enable DHCP on the device.
<HUAWEI> system-view
[HUAWEI] sysname HUAWEI
[HUAWEI] dhcp enable
# Configure the IP addresses that do not participate in auto-allocation, including addresses of
the DNS server, the NetBIOS server and the egress gateway.
[HUAWEI]
[HUAWEI]
[HUAWEI]
[HUAWEI]
dhcp
dhcp
dhcp
dhcp
server
server
server
server
forbidden-ip
forbidden-ip
forbidden-ip
forbidden-ip
10.1.1.2
10.1.1.4
10.1.1.126
10.1.1.254
# Configure general attributes of DHCP address pool 0, including the address pool range, domain
name and the IP address of the DNS server.
[HUAWEI] dhcp server ip-pool 0
[HUAWEI-dhcp-0] network 10.1.1.0 mask 255.255.255.0
[HUAWEI-dhcp-0] domain-name huawei.com
[HUAWEI-dhcp-0] dns-list 10.1.1.2
[HUAWEI-dhcp-0] quit
# Configure attributes of DHCP address pool 1, including the address pool range, egress gateway
and the IP lease.
[HUAWEI] dhcp server ip-pool 1
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-47
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
[HUAWEI-dhcp-1]
[HUAWEI-dhcp-1]
[HUAWEI-dhcp-1]
[HUAWEI-dhcp-1]
network 10.1.1.0 mask 255.255.255.128
expired day 10 hour 12
gateway-list 10.1.1.126
quit
# Configure attributes of DHCP address pool 2, including the address pool range, egress gateway,
the IP address of the NetBIOS server and the IP lease.
[HUAWEI] dhcp server ip-pool 2
[HUAWEI-dhcp-2] network 10.1.1.128 mask 255.255.255.128
[HUAWEI-dhcp-2] expired day 5
[HUAWEI-dhcp-2] nbns-list 10.1.1.4
[HUAWEI-dhcp-2] gateway-list 10.1.1.254
[HUAWEI-dhcp-2] quit
# Configure the clients of the GE 1/0/0 to obtain their IP addresses from the global address pool.
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] ip address 10.1.1.1 255.255.255.128
[HUAWEI-GigabitEthernet1/0/0] dhcp select global
[HUAWEI-GigabitEthernet1/0/0] undo shutdown
[HUAWEI-GigabitEthernet1/0/0] quit
# Configure the clients of the GE 1/0/1 to obtain their IP addresses from the global address pool.
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] ip address 10.1.1.129 255.255.255.128
[HUAWEI-GigabitEthernet1/0/1] dhcp select global
[HUAWEI-GigabitEthernet1/0/1] undo shutdown
[HUAWEI-GigabitEthernet1/0/1] quit
Step 2 Verify the configuration.
After the configuration, run the display dhcp server tree command on the DHCP server. If the
tree structure information of DHCP address pools, including DNS, IP lease, and Option
parameters, is displayed, it means that the configuration succeeds.
[HUAWEI] display dhcp server tree all
Global pool:
Pool name: 0
Child node:1
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.2
domain-name huawei.com
expired day 1 hour 0 minute 0
Pool name: 1
Parent node:0
Sibling node:2
network 10.1.1.0 mask 255.255.255.128
gateway-list 10.1.1.126
dns-list 10.1.1.2
domain-name huawei.com
expired day 10 hour 12 minute 0
Pool name: 2
Parent node:0
PrevSibling node:1
network 10.1.1.128 mask 255.255.255.128
gateway-list 10.1.1.254
dns-list 10.1.1.2
domain-name huawei.com
nbns-list 10.1.1.4
expired day 5 hour 0 minute 0
----End
Configuration File
The configuration file of HUAWEI is as follows:
4-48
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
#
sysname HUAWEI
#
dhcp server ip-pool 0
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.2
domain-name huawei.com
#
dhcp server ip-pool 1
network 10.1.1.0 mask 255.255.255.128
gateway-list 10.1.1.126
expired day 10 hour 12
#
dhcp server ip-pool 2
network 10.1.1.128 mask 255.255.255.128
gateway-list 10.1.1.254
nbns-list 10.1.1.4
expired day 5
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.128
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.129 255.255.255.128
#
dhcp server forbidden-ip 10.1.1.2
dhcp server forbidden-ip 10.1.1.4
dhcp server forbidden-ip 10.1.1.126
dhcp server forbidden-ip 10.1.1.254
#
return
NOTE
By default, IP addresses in the global address pool are assigned. So, the configuration file does not contain
the dhcp select global command.
4.9.2 Example for Configuring the Interface Address Pool-based
DHCP Server
Networking Requirements
As shown in Figure 4-2, the network 10.1.1.0/24 is of a smaller size. GE 1/0/0 connects with
two DHCP clients and two servers. To assign IP addresses for the clients dynamically, configure
a DHCP server based on the address pool on GE 1/0/0. After GE 1/0/0 is configured with the IP
address 10.1.1.1/24, addresses from 10.1.1.2/24 to 10.1.1.254/24 can be assigned to the clients.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-49
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Figure 4-2 Networking diagram of the DHCP server based on the address pool on the interface
NetBIOS
server
DHCP
client
10.1.1.3/24
GE1/0/0
10.1.1.1/24
Router
DHCP
server
DHCP
client
DNS
server
10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, the NetBIOS server and the egress gateway.
3.
Configure IP address of the interfaces and the DNS server and the domain name.
4.
Enable the address pool on the interface.
5.
(Optional) Configure related attributes for the address pool, such as, the egress gateway,
the IP address of the NetBIOS server, the IP lease, and the security function.
Data Preparation
To complete the configuration, you need the following data:
l
IP address that need not be assigned automatically
l
IP Address of the interface
Procedure
Step 1 Configure the DHCP server.
# Enable DHCP on the device.
<HUAWEI> system-view
[HUAWEI] sysname HUAWEI
[HUAWEI] dhcp enable
# Configure the IP addresses that do not participate in auto-allocation, including IP addresses
of the DNS server and the NetBIOS server.
[HUAWEI] dhcp server forbidden-ip 10.1.1.2
[HUAWEI] dhcp server forbidden-ip 10.1.1.3
# Configure the IP address of GE 1 /0/0.
4-50
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] ip address 10.1.1.1 24
# Enable the address pool on the interface.
[HUAWEI-GigabitEthernet1/0/0] dhcp select interface
# Configure the domain name and IP addresses of the DNS server and NetBIOS server.
[HUAWEI-GigabitEthernet1/0/0]
[HUAWEI-GigabitEthernet1/0/0]
[HUAWEI-GigabitEthernet1/0/0]
[HUAWEI-GigabitEthernet1/0/0]
dhcp
dhcp
dhcp
dhcp
server
server
server
server
domain-name huawei.com
dns-list 10.1.1.2
nbns-list 10.1.1.3
netbios-type b-node
# (optional) Configure the IP lease and detection of pseudo DHCP server.
[HUAWEI-GigabitEthernet1/0/0] dhcp server expired day 10 hour 12
[HUAWEI-GigabitEthernet1/0/0] undo shutdown
[HUAWEI-GigabitEthernet1/0/0] quit
[HUAWEI] dhcp server detect
Step 2 Verify the configuration.
After the configuration, run the display dhcp server tree command on the DHCP server. If the
tree structure information of DHCP address pools, including DNS, IP lease, and Option
parameters, is displayed, it means that the configuration succeeds.
[HUAWEI] display dhcp server tree all
Interface pool:
Pool name: GigabitEthernet2/0/3
network 10.1.1.0 mask 255.255.255.0
gateway-list 10.1.1.1
dns-list 10.1.1.2
domain-name huawei.com
nbns-list 10.1.1.3
netbios-type b-node
expired day 10 hour 12 minute 0
----End
Configuration File
The configuration file of HUAWEI is as follows:
#
sysname HUAWEI
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 10.1.1.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
dhcp server forbidden-ip 10.1.1.2
dhcp server forbidden-ip 10.1.1.3
dhcp server detect
#
return
4.9.3 Example for Configuring the Sub-interface Address Poolbased DHCP Server
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-51
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Networking Requirements
As shown in Figure 4-3, GE 1/0/0 has two sub-interfaces. To be more effective, configure
address pools on several sub-interfaces so that the PCs that are in the same VLAN with the subinterfaces can dynamically obtain their IP addresses from the address pool.
VALN10 and VLAN20 are connected with the switch, as shown in the following diagram. On
the switch, set GE0/0/4 that is connected with the device to be a Trunk interface. Configure the
interfaces on the device to allow frame from VLAN10 and VLAN20 to pass. Configure the
interfaces that connect the switch with PCs to join the corresponding default VLANs.
Figure 4-3 Networking diagram of the DCHP server based on the address pools on the subinterfaces
NetBIOS
server
DHCP
client
10.1.1.3/24
VLAN 20
DHCP
GE1/0/0.1 server
GE0/0/4
10.1.1.1/24
GE1/0/0.2
10.1.2.1/24
VLAN 10
DNS
server
DHCP
client
10.1.2.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, the NetBIOS server and the egress gateway.
3.
Create sub-interfaces, configure IP addresses for them and encapsulate them with 802.1Q.
4.
Enable the address pool for the sub-interfaces.
5.
Configure related attributes for the address pool, such as the domain name, IP addresses of
the NetBIOS server and the DNS server, and the IP lease.
Data Preparation
To complete the configuration, you need the following data:
l
4-52
IP address that need not be assigned automatically
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
l
4 DHCP Configuration
IP address of the interface
Procedure
Step 1 Configure the DHCP server.
# Enable DHCP on the device.
<HUAWEI> system-view
[HUAWEI] sysname HUAWEI
[HUAWEI] dhcp enable
# Configure the IP addresses that do not participate in auto-allocation, including IP addresses
of the DNS server and NetBIOS server.
[HUAWEI] dhcp server forbidden-ip 10.1.2.2
[HUAWEI] dhcp server forbidden-ip 10.1.1.3
# Create sub-interface GE 1/0/0.1, configure its IP address, and encapsulate it with 802.1Q.
[HUAWEI] interface gigabitethernet 1/0/0.1
[HUAWEI-GigabitEthernet1/0/0.1] vlan-type dot1q 20
[HUAWEI-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[HUAWEI-GigabitEthernet1/0/0.1] undo shutdown
[HUAWEI-GigabitEthernet1/0/0.1] quit
# Create sub-interface GE 1/0/0.2, configure its IP address, and encapsulate it with 802.1Q.
[HUAWEI] interface gigabitethernet 1/0/0.2
[HUAWEI-GigabitEthernet1/0/0.2] vlan-type dot1q 10
[HUAWEI-GigabitEthernet1/0/0.2] ip address 10.1.2.1 24
[HUAWEI-GigabitEthernet1/0/0.2] undo shutdown
[HUAWEI-GigabitEthernet1/0/0.2] quit
# Enable the address pool that is based on sub-interfaces.
[HUAWEI] dhcp select interface interface gigabitethernet 1/0/0.1 to gigabitethernet
1/0/0.2
# Configure the domain name and IP addresses of the DNS server and NetBIOS server.
[HUAWEI] dhcp server domain-name huawei.com interface gigabitethernet 1/0/0.1 to
gigabitethernet 1/0/0.2
[HUAWEI] dhcp server dns-list 10.1.2.2 interface gigabitethernet 1/0/0.1 to
gigabitethernet 1/0/0.2
[HUAWEI] dhcp server nbns-list 10.1.1.3 interface gigabitethernet 1/0/0.1 to
gigabitethernet 1/0/0.2
[HUAWEI] dhcp server netbios-type b-node interface gigabitethernet 1/0/0.1 to
gigabitethernet 1/0/0.2
# Configure the IP lease for the address pool.
[HUAWEI] dhcp server expired day 10 hour 12 interface gigabitethernet 1/0/0.1 to
gigabitethernet 1/0/0.2
Step 2 Verify the configuration.
After the configuration, run the display dhcp server tree command on the DHCP server. If the
tree structure information of DHCP address pools, including DNS, IP lease, and Option
parameters, is displayed, it means that the configuration succeeds.
[HUAWEI] display dhcp server tree all
Interface pool:
Pool name: GigabitEthernet1/0/0.1
network 10.1.1.0 mask 255.255.255.0
gateway-list 10.1.1.1
dns-list 10.1.2.2
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-53
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
domain-name huawei.com
nbns-list 10.1.1.3
netbios-type b-node
expired day 10 hour 12 minute 0
Pool name: GigabitEthernet1/0/0.2
network 10.1.2.0 mask 255.255.255.0
gateway-list 10.1.2.1
dns-list 10.1.2.2
domain-name huawei.com
nbns-list 10.1.1.3
netbios-type b-node
expired day 10 hour 12 minute 0
After the preceding configurations, PCs in VLAN 10 and VLAN 20 can obtain IP addresses in
the address pools of the sub-interfaces. PCs in two VLANs can ping through each other.
----End
Configuration File
The configuration file of router is as follows:
#
interface GigabitEthernet1/0/0.1
undo shutdown
ip address 10.1.1.1 255.255.255.0
vlan-type dot1q 20
dhcp select interface
dhcp server dns-list 10.1.2.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
interface GigabitEthernet 1/0/0.2
undo shutdown
ip address 10.1.2.1 255.255.255.0
vlan-type dot1q 10
dhcp select interface
dhcp server dns-list 10.1.2.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
dhcp server forbidden-ip 10.1.2.2
dhcp server forbidden-ip 10.1.1.3
#
return
4.9.4 Example for Configuring the VLANIF Interface Address Poolbased DHCP Server
Networking Requirements
Figure 4-4 shows the diagram of applying the VLANIF-interface-based address pool to the
device that supports switched Ethernet interfaces. The Ethernet interface cannot be configured
with an IP address, so you need to create a VLANIF interface and configure a DHCP address
pool on it to assign IP addresses.
4-54
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Figure 4-4 Networking diagram of the DHCP server based on the address pool on the VLANIF
interface
NetBIOS
server
10.1.1.3/24
DNS
server
DHCP
client
10.1.1.2/24
Vlanif10 GE1/0/0
10.1.1.1/24
Vlanif11 GE1/0/1
10.1.2.1/24
DHCP
client
DHCP
client
DHCP
server
DHCP
client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP.
2.
Configure the IP addresses that need not be assigned automatically, such as IP addresses
of the DNS server, IP addresses of the NetBIOS server.
3.
Create VLANIF interfaces and configure IP addresses for them.
4.
Enable the address pool that is based on the VLANIF interface.
5.
Configure related attributes for the address pool, such as the domain name, IP addresses of
the NetBIOS server and the DNS server, and the IP lease.
Data Preparation
To complete the configuration, you need the following data:
l
IP address that need not be assigned automatically
l
IP address of the interface
Procedure
Step 1 Configure the DHCP server.
# Enable DHCP on the device.
<HUAWEI> system-view
[HUAWEI] sysname HUAWEI
[HUAWEI] dhcp enable
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-55
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
# Configure the IP addresses that do not participate in auto-allocation, including IP addresses
of the DNS server and NetBIOS server.
[HUAWEI] dhcp server forbidden-ip 10.1.1.2
[HUAWEI] dhcp server forbidden-ip 10.1.1.3
# Create a VLAN.
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
[HUAWEI] vlan 11
[HUAWEI-vlan11] quit
# Configure attributes for the switched Ethernet interface and join the interface to a VLAN.
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] portswitch
[HUAWEI-GigabitEthernet1/0/0] port default vlan 10
[HUAWEI-GigabitEthernet1/0/0] undo shutdown
[HUAWEI-GigabitEthernet1/0/0] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] portswitch
[HUAWEI-GigabitEthernet1/0/1] port default vlan 11
[HUAWEI-GigabitEthernet1/0/1] undo shutdown
[HUAWEI-GigabitEthernet1/0/1] quit
# Create a VLANIF interface and configure an IP address for the VLANIF interface.
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] ip address 10.1.1.1 24
[HUAWEI-Vlanif10] undo shutdown
[HUAWEI-Vlanif10] quit
[HUAWEI] interface vlanif 11
[HUAWEI-Vlanif11] ip address 10.1.2.1 24
[HUAWEI-Vlanif11] undo shutdown
[HUAWEI-Vlanif11] quit
# Enable the address pool on the VLANIF interface.
[HUAWEI] dhcp select interface vlan 10 to 11
# Configure the domain name of the address pool and IP addresses of the DNS server and the
NetBIOS server.
[HUAWEI]
[HUAWEI]
[HUAWEI]
[HUAWEI]
dhcp
dhcp
dhcp
dhcp
server
server
server
server
domain-name huawei.com vlan 10 to 11
dns-list 10.1.1.2 vlan 10 to 11
nbns-list 10.1.1.3 vlan 10 to 11
netbios-type b-node vlan 10 to 11
# Configure the IP lease.
[HUAWEI] dhcp server expired day 10 hour 12 vlan 10 to 11
Step 2 Verify the configuration.
After the configuration, run the display dhcp server tree command on the DHCP server. If the
tree structure information of DHCP address pools, including DNS, IP lease, and Option
parameters, is displayed, it means that the configuration succeeds.
[HUAWEI] display dhcp server tree all
Interface pool:
Pool name: Vlanif10
network 10.1.1.0 mask 255.255.255.0
gateway-list 10.1.1.1
dns-list 10.1.1.2
domain-name huawei.com
nbns-list 10.1.1.3
netbios-type b-node
expired day 10 hour 12 minute 0
4-56
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Pool name: Vlanif11
network 10.1.2.0 mask 255.255.255.0
gateway-list 10.1.2.1
dns-list 10.1.1.2
domain-name huawei.com
nbns-list 10.1.1.3
netbios-type b-node
expired day 10 hour 12 minute 0
----End
Configuration File
The configuration file of HUAWEI is as follows:
#
sysname HUAWEI
#
vlan batch 10 to 11
#
interface Vlanif10
undo shutdown
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 10.1.1.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
interface Vlanif11
undo shutdown
ip address 10.1.2.1 255.255.255.0
dhcp select interface
dhcp server dns-list 10.1.1.2
dhcp server domain-name huawei.com
dhcp server nbns-list 10.1.1.3
dhcp server netbios-type b-node
dhcp server expired day 10 hour 12
#
interface gigabitEthernet1/0/0
undo shutdown
portswitch
port default vlan 10
#
interface gigabitEthernet1/0/1
undo shutdown
portswitch
port default vlan 11
#
dhcp server forbidden-ip 10.1.1.2
dhcp server forbidden-ip 10.1.1.3
#
return
4.9.5 Example for Configuring DHCP Relay
Networking Requirements
As shown in Figure 4-5, the DHCP client is in the network segment 10.110.0.0/16, while the
DHCP server is in the network segment 202.40.0.0/16. A DHCP relay device is needed to
forward DHCP packets so that the DHCP client obtains the IP addresses from the DHCP server.
The DHCP server is assigned with an address pool in the network segment 10.100.0.0/16. The
IP address of the DNS server is 10.100.1.2/16, the IP address of the NetBIOS server is
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-57
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
10.100.1.3/16, and the IP address of the gateway is 10.100.1.4. On the DHCP server, the routing
table must contain at least one reachable a route to the network segment 10.110.0.0.
Figure 4-5 Networking diagram for configuring DHCP relay
DNS
server
NetBIOS
server
10.100.1.2/16
10.100.1.3/16
DHCP Relay
GE1/0/0 RouterA
10.100.1.1/16
POS2/0/0
202.40.1.1/16
DHCP
client
DHCP server
RouterB
POS1/0/0
202.40.1.2/16
DHCP
client
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable DHCP on Router A that acts as the DHCP relay.
2.
Configure POS 2/0/0 that needs to implement the DHCP relay function.
3.
Configure the the address of the DHCP server for which the interface functions as the relay
agent for GE 1/0/0 and enable DHCP relay on GE 1/0/0.
4.
Configure a route from the DHCP server Router B to GE 1/0/0 of Router A.
5.
Enable DHCP on Router B.
6.
Configure the clients attached to POS 1/0/0 to obtain IP addresses through the global
address pool.
7.
Configure a global address pool on Router B.
Data Preparation
To complement the configuration, you need the following data:
l
IP address of the interface that need to be enabled with DHCP relay
l
IP address of the DHCP server
Procedure
Step 1 Configure the DHCP relay.
# Enable DHCP on the device.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
4-58
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
[RouterA] dhcp enable
# Configure an IP address for POS 2/0/0.
[RouterA] interface pos 2/0/0
[RouterA-Pos2/0/0] ip address 202.40.1.1 255.255.0.0
[RouterA-Pos2/0/0] undo shutdown
[RouterA-Pos2/0/0] quit
# Enter the view of the interface that needs to be enabled with DHCP relay. Configure the IP
address and mask of the interface, which should be in the same network segment with that of
the DHCP client.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 10.100.1.1 255.255.0.0
[RouterA-GigabitEthernet1/0/0] ip relay address 202.40.1.2
[RouterA-GigabitEthernet1/0/0] dhcp select relay
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
Step 2 Configure the DHCP server.
# On Router B, configure routes to GE 1/0/0 that connects Router A and its client.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ip route-static 10.100.0.0 255.255.0.0 202.40.1.1
# Enable DHCP.
[RouterB] dhcp enable
# Configure the clients of POS 1/0/0 to obtain the IP addresses from the global address pool.
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ip address 202.40.1.2 255.255.0.0
[RouterB-Pos1/0/0] dhcp select global
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
# Configure the IP addresses that do not participate in auto-allocation, including IP addresses
of the DNS server, the NetBIOS server and the egress gateway.
[RouterB] dhcp server forbidden-ip 10.100.1.2
[RouterB] dhcp server forbidden-ip 10.100.1.3
[RouterB] dhcp server forbidden-ip 10.100.1.4
# Configure attributes of DHCP address pool 1, including the address pool range, domain name,
egress gateway, the IP address of the DNS server and IP lease.
[RouterB] dhcp server ip-pool 1
[RouterB-dhcp-1] network 10.100.0.0 mask 255.255.0.0
[RouterB-dhcp-1] domain-name huawei.com
[RouterB-dhcp-1] dns-list 10.100.1.2
[RouterB-dhcp-1] nbns-list 10.100.1.3
[RouterB-dhcp-1] gateway-list 10.100.1.4
[RouterB-dhcp-1] expired day 10 hour 12
[RouterB-dhcp-1] quit
Step 3 Verify the configuration.
Run the display dhcp server tree command on the DHCP server. If the tree structure information
of DHCP address pools, including DNS, IP lease, and Option parameters, is displayed, it means
that the configuration succeeds.
[RouterB] display dhcp server tree all
Global pool:
Pool name: 1
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-59
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
network 10.100.0.0 mask 255.255.0.0
gateway-list 10.100.1.4
dns-list 10.100.1.2
domain-name huawei.com
nbns-list 10.100.1.3
expired day 10 hour 12 minute 0
Run the display dhcp relay address command on the DHCP relay device to view configurations
of the relay IP address.
[RouterA] display dhcp relay address all
** GigabitEthernet1/0/0 DHCP Relay Address
Dhcp Option
Relay Agent IP
*
-
**
Server IP
202.40.1.2
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.100.1.1 255.255.0.0
ip relay address 202.40.1.2
dhcp select relay
#
interface Pos 2/0/0
link-protocol ppp
undo shutdown
ip address 202.40.1.1 255.255.0.0
#
return
l
Configuration file of Router B
#
sysname RouterB
#
dhcp server ip-pool 1
network 10.100.0.0 mask 255.255.0.0
gateway-list 10.100.1.4
dns-list 10.100.1.2
domain-name huawei.com
nbns-list 10.100.1.3
expired day 10 hour 12
#
interface Pos 1/0/0
link-protocol ppp
undo shutdown
ip address 202.40.1.2 255.255.0.0
#
dhcp server forbidden-ip 10.100.1.2
dhcp server forbidden-ip 10.100.1.3
dhcp server forbidden-ip 10.100.1.4
#
ip route-static 10.100.0.0 255.255.0.0 202.40.1.1
#
return
4.9.6 Example for Configuring the DHCP Option Association
4-60
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Networking Requirements
As shown in Figure 4-6, the four DHCP clients transmit different types of services. After the
DHCP option is configured to associate with the addresses of the DHCP server and relay agent,
packets from clients can be forwarded to the corresponding DHCP server. In this manner,
configuration information such as the IP address can be provided for different clients.
As a DHCP server, Router B is configured with two global address pools of two network
segments being 10.1.0.0/16 and 20.1.0.0/16 respectively. In addition, Router B is configured
with the route to the relay device Router A. On the network segment 10.1.0.0/16, 10.1.1.1/16 is
the address of the DNS server, NetBIOS server, and egress gateway. On the network segment
20.1.0.0/16, 20.1.1.1/16 is the address of the DNS server, NetBIOS server, and egress gateway.
As a DHCP server, Router C is configured with two global address pools of two network
segments being 30.1.0.0/16 and 40.1.0.0/16 respectively. In addition, Router C is configured
with the route to the relay device Router A. On the network segment 30.1.0.0/16, 30.1.1.1/16 is
the address of the DNS server, NetBIOS server, and egress gateway. On the network segment
40.1.0.0/16, 40.1.1.1/16 is the address of the DNS server, NetBIOS server, and egress gateway.
Figure 4-6 Networking diagram of configuring the DHCP option association
DHCP Server
RouterB
DHCP
clientA
POS1/0/0
101.40.1.2/16
DHCP
clientB
DHCP Relay
POS2/0/0
RouterA
101.40.1.1/16
DHCP
clientC
DHCP
clientD
GE1/0/0
DSLAM 10.1.1.1/16
20.1.1.1/16 sub
30.1.1.1/16 sub
40.1.1.1/16 sub
POS3/0/0
202.40.1.1/16
POS1/0/0
202.40.1.2/16
DHCP Server
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the association between the DHCP option and the IP address of each interface
on Router A.
2.
Configure the DHCP function and address pools on Router B.
3.
Configure the DHCP function and address pools on Router C.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-61
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Primary and secondary IP addresses of the interface that functions as the DHCP relay agent
l
IP address of each DHCP server
l
DHCP option
Procedure
Step 1 Do as follows on the relay device:
# Enable DHCP.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] dhcp enable
# Configure the IP address of POS 2/0/0.
[RouterA] interface pos 2/0/0
[RouterA-Pos2/0/0] ip address 101.40.1.1 255.255.0.0
[RouterA-Pos2/0/0] undo shutdown
[RouterA-Pos2/0/0] quit
# Configure the IP address of POS 3/0/0.
[RouterA] interface pos 3/0/0
[RouterA-Pos3/0/0] ip address 202.40.1.1 255.255.0.0
[RouterA-Pos3/0/0] undo shutdown
[RouterA-Pos3/0/0] quit
# Enter the view of the interface to be configured with the DHCP relay function. Configure the
IP address and DHCP option association for the interface.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 255.255.0.0
[RouterA-GigabitEthernet1/0/0] ip address 20.1.1.1 255.255.0.0 sub
[RouterA-GigabitEthernet1/0/0] ip address 30.1.1.1 255.255.0.0 sub
[RouterA-GigabitEthernet1/0/0] ip address 40.1.1.1 255.255.0.0 sub
[RouterA-GigabitEthernet1/0/0] ip relay address 101.40.1.2
[RouterA-GigabitEthernet1/0/0] ip relay address 101.40.1.2 dhcp-option
[RouterA-GigabitEthernet1/0/0] ip relay address 202.40.1.2 dhcp-option
[RouterA-GigabitEthernet1/0/0] ip relay address 202.40.1.2 dhcp-option
[RouterA-GigabitEthernet1/0/0] ip relay giaddr 10.1.1.1
[RouterA-GigabitEthernet1/0/0] ip relay giaddr 20.1.1.1 dhcp-option 45
[RouterA-GigabitEthernet1/0/0] ip relay giaddr 30.1.1.1 dhcp-option 60
[RouterA-GigabitEthernet1/0/0] ip relay giaddr 40.1.1.1 dhcp-option 60
[RouterA-GigabitEthernet1/0/0] dhcp select relay
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
45
60
60 abc
abc
Step 2 Do as follows on Router B functioning as a DHCP server:
# Configure the routes from Router B to Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ip route-static 10.1.0.0 255.255.0.0 101.40.1.1
[RouterB] ip route-static 20.1.0.0 255.255.0.0 101.40.1.1
# Enable DHCP on RouterB.
[RouterB] dhcp enable
4-62
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
# Configure the clients connected to POS 1/0/0 to obtain IP addresses from the global address
pool.
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ip address 101.40.1.2 255.255.0.0
[RouterB-Pos1/0/0] dhcp select global
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
# Configure the IP addresses that cannot be automatically allocated, including the DNS server
address, NetBIOS address, and egress gateway address.
[RouterB] dhcp server forbidden-ip 10.1.1.1 10.1.1.2
[RouterB] dhcp server forbidden-ip 20.1.1.1
# Configure the attributes for DHCP address pool 1, including the address pool range, domain
name, egress gateway, DNS address, and address lease.
[RouterB] dhcp server ip-pool 1
[RouterB-dhcp-1] network 10.1.0.0 mask 255.255.0.0
[RouterB-dhcp-1] domain-name abc.com
[RouterB-dhcp-1] dns-list 10.1.1.1
[RouterB-dhcp-1] nbns-list 10.1.1.1
[RouterB-dhcp-1] gateway-list 10.1.1.1
[RouterB-dhcp-1] expired day 10 hour 12
[RouterB-dhcp-1] quit
# Configure the attributes for DHCP address pool 2, including the address pool range, domain
name, egress gateway, DNS address, and address lease.
[RouterB] dhcp server ip-pool 2
[RouterB-dhcp-2] network 20.1.0.0 mask 255.255.0.0
[RouterB-dhcp-2] domain-name def.com
[RouterB-dhcp-2] dns-list 20.1.1.1
[RouterB-dhcp-2] nbns-list 20.1.1.1
[RouterB-dhcp-2] gateway-list 20.1.1.1
[RouterB-dhcp-2] expired day 10 hour 12
[RouterB-dhcp-2] quit
Step 3 Do as follows on Router C functioning as a DHCP server:
# Configure the route from Router C to Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] ip route-static 30.1.0.0 255.255.0.0 202.40.1.1
[RouterC] ip route-static 40.1.0.0 255.255.0.0 202.40.1.1
# Enable DHCP on RouterC.
[RouterC] dhcp enable
# Configure the clients connected to POS 1/0/0 to obtain IP addresses from the global address
pool.
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] ip address 202.40.1.2 255.255.0.0
[RouterC-Pos1/0/0] dhcp select global
[RouterC-Pos1/0/0] undo shutdown
[RouterC-Pos1/0/0] quit
# Configure the IP addresses that do not participate in the auto-allocation, including the DNS
server address, NetBIOS address, and egress gateway address.
[RouterC] dhcp server forbidden-ip 30.1.1.1
[RouterC] dhcp server forbidden-ip 40.1.1.1
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-63
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
# Configure the attributes for DHCP address pool 1, including the address pool range, domain
name, egress gateway, DNS address, and address lease.
[RouterC] dhcp server ip-pool 1
[RouterC-dhcp-1] network 30.1.0.0 mask 255.255.0.0
[RouterC-dhcp-1] domain-name ghi.com
[RouterC-dhcp-1] dns-list 30.1.1.1
[RouterC-dhcp-1] nbns-list 30.1.1.1
[RouterC-dhcp-1] gateway-list 30.1.1.1
[RouterC-dhcp-1] expired day 10 hour 12
[RouterC-dhcp-1] quit
# Configure the attributes for DHCP address pool 2, including the address pool range, domain
name, egress gateway, DNS address, and address lease.
[RouterC] dhcp server ip-pool 2
[RouterC-dhcp-2] network 40.1.0.0 mask 255.255.0.0
[RouterC-dhcp-2] domain-name jkl.com
[RouterC-dhcp-2] dns-list 40.1.1.1
[RouterC-dhcp-2] nbns-list 40.1.1.1
[RouterC-dhcp-2] gateway-list 40.1.1.1
[RouterC-dhcp-2] expired day 10 hour 12
[RouterC-dhcp-2] quit
Step 4 Verify the configuration.
Run the display dhcp relay address all command on Router A. You can view the configuration
of the interface enabled with the DHCP relay function.
[RouterA] display dhcp relay address all
**
GigabitEthernet1/0/0 DHCP Relay Address
**
DHCP Option
Relay Agent IP
Server IP
*
10.1.1.1
101.40.1.2
45
20.1.1.1
101.40.1.2
60(*)
30.1.1.1
202.40.1.2
60(abc)
40.1.1.1
202.40.1.2
Run the display dhcp server tree command on Router B. You can view information about
DHCP address pools in a tree structure, including DNS, IP address lease, and parameters such
as the option.
[RouterB] display dhcp server tree all
Global pool:
Pool name: 1
network 10.1.0.0 mask 255.255.0.0
gateway-list 10.1.1.1
dns-list 10.1.1.1
domain-name abc.com
nbns-list 10.1.1.1
expired day 10 hour 12 minute 0
Pool name: 2
network 20.1.0.0 mask 255.255.0.0
gateway-list 20.1.1.1
dns-list 20.1.1.1
domain-name def.com
nbns-list 20.1.1.1
expired day 10 hour 12 minute 0
Run the display dhcp server tree command on Router C. You can view information about
DHCP address pools in a tree structure, including DNS, IP address lease, and parameters such
as the option.
[RouterC] display dhcp server tree all
Global pool:
Pool name: 1
network 30.1.0.0 mask 255.255.0.0
gateway-list 30.1.1.1
dns-list 30.1.1.1
4-64
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
domain-name ghi.com
nbns-list 30.1.1.1
expired day 10 hour 12 minute 0
Pool name: 2
network 40.1.0.0 mask 255.255.0.0
gateway-list 40.1.1.1
dns-list 40.1.1.1
domain-name jkl.com
nbns-list 40.1.1.1
expired day 10 hour 12 minute 0
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.0.0
ip address 20.1.1.1 255.255.0.0 sub
ip address 30.1.1.1 255.255.0.0 sub
ip address 40.1.1.1 255.255.0.0 sub
ip relay address 101.40.1.2
ip relay address 101.40.1.2 dhcp-option
ip relay address 202.40.1.2 dhcp-option
ip relay address 202.40.1.2 dhcp-option
ip relay giaddr 10.1.1.1
ip relay giaddr 20.1.1.1 dhcp-option 45
ip relay giaddr 30.1.1.1 dhcp-option 60
ip relay giaddr 40.1.1.1 dhcp-option 60
dhcp select relay
#
interface Pos 1/0/0
undo shutdown
ip address 101.40.1.1 255.255.0.0
#
return
#
interface Pos 2/0/0
undo shutdown
ip address 202.40.1.1 255.255.0.0
#
return
l
45
60
60 abc
abc
Configuration file of Router B
#
sysname RouterB
#
dhcp server ip-pool 1
network 10.1.0.0 mask 255.255.0.0
gateway-list 10.1.1.1
dns-list 10.1.1.1
domain-name abc.com
nbns-list 10.1.1.1
expired day 10 hour 12
#
#
dhcp server ip-pool 2
network 20.1.0.0 mask 255.255.0.0
gateway-list 20.1.1.1
dns-list 20.1.1.1
domain-name def.com
nbns-list 20.1.1.1
expired day 10 hour 12
#
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4-65
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
4 DHCP Configuration
interface Pos 1/0/0
undo shutdown
ip address 101.40.1.2 255.255.0.0
#
dhcp server forbidden-ip 10.1.1.1 10.1.1.2
dhcp server forbidden-ip 20.1.1.1
#
ip route-static 10.1.0.0 255.255.0.0 101.40.1.1
ip route-static 20.1.0.0 255.255.0.0 101.40.1.1
#
return
l
Configuration file of Router C
#
sysname RouterC
#
dhcp server ip-pool 1
network 30.1.0.0 mask 255.255.0.0
gateway-list 30.1.1.1
dns-list 30.1.1.1
domain-name ghi.com
nbns-list 30.1.1.1
expired day 10 hour 12
#
#
dhcp server ip-pool 2
network 40.1.0.0 mask 255.255.0.0
gateway-list 40.1.1.1
dns-list 40.1.1.1
domain-name jkl.com
nbns-list 40.1.1.1
expired day 10 hour 12
#
interface Pos 1/0/0
undo shutdown
ip address 202.40.1.2 255.255.0.0
#
dhcp server forbidden-ip 30.1.1.1
dhcp server forbidden-ip 40.1.1.1
#
ip route-static 30.1.0.0 255.255.0.0 202.40.1.1
ip route-static 40.1.0.0 255.255.0.0 202.40.1.1
#
return
4-66
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
5
COPS Configuration
About This Chapter
This chapter describes the fundamentals, the configuration procedures and configuration
examples of the COPS.
5.1 COPS Overview
This section describes the basic concepts of COPS and the handling process of COPS services.
5.2 Configuring the COPS Server Group
This section describes how to configure the COPS server group.
5.3 Configuration Examples
This section presents an example for configuring COPS.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
5.1 COPS Overview
This section describes the basic concepts of COPS and the handling process of COPS services.
5.1.1 Introduction to COPS
5.1.2 COPS Features Supported by the NE80E/40E
5.1.1 Introduction to COPS
The increasing number of Internet broadband users boosts widespread applications of data
services and increases revenue of telecommunication services. With the development of packet
networks, IP services tend to replace voice telecommunication. Broadband access has become
the core drive for the development of IP services and the operation mode of IP services is more
and more mature.
IP services, however, still have deficiencies in service bearing and operation. Therefore, carriers
keep wondering whether the current IP network can bear all types of telecommunication services.
Many types of data services including voice, video, and other multimedia services, put forward
high demands for bandwidth, delay, and packet loss ratio. Quality of service (QoS) will be
heavily reduced if the bandwidth, delay, and packet loss ratio of a network cannot meet demands.
Generally, the Internet provides best-effort services. It does not provide resource reservation
and thus solves network congestion to ensure QoS only by discarding packets.
The current IP networks have many deficiencies in bearing carrier-class services. Although QoS
of IP networks has been greatly improved, it is mainly achieved on single nodes that process
packets with precedence. End-to-end quality, however, cannot be ensured if service aware and
access control are not achieved on the whole network especially on the access network.
How to provide services with end-to-end QoS guarantee on an IP bearer network has become
an urgent demand. Therefore, the current Internet needs to be upgraded to provide better data
services. In this context, Huawei puts forward the IP telecommunication network (IPTN)
solution. The IPTN solution aims to provide end-to-end QoS on current IP networks. In this
solution, the concept of bearer control layer is introduced between the service control layer and
the bearer layer; resources are applied for, kept, and released respectively before, during, and
after they are used so as to improve the transmission efficiency of a bearer network.
Based on IP networks, IPTN can guarantee end-to-end QoS, decrease investment of carriers,
and add values to them. The main characteristics of IPTN are:
l
It can coexist with current IP networks and does not affect traditional services that have no
QoS guarantee.
l
It can bear traditional telecommunication services and support more types of services.
l
It applies for resources before a connection is set up, guarantees the quality of service during
the connection, and releases the resource after the connection is closed.
l
Its network structure consists of three layers: logical bearer layer, bearer control layer, and
service control layer.
l
Its bearer layer is based on MPLS, which enables the resource of IPTN services to be
separated from that of IP services.
COPS is an application protocol. It employs a simple query or response model and is used to
exchange policies between a policy server and its clients.
5-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
In COPS, a policy server is also called Policy Decision Point (PDP) and its clients are also called
Policy Enforcement Points (PEPs).
In IPTN, COPS is used to exchange policies between an RM server and a router. The RM server
receives messages from the Soft Switch and then sends the message to the router through the
COPS protocol.
5.1.2 COPS Features Supported by the NE80E/40E
Three Levels of Limits of Number of Users
The NE80E/40E allows Internet Service Providers (ISPs) to configure a number of users
exceeding the network bearing capability and to limit the number of users who access the Internet
at the same time. To identify Digital Subscriber Line Access Multiplexers (DSLAMs) and users,
a PE device provides IPTN services by using QinQ termination sub-interfaces.
The NE80E/40E provides three levels of limits of number of users:
l
VLAN-group: is a set of users that use the same statistics policies and queue policies.
l
QinQ termination sub-interface: is used for the access of users in the same IP network
segment. Multiple VLAN-groups can be configured on a sub-interface.
l
Primary interface: Multiple QinQ termination sub-interfaces can be configured on a
primary interface.
After the three levels of limits are configured, the NE80E/40E can guarantee that the number of
online users satisfies requirements of any level.
Detection of Online and Offline of Users
When a user goes offline, a DHCP Release message was send to the DHCP server. If DHCP
Relay is enabled on the PE, the PE can sense the message and notifies the COPS server about
the offline of the user. The COPS server then releases the network resources held by that user.
The NE80E/40E detects users by using the Address Resolution Protocol (ARP). ARP sends ARP
Request messages at intervals according to IP addresses of users recorded on the local device.
When users are online, they send ARP Response messages. The PE knows that the users are
online based on the ARP Response messages. If the PE does not receive any ARP Response
message in several continuous periods from a user, it considers that the user goes offline
abnormally. Then, the PE sends DHCP Release messages to the DHCP server so that the DHCP
server releases the IP address of the user, which avoids waste of IP addresses. At the same time,
the PE notifies the COPS server of the offline of the user.
Security Checking over Users
The NE80E/40E provides the DHCP security binding function. The NE80E/40E saves the
information on users according to the combination of IP addresses, MAC addresses, access
interfaces, and VLANs. Users can access the network only when they match all the information.
The saved information is released with the release of IP addresses.
After the DHCP security binding function is enabled and the link for a user fails, the user can
achieve Internet services only when the user resends DHCP packets to apply for a valid IP
address.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
Control over Users
The NE80E/40E can display information about online users and force users to go offline. Such
functions are used when user operations are found abnormal or when network resources need
to be adjusted.
The NE80E/40E can force users to go offline in either of the following modes:
l
Force users to go offline by interfaces.
l
Force users to go offline by interface plus VLAN-group labels.
In the case that network configurations are not changed, the users that are forced to go offline
can resend DHCP Request messages to use network resources again.
5.2 Configuring the COPS Server Group
This section describes how to configure the COPS server group.
5.2.1 Establishing the Configuration Task
5.2.2 Creating a COPS Server Group
5.2.3 Configuring the COPS Server
5.2.4 Setting the PEP ID for the COPS Server
5.2.5 (Optional) Setting the Flow Keeping Time of the COPS Server
5.2.6 (Optional) Setting the Shared Key of the COPS Server
5.2.7 Activating the COPS Server Group
5.2.8 Configuring the Global Parameters of COPS
5.2.9 Checking the Configuration
5.2.1 Establishing the Configuration Task
Applicable Environment
To send policies for value-added services using a COPS server, you need to configure a COPS
server group on the device. A COPS server group is used to manage COPS servers. A COPS
server group is a group of COPS servers that carry out load balancing and have the same attributes
except the IP address, VPN instance, port number, and weight values.
Pre-configuration Tasks
None.
Data Preparation
To configure the COPS server group, you need the following data.
5-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
No.
Data
1
Name of the COPS server group
2
IP address, VPN instance, server port number, client port number, and weight of the
COPS server
3
PEP ID of the COPS client
4
(Optional) Flow keeping time after the COPS client and the COPS server are
disconnected
5
(Optional) Shared key of the COPS server
6
(Optional) Timeout period of COPS Open messages and source interface of the device
sending COPS messages
5.2.2 Creating a COPS Server Group
Context
Do as follows on the device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cops-server group groupname [ client-type ssg ]
A COPS server group is created.
NOTE
When creating a COPS server group for the first time, you must specify the parameter client-type,
indicating for enjoying which kind of services the client connects to the COPS server.
----End
Postrequisite
After a COPS server group is created, the view of the COPS server group is displayed. If there
is an existing COPS server group, run the preceding command to enter its view.
5.2.3 Configuring the COPS Server
Context
When you configure a COPS server, you can specify the IP address and port number of the COPS
server, the port number of the COPS client, the VPN instance of the COPS server, and the weight.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
Do as follows on the device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cops-server group group-name
The view of the COPS server group is displayed.
Step 3 Run:
cops-server ip-address [ server-port | client-port client-port | vpn-instance
instance-name | weight value ] *
The COPS server is configured.
NOTE
l
It is not recommended to modify the port number of the COPS server; otherwise, the device fails to
set up the TCP connection with the COPS server if the modified port number is in use.
l
Ensure that at least one reachable route exists between the device and the COPS server.
----End
5.2.4 Setting the PEP ID for the COPS Server
Context
The PEP ID is used by the COPS server to identify its clients. Normally, the IP address of a
loopback interface on the device can be specified as the PEP ID.
Do as follows on the device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cops-server group group-name
The view of the COPS server group is displayed.
Step 3 Run:
cops-server pep-id client-id
The PEP ID is set for the COPS client.
----End
5-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
Postrequisite
You can set the PEP ID according to the COPS server group. That is, you can set diverse PEP
IDs for the device when the device corresponds to various COPS server groups. The default PEP
ID is huawei.
5.2.5 (Optional) Setting the Flow Keeping Time of the COPS Server
Context
Do as follows on the device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cops-server group group-name
The view of the COPS server group is displayed.
Step 3 Run:
cops-server flow-keeping-time time
The flow keeping time of the COPS server is set.
----End
Postrequisite
The flow keeping time refers to the duration in which connection information is kept after the
COPS client is disconnected from the COPS server. Flow keeping prevents the connection from
being intermittently broken due to the network instability.
After the cops-server flow-keeping-time command is run, the system can promptly restore
connection information when the COPS client re-establishes the connection with the COPS
server within the flow keeping time.
NOTE
l
When the network is unstable, especially the routes to the COPS server frequently flap, it is
recommended to set the flow keeping time.
l
By default, the flow keeping time of the COPS server is 300 seconds.
5.2.6 (Optional) Setting the Shared Key of the COPS Server
Context
Do as follows on the device:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cops-server group group-name
The view of the COPS server group is displayed.
Step 3 Run:
cops-server shared-key key-string
The shared key of the COPS server is set.
----End
Postrequisite
The shared key encrypts COPS messages. The device and the COPS server must be set with the
same shared key. By setting the shared key, the security of message exchange between the client
and the COPS server can be improved.
NOTE
When high requirements for the security of message exchange between the client and the COPS server
group are put forward, it is recommended to set the shared key of the COPS server.
5.2.7 Activating the COPS Server Group
Context
Do as follows on the device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cops-server group group-name
The view of the COPS server group is displayed.
Step 3 Run:
active
All the COPS servers in the COPS server group are activated.
NOTE
The device attempts to set up connections with the COPS servers only when the COPS server group is
activated.
----End
5-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
Postrequisite
After the preceding configuration, the device attempts to set up TCP connections with all the
COPS servers in the COPS server group.
5.2.8 Configuring the Global Parameters of COPS
Context
Do as follows on the device:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cops-server open-timeout time
The timeout period of the COPS Open message is set.
The timeout period of the COPS Open messages refers to the period for the device to wait for
the response after it sends a COPS Open message to the COPS server. If the device does not
receive any response from the COPS server within this period, it resends the Open message to
the server. Be default, the timeout period of the COPS Open message is 15 seconds.
NOTE
When the network is not stable, it is recommended to prolong the timeout period of the COPS Open
message.
Step 3 Run:
cops-server source-interface interface-type interface-number
The source interface that sends the COPS message is configured.
The source interface of the COPS message refers to the interface from which the COPS message
originates. A COPS session can be established only after the source interface of the COPS
messages is configured.
NOTE
It is recommended to configure a logical interface, such as the loopback interface, to be the source interface
of the COPS message. This is because the invalidation of a physical interface may cause the system
incapable of receiving responses from the COPS server.
Step 4 Run:
cops-group iptn-binding group-name
The COPS server group is bound to IPTN services.
NOTE
The created COPS server group takes effect in IPTN services only when they are bound to the IPTN
services.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
5.2.9 Checking the Configuration
Prerequisite
The configurations of the COPS Server Group are complete.
Procedure
Step 1 Run the display cops-server configuration [ group group-name ] command to check the
configuration of a specified COPS server group.
----End
Example
Check information about the COPS server group huawei.
<HUAWEI> display cops-server configuration group huawei
-- Cops group table display ------------------------------------------------Group index
: 0
Group name
: huawei
Client type
: ssg
Group up or down flag
: Down
Group active state
: Active
Secret key
: huawei
Flow keeping time (second)
: 500
PEP ID
: client1
Group Source interface name : -Group Reference number
: 0
[state][server IPv4 addr][server port][client port][weight][vpn name][server key
]
Down
202.40.2.2
3288
0
0
---- End cops group table -----------------------------------------------------
5.3 Configuration Examples
This section presents an example for configuring COPS.
5.3.1 Example for Configuring COPS Interfaces to Report Online and Offline Messages
5.3.1 Example for Configuring COPS Interfaces to Report Online
and Offline Messages
Networking Requirements
As shown in Figure 5-1, the DHCP client accesses the PE through the DSLAM. Through DHCP
relay, the DHCP client applies to the DHCP server for the relevant configuration such as an IP
address. After the DHCP server replies the DHCP client with an allocated IP address, the PE
reports information about the user getting online to the COPS server. When the user gets offline
and releases the IP address, the PE also reports information about the user getting offline to the
COPS server for updating the maintained user record.
5-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
Figure 5-1 Typical networking diagram of COPS configuration
COPS
server
202.40.2.2/16
GE2/0/1
202.40.2.1/16
PE
DHCP
client
DSLAM
DHCP
Relay
GE2/0/0
202.40.1.1/16
202.40.1.2/16
DHCP
server
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the parameters of DHCP relay.
2.
Configure the global COPS parameters.
3.
Create a COPS server group and add COPS servers to it.
4.
Configure the PEP ID and other optional items for the COPS server.
5.
Activate the COPS server group.
6.
Bind the COPS server group to IPTN services.
7.
Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l
Name, IP address, VPN instance, and port number of the COPS server, port number of the
COPS client, and weight
l
PEP ID
l
(Optional) Flow keeping time after the COPS client is disconnected from the COPS server
l
(Optional) Shared key of the COPS server
l
Timeout period of COPS Open messages and source interface of the device sending COPS
messages
Procedure
Step 1 Configure the DHCP relay functions on the device.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
For the detailed configuration, refer to the chapter "DHCP Configuration" in the NE80E/40E
Router Configuration Guide - IP Services.
Step 2 Configure the global parameters of COPS, including the timeout period of COPS Open messages
and the source interface sending COPS messages.
<PE> system-view
[PE] cops-server open-timeout 30
[PE] cops-server source-interface loopBack 0
Step 3 Create a COPS server group and add COPS servers to it.
[PE] cops-server group huawei client-type ssg
[PE-cops-huawei] cops-server 202.40.2.2
Step 4 Configure the COPS PEP ID and other optional items.
[PE-cops-huawei] cops-server pep-id client1
[PE-cops-huawei] cops-server flow-keeping-time 500
[PE-cops-huawei] cops-server shared-key huawei
Step 5 Activate the COPS server group.
[PE-cops-huawei] undo active
[PE-cops-huawei] active
[PE-cops-huawei] quit
Step 6 Bind the COPS server group to IPTN services.
[PE] cops-group iptn-binding huawei
Step 7 Verify the configuration.
<PE> display cops-server configuration group huawei
-- Cops group table display ------------------------------------------------Group index
: 0
Group name
: huawei
Client type
: ssg
Group up or down flag
: Up
Group active state
: Active
Secret key
: huawei
Flow keeping time (second)
: 500
PEP ID
: client1
Group Source interface name : -Group Reference number
: 0
[state][server IPv4 addr][server port][client port][weight][vpn name][server key
]
Down
202.40.2.2
3288
0
0
---- End cops group table -----------------------------------------------------
----End
Configuration Files
The configuration file of router is as follows:
#
sysname PE1
#
cops-server open-timeout 30
cops-server source-interface LoopBack0
cops-group iptn-binding huawei
#
interface Gigabitethernet2/0/0
ip address 202.40.1.1 255.255.255.252
ip relay address 202.40.3.2
dhcp select relay
#
interface Gigabitethernet2/0/1
ip address 202.40.2.1 255.255.255.252
#
5-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
5 COPS Configuration
interface Gigabitethernet2/0/2
ip address 202.40.3.1 255.255.255.252
#
interface LoopBack0
ip address 9.9.9.9 255.255.255.255
#
cops-server group huawei client-type ssg
cops-server flow-keeping-time 500
cops-server shared-key huawei
cops-server pep-id client1
cops-server 202.40.2.2
active
#
return
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
6
ANCP Configuration
About This Chapter
This document describes the concept, principle, and configuration of ANCP.
6.1 ANCP Overview
This section describes the basic concept of ANCP.
6.2 Configuring the ANCP Server
This section describes how to configure the router to function as an ANCP server.
6.3 Configuring the ANCP Proxy
This section describes how to configure the router as the ANCP proxy.
6.4 Configuring the Association Between ANCP and HQoS in the ANCP Proxy Scenario
This section describes how to configure the association between ANCP and HQoS in the ANCP
proxy scenario.
6.5 Maintaining ANCP
This section describes how to view and clear ANCP running information and how to debug
ANCP.
6.6 Configuration Examples
This section provides examples for ANCP configurations.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
6.1 ANCP Overview
This section describes the basic concept of ANCP.
6.1.1 Introduction to the ANCP Protocol
6.1.2 Applicable Environment
6.1.1 Introduction to the ANCP Protocol
The Access Node Control Protocol (ANCP) provides a channel through which control messages
can be transmitted between a broadband remote access server (BRAS) and an access node (AN)
such as a Digital Subscriber Line Access Multiplexer (DSLAM).
ANCP is based on and also an extension of General Switch Management Protocol Version 3
(GSMPv3). It introduces the mechanism of establishing and maintaining neighbor relationships.
The ANCP protocol works as follows:
1.
An AN initiates a TCP connection with the BRAS. The BRAS uses port 6068 to listen, and
the configured AN is powered on and then initiates a TCP connection with the listening
port on the BRAS. The BRAS functions as a TCP server while the AN functions as a TCP
client.
2.
The AN sets up the GSMP neighbor relationship with the BRAS, and performs ANCP
capability negotiations. The capabilities defined in the ANCP protocol include:
l
Discovery of dynamic topologies
l
Configuration of line parameters
l
Multicast control
l
Management of line detection
l
Transaction in batches
Currently, the NE80E/40E supports three capabilities, namely, discovery of dynamic
topologies, configuration of line parameters, and management of line detection.
3.
The ANCP protocol starts to work.
After the neighbor relationship is established, the ANCP protocol starts to work as follows:
l
Discovers dynamic topologies and updates line information.
The AN monitors the status of the access lines and reports information about the access
lines to the BRAS through ANCP. The information includes the IDs of active access
lines, the standard of access lines, and upstream and downstream bandwidths. The ID
is defined as Access-Loop-Circuit-ID in ANCP, and is the same as the Option82 field
value in DHCP control messages and the PPPoE+ field value in PPP control messages.
When the line information changes, the AN notifies the BRAS through ANCP to update
related line information.
l
Applys corresponding line information when users go online.
When users connected to the AN go online, the connection request messages from the
users carry Option82 information or PPPoE+ information that is consistent with the
access line IDs. The BRAS then obtains the mapping between the users and the access
6-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
line, and thus can control service bandwidths and perform traffic policing for the users
on the access line accordingly.
l
(Optional) The Remote Authentication Dial-In User Service (RADIUS) server delivers
a line policy to the DSLAM.
When a user goes online or customizes services, the RADIUS server delivers a line
policy according to the line information. Then, the BRAS delivers the policy to the
DSLAM. The DSLAM then applies the policy.
l
Performs OAM detection on access lines.
The BRAS sends OAM detection packets to the DSLAM through ANCP. After
receiving the packets, the DSLAM performs loopback detection on Digital Subscriber
Lines (DSLs), and then reports the test results to the BRAS through ANCP.
6.1.2 Applicable Environment
ANCP Sever
Figure 6-1 Networking diagram of configuring an ANCP server
Access
Line
ANCP
Session
RADIUS
Server
Policy
Server
ISP
Access
Line
ASP
NSP
DSLAM
Router
Access
Line
As shown in Figure 6-1, the DSLAM supports ANCP, and the router, as an ANCP server,
functions as the BRAS.
In this case, the router supports the following functions:
l
Access line management
–
Discovery of dynamic topologies
To avoid congestion in an access network, the router supports Hierarchical QoS (HQoS),
which requires the BRAS to detect the topologies in the access ntework and the
parameters of access lines. The parameters include the DSL link status, actual upstream
and downstream rates of synchronized Digital Subscriber Line (DSL) links, and
maximum upstream and downstream rates. All these can be reported dynamically to the
BRAS by the DSLAM.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Some of the preceding information, such as the network rate of DSL links, always
changes. Therefore, it cannot be obtained from the operation and maintenance system.
Some information, such as the upstream bandwidth of the DSLAM, seldom changes,
but still needs to be strictly synchronized with the information stored on the BRAS. The
operation and maintenance system, however, cannot maintain the information through
a reliable and scalable method. Dynamic topology discovery helps address the problem.
–
Update of the line information
When the DSLAM re-sychronizes access line status with the Integrated Access Device
(IAD), the DSLAM detects the status change of the access lines and needs to update
line parameters. Then, the DSLAM sends a Port up message to the BRAS to update the
line bandwidth.
l
Service management
Generally, parameters of access lines are fixed. When users need value-added services,
such as triple-play services, the DSL lines need to be processed specially on the DSLAM.
In addition, when users subscribe to services on self-service networks, the line parameters
need to be automatically updated without manual intervention.
When users go online, the DSLAM listens to DHCP or PPPoE control messages, and adds
Option82 or PPPoE+ information to the messages. The router then matches the Option82
information in DHCP control messages or PPPoE+ information in PPPoE control messages
with the access line IDs (defined as Access-Loop-Circuit-ID in ANCP). In this manner, the
router can find the access line that is unique to the users.
l
Adjustment of user bandwidths and queue scheduling modes on downstream links
The DSLAM reports information about user bandwidths through ANCP packets, and the
router delivers a QoS policy through the interface on the Multi-Service Edge (MSE).
ANCP Proxy
Figure 6-2 Networking diagram of configuring an ANCP proxy
Access
Line
ANCP
Session 1
ANCP
Session 2
Policy
Server
RADIUS
Server
ISP
Access
Line
ASP
NSP
DSLAM
Router
BRAS
Access
Line
6-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
As shown in Figure 6-2, the DSLAM and the BRAS both support ANCP. As an ANCP proxy,
the router sets up ANCP neighbor relationships with the DSLAM and the BRAS to aggregate
ANCP lines.
In this case, the router supports the following functions:
l
Discovery of topologies
The DSLAM reports the access line IDs and information about user bandwidths to the
router through ANCP packets. The router then sets up and maintains ANCP access line
entries. The router forwards the access line IDs reported by the DSLAM to the BRAS
through the ANCP neighbor.
l
HQoS
QoS parameters can be adjusted by the router according to the information about user
bandwidths reported by the DSLAM. As an alternative, the BARS can deliver the QoS
policy to the router through ANCP packets, and the QoS parameters can be adjusted
accordingly.
l
OAM detection
The router receives the OAM detection packets sent by the BRAS and forwards the packets
to the DSLAM. Then, the router sends the detection results responded from the DSLAM
back to the BRAS.
6.2 Configuring the ANCP Server
This section describes how to configure the router to function as an ANCP server.
6.2.1 Establishing the Configuration Task
6.2.2 Enabling ANCP
6.2.3 Configuring the Source Interface of an ANCP Connection
6.2.4 (Optional) Configuring Parameters of ANCP Sessions
6.2.5 Configuring ANCP Neighbor Profiles
6.2.6 (Optional) Configuring Bandwidth Adjustment Factors
6.2.7 (Optional) Configuring ANCP Message Damping
6.2.8 (Optional) Configuring ANCP OAM Detection
6.2.9 (Optional) Adjusting the Upstream and Downstream Bandwidths of a User Automatically
6.2.10 Checking the Configuration
6.2.1 Establishing the Configuration Task
Applicable Environment
If the DSLAM supports ANCP, and the router needs to function as the BRAS to manage users
and detect user online and offline statuses and user services, you need to configure the router to
function as an ANCP server.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Pre-configuration Tasks
Before configuring the router to function as an ANCP server, complete the following tasks:
l
Configuring physical parameters and link attributes to ensure that interfaces work properly
l
Configuring IP addresses and route discovery for interfaces
Data Preparation
To configure the router to function as an ANCP server, you need the following data.
No.
Data
1
Source interface on which the ANCP connection is set up
2
(Optional) Timeout period before an ANCP session is set up and the maximum
number of packet retransmissions
3
Name of the ANCP neighbor profile
4
IP address of the ANCP neighbor
5
(Optional) Port number for TCP connection listening on the ANCP neighbor
6
(Optional) Maximum number of lines permitted by each ANCP neighbor
7
(Optional) Interval for sending Keepalive packets of ANCP sessions
8
(Optional) Aging time of line entries
9
(Optional) Timeout period of the response to the delivered profile
10
(Optional) Damping percentage of ANCP messages
11
(Optional) Number of OAM detections
12
(Optional) Timeout period of waiting for the response to OAM detection
6.2.2 Enabling ANCP
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp enable
ANCP is enabled.
6-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
The system performs socket listening and processes TCP connection requests from the DSLAM
only after ANCP is enabled. When ANCP is disabled, all ANCP TCP connections are cut off,
and socket listening is disabled.
By default, ANCP is disabled.
----End
6.2.3 Configuring the Source Interface of an ANCP Connection
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
source-interface
loopback interface-number
The source interface is configured for setting up an ANCP connection.
When the interface is connected to the DSLAM to set up a TCP connection, the source interface
can only be a loopback interface. The change of the source-interface loopback interfacenumber command or the IP address of the interface does not affect the established TCP
connection. The new configuration takes effect only when ANCP is disabled and then enabled
again.
----End
6.2.4 (Optional) Configuring Parameters of ANCP Sessions
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
The ANCP view is displayed.
Step 3 Run:
session { interval interval-value | retransmit retransmit-value }*
The timeout period of ANCP sessions and the maximum number of ANCP packet
retransmissions are configured.
After a TCP connection is established, router sends SYN packets to set up an ANCP session. If
the end does not receive a correct response, it resends SYN packets until the ANCP session is
successfully set up. If ANCP sessions are not successfully set up when the number of SYN
packet retransmissions reaches the upper threshold, the TCP connection will be closed.
By default, the interval of sending SYN or SYN-ACK packets to the peer is 1s , and the maximum
number of retransmissions is 10.
----End
6.2.5 Configuring ANCP Neighbor Profiles
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
neighbor-profile neighbor-profile-name
An ANCP neighbor profile is created and the ANCP neighbor view is displayed.
To facilitate the management of ANCP access lines, the router adopts ANCP neighbor profiles.
In each neighbor profile, the IP address of a neighbor can be configured. If the IP address in a
packet received by the router from a neighbor is the same as the configured IP address, the
router associates the neighbor with the neighbor profile.
Before a neighbor profile is created, the system checks whether a neighbor view with the same
name exists. If so, the neighbor view is displayed; if not, a neighbor view is created and then
displayed. If a neighbor profile is in use, it cannot be deleted.
Step 4 (Optional) Run:
tcp-listen port port-number
The port number on an ANCP neighbor for TCP connection listening is configured.
Before the tcp-listen port port-number command is run, if the ANCP neighbor has already set
up a TCP connection, the TCP connection will be cut off, and the ANCP neighbor will use the
new listening port number to re-establish a TCP connection.
6-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
By default, the port number for TCP connection listening is 6068.
NOTE
If a global source interface is configured in the ANCP view, the configuration of the tcp-listen port portnumber command is not supported.
Step 5 Run:
peer-id peer-id
The ID of the ANCP neighbor is configured.
Step 6 (Optional) Run:
max-access-loop value
The maximum number of access lines is configured for the ANCP neighbor.
That is, the maximum number of lines that can be accessed to the router is configured. If access
lines have already exist in the neighbor profile and the maximum number of access lines is
smaller than the number of existing access lines, no access line entries will be created, and the
existing access line entries remain unchanged.
By default, a maximum of 65536 access lines can be configured in the neighbor profile.
Step 7 (Optional) Run:
keep-alive interval interval-value
The interval for sending Keepalive packets is configured.
To detect the neighbor status (for example, whether the link is Up), the router sends Keepalive
packets to its neighbor (such as the DSLAM) at a fixed interval after the ANCP session is set
up.
By default, the interval is 10s.
Step 8 (Optional) Run:
aging-time value
The aging time of line entries is configured.
When the ANCP neighbor line becomes Down, the system needs to delete the line entry. This
helps properly utilize system resources.
When the aging time of a line entry is set to 0, the router deletes the line entry immediately when
the neighbor line becomes Down; otherwise, the line entry can be deleted only when the timer
expires.
By default, the aging time of an ANCP neighbor line entry is 150s.
NOTE
In the case that the function of configuring ANCP access lines is enabled, if the DSLAM needs to restart
the lines after receiving the service profile name delivered by the router, a longer aging time of an ANCP
line entry must be configured on the router.
----End
6.2.6 (Optional) Configuring Bandwidth Adjustment Factors
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
neighbor-profile
neighbor-profile-name [ proxy ]
An ANCP neighbor profile is created and the ANCP neighbor view is displayed.
Step 4 Run:
adjustment { adsl adjust-percentage | adsl2 adjust-percentage | adsl2plus adjustpercentage | vdsl1 adjust-percentage | vdsl2 adjust-percentage | sdsl adjustpercentage } *
The bandwidth adjustment percentages for different link types in the ANCP neighbor profile are
configured.
NOTE
The bandwidths that are reported by the DSLAM to the router are determined by the types of the physical
links, whereas the router traffic implements user traffic scheduling by the Ethernet link. Therefore,
bandwidths need to be translated between different types of physical links. You can use the adjustment
command to translate the packet overhead between different physical links. For example, if you set the
bandwidth adjustment factor for ADSL to 77%, this means that when a user reports an ADSL link, the
actual bandwidth that HQoS assures for the user is the reported bandwidth x 77%.
----End
6.2.7 (Optional) Configuring ANCP Message Damping
Context
If the DSLAM repeatedly sends messages to the router to report user bandwidth change, the
router adjusts the user bandwidth accordingly and delivers related configurations. This affects
the performance of the router.
To abstain this affection, ANCP message damping needs to be configured on the router.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
6-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
ancp
The ANCP view is displayed.
Step 3 Run:
neighbor-profile neighbor-profile-name
The neighbor view is displayed.
Step 4 Run:
damping damping-percentage
ANCP message damping is configured.
After ANCP message damping is configured, the router adjusts the user bandwidth and delivers
related configurations only when the user bandwidth changes out of the specified range. That
is, if the user bandwidth changes within the specified range, the router does not respond to the
ANCP messages that report related changes, and thus does not adjust the user bandwidth.
By default, no ANCP message is damped.
----End
6.2.8 (Optional) Configuring ANCP OAM Detection
Context
To test the remote connection of access lines, you can configure ANCP OAM detection.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
oam [ count test-counter ] access-loop access-loop-circuit-id
OAM detection is configured for a specific access line, and the number of times of OAM
detection is also configured.
By default, the number of OAM detection times is 5.
Step 4 (Optional) Run:
neighbor-profile neighbor-profile-name [ proxy ]
The ANCP neighbor view is displayed.
Step 5 (Optional) Run:
oam timeout
Issue 03 (2010-03-31)
time
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
The timeout period of the response to OAM detection is configured.
If the router does not receive any response to OAM detection during the timeout period, it
considers that ANCP OAM detection fails.
By default, the timeout period is 5s.
NOTE
The oam timeout command can be configured when the neighbor profile mode is server or proxy server.
----End
6.2.9 (Optional) Adjusting the Upstream and Downstream
Bandwidths of a User Automatically
Context
If the downstream bandwidth of a user needs to be automatically adjusted according to the access
line information, the configuration needs to be performed in the AAA domain of the user.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
aaa
The AAA view is displayed.
Step 3 Run:
domain domain-name
The domain view is displayed.
Step 4 Run:
ancp auto-qos-adapt
The automatic adjustment of the downstream bandwidth of a user is enabled.
By default, the automatic adjustment of the downstream bandwidth of a user is not enabled.
----End
6.2.10 Checking the Configuration
Procedure
Step 1 Run the display ancp neighbor [ profile neighbor-profile | id id-value ] command to view
information about an ANCP neighbor.
6-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Step 2 Run the display ancp neighbor-profile [ neighbor-profile-name ] command to view
information about an ANCP neighbor profile.
Step 3 Run the display ancp access-loop [ access-loop-circuit- index | circuit-id circuit-id-text |
circuit-id-include circuit-id-include-text | neighbor-profile neighbor-profile-name | neighborid neighbor-id ] command to view information about line entries in the ANCP neighbor profile.
Step 4 Run the display ancp statistic [ neighbor-id ] command to view the statistics of an ANCP
neighbor.
----End
Example
After running the display ancp neighbor command, you can view the status of the ANCP
neighbor in the specified neighbor profile and the status of the ANCP neighbor with the specified
neighbor ID. For example:
<HUAWEI> display ancp neighbor
-------------------------------------------------------------------------Index Peer-ID
State
Role
Line-num
Profile
-------------------------------------------------------------------------0
1.1.1.1
ESTAB
sever
0
bras
-------------------------------------------------------------------------The total is 1,printed is 1
<HUAWEI> display ancp neighbor id 1.1.1.1
Neighbor Profile name
:bras
Neighbor state
:ESTAB
Peer ID
:1.1.1.1
Peer port
:51729
Neighbor capacity
:discovery;line-cfg;oam;Bulk Transacti
on;
Neighbor techtype
:5(5 is DSL)
Access loop circuit number
:7
Session message interval
:12(seconds)
Session message retransmit
:10
Max access loop number
:65536
Access loop configure timeout
:2(seconds)
Access loop configure ack mandatory
:false
Access loop aging time
:150(seconds)
Access loop oam timeout
:5(seconds)
Keep-alive interval
:10(seconds)
Wait-ack timeout
:30000(milliseconds)
ANCP role
:server
After running the display ancp neighbor-profile command, you can view the configuration of
the specified neighbor profile. For example:
<HUAWEI> display ancp neighbor-profile bras
Index
:3
Neighbor Profile name
:bras
Neighbor Used state
:used
ANCP role
:server
ANCP source interface
:LoopBack1
TCP-listen port number
:6068
Damping percentage
:0
Peer ID
:1.1.1.1
Max access loop number
:65536
Access loop configure timeout
:2(seconds)
Access loop configure ack mandatory
:false
Access loop aging time
:150(seconds)
Access loop oam timeout
:5(seconds)
Keep-alive interval
:10(seconds)
After running the display ancp access-loop command, you can view information about access
line entries. For example:
<HUAWEI> display ancp access-loop neighbor-id 1.1.1.1
----------------------------------------------------------------
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Index
State
Peer-ID
Circuit-ID
---------------------------------------------------------------80
UP
1.1.1.1
001882362CFF eth 1/3/1/5:5
81
UP
1.1.1.1
001882362CFF eth 1/3/0/1:1
---------------------------------------------------------------The total is 2,printed is 2
After running the display ancp statistic command, you can view the statistics of ANCP
neighbors. For example:
<HUAWEI> display ancp statistic 10.1.1.1
Received ack packet
:307
Received syn packet
:1
Received synack packet
:1
Received reset ack packet
:0
Received lineup packet
:7
Received linedown packet
:0
Received oam packet
:0
Received line config packet
:0
Received multicast packet
:0
Received unknown packet
:0
Send ack packet
:307
Send synack packet
:1
Send syn packet
:1
Send reset ack packet
:0
Send oam packet
:0
Send access loop config packet
:2
Send multicast packet
:0
Send failed packet
:0
6.3 Configuring the ANCP Proxy
This section describes how to configure the router as the ANCP proxy.
6.3.1 Establishing the Configuration Task
6.3.2 Enabling ANCP
6.3.3 Configuring the Source Interface of an ANCP Connection
6.3.4 (Optional) Configuring Parameters of ANCP Sessions
6.3.5 Configuring the ANCP Neighbor Profile
6.3.6 (Optional) Configuring Bandwidth Adjustment Factors
6.3.7 (Optional) Enabling the Function of Configuring ANCP Access Lines
6.3.8 (Optional) Configuring ANCP Message Damping
6.3.9 (Optional) Configuring ANCP OAM Detection
6.3.10 Checking the Configuration
6.3.1 Establishing the Configuration Task
Applicable Environment
When the router functions as the convergence device between the DSLAM and the BRAS, and
both the DSLAM and the BRAS support ANCP, you need to configure the router as the ANCP
proxy. In this case, the router detects neither user services nor user login and logout.
6-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Pre-configuration Tasks
Before configuring the router to function as an ANCP proxy, complete the following tasks:
l
Configuring the physical parameters and link attributes of interfaces to ensure that the
interfaces work properly
l
Configuring IP addresses and routing protocols for interfaces
Data Preparation
To configure the router to function as an ANCP proxy, you need the following data.
No.
Data
1
Source interface of the ANCP connection
2
(Optional) Timeout period before an ANCP session is set up and the maximum times
that packets are resent
3
Name of the ANCP neighbor profile
4
IP address of the ANCP neighbor
5
(Optional) Maximum number of lines permitted by each ANCP neighbor
6
(Optional) Interval for sending Keepalive packets of the ANCP session
7
(Optional) Aging time of the line entry
8
(Optional) Damping percentage of ANCP messages
9
(Optional) Number of OAM detections
10
(Optional) Timeout period of waiting for the response to OAM detection
6.3.2 Enabling ANCP
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp enable
ANCP is enabled.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
The system performs socket listening and processes TCP connection requests from the DSLAM
only after ANCP is enabled. When ANCP is disabled, all ANCP TCP connections are cut off,
and socket listening is disabled.
By default, ANCP is disabled.
----End
6.3.3 Configuring the Source Interface of an ANCP Connection
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
source-interface
loopback interface-number
The source interface is configured for setting up an ANCP connection.
When the interface is connected to the DSLAM to set up a TCP connection, the source interface
can only be a loopback interface. The change of the source-interface loopback interfacenumber command or the IP address of the interface does not affect the established TCP
connection. The new configuration takes effect only when ANCP is disabled and then enabled
again.
----End
6.3.4 (Optional) Configuring Parameters of ANCP Sessions
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
6-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
The ANCP view is displayed.
Step 3 Run:
session { interval interval-value | retransmit retransmit-value }*
The timeout period of ANCP sessions and the maximum number of ANCP packet
retransmissions are configured.
After a TCP connection is established, router sends SYN packets to set up an ANCP session. If
the end does not receive a correct response, it resends SYN packets until the ANCP session is
successfully set up. If ANCP sessions are not successfully set up when the number of SYN
packet retransmissions reaches the upper threshold, the TCP connection will be closed.
By default, the interval of sending SYN or SYN-ACK packets to the peer is 1s , and the maximum
number of retransmissions is 10.
----End
6.3.5 Configuring the ANCP Neighbor Profile
Context
To facilitate the management of ANCP access lines, the router adopts ANCP neighbor profiles.
Each neighbor profile can be configured with the IP address of a neighbor. If the IP address of
a packet from a neighbor is the same as the configured IP address, the neighbor is considered to
belong to the neighbor profile.
When a neighbor profile is created, the system checks whether a neighbor profile with the same
name exists. If so, the neighbor view is displayed; if not, a neighbor view is created and then
displayed. If a neighbor profile is in use, it cannot be deleted.
When the router functions as the ANCP proxy, you need to create the neighbor profile on the
router to set up neighbor relationships with the upstream BRAS and with the downstream
DSLAM.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
neighbor-profile neighbor-profile-name proxy [ client ]
An ANCP neighbor profile in proxy mode is created and the neighbor view is displayed.
If client is not specified, it indicates that the neighbor profile works in proxy server mode and
is used to set up the neighbor relationship with the downstream DSLAM.
If client is specified, it indicates that the neighbor profile works in proxy client mode and is used
to set up the neighbor relationship with the upstream BRAS.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
NOTE
In proxy mode, only one neighbor profile can be configured to work in proxy client mode.
Step 4 (Optional) Run:
tcp-listen port port-number
The port number on an ANCP neighbor for TCP connection listening is configured.
Before the tcp-listen port command is run, if the ANCP neighbor has already set up a TCP
connection, the TCP connection will be cut off, and the ANCP neighbor will use the new listening
port to re-establish a TCP connection.
By default, the port number for TCP connection listening is 6068.
Step 5 Run:
peer-id peer-id
The ID of the ANCP neighbor is configured.
Step 6 (Optional) Run:
max-access-loop value
The maximum number of access lines is configured for the ANCP neighbor.
If there are lines accessing the neighbor and the maximum number of access lines is smaller than
the number of existing access lines, no access line entries will be created, and the existing access
line entries remain unchanged.
By default, a maximum of 65536 access lines can be configured in the neighbor profile.
Step 7 (Optional) Run:
keep-alive interval interval-value
The interval for sending Keepalive packets is configured.
To detect the neighbor status (for example, whether the link is Up), after an ANCP session is
set up, the router sends Keepalive packets to its neighbor, such as the DSLAM, at a fixed interval.
By default, the interval is 10s.
Step 8 (Optional) Run:
aging-time value
The aging time of line entries is configured.
When an ANCP neighbor line becomes Down, the system needs to delete the line entry. This
helps rationally use system resources.
If the value is 0, it indicates that a line entry is deleted immediately the line becomes Down.
Otherwise, the line entry is deleted only after the aging timer expires.
By default, the aging time of an ANCP neighbor line entry is 150s.
----End
6.3.6 (Optional) Configuring Bandwidth Adjustment Factors
Context
Do as follows on the router:
6-18
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
neighbor-profile
neighbor-profile-name [ proxy ]
An ANCP neighbor profile is created and the ANCP neighbor view is displayed.
Step 4 Run:
adjustment { adsl adjust-percentage | adsl2 adjust-percentage | adsl2plus adjustpercentage | vdsl1 adjust-percentage | vdsl2 adjust-percentage | sdsl adjustpercentage } *
The bandwidth adjustment percentages for different link types in the ANCP neighbor profile are
configured.
NOTE
The bandwidths that are reported by the DSLAM to the router are determined by the types of the physical
links, whereas the router traffic implements user traffic scheduling by the Ethernet link. Therefore,
bandwidths need to be translated between different types of physical links. You can use the adjustment
command to translate the packet overhead between different physical links. For example, if you set the
bandwidth adjustment factor for ADSL to 77%, this means that when a user reports an ADSL link, the
actual bandwidth that HQoS assures for the user is the reported bandwidth x 77%.
----End
6.3.7 (Optional) Enabling the Function of Configuring ANCP
Access Lines
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
access-loop-configure { circuit-id circuit-id | index index } service-profile
profile-name
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-19
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
The name of the profile delivered to the peer is configured and the configuration of ANCP access
lines is enabled.
The access-loop-configure { circuit-id circuit-id | index index } service-profile profilename command is used to enable the ANCP access line configurations, and to configure the
router to deliver the profile name to the DSLAM.
When the access-loop-configure { circuit-id circuit-id | index index } service-profile profilename command is run on the ANCP server, the parameters in the profile, such as QoS parameters
and bandwidths, need to be configured on the DSLAM. The parameters in the profile are valid
for the users that go online after the profile is delivered.
NOTE
If the DSLAM needs to restart the line after receiving the profile name delivered by the router, you need
to run the aging-time command on the router to set a longer aging time for ANCP line entries.
Step 4 (Optional) Run either of the following commands as required.
l
Run the line-configure timeout time command, and the timeout period of the response to
the delivered profile is configured.
If the router does not receive any response during the timeout period, it considers that the
delivery of the profile fails.
l
Run the line-configure ack-mandatory command, and no response to the delivered profile
is required.
By default, the timeout period is 5s.
----End
6.3.8 (Optional) Configuring ANCP Message Damping
Context
If the DSLAM repeatedly sends messages to the router to report user bandwidth change, the
router adjusts the user bandwidth accordingly and delivers related configurations. This affects
the performance of the router.
To abstain this affection, ANCP message damping needs to be configured on the router.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
neighbor-profile neighbor-profile-name
The neighbor view is displayed.
6-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Step 4 Run:
damping damping-percentage
ANCP message damping is configured.
After ANCP message damping is configured, the router adjusts the user bandwidth and delivers
related configurations only when the user bandwidth changes out of the specified range. That
is, if the user bandwidth changes within the specified range, the router does not respond to the
ANCP messages that report related changes, and thus does not adjust the user bandwidth.
By default, no ANCP message is damped.
----End
6.3.9 (Optional) Configuring ANCP OAM Detection
Context
To test the remote connection of access lines, you can configure ANCP OAM detection.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
oam [ count test-counter ] access-loop access-loop-circuit-id
OAM detection is configured for a specific access line, and the number of times of OAM
detection is also configured.
By default, the number of OAM detection times is 5.
Step 4 (Optional) Run:
neighbor-profile neighbor-profile-name [ proxy ]
The ANCP neighbor view is displayed.
Step 5 (Optional) Run:
oam timeout
time
The timeout period of the response to OAM detection is configured.
If the router does not receive any response to OAM detection during the timeout period, it
considers that ANCP OAM detection fails.
By default, the timeout period is 5s.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-21
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
NOTE
The oam timeout command can be configured when the neighbor profile mode is server or proxy server.
----End
6.3.10 Checking the Configuration
Procedure
Step 1 Run the display ancp neighbor [ profile neighbor-profile | id id-value ] command to view
information about the ANCP neighbor.
Step 2 Run the display ancp neighbor-profile [ neighbor-profile-name ] command to view the
configuration of the ANCP neighbor profile.
Step 3 Run the display ancp access-loop [ access-loop-circuit- index | circuit-id circuit-id-text |
circuit-id-include circuit-id-include-text | neighbor-profile neighbor-profile-name | neighborid neighbor-id ] command to view information about line entries in the ANCP neighbor profile.
Step 4 Run the display ancp statistic [ neighbor-id ] command to view the ANCP statistics of the
neighbor.
----End
Example
After running the display ancp neighbor command, you can view the status of all ANCP
neighbors, the neighbor with the specified neighbor profile, and the neighbor with the specified
neighbor ID. For example:
<HUAWEI> display ancp neighbor
Index
Peer-ID
State
Role
Line-num Profile
-------------------------------------------------------------------------0
123.1.3.1
ESTAB
proxy client
0
bras
1
10.1.1.1
ESTAB
proxy server
2
dslam
-------------------------------------------------------------------------The total is 2,printed is 2
<HUAWEI> display ancp neighbor id 10.1.1.1
Neighbor Profile name
:dslam
Neighbor state
:ESTAB
Peer ID
:10.1.1.1
Peer port
:49233
Neighbor capacity
:discovery;line-cfg;oam;
Neighbor techtype
:5(5 is DSL)
Access loop circuit number
:2
Session message interval
:20(seconds)
Session message retransmit
:5
Max access loop number
:65536
Access loop configure timeout
:5(seconds)
Access loop configure ack mandatory
:false
Access loop aging time
:47(seconds)
Access loop oam timeout
:50(seconds)
Keep-alive interval
:10(seconds)
Wait-ack timeout
:30000(milliseconds)
ANCP role
:proxy server
After running the display ancp neighbor-profile command, you can view the configuration of
the specified neighbor profile. For example:
<HUAWEI> display ancp neighbor-profile dslam1
Index
:1
Neighbor Profile name
:dslam
Neighbor Used state
:used
6-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
ANCP role
Auto-qos-adapt attribute
TCP-listen port number
Damping percentage
Peer ID
Max access loop number
Access loop configure timeout
Access loop configure ack mandatory
Access loop aging time
Access loop oam timeout
Keep-alive interval
:proxy server
:both
:6068
:0
:10.1.1.1
:65536
:5(seconds)
:false
:47(seconds)
:50(seconds)
:10(seconds)
After running the display ancp access-loop command, you can view information about access
line entries. For example:
<HUAWEI> display ancp access-loop neighbor-profile dslam
---------------------------------------------------------------Index
State
Peer-ID
Circuit-ID
---------------------------------------------------------------10
UP
10.1.1.1
001882362CFF eth 0/3/0/1:10
11
UP
10.1.1.1
001882362CFF eth 0/3/0/2:6
---------------------------------------------------------------The total is 2,printed is 2
After running the display ancp statistic command, you can view the ANCP statistics of the
neighbor. For example:
<HUAWEI> display ancp statistic 10.1.1.1
Received ack packet
:96
Received syn packet
:0
Received synack packet
:1
Received reset ack packet
:0
Received lineup packet
:2
Received linedown packet
:0
Received oam packet
:0
Received line config packet
:0
Received multicast packet
:0
Received unknown packet
:0
Send ack packet
:96
Send synack packet
:1
Send syn packet
:1
Send reset ack packet
:0
Send oam packet
:0
Send access loop config packet
:0
Send multicast packet
:0
Send failed packet
:0
6.4 Configuring the Association Between ANCP and HQoS
in the ANCP Proxy Scenario
This section describes how to configure the association between ANCP and HQoS in the ANCP
proxy scenario.
6.4.1 Establishing the Configuration Task
6.4.2 Configuring the Mode of the Association Between ANCP and HQoS
6.4.3 Configuring the QoS Profile and Scheduling Parameters
6.4.4 Configuring the BRAS to Deliver the QoS Policy Name
6.4.5 Applying the QoS Profile to the Interface
6.4.6 Enabling ANCP on the Interface and Associating the Interface with the ANCP Neighbor
Profile
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
6.4.7 Checking the Configuration
6.4.1 Establishing the Configuration Task
Applicable Environment
When the router functions as the ANCP server or the ANCP proxy, if ANCP is required to control
downstream rates of user lines and QoS scheduling parameters of various services, you need to
configure ANCP to support HQoS.
l
When the router functions as the ANCP server, only the bandwidth adjustment factor needs
to be configured.
l
When the router functions as the ANCP proxy, you need to configure the bandwidth
adjustment factor, association between ANCP and HQoS, and QoS profile and scheduling
parameters, enable ANCP on the interface, associate the interface with the ANCP neighbor
profile, and apply the QoS profile.
Pre-configuration Tasks
Before configuring ANCP functions, complete the following tasks:
l
Configuring the physical parameters and link attributes of interfaces to ensure that the
interfaces work properly
l
Configuring IP addresses and routing protocols for interfaces
l
Enabling ANCP and configuring ANCP neighbor profiles
Data Preparation
To configure the function that ANCP supports HQoS, you need the following data.
6-24
No.
Data
1
Source interface of the ANCP connection
2
Name of the ANCP neighbor profile
3
IP address of the ANCP neighbor
4
Bandwidth adjustment factor for the ANCP neighbor
5
ANCP-enabled sub-interface
6
Mode of the association between ANCP and HQoS
7
Scheduling parameter in the QoS profile
8
Interface to which the QoS profile is applied
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
6.4.2 Configuring the Mode of the Association Between ANCP and
HQoS
Context
When ANCP is associated with QoS, if both the DSLAM and the BRAS report QoS messages,
the mode of the association between ANCP and HQoS determines which QoS message is
selected by the device.
NOTE
This configuration is applicable only to the neighbor profile whose attribute is proxy server.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
neighbor-profile neighbor-profile-name proxy
The neighbor profile view is displayed.
Step 4 Run:
auto-qos-adapt
{ dslam | bras | both }
The mode of the association between ANCP and HQoS is configured.
If dslam is specified, you need to apply the specified QoS profile name to the downstream
interface of user services so that the router restricts the downstream bandwidth of user services
according to the actual physical bandwidth and the minimum value of HQoS that are reported
by the ANCP line.
If bras is specified, the BRAS delivers a QoS profile name to a user, and the router receives and
applies the QoS policy.
If both is specified, the BRAS needs to deliver a QoS profile name to a user, and the router
receives and applies the QoS policy. Then, if the DSLAM reports line update messages, ANCP
adjusts the user bandwidth according to the new bandwidth information.
----End
6.4.3 Configuring the QoS Profile and Scheduling Parameters
Context
Do as follows on the router:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
NOTE
This configuration is applicable only when the neighbor profile whose attribute is proxy server is enabled
with the function that ANCP supports HQoS.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
qos-profile qos-profile-name
A QoS profile is created and the QoS profile view is displayed.
Step 3 You can choose to configure user queue scheduling parameters or traffic assurance for users as
required.
l
Run:user-queue cir cir-value [ pir pir-value] [ flow-queue flow-queue name ] [ flowmapping flow-mapping name ] [ user-group-queue user-group-queue name ] [ servicetemplate service-template-name ],The user queue scheduling parameters are configured to
implement HQoS on user services.
l
Run:car { cir cir-value [ pir pir-value] } [ cbs cbs-value pbs pbs-value ] [ green
{ discard | pass } | yellow { discard | pass } | red { discard | pass } ]* A committed access
rate (CAR) is configured to ensure that user traffic can be normally forwarded.
l
Run:broadcast-suppression cir cir-value [ cbs cbs-value ]The suppression rate of broadcast
packets is configured in the QoS profile.
l
Run:multicast-suppression cir cir-value [ cbs cbs-value ] The suppression rate of multicast
packets is configured in the QoS profile.
l
Run:unknown-unicast-suppression cir cir-value [ cbs cbs-value ] The suppression rate of
unknown unicast packets is configured in the QoS profile.
NOTE
l
The car command and the user-queue command in the QoS profile are mutually exclusive. That is,
the two commands cannot be both configured.
l
If you have run the qos-profile command on an interface, you cannot run the user-queue command
or the car command or enable the traffic suppression function on the interface.
For detailed configurations of the QoS profile, refer to the HUAWEI NetEngine80E/40E
Configuration Guide - QoS.
----End
6.4.4 Configuring the BRAS to Deliver the QoS Policy Name
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
6-26
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
The system view is displayed.
Step 2 Run:
ancp
The ANCP view is displayed.
Step 3 Run:
access-loop-configure { circuit-id circuit-id |index index } service-profile
profile-name
Configure the BRAS to deliver the QoS policy name.
----End
6.4.5 Applying the QoS Profile to the Interface
Context
Do as follows on the router:
NOTE
This configuration is applicable only when the neighbor profile whose attribute is proxy server is enabled
with the association between ANCP and HQoS in dslam mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
[.sub-interface ]
The interface view for adjusting bandwidths is displayed.
Step 3 Choose the matched command line to apply QoS profiles on interfaces of different types.
l
Run the qos-profile qos-profile-name { inbound | outbound } [ group group-name ]
command on GE interfaces, Eth-Trunk interfaces, Ethernet interfaces and their sub-interfaces
to apply QoS profiles.
l
Run the qos-profile qos-profile-name { inbound | outbound } vlan vlan-id1 [ to vlan-id2 ]
identifier { vlan-id | none } [ group group-name ] command on Layer 2 GE interfaces,
Layer 2 Eth-Trunk interfaces, Dot1q termination sub-interfaces, QinQ stacking subinterfaces to apply QoS profiles.
l
Run the qos-profile qos-profile-name { inbound | outbound } pe-vid pe-vlan-id ce-vid cevlan-id1 [to ce-vlan-id2 ] identifier { pe-vid | ce-vid | pe-ce-vid | none } [ group groupname ] command on QinQ termination sub-interfaces and QinQ mapping interfaces to apply
QoS profiles.
----End
6.4.6 Enabling ANCP on the Interface and Associating the Interface
with the ANCP Neighbor Profile
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-27
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Context
Do as follows on the router:
NOTE
This configuration is applicable only when the neighbor profile whose attribute is proxy server is enabled
with the function that ANCP supports HQoS.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number [.subinterface-number]
The interface view is displayed.
Step 3 Run:
ancp enable neighbor-profile-name
The ANCP function is enabled on the interface, and the ANCP neighbor profile is associated
with the interface.
----End
6.4.7 Checking the Configuration
Procedure
Step 1 Run the display ancp neighbor [ profile neighbor-profile | id id-value ] command to view
information about the ANCP neighbor.
Step 2 Run the display ancp neighbor-profile [ neighbor-profile-name ] command to view the
configuration of the ANCP neighbor profile.
Step 3 Run the display ancp access-loop [ access-loop-circuit- index | circuit-idcircuit-id-text |
circuit-id-include circuit-id-include-text | neighbor-profile neighbor-profile-name | neighborid neighbor-id ] command to view information about line entries in the ANCP neighbor profile.
Step 4 Run the display ancp statistic [ neighbor-id ] command to view the statistics of an ANCP
neighbor.
----End
Example
After running the display ancp neighbor command, you can view the status of all neighbors.
For example:
<HUAWEI> display ancp neighbor
Index
Peer-ID
State
Role
Line-num Profile
-------------------------------------------------------------------------0
123.1.3.1
ESTAB
proxy client
0
bras
1
10.1.1.1
ESTAB
proxy server
2
dslam
-------------------------------------------------------------------------The total is 2,printed is 2
6-28
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
After running the display ancp neighbor id 10.1.1.1 command, you can view the status of the
neighbor whose ID is 10.1.1.1.
<HUAWEI> display ancp neighbor id 10.1.1.1
Neighbor Profile name
:dslam
Neighbor state
:ESTAB
Peer ID
:10.1.1.1
Peer port
:49233
Neighbor capacity
:discovery;line-cfg;oam;
Neighbor techtype
:5(5 is DSL)
Access loop circuit number
:2
Session message interval
:20(seconds)
Session message retransmit
:5
Max access loop number
:65536
Access loop configure timeout
:5(seconds)
Access loop configure ack mandatory
:false
Access loop aging time
:47(seconds)
Access loop oam timeout
:50(seconds)
Keep-alive interval
:10(seconds)
Wait-ack timeout
:30000(milliseconds)
ANCP role
:proxy server
After running the display ancp neighbor-profile command, you can view the configuration of
the specified neighbor profile. For example:
<HUAWEI> display ancp neighbor-profile dslam1
Index
:1
Neighbor Profile name
:dslam1
Neighbor Used state
:used
ANCP role
:proxy server
Auto-qos-adapt attribute
:both
TCP-listen port number
:6068
Damping percentage
:0
Peer ID
:10.1.1.1
Max access loop number
:65536
Access loop configure timeout
:5(seconds)
Access loop configure ack mandatory
:false
Access loop aging time
:47(seconds)
Access loop oam timeout
:50(seconds)
Keep-alive interval
:10(seconds)
After running the display ancp access-loop command, you can view information about access
line entries. For example:
<HUAWEI> display ancp access-loop neighbor-profile dslam
---------------------------------------------------------------Index
State
Peer-ID
Circuit-ID
---------------------------------------------------------------10
UP
10.1.1.1
001882362CFF eth 0/3/0/1:10
11
UP
10.1.1.1
001882362CFF eth 0/3/0/2:6
---------------------------------------------------------------The total is 2,printed is 2
After running the display ancp statistic command, you can view the ANCP statistics of a
neighbor. For example:
<HUAWEI> display ancp statistic 10.1.1.1
Received ack packet
:96
Received syn packet
:0
Received synack packet
:1
Received reset ack packet
:0
Received lineup packet
:2
Received linedown packet
:0
Received oam packet
:0
Received line config packet
:0
Received multicast packet
:0
Received unknown packet
:0
Send ack packet
:96
Send synack packet
:1
Send syn packet
:1
Send reset ack packet
:0
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-29
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Send
Send
Send
Send
oam packet
access loop config packet
multicast packet
failed packet
:0
:0
:0
:0
6.5 Maintaining ANCP
This section describes how to view and clear ANCP running information and how to debug
ANCP.
6.5.1 Clearing ANCP Running Information
6.5.1 Clearing ANCP Running Information
CAUTION
ANCP running information cannot be restored after you clear it. Therefore, confirm the action
before you use the command.
To clear ANCP running information, run the following reset commands in the ANCP view.
Action
Command
Clear information about ANCP access
line entries.
reset ancp access-loop [ circuit-id access-loopcircuit-id | neighbor-profile neighbor-profilename | neighbor-id neighbor-id ]
Clear information about ANCP
neighbor entries.
reset ancp neighbor [ profile neighbor-profilename | id neighbor-id-value ]
Clear statistics about ANCP .
reset ancp statistic [ neighbor-id ]
6.6 Configuration Examples
This section provides examples for ANCP configurations.
6.6.1 Example for Configuring the ANCP Server
As an ANCP server, the router functions as both a BRAS and an SR. As an SR, the router can
sense the topology of the access network and parameters of the access links, and can therefore
help prevent the access network from being congested. As a BRAS, the router can achieve
automatic adjustment of policies on the DSLAM through the update of user services on the
ANCP.
6.6.2 Configuring router as the ANCP Proxy and Configuring ANCP-HQoS Association
As an ANCP proxy, the router can aggregate ANCP connections. This prevents too many
DSLAMs from being connected to the BRAS. The ANCP-HQoS association can reduce the
need for manual configuration. By automatically adjusting user bandwidths, the ANCP-HQoS
association prevents traffic congestion on a DSLAM.
6-30
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
6.6.1 Example for Configuring the ANCP Server
As an ANCP server, the router functions as both a BRAS and an SR. As an SR, the router can
sense the topology of the access network and parameters of the access links, and can therefore
help prevent the access network from being congested. As a BRAS, the router can achieve
automatic adjustment of policies on the DSLAM through the update of user services on the
ANCP.
Prerequisite
Before configuration the ANCP server, configurations of routes between the connected devices
must be completed.
Networking Requirements
The trend of network convergence and development of Triplay services have posed new
networking requirements. As shown in Figure 6-3, the router needs to be deployed on the
convergence layer at the edge of a broadband MAN. Here, the router acts as the service control
gateway as well as the authentication and accounting gateway for various types of broadband
access users. In this scenario, the router can provide various types of broadband access services
and extensive value added services for users. In addition, the router is also able to implement
bandwidth control, traffic policing, and QoS enforcement on the services of users.
The DSLAM supports ANCP and the router functions as the BRAS to manage users, that is,
detects user services and user logon and logout. Other requirements are as follows:
l
The maximum number of access lines for the DSLAM whose IP address is 10.1.1.1 is 3000.
l
Lines accessed by the DSLAM can be configured on the router.
l
For subsequent login users, the router is able to automatically adjust the downstream
bandwidth for the users according to information about the access lines.
l
The router is able to configure bandwidth adjustment factors according to the types of user
services.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-31
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Figure 6-3 Networking diagram of configuring the ANCP server
phone
PC
ADSL/VDSL
Modem 1
IP/MPLS
backbone
IPTV
phone
DSLAM
Router
PC
ADSL/VDSL
Modem 2
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable ANCP.
2.
Configure the source interface of the ANCP connection.
3.
Configure the ANCP session parameters.
4.
Configure the ANCP neighbor profile and parameters.
5.
Configure bandwidth adjustment factors.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of the source interface of the ANCP connection
l
ANCP neighbor name and IP address
l
ANCP session parameter
l
Maximum number of access lines, handshaking interval, and timeout period of waiting for
the response to the access line configuration for the ANCP neighbor
l
Bandwidth adjustment factor
NOTE
The following describes the configuration of the router. For configurations of the ADSL/VDSL modem
and DSLAM, see the corresponding configuration guides.
6-32
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Procedure
Step 1 Configure ANCP.
# Enable ANCP.
<HUAWEI> system-view
[HUAWEI] ancp enable
# Configure the source interface of the ANCP connection.
[HUAWEI] interface loopback 1
[HUAWEI-LoopBack1] ip address 1.1.1.1 24
[HUAWEI-LoopBack1] quit
[HUAWEI] ospf 82
[HUAWEI-ospf-82]area 0
[HUAWEI-ospf-82-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[HUAWEI-ospf-82-area-0.0.0.0] quit
[HUAWEI-ospf-82] quit
[HUAWEI] ancp
[HUAWEI-ancp] source-interface loopback 1
# Configure the ANCP session parameters.
[HUAWEI-ancp] session interval 10 retransmit 20
# Configure the ANCP neighbor profile and bandwidth adjustment factors.
[HUAWEI-ancp] neighbor-profile dslam1
[HUAWEI-ancp-neighbor-dslam1] peer-id 10.1.1.1
[HUAWEI-ancp-neighbor-dslam1] max-access-loop 3000
[HUAWEI-ancp-neighbor-dslam1] line-configure timeout 10
[HUAWEI-ancp-neighbor-dslam1] keep-alive interval 20
[HUAWEI-ancp-neighbor-dslam1] adjustment adsl 77 vdsl1 90
[HUAWEI-ancp-neighbor-dslam1] quit
NOTE
The IP address specified in peer-id must be the same as the IP address that is used by the peer to set up the
TCP connection.
Step 2 Verify the configuration.
# Check the configurations of the ANCP neighbor profile named dslam1.
<HUAWEI> display ancp neighbor-profile dslam1
Index
Neighbor Profile name
Neighbor Used state
ANCP role
TCP-listen port number
Damping percentage
Adjustment
Peer ID
Max access loop number
Access loop configure timeout
Access loop configure ack mandatory
Access loop aging time
Access loop oam timeout
Keep-alive interval
:0
:dslam1
:unused
:server
:6068
:0
:adsl 77 vdsl1 90
:10.1.1.1
:3000
:10(seconds)
:false
:150(seconds)
:20(seconds)
:20(seconds)
# Check the entry information of the access line named access1.
<HUAWEI> display ancp access-loop
Circuit index
Circuit ID
Peer ID
Dsl type
Actual datarate upstream
Issue 03 (2010-03-31)
:1
:access1
:10.1.1.1
:ADSL2
:143(Kbps)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-33
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
Actual datarate downstream
The total is 1,printed is 1
:153(Kbps)
When traffic flows on the network, it is found that traffic of access line 1 is forwarded according
to the QoS profile named test that is configured by the DSLAM.
----End
Configuration Files
#
sysname HUAWEI
#
ancp enable
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.0
#
ospf 82
area 0
network 1.1.1.1 0.0.0.0
#
ancp
source-interface LoopBack1
session interval 10 retransmit 20
neighbor-profile dslam1
peer-id 10.1.1.1
adjustment adsl 77 vdsl1 90
keep-alive interval 20
line-configure timeout 10
max-access-loop 3000
#
return
6.6.2 Configuring router as the ANCP Proxy and Configuring
ANCP-HQoS Association
As an ANCP proxy, the router can aggregate ANCP connections. This prevents too many
DSLAMs from being connected to the BRAS. The ANCP-HQoS association can reduce the
need for manual configuration. By automatically adjusting user bandwidths, the ANCP-HQoS
association prevents traffic congestion on a DSLAM.
Prerequisite
Before configuring the router as the ANCP proxy and configuring the ANCP-HQoS association,
configurations of routes between the connected devices must be completed.
Networking Requirements
To implement automatic topology discovery and automatic link configuration in the access
network, you need to configure ANCP between the DSLAM and BRAS. Usually, one BRAS
can have hundreds of ANCP peers. If too many DSLAMs are connected to a BRAS, the ANCP
proxy needs to be configured on the router to aggregate ANCP connections.
When a user customizes new services, ANCP-HQoS association automatically adjusts the user
bandwidth on the router. This prevents traffic congestion on the DSLAM.
As shown in Figure 6-4, both the DSLAM and the BRAS support ANCP. Functioning as the
convergence device, the router sets up ANCP neighbor relationships with the DSLAM and the
BRAS. Other requirements are described as follows:
6-34
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
l
The maximum number of access lines for the DSLAM whose IP address is 10.1.1.1 is 3000.
l
Lines accessed by the DSLAM can be configured on the router.
l
The router is able to configure bandwidth adjustment factors according to the types of user
services.
l
Traffic flows of different user services enter different QinQ sub-interfaces for QoS
scheduling.
l
Downstream traffic of the router is scheduled through ANCP according to the QoS policy
delivered by the BRAS.
Figure 6-4 Networking diagram of configuring router as the ANCP proxy and configuring
ANCP-HQoS association
phone
PC
ADSL/VDSL
Modem 1
GE1/0/0
IP/MPLS
backbone
IPTV
phone
DSLAM
Router
BRAS
PC
ADSL/VDSL
Modem 2
IPTV
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable ANCP.
2.
Configure the source interface of the ANCP connection
3.
Configure the ANCP session parameters.
4.
Configure the ANCP neighbor profile and parameters.
5.
Configure bandwidth adjustment factors.
6.
Configure the mode of the association between ANCP and HQoS.
7.
Enable ANCP on the interface and associate the ANCP neighbor with the interface
8.
Configure the QoS profile and schedule parameters
9.
(Optional) Configure the name of the QoS policy delivered by the BRAS.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-35
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
10. Apply the QoS profile to the interface.
Data Preparation
To complete the configuration, you need the following data:
l
IP address of the source interface of the ANCP connection
l
ANCP neighbor name and IP address
l
ANCP session parameter
l
Maximum number of access lines, handshaking interval, and timeout period of waiting for
the response to the access line configuration for the ANCP neighbor
l
Bandwidth adjustment factors
Procedure
Step 1 Configure ANCP.
# Enable ANCP.
<HUAWEI> system-view
[HUAWEI] ancp enable
# Configure the source interface of an ANCP connection.
[HUAWEI] interface loopback 1
[HUAWEI-LoopBack1] ip address 1.1.1.1 24
[HUAWEI-LoopBack1] quit
[HUAWEI] ospf 82
[HUAWEI-ospf-82]area 0
[HUAWEI-ospf-82-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[HUAWEI-ospf-82-area-0.0.0.0] quit
[HUAWEI-ospf-82] quit
[HUAWEI] ancp
[HUAWEI-ancp] source-interface loopback 1
# Configure the ANCP session parameters.
[HUAWEI-ancp] session interval 10 retransmit 20
# Configure profile parameters and bandwidth adjustment factors for the ANCP neighbor
connected to the DSLAM.
[HUAWEI-ancp] neighbor-profile dslam1 proxy
[HUAWEI-ancp-neighbor-dslam1] peer-id 10.1.1.1
[HUAWEI-ancp-neighbor-dslam1] max-access-loop 3000
[HUAWEI-ancp-neighbor-dslam1] line-configure timeout 10
[HUAWEI-ancp-neighbor-dslam1] keep-alive interval 20
[HUAWEI-ancp-neighbor-dslam1] adjustment adsl 77 vdsl1 90
[HUAWEI-ancp-neighbor-dslam1] quit
# Configure profile parameters and bandwidth adjustment factors for the ANCP neighbor
connected to the BRAS.
[HUAWEI-ancp] neighbor-profile bras proxy client
[HUAWEI-ancp-neighbor-bras] peer-id 10.1.1.2
[HUAWEI-ancp-neighbor-bras] quit
Step 2 Configure the mode of the association between ANCP and HQoS.
[HUAWEI-ancp] auto-qos-adapt bras
Step 3 Configure parameters in the QoS profile.
6-36
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
For detailed configurations of parameters in the QoS profile, refer to the HUAWEI
NetEngine80E/40E Router Configuration Guide - QoS.
Step 4 (Optional) Configure the name of the QoS policy delivered by the BRAS.
<HUAWEI> system-view
[HUAWEI] ancp
[HUAWEI-ancp] access-loop-configure circuit-id "text" service-profile test
Step 5 Apply the QoS profile to the interface and associate the ANCP neighbor with the interface.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] qos-profile test outbound pe-vid 1 ce-vid 1 to 100
[HUAWEI-GigabitEthernet1/0/0] ancp enable dslam1
[HUAWEI-GigabitEthernet1/0/0] quit
After the preceding configurations, you can run the display qos-profile configuration test and
display qos-profile application test slot 1 inbound commands to view the configurations of
the QoS profile and its applications.
<HUAWEI> display qos-profile configuration test
qos-profile : test
user-queue cir 100000 flow-queue test flow-mapping test user-group-queue test
broadcast-suppression cir 2000
multicast-suppression cir 2000
unknown-unicast-suppression cir 2000
Reference relationships: GigabitEthernet1/0/0
<HUAWEI> display qos-profile application test slot 1 inbound
qos-profile : test
intaface GigabitEthernet1/0/0, pe-vid 1, ce-vid 1 to 100
Step 6 Verify the configuration.
# Check basic information about the ANCP neighbor profile.
<HUAWEI> display ancp neighbor-profile
---------------------------------------------------------------Index Peer-ID
State
Role
Profile-name
---------------------------------------------------------------1
1.1.1.2
used
proxy server
dslam1
2
10.1.1.2
used
proxy client
bras
---------------------------------------------------------------The total is 1,printed is 1
# Check the configurations of the ANCP neighbor profile named dslam1.
<HUAWEI> display ancp neighbor-profile dslam1
Index
:1
Neighbor Profile name
:dslam1
Neighbor Used state
:used
ANCP role
:proxy server
ANCP source interface
:LoopBack1
TCP-listen port number
:6068
Damping percentage
:0
Peer ID
:10.1.1.1
Max access loop number
:3000
Access loop configure timeout
:5(seconds)
Access loop configure ack mandatory
:false
Access loop aging time
:30(seconds)
Access loop oam timeout
:5(seconds)
Keep-alive interval
:20(seconds)
----End
Configuration Files
#
sysname HUAWEI
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6-37
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
6 ANCP Configuration
#
ancp enable
#
ancp
source-interface LoopBack1
session interval 10 retransmit 20
neighbor-profile bras proxy client
peer-id 10.1.1.2
neighbor-profile dslam1 proxy
peer-id 10.1.1.1
max-access-loop 3000
line-configure timeout 10
keep-alive interval 20
adjustment adsl 77 vdsl1 90
auto-qos-adapt bras
#
flow-wred test
color green low-limit 70 high-limit 100 discard-percentage 100
color yellow low-limit 60 high-limit 90 discard-percentage 100
color red low-limit 50 high-limit 80 discard-percentage 100
#
flow-mapping test
map flow-queue af1 to port-queue ef
#
flow-queue test
queue af1 lpq shaping 10000 flow-wred test
queue ef pq shaping 30000 flow-wred test
#
user-group-queue test
shaping 500000 inbound
#
service-template test
network-header-length 12 inbound
#
qos-profile test
user-queue cir 100000 pir 100000 flow-queue test flow-mapping test user-group queue test service-template test
#
port-wred test
color green low-limit 70 high-limit 100 discard-percentage 100
color yellow low-limit 60 high-limit 90 discard-percentage 100
color red low-limit 50 high-limit 80 discard-percentage 100
#
interface GigabitEthernet1/0/0
undo shutdown
control-vid 1 qinq-termination
qinq termination l2 symmetry user-mode
qinq termination pe-vid 1 ce-vid 1 to 1000
qos-profile test outbound pe-vid 1 ce-vid 1 to 1000
ancp enable dslam1
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.0
#
ospf 82
area 0
network 1.1.1.1 0.0.0.0
#
return
6-38
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
7
IP Performance Configuration
About This Chapter
This chapter describes the parameters and function required for IP performance optimization
and provides procedures and examples for optimizing IP performance.
7.1 IP Performance Overview
This section describes the parameters and concepts concerning IP performance.
7.2 Improving IP Performance
This section describes how to enhance the performance of a specified network through setting
some IP parameters.
7.3 Configuring TCP
This section describes how to configure a TCP timer and specify the size of a sliding window.
7.4 Configuring Load Balancing for IP Packet Forwarding
This section describes how to configure the load balancing mode for IP packet forwarding and
how to configure the Unequal Cost Multipath Path (UCMP).
7.5 Maintaining IP Performance
This section describes how to clear IP/TCP/UDP statistics and debug IP/TCP/UDP.
7.6 Configuration Examples
This section provides several configuration examples of the IP performance.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
7.1 IP Performance Overview
This section describes the parameters and concepts concerning IP performance.
7.1.1 Introduction to IP Performance
7.1.2 IP Performance Supported by the NE80E/40E
7.1.1 Introduction to IP Performance
IP performance optimization should be performed on the basis of configurations of some
parameters and enablement of related functions, for example, the interface MTU, ICMP
attributes, and TCP attributes.
Internet Control Message Protocol (ICMP) messages are used by either the IP layer or the higher
layer protocol (TCP or UDP). ICMP communicates error messages or other information that
require attention.
7.1.2 IP Performance Supported by the NE80E/40E
ICMP
l
ICMP Host Unreachable messages
When forwarding packets, the device discards the packets and returns an ICMP host
unreachable message to the source to notify that the source must stop sending packets to
this destination if the device encounters the following situations:
l
–
There is no route to the destination.
–
The packet is not for itself.
ICMP Redirection messages
During packet forwarding, if the device finds the following situations, the device needs to
send an ICMP redirection message to the source device and notices the host to reselect a
correct device to send packets.
l
–
The interfaces to receive and forward packets are the same.
–
The selected route is not created or modified by the ICMP redirection packet.
–
The selected route is not the route destined for the destination 0.0.0.0.
–
The subnet mask bit of the source address is the same as that of the outgoing interface.
ICMP packet sending switches
In normal circumstance, ICMP host unreachable and redirection messages can ensure
normal packet transmission. However, when devices encounter the preceding conditions
frequently, network traffic becomes heavy because devices send a large number of ICMP
messages. This increases the traffic burden. In the case of malicious attacks, network
congestion becomes worse.
To solve this problem, the ICMP host unreachable function can be deployed on the
outbound interface. If this function is disabled, the device does not send out ICMP host
unreachable messages and as a result the traffic burden of the network is released and
malicious attacks to the network is prevented.
7-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Unequal-Cost Load Balancing
The NE80E/40E supports Unequal-Cost Multiple Path (UCMP) among all equal-cost routes to
the same destination.
UCMP supports only flow-based IP packet forwarding.
UCMP applies to only equal-cost routes. It is independent of routing protocols. That is, it does
not concern whether the Interior Gateway Protocol (IGP) or the Border Gateway Protocol (BGP)
is used.
Among the paths that perform UCMP, the bandwidth of each path must not be lower than 1/16
of the total bandwidth; otherwise, the path does not participate in UCMP.
The unequal-cost load balancing is classified into interface unequal-cost load balancing and
global unequal-cost load balancing. The differences between these two modes are described as
follows:
l
For the interface unequal-cost load balancing, you need to enable the unequal-cost load
balancing on all the outgoing interfaces that can forward packets. For the global unequalcost load balancing, you need to enable the unequal-cost load balancing only in the system
view.
l
After the interface unequal-cost load balancing is enabled, you need to restart any interface
to trigger the delivery FIB entries. After the global unequal-cost load balancing is enabled,
FIB entries can be delivered automatically.
The interface unequal-cost load balancing and the global unequal-cost load balancing are
mutually exclusive. You cannot enable both of them.
7.2 Improving IP Performance
This section describes how to enhance the performance of a specified network through setting
some IP parameters.
7.2.1 Establishing the Configuration Task
7.2.2 Configuring the Maximum Transmission Unit of the Interface
7.2.3 Configuring ICMP Attributes
7.2.4 Checking the Configuration
7.2.1 Establishing the Configuration Task
Applicable Environment
In some special network environments, you must adjust the IP parameters to achieve the best
performance. Improving IP performance involves configurations of a series of parameters.
Pre-configuration Tasks
Before improving IP performance, complete the following tasks:
l
Issue 03 (2010-03-31)
Configuring the physical parameters for related interfaces and ensuring that the status of
the physical layer of the interface is Up
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
l
Configuring the link layer protocol for related interfaces and ensuring that the status of the
link layer protocol on the interface is Up
l
Configuring the IP addresses for related interfaces
Data Preparation
To improve IP performance, you need the following data.
No.
Data
1
Number and MTU value of the interface
2
Number of the interface which needs source address verification
3
Number of the interface which needs to forward broadcast packets and ACL number
4
Number of the interface which needs to clear the DF
5
Number of the interface which needs to configure ICMP host-unreachable
7.2.2 Configuring the Maximum Transmission Unit of the Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
mtu mtu
The maximum transmission unit of the interface is configured.
----End
Postrequisite
The MTU of the interface has the effects on whether to fragment the packets on the interface.
The default MTU value varies with the interface type. Use the display interface command to
find out the value used.
7-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
NOTE
After configuring the MTU on an interface, you must restart the interface; otherwise, the configuration
cannot take effect. To restart the interface, run the restart command or the shutdown and then undo
shutdown commands.
7.2.3 Configuring ICMP Attributes
Context
By default, sending unreachable packets is enabled.
CAUTION
l
If the transmission of ICMP host unreachable messages is disabled, the device no longer
sends the ICMP host unreachable message.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
icmp host-unreachable send
Sending ICMP host unreachable packets is enabled.
----End
7.2.4 Checking the Configuration
Prerequisite
The configurations of the improving IP performance function are complete.
Procedure
l
Run the display udp statistics command to check the UDP traffic statistics.
l
Run the display ip interface [ interface-type interface-number ] command or display ip
interface brief [ interface-type [ interface-number ] | slot slot-id [ card card-number ] ]
command to check the table information of the IP layer interface.
l
Run the display ip statistics [ slot slot-id ] command to check the IP traffic statistics.
l
Run the display icmp statistics [ slot slot-id ] command to check the ICMP traffic statistics.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
l
Run the display rawlink statistics command to check the Rawlink statistics.
l
Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
sock-type ] command to check all the current socket API information.
----End
Example
Run the display udp statistics command. If the UDP traffic statistics are displayed, it means
that the configuration succeeds. For example:
<HUAWEI> display udp statistics
Received packets:
Total: 0
Total(64bit high-capacity counter): 0
checksum error: 0
shorter than header: 0, data length larger than packet: 0
unicast(no socket on port): 0
broadcast/multicast(no socket on port): 0
not delivered, input socket full: 0
input packets missing pcb cache: 0
Sent packets:
Total: 0
Total(64bit high-capacity counter): 0
Run the display ip interface command. If the information about IP interfaces is displayed, it
means that the configuration succeeds. For example:
<HUAWEI> display ip interface gigabitethernet 2/0/2
GigabitEthernet2/0/2 current state : UP
Line protocol current state : UP
The Maximum Transmit Unit : 1500 bytes
input packets : 1338, bytes : 117744, multicasts : 1338
output packets : 1336, bytes : 106884, multicasts : 1336
Directed-broadcast packets:
received packets:
0, sent packets:
forwarded packets:
0, dropped packets:
ARP packet input number:
0
Request packet:
0
Reply packet:
0
Unknown packet:
0
Internet Address is 120.1.1.1/24
Broadcast address : 120.1.1.255
TTL being 1 packet number:
0
TTL invalid packet number:
0
ICMP packet input number:
0
Echo reply:
0
Unreachable:
0
Source quench:
0
Routing redirect:
0
Echo request:
0
Router advert:
0
Router solicit:
0
Time exceed:
0
IP header bad:
0
Timestamp request:
0
Timestamp reply:
0
Information request:
0
Information reply:
0
Netmask request:
0
Netmask reply:
0
Unknown type:
0
DHCP packet deal mode: global
0
0
Run the display ip statistics command. If the IP traffic statistics are displayed, it means that the
configuration succeeds. For example:
7-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
<HUAWEI> display ip statistics
Run the display icmp statistics command. If the ICMP traffic statistics are displayed, it means
that the configuration succeeds. For example:
<HUAWEI> display icmp statistics
Input: bad formats
0
echo
0
source quench
0
echo reply
0
timestamp
0
mask requests
0
time exceeded
0
Mping request
0
Output:echo
0
source quench
0
echo reply
0
timestamp
0
mask requests
0
time exceeded
0
Mping request
0
bad checksum
destination unreachable
redirects
parameter problem
information request
mask replies
0
0
0
0
0
0
Mping reply
destination unreachable
redirects
parameter problem
information reply
mask replies
0
0
0
0
0
0
Mping reply
0
Run the display rawlink statistics command. If the Rawlink statistics are displayed, it means
that the configuration succeeds. For example:
<HUAWEI> display rawlink statistics
Received packets:
Total: 1771645
ifnet is null: 0
input packets missing pcb cache: 1181096
not pass multicast: 0
no join multicast: 0
full sock and pstMBuf to be freed: 0
full sock and nothing to be freed: 0
full sock and other reason: 0
Send packets:
Total: 125850
7.3 Configuring TCP
This section describes how to configure a TCP timer and specify the size of a sliding window.
7.3.1 Establishing the Configuration Task
7.3.2 Configuring TCP Timer
7.3.3 Specifying the Size of a TCP Sliding Window
7.3.4 Checking the Configuration
7.3.1 Establishing the Configuration Task
Applicable Environment
None.
Pre-configuration Tasks
None.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Data Preparation
To configure TCP, you need the following data.
No.
Data
1
SYN-WAIT timer, FIN-WAIT timer, receiving and sending buffer size of the socket
7.3.2 Configuring TCP Timer
Context
The types of TCP timers are shown as follows:
l
The SYN-Wait timer: On sending SYN packets, the TCP starts the SYN-Wait timer. If
response packets are not received before the SYN-Wait timer timeout, the TCP connection
is terminated. The SYN-Wait timer timeout ranges from 2 seconds to 600 seconds, and the
default value is 75 seconds.
l
The FIN-Wait timer: When the TCP connection status turns from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer starts. If FIN packets are not received before the FINWait timer timeout, the TCP connection is terminated. The FIN-Wait timer timeout ranges
from 76 seconds to 3600 seconds, and the default value is 675 seconds.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
tcp timer syn-timeout interval
The SYN-Wait timer of setting up TCP connections is configured.
Step 3 Run:
tcp timer fin-timeout interval
The FIN_WAIT_2 timer of setting TCP connections is configured.
----End
7.3.3 Specifying the Size of a TCP Sliding Window
Context
Do as follows on the router:
7-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
tcp window window-size
The receiving/sending buffer size of the TCP socket is configured.
The receiving and sending window-size of the connection-oriented socket: It ranges from 1K
bytes to 32K bytes, and the default value is 8K bytes.
----End
7.3.4 Checking the Configuration
Prerequisite
The configurations of TCP function are complete.
Procedure
l
Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipv4address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port
remote-port-number ] ] command to check the TCP connection status.
l
Run the display tcp statistics command to check the TCP traffic statistics.
----End
Example
Run the display tcp status command. If the information about the TCP connection status is
displayed, it means that the configuration succeeds. For example:
<HUAWEI> display tcp status
TCPCB
Tid/Soid Local Add:port
0a5d560c 30 /1
0.0.0.0:23
Foreign Add:port
0.0.0.0:0
VPNID State
14849 Listening
Run the display tcp statistics command. If the TCP traffic statistics are displayed, it means that
the configuration succeeds. For example:
<HUAWEI> display tcp statistics
Received packets:
Total: 0
Total(64bit high-capacity counter): 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 0 (0 bytes),partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 0 (0 bytes)
duplicate ACK packets: 0, too much ACK packets: 0
Sent packets:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Total: 0
Total(64bit high-capacity counter): 0
urgent packets: 0
control packets: 0 (including 0 RST)
window probe packets: 0, window update packets: 0
data packets: 0 (0 bytes),data packets retransmitted: 0 (0 bytes)
ACK-only packets: 0 (0 delayed)
Other information:
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
Keep alive timeout: 0, keep alive probe: 0, Keep alive timeout, so connections d
isconnected : 0
Initiated connections: 0, accepted connections: 0, established connections: 0
Closed connections: 0 (dropped: 0, initiated dropped: 0)
Packets dropped with MD5 authentication: 0
Packets permitted with MD5 authentication: 0
7.4 Configuring Load Balancing for IP Packet Forwarding
This section describes how to configure the load balancing mode for IP packet forwarding and
how to configure the Unequal Cost Multipath Path (UCMP).
7.4.1 Establishing the Configuration Task
7.4.2 Configuring the Load Balancing Mode of IP Packet Forwarding
7.4.3 Configuring Interface Unequal-Cost Multiple Path During IP Packet Forwarding
7.4.4 Configuring Global Unequal-Cost Multiple Path During IP Packet Forwarding
7.4.5 Checking the Configuration
7.4.1 Establishing the Configuration Task
Applicable Environment
The Equal Cost Multipath Path (ECMP) involves evenly distributing traffic among multiple
equal-cost paths, regardless of the difference in path bandwidth. This, however, usually leads to
the traffic congestion on the low-bandwidth path.
The Unequal Cost Multipath Path (UCMP) involves proportionally distributing traffic among
multiple equal-cost paths by considering the difference in path bandwidth. This can achieve
more reasonable load balancing because traffic is proportionally distributed among paths.
Pre-configuration Tasks
Before configuring load balancing for IP packet forwarding, complete the following tasks:
l
Connecting interfaces and setting physical parameters for interfaces to ensure that the
physical layer status of each interface is Up
l
Setting parameters of the link layer protocol for interfaces to ensure that the status of the
link layer protocol on each interface is Up
Data Preparation
To configure load balancing for IP packet forwarding, you need the following data.
7-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
No.
Data
1
Interface type and interface number
2
IP address and subnet mask for the interface
7.4.2 Configuring the Load Balancing Mode of IP Packet
Forwarding
Context
Load balancing can be enable during IP packet forwarding.
When flow-based load balancing is carried out, the device considers the protocol type, source
IP address and mask, destination IP and mask, source port range, and destination port range and
then adopts the hash algorithm to calculate a value. Based on the calculated value, it chooses a
link to forward the packets.
When packet-based load balancing is carried out, choose diverse links based on packets from
multiple links to forward packets.
By default, flow-based load balancing is adopted.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
l
load-balance { flow | packet } [ all | slot slot-id ]
Packets on the device are load balanced.
l
load-balance ip-enhance { all | slot slot-id }
Packets received on the device are load balanced.
After the load-balance ip-enhance command is run, the device load balances the received
packets based on the quintuple: the protocol type, the source IP address, the destination IP
address, the source port, and the destination port. If the command is not run, the device load
balances the received packets according to the source IP address, the destination IP address,
the source port, and the destination port of the IP packet in flow-by-flow mode.
NOTE
When the outgoing interfaces are MP interfaces, the load-balance packet [ all | slot slot-id ] command
cannot be run to implement packet-based load balancing among the interfaces. In this case, you can
configure policy-based routing to implement packet-based load balancing.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
7.4.3 Configuring Interface Unequal-Cost Multiple Path During IP
Packet Forwarding
Context
Do as follows on the router to implement the interface UCMP:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
NOTE
The interface must be outgoing interfaces of equal-cost routes. The interface UCMP can be realized among
paths only after all outgoing interfaces of equal-cost routes on the device are enabled with UCMP and FIB
entry delivery is triggered; if one outgoing interface is not enabled with UCMP, Equal-Cost Multiple Path
(ECMP) is performed among paths though FIB entry delivery is triggered.
Interface UCMP cannot be enabled globally or on logical interfaces. It can be enabled only on
physical main interfaces.
Step 3 Run:
load-balance unequal-cost enable
Interface UCMP is enabled for IP packet forwarding.
Route recalculation and FIB entry delivery are not triggered at once after UCMP is enabled or
disabled on the interface through command lines. FIB entry delivery is performed only after
UCMP configurations are validated.
Step 4 Run:
shutdown
The interface where UCMP is enabled is shut down.
Step 5 Run:
undo shutdown
The interface is restarted for validating UCMP configurations.
You can reset the interface where UCMP is enabled or disabled to trigger route recalculation
and FIB entry delivery so that UCMP configurations can be validated.
NOTE
Restarting the interface is one method to trigger FIB entry delivery. You can also change the IP address of
the interface to trigger FIB entry delivery and hence validate UCMP configurations.
----End
7-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
7.4.4 Configuring Global Unequal-Cost Multiple Path During IP
Packet Forwarding
Context
Do as follows on the router to implement global UCMP:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
load-balance unequal-cost enable
Global UCMP is enabled for IP packet forwarding.
By default, global UCMP is disabled.
NOTE
l
The interfaces that support the UCMP function are ATM interfaces, serial interfaces, MFR interfaces,
MP interfaces, Gigabit Ethernet interfaces, POS interfaces, Eth-Trunk interfaces, and IP-Trunk
interfaces.
l
Frequent enabling and then disabling UCMP on an interface greatly degrades the system performance.
Therefore, the interval from enabling UCMP to disabling UCMP or from disabling UCMP to enabling
UCMP must be equal to or longer than 5 minutes.
----End
7.4.5 Checking the Configuration
Prerequisite
All the load balancing configurations for IP packet forwarding are complete.
Procedure
l
Run the display fib [ slot-id ] command to check the FIB table of the interface board.
l
Run the display fib acl acl-number [ verbose ] command to check the filtered FIB
information.
l
Run the display fib [ slot-id ] destination-address1 [ desinationt-mask1 ] [ longer ]
[ verbose ] command to check the FIB entry which matches a destination address.
l
Run the display fib [ slot-id ] destination-address1 destination-mask1 destinationaddress2 destination-mask2 [ verbose ] command to check the FIB entry whose destination
address is in the range of destination-address1 destination-mask1 to destination-address2
destination-mask2.
l
Run the display fib ip-prefix prefix-name [ verbose ] command to check the FIB entries
that have passed filtering in a certain format according to the input IP prefix name.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
l
Run the display fib interface interface-type interface-number command to check the FIB
entries that have passed filtering in a certain format according to the input interface type
and interface number.
l
Run the display fib next-hop ip-address command to check the FIB entries that have passed
filtering in a certain format according to the input next hop address.
l
Run the display fib [ slot-id ] statistics command to check the total number of FIB entries.
l
Run the display fib [ slot-id ] [ | { begin | exclude | include } regular-expression ] command
to check the summary of the FIB.
----End
Example
Run the display fib command. If the brief information about the FIB is displayed, it means that
the configuration succeeds. For example:
<HUAWEI> display fib
FIB Table:
Total number of Routes : 3
Destination/Mask Nexthop
Flag
169.254.0.0/16
2.1.1.1
U
2.0.0.0/16
2.1.1.1
U
127.0.0.0/8
127.0.0.1
U
<HUAWEI> display fib acl 2010
Route entry matched by access-list 2010:
Summary counts: 1
Destination/Mask Nexthop
Flag
127.0.0.0/8
127.0.0.1
U
TimeStamp
t[0]
t[0]
t[0]
Interface
GE1/0/0
GE1/0/0
InLoop0
TimeStamp
t[0]
TunnelID
0x0
0x0
0x0
Interface
InLoop0
TunnelID
0x0
7.5 Maintaining IP Performance
This section describes how to clear IP/TCP/UDP statistics and debug IP/TCP/UDP.
7.5.1 Clearing IP Performance Statistics
7.5.2 Monitoring Network Operation Status of IP Performance
7.5.1 Clearing IP Performance Statistics
Context
CAUTION
IP/TCP/UDP statistics cannot be restored after you clear it. So, confirm the action before you
use the command.
Procedure
l
7-14
Run the reset ip statistics [ interface interface-type interface-number | slot slot-id ]
command in the user view to clear the IP statistics.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
l
Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the
user view to clear information on the socket monitor.
l
Run the reset tcp statistics command in the user view to clear the TCP traffic statistics.
l
Run the reset udp statistics command in the user view to clear the UDP traffic statistics.
l
Run the reset rawlink statistics command in the user view to clear the Rawlink statistics.
----End
7.5.2 Monitoring Network Operation Status of IP Performance
Context
In routine maintenance, you can run the following command in any view to check the operation
of IP performance.
Procedure
l
Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipv4address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port
remote-port-number ] ] command in any view to check TCP connection status.
l
Run the display tcp statistics command in any view to check statistics about TCP traffic.
l
Run the display udp statistics command in any view to check statistics about UDP traffic.
l
Run the display ip interface [ interface-type interface-number ] command or display ip
interface brief [ interface-type [ interface-number ] | slot slot-id [ card card-number ] ]
command in any view to check information about IP interfaces.
l
Run the display ip statistics [ slot slot-id ] command in any view to check statistics about
IP traffic.
l
Run the display icmp statistics [ slot slot-id ] command in any view to check statistics
about ICMP traffic.
l
Run the display rawlink statistics command in any view to check statistics about Rawlink.
l
Run the display fib [ slot-id ] command in any view to check the FIB on the specified
interface board.
l
Run the display fib acl acl-number [ verbose ] command in any view to check the FIB
information selectively through filtering.
l
Run the display fib [ slot-id ] destination-address1 [ desinationt-mask1 ] [ longer ]
[ verbose ] command in any view to filter FIB entries by matching destination IP addresses.
l
Run the display fib [ slot-id ] destination-address1 destination-mask1 destinationaddress2 destination-mask2 [ verbose ] command in any view to check the FIB entries
with the destination IP addresses in the range from destination-address1 destinationmask1 to destination-address2 destination-mask2.
l
Run the display fib ip-prefix prefix-name [ verbose ] command in any view to check the
FIB entries that have passed filtering in a certain format according to the input IP prefix
name.
l
Run the display fib interface interface-type interface-number command in any view to
check the FIB entries that have passed filtering in a certain format according to the input
interface type and interface number.
l
Run the display fib next-hop ip-address command in any view to check the FIB entries
that have passed filtering in a certain format according to the input next hop address.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
l
Run the display fib [ slot-id ] statistics command in any view to check the total number
of FIB entries.
l
Run the display fib [ slot-id ] [ | { begin | exclude | include } regular-expression ] command
in any view to check brief information about the forwarding table.
l
Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
sock-type ] command in any view to check information about all the socket interfaces of
the system.
----End
7.6 Configuration Examples
This section provides several configuration examples of the IP performance.
7.6.1 Example for Limiting Transmission of ICMP Host-Unreachable Packets
7.6.2 Example for Configuring Interface Unequal-Cost Multiple Path During IP Packet
Forwarding
7.6.3 Example for Configuring Global Unequal-Cost Load Balancing for IP Packet Forwarding
7.6.1 Example for Limiting Transmission of ICMP HostUnreachable Packets
Networking Requirements
As shown in Figure 7-1, Router A, Router B and Router C are connected with each other through
their Ethernet ports to test limiting transmission of host-unreachable packets.
Figure 7-1 Networking diagram of configuring ICMP host unreachable packets
RouterA
GE 1/0/0
1.1.1.1/24
Internet
GE 1/0/0
2.2.2.2/24
RouterC
7-16
GE 1/0/0
1.1.1.2/24
RouterB
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for the interfaces on devices.
2.
Configure static routes between devices that are not directly connected.
3.
Enable limiting transmission of ICMP Host-unreachable packets.
Data Preparation
To complete the configuration, you need the following data:
l
Static routes between devices that are not directly connected
l
IP addresses for the interfaces
Procedure
Step 1 Configure Router A.
# Configure static routes on Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ip route-static 2.2.2.2 24 1.1.1.2
# Configure an IP address for GE 1/0/0.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 1.1.1.1 24
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
Step 2 Configure Router B.
# Disable sending ICMP host unreachable packets on Router B and configure an IP address for
GE 1/0/0.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] undo icmp host-unreachable send
[RouterB-GigabitEthernet1/0/0] ip address 1.1.1.2 24
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] quit
Step 3 Configure Router C.
# Configure an IP address for GE 1/0/0 on Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ip address 2.2.2.2 24
[RouterC-GigabitEthernet1/0/0] undo shutdown
[RouterC-GigabitEthernet1/0/0] quit
Step 4 Verify the configuration.
# Enable the debugging of the ICMP packets of Router B.
<RouterB> debugging ip icmp
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
# Run the ping 2.2.2.2 command on Router A. If you can view that Router B does not send the
host unreachable packets, it means that the configuration succeeds. For example:
[RouterA] ping 2.2.2.2
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.1 255.255.255.0
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.2 255.255.255.0
undo icmp host-unreachable send
#
return
l
Configuration file of Router C
#
sysname RouterC
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 2.2.2.2 255.255.255.0
#
return
7.6.2 Example for Configuring Interface Unequal-Cost Multiple
Path During IP Packet Forwarding
Networking Requirements
As shown in Figure 7-2, three paths exist between Router A and Router E. The three paths
respectively travel through Router B, Router C, and Router D. It is required that the three paths
between Router A and Router E perform UCMP during IP packet forwarding. In the example,
the unequal-cost load balancing refers to the interface unequal-cost load balancing.
7-18
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Figure 7-2 Networking diagram of configuring UCMP
RouterB
POS1/0/0
POS2/0/0
POS4/0/0
POS4/0/0
RouterC
RouterA
RouterE
GE3/0/0 GE1/0/0
GE2/0/0 GE3/0/0
GE1/0/0
GE1/0/0
10.1.1.1/24
20.1.1.1/24
GE2/0/0
GE2/0/0
RouterD
GE1/0/0
GE2/0/0
router
Interface
IP address
RouterA
POS4/0/0
30.1.1.1/24
GE3/0/0
40.1.1.1/24
GE2/0/0
50.1.1.1/24
POS1/0/0
30.1.1.2/24
POS2/0/0
60.1.1.2/24
GE1/0/0
40.1.1.2/24
GE2/0/0
70.1.1.2/24
GE1/0/0
50.1.1.2/24
GE2/0/0
80.1.1.2/24
POS4/0/0
60.1.1.1/24
GE3/0/0
70.1.1.1/24
GE2/0/0
80.1.1.1/24
RouterB
RouterC
RouterD
RouterE
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IGP on each device. Here, Intermediate System to Intermediate System (IS-IS)
is taken as an example.
2.
Enable the UCMP function on each interface of Router A so that the three paths between
Router A and Router E can perform UCMP during IP packet forwarding.
Data Preparation
To complete the configuration, you need the following data:
l
Interface type and number
l
IP address of the interface
l
IS-IS area ID and IS-IS level of each device
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-19
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Procedure
Step 1 Configure an IP address for each interface. The detailed configuration procedure is not
mentioned here.
Step 2 Configure basic IS-IS functions.
# Configure Router A.
[RouterA] isis 1
[RouterA-isis-1] is-level level-1
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] isis enable 1
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] isis enable 1
[RouterA-GigabitEthernet2/0/0] quit
[RouterA] interface pos 4/0/0
[RouterA-Pos4/0/0] isis enable 1
[RouterA-Pos4/0/0] quit
[RouterA] interface gigabitethernet 3/0/0
[RouterA-GigabitEthernet3/0/0] isis enable 1
[RouterA-GigabitEthernet3/0/0] quit
# Configure Router B.
[RouterB] isis 1
[RouterB-isis-1] is-level level-1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] quit
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] isis enable 1
[RouterB-Pos1/0/0] quit
[RouterB] interface pos 2/0/0
[RouterB-Pos2/0/0] isis enable 1
[RouterB-Pos2/0/0] quit
# Configure Router C.
[RouterC] isis 1
[RouterC-isis-1] is-level level-1
[RouterC-isis-1] network-entity 10.0000.0000.0003.00
[RouterC-isis-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] isis enable 1
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] isis enable 1
[RouterC-GigabitEthernet2/0/0] quit
# Configure Router D.
[RouterD] isis 1
[RouterD-isis-1] is-level level-1
[RouterD-isis-1] network-entity 10.0000.0000.0004.00
[RouterD-isis-1] quit
[RouterD] interface gigabitethernet 1/0/0
[RouterD-GigabitEthernet1/0/0] isis enable 1
[RouterD-GigabitEthernet1/0/0] quit
[RouterD] interface gigabitethernet 2/0/0
[RouterD-GigabitEthernet2/0/0] isis enable 1
[RouterD-GigabitEthernet2/0/0] quit
# Configure Router E.
[RouterE] isis 1
[RouterE-isis-1] is-level level-1
7-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
[RouterE-isis-1] network-entity 10.0000.0000.0005.00
[RouterE-isis-1] quit
[RouterE] interface gigabitethernet 1/0/0
[RouterE-GigabitEthernet1/0/0] isis enable 1
[RouterE-GigabitEthernet1/0/0] quit
[RouterE] interface gigabitethernet 2/0/0
[RouterE-GigabitEthernet2/0/0] isis enable 1
[RouterE-GigabitEthernet2/0/0] quit
[RouterE] interface pos 4/0/0
[RouterE-Pos4/0/0] isis enable 1
[RouterE-Pos4/0/0] quit
[RouterE] interface gigabitethernet 3/0/0
[RouterE-GigabitEthernet3/0/0] isis enable 1
[RouterE-GigabitEthernet3/0/0] quit
Step 3 Check basic IS-IS configurations.
# View IS-IS routing information on Router A.
[RouterA] display isis route
Route information for ISIS(1)
----------------------------ISIS(1) Level-1 Forwarding Table
-------------------------------IPV4 Destination
IntCost
ExtCost ExitInterface
NextHop
Flags
-------------------------------------------------------------------------------10.1.1.0/24
10
NULL
GE1/0/0
Direct
D/-/
L/-/20.1.1.0/24
30
NULL
GE3/0/0
40.1.1.2
A/-/-/-/
C
GE2/0/0
50.1.1.2
Pos4/0/0
30.1.1.2
30.1.1.0/24
10
NULL
Pos4/0/0
Direct
D/L/40.1.1.0/24
10
NULL
GE3/0/0
Direct
D/L/50.1.1.0/24
10
NULL
GE2/0/0
Direct
D/L/60.1.1.0/24
20
NULL
Pos4/0/0
30.1.1.2
R/-/70.1.1.0/24
20
NULL
GE3/0/0
40.1.1.2
A/-/-/-/80.1.1.0/24
20
NULL
GE2/0/0
50.1.1.2
R/-/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set, C-In Computing
# Ping 20.1.1.1 from Router A. By viewing the display on the Network Management Station
(NM Station), you can find that equal-cost load balancing is implemented among outgoing
interfaces.
<RouterA> ping 20.1.1.1
PING 20.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=254 time=16 ms
Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=254 time=64 ms
--- 20.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/16/64 ms
Step 4 Enable UCMP on each outgoing interface of Router A.
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] load-balance unequal-cost enable
[RouterA-GigabitEthernet2/0/0] quit
[RouterA] interface pos 4/0/0
[RouterA-Pos4/0/0] load-balance unequal-cost enable
[RouterA-Pos4/0/0] quit
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-21
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
[RouterA] interface gigabitethernet 3/0/0
[RouterA-GigabitEthernet3/0/0] load-balance unequal-cost enable
[RouterA-GigabitEthernet3/0/0] quit
Step 5 Re-enable GigabitEthernet2/0/0, GigabitEthernet3/0/0, and POS4/0/0 to validate UCMP
configurations on Router A.
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] shutdown
[RouterA-GigabitEthernet2/0/0] undo shutdown
[RouterA-GigabitEthernet2/0/0] quit
[RouterA] interface gigabitethernet 3/0/0
[RouterA-GigabitEthernet3/0/0] shutdown
[RouterA-GigabitEthernet3/0/0] undo shutdown
[RouterA-GigabitEthernet3/0/0] quit
[RouterA]interface pos 4/0/0
[RouterA-Pos4/0/0] shutdown
[RouterA-Pos4/0/0] undo shutdown
Step 6 Verify the configuration.
# Ping 20.1.1.1 from Router A. By viewing the display on the NM Station, you can find that
UCMP is realized among outgoing interfaces.
<RouterA> ping 20.1.1.1
PING 20.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=254 time=16 ms
Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms
Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=254 time=64 ms
--- 20.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/16/64 ms
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet2/0/0
undo shutdown
load-balance unequal-cost enable
ip address 50.1.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet3/0/0
undo shutdown
load-balance unequal-cost enable
ip address 40.1.1.1 255.255.255.0
isis enable 1
#
interface Pos4/0/0
7-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
link-protocol ppp
undo shutdown
load-balance unequal-cost enable
ip address 30.1.1.1 255.255.255.0
isis enable 1
#
return
l
Configuration file of Router B
#
sysname RouterB
#
isis 1
is-level level-1
network-entity 10.0000.0000.0002.00
#
interface Pos1/0/0
undo shutdown
link-protocol ppp
ip address 30.1.1.2 255.255.255.0
isis enable 1
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 60.1.1.2 255.255.255.0
isis enable 1
#
return
l
Configuration file of Router C
#
sysname RouterC
#
isis 1
is-level level-1
network-entity 10.0000.0000.0003.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 40.1.1.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 70.1.1.2 255.255.255.0
isis enable 1
#
return
l
Configuration file of Router D
#
sysname RouterD
#
isis 1
is-level level-1
network-entity 10.0000.0000.0004.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 50.1.1.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 80.1.1.2 255.255.255.0
isis enable 1
#
return
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
l
Configuration file of Router E
#
sysname RouterE
#
isis 1
is-level level-1
network-entity 10.0000.0000.0005.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 80.1.1.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 70.1.1.1 255.255.255.0
isis enable 1
#
interface Pos4/0/0
link-protocol ppp
undo shutdown
ip address 60.1.1.1 255.255.255.0
isis enable 1
#
return
7.6.3 Example for Configuring Global Unequal-Cost Load
Balancing for IP Packet Forwarding
Networking Requirements
As shown in Figure 7-3, Router A and Router C are connected through two links.
l
GE 2/0/0 on Router A and GE 2/0/0 on Router B are connected through a physical link.
l
Eth-Trunk1 interface on Router A has two member interfaces, GE 3/0/0 and GE 4/0/0; EthTrunk1 interface on Router B has two member interfaces, GE 3/0/0 and GE 4/0/0.
Eth-Trunk1 interface has two GE interfaces, and thus the bandwidth of Eth-Trunk1 interface is
twice that of a single physical link. It is aimed to perform unequal-cost load balancing for IP
packet forwarding in the two links between Router A and Router C. In the example, unequalcost load balancing refers to global unequal-cost load balancing.
Figure 7-3 Networking diagram of configuring unequal-cost load balancing
RouterA
GE2/0/0
GE3/0/0
GE10/0
10.1.1.1/24
7-24
RouterB
Eth-Trunk1
GE4/0/0
GE2/0/0
GE3/0/0
GE4/0/0
RouterC
GE2/0/2
GE2/0/2
Device Name
Interface Name
IP Address
Router A
GE 2/0/0
30.1.1.1/24
Eth-Trunk1
40.1.1.1/24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
GE1/0/0
20.1.1.1/24
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
Router B
Router C
GE 2/0/0
30.1.1.2/24
Eth-Trunk1
40.1.1.2/24
GE 2/0/2
50.1.1.1/24
GE 2/0/2
50.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure a static route on each device.
2.
Enable unequal-cost load balancing on Router B so that the two links between Router A
and Router C can perform unequal-cost load balancing for IP packet forwarding.
Data Preparation
To complete the configuration, you need the following data:
l
Interface type and number
l
IP address of each interface
l
Number of the Eth-Trunk
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not mentioned here.
Step 2 Configure a static route.
# Configure Router A.
[RouterA]
[RouterA]
[RouterA]
[RouterA]
ip
ip
ip
ip
route-static
route-static
route-static
route-static
20.1.1.0
20.1.1.0
50.1.1.0
50.1.1.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
gigabitethernet2/0/0 30.1.1.2
eth-trunk1 40.1.1.2
gigabitethernet2/0/0 30.1.1.2
eth-trunk1 40.1.1.2
# Configure Router B.
[RouterB] ip route-static 10.1.1.0 255.255.255.0 gigabitethernet2/0/0 30.1.1.1
[RouterB] ip route-static 10.1.1.0 255.255.255.0 eth-trunk1 40.1.1.1
[RouterB] ip route-static 20.1.1.0 255.255.255.0 gigabitethernet2/0/2 50.1.1.2
# Configure Router C.
[RouterC] ip route-static 10.1.1.0 255.255.255.0 gigabitethernet2/0/2 50.1.1.1
[RouterC] ip route-static 30.1.1.0 255.255.255.0 gigabitethernet2/0/2 50.1.1.1
[RouterC] ip route-static 40.1.1.0 255.255.255.0 GigabitEthernet2/0/2 50.1.1.1
Step 3 Enable unequal-cost load balancing on Router B.
[RouterB] load-balance unequal-cost enable
Step 4 Verify the configuration.
# Router C can ping through 10.1.1.1. Run the display fib verbose command to view bandwidth
information of the outbound interface. The command output shows that the bandwidth of EthTrunk1 interface is twice that of GE 2/0/0. This indicates that unequal-cost load balancing is
enabled.
[RouterC] ping -c 100 -t 10 -m 10 10.1.1.1
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=254 time=3 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms
...
--- 10.1.1.1 ping statistics --100 packet(s) transmitted
99 packet(s) received
1.00% packet loss
round-trip min/avg/max = 1/1/6 ms
[RouterB] display fib 10.1.1.1 verbose
Route Entry Count: 2
Destination: 10.1.1.0
Mask
: 255.255.255.0
Nexthop
: 30.1.1.1
OutIf
: GigabitEthernet2/0/2
LocalAddr : 30.1.1.2
LocalMask: 0.0.0.0
Flags
: GSU
Age
: 11128sec
ATIndex
: 0
Slot
: 2
LspFwdFlag : 0
LspToken : 0x0
InLabel
: NULL
OriginAs : 0
BGPNextHop : 0.0.0.0
PeerAs
: 0
QosInfo
: 0x0
OriginQos: 0x0
NexthopBak : 0.0.0.0
OutIfBak : [No Intf]
LspTokenBak: 0x0
InLabelBak : NULL
LspToken_ForInLabelBak
: 0x0
EntryRefCount : 0
VlanId : 0x0
LspType
: 0
Label_ForLspTokenBak
: 0
MplsMtu
: 0
Gateway_ForLspTokenBak : 0
NextToken
: 0x0
IfIndex_ForLspTokenBak : 0
Label_NextToken : 0
Label : 0
LspBfdState
: 0
OutIfSpeed(Kbits/sec) : 1000000
Destination: 10.1.1.0
Nexthop
: 40.1.1.1
LocalAddr : 40.1.1.2
Flags
: GSU
ATIndex
: 0
LspFwdFlag : 0
InLabel
: NULL
BGPNextHop : 0.0.0.0
QosInfo
: 0x0
NexthopBak : 0.0.0.0
LspTokenBak: 0x0
LspToken_ForInLabelBak
: 0x0
EntryRefCount : 0
VlanId : 0x0
LspType
: 0
MplsMtu
: 0
NextToken
: 0x0
Label_NextToken : 0
LspBfdState
: 0
OutIfSpeed(Kbits/sec) : 2000000
Mask
:
OutIf
:
LocalMask:
Age
:
Slot
:
LspToken :
OriginAs :
PeerAs
:
OriginQos:
OutIfBak :
InLabelBak
255.255.255.0
Eth-Trunk1
0.0.0.0
11128sec
0
0x0
0
0
0x0
[No Intf]
: NULL
Label_ForLspTokenBak
: 0
Gateway_ForLspTokenBak : 0
IfIndex_ForLspTokenBak : 0
Label : 0
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
interface Eth-Trunk1
ip address 40.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
7-26
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
7 IP Performance Configuration
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet3/0/0
undo shutdown
eth-trunk 1
#
interface GigabitEthernet4/0/0
undo shutdown
eth-trunk 1
#
ip route-static 20.1.1.0 255.255.255.0
ip route-static 20.1.1.0 255.255.255.0
ip route-static 50.1.1.0 255.255.255.0
ip route-static 50.1.1.0 255.255.255.0
#
l
GigabitEthernet2/0/0 30.1.1.2
Eth-Trunk1 40.1.1.2
GigabitEthernet2/0/0 30.1.1.2
Eth-Trunk1 40.1.1.2
Configuration file of Router B
#
sysname RouterB
#
load-balance unequal-cost enable
#
interface Eth-Trunk1
ip address 40.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 30.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/2
undo shutdown
ip address 50.1.1.1 255.255.255.0
#
interface GigabitEthernet3/0/0
undo shutdown
eth-trunk 1
#
interface GigabitEthernet4/0/0
undo shutdown
eth-trunk 1
#
ip route-static 10.1.1.0 255.255.255.0 GigabitEthernet2/0/0 30.1.1.1
ip route-static 10.1.1.0 255.255.255.0 Eth-Trunk1 40.1.1.1
ip route-static 20.1.1.0 255.255.255.0 GigabitEthernet2/0/2 50.1.1.2
#
return
l
Configuration file of Router C
#
sysname RouterC
#
ip route-static 10.1.1.0 255.255.255.0 GigabitEthernet2/0/2 50.1.1.1
ip route-static 30.1.1.0 255.255.255.0 GigabitEthernet2/0/2 50.1.1.1
ip route-static 40.1.1.0 255.255.255.0 GigabitEthernet2/0/2 50.1.1.1
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/2
undo shutdown
ip address 50.1.1.2 255.255.255.0
#
return
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7-27
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
8
ACL Configuration
About This Chapter
This chapter describes the fundamentals of ACL along with its types such as basic, advanced
and interface based ACL. It also includes basic ACL configuration steps, along with typical
examples.
8.1 ACL Overview
This section describes basic concepts and parameters of Access Control List (ACL).
8.2 Configuring an Interface-based ACL
This section describes how to configure an Interface-based ACL.
8.3 Configuring a Basic ACL
This section describes how to configure basic ACL.
8.4 Configuring an Advanced ACL
This section describes how to configure the Advanced ACL.
8.5 Configuring an ACL Based on the Ethernet Frame Header
This section describes how to configure the Ethernet frame header-based ACL.
8.6 Configuring an UCL
This section describes how to configure the UCL.
8.7 Configuring a Named ACL
This section describes how to configure the Named ACL.
8.8 Maintaining an ACL
This section describes how to Maintain an ACL.
8.9 Configuration Examples
This section provides a configuration example of ACL.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
8.1 ACL Overview
This section describes basic concepts and parameters of Access Control List (ACL).
8.1.1 Introduction to ACL
8.1.2 ACL Supported by the NE80E/40E
8.1.1 Introduction to ACL
To enable a device to filter the passing packets, you can configure a series of rules on the device
to determine what kinds of packets can pass filtering. The rules configured on the device are
called Access Control List (ACL) rules.
An ACL includes a group of orderly rules that consist of rule { deny | permit } clauses. The
rules are described with some parameters, such as based on the source address, the destination
address, and the port number of data packets. The ACL classifies data packets according to these
rules. After these rules are applied to the device, the device can determine whether to receive or
deny packets.
The ACL is classified into these types:
l
Basic ACL: classifies packets based on the source address.
l
Advanced ACL: classifies packets more detailedly based on the source address, destination
address, source port number, destination port number, and protocol type.
l
Interface-based ACL: classifies packets based on the interface from which the packets are
received.
l
Ethernet Frame Header ACL: classifies packets more detailedly based on the source MAC
address and destination MAC address.
l
User ACL: classifies packets more detailedly based on user groups.
NOTE
Actually, an ACL is a group of rules used to define classes of packets. It cannot be used to filter packet.
For detailed processing methods of packets, you need to import detailed functions of ACL. In the NE80E/
40E, the ACL must be in conjunction with some functions, such as policy-based routing (PBR), firewall,
and traffic classification to filter packets.
The default action defined in the ACL rule is deny. Therefore, to allow the subsequent flows to pass, you
need to specify the action in the ACL rule to permit.
8.1.2 ACL Supported by the NE80E/40E
The NE80E/40E supports an interface-based ACLs, basic ACLs, advanced ACLs, Ethernet
frame header-based ACLs, and ACL-based users (UCLs).
8.2 Configuring an Interface-based ACL
This section describes how to configure an Interface-based ACL.
8.2.1 Establishing the Configuration Task
8.2.2 (Optional) Creating a Time Range
8-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
8.2.3 Creating an Interface-based ACL
8.2.4 (Optional) Configuring ACL Descriptions
8.2.5 (Optional) Configuring ACL Step
8.2.6 Checking the Configuration
8.2.1 Establishing the Configuration Task
Applicable Environment
An ACL can be applied to various services such as route policies and packet filtering. It
distinguishes different kinds of packets for different processing.
Pre-configuration Tasks
None.
Data Preparation
To configure an ACL, you need the following data.
No.
Data
1
(Optional) Name of the time range in which the Interface-based ACL takes effect
and the start time and end time of the time range
2
Rule ID of the Interface-based ACL, permit or deny rule
3
Interface type and Interface number of the interfac in which the Interface-based ACL
takes effect
4
(Optional) Description of the Interface-based ACL
5
(Optional) Step of the Interface-based ACL
8.2.2 (Optional) Creating a Time Range
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
An ACL time range is created.
You can configure multiple time ranges at the same name.
----End
8.2.3 Creating an Interface-based ACL
Context
The range of acl-number of an interface-based ACL is 1000 to 1999.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
An interface-based ACL is created.
Step 3 Run:
rule [ rule-id ] { deny | permit } interface { interface-type interface-number |
any } [ logging | time-range time-name ] *
ACL rules are defined.
interface-type interface-number indicates the specified interface type and interface number.
any indicates any interface. logging takes effect on only software-based forwarding such as the
application of a routing policy.
----End
8.2.4 (Optional) Configuring ACL Descriptions
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
The ACL view is displayed.
8-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Step 3 Run:
description text
ACL description is created.
The ACL description covers the function of ACL rules. Its length should be less than 127
characters.
----End
8.2.5 (Optional) Configuring ACL Step
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
The ACL view is displayed.
Step 3 Run:
step step
ACL step is configured.
Note the following when modifying ACL configurations:
l
The undo step command restores the step to the default and realigns ACL rules.
l
The default step of the ACL rule is 5.
----End
8.2.6 Checking the Configuration
Prerequisite
The configurations of the ACL function are complete.
Procedure
l
Run the display acl { acl-number | all } command to check the configured ACL rule.
l
Run the display statistics acl { acl-number | all }control-plane [ | { begin | include |
exclude } regular-expression ] command to check the statistics about the packets matching
the ACL rule in soft forwarding.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Example
Run the display acl command. If the ACL number, the number of rules, and detailed step
description, and ACL rules are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display acl 1200
Interface Based ACL 1200, 1 rule
Acl's step is 5
rule 5 permit interface Pos4/0/0
Using the display statistics acl control-plane command, you can view the statistics about the
packets matching the ACL rule in soft forwarding.
<HUAWEI> display statistics acl 1000 control-plane
Interface Based ACL 1000, 1 rule
Acl's step is 5
rule 5 deny interface any (10 times matched)
Run the display time-range command. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Time-range : active1 ( Active )
14:00 to 00:00 daily
8.3 Configuring a Basic ACL
This section describes how to configure basic ACL.
8.3.1 Establishing the Configuration Task
8.3.2 (Optional) Creating a Time Range
8.3.3 Creating a Basic ACL
8.3.4 (Optional) Configuring ACL Descriptions
8.3.5 (Optional) Configuring ACL Step
8.3.6 Checking the Configuration
8.3.1 Establishing the Configuration Task
Applicable Environment
An ACL can be applied to various services, such as routing policies and packet filtering, to
implement differentiated packet processing based on packet types. When defining rules for a
basic ACL, you need to specify source IP addresses.
Pre-configuration Tasks
None.
8-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Data Preparation
To configure a basic ACL, you need the following data.
No.
Data
1
(Optional) Name of the time range in which the basic ACL takes effect and the start
time and end time of the time range
2
Number of the basic ACL
3
Rule ID of the basic ACL, permit or deny rule, and source IP address
4
(Optional) Description of the basic ACL
5
(Optional) Step of the basic ACL
8.3.2 (Optional) Creating a Time Range
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
An ACL time range is created.
You can configure multiple time ranges at the same name.
----End
8.3.3 Creating a Basic ACL
Context
The range of acl-number of a basic ACL is 2000 to 2999.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
A basic ACL is created.
Step 3 Run:
rule [ rule-id ] { deny | permit } [ fragment-type fragment-type-name | source
{ source-ip-address soucer-wildcard | any } | time-range time-name | vpn-instance
vpn-instance-name ]*
ACL rules are defined.
----End
8.3.4 (Optional) Configuring ACL Descriptions
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
The ACL view is displayed.
Step 3 Run:
description text
ACL description is created.
The ACL description covers the function of ACL rules. Its length should be less than 127
characters.
----End
8.3.5 (Optional) Configuring ACL Step
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
8-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
The ACL view is displayed.
Step 3 Run:
step step
ACL step is configured.
Note the following when modifying ACL configurations:
l
The undo step command restores the step to the default and realigns ACL rules.
l
The default step of the ACL rule is 5.
----End
8.3.6 Checking the Configuration
Prerequisite
The configurations of the ACL function are complete.
Procedure
l
Run the display acl { acl-number | all } command to check the configured ACL rule.
l
Run the display statistics acl { acl-number | all }control-plane [ | { begin | include |
exclude } regular-expression ] command to check the statistics about the packets matching
the ACL rule in soft forwarding.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Example
Run the display acl command. If the ACL number, the number of rules, and detailed step
description, and ACL rules are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 deny source 10.1.1.1 0
Using the display statistics acl control-plane command, you can view the statistics about the
packets matching the ACL rule in soft forwarding.
<HUAWEI> display statistics acl 2000 control-plane
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 deny source 10.1.1.1 0 (234 times matched)
Run the display time-range command. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Time-range : active1 ( Active )
14:00 to 00:00 daily
8.4 Configuring an Advanced ACL
This section describes how to configure the Advanced ACL.
8.4.1 Establishing the Configuration Task
8.4.2 (Optional) Creating a Time Range
8.4.3 Creating an Advanced ACL
8.4.4 (Optional) Configuring ACL Descriptions
8.4.5 (Optional) Configuring ACL Step
8.4.6 Checking the Configuration
8.4.1 Establishing the Configuration Task
Application Environment
An ACL can be applied to various services, such as routing policies and packet filtering, to
implement differentiated packet processing based on packet types. When defining rules for an
advanced ACL, you need to specify the source IP address, destination IP address, IP bearer
protocol type, TCP source port, TCP destination port, or ICMP message type and code.
Pre-configuration Tasks
None.
Data Preparation
To configure an advanced ACL, you need the following data.
8-10
No.
Data
1
(Optional) Name of the time range in which the advanced ACL takes effect and the
start time and end time of the time range
2
Number of the advanced ACL
3
Rule ID of the advanced ACL, permit or deny rule
4
IP bearer protocol type, source and destination ports, source and destination IP
address, and source IP address fragmented or not, or ICMP message type and code,
packet priority, ToS, and timeout period of the ACL rule
5
(Optional) Description of the advanced ACL
6
(Optional) Step of the advanced ACL
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
8.4.2 (Optional) Creating a Time Range
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
An ACL time range is created.
You can configure multiple time ranges at the same name.
----End
8.4.3 Creating an Advanced ACL
Context
The range of acl-number of an advanced ACL is 3000 to 3999.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
An advanced ACL is created.
Step 3 Perform the following as required.
l
When protocol is specified as TCP or UDP
Run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipaddress destination-wildcard | any } | destination-port operator port | fragmenttype fragment-type-name | source { source-ip-address source-wildcard | any } |
source-port operator port | syn-flag syn-flag | time-range time-name |
|
dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipaddress destination-wildcard | any } | destination-port operator port | fragmenttype fragment-type-name | source { source-ip-address source-wildcard | any } |
source-port operator port | syn-flag syn-flag | time-range time-name |
|
precedence precedence | tos tos ] *
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
ACL rules are defined.
syn-flag syn-flag applies to TCP only.
l
When protocol is specified as ICMP
Run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipaddress destination-wildcard | any } | fragment-type fragment-type-name | icmptype { icmp-name | icmp-type icmp-code } | source { source-ip-address sourcewildcard | any } | time-range time-name |
| dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipaddress destination-wildcard | any } | fragment-type fragment-type-name | icmptype { icmp-name | icmp-type icmp-code } | source { source-ip-address sourcewildcard | any } | time-range time-name |
| precedence precedence | tos tos ]
*
ACL rules are defined.
l
When protocol is specified as other protocol except TCP, UDP or ICMP
Run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipaddress destination-wildcard | any } | fragment-type fragment-type-name |
source { source-ip-address source-wildcard | any } | time-range time-name |
dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipaddress destination-wildcard | any } | fragment-type fragment-type-name |
source { source-ip-address source-wildcard | any } | time-range time-name |
precedence precedence | tos tos ] *
|
|
ACL rules are defined.
Configure different advanced ACLs on the device for different protocols over IP. Different
protocols have different parameters combination. For example, TCP and UDP have optional
parameter [ source-port operator port ] [ destination-port operator port ] while other protocols
do not.
----End
8.4.4 (Optional) Configuring ACL Descriptions
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
The ACL view is displayed.
Step 3 Run:
description text
ACL description is created.
8-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
The ACL description covers the function of ACL rules. Its length should be less than 127
characters.
----End
8.4.5 (Optional) Configuring ACL Step
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
The ACL view is displayed.
Step 3 Run:
step step
ACL step is configured.
Note the following when modifying ACL configurations:
l
The undo step command restores the step to the default and realigns ACL rules.
l
The default step of the ACL rule is 5.
----End
8.4.6 Checking the Configuration
Prerequisite
The configurations of the ACL function are complete.
Procedure
l
Run the display acl { acl-number | all } command to check the configured ACL rule.
l
Run the display statistics acl { acl-number | all }control-plane [ | { begin | include |
exclude } regular-expression ] command to check the statistics about the packets matching
the ACL rule in soft forwarding.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Example
Run the display acl command. If the ACL number, the number of rules, and detailed step
description, and ACL rules are displayed, it means that the configuration succeeds. For example:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
<HUAWEI> display acl 3000
Advanced ACL 3000, 1 rule
Acl's step is 5
rule 5 deny ip source 10.1.1.1 0
Using the display statistics acl control-plane command, you can view the statistics about the
packets matching the ACL rule in soft forwarding.
<HUAWEI> display statistics acl 3000 control-plane
Advanced ACL 3000, 1 rule
Acl's step is 5
rule 5 permit ip (1305 times matched)
Run the display time-range command. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Time-range : active1 ( Active )
14:00 to 00:00 daily
8.5 Configuring an ACL Based on the Ethernet Frame
Header
This section describes how to configure the Ethernet frame header-based ACL.
8.5.1 Establishing the Configuration Task
8.5.2 Creating an ACL Based on the Ethernet Frame Header
8.5.3 (Optional) Configuring ACL Descriptions
8.5.4 (Optional) Configuring ACL Step
8.5.5 Checking the Configuration
8.5.1 Establishing the Configuration Task
Application Environment
An ACL can be applied to various services, such as routing policies and packet filtering, to
implement differentiated packet processing based on packet types.The rules of an ACL based
on the Ethernet frame header are defined on the basis of source MAC addresses, destination
MAC addresses, and protocol type of packets.
Pre-configuration Tasks
None.
Data Preparation
To configure an Ethernet frame header-based ACL, you need the following data.
8-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
No.
Data
1
Number of the Ethernet frame header-based ACL
2
Source MAC addresses, destination MAC addresses, and protocol type
3
(Optional) Description of the Ethernet frame header-based ACL
4
(Optional) Step of the Ethernet frame header-based ACL
8.5.2 Creating an ACL Based on the Ethernet Frame Header
Context
The acl-number, based on the Ethernet frame header, ranges from 4000 to 4099.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
An Ethernet frame header-based ACL is created.
Step 3 Run:
rule [ rule-id ] { deny | permit } [ type type type-mask | source-mac source-mac
sourcemac-mask | dest-mac dest-mac destmac-mask ]
ACL rules are defined.
----End
8.5.3 (Optional) Configuring ACL Descriptions
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
The ACL view is displayed.
Step 3 Run:
description text
ACL description is created.
The ACL description covers the function of ACL rules. Its length should be less than 127
characters.
----End
8.5.4 (Optional) Configuring ACL Step
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
The ACL view is displayed.
Step 3 Run:
step step
ACL step is configured.
Note the following when modifying ACL configurations:
l
The undo step command restores the step to the default and realigns ACL rules.
l
The default step of the ACL rule is 5.
----End
8.5.5 Checking the Configuration
Prerequisite
The configurations of the Ethernet frame header-based ACL function are complete.
Procedure
l
Run the display acl { acl-number | all } command to check the configured ACL rule.
l
Run the display statistics acl control-plane { acl-number | all } control-plane [ |
{ begin | include | exclude } regular-expression ] command to check the statistics about
the packets matching the ACL rule in soft forwarding.
----End
8-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Example
Run the display aclcommand. If the ACL number, the number of rules, and detailed step
description, and ACL rules are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display acl 4000
Ethernet frame ACL 4000, 2 rules
Acl's step is 5
rule 5 deny source-mac 0000-0000-0000 0002-0002-0002 dest-mac 0002-0002-0002 00
03-0003-0003
rule 10 deny type 0200 0222 dest-mac 0000-0000-0000 0002-0002-0002
Using the display statistics acl control-plane command, you can view the statistics about the
packets matching the ACL rule in soft forwarding.
<HUAWEI> display statistics acl 4000 control-plane
Ethernet frame ACL 4000, 2 rules
Acl's step is 5
rule 5 deny source-mac 0000-0000-0000 0002-0002-0002 dest-mac 0002-0002-0002
0003-0003-0003(45 times matched)
rule 10 deny type 0200 0222 dest-mac 0000-0000-0000 0002-0002-0002(76 times
matched)
8.6 Configuring an UCL
This section describes how to configure the UCL.
8.6.1 Establishing the Configuration Task
8.6.2 (Optional) Creating a Time Range
8.6.3 Creating an UCL
8.6.4 (Optional) Configuring ACL Descriptions
8.6.5 (Optional) Configuring ACL Step
8.6.6 Checking the Configuration
8.6.1 Establishing the Configuration Task
Application Environment
After being configured with the user-based ACL (UCL), the device can provide different user
groups with different services. Similar to the configuration of the advanced ACL, you need to
specify the source IP address, destination IP address, IP bearer protocol type, TCP source port,
TCP destination port, or ICMP message type and code for the UCL.
Pre-configuration Tasks
None.
Data Preparation
To configure an UCL, you need the following data.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
No.
Data
1
(Optional) Name of the time range in which the advanced UCL takes effect and the
start time and end time of the time range
2
Number of the UCL
3
Rule ID of the UCL, permit or deny rule
4
IP bearer protocol type, source and destination ports, source and destination IP
address, and source IP address fragmented or not, or ICMP message type and code,
packet priority, ToS, and timeout period of the ACL rule
5
(Optional) Description of the UCL
6
(Optional) Step of the UCL
8.6.2 (Optional) Creating a Time Range
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
An ACL time range is created.
You can configure multiple time ranges at the same name.
----End
8.6.3 Creating an UCL
Context
The range of acl-number of an UCL is 6000 to 9999.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
8-18
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
An UCL is created.
Step 3 Perform the following as required.
l
When protocol is specified as TCP or UDP
rule [ rule-id ] { deny | permit } protocol source user-group source-group-name
[ destination { any | ip-address { destination-ip-address destination-wildcard | any } } |
destination-port operator port | fragment-type fragment-type-name | logging | sourceport operator port | syn-flag syn-flag | time-range time-name | dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol source user-group source-group-name
[ destination { any | ip-address { destination-ip-address destination-wildcard | any } } |
destination-port operator port | fragment-type fragment-type-name | logging | sourceport operator port | syn-flag syn-flag | time-range time-name | precedence precedence |
tos tos ] *
syn-flag syn-flag applies to TCP only.
l
When protocol is specified as ICMP
rule [ rule-id ] { deny | permit } protocol source user-group source-group-name
[ destination { any | ip-address { destination-ip-address destination-wildcard | any } } |
fragment-type fragment-type-name | icmp-type { icmp-name | icmp-type icmp-code } |
logging | time-range time-name | dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol source user-group source-group-name
[ destination { any | ip-address { destination-ip-address destination-wildcard | any } } |
fragment-type fragment-type-name | icmp-type { icmp-name | icmp-type icmp-code } |
logging | time-range time-name | precedence precedence | tos tos ] *
l
When protocolis specified as other protocol except TCP, UDP or ICMP
rule [ rule-id ] { deny | permit } protocol source user-group source-group-name
[ destination { any | ip-address { destination-ip-address destination-wildcard | any } } |
fragment-type fragment-type-name } | logging | time-range time-name | dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol source user-group source-group-name
[ destination { any | ip-address { destination-ip-address destination-wildcard | any } } |
fragment-type fragment-type-name } | logging | time-range time-name | precedence
precedence | tos tos ] *
Configure different UCLs on the device for different protocols over IP. Different protocols have
different parameters combination. For example, TCP and UDP have optional parameter [ sourceport operator port ] [ destination-port operator port ] while other protocols do not.
----End
8.6.4 (Optional) Configuring ACL Descriptions
Context
Do as follows on the router:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-19
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
The ACL view is displayed.
Step 3 Run:
description text
ACL description is created.
The ACL description covers the function of ACL rules. Its length should be less than 127
characters.
----End
8.6.5 (Optional) Configuring ACL Step
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
The ACL view is displayed.
Step 3 Run:
step step
ACL step is configured.
Note the following when modifying ACL configurations:
l
The undo step command restores the step to the default and realigns ACL rules.
l
The default step of the ACL rule is 5.
----End
8.6.6 Checking the Configuration
Prerequisite
The configurations of the UCL function are complete.
8-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Procedure
l
Run the display acl { acl-number | all } command to check the configured ACL rule.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Example
Run the display aclcommand. If the ACL number, the number of rules, and detailed step
description, and ACL rules are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display acl 6000
Ucl ACL 6000, 1 rule
Acl's step is 5
rule 5 deny tcp source user-group 1
Run the display time-rangecommand. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Time-range : active1 ( Active )
14:00 to 00:00 daily
8.7 Configuring a Named ACL
This section describes how to configure the Named ACL.
8.7.1 Establishing the Configuration Task
8.7.2 (Optional) Creating a Time Range
8.7.3 Creating a Named ACL
8.7.4 (Optional) Configuring named ACL Descriptions
8.7.5 (Optional) Configuring named ACL Step
8.7.6 Checking the Configuration
8.7.1 Establishing the Configuration Task
Application Environment
An ACL can be applied to various services, such as routing policies and packet filtering, to
implement differentiated packet processing based on packet types. Named ACLs are advanced
ACLs because you need to define rules for the named ACLs by specifying the source IP address,
destination IP address, IP bearer protocol type, TCP source port, TCP destination port, or ICMP
protocol type and code.
Pre-configuration Tasks
None.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-21
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Data Preparation
To configure a named ACL, you need the following data.
No.
Data
1
(Optional) Name of the time range in which the named ACL takes effect and the start
time and end time of the time range
2
Rule ID of the named ACL, permit or deny rule, and source IP address
3
IP bearer protocol type, source and destination ports, destination IP address, or ICMP
message type and code, packet priority, ToS, and timeout period of the ACL rule
4
(Optional) Description of the named ACL
5
(Optional) Step of the named ACL
8.7.2 (Optional) Creating a Time Range
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
An ACL time range is created.
You can configure multiple time ranges at the same name.
----End
8.7.3 Creating a Named ACL
Context
A named ACL is an advanced ACL and its acl-number ranges from 42768 to 45767.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
8-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
The system view is displayed.
Step 2 Run:
acl name acl-name [ number acl-number ] [ match-order { auto | config } ]
A named ACL is created and the named ACL view is displayed.
Step 3 Perform the following steps as required to configure rules for the named ACL. One ACL can
be configured with multiple rules.
l
When protocol is TCP or UDP, run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | destination-port operator port | fragment-type fragment-type-name |
source { source-ip-address source-wildcard | any } | source-port operator port | syn-flag
syn-flag time-range time-name | dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | destination-port operator port | fragment-type fragment-type-name |
source { source-ip-address source-wildcard | any } | source-port operator port | syn-flag
syn-flag time-range time-name | precedence precedence |tos tos ] *
syn-flagsyn-flag needs to be specified only when TCP is used.
l
When protocol is ICMP, run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | icmp-type { icmp-name | icmp-type
icmp-code } | source { source-ip-address source-wildcard | any } | time-range time-name |
dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | icmp-type { icmp-name |icmp-type
icmp-code } |source { source-ip-address source-wildcard | any } | time-range time-name |
precedence precedence | tos tos ] *
l
When protocol is not TCP, UDP, or ICMP, run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | source { source-ip-address sourcewildcard | any } | time-range time-name | dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | source { source-ip-address sourcewildcard | any } | time-range time-name | precedence precedence | tos tos ] *
Configure different advanced ACLs on the device for different protocols over IP. Different
protocols have different parameters combination. For example, TCP and UDP have optional
parameter [ source-port operator port ] [ destination-port operator port ] while other protocols
do not.
----End
8.7.4 (Optional) Configuring named ACL Descriptions
Context
Do as follows on the router:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl name acl-name
The named ACL view is displayed.
Step 3 Run:
description text
The named ACL description is created.
The ACL description covers the function of ACL rules. Its length should be less than 127
characters.
----End
8.7.5 (Optional) Configuring named ACL Step
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl name acl-name
The named ACL view is displayed.
Step 3 Run:
step step
ACL step is configured.
Note the following when modifying named ACL configurations:
l
The undo step command restores the step to the default and realigns ACL rules.
l
The default step of the ACL rule is 5.
----End
8.7.6 Checking the Configuration
Prerequisite
The configurations of the ACL function are complete.
8-24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Procedure
l
Run the display acl name acl-name command to check the configured ACL rule.
l
Run the display statistics acl { acl-number | all | name acl-name }control-plane [ |
{ begin | include | exclude } regular-expression ] command to check the statistics about
the packets matching the ACL rule in soft forwarding.
----End
Example
# Check the configurations of named ACL, whose name is test.
<HUAWEI> display acl name test
Advanced Name ACL test, 1 rule
Acl's step is 5
rule 5 permit ip
# View the statistics about the packets matching ACL named test in soft forwarding.
<HUAWEI> display statistics acl name test control-plane
Advanced ACL test, 2 rules
Acl's step is 5
rule 5 deny ip destination 1.1.5.0 0.0.0.255 (10 times matched)
rule 10 deny ip destination 1.1.6.0 0.0.0.255 (23 times matched)
8.8 Maintaining an ACL
This section describes how to Maintain an ACL.
8.8.1 Clearing ACL Statistics
8.8.2 Monitoring Network Operation Status of ACL
8.8.1 Clearing ACL Statistics
Context
CAUTION
Statistics cannot restore after you clear it. So, confirm the action before you use the command.
Procedure
Step 1 Run the reset acl counter { acl-number | name acl-name | all } command in the user view to
reset the ACL counter.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
8.8.2 Monitoring Network Operation Status of ACL
Context
In routine maintenance, you can run the following command in any view to check the operation
of ACL.
Procedure
l
Run the display acl { acl-number | name acl-name | all } command in any view to check
the operation of rules of the ACL.
l
Run the display statistics acl { acl-number | all | name acl-name }control-plane command
in any view to check the operation of the statistics about the packets matching the ACL
rule in soft forwarding.
l
Run the display time-range { time-name | all } command in any view to check the operation
of the time range of the ACL.
----End
8.9 Configuration Examples
This section provides a configuration example of ACL.
8.9.1 Example for Configuring a Traffic Policy Based on Complex Traffic Classification
8.9.2 Example for Configuring the Security Function of Access Devices
8.9.3 Example for Configuring an ACL Rule that Is Based on the VPN Instance
8.9.1 Example for Configuring a Traffic Policy Based on Complex
Traffic Classification
Networking Requirements
As shown in Figure 8-1, PE1, P, and PE2 are routers on an MPLS backbone network; CE1 and
CE2 are access routers on the edge of the backbone network. Three users from the local network
access the Internet through CE1.
8-26
l
On CE1, the CIR of the users from the network segment 1.1.1.0 is limited to 10 Mbit/s and
the CBS is limited to 150000 bytes.
l
On CE1, the CIR of the users from the network segment 2.1.1.0 is limited to 5 Mbit/s and
the CBS is limited to 100000 bytes.
l
On CE1, the CIR of the users from the network segment 3.1.1.0 is limited to 2 Mbit/s and
the CBS is limited to 100000 bytes.
l
On CE1, the DSCP values of the service packets from the three network segments are
marked to 40, 26, and 0.
l
PE1 accesses the MPLS backbone network at the CIR of 15 Mbit/s, the CBS of 300000
bytes, the PIR of 20 Mbit/s, and the PBS of 500000 bytes.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
l
8 ACL Configuration
On CE1, the CIR of the UDP protocol packets (except DNS, SNMP, SNMP Trap, and
Syslog packets) is limited to 5 Mbit/s, the CBS is limited to 100000 bytes, and the PIR is
limited to 15 Mbit/s.
Figure 8-1 Diagram for configuring a traffic policy based on the complex traffic classification
Loopback0
11.11.11.11/32
POS2/0/0
100.1.1.1/24
POS1/0/0
100.1.1.2/24
PE1
GE1/0/0
10.1.1.2/24
CE1
Loopback0
33.33.33.33/32
Loopback0
22.22.22.22/32
POS2/0/0
110.1.1.1/24
P
POS2/0/0
110.1.1.2/24
GE1/0/0
20.1.1.2/24
GE2/0/0
20.1.1.1/24
GE2/0/0
10.1.1.1/24
GE1/0/0
PE2
GE4/0/0
CE2
GE3/0/0
1.1.1.0
3.1.1.0
2.1.1.0
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure ACL rules.
2.
Configure traffic classifiers.
3.
Configure traffic behaviors.
4.
Configure traffic policies.
5.
Apply policies to interfaces.
Data Preparation
To complete the configuration, you need the following data:
l
ACL numbers, which are 2001, 2002, 2003, 3001, and 3002.
l
The DSCP values of the packets from the three network segments, which are re-marked to
be 40, 26, and 0.
l
The CIRs of the traffic of the three network segments, which are 10 Mbit/s, 5 Mbit/s, and
2 Mbit/s; and their CBSs, which are 150000 bytes, 100000 bytes, and 100000 bytes.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-27
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
l
The CIR of the UDP protocol packets (except DNS, SNMP, SNMP Trap, and Syslog
packets) on CE1, which is 5 Mbit/s, the CBS, which is 100000 bytes, and the PIR, which
is 15 Mbit/s.
l
The CIR of PE1, which is 15 Mbit/s; the CBS, which is 300000 bytes; and the PIR, which
is 20 Mbit/s, and the PBS of 500000 bytes.
l
Names of traffic classifiers, traffic behaviors, and traffic policies; the numbers of interfaces
to which traffic policies are applied.
Procedure
Step 1 Configure the IP addresses of the interfaces, the routes, and the basic MPLS functions (not
mentioned here).
Step 2 Configure complex traffic classification on CE1 to control the traffic that accesses CE1 from
the three local networks.
# Define ACL rules.
<CE1> system-view
[CE1] acl number 2001
[CE1-acl-basic-2001] rule
[CE1-acl-basic-2001] quit
[CE1] acl number 2002
[CE1-acl-basic-2002] rule
[CE1-acl-basic-2002] quit
[CE1] acl number 2003
[CE1-acl-basic-2003] rule
[CE1-acl-basic-2003] quit
[CE1] acl number 3001
[CE1-acl-basic-3001] rule
[CE1-acl-basic-3001] rule
[CE1-acl-basic-3001] rule
[CE1-acl-basic-3001] rule
[CE1-acl-basic-3001] quit
[CE1] acl number 3002
[CE1-acl-basic-3002] rule
[CE1-acl-basic-3002] quit
permit source 1.1.1.0 0.0.0.255
permit source 2.1.1.0 0.0.0.255
permit source 3.1.1.0 0.0.0.255
0
1
2
3
permit
permit
permit
permit
udp
udp
udp
udp
destination-port
destination-port
destination-port
destination-port
eq
eq
eq
eq
dns
snmp
snmptrap
syslog
4 permit udp
# Configure traffic classifiers and define ACL-based matching rules.
[CE1] traffic classifier a
[CE1-classifier-a] if-match acl 2001
[CE1-classifier-a] quit
[CE1] traffic classifier b
[CE1-classifier-b] if-match acl 2002
[CE1-classifier-b] quit
[CE1] traffic classifier c
[CE1-classifier-c] if-match acl 2003
[CE1-classifier-c] quit
[CE1]traffic classifier udplimit
[CE1-classifier-udplimit] if-match acl 3001
[CE1-classifier-udplimit] quit
[CE1] traffic classifier udplimit1
[CE1-classifier-udplimit1] if-match acl 3002
[CE1-classifier-udplimit1] quit
After the preceding configuration, you can run the following display traffic classifier command
to view the configuration of the traffic classifiers.
[CE1] display traffic classifier user-defined
User Defined Classifier Information:
Classifier: a
Operator: OR
Rule(s): if-match acl 2001
Classifier: c
8-28
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Operator: OR
Rule(s): if-match acl 2003
Classifier: b
Operator: OR
Rule(s): if-match acl 2002
Classifier: udplimit
Operator: OR
Rule(s) : if-match acl 3001
Classifier: udplimit1
Operator: OR
Rule(s) : if-match acl 3002
# Define traffic behaviors; configure traffic policing, and DSCP values to be re-marked.
[CE1] traffic behavior e
[CE1-behavior-e] car cir 10000 cbs 150000 pbs 0
[CE1-behavior-e] remark dscp 40
[CE1-behavior-e] quit
[CE1] traffic behavior f
[CE1-behavior-f] car cir 5000 cbs 100000 pbs 0
[CE1-behavior-f] remark dscp 26
[CE1-behavior-f] quit
[CE1] traffic behavior g
[CE1-behavior-g] car cir 2000 cbs 100000 pbs 0
[CE1-behavior-g] remark dscp 0
[CE1-behavior-g] quit
[CE1] traffic behavior udplimit
[CE1-behavior-udplimit] permit
[CE1-behavior-udplimit] quit
[CE1] traffic behavior udplimit1
[CE1-behavior-udplimit1] car cir 5000 cbs 100000 pbs 150000 green pass yellow
discard red discard
[CE1-behavior-udplimit1] quit
# Define traffic policies and associate the traffic classifiers with the traffic behaviors.
[CE1] traffic policy 1
[CE1-trafficpolicy-1] classifier a behavior e
[CE1-trafficpolicy-1] quit
[CE1] traffic policy 2
[CE1-trafficpolicy-2] classifier b behavior f
[CE1-trafficpolicy-2] quit
[CE1] traffic policy 3
[CE1-trafficpolicy-3] classifier c behavior g
[CE1-trafficpolicy-3] quit
[CE1] traffic policy udplimit
[CE1-trafficpolicy-udplimit] classifier udplimit behavior udplimit
[CE1-trafficpolicy-udplimit] classifier udplimit1 behavior udplimit1
[CE1-trafficpolicy-3] quit
After the preceding configuration, run the display traffic policy command to view the
configuration of the traffic policies, traffic classifiers defined in the traffic policies, and the traffic
behaviors associated with traffic classifiers.
[CE1] display traffic policy user-defined
User Defined Traffic Policy Information:
Policy: 1
Classifier: default-class
Behavior: be
-noneClassifier: a
Behavior: e
Committed Access Rate:
CIR 10000 (Kbps), PIR 0 (Kbps), CBS 15000 (byte), PBS 0 (byte)
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
Marking:
Remark DSCP cs5
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-29
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Policy: 2
Classifier: default-class
Behavior: be
-noneClassifier: b
Behavior: f
Committed Access Rate:
CIR 5000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte)
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
Marking:
Remark DSCP af31
Policy: 3
Classifier: default-class
Behavior: be
-noneClassifier: c
Behavior: g
Committed Access Rate:
CIR 2000 (Kbps), PIR 0 (Kbps), CBS 100000 (byte), PBS 0 (byte)
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
Marking:
Remark DSCP default
Policy: udplimit
Classifier: default-class
Behavior: be
-noneClassifier: udplimit
Behavior: udplimit
Firewall:
permit
Classifier: udplimit1
Behavior: udplimit1
Committed Access Rate:
CIR 5000 (Kbps), PIR 0 (Kbps), CBS 10000 (byte), PBS 15000 (byte)
Conform Action: pass
Yellow Action: discard
Exceed Action: discard
# Apply the traffic policies to the inbound interfaces.
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] undo shutdown
[CE1-GigabitEthernet1/0/0] traffic-policy
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 3/0/0
[CE1-GigabitEthernet3/0/0] undo shutdown
[CE1-GigabitEthernet3/0/0] traffic-policy
[CE1-GigabitEthernet3/0/0] quit
[CE1] interface gigabitethernet 4/0/0
[CE1-GigabitEthernet4/0/0] undo shutdown
[CE1-GigabitEthernet4/0/0] traffic-policy
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] undo shutdown
[CE1-GigabitEthernet2/0/0] traffic-policy
1 inbound
2 inbound
3 inbound
udplimit outbound
Step 3 Configure complex traffic classification on PE1 to control the traffic that goes to the MPLS
backbone network.
# Configure traffic classifiers and define matching rules.
<PE1> system-view
[PE1] traffic classifier pe
[PE1-classifier-pe] if-match any
[PE1-classifier-pe] quit
8-30
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
After the preceding configuration, you can run the display traffic classifier command to view
the configuration of the traffic classifiers.
[PE1] display traffic classifier user-defined
User Defined Classifier Information:
Classifier: pe
Operator: OR
Rule(s): if-match any
# Define traffic behaviors; configure traffic policing.
[PE1] traffic behavior pe
[PE1-behavior-pe] car cir 15000 pir 20000 cbs 300000 pbs 500000
[PE1-behavior-pe] quit
# Define traffic policies and associate the traffic classifiers with the traffic behaviors.
[PE1] traffic policy pe
[PE1-trafficpolicy-pe] classifier pe behavior pe
[PE1-trafficpolicy-pe] quit
After the preceding configuration, you can run the display traffic policy command to view the
configuration of the traffic policies, traffic classifiers defined in the traffic policies, and the traffic
behaviors associated with traffic classifiers.
[PE1] display traffic policy user-defined
User Defined Traffic Policy Information:
Policy: pe
Classifier: default-class
Behavior: be
-noneClassifier: pe
Behavior: pe
Committed Access Rate:
CIR 15000 (Kbps), PIR 20000 (Kbps), CBS 300000 (byte), PBS 500000 (byte)
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
# Apply the traffic policies to the inbound interfaces.
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] traffic-policy pe inbound
[PE1-GigabitEthernet1/0/0] quit
Step 4 Verify the configuration.
Run the display interface command on CE1 and PE1. You can view that the traffic on the
interfaces are regulated according to the configured traffic policies.
----End
Configuration Files
l
Configuration file of CE1
#
sysname CE1
#
acl number 2001
rule 5 permit source 1.1.1.0 0.0.0.255
acl number 2002
rule 5 permit source 2.1.1.0 0.0.0.255
acl number 2003
rule 5 permit source 3.1.1.0 0.0.0.255
acl number 3001
rule 0 permit udp destination-port eq dns
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-31
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
rule 1 permit udp destination-port eq snmp
rule 2 dpermit udp destination-port eq snmptrap
rule 3 permit udp destination-port eq syslog
acl number 3302
rule 4 permit udp
#
traffic classifier a operator or
if-match acl 2001
traffic classifier c operator or
if-match acl 2003
traffic classifier b operator or
if-match acl 2002
traffic classifier udp-limit operator or
if-match acl 3001
traffic classifier udp-limit1 operator or
if-match acl 3002
#
traffic behavior e
car cir 10000 cbs 150000 pbs 0 green pass red discard
remark dscp cs5
traffic behavior g
car cir 2000 cbs 100000 pbs 0 green pass red discard
remark dscp default
traffic behavior f
car cir 5000 cbs 100000 pbs 0 green pass red discard
remark dscp af31
traffic behavior udp-limit
traffic behavior udp-limit1
car cir 5000 cbs 100000 pbs 150000 green pass yellow discard red discard
#
traffic policy 3
classifier c behavior g
traffic policy 2
classifier b behavior f
traffic policy 1
classifier a behavior e
traffic policy udp-limit
classifier udp-limit behavior udp-limit
classifier udp-limit1 behavior udp-limit1
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.1 255.255.255.0
traffic-policy 1 inbound
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
traffic-policy udplimit outbound
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 2.1.1.1 255.255.255.0
traffic-policy 2 inbound
#
interface GigabitEthernet4/0/0
undo shutdown
ip address 3.1.1.1 255.255.255.0
traffic-policy 3 inbound
#
ospf 1
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 2.1.1.0 0.0.0.255
network 3.1.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return
l
8-32
Configuration file of PE1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
#
sysname PE1
#
mpls lsr-id 11.11.11.11
mpls
#
mpls ldp
#
traffic classifier pe operator or
if-match any
#
traffic behavior pe
car cir 15000 pir 20000 cbs 300000 pbs 500000 green pass yellow pass red
discard
#
traffic policy pe
classifier pe behavior pe
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.2 255.255.255.0
traffic-policy pe inbound
#
interface Pos2/0/0
undo shutdown
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 11.11.11.11 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 100.1.1.0 0.0.0.255
network 11.11.11.11 0.0.0.0
#
return
l
Configuration file of P
#
sysname P
#
mpls lsr-id 33.33.33.33
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
ip address 110.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 33.33.33.33 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 110.1.1.0 0.0.0.255
network 33.33.33.33 0.0.0.0
#
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-33
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
return
l
Configuration file of PE2
#
sysname PE2
#
mpls lsr-id 22.22.22.22
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 20.1.1.2 255.255.255.0
#
interface Pos2/0/0
undo shutdown
ip address 110.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 22.22.22.22 255.255.255.255
#
ospf 10
area 0.0.0.0
network 110.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 22.22.22.22 0.0.0.0
#
return
l
Configuration file of CE2
#
sysname CE2
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 20.1.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
#
return
8.9.2 Example for Configuring the Security Function of Access
Devices
Networking Requirements
As shown in Figure 8-2, Router A, Router B, Router C are access devices; Router D, Router E,
and Router F are core devices; Access devices are connected to core devices by 10G interfaces.
The network provides voice and 3G services. Security policies need to be configured on access
devices to control the access of users and to guarantee the security of both the network and
devices.
8-34
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Figure 8-2 Networking of configuring the security function of access devices
Internet
GE1/0/0
RouterC
RouterD
GE1/0/0
GE1/0/0
Internet
Internet
RouterF
RouterE
RouterA
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Set the passwords to be used for login in NMS and CLI modes.
2.
Log information about login failures.
3.
Create an Access Control List (ACL) to deny specified services carried on TCP and UDP
interfaces (to defend virus).
Data Preparation
To complete the configuration, you need the following data:
l
IP address of each interface
l
Passwords to be used for login in NMS and CLI modes
Procedure
Step 1 Configure an IP address for each interface. The configuration details are not mentioned here.
Step 2 Set the passwords to be used for login in NMS and CLI modes.
<RouterA> system-view
[RouterA] user-interface console 0
[RouterA-ui-con0] shell
[RouterA-ui-con0] authentication mode password
[RouterA-ui-con0] set authentication password cipher huawei
[RouterA-ui-con0] idle-timeout 30 0
[RouterA-ui-con0] quit
[RouterA] user-interface maximum-vty 15
[RouterA] user-interface vty 5 14
[RouterA-ui-vty5-14] shell
[RouterA-ui-vty5-14] authentication mode password
[RouterA-ui-vty5-14] set authentication password cipher huawei
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-35
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
[RouterA-ui-vty5-14] idle-timeout 30 0
[RouterA-ui-vty5-14] quit
NOTE
Configurations for each access devices are similar. Take Router A for example.
Step 3 Set logs to be exported to the control console.
[RouterA]
[RouterA]
[RouterA]
[RouterA]
<RouterA>
info-center enable
info-center source default channel 9 log level warnings
info-center logfile channel channel9
quit
terminal logging
Step 4 Configure the ACL to prevent devices from being attacked from specified TCP and UDP
interfaces.
NOTE
Configuring the ACL must be performed on the access device interface that is on the access side.
[RouterA] acl number 3001
[RouterA-acl-adv-3001] description anti-virus
[RouterA-acl-adv-3001] rule 5 deny tcp destination-port eq 445
[RouterA-acl-adv-3001] rule 10 deny udp destination-port eq 445
[RouterA-acl-adv-3001] rule 15 deny tcp destination-port eq 135
[RouterA-acl-adv-3001] rule 20 deny udp destination-port eq 135
[RouterA-acl-adv-3001] rule 25 deny tcp destination-port eq 137
[RouterA-acl-adv-3001] rule 30 deny udp destination-port eq netbios-ns
[RouterA-acl-adv-3001] rule 35 deny tcp destination-port eq 139
[RouterA-acl-adv-3001] rule 40 deny udp destination-port eq netbios-ssn
[RouterA-acl-adv-3001] rule 45 deny udp destination-port eq 1433
[RouterA-acl-adv-3001] rule 50 deny udp destination-port eq 1434
[RouterA-acl-adv-3001] rule 55 deny tcp destination-port eq 4444
[RouterA-acl-adv-3001] rule 60 deny tcp destination-port eq 5554
[RouterA-acl-adv-3001] rule 65 deny udp destination-port eq 5554
[RouterA-acl-adv-3001] rule 70 deny tcp destination-port eq 9996
[RouterA-acl-adv-3001] rule 75 deny udp destination-port eq 9996
[RouterA-acl-adv-3001] rule 110 permit ip
[RouterA-acl-adv-3001] quit
[RouterA] traffic classifier anti-virus operator or
[RouterA-classifier-anti-virus] if-match acl 3001
[RouterA-classifier-anti-virus] quit
[RouterA] traffic behavior anti-virus
[RouterA-behavior-anti-virus] quit
[RouterA] traffic policy anti-virus
[RouterA-trafficpolicy-anti-virus] classifier anti-virus behavior anti-virus
[RouterA-trafficpolicy-anti-virus] quit
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] traffic-policy anti-virus inbound
[RouterA-GigabitEthernet1/0/0] traffic-policy anti-virus outbound
----End
Configuration Files
NOTE
Only the configuration file on the Router A is provided.
l
Configuration file of Router A
#
sysname RouterA
#
info-center source default channel 9 log level warning
#
acl number 3001
description anti-virus
rule 5 deny tcp destination-port eq 445
8-36
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
rule 10 deny udp destination-port eq 445
rule 15 deny tcp destination-port eq 135
rule 20 deny udp destination-port eq 135
rule 25 deny tcp destination-port eq 137
rule 30 deny udp destination-port eq netbios-ns
rule 35 deny tcp destination-port eq 139
rule 40 deny udp destination-port eq netbios-ssn
rule 45 deny udp destination-port eq 1433
rule 50 deny udp destination-port eq 1434
rule 55 deny tcp destination-port eq 4444
rule 60 deny tcp destination-port eq 5554
rule 65 deny udp destination-port eq 5554
rule 70 deny tcp destination-port eq 9996
rule 75 deny udp destination-port eq 9996
rule 110 permit ip
#
traffic classifier anti-virus operator or
if-match acl 3001
#
traffic behavior anti-virus
#
traffic policy anti-virus
classifier anti-virus behavior anti-virus
#
interface GigabitEthernet1/0/0
undo shutdown
traffic-policy anti-virus inbound
traffic-policy anti-virus outbound
#
user-interface maximum-vty 15
user-interface con 0
authentication-mode password
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
idle-timeout 30 0
user-interface vty 0 4
user-interface vty 5 14
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
idle-timeout 30 0
user-interface vty 16 20
#
return
8.9.3 Example for Configuring an ACL Rule that Is Based on the
VPN Instance
Networking Requirements
As shown in Figure 8-3, two VPN instances are configured on the PE. CE1 belongs to VPN-A,
whose VPN-target is 111:1; CE2 belongs to VPN-B, whose VPN-target is 222:2. An ACL rule
is configured on the PE to permit users in VPN-A to log in to the PE through Telnet and to
prevent users in VPN-B from logging in to the PE. Users in different VPNs cannot communicate
with each other.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-37
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
Figure 8-3 Typical networking of configuring an ACL rule
AS: 65410
PE1
VPN-A
AS: 65420
CE1
VPN-B
CE2
GE1/0/0
10.1.1.2/24
GE1/0/0
10.1.1.1/24
GE2/0/0
11.1.1.1/24
GE1/0/0
11.1.1.2/24
AS: 100
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure VPN instances.
2.
Define the ACL rule.
3.
Configure users in different VPNs with different authorities for logging into the PE.
Data Preparation
To complete the configuration, you need the following data:
l
ACL number
l
VPN instance name
Procedure
Step 1 Configure VPN instances on the PE and connect CE1 and CE2 to the PE.
# Configure VPN-A.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] ip vpn-instance vpna
[PE-vpn-instance-vpna] route-distinguisher 100:1
[PE-vpn-instance-vpna] vpn-target 111:1 both
[PE-vpn-instance-vpna] quit
[PE] interface gigabitethernet 1/0/0
[PE-GigabitEthernet1/0/0] ip binding vpn-instance vpna
[PE-GigabitEthernet1/0/0] ip address 10.1.1.1 24
[PE-GigabitEthernet1/0/0] quit
# Configure VPN-B.
[PE] ip vpn-instance vpnb
[PE-vpn-instance-vpnb] route-distinguisher 100:2
[PE-vpn-instance-vpnb] vpn-target 222:2 both
[PE-vpn-instance-vpnb] quit
[PE] interface gigabitethernet 2/0/0
[PE-GigabitEthernet2/0/0] ip binding vpn-instance vpnb
[PE-GigabitEthernet2/0/0] ip address 11.1.1.1 24
[PE-GigabitEthernet2/0/0] quit
Step 2 Configure an ACL rule and then apply the rule on the PE. After that, users in VPN-A can log in
to the PE through Telnet; whereas users in VPN-B cannot log in to the PE.
8-38
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
[PE] acl number 2001
[PE-acl-adv-2001] rule permit vpn-instance vpna
[PE-acl-adv-2001] rule deny vpn-instance vpnb
[PE-acl-adv-2001] quit
Step 3 Use the ACL rule configured on the PE to control the login of users to the PE through Telnet.
[PE] user-interface vty 0 4
[PE-ui-vty0-4] authentication-mode none
[PE-ui-vty0-4] acl 2001 inbound
Step 4 Verify the configuration.
# Telnet CE1 to the PE.
<CE1> telnet 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
***********************************************************
*
Copyright (C) 2000-2009 Huawei Technologies Co., Ltd *
*
Without the owner's prior written consent,
*
* no decompiling or reverse-engineering shall be allowed. *
* Notice:
*
*
This is a private communication system.
*
*
Unauthorized access or use may lead to prosecution.
*
***********************************************************
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
<PE>
CE1 can log in to the PE through Telnet.
# Telnet CE2 to the PE.
<CE2> telnet 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Error: Failed to connect to the remote host.
CE2 cannot log in to the PE through Telnet.
----End
Configuration Files
l
Configuration file of the PE
#
sysname PE
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
ip vpn-instance vpnb
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
acl number 2001
rule 5 permit vpn-instance vpna
rule 10 deny vpn-instance vpnb
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8-39
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
8 ACL Configuration
#
domain default
#
#
interface Ethernet0/0/0
undo shutdown
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
undo shutdown
ip binding vpn-instance vpnb
ip address 11.1.1.1 255.255.255.0
#
user-interface con 0
user-interface vty 0 4
acl 2001 inbound
authentication-mode none
user-interface vty 16 20
#
return
l
Configuration file of CE1
#
sysname CE1
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
interface Ethernet0/0/0
undo shutdown
ip address 10.1.1.2 255.255.255.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
l
Configuration file of CE2
#
sysname CE2
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
interface Ethernet0/0/0
undo shutdown
ip address 11.1.1.2 255.255.255.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
8-40
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
9
Basic IPv6 Configuration
About This Chapter
This chapter describes the IPv6 features and IPv6 address overview. It also describes
configuration steps for IPv6 ND, PMTU, TCP6, FIB cache configuration, along with typical
examples.
9.1 Basic IPv6 Overview
This section describes the basic concept of IPv6
9.2 Configuring an IPv6 Address for an Interface
This section describes how to configure an IPv6 address for an interface.
9.3 Configuring IPv6 Neighbor Discovery
This section describes how to configure IPv6 neighbor discovery.
9.4 Configuring PMTU
This section describes how to configure IPv6 PMTU.
9.5 Enabling the FIB Cache
This section describes how to enable the FIB cache capacity.
9.6 Configuring TCP6
This section describes how to configure TCP connections.
9.7 Maintaining IPv6
This section describes how to clear IPv6 statistics and debug IPv6.
9.8 Configuration Examples
This section provides a configuration example for the IPv6 address.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
9.1 Basic IPv6 Overview
This section describes the basic concept of IPv6
9.1.1 Introduction to IPv6
9.1.2 IPv6 Supported by the NE80E/40E
9.1.1 Introduction to IPv6
Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network
protocol of the second generation. It is a set of specifications designed by the Internet
Engineering Task Force (IETF). IPv6 is the upgraded version of IPv4. The most remarkable
difference between IPv6 and IPv4 is that the IP address lengthens from 32 bits to 128 bits.
9.1.2 IPv6 Supported by the NE80E/40E
The NE80E/40E supports the IPv6 protocol suite and TCP6 protocol suite.
IPv6 Address
A 128-bit IPv6 address has the following formats:
l
X:X:X:X:X:X:X:X
In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group
are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are
separated by colons. Every "X" represents a group of hexadecimal values.
l
X:X:X:X:X:X:d.d.d.d
This format is for the following types of addresses:
–
IPv4-compatible IPv6 address
–
IPv4-mapped IPv6 address
IPv4-compatible IPv6 address is used to configure an IPv6 over IPv4 tunnel.
In this type of address, "X" represents the first six groups of numbers. Each "X" stands for
16 bits that are represented by hexadecimal numbers. "d" represents the subsequent four
group of numbers. Each "d" stands for eight bits that are represented by decimal numbers.
"d.d.d.d" is a standard IPv4 address.
An IPv6 address can be divided into two parts:
l
Network prefix: equals the network ID of an IPv4 address. It is of n bits.
l
Interface identifier: equals the host ID in an IPv4 address. It is of 128-n bits.
IPv6 Neighbor Discovery
The IPv6 neighbor discovery (ND) is a group of messages and processes that define the
relationship between neighboring nodes. ND replaces the Address Resolution Protocol (ARP)
messages and the Internet Control Message Protocol (ICMP) device discovery messages. It also
provides additional functions.
9-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
IPv6 PMTU
Generally, the problem that different networks have different Maximum Transmission Units
(MTU) can be solved in the following ways:
l
Devices fragment packets as required. The source host only needs to fragment packets;
however, the intermediate router not only needs to fragment packets, but also to reassemble
packets.
l
The source host sends packets based on a proper MTU so that packets need not be
fragmented on the intermediate router. In such a case, packet processing burden on the
intermediate router can be reduced. During IPv6 packet transmission, only this way can be
adopted because IPv6 intermediate routers do not support packet fragmentation.
The Path MTU (PMTU) Discovery mechanism aims at finding a proper MTU value on the path
from the source to the destination.
IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing
protocols. This brings about Routing Information Base (RIB). The RIB is a base of the
Forwarding Information Base (FIB). Guided by route management policies, a device extracts a
minimum of necessary forwarding information from RIB and adds the information to the FIB.
Through the route management module, you can also add static routes into the FIB.
A FIB contains a group of minimum information needed by a device during packet forwarding.
An FIB entry usually contains the destination address, prefix length, transport port, next-hop
address, route flag, and time stamp. A device forwards packets according to FIB entries.
The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB
container (used on the forwarding plane). A FIB agent is responsible for interacting with the
RM module for delivering FIB entries to the forwarding engine, and to the I/O board in a
distributed system.
A FIB contains the following information:
l
Destination address: indicates the network or host a packet is destined for.
l
Prefix length: indicates the length of the destination address prefix. From the prefix length,
you can infer that the destination address is a network address or a host address.
l
Nexthop: indicates the address of the close next hop through which the packet reaches the
destination.
l
Flag(s): identifies route features.
l
Interface: indicates the outgoing interface of the packet.
l
Timestamp: Indicates the time when an FIB entry is established.
9.2 Configuring an IPv6 Address for an Interface
This section describes how to configure an IPv6 address for an interface.
9.2.1 Establishing the Configuration Task
9.2.2 Enabling IPv6 Packet Forwarding Capability
9.2.3 Configuring an IPv6 Link-Local Address for an Interface
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
9.2.4 Configuring an IPv6 Global Unicast Address for an Interface
9.2.5 Checking the Configuration
9.2.1 Establishing the Configuration Task
Applicable Environment
When a device communicates with an IPv6 device, you need to configure IPv6 address for the
interface. The NE80E/40E supports configuring IPv6 addresses for the following interfaces:
l
Gigabit-Ethernet interfaces and sub-interfaces
l
POS interfaces (Only the POS interfaces configured with PPP or HDLC as the link protocol
support IPv6.)
l
Tunnel interfaces
l
Loopback interfaces
l
Eth-Trunk interfaces, Eth-Trunk sub-interfaces, and IP-Trunk interfaces
You can configure 10 addresses for one interface. Addresses can be the link-local address and
the global unicast address.
The link-local address is used in ND, and in the communication between nodes on the local link
in the stateless address auto-configuration. The packets using the link-local address as the source
or destination address are not forwarded to other links.
The link-local address can be automatically generated or manually configured. After being
enable with automatic address generation capability, the system automatically generates a linklocal address. The link-local address configured manually must be a valid link-local address
(FE80::/10).
It is recommended to automatically generate a link-local address because the link-local address
is used only for the communication between link-local nodes. Commonly, it is used to implement
communication requirements of protocol and is not directly related to the communication
between users.
The global unicast address is equivalent to the IPv4 public address. It is used for data forwarding
across the pubic network, which is necessary for the communication between users.
An EUI-64 address has the same function as an global unicast address. The difference is that
only the network bits need to be specified for the EUI-64 address and the host bits are transformed
from the MAC addresses of the interface while a complete 128-bit address need to be specified
for the global unicast address. Note that the prefix length of the network bits in an EUI-64 address
must not be longer than 64 bits.
The EUI-64 address and the global unicast address can be configured simultaneously or
alternatively. However, the IP addresses configured for one interface cannot be in the same
network segment.
Pre-configuration Tasks
Before configuring IPv6 addresses, complete the following tasks:
l
9-4
Configuring the physical features of the interface and ensuring that the status of the physical
layer of the interface is Up
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
l
9 Basic IPv6 Configuration
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IPv6 addresses for an interface, you need the following data.
No.
Data
1
Number of the interface
2
Link-local address configured manually
3
Global unicast address and prefix length
9.2.2 Enabling IPv6 Packet Forwarding Capability
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l
If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The IPv6 function, however, is not enabled on the interface
and hence you cannot perform any IPv6 configurations.
l
If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the IPv6 protocol status on the interface is Down.
Therefore, the device cannot forward IPv6 data.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6
The IPv6 packet forwarding capability is enabled.
By default, the IPv6 packet forwarding capability is disabled.
To enable a device to forward IPv6 packets, you must run this command in the system view;
otherwise, the IPv6 protocol status of the interface is Down and the device cannot forward IPv6
packets although you enable IPv6 on the interface.
Step 3 Run:
interface interface-type interface-number
The view of the interface to be enabled with the IPv6 capability is displayed.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Step 4 Run:
ipv6 enable
The IPv6 capability is enabled on the interface.
Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability
in the interface view.
By default, the IPv6 capability is disabled on the interface.
----End
9.2.3 Configuring an IPv6 Link-Local Address for an Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Perform the following as required.
Run:
ipv6 address auto link-local
Auto generation of the IPv6 link-local address is enabled.
Or
Run:
ipv6 address ipv6-address link-local
The IPv6 link-local address is manually configured.
Besides configuring a link-local address through the preceding two commands, you can also
configure a global unicast IPv6 address for auto generating a link-local address. For details, see
Configuring an IPv6 Global Unicast Address for an Interface.
----End
9.2.4 Configuring an IPv6 Global Unicast Address for an Interface
Context
Do as follows on the router:
9-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } [ eui-64 ]
The global unicast address is configured on the interface.
----End
9.2.5 Checking the Configuration
Prerequisite
The configurations of the IPv6 addresses are complete.
Procedure
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command to
check the IPv6 information of an interface.
l
Run the display ipv6 statistics [ slot slot-id | interface interface-type interface-number ]
command to check the IPv6 packet statistics.
----End
Example
Run the display ipv6 interface command. If the IPv6 address of the interface is displayed, it
means that the configuration succeeds. For example:
<HUAWEI> display ipv6 interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP ,
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00
Global unicast address(es):
2001::1, subnet is 2001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF04:5D00
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
Run the display ipv6 interface command. If the configured IPv6 address and interface status
are displayed, it means that the configuration succeeds.
<HUAWEI> display ipv6 interface brief
*down: administratively down
!down: FIB overload down
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
(l): loopback
(s): spoofing
Interface
GigabitEthernet2/0/2
[IPv6 Address] 2030::101:101
GigabitEthernet2/0/3
[IPv6 Address] 2001::1
LoopBack0
[IPv6 Address] Unassigned
Physical
up
Protocol
up
up
up
up
up(s)
Run the display ipv6 statistics command. If the statistics on IPv6 packets is displayed, it means
that the configuration succeeds.
<HUAWEI> display ipv6 statistics
IPv6 Protocol:
Sent packets:
Total
Local sent out
Raw packets
Fragmented
Fragments failed
:
:
:
:
:
3630
3630
0
0
0
Forwarded
Discarded
Fragments
Multicast
:
:
:
:
0
0
0
0
Received packets:
Total
Hop count exceeded
Too big
Address error
Truncated
Fragments
Reassembly timeout
:
:
:
:
:
:
:
3630
0
0
0
0
0
0
Local host
Header error
Routing failed
Protocol error
Option error
Reassembled
Multicast
:
:
:
:
:
:
:
3630
0
0
0
0
0
0
9.3 Configuring IPv6 Neighbor Discovery
This section describes how to configure IPv6 neighbor discovery.
9.3.1 Establishing the Configuration Task
9.3.2 Configuring Static Neighbors
9.3.3 Enabling RA Message Advertising
9.3.4 Setting the Interval for Advertising RA Messages
9.3.5 Enabling Stateful Auto Configuration
9.3.6 Configuring the Address Prefixes to Be Advertised
9.3.7 Configuring Other Information to Be Advertised
9.3.8 Checking the Configuration
9.3.1 Establishing the Configuration Task
Applicable Environment
Most of the ND configurations are implemented based on the interfaces.
The IPv6 ND configuration is supported on the following interfaces:
l
9-8
Gigabit-Ethernet interfaces and their sub-interfaces
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
l
POS interfaces (Only the POS interfaces configured with PPP or HDLC as the link protocol
support IPv6.)
l
Tunnel interfaces
l
Loopback interfaces
l
Eth-Trunk interfaces, Eth-Trunk sub-interfaces, and IP-Trunk interfaces
NOTE
Though the POS interfaces can be configured with IPv6 ND-related commands, packet sending or packet
forwarding on these interfaces actually do not require neighbor entries.
Pre-configuration Tasks
Before configuring IPv6 neighbor discovery, complete the following tasks:
l
Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
l
Configuring link layer parameters for the interface
l
Configuring the IPv6 address for the interface
Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
No.
Data
1
Number of interface which needs to be configured with IPv6 ND
2
IPv6 address and MAC address of the static neighbor
3
Intervals, prefix, and life duration of RA messages
4
Flag bit of automatic configuration
5
Hop limit of ND
6
Sending times of DAD
7
Intervals for re-transmitting NS messages
8
NUD reachable time
9
Interface MTU
9.3.2 Configuring Static Neighbors
Context
Do as follows on the router:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ipv6 neighbor ipv6-address mac-address
Static neighbors are configured.
Static neighbors can be configured for interfaces and their sub-interfaces. You can configure up
to 300 neighbors on each interface.
----End
9.3.3 Enabling RA Message Advertising
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
undo ipv6 nd ra halt
The function of advertising RA messages is enabled.
----End
9.3.4 Setting the Interval for Advertising RA Messages
Context
Do as follows on the router:
Procedure
Step 1 Run:
9-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }
The interval for advertising RA messages is configured.
By default, the maximum interval is 600 seconds and the minimum interval is 200 seconds.
The maximum interval can not be shorter than the minimum interval.
----End
9.3.5 Enabling Stateful Auto Configuration
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ipv6 nd autoconfig managed-address-flag
The flag bit for stateful auto configuration addresses is set.
If this flag is set, hosts use the stateful protocol for address auto-configuration in addition to any
addresses auto-configured using stateless address auto-configuration.
Step 4 Run:
ipv6 nd autoconfig other-flag
The flag bit for other stateful configurations is set.
When this flag is set, hosts use the stateful protocol for auto-configuration of other (non-address)
information.
----End
9.3.6 Configuring the Address Prefixes to Be Advertised
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length } validlifetime preferred-lifetime [ no-autoconfig ] [ off-link ]
The prefix of RA messages is configured.
----End
9.3.7 Configuring Other Information to Be Advertised
Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can
configure the number of DAD messages which are sent continuously.
Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS
re-transmitting time interval is 1000ms.
NUD checks the reachability of neighbors. By default, NUD value is 30000ms.
The MTU of the interface determines whether to fragment IP packets on the interface. Default
MTUs vary with interface types. The MTU on an GigabitEthernet interface defaults to be 1500
bytes.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6 nd hop-limit limit
ND hop limit is configured.
The value of limit ranges from 1 to 255. By default, it is 64.
Step 3 Run:
interface interface-type interface-number
9-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
The interface view is displayed.
Step 4 Run:
ipv6 nd ra router-lifetime ra-lifetime
The life duration of RA messages is configured.
NOTE
l
When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval must
be less than or equal to the life duration.
l
By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.
l
By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration
is still 1800 seconds.
Step 5 Run:
ipv6 nd dad attempts value
Times to send DAD messages are configured.
Step 6 Run:
ipv6 nd ns retrans-timer value
The interval for re-sending NS messages is set.
Step 7 Run:
ipv6 nd nud reachable-time value
The NUD reachable time is set.
Step 8 Run:
ipv6 mtu mtu
MTU of the interface is configured.
The IPv6 MTU should be smaller than 9600 bytes on the GigabitEthernet of the LPUF-20.
----End
Postrequisite
If the IPv6 MTU value is changed, run the shutdown command and the undo shudown
command orderly in the interface view to validate the configuration.
9.3.8 Checking the Configuration
Prerequisite
The configurations of the IPv6 neighbor discovery function are complete.
Procedure
l
Run the display ipv6 neighbors[ [ vid vlan-id] interface-type interface-number ] command
to check the neighbor information in the cache.
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command to
check the IPv6 information of an interface.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Example
Run the display ipv6 neighbors command. If the cache of the neighbor information contains
neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.
<HUAWEI> display ipv6 neighbors gigabitethernet 1/0/0
-------------------------------------------------------IPv6 Address : 3003::2
Link-layer
: 00e0-fc89-fe6e
State : STALE
Interface
: GE1/0/0
Age
: 7
VPN name
: vpn1
VLAN : IPv6 Address : FE80::2E0:FCFF:FE89:FE6E
Link-layer
: 00e0-fc89-fe6e
State : STALE
Interface
: GE1/0/0
Age
: 7
VPN name
: vpn1
VLAN : --------------------------------------------------------Total: 2
Dynamic: 2
Static: 0
Run the display ipv6 interface command. If information about the IPv6 address on the interface
is displayed, it means that the configuration succeeds.
<HUAWEI> display ipv6 interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00
Global unicast address(es):
2001::1, subnet is 2001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF04:5D00
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
Run the display ipv6 interface brief command. If information about the IPv6 address on the
interface and interface status are displayed, it means that the configuration succeeds.
<HUAWEI> display ipv6 interface brief
*down: administratively down
!down: FIB overload down
(l): loopback
(s): spoofing
Interface
Physical
GigabitEthernet2/0/2
up
[IPv6 Address] 2030::101:101
GigabitEthernet2/0/3
up
[IPv6 Address] 2001::1
LoopBack0
up
[IPv6 Address] Unassigned
Protocol
up
up
up(s)
9.4 Configuring PMTU
This section describes how to configure IPv6 PMTU.
9.4.1 Establishing the Configuration Task
9.4.2 Creating Static PMTU Entries
9.4.3 Configuring PMTU Aging Time
9-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
9.4.4 Checking the Configuration
9.4.1 Establishing the Configuration Task
Applicable Environment
By setting PMTUs on interfaces, you can enable devices to send packets based on proper MTUs
across the network. This avoids packet fragmentation, reduces the burden of the devices,
implements efficient usage of network resources and achieves the best throughput.
Pre-configuration Tasks
Before configuring PMTUs, complete the following tasks:
l
Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
l
Configuring the link layer protocol for the interface
Data Preparation
To configure PMTUs, you need the following data.
No.
Data
1
IPv6 address and PMTU value to be configured
2
PMTU aging time
9.4.2 Creating Static PMTU Entries
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6 pathmtu ipv6-address [ path-mtu ]
The PMTU value of a specified IPv6 address is configured.
By default, the PMTU of the IPv6 address is 1500 bytes.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
9.4.3 Configuring PMTU Aging Time
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6 pathmtu age age-time
The aging time of PMTU is configured.
By default, the dynamic PMTU aging time is 10 minutes.
The PMTU aging time is used to change the lifetime of a dynamic PMTU entry in the cache. It
has no effect on static PMTU entries because they cannot be aged.
If the static PMTU exist, the dynamic PMTU dose not take effect.
----End
9.4.4 Checking the Configuration
Prerequisite
The configurations of the PMTU are complete.
Procedure
l
Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command to check
all PMTU items.
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command to
check the current MTU of the interface.
----End
Example
Run the display ipv6 pathmtu command. If the destination IPv6 address, the PMTU value, the
aging time and type are displayed, it means that the configuration succeeds.
<HUAWEI> display ipv6 pathmtu all
IPv6 Destination Address
ZoneID
fe80::12
0
2222::3
0
PathMTU
1300
1280
Age
40
--
Type
Dynamic
Static
Run the display ipv6 interface command. If the current MTU of the interface is displayed, it
means that the configuration succeeds.
<HUAWEI> display ipv6 interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP ,
9-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00
Global unicast address(es):
2001::1, subnet is 2001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF04:5D00
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
9.5 Enabling the FIB Cache
This section describes how to enable the FIB cache capacity.
9.5.1 Establishing the Configuration Task
9.5.2 Enabling the FIB Cache
9.5.3 Checking the Configuration
9.5.1 Establishing the Configuration Task
Applicable Environment
None.
Pre-configuration Tasks
Before enabling the FIB cache capability of a device, complete the following tasks:
l
Connecting the interface and configuring the physical features for the interface and ensuring
that the status of the physical layer of the interface is Up
l
Configuring the link layer protocol parameters for the interface
Data Preparation
To enable the FIB cache capability, you need the following data.
No.
Data
1
Slot ID
9.5.2 Enabling the FIB Cache
Context
Do as follows on the router:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6 fibcache {slot-id | all }
FIB cache is enabled on the device.
By default, the FIB cache is disabled on the device.
----End
9.5.3 Checking the Configuration
Prerequisite
The configurations of the enabling the FIB cache are complete.
Procedure
l
Run the display ipv6 fib [ spt ] [ slot-id ] [ | { begin | include | exclude } regularexpression ] command to check the FIB information.
l
Run the display ipv6 fibcache slot-id command to check total routes in FIB cache.
----End
Example
Run the display ipv6 fib command. If the details of FIB are displayed, it means that the
configuration succeeds.
<HUAWEI> display ipv6 fib
FIB Table:
Total number of Routes : 4
9-18
Destination:
NextHop
:
Label
:
TimeStamp :
Interface :
IP6Token
:
::1
::1
NULL
Date- 14:8:2008, Time- 14:41:26
InLoopBack0
0x0
PrefixLength
Flag
Tunnel ID
reference
:
:
:
:
128
HU
0
1
Destination:
NextHop
:
Label
:
TimeStamp :
Interface :
IP6Token
:
FE80::
::
NULL
Date- 14:8:2008, Time- 14:44:34
NULL0
0x0
PrefixLength
Flag
Tunnel ID
reference
:
:
:
:
10
BU
0
1
Destination:
NextHop
:
Label
:
TimeStamp :
Interface :
IP6Token
:
2001::2
::1
NULL
Date- 14:8:2008, Time- 14:44:36
InLoopBack0
0x0
PrefixLength
Flag
Tunnel ID
reference
:
:
:
:
128
HU
0
1
Destination:
NextHop
:
2001::
2001::2
PrefixLength : 64
Flag
: U
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Label
:
NULL
TimeStamp :
Date- 14:8:2008, Time- 14:44:36
Interface :
GigabitEthernet6/0/0
IP6Token
:
0x0
Tunnel ID
reference
: 0
: 1
Run the display ipv6 fibcache command. If FIB cache contains the routing information, it means
that the configuration succeeds.
<HUAWEI> display ipv6 fibcache 6
FIB Cache:
Total number of Routes : 2
Destination:
NextHop
:
Label
:
TimeStamp :
Interface :
IP6Token
:
2001::1
2001::2
NULL
Date- 14:8:2008, Time- 14:44:45
GigabitEthernet6/0/0
0x0
FIB PrefixLength : 64
FIB Flag
: U
Tunnel ID
: 0
reference
: 0
Destination:
NextHop
:
Label
:
TimeStamp :
Interface :
IP6Token
:
2001::2
::1
NULL
Date- 14:8:2008, Time- 14:44:45
InLoopBack0
0x0
FIB PrefixLength : 128
FIB Flag
: HU
Tunnel ID
: 0
reference
: 0
9.6 Configuring TCP6
This section describes how to configure TCP connections.
9.6.1 Establishing the Configuration Task
9.6.2 Configuring TCP6 Timers
9.6.3 Configuring the Size of the TCP6 Sliding Window
9.6.4 Checking the Configuration
9.6.1 Establishing the Configuration Task
Applicable Environment
To optimize network performance, you need to adjust the TCP6 parameters.
Pre-configuration Tasks
Before configuring TCP6, complete the following tasks:
l
Connecting and configuring the physical features for the interface and ensuring that the
status of the physical layer of the interface is Up
l
Configuring the link layer protocol parameters for the interface and ensuring that the status
of the link layer protocol on the interface is Up
Data Preparation
To configure TCP6, you need the following data.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-19
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
No.
Data
1
Value of TCP6 FIN-WAIT timer
2
Value of TCP6 SYN-WAIT timer
3
Size of TCP6 Sliding Window
9.6.2 Configuring TCP6 Timers
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
tcp ipv6 timer syn-timeout timer-value
The TCP6 SYN-WAIT timer is set.
By default, the SYN-WAIT timer is 75s.
Step 3 Run:
tcp ipv6 timer fin-timeout timer-value
The TCP6 FIN-WAIT timer is set.
By default, the FIN-WAIT timer is 675s.
----End
9.6.3 Configuring the Size of the TCP6 Sliding Window
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
tcp ipv6 window window-size
The size of the TCP6 sliding window is configured.
9-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
The size of the TCP6 sliding window ranges from 1 KB to 32 KB. By default, the size of the
TCP6 sliding window is 8 KB.
----End
9.6.4 Checking the Configuration
Prerequisite
The configurations of the TCP6 function are complete.
Procedure
l
Run the display tcp ipv6 statistics command to check related TCP6 statistics.
l
Run the display tcp ipv6 status command to check the TCP6 connection status.
l
Run the display udp ipv6 statistics command to check related UDP6 statistics.
l
Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command to check
the information of the specified socket.
----End
Example
Run the display tcp ipv6 statistics, display tcp ipv6 status, and display udp ipv6 statistics
commands. If the connection status and statistic of TCP6 and UDP6 are displayed, it means that
the configuration succeeds.
<HUAWEI> display tcp ipv6 statistics
Received packets:
total: 0
packets in sequence: 0 (0 bytes)
window probe packets: 0
window update packets: 0
checksum error: 0
offset error: 0
short error: 0
duplicate packets: 0 (0 bytes)
partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets with data after window: 0 (0 bytes)
packets after close: 0
ACK packets: 0 (0 bytes)
duplicate ACK packets: 0
too much ACK packets: 0
packets dropped due to MD5 authentication failure: 0
packets receieved with MD5 Signature Option: 0
Sent packets:
total: 0
urgent packets: 0
control packets: 0 (including 0 RST)
window probe packets: 0
window update packets: 0
data packets: 0 (0 bytes)
data packets retransmitted: 0 (0 bytes)
ACK only packets: 0 (0 delayed)
packets sent with MD5 Signature Option: 0
Other Statistics:
retransmitted timeout: 0
connections dropped in retransmitted timeout: 0
keepalive timeout: 0
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-21
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
keepalive probe: 0
keepalive timeout, so connections disconnected: 0
initiated connections: 0
accepted connections: 0
established connections: 0
closed connections: 0 (dropped: 0, initiated dropped: 0)
<HUAWEI> display tcp ipv6 status
TCP6CB
Local Address
Foreign Address
State
09e39ae4 3000::2->179
3000::1->49158
Time_Wait
09e36f24 3000::2->49152
3000::1->179
Established
07da08f8 ::->179
::->0
Listening
07d96da8 ::->23
::->0
Listening
<HUAWEI> display udp ipv6 statistics
Received packets:
total: 0
total(64bit high-capacity counter): 0
checksum error: 0
shorter than header: 0
invalid message length: 0
no socket on port: 0
no multicast port: 0
not delivered, input socket full: 0
input packets missing pcb cache: 0
packets sent for external pre processing: 1
Sent packets:
total: 0
total(64bit high-capacity counter): 0
Run the display ipv6 socket command. If the related socket information is displayed, it means
that the configuration succeeds.
<HUAWEI> display ipv6 socket
SOCK_STREAM:
Task = VTYD(14), socketid = 4, Proto = 6,
LA = ::->22, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
Task = VTYD(14), socketid = 3, Proto = 6,
LA = ::->23, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
SOCK_DGRAM:
SOCK_RAW:
9.7 Maintaining IPv6
This section describes how to clear IPv6 statistics and debug IPv6.
9.7.1 Resetting IPv6
9.7.2 Monitoring Network Operation Status of IPv6
9-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
9.7.1 Resetting IPv6
Context
CAUTION
IPv6 statistics cannot restore after you clear it. So, confirm the action before you use the
command.
Procedure
l
Run the reset ipv6 statistics [ slot slot-id ] command in the user view to clear statistics of
processing IPv6 packets after you confirm it.
l
Run the reset ipv6 pathmtu { all | dynamic | static } command in the user view to clear
PMTU entries in the cache after you confirm it.
l
Run the reset ipv6 fibcache { slot-id | all } command in the user view to clear cached
entries in FIB after you confirm it.
l
Run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interfacenumber] | interface-type interface-number } command in the user view to clear IPv6
neighbor entries in the cache after you confirm it.
l
Run the reset tcp ipv6 statistics command in the user view to clear all TCP6 statistics after
you confirm it.
l
Run the reset udp ipv6 statistics command in the user view to clear all UDP6 statistics
after you confirm it.
----End
9.7.2 Monitoring Network Operation Status of IPv6
Context
In routine maintenance, you can run the following command in any view to check the operation
of IPv6.
Procedure
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command in any
view to check the IPv6 information about the interface.
l
Run the display ipv6 statistics [ slot slot-id | interface interface-type interface-number ]
command in any view to check IPv6 packet statistics.
l
Run the display icmpv6 statistics [ slot slot-id | interface interface-type interfacenumber ] command in any view to check the operation of ICMPv6 packet statistics.
l
Run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ]
command in any view to check contents about the neighbor cache.
l
Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command in any
view to check all PMTU entries.
l
Run the display tcp ipv6 statistics command in any view to check TCP6 statistics.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
l
Run the display tcp ipv6 status command in any view to check TCP6 connection status.
l
Run the display udp ipv6 statistics command in any view to check UDP6 statistics.
l
Run the display ipv6 socket [ socktype sock-type ] [ task-id sock-id ] command in any
view to check information about the specified socket.
l
Run the display ipv6 fib [ spt ] [ slot-id ] [ | { begin | include | exclude } regularexpression ] command in any view to check information about the FIB.
l
Run the display ipv6 fibcache slot-id command in any view to check the total number of
routes in the FIB cache.
----End
9.8 Configuration Examples
This section provides a configuration example for the IPv6 address.
9.8.1 Example for Configuring an IPv6 Address for an Interface
9.8.2 Example for Configuring IPv6 Neighbor Discovery
9.8.1 Example for Configuring an IPv6 Address for an Interface
Networking Requirement
As shown in Figure 9-1, Router A and Router B are connected through POS interfaces. It is
required to configure IPv6 global unicast addresses for the interfaces and test the connectivity
between them.
The IPv6 global unicast addresses to be configured for the interfaces are 3001::1/64 and
3001::2/64.
Figure 9-1 Networking diagram of configuring an IPv6 address for an interface
POS 1/0/0
3001::1/64
RouterA
POS 1/0/0
3001::2/64
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Enable IPv6 forwarding capability on devices.
2.
Configure IPv6 global unicast addresses for the interfaces.
Data Preparation
To complement the configuration, you need the following data:
9-24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
l
9 Basic IPv6 Configuration
Global unicast addresses of the interfaces
Procedure
Step 1 Enable IPv6 packet forwarding on Router A and Router B.
# Configure Router A
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
# Configure Router B
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ipv6
Step 2 Configure IPv6 global unicast addresses for the interfaces.
# Configure Router A.
[RouterA] interface pos
[RouterA-Pos1/0/0] ipv6
[RouterA-Pos1/0/0] ipv6
[RouterA-Pos1/0/0] undo
[RouterA-Pos1/0/0] quit
1/0/0
enable
address 3001::1/64
shutdown
# Configure Router B.
[RouterB] interface pos
[RouterB-Pos1/0/0] ipv6
[RouterB-Pos1/0/0] ipv6
[RouterB-Pos1/0/0] undo
[RouterB-Pos1/0/0] quit
1/0/0
enable
address 3001::2/64
shutdown
Step 3 Verify the configuration.
If the configuration succeeds, you can view the configured IPv6 global unicast addresses and
status of the interface and the IPv6 protocol are both Up.
# Display interface information of Router A.
[RouterA] display ipv6 interface pos 1/0/0
Pos1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::C964:0:B8B6:1
Global unicast address(es):
3001::1, subnet is 3001::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FFB6:1
FF02::2
FF02::1
MTU is 4470 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# Display interface information of Router B.
[RouterB] display ipv6 interface pos 1/0/0
Pos1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2D6F:0:7AF3:1
Global unicast address(es):
3001::2, subnet is 3001::/64
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
Joined group address(es):
FF02::1:FF00:2
FF02::1:FFF3:1
FF02::2
FF02::1
MTU is 4470 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# On Router A, ping the link-local address of Router B. Note that you need to use the parameter
-i to specify the interface.
[RouterA] ping ipv6 fe80::2d6f:0:7af3:1 -i pos 1/0/0
PING FE80::2D6F:0:7AF3:1 : 56 data bytes, press CTRL_C to break
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=1 hop limit=64 time = 60 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=2 hop limit=64 time = 50 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=3 hop limit=64 time = 50 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=4 hop limit=64 time = 30 ms
Reply from FE80::2D6F:0:7AF3:1
bytes=56 Sequence=5 hop limit=64 time = 1 ms
--- FE80::2D6F:0:7AF3:1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/38/60 ms
# On Router A, ping the global unicast IPv6 address of Router B.
[RouterA] ping ipv6 3001::2
PING 3001::2 : 56 data bytes, press CTRL_C to break
Reply from 3001::2
bytes=56 Sequence=1 hop limit=64 time = 30 ms
Reply from 3001::2
bytes=56 Sequence=2 hop limit=64 time = 50 ms
Reply from 3001::2
bytes=56 Sequence=3 hop limit=64 time = 50 ms
Reply from 3001::2
bytes=56 Sequence=4 hop limit=64 time = 20 ms
Reply from 3001::2
bytes=56 Sequence=5 hop limit=64 time = 40 ms
--- 3001::2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/38/50 ms
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 3001::1/64
#
9-26
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
return
l
Configuration file of Router B
#
sysname RouterB
#
ipv6
#
interface pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 3001::2/64
#
return
9.8.2 Example for Configuring IPv6 Neighbor Discovery
Networking Requirements
As shown in Figure 9-2, device is directly connected to the PC by GE 1/0/10. This PC runs the
Windows XP operating system.
Figure 9-2 Example for configuring IPv6 neighbor discovery
Router
PC
GE1/0/10
3000::/64 eui-64
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the local unicast addresses of the link and EUI-64 site separately on GE 1/0/10.
2.
Configure the RA prefix message to be advertised on GE 1/0/10 and enable the
advertisement of the RA prefix message.
Data Preparation
To complete the configuration, you need the following data:
l
Local unicast addresses of the link and EUI-64 site on GE 1/0/10
l
RA prefix message to be advertised
Procedure
Step 1 Enable the IPv6 forwarding on devices.
<HUAWEI> system-view
[HUAWEI] sysname Router
[Router] ipv6
Step 2 Configure the local unicast address of the link on GE 1/0/10.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-27
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
[Router] interface gigabitethernet 1/0/10
[Router-GigabitEthernet1/0/10] undo shutdown
[Router-GigabitEthernet1/0/10] ipv6 enable
[Router-GigabitEthernet1/0/10] ipv6 address auto link-local
Step 3 Configure the local unicast address of the EUI-64 site on GE 1/0/10 and the prefix in the RA
message.
[Router-GigabitEthernet1/0/10] ipv6 address 3000::/64 eui-64
[Router-GigabitEthernet1/0/10] ipv6 nd ra prefix 3000::/64 1000 1000
[Router-GigabitEthernet1/0/10] undo ipv6 nd ra halt
Step 4 Verify the configuration.
If configurations are successful, you can view the configured local unicast address of the link
and the EUI-64 site and find that GE 1/0/10 is Up and IPv6 is Up.
# Display information about interfaces of devices.
[Router-GigabitEthernet1/0/10] display this ipv6 interface
GigabitEthernet1/0/10 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE7D:A497
Global unicast address(es):
3000::2E0:FCFF:FE7D:A497, subnet is 3000::/64
Joined group address(es):
FF02::1:FF7D:A497
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses
# Display information about PCs.
Ethernet adapter 1:
Connection-specific
Description . . . .
rnet NIC #2
Physical Address. .
Dhcp Enabled. . . .
IP Address. . . . .
Subnet Mask . . . .
IP Address. . . . .
IP Address. . . . .
IP Address. . . . .
Default Gateway . .
DNS Servers . . . .
DNS Suffix . :
. . . . . . . : Realtek RTL8139 Family PCI Fast Ethe
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
:
:
:
:
:
:
:
:
:
00-E0-4C-77-A1-B6
No
110.1.1.33
255.0.0.0
3000::78b3:4397:c0c4:f078
3000::2e0:4cff:fe77:a1b6
fe80::2e0:4cff:fe77:a1b6%6
fe80::288:ff:fe10:b%6
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
# Ping the local unicast address of the link on the PC from the device with the use of the parameter
-i which specifies the interface corresponding to the local unicast address.
[Router-GigabitEthernet1/0/10] ping ipv6 fe80::2e0:4cff:fe77:a1b6 -i
gigabitethernet1/0/10
PING FE80::2E0:4CFF:FE77:A1B6: 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:4CFF:FE77:A1B6
bytes=56 Sequence=1 hop limit=64 time = 60 ms
Reply from FE80::2E0:4CFF:FE77:A1B6
bytes=56 Sequence=2 hop limit=64 time = 50 ms
Reply from FE80::2E0:4CFF:FE77:A1B6
9-28
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
9 Basic IPv6 Configuration
bytes=56 Sequence=3 hop limit=64 time = 50 ms
Reply from FE80::2E0:4CFF:FE77:A1B6
bytes=56 Sequence=4 hop limit=64 time = 30 ms
Reply from FE80::2E0:4CFF:FE77:A1B6
bytes=56 Sequence=5 hop limit=64 time = 1 ms
--- FE80::2E0:4CFF:FE77:A1B6 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/38/60 ms
# Ping the local unicast address of the EUI-64 site of the PC from the device.
[Router-GigabitEthernet1/0/10] ping ipv6 3000::78b3:4397:c0c4:f078
PING 3000::78B3:4397:C0C4:F078 : 56 data bytes, press CTRL_C to break
Reply from 3000::78B3:4397:C0C4:F078
bytes=56 Sequence=1 hop limit=64 time = 30 ms
Reply from 3000::78B3:4397:C0C4:F078
bytes=56 Sequence=2 hop limit=64 time = 50 ms
Reply from 3000::78B3:4397:C0C4:F078
bytes=56 Sequence=3 hop limit=64 time = 50 ms
Reply from 3000::78B3:4397:C0C4:F078
bytes=56 Sequence=4 hop limit=64 time = 20 ms
Reply from 3000::78B3:4397:C0C4:F078
bytes=56 Sequence=5 hop limit=64 time = 40 ms
--- 3000::78B3:4397:C0C4:F078 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/38/50 ms
----End
Configuration Files
Configuration file of Router
#
sysname Router
#
ipv6
#
interface GigabitEthernet1/0/10
undo shutdown
ipv6 enable
ipv6 address 3000::/64 eui-64
ipv6 address auto link-local
ipv6 nd ra prefix 3000::/64 1000 1000
undo ipv6 nd ra halt
#
return
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-29
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
10
IPv6 DNS Configuration
About This Chapter
This chapter describes the basic principle, configuration procedures, and configuration examples
for IPv6 DNS.
10.1 IPv6 DNS Overview
This section describes the principle and concepts of IPv6 DNS.
10.2 Configuring IPv6 DNS
This section describes how to communicate with other devices using the domain name.
10.3 Maintaining IPv6 DNS
This section describes how to display IPv6 DNS configurations, clear IPv6 DNS statistics and
debug IPv6 DNS.
10.4 Configuration Examples
This section provides several configuration examples of IPv6 DNS.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
10.1 IPv6 DNS Overview
This section describes the principle and concepts of IPv6 DNS.
10.1.1 Introduction to IPv6 DNS
10.1.2 IPv6 DNS Supported by the NE80E/40E
10.1.1 Introduction to IPv6 DNS
IPv6 DNS has two resolution modes: dynamic IPv6 DNS resolution and static IPv6 DNS
resolution. To resolve a domain name, the system first uses static IPv6 DNS resolution. If this
mode fails, the system uses dynamic IPv6 DNS resolution. To improve resolution efficiency,
you can put common domain names in a static domain name resolution table.
10.1.2 IPv6 DNS Supported by the NE80E/40E
IPv6 domain name system (DNS) is similar to IPv4 DNS. For configurations of IPv4 DNS, refer
to "DNS Configuration."
10.2 Configuring IPv6 DNS
This section describes how to communicate with other devices using the domain name.
10.2.1 Establishing the Configuration Task
10.2.2 Configuring a Static IPv6 DNS Entry
10.2.3 Configuring the Dynamic IPv6 DNS Services
10.2.4 Checking the Configuration
10.2.1 Establishing the Configuration Task
Applicable Environment
DNS needs to be configured if the local users log on to a device using domain names to
communicate with other devices. The IPv6 DNS entries show the mapping between domain
names and IPv6 addresses.
If users seldom use the domain name to access other devices, or if the DNS server is unavailable,
a static DNS needs to be configured. To configure a static IPv6 DNS, the network administrator
needs to know the relation between domain names and IPv6 addresses, and manually modify
the IPv6 DNS entry when the relation changes.
If the users need to use the domain name to access many devices, and the DNS server is available,
a dynamic DNS can be configured. The dynamic DNS needs to be supported by a DNS server.
Pre-configuration Tasks
Before configuring IPv6 DNS, configure the route between a local device and a DNS server.
10-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
Data Preparation
To configure IPv6 DNS, you need the following data.
No.
Data
1
Domain name of the static IPv6 DNS entry and the corresponding IPv6 address
2
IPv6 address of the IPv6 DNS server
3
Domain name of the dynamic IPv6 DNS or the domain name list
10.2.2 Configuring a Static IPv6 DNS Entry
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6 host host-name ipv6-address
The host name and the corresponding IPv6 address are configured.
If the same host is configured with IPv6 addresses for several times, the IPv6 address configured
earliest is used when needing to find the host with the IPv6 address, such as ping this host.
----End
10.2.3 Configuring the Dynamic IPv6 DNS Services
Context
Configure the IPv6 DNS server on a device. If the IPv6 DNS server is configured with a linklocal address, the interface name should also be configured with the IPv6 address.
Figure 10-1 DNS server connecting IPv4 and IPv6 networks
DNS IPv4 client
DNS server
IPv4 link
Issue 03 (2010-03-31)
DNS IPv6 client
IPv6 link
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
CAUTION
If multiple DNS servers are configured, the servers are queried in the order of configuration till
proper response is received. If both IPv4 and IPv6 servers are configured, the A query is first
sent to the IPv4 server, while AAAA query packets are first sent to the IPv6 server.
The DNS domains are configured on a device and the domain names can be searched. If the
DNS fails in searching for a host name, it appends a domain name to the host name following a
"." and continues the DNS search. You can configure some commonly used domain names like
"com", and "net". For example, if the search for the host name "huawei" fails, the system then
searches for "huawei.com" or "huawei.net".
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dns resolve
The dynamic domain name resolution is enabled.
Step 3 Run:
dns server ipv6 ipv6-address [ interface-type interface-number ]
The IPv6 DNS server is configured.
Step 4 Run:
dns server ipv6 source-ip ipv6-address
The IPv6 address of the local device is specified.
Step 5 Run:
dns domain domain-name
The suffix of domain names is added.
After the source IPv6 address is specified for the local device, the local device uses the specified
source IPv6 address to communicate with the IPv6 DNS server to ensure the security of check.
----End
10.2.4 Checking the Configuration
Prerequisite
The configurations of the IPv6 DNS function are complete.
Procedure
l
10-4
Run the display ipv6 host command to check the static IPv6 DNS table.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
l
Run the display dns server command to check the configuration of the DNS server.
l
Run the display dns domain command to check the configuration of the suffix list of the
domain name.
l
Run the display dns ipv6 dynamic-host command to check the cache of the dynamic
domain name.
----End
Example
Run the display ipv6 host command. If the static IPv6 DNS entries, including the host name
and the IPv6 address, are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display ipv6 host
Host
Age
RTB
0
RTA
0
Flags
static
static
IPv6Address (es)
20::1
20::2
Run the display dns server command. If the IPv6 addresses of all DNS servers are displayed,
it means that the configuration succeeds. For example:
<HUAWEI> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
169.254.65.125
IPv6 Dns Servers:
Domain-server Ipv6Address
1
3001::2
2
FE80::2
(Interface Name)
GigabitEthernet6/0/0
Run the display dns domain command. If the suffixes of the domain names are displayed, it
means that the configuration succeeds. For example:
<HUAWEI> display dns domain
No
Domain-name
1
com
2
net
Run the display dns ipv6 dynamic-host command. If information about the cache of the
dynamic domain name is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
TTL
1
huawei6
3001::2
6
10.3 Maintaining IPv6 DNS
This section describes how to display IPv6 DNS configurations, clear IPv6 DNS statistics and
debug IPv6 DNS.
10.3.1 Clearing IPv6 DNS Entries
10.3.2 Monitoring Network Operation Status of IPv6 DNS
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
10.3.1 Clearing IPv6 DNS Entries
Context
CAUTION
IPv6 DNS entries cannot be restored after being cleared. So, confirm the action before you use
this command.
Procedure
Step 1 Run the reset dns ipv6 dynamic-host command in the user view to clear dynamic IPv6 DNS
entries statistics in the domain name cache.
----End
10.3.2 Monitoring Network Operation Status of IPv6 DNS
Context
In routine maintenance, you can run the following commands in any view to check the operation
of IPv6 DNS.
Procedure
l
Run:
display dns domain
Domain names are checked.
l
Run:
display dns server
Configurations of the DNS server are checked.
l
Run:
display dns ipv6 dynamic-host
Contents about the cache of the IPv6 dynamic domain names are checked.
l
Run:
display ipv6 host
The static DNS table is checked.
----End
10.4 Configuration Examples
This section provides several configuration examples of IPv6 DNS.
10.4.1 Example for Configuring IPv6 DNS
10-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
10.4.1 Example for Configuring IPv6 DNS
Networking Requirements
As shown in Figure 10-2, Router A, functioning as the IPv6 DNS client and working jointly
whose IPv6 DNS server, can access the host with the IP address as 2002::1/64 based on the
domain name huawei.com.
On Router A, the static IPv6 DNS entries of Router B and Router C are configured. This ensures
that Router A can manage both the routers based on the domain names RouterB and RouterC.
Figure 10-2 Networking diagram of IPv6 DNS configurations
GE1/0/0
2001::1/64
DNS Client
RouterA
RouterB
GE1/0/1
2001::2/64
RouterC GE1/0/1
2003::1/64
GE1/0/0
2002::2/64
GE1/0/0
DNS Server
2002::3/64 2003::2/64
huawei.com
2002::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure static IPv6 DNS entries.
2.
Enable the DNS resolution function.
3.
Configure IPv6 address of the IPv6 DNS server.
4.
Set the domain name suffix.
Data Preparation
To complete the configuration, you need the following data:
l
Domain names of Router B and Router C
l
IPv6 address of the IPv6 DNS server
l
Domain name suffix
Procedure
Step 1 Configure Router A.
# Configure static IPv6 DNS entries.
<RouterA> system-view
[RouterA] ipv6 host RouterB 2001::2
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
[RouterA] ipv6 host RouterC 2002::3
# Enable the DNS resolution function.
[RouterA] dns resolve
# Configure the IPv6 address of the IPv6 DNS server.
[RouterA] dns server ipv6 2003::2
# Set the domain name suffix to ".net".
[RouterA] dns domain net
# Set the domain name suffix to ".com".
[RouterA] dns domain com
[RouterA] quit
NOTE
To resolve the domain name, you also need to configure the route from Router A to the IPv6 DNS server.
For details of how to configure the route, refer to the NE80E/40E Router Configuration Guide - IP Routing.
Step 2 Verify the configuration.
# Run the ping ipv6 huawei.com command on Router A. You can find that the Ping operation
succeeds, and the destination IP address is 2002::1.
<RouterA> ping ipv6 huawei.com
Resolved Host ( huawei.com -> 2002::1)
PING huawei.com : 56 data bytes, press CTRL_C to
Reply from 2002::1: bytes=56 Sequence=1 ttl=126
Reply from 2002::1: bytes=56 Sequence=2 ttl=126
Reply from 2002::1: bytes=56 Sequence=3 ttl=126
Reply from 2002::1: bytes=56 Sequence=4 ttl=126
Reply from 2002::1: bytes=56 Sequence=5 ttl=126
--- huawei.com ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/6 ms
break
time=6
time=4
time=4
time=4
time=4
ms
ms
ms
ms
ms
# Run the display ipv6 host command on Router A. You can view the mapping relationships
between the host names in static IPv6 DNS entries and the IPv6 addresses.
<RouterA> display ipv6 host
Host
Age
RouterB
0
RouterC
0
Flags
static
static
IPv6Address (es)
2001::2
2002::3
Run the display dns ipv6 dynamic-host command on Router A. You can view information
about dynamic IPv6 DNS entries in the dynamic cache.
<RouterA> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
1
huawei.com
2002::1
TTL
3579
NOTE
TTL in the command output indicates the life time of the entry, in seconds.
----End
Configuration Files
l
10-8
Configuration file of Router A
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
10 IPv6 DNS Configuration
l
#
sysname RouterA
#
ipv6
#
ipv6 host RouterB 2001::2
ipv6 host RouterC 2002::3
#
dns resolve
dns server ipv6 2003::2
dns domain net
dns domain com
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001::1/64
ripng 1 enable
#
ripng 1
#
return
l
Configuration file of Router B
#
sysname RouterB
#
ipv6
#
interface GigabitEthernet1/0/1
undo shutdown
ipv6 enable
ipv6 address 2001::2/64
ripng 1 enable
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2002::2/64
ripng 1 enable
#
ripng 1
#
return
l
Configuration file of Router C
#
sysname RouterC
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 address 2002::3/64
ripng 1 enable
#
interface GigabitEthernet1/0/1
undo shutdown
ipv6 address 2003::1/64
ripng 1 enable
#
ripng 1
#
return
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
11
ACL6 Configuration
About This Chapter
This chapter describes the ACL6 fundamentals, classifications and configuration steps for
ACL6, and IPv6 packet filtering, along with typical examples.
11.1 ACL6 Overview
This section describes basic concept and parameters of ACL6.
11.2 Configuring an Interfaced-based ACL6
This section describes how to configure the interface-based ACL6.
11.3 Configuring a Basic ACL6
This section describes how to configure a basic ACL6.
11.4 Configuring an Advanced ACL6
This section describes how to configure an advanced ACL6.
11.5 Configuring a Named ACL6
This section describes how to configure the Named ACL6.
11.6 Maintaining ACL6
This section describes how to maintain ACL6.
11.7 Configuration Examples
This section provides several configuration examples of ACL6.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
11.1 ACL6 Overview
This section describes basic concept and parameters of ACL6.
11.1.1 Introduction to ACL6
11.1.2 ACL6 Supported by the NE80E/40E
11.1.1 Introduction to ACL6
To filter data packets, you need to define a series of Access Control List (ACL) rules on the
device. After ACL rules are applied to interfaces, the device classifies the received data packets
and determines whether to forward or discard packets.
NOTE
In this manual, ACL applies to filter IPv4 packets and ACL6 applies to filter IPv6 packets.
11.1.2 ACL6 Supported by the NE80E/40E
ACL6 is classified into the following types based on application goals:
l
Basic ACL6: classifies data packets only based on the source IP addresses.
l
Advanced ACL6: classifies data packets more detailedly based on the source and
destination IP addresses, source and destination port numbers, and protocol type.
l
Interface-based ACL6: classifies data packets based on the interfaces that receive packets.
11.2 Configuring an Interfaced-based ACL6
This section describes how to configure the interface-based ACL6.
11.2.1 Establishing the Configuration Task
11.2.2 (Optional) Configuring the Valid Time Range of ACL6
11.2.3 Creating an Interfaced-based ACL6
11.2.4 Checking the Configuration
11.2.1 Establishing the Configuration Task
Applicable Environment
An ACL6 can be applied to the following tasks:
11-2
l
Configuring the packet filtering policy
l
Configuring the policy-based routing
l
Configuring the routing policy
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
Pre-configuration Tasks
Before configuring ACL6, complete the following task:
l
Starting the device normally
Data Preparation
To configure an ACL6, you need the following data:
No.
Data
1
(Optional) Name of the time range in which the Interface-based ACL6 takes effect
and the start time and end time of the time range
2
ACL6 number, permit or deny rules
3
Type and number of the interface where the ACL6 is applied
11.2.2 (Optional) Configuring the Valid Time Range of ACL6
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
A time rang is created.
----End
11.2.3 Creating an Interfaced-based ACL6
Context
The range of acl6-number of a interface-based ACL6 is 1000 to 1999.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
The system view is displayed.
Step 2 Run:
acl ipv6 [ number ] acl6-number [ match-order { auto | config } ]
The interface-based ACL6 is created and the corresponding view is displayed.
Step 3 Run:
rule [ rule-id ] { deny | permit } interface { interface-type interface-number |
any } [ logging | time-range time-name ]*
ACL6 rules are defined.
----End
11.2.4 Checking the Configuration
Prerequisite
The configurations of the interface-based ACL6 function are complete.
Procedure
l
Run the display acl ipv6 { acl6-number | all } command to check the ACL6 rules.
l
Run the display statistics acl ipv6 { acl-number | all } control-plane [ | { begin |
include | exclude } regular-expression ] command to check the statistics about the packets
matching ACL6 in soft forwarding.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Example
After the configuration, run the preceding command. You can view ACL6 number, ACL6 step,
contents of the rules, and matching times of the rules.
<HUAWEI> display acl ipv6 1000
Interface Based IPv6 ACL 1000, 1 rule
Acl's step is 5
rule 5 permit interface Pos4/0/0
After the preceding configurations, the statistics about the packets matching ACL6 in soft
forwarding is displayed after the display statistics acl ipv6 control-plane command is used.
<HUAWEI> display statistics acl ipv6 1000 control-plane
Interface Based IPv6 ACL 1000, 3 rules
rule 0 deny interface any (1035 times matched)
rule 1 permit interface Pos6/0/3 (586 times matched)
rule 2 permit interface GigabitEthernet3/0/11 (103 times matched)
Run the display time-range command. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Time-range : active1 ( Active )
14:00 to 00:00 daily
11-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
11.3 Configuring a Basic ACL6
This section describes how to configure a basic ACL6.
11.3.1 Establishing the Configuration Task
11.3.2 (Optional) Configuring the Valid Time Range of ACL6
11.3.3 Creating a Basic ACL6
11.3.4 Checking the Configuration
11.3.1 Establishing the Configuration Task
Applicable Environment
An ACL6 can be applied to the following tasks:
l
Configuring the packet filtering policy
l
Configuring the policy-based routing
l
Configuring the routing policy
Pre-configuration Tasks
Before configuring an ACL6, start the device normally.
Data Preparation
To configure an ACL6, you need the following data.
No.
Data
1
(Optional) Name of the time range in which the basic ACL takes effect and the start
time and end time of the time range
2
ACL6 number, permit or deny rules, source IP address
11.3.2 (Optional) Configuring the Valid Time Range of ACL6
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-5
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
A time rang is created.
This configuration task is used to create a time range. Multiple time ranges with the same name
can be created.
----End
11.3.3 Creating a Basic ACL6
Context
The range of acl6-number of a basic ACL6 is 2000 to 2999.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl ipv6 [ number ] acl6-number [ match-order { auto | config } ]
A basic ACL6 is created and the basic ACL6 view is displayed.
Step 3 Run:
rule [ rule-id ] { deny | permit } [ fragment | logging | source { source-ipv6addressprefix-length | source-ipv6-address/prefix-length | any } | time-range timename | vpn6-instance vpn6-instance-name ] *
ACL6 rules are defined.
Defining ACL6 rules for the basic ACL6 is based only on the source IP address.
----End
11.3.4 Checking the Configuration
Prerequisite
The configurations of the Basic ACL6 function are complete.
Procedure
l
11-6
Run the display acl ipv6 { acl6-number | all } command to check the configured ACL6
rule.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
l
Run the display statistics acl ipv6 { acl-number | all } control-plane [ | { begin |
include | exclude } regular-expression ] command to check the statistics about the packets
matching ACL6 in soft forwarding.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Example
Run the display acl ipv6 command. If the ACL6 number, the number of rules, detailed step
description, and ACL6 rules are displayed, it means that the configuration succeeds. For
example:
<HUAWEI> display acl ipv6 2200
Basic IPv6 ACL 2200, 1 rule
Acl's step is 5
rule 5 permit
After the preceding configurations, the statistics about the packets matching ACL6 in soft
forwarding is displayed after the display statistics acl ipv6 control-plane command is used.
<HUAWEI> display statistics acl ipv6 2200 control-plane
Basic IPv6 ACL 2200, 3 rules
rule 0 permit source 2030:5060::9050/64 (235 times matched)
rule 1 deny source 4050:7080::4060/96 (560 times matched)
rule 80 permit source FE80::9040/32 (729 times matched)
Run the display time-range command. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Time-range : active1 ( Active )
14:00 to 00:00 daily
11.4 Configuring an Advanced ACL6
This section describes how to configure an advanced ACL6.
11.4.1 Establishing the Configuration Task
11.4.2 (Optional) Configuring the Valid Time Range of ACL6
11.4.3 Creating an Advanced ACL6
11.4.4 Checking the Configuration
11.4.1 Establishing the Configuration Task
Applicable Environment
An ACL6 can be applied to the following tasks:
l
Issue 03 (2010-03-31)
Configuring the packet filtering policy
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
l
Configuring the policy-based routing
l
Configuring the routing policy
Pre-configuration Tasks
Before configuring an ACL6, complete the following task:
l
Starting the device normally
Data Preparation
To configure an ACL6, you need the following data:
No.
Data
1
(Optional) Name of the time range in which the advanced ACL takes effect and the
start time and end time of the time range
2
ACL6 number, permit or deny rules
3
Protocol type, source and destination port numbers, source and destination IP address,
and source IP address fragment or not, ICMP message type and coding, priority, ToS,
and valid time
11.4.2 (Optional) Configuring the Valid Time Range of ACL6
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
A time rang is created.
This configuration task is used to create a time range. Multiple time ranges with the same name
can be created.
----End
11.4.3 Creating an Advanced ACL6
11-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
Context
The range of acl6-number of an advanced ACL6 is 3000 to 3999.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl ipv6 [ number ] acl6-number [ match-order { auto | config } ]
The advance ACL6 is created and the advanced ACL6 view is displayed.
Step 3 Perform the following configuration as required.
l
When protocol is specified as TCP or UDP
Run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipv6address prefix-length | destination-ipv6-address/prefix-length | any } |
destination-portoperator port | fragment | logging | precedence precedence |
source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length
| any } | source-port operator port | time-range time-name | tos tos | vpn6instance vpn6-instance-name ] *
ACL6 rules are defined.
l
When protocol is specified as ICMPv6
Run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipv6address prefix-length | destination-ipv6-address/prefix-length | any } |
fragment | icmpv6-type { icmp6-type-name | icmp6-type icmp6-code } | logging |
precedence precedence | source { source-ipv6-address prefix-length | source-ipv6address/prefix-length | any } | time-range time-name | tos tos | vpn6-instance
vpn6-instance-name ] *
ACL6 rules are defined.
l
When protocol is specified as other protocols except TCP, UDP, and ICMPv6
Run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ipv6address prefix-length | destination-ipv6-address/prefix-length | any } |
fragment | logging | precedence precedence | source { source-ipv6-address prefixlength | source-ipv6-address/prefix-length | any } | time-range time-name | tos
tos | vpn6-instance vpn6-instance-name ] *
ACL6 rules are defined.
----End
11.4.4 Checking the Configuration
Prerequisite
The configurations of the Advanced ACL6 function are complete.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
Procedure
l
Run the display acl ipv6 { acl6-number | all } command to check the configured ACL6
rule.
l
Run the display statistics acl ipv6 { acl-number | all } control-plane [ | { begin |
include | exclude } regular-expression ] command to check the statistics about the packets
matching ACL6 in soft forwarding.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Example
Run the display acl ipv6 command. If the ACL6 number, the number of rules, detailed step
description, and ACL6 rules are displayed, it means that the configuration succeeds. For
example:
<HUAWEI> display acl ipv6 3100
Advanced IPv6 ACL 3100, 3 rules,
rule 0 permit icmpv6
rule 1 permit ipv6 source 3001::/16 destination 4001::/16
rule 2 permit tcp source 5001::/16
After the preceding configurations, the statistics about the packets matching ACL6 in soft
forwarding is displayed after the display statistics acl ipv6 control-plane command is used.
<HUAWEI> display statistics acl ipv6 3000 control-plane
Advanced IPv6 ACL 3000, 1 rule
rule 1 permit ipv6 source 4001::/16 (137 times matched)
Run the display time-range command. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Time-range : active1 ( Active )
14:00 to 00:00 daily
11.5 Configuring a Named ACL6
This section describes how to configure the Named ACL6.
11.5.1 Establishing the Configuration Task
11.5.2 (Optional) Configuring the Valid Time Range of ACL6
11.5.3 Creating a Named ACL6
11.5.4 Checking the Configuration
11.5.1 Establishing the Configuration Task
11-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
Application Environment
An ACL6 can be applied to various services, such as routing policies and packet filtering, to
implement differentiated packet processing based on packet types.. Named ACL6s are advanced
ACL6s because you need to define rules for the named ACL6s by specifying the source IP
address, destination IP address, IP bearer protocol type, TCP source port, TCP destination port,
or ICMP protocol type and code.
Pre-configuration Tasks
None.
Data Preparation
To configure a named ACL6, you need the following data.
No.
Data
1
(Optional) Name of the time range in which the named ACL6 takes effect and the
start time and end time of the time range
2
Rule ID of the named ACL6, permit or deny rule, and source IP address
3
IP bearer protocol type, source and destination ports, destination IP address, or ICMP
message type and code, packet priority, ToS, and timeout period of the ACL rule
4
(Optional) Description of the named ACL6
5
(Optional) Step of the named ACL6
11.5.2 (Optional) Configuring the Valid Time Range of ACL6
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
time-range time-name { start-time to end-time days | from time1 date1 [ to time2
date2 ] }
A time rang is created.
This configuration task is used to create a time range. Multiple time ranges with the same name
can be created.
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-11
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
11.5.3 Creating a Named ACL6
Context
A named ACL6 is an advanced ACL6 and its acl-number ranges from 42768 to 45767.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl ipv6 name acl-name [ number acl-number ] [ match-order { auto | config } ]
A named ACL6 is created and the named ACL view is displayed.
Step 3 Perform the following steps as required to configure rules for the named ACL6:
l
When protocol is TCP or UDP, run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | destination-port operator port | fragment-type fragment-type-name |
source { source-ip-address source-wildcard | any } | source-port operator port | syn-flag
syn-flag time-range time-name | dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | destination-port operator port | fragment-type fragment-type-name |
source { source-ip-address source-wildcard | any } | source-port operator port | syn-flag
syn-flag time-range time-name | precedence precedence |tos tos ] *
syn-flagsyn-flag needs to be specified only when TCP is used.
l
When protocol is ICMP, run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | icmp-type { icmp-name | icmp-type
icmp-code } | source { source-ip-address source-wildcard | any } | time-range time-name |
dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | icmp-type { icmp-name |icmp-type
icmp-code } |source { source-ip-address source-wildcard | any } | time-range time-name |
precedence precedence | tos tos ] *
l
When protocol is not TCP, UDP, or ICMP, run:
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | source { source-ip-address sourcewildcard | any } | time-range time-name | dscp dscp ] *
rule [ rule-id ] { deny | permit } protocol [ destination { destination-ip-address destinationwildcard | any } | fragment-type fragment-type-name | source { source-ip-address sourcewildcard | any } | time-range time-name | precedence precedence | tos tos ] *
Configure different advanced ACLs on the device for different protocols over IP. Different
protocols have different parameters combination. For example, TCP and UDP have optional
11-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
parameter [ source-port operator port ] [ destination-port operator port ] while other protocols
do not.
----End
11.5.4 Checking the Configuration
Prerequisite
The configurations of the ACL6 function are complete.
Procedure
l
Run the display acl ipv6 name acl-name command to check the configured ACL6 rule.
l
Run the display statistics acl ipv6 { acl-number | all | name acl-name } control-plane [ |
{ begin | include | exclude } regular-expression ] command to check the statistics about
the packets matching ACL6 in soft forwarding.
l
Run the display time-range { time-name | all } command to check the time range.
----End
Example
# Check the configurations of named ACL6, whose name is test.
<HUAWEI> display acl ipv6 name test
Advanced IPv6 Name ACL test, 1 rule
Acl's step is 5
rule 5 permit ip
# View the statistics about the packets matching ACL6 3000 in soft forwarding.
<HUAWEI> display statistics acl ipv6 3000 control-plane
Advanced IPv6 ACL 3000, 1 rule
rule 0 permit ipv6 (335 times matched)
# View the statistics about the packets matching ACL6 named test in soft forwarding.
<HUAWEI> display statistics acl ipv6 name test control-plane
Advanced IPv6 ACL test, 2 rules,
rule 0 permit 1 (10 times matched)
rule 1 permit ipv6 (23 times matched)
Run the display time-range command. If the configuration and status of the current time range
are displayed, it means that the configuration succeeds. For example:
<HUAWEI> display time-range all
Current time is 14:19:16 3-15-2006 Wednesday
Time-range : time1 ( Inactive )
10:00 to 12:00 daily
Time-range : time2 ( Inactive )
from 13:00 2006/4/1 to 23:59 2099/12/31
Time-range : active1 ( Active )
14:00 to 00:00 daily
11.6 Maintaining ACL6
This section describes how to maintain ACL6.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-13
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
11.6.1 Clearing ACL6 Statistics
11.6.2 Monitoring Network Operation Status of ACL6
11.6.1 Clearing ACL6 Statistics
Context
CAUTION
Statistics cannot be restored after you clear it. So, confirm the action before you use the
command.
Procedure
Step 1 Run the reset acl ipv6 counter { acl6-number | name acl-name | all } command in the user
view to clear the ACL6 counter.
----End
11.6.2 Monitoring Network Operation Status of ACL6
Context
In routine maintenance, you can run the following command in any view to check the operation
of ACL6.
Procedure
l
Run the display acl ipv6 { acl6-number | name acl-name | all } command in any view to
check the configured ACL6 rules.
l
Run the display statistics acl ipv6 { acl-number | all | name acl-name } control-plane
command in any view to check the statistics about the packets matching ACL6 in soft
forwarding.
----End
11.7 Configuration Examples
This section provides several configuration examples of ACL6.
11.7.1 Example for Configuring an ACL6 to Filter IPv6 Packets
11.7.1 Example for Configuring an ACL6 to Filter IPv6 Packets
11-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
Networking Requirements
As shown in Figure 11-1, Router A and Router B are connected through POS interfaces.
Configure ACL6 rules on Router A to prevent the IPv6 packets with the source IP address 3001::2
from entering POS1 /0/0 of Router A.
Figure 11-1 Networking diagram of configuring an ACL6 to filter IPv6 packets
RouterA
POS1/0/0
3001::1/64
RouterB
POS1/0/0
3001::2/64
Loopback2
3002::2/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
Define an ACL6 number.
2.
Define rules in the ACL6.
3.
Set the traffic classifier, behavior, and policy.
Data Preparation
To complete the configuration, you need the following data:
l
ACL6 number
l
Source IPv6 address denied by the ACL6 rule
Procedure
Step 1 Enable IPv6 forwarding capabilities on Router A and Router B, configure interface parameters,
and check connectivity between them.
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] ipv6 enable
[RouterA-Pos1/0/0] ipv6 address 3001::1 64
[RouterA-Pos1/0/0] undo shutdown
[RouterA-Pos1/0/0] quit
# Configure a static route on Router A.
[RouterA] ipv6 route-static 3002:: 64 3001::2
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ipv6
[RouterB] interface loopback 2
[RouterB-LoopBack2] ipv6 enable
[RouterB-LoopBack2] ipv6 address 3002::2 64
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-15
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
[RouterB-LoopBack2] quit
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ipv6 enable
[RouterB-Pos1/0/0] ipv6 address 3001::2 64
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
# Ping POS 1/0/0 of Router A from POS 1/0/0 of Router B.
[RouterB] ping ipv6 -a 3001::2 3001::1
PING 3001::1 : 56 data bytes, press CTRL_C to break
Reply from 3001::1
bytes=56 Sequence=1 hop limit=64 time = 80 ms
Reply from 3001::1
bytes=56 Sequence=2 hop limit=64 time = 50 ms
Reply from 3001::1
bytes=56 Sequence=3 hop limit=64 time = 40 ms
Reply from 3001::1
bytes=56 Sequence=4 hop limit=64 time = 30 ms
Reply from 3001::1
bytes=56 Sequence=5 hop limit=64 time = 1 ms
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/40/80 ms
The ping succeeds without timeout or abnormal delay.
# Ping POS 1/0/0 of Router A from loopback2 of Router B.
[RouterB] ping ipv6 -a 3002::2 3001::1
PING 3001::1 : 56 data bytes, press CTRL_C to break
Reply from 3001::1
bytes=56 Sequence=1 hop limit=64 time = 60 ms
Reply from 3001::1
bytes=56 Sequence=2 hop limit=64 time = 30 ms
Reply from 3001::1
bytes=56 Sequence=3 hop limit=64 time = 20 ms
Reply from 3001::1
bytes=56 Sequence=4 hop limit=64 time = 50 ms
Reply from 3001::1
bytes=56 Sequence=5 hop limit=64 time = 20 ms
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/36/60 ms
The ping succeeds without timeout or abnormal delay.
Step 2 Create an ACL6 rule and apply the rule on the interface to prevent the IPv6 packets from 3001::2.
# Configure Router A.
[RouterA] acl ipv6 number 3001
[RouterA-acl6-adv-3001] rule deny ipv6 source 3001::2/128
[RouterA-acl6-adv-3001] quit
[RouterA] traffic classifier bb
[RouterA-classifier-bb] if-match ipv6 acl 3001
[RouterA-classifier-bb] quit
[RouterA] traffic behavior aa
[RouterA-behavior-aa] permit
[RouterA-behavior-aa] quit
[RouterA] traffic policy cc
[RouterA-trafficpolicy-cc] classifier bb behavior aa
[RouterA-trafficpolicy-cc] quit
[RouterA] interface pos 1/0/0
11-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
[RouterA-Pos1/0/0] traffic-policy cc inbound
[RouterA-Pos1/0/0] quit
Step 3 Verify the configuration.
# Ping POS 1/0/0 of Router A from POS 1/0/0 of Router B.
[RouterB] ping ipv6 -a 3001::2 3001::1
PING 3001::1 : 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 3001::1 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
round-trip min/avg/max = 0/0/0 ms
The ping fails.
# Ping POS 1/0/0 of Router A from loopback2 of Router B.
[RouterB] ping ipv6 -a 3002::2 3001::1
PING 3001::1 : 56 data bytes, press CTRL_C to break
Reply from 3001::1
bytes=56 Sequence=1 hop limit=64 time = 80 ms
Reply from 3001::1
bytes=56 Sequence=2 hop limit=64 time = 50 ms
Reply from 3001::1
bytes=56 Sequence=3 hop limit=64 time = 40 ms
Reply from 3001::1
bytes=56 Sequence=4 hop limit=64 time = 40 ms
Reply from 3001::1
bytes=56 Sequence=5 hop limit=64 time = 30 ms
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/48/80 ms
The ping succeeds without timeout or abnormal delay.
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
ipv6
#
acl ipv6 number 3001
rule 0 deny ipv6 source 3001::2/128
#
traffic classifier bb operator or
if-match ipv6 acl 3001
#
traffic behavior aa
#
traffic policy cc
undo share-mode
classifier bb behavior aa
#
interface pos1/0/0
link-protocol ppp
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
11 ACL6 Configuration
undo shutdown
traffic-policy cc inbound
ipv6 enable
ipv6 address 3001::1/64
#
ipv6 route-static 3002:: 64 3001::2
#
return
l
Configuration file of Router B
#
sysname RouterB
#
ipv6
#
interface pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 3001::2/64
#
interface LoopBack2
ipv6 enable
ipv6 address 3002::2/64
#
return
11-18
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12
12 IPv6 over IPv4 Tunnel Configuration
IPv6 over IPv4 Tunnel Configuration
About This Chapter
This chapter describes the IPv6 over IPv4 tunnel fundamentals. It also describes configuration
steps for IPv6 over IPv4 tunnel configuration, along with typical examples.
12.1 IPv6 over IPv4 Tunnel Overview
This section describes the basic principles and concepts of IPv6 over IPv4 tunnel.
12.2 Configuring IPv4/IPv6 Dual Stacks
This section describes how to enable the IPv4/IPv6 dual protocol stacks.
12.3 Configuring an IPv6 over IPv4 Tunnel
This section describes how users in IPv6 networks communicate across an IPv4 network.
12.4 Configuring 6PE
This section describes how users in IPv6 networks communicate across the existing MPLS
network.
12.5 Maintaining IPv6 over IPv4 Tunnels
This section describes how to debug the IPv6 tunnel.
12.6 Configuration Examples
This section provides several configuration examples of IPv6 over IPv4 tunnels.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
12.1 IPv6 over IPv4 Tunnel Overview
This section describes the basic principles and concepts of IPv6 over IPv4 tunnel.
12.1.1 Introduction to IPv6 over IPv4
12.1.2 IPv6 over IPv4 Supported by the NE80E/40E
12.1.1 Introduction to IPv6 over IPv4
During the transition from the IPv4 Internet to the IPv6 Internet, IPv4 networks have been widely
deployed while IPv6 domains are isolated and dispersed around the world. It is not economical
to connect these isolated sites with private lines.
The usual method is tunnel technology. This technology creates tunnels over IPv4 networks to
connect isolated IPv6 domains. This is similar to the situation where the tunnel technology is
used to deploy VPNs on the IP networks.
The tunnel used to connect isolated IPv6 domains over IPv4 networks is called IPv6 over IPv4
tunnel. To implement this tunnel, enable IPv4/IPv6 dual stacks on the devices at the border of
the IPv4 network and the IPv6 network.
12.1.2 IPv6 over IPv4 Supported by the NE80E/40E
Dual Stacks
The simplest way for an IPv6 node to remain compatible with an IPv4 node is to reserve a
complete IPv4 protocol stack. In this way, the IPv6 node maintains a dual-stack structure. Figure
12-1 shows a single stack structure and a dual stack structure.
Figure 12-1 Single stack and dual stack structures (Ethernet)
IPv4 Application
UDP
TCP
IPv4
Protocol ID:
0x0800
Ethernet
IPv4/IPv6 Application
TCP
UDP
IPv6
Protocol ID: Protocol ID:
0x86DD
0x0800
Ethernet
IPv4 Stack
Dual Stack
The characteristics of the dual-stack structure are as follows:
l
12-2
Supported by multiple link layer protocols
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Multiple link layer protocols, such as Ethernet, support dual stacks. The link layer in the
above diagram is the Ethernet. For an Ethernet frame with the protocol ID field value of
0x0800 indicates that the network layer has IPv4 packets. The ID field value of 0x86DD
indicates that the network has IPv6 packets.
Supported by multiple applications
l
Multiple applications such as DNS, FTP and Telnet support dual stacks. The upper
application, such as DNS, can select TCP or UDP as its transport layer protocol. However,
it prefers the IPv6 protocol stack rather than IPv4 to be the network layer protocol.
IPv6 over IPv4 Tunnel
Figure 12-2 shows principles of the IPv6 over IPv4 tunnel technology.
1.
Enabling IPv4/IPv6 dual stacks
Enable IPv4/IPv6 dual stacks on the border device.
2.
Encapsulating IPv6 packets
After receiving a packet from the IPv6 network, the border device takes the received IPv6
packet as the payload, adds an IPv4 packet header before the payload and encapsulates it
into an IPv4 packet if it finds that the destination of the packet is not for itself.
3.
Transmitting the encapsulated packet
In the IPv4 network, the encapsulated packet is transmitted to the peer border device.
4.
Decapsulating the packet
The peer border device decapsulates the packet, removes the IPv4 packet header, and
forwards the resulting IPv6 packet to the remote IPv6 network.
Figure 12-2 Schematic diagram of IPv6 over IPv4 tunnel
Dual Stack
Router
IPv6
IPv4
Tunnel
Dual Stack
Router
IPv6
IPv6 host
IPv6 host
IPv6 Header
IPv6 Header
IPv6 Data
IPv4 Header
IPv6 Data
IPv6 Header IPv6 Data
The virtual tunnel that transmits IPv6 packets between the border devices is called the IPv6 over
IPv4 tunnel. Tunnels can be classified according to their setup modes.
The common IPv6 over IPv4 tunnel modes include:
l
IPv6 over IPv4 manual tunnels
l
IPv6 over IPv4 GRE tunnels (GRE tunnels)
l
IPv6 over IPv4 tunnel automatic tunnels
l
6to4 tunnels
l
Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnels
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-3
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
IPv6 over IPv4 Manual Tunnel
An IPv6 over IPv4 manual tunnel is set up by configuring the border devices of two tunnel ends.
The source IPv4 address and destination IPv4 address of such a tunnel must be configured
statically.
A manual tunnel is equivalent to a permanent link between two IPv6 networks over an IPv4
backbone network. It is the fixed channel for regular and secure communication between the
two border devices.
The manual tunnel can be used between isolated IPv6 networks. It can also be used between a
border device and a host. In this case, the host and the device on both ends of the tunnel must
support the IPv4 and the IPv6 protocol stacks.
IPv6 over IPv4 GRE Tunnel
The IPv6 traffic can be carried over the IPv4 GRE tunnels. When carrying the IPv6 traffic, the
IPv4 GRE tunnels are called IPv6 over IPv4 GRE tunnels (GRE tunnel for short). Like the IPv6
over IPv4 manual tunnel, a GRE tunnel is a link between two nodes, with a separate tunnel for
each link. The tunnels are not tied to a specific passenger or transport protocol, and only carry
IPv6 as the passenger protocol and GRE as the carrier protocol.
The GRE tunnel is also manually created on the border devices at the tunnels. You need to
statically specify the source IPv4 address and destination IPv4 address of the GRE tunnel. Unlike
the manual tunnel, the GRE tunnel can be set to check the GRE packet header and to authenticate
the tunnel keyword to enhance the tunnel security.
The GRE tunnel is used to connect border devices, or connect a border device and a host system.
Both the host and the device on both the ends of the tunnel must support the IPv4 and the IPv6
protocol stacks.
IPv6 over IPv4 Automatic Tunnel
To create an IPv6 over IPv4 automatic tunnel, you need a special kind of IPv6 address, namely
an IPv4-compatible IPv6 address.
The format of IPv4-compatible IPv6 address is as follows:
0:0:0:0:0:0:IPv4-address
Its high-order 96 bits are all 0s, and its low-order 32 bits form an IPv4 address. This IPv4 address
must be reachable in the IPv4 network, and cannot be a multicast address, a broadcast address,
a loopback address or an unspecified address (0.0.0.0).
To configure an automatic tunnel, specify just the source address of the tunnel on a border device
or a host. The destination address of the tunnel is automatically obtained from the destination
IP address field carried in the original IPv6 packet.
The IPv6 over IPv4 automatic tunnel is usually used when an isolated IPv4/IPv6 dual stack host
needs to access a remote IPv6 network over an IPv4 network. The automatic tunnel needs to be
configured between the isolated IPv4/IPv6 host and the IPv4/IPv6 device.
While setting up an automatic tunnel, configure the IPv4-compatible IPv6 address on both the
ends of the tunnel. The IPv4-compatible IPv6 address depends on the IPv4 address of the physical
interface of the tunnel. It is limited to the shortage of the IPv4 address. Therefore, it has certain
limitations.
12-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
6to4 Tunnel
A 6to4 tunnel is a mechanism that connects several isolated IPv6 domains to each other over an
IPv4 network. The 6to4 tunnel can be configured on the border device between the isolated IPv6
network and the IPv4 network. The border device on both the ends of the 6to4 tunnel must
support the IPv4 and the IPv6 dual protocol stacks at the same time.
The key difference between the 6to4 tunnel and the manual tunnel is that the former can be a
point-to-multipoint connection, and the latter is only a point-to-point connection. Hence, the
devices of the 6to4 tunnel are not configured in pairs.
The 6to4 tunnel can automatically find another end of the tunnel, like the automatic tunnel. You
need not specify the IPv4-compatible IPv6 address for it.
The 6to4 tunnel uses a kind of special IPv6 address, namely the 6to4 address with the following
format:
2002:IPv4 address: subnet ID:interface ID
The prefix of the 6to4 address is 2002:IPv4 address with the length of 48 bits. Of these, the IPv4
address is a globally unique one requested for an isolated IPv6 domain. This IPv4 address must
be configured on the IPv6/IPv4 border device's physical interface that is connected with the IPv4
network. The length of the subnet ID is 16 bits, and that of the interface ID is 64 bits. Both the
subnet ID and the interface ID are allocated in the isolated IPv6 domains.
As shown in Figure 12-3, Site1 and Site2 are 6to4 networks, and hosts and devices in the 6to4
network are allocated with 6to4 addresses. The IPv4 address contained in the 6to4 address of
the host or device in Site1 is the IPv4 address of the interface through which Router A accesses
the IPv4 network. Similarly, the IPv4 address contained in the 6to4 address of the host or device
in Site2 is the IPv4 address of the interface through which Router B accesses the IPv4 network.
Router A and Router B are both 6to4 devices.
Figure 12-3 6to4 tunnel and 6to4 relay
6to4
Router
6to4
Network
Site1
6to4
Router
6to4
Network
Site2
RouterB
IPv4
Network
RouterA
6to4
Relay
RouterC
IPv6
Internet
Site3
When the host in Site1 accesses the host in Site2, the process concerned is as follows:
1.
The IPv6 packet is transmitted to Router A.
2.
Router A checks the destination address of the IPv6 packet and finds that the address is the
6to4 address, from which Router A obtains the remote IPv4 address of the 6to4 tunnel.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-5
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
3.
Router A encapsulates this IPv6 packet into the IPv4 packet. The destination address of
IPv4 packet header is the remote IPv4 address of the tunnel, and its source address is the
local IPv4 address of the tunnel.
4.
Router A forwards the IPv4 packet in the IPv4 network to Router B.
5.
Router B decapsulates it to obtain the previous IPv6 packet, and then sends the IPv6 packet
to the destination host in Site2.
The above process implements the communication between the 6to4 networks. To implement
the communication between the 6to4 network and native IPv6 network, a 6to4 relay device is
needed. The so-called native IPv6 network means that both its internal host and device are not
configured with the 6to4 address.
The 6to4 relay device is the gateway between the 6to4 network and the native IPv6 network.
One side of the 6to4 relay device is connected to the native IPv6 network; the other side is
connected to the IPv4 network and creates the 6to4 tunnel with the 6to4 device.
As shown in Figure 12-3, when the host in the 6to4 network accesses the IPv6 Internet, the
process concerned is as follows:
1.
The IPv6 packet is routed to Router A.
2.
A 6to4 tunnel is created between Router A and Router C.
3.
The IPv6 packet is encapsulated into the IPv4 packet and is sent to Router C.
4.
Router C decapsulates the IPv4 packet to obtain the previous IPv6 packet, and sends the
IPv6 packet to the destination host in the IPv6 Internet.
ISATAP Tunnel
The ISATAP tunnel is used when the IPv4/IPv6 host in an IPv4 network accesses an IPv6
network. The ISATAP tunnel can be created between an ISATAP host and an ISATAP device.
The ISATAP format address is needed to create the ISATAP tunnel. Its structure is as follows:
Prefix (64bit)::5EFE:IPv4-Address
When the ISATAP tunnel is created (since the IPv4/IPv6 host and the ISATAP device are in a
same IPv4 network), the IPv4 address embedded into the ISATAP address can be either a public
network address or a private network address.
As shown in Figure 12-4, the process for an IPv4/IPv6 host to obtain an IPv6 address is as
follows:
1.
The IPv4/IPv6 host sends a request message to a device.
The IPv4/IPv6 host uses the link-local address in the ISATAP format to send a router
request message to the ISATAP device. It encapsulates the message into the IPv4 packet.
2.
The ISATAP device responds to the request message.
The ISATAP device uses a router notification message to respond to the request. The router
notification message contains the ISATAP prefix, which is manually configured on the
device.
3.
The IPv4/IPv6 host obtains its IPv6 address.
The IPv4/IPv6 host obtains its own IPv6 address by combining the ISATAP prefix with
5EFE:IPv4-Address, and uses this address to access the IPv6 host.
12-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Figure 12-4 ISATAP tunnel
IPv4
Network
ISATAP Tunnel
IPv6
Network
IPv4/IPv6 Host
2.1.1.1
FE80::5EFE:0201:0101
3FFE::5EFE:0201:0101
ISATAP
Router
IPv6 Host
The principle of an IPv4 or IPv6 host accessing an IPv6 network is as follows:
1.
2.
3.
The IPv4 or IPv6 host in the IPv4 network obtains an IPv6 address based on the steps given
above.
The IPv4 or IPv6 host sends packets that are encapsulated in an IPv4 packet to the host in
the IPv6 network.
An ISATAP device decapsulates the IPv4 packet and sends the IPv6 packets to the IPv6
host.
6PE
On an IPv4 backbone network where the MPLS is deployed, the ISP can use the IPv6 Provider
Edge (6PE) technology to provide the interconnection capacity for the IPv6 networks of
dispersed users. 6PE is the PE with the IPv6 capacity.
Figure 12-5 shows the principle of interconnecting isolated IPv6 domains through 6PE.
1.
2.
3.
4.
When the 6PE device receives an IPv6 packet from the CE, it directly labels the packet to
translate the packet into an MPLS packet that can be transmitted over the IPv4 backbone
network.
The MPLS packet is forwarded to the remote 6PE through the LSP.
The remote 6PE removes the label and finds the IPv6 routing table according to the
destination address in the resulting IPv6 packet header.
The remote 6PE then sends the packet to the destination host in the remote IPv6 network
through the remote CE.
Figure 12-5 Networking diagram of 6PE
6PE
Router
IPv4/MPLS
6PE
Router
IBGP
CE
CE
PE
IPv6
Customer
site
Issue 03 (2010-03-31)
IPv6
Customer
site
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-7
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Note the following points when you connect isolated IPv6 sites through a 6PE tunnel:
l
Enable IPv4, MPLS and IPv6 on 6PE.
l
MP-BGP also needs to be enabled between 6PEs to receive or send IPv6 routes from/to the
remote 6PE.
l
The IGP over ISP's IPv4 backbone network can be OSPF or IS-IS.
l
Static routing protocol, IGP or EBGP can work between CE and 6PE.
When ISPs tend to extend their IPv4 or MPLS networks with IPv6 traffic exchange capability
on MPLS, they only need to update their PE devices.
12.2 Configuring IPv4/IPv6 Dual Stacks
This section describes how to enable the IPv4/IPv6 dual protocol stacks.
12.2.1 Establishing the Configuration Task
12.2.2 Enabling IPv6 Packet Forwarding
12.2.3 Configuring IPv4 and IPv6 Addresses for the Interface
12.2.1 Establishing the Configuration Task
Applicable Environment
If a device has both IPv4 and IPv6 connections, the IPv4/IPv6 dual protocol stacks need to be
enabled on the device.
Enabling the IPv4/IPv6 dual protocol stacks on the NE80E/40E is a simple process. Enable the
IPv6 packet forwarding capacity in the system view and configure an IPv4 address or IPv6
address on the corresponding interface. The device can then forward IPv4 and IPv6 packets on
the corresponding interface.
Pre-configuration Tasks
Before configuring IPv6 tunnels, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
l
Configuring the link layer parameters for the interface
Data Preparation
To configure IPv4/IPv6 dual stacks, you need the following data.
12-8
No.
Data
1
Type and number of the interface connected with the IPv4 network
2
IPv4 address and mask of the interface connected with the IPv4 network
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
No.
Data
3
Type and number of the interface connected with the IPv6 network
4
IPv6 address and prefix of the interface connected with the IPv6 network
12.2.2 Enabling IPv6 Packet Forwarding
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l
If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The interface on the device is not of the IPv6 capability
and hence you cannot perform any IPv6 configurations.
l
If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the IPv6 protocol status on the interface is Down and the
device cannot forward IPv6 data.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6
The IPv6 packet forwarding capability is enabled.
To enable a device to forward IPv6 packets, you must run this command in the system view;
otherwise, the IPv6 protocol status on the interface is Down and the device cannot forward IPv6
packets although the interface is configured with an IPv6 address.
By default, the IPv6 packet forwarding capability is disabled.
Step 3 Run:
interface interface-type interface-number
The view of the interface to be enabled with the IPv6 capability is displayed.
Step 4 Run:
ipv6 enable
The IPv6 capability is enabled on the interface.
Before performing IPv6 configurations in the interface view, you must enable the IPv6 capability
in the interface view.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-9
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
By default, the IPv6 capability is disabled on the interface.
----End
12.2.3 Configuring IPv4 and IPv6 Addresses for the Interface
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view of the IPv4 network is displayed.
Step 3 Run:
ip address ip-address { mask | mask-length }
An IPv4 address is assigned to the interface.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
interface interface-type interface-number
The interface view of the IPv6 network is displayed.
Step 6 Perform the following configuration as required.
l
Run:
ipv6 address auto link-local
The link-local address is set to be automatically generated.
l
Run:
ipv6 address ipv6-address link-local
The link-local address of the interface is configured.
l
Run:
ipv6 address { ipv6-address | prefix-length }
The global unicast address is configured.
l
Run:
ipv6 address ipv6-address/prefix-length [ eui-64 ]
The IPv6 EUI-64 address is configured.
----End
12-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
12.3 Configuring an IPv6 over IPv4 Tunnel
This section describes how users in IPv6 networks communicate across an IPv4 network.
12.3.1 Establishing the Configuration Task
12.3.2 Configuring an IPv6 over IPv4 Manual Tunnel
12.3.3 Configuring an IPV6 over IPv4 GRE Tunnel
12.3.4 Configuring an IPv6 over IPv4 Automatic Tunnel
12.3.5 Configuring a 6to4 Tunnel
12.3.6 Configuring an ISATAP Tunnel
12.3.7 Configuring Routes in the Tunnel
12.3.8 Checking the Configuration
12.3.1 Establishing the Configuration Task
Applicable Environment
To enable communication between two IPv6 networks over the IPv4 network, configure an IPv6
over IPv4 tunnel on the border device of the IPv4 and IPv6 networks.
Pre-configuration Tasks
Before configuring an IPv6 over IPv4 tunnel, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
l
Configuring the link layer protocol for the interface and ensuring that the status of the link
layer protocol on the interface is Up
l
Configuring the IPv4/IPv6 dual-protocol stacks
Data Preparation
To configure an IPv6 over IPv4 tunnel, you need the following data.
Issue 03 (2010-03-31)
No.
Data
1
Number, IPv6 address and prefix length of the tunnel
2
Encapsulation mode of packets over the tunnel
3
Source IPv4 address or interface number of the tunnel
4
Destination IPv4 address of the tunnel
5
Authentication word of the GRE tunnel (only for the GRE tunnel)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-11
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12.3.2 Configuring an IPv6 over IPv4 Manual Tunnel
Context
Note the following when configuring an IPv6 over IPv4 manual tunnel:
l
Before configuring other parameters of an IPv6 tunnel, you must create a tunnel interface.
l
The source interface of the tunnel must be specified by the address or number of the
loopback interface on the local route.
l
The destination interface of the tunnel must be specified by the address of the loopback
interface on the peer device.
l
You need to conduct the following configurations on the devices on both the ends of the
tunnel. During the configuration, note that the source address of the local tunnel end is the
destination address set for the remote tunnel end; the destination address of the local tunnel
end is the source address set for the remote tunnel end.
l
To support dynamic routing protocol, you also need to configure the tunnel interface with
a network address.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface tunnel interface-number
The tunnel interface is created.
Step 3 Run:
tunnel-protocol ipv6-ipv4
The tunnel is specified be an IPv6 over IPv4 manual tunnel.
Step 4 Run:
source { ipv4-address | interface-type interface-number }
The source address or source interface of the tunnel is specified.
NOTE
For the actual implementation on the NE80E/40E, the source interface of the tunnel can only be a loopback
interface but the source address of the tunnel can be either the address of a physical interface or the address
of a loopback interface.
Step 5 Run:
destination ipv4-address
The destination address of the tunnel is specified.
NOTE
The destination address of the tunnel can be the address of a physical interface or the address of a loopback
interface.
12-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Step 6 Run:
ipv6 enable
IPv6 is enabled on the interface.
Step 7 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
The tunnel interface is configured with an IPv6 address.
----End
12.3.3 Configuring an IPV6 over IPv4 GRE Tunnel
Context
l
l
Note the following when configuring an IPv6 over IPv4 GRE tunnel:
–
Before configuring other parameters of an IPv6 tunnel, you must create a tunnel
interface.
–
The slot number of the created tunnel interface must be the same as that of the SPUC.
–
You need to create the loopback interface and assign an IP address to it.
–
The source interface of the tunnel must be specified by the address or number of the
loopback interface on the local route.
–
The destination interface of the tunnel must be specified by the address of the loopback
interface on the peer device.
–
You need to conduct the following configurations on the devices on both the ends of
the tunnel. During the configuration, note that the source address of the local tunnel end
is the destination address set for the remote tunnel end; the destination address of the
local tunnel end is the source address set for the remote tunnel end.
–
To make the tunnel support the routing protocol, configure an IP address for the tunnel
interface.
Setting the key word of the GRE packet header
The configuration of key word of GRE packet header is also optional. If the key word is
configured, the receiver checks the KEY field in the GRE packet header. If the key word
in the packet header is similar to the one configured locally, the receiver continues to process
the packet. Otherwise, it discards the packet.
Do as follows on the router:
Procedure
Step 1 Run:
set board-type slot slot-id tunnel
The service mode of the SPUC is set to Tunnel.
Step 2 Run:
system-view
The system view is displayed.
Step 3 Run:
interface tunnel interface-number
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-13
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
The tunnel interface is created.
The slot number of the created tunnel interface must be the same as that of the SPUC. For
instance, when the SPUC is inserted in slot 2, the slot number of the tunnel interface must be 2.
Step 4 Run:
tunnel-protocol gre
The tunnel is specified as a GRE tunnel.
When you configure an IPv6 over IPv4 GRE tunnel, you must run the target-boardslotnumber and binding tunnel gre commands respectively on the loopback interface to bind the
SPUC to GRE.
Step 5 Run:
source { ipv4-address | interface-type interface-number }
The source address or source interface of the tunnel is specified.
The source address specified by sourceipv4-address must be the IPv4 address of the loopback
interface bound to the SPUC through the target-board command; the source interface specified
by sourceinterface-type interface-number must be the loopback interface bound to the SPUC
through the target-board command.
Step 6 Run:
destination ipv4-address
The destination address of the tunnel is specified.
Step 7 (Optional) Run:
gre key key-number
The key word of the GRE packets header is set.
Step 8 Run:
ipv6 enable
IPv6 is enabled on the interface.
Step 9 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
The IPv6 address of the tunnel interface is configured.
----End
12.3.4 Configuring an IPv6 over IPv4 Automatic Tunnel
Context
Note the following when configuring an IPv6 over IPv4 automatic tunnel:
12-14
l
Before configuring the other parameters of an IPv6 tunnel, you must create a tunnel
interface.
l
The source interface of the tunnel must be specified by the address or number of the
loopback interface on the local route.
l
When configuring an IPv6 over IPv4 automatic tunnel, you can specify only the source
address of the tunnel. The destination address of the tunnel is automatically obtained from
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
the destination IP address field carried in the original IPv6 packet. Note that the source
interface of the IPv6 over IPv4 automatic tunnel must be unique.
l
The IPv6 address configured for the automatic tunnel must be an IPv4-compatible IPv6
address. That is, the high-order 96 bits are 0 and the low-order 32 bits represent an IPv4
address of an interface in the IPv4 network.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface tunnel interface-number
A tunnel interface is configured.
Step 3 Run:
tunnel-protocol ipv6-ipv4 auto-tunnel
The tunnel is specified as an IPv6 over IPv4 automatic tunnel.
Step 4 Run:
source { ipv4-address | interface-type interface-number }
The source address or source interface of the tunnel is specified.
Step 5 Run:
ipv6 enable
IPv6 is enabled on the interface.
Step 6 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
The tunnel interface is configured with an IPv6 address.
----End
12.3.5 Configuring a 6to4 Tunnel
Context
Note the following when configuring a 6to4 tunnel:
l
Before configuring other parameters of the tunnel, create a tunnel interface.
l
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
l
The source tunnel interface must be specified by the address or number of the loopback
interface on the local route.
l
When configuring a 6to4 tunnel, you need to specify only the source tunnel interface. The
destination address of the tunnel is automatically obtained from the destination IP address
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-15
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
field carried in the original IPv6 packet. Note that the source interface of the 6to4 tunnel
must be unique.
On the border device, configure a 6to4 address on the interface that is connected with the
6to4 network, and configure an IPv4 address on the interface that is connected with the
IPv4 network. To make the tunnel support the routing protocol, configure an IP address for
the tunnel interface.
l
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface tunnel interface-number
A tunnel interface is created.
Step 3 Run:
tunnel-protocol ipv6-ipv4 6to4
The tunnel is specified as a 6to4 tunnel.
Step 4 Run:
source { ipv4-address | interface-type interface-number }
The source address or source interface of the tunnel is specified.
Step 5 Run:
ipv6 enable
IPv6 is enabled on the interface.
Step 6 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
The interface is configured with an IPv6 address.
NOTE
The prefix of the IPv6 address configured for the interface must be the same as the 6to4 network prefix of
the border device.
----End
Postrequisite
The configuration of 6to4 relay needed to access the IPv6 network, is similar to the 6to4 tunnel.
For the configuration example, see "Example for Configuring 6to4 Relay."
12.3.6 Configuring an ISATAP Tunnel
Context
Note the following when configuring an ISATAP tunnel:
12-16
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
l
Before configuring other parameters of the tunnel, create a tunnel interface.
l
When the specified source interface of the tunnel is a physical interface, it is recommended
to set the tunnel ID to be the same as the number of the physical interface.
l
When configuring an ISATAP tunnel, you need to specify only the source address of the
tunnel. The destination address of the tunnel is automatically obtained from the destination
IP address field carried in the original IPv6 packet. Note that the source interface of the
ISATAP tunnel must be unique.
l
The IPv6 address configured on the tunnel interface is an ISATAP address with a prefix
length of 64 bits.
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface tunnel interface-number
A tunnel interface is created.
Step 3 Run:
tunnel-protocol ipv6-ipv4 isatap
The tunnel is specified as an ISATAP tunnel.
Step 4 Run:
source { ipv4-address | interface-type interface-number }
The source address or source interface of the tunnel is specified.
Step 5 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
The tunnel interface is configured with an IPv6 address.
Step 6 Run:
undo ipv6 nd ra halt
The device is allowed to advertise routes.
----End
12.3.7 Configuring Routes in the Tunnel
Context
Routes for forwarding must exist on the source device and the destination device of the tunnel,
ensuring normal packet forwarding.
Configuring routes in the tunnel comprises configuring static routes and dynamic routes.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-17
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
l
To configure the static route, you need to configure the route from the IP address of the
local loopback interface (the source address) to the destination address (IP address of the
peer loopback interface).
l
You can enable dynamic routing protocol on the tunnel interface connected to the private
networks and on the device interface.
12.3.8 Checking the Configuration
Prerequisite
The configurations of the IPv6 over IPv4 Tunnel function are complete.
Procedure
Step 1 Run the display device slot-id command to check whether the service mode of the SPUC is
Tunnel.
Step 2 Run the display ipv6 interface tunnel interface-number command to check the IPv6 attributes
of a tunnel interface.
----End
Example
If the service mode of the SPUC is Tunnel, run the display device 3 command, and you can
view that the type of the SPUC on the router is displayed as General.
<HUAWEI> display device 3
SPU3's detail information:
- - - - - - - - - - - - - - - - - - - - Description:
Board status:
Register:
Uptime:
CPU Utilization(%):
Mem Usage(%):
Clock information:
State item
Current syn-clock:
Current line-clock:
Syn-clock state:
Syn-clock 17 state:
Syn-clock 18 state:
Line-clock 23 state:
Line-clock 24 state:
Statistic information:
Statistic item
SERDES interface link lost:
Mpu switchs:
Syn-clock switchs:
- - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - Line Processing Unit - General
Normal
Registered
2009/02/26
18:33:23
3%
19%
State
17
23
Locked
Actived
Inactived
Inactived
Inactived
VCXO_OK
REF_OK
Statistic number
0
0
0
- - - - - - - - - - - - - - - - -
Run the display ipv6 interface tunnel command. If the IPv6 packets forwarding is enabled,
you can see the state of tunnel interface is Up, the state of IPv6 protocol is Up, source address
and ND parameters.
<HUAWEI> display ipv6 interface tunnel 3/0/0
Tunnel3/0/0 current state : UP ,
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::201:102
Global unicast address(es):
::2.1.1.2, subnet is ::/96
12-18
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Joined group address(es):
FF02::1:FF01:102
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
12.4 Configuring 6PE
This section describes how users in IPv6 networks communicate across the existing MPLS
network.
12.4.1 Establishing the Configuration Task
12.4.2 Configuring IPv4/IPv6 Dual Protocol Stacks
12.4.3 Configuring MPLS
12.4.4 Enabling 6PE Peer
12.4.1 Establishing the Configuration Task
Applicable Environment
To interconnect IPv6 networks over the existing MPLS network, 6PE must be configured on the
PE devices.
Pre-configuration Tasks
Before configuring 6PE, complete the following tasks:
l
Configuring the physical features of interfaces and ensuring that the status of the physical
layer of the interface is Up
l
Configuring the link layer protocols on interface and ensuring that the status of the link
layer protocol on the interface is Up
l
Configuring routes from 6PE to CE
l
Configuring routes to the backbone network
Data Preparation
To configure 6PE, you need the following data.
Issue 03 (2010-03-31)
No.
Data
1
Interface number and IPv6 address of the 6PE's interface connected with CE devices
2
Interface number and IPv4 address of the 6PE's interface
3
Interface number and IPv4 address of the loopback interface to be created
4
LSP triggering policy
5
IPv4 address of the peer of the 6PE
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-19
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12.4.2 Configuring IPv4/IPv6 Dual Protocol Stacks
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipv6
The IPv6 packet forwarding is enabled.
Step 3 Run:
interface interface-type interface-number
The interface view of the IPv4 network is displayed.
Step 4 Run:
ip address ipv4-address { mask | mask-length }
The interface is configured with an IPv4 address.
Step 5 Run:
quit
Return to the system view.
Step 6 Run:
interface interface-type interface-number
The interface view of the IPv6 network is displayed.
Step 7 Run:
ipv6 enable
IPv6 is enabled on the interface.
Step 8 Run:
ipv6 address ipv6-address/prefix-length [ eui-64 ]
Or
ipv6 address { ipv6-address | prefix-length }
The interface is configured with an IPv6 address.
Step 9 Run:
quit
12-20
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Return to the system view.
----End
12.4.3 Configuring MPLS
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mpls lsr-id ip-address
The LSR ID is specified.
Step 3 Run:
mpls
MPLS is enabled and the MPLS view is displayed.
Step 4 Run:
lsp-trigger { all | host | ip-prefix prefix-name | none }
The LSP trigger policy is enabled.
Step 5 Run:
quit
Return to the system view.
Step 6 Run:
mpls ldp
MPLS LDP is enabled.
Step 7 Run:
quit
Exit the system view.
Step 8 Run:
interface interface-type interface-number
The interface view of the IPv4 network is displayed.
Step 9 Run:
mpls
MPLS is enabled on the interface.
Step 10 Run:
mpls ldp
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-21
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
MPLS LDP is enabled on the interface.
----End
12.4.4 Enabling 6PE Peer
Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp as-number
The BGP view is displayed.
Step 3 Run:
peer peer-ipv4-address as-number as-number
The IP address and the AS number of a specified BGP peer are specified.
Step 4 Run:
peer peer-ipv4-address connect-interface interface-type interface-number
PE peer is specified to connect with a specified interface.
Step 5 Run:
ipv6-family
The BGP-IPv6 unicast address family view is displayed.
Step 6 Run:
peer peer-ipv4-address enable
6PE peer is enabled.
Step 7 Run:
peer peer-ipv4-address label-route-capability
Label routing capacity is enabled for 6PE.
----End
12.5 Maintaining IPv6 over IPv4 Tunnels
This section describes how to debug the IPv6 tunnel.
12.5.1 Monitoring the Running Status of IPv6 over IPv4 Tunnel
12-22
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
12.5.1 Monitoring the Running Status of IPv6 over IPv4 Tunnel
Context
In routine maintenance, you can run the following command in any view to check the operation
of IPv6 over IPv4 tunnel.
Procedure
Step 1 Run the display ipv6 interface tunnel { interface-number } command in any view to check the
operation status of the tunnel interface.
----End
12.6 Configuration Examples
This section provides several configuration examples of IPv6 over IPv4 tunnels.
12.6.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel
12.6.2 Example for Configuring an IPv6 over IPv4 GRE Tunnel
12.6.3 Example for Configuring an IPv6 over IPv4 Automatic Tunnel
12.6.4 Example for Configuring a 6to4 Tunnel
12.6.5 Example for Configuring 6to4 Relay
12.6.6 Example for Configuring an ISATAP Tunnel
12.6.7 Example for Configuring 6PE
12.6.1 Example for Configuring an IPv6 over IPv4 Manual Tunnel
Networking Requirements
As shown in Figure 12-6, two IPv6 networks are connected to Router B in the IPv4 backbone
network respectively through Router A and Router C. To enable communication between two
IPv6 networks, configure an IPv6 over IPv4 manual tunnel between Router A and Router C.
NOTE
It is recommended that in an actual networking environment, the source address of the tunnel is specified
as the IP address of the loopback interface of the local device or the source interface of the tunnel is specified
as the loopback interface on the local device. It is also recommended that in an actual networking
environment, the destination address of the tunnel is specified as the IP address of the loopback interface
of the peer device.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-23
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Figure 12-6 Networking diagram of the IPv6 over IPv4 manual tunnel
IPv4
network
GE1/0/0
GE2/0/0
192.168.50.1/24
192.168.51.1/24
GE1/0/0
GE1/0/0
192.168.50.2/24
192.168.51.2/24
Router B
Dual
Dual
Stack
Stack
IPv6
RouterA
RouterC IPv6
Configuration Roadmap
The configuration roadmap of IPv6 over IPv4 manual tunnel is as follows:
1.
Configure IP addresses for physical interfaces.
2.
Configure IPv6 addresses, the source interface, and the destination addresses for the tunnel
interfaces.
3.
Set the tunnel protocol as IPv6-IPv4.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
IPv6 addresses, the source interfaces and the destination addresses of the tunnel interfaces
Procedure
Step 1 Configure Router A.
# Configure an IP address for the interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 192.168.50.2 255.255.255.0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
# Set the tunnel protocol as IPv6-IPv4.
[RouterA] interface tunnel 1/0/0
[RouterA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4
# Configure the IPv6 address, source interface, and destination address for the tunnel interface.
[RouterA-Tunnel1/0/0] ipv6 enable
[RouterA-Tunnel1/0/0] ipv6 address 3001::1/64
[RouterA-Tunnel1/0/0] source 192.168.50.2
12-24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
[RouterA-Tunnel1/0/0] destination 192.168.51.2
[RouterA-Tunnel1/0/0] quit
# Configure static routes.
[RouterA] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1
Step 2 Configure Router B.
# Configure an IP address for the interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ip address 192.168.50.1 255.255.255.0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] ip address 192.168.51.1 255.255.255.0
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] quit
Step 3 Configure Router C.
# Configure an IP address for the interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] ipv6
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ip address 192.168.51.2 255.255.255.0
[RouterC-GigabitEthernet1/0/0] undo shutdown
[RouterC-GigabitEthernet1/0/0] quit
# Set the tunnel protocol as IPv6-IPv4.
[RouterC] interface tunnel 1/0/0
[RouterC-Tunnel1/0/0] tunnel-protocol ipv6-ipv4
# Configure the IPv6 address, source interface, and destination address for the tunnel interface.
[RouterC-Tunnel1/0/0]
[RouterC-Tunnel1/0/0]
[RouterC-Tunnel1/0/0]
[RouterC-Tunnel1/0/0]
[RouterC-Tunnel1/0/0]
ipv6 enable
ipv6 address 3001::2/64
source 192.168.51.2
destination 192.168.50.2
quit
# Configure a static route.
[RouterC] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1
Step 4 Verify the configuration.
# On Router C, ping the IPv4 address of the interface GE 1/0/0 of Router A. Router C can receive
response packets from Router A.
[RouterC] ping 192.168.50.2
PING 192.168.50.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=84 ms
Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=27 ms
Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=25 ms
Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=24 ms
--- 192.168.50.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/32/84 ms
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-25
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
# On Router C, ping the IPv6 address of Tunnel 1/0/0 of Router A. Router C can receive response
packets from Router A.
[RouterC] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press
Reply from 3001::1
bytes=56 Sequence=1 hop limit=255
Reply from 3001::1
bytes=56 Sequence=2 hop limit=255
Reply from 3001::1
bytes=56 Sequence=3 hop limit=255
Reply from 3001::1
bytes=56 Sequence=4 hop limit=255
Reply from 3001::1
bytes=56 Sequence=5 hop limit=255
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/28 ms
CTRL_C to break
time = 28 ms
time = 27 ms
time = 26 ms
time = 27 ms
time = 26 ms
----End
Configuration File
l
Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.50.2 255.255.255.0
#
interface Tunnel1/0/0
ipv6 enable
ipv6 address 3001::1/64
tunnel-protocol ipv6-ipv4
source 192.168.50.2
destination 192.168.51.2
#
ip route-static 192.168.51.0 255.255.255.0 192.168.50.1
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.50.1 255.255.255.0
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.51.1 255.255.255.0
#
return
l
Configuration file of Router C
#
sysname RouterC
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
12-26
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
ip address 192.168.51.2 255.255.255.0
#
interface Tunnel1/0/0
ipv6 enable
ipv6 address 3001::2/64
tunnel-protocol ipv6-ipv4
source 192.168.51.2
destination 192.168.50.2
#
ip route-static 192.168.50.0 255.255.255.0 192.168.51.1
#
return
12.6.2 Example for Configuring an IPv6 over IPv4 GRE Tunnel
Networking Requirements
As shown in Figure 12-7, two IPv6 networks are connected to Router B in the IPv4 network
respectively through Router A and Router C. To make two IPv6 networks communicate with
each other, configure an IPv6 over IPv4 GRE tunnel between Router A and Router C.
NOTE
When configuring an IPv6 over IPv4 GRE tunnel, you must set the service mode of the SPUC to Tunnel
and bind the SPUC to the tunnel.
Figure 12-7 Networking diagram of the IPv6 over IPv4 GRE tunnel
IPv4
network
POS1/0/0
POS2/0/0
192.168.50.1/24
192.168.51.1/24
POS1/0/0
POS1/0/0
192.168.50.2/24
RouterB
192.168.51.2/24
Dual
Dual
Stack
Stack
IPv6
RouterA
Loopback1
1.1.1.1/32
IPv6
RouterC
Loopback1
2.2.2.2/32
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for interfaces.
2.
Configure IPv6 addresses, the source interface, and the destination address of the tunnel
interfaces.
3.
Set the tunnel protocol as GRE.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-27
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
IPv6 addresses and the source interface, and the destination address
Procedure
Step 1 Configure Router A.
# Configure an IP address for the interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] ip address 192.168.50.2 255.255.255.0
[RouterA-Pos1/0/0] undo shutdown
[RouterA-Pos1/0/0] quit
# Create a loopback interface and assign an IPv4 address to it.
[RouterA] interface Loopback 1
[RouterA-LoopBack1] ip address 1.1.1.1 32
[RouterA-LoopBack1] quit
# Configure a static route from Router A to Router C.
[RouterA] ip route-static 192.168.51.2 255.255.255.0 192.168.50.1
[RouterA] ip route-static 2.2.2.2 255.255.255.255 192.168.50.1
[RouterA] quit
# Set the service mode of the SPUC to Tunnel and the tunnel protocol mode to GRE.
<RouterA> set board-type slot 6 tunnel
[RouterA] system-view
[RouterA] interface tunnel 6/0/0
[RouterA-Tunnel6/0/0] tunnel-protocol gre
# Configure the IPv6 address, source interface, and destination address for the tunnel interface.
Bind the tunnel to the SPUC.
[RouterA] interface Loopback 1
[RouterA-LoopBack1] target-board 6
[RouterA-LoopBack1] binding tunnel gre
[RouterA-LoopBack1] quit
[RouterA] interface Tunnel 6/0/0
[RouterA-Tunnel6/0/0] ipv6 enable
[RouterA-Tunnel6/0/0] ipv6 address 3001::1 64
[RouterA-Tunnel6/0/0] source loopback 1
[RouterA-Tunnel6/0/0] destination 2.2.2.2
[RouterA-Tunnel6/0/0] quit
NOTE
The device supports the tunnel binding only on the loopback interface.
Step 2 Configure Router B.
# Configure an IP address for the interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ip address 192.168.50.1 255.255.255.0
[RouterB-Pos1/0/0] undo shutdown
12-28
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
[RouterB-Pos1/0/0] quit
[RouterB] interface pos 2/0/0
[RouterB-Pos2/0/0] ip address 192.168.51.1 255.255.255.0
[RouterB-Pos2/0/0] undo shutdown
[RouterB-Pos2/0/0] quit
Step 3 Configure Router C.
# Configure an IP address for the interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] ipv6
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] ip address 192.168.51.2 255.255.255.0
[RouterC-Pos1/0/0] undo shutdown
[RouterC-Pos1/0/0] quit
# Create a loopback interface and assign an IPv4 address to it.
[RouterC] interface Loopback 1
[RouterC-LoopBack1] ip address 2.2.2.2 32
[RouterC-LoopBack1] quit
# Configure a static route from Router C to Router A.
[RouterC] ip route-static 192.168.50.2 255.255.255.0 192.168.51.1
[RouterC] ip route-static 1.1.1.1 255.255.255.255 192.168.51.1
[RouterC] quit
On Router C, ping the IPv4 address of POS 1/0/0 on Router A. Router C receives the response
packets from Router A.
[RouterC] ping 192.168.50.2
PING 192.168.50.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.50.2: bytes=56 Sequence=1 ttl=255 time=1
Reply from 192.168.50.2: bytes=56 Sequence=2 ttl=255 time=1
Reply from 192.168.50.2: bytes=56 Sequence=3 ttl=255 time=1
Reply from 192.168.50.2: bytes=56 Sequence=4 ttl=255 time=1
Reply from 192.168.50.2: bytes=56 Sequence=5 ttl=255 time=1
--- 192.168.50.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
[RouterC] ping 1.1.1.1
PING 1.1.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=1
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=1
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=1
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=1
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=1
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
--- 1.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
It indicates that a reachable route exists between Router A and Router C.
# Set the service mode of the SPUC to Tunnel and the tunnel protocol mode to GRE.
<RouterC> set board-type slot 6 tunnel
[RouterC] system-view
[RouterC] interface tunnel 6/0/0
[RouterC-Tunnel6/0/0] tunnel-protocol gre
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-29
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
# Configure the IPv6 address, source interface, and destination IP address of the tunnel interface.
Bind the tunnel to the SPUC.
[RouterC] interface Loopback 1
[RouterC-LoopBack1] target-board 6
[RouterC-LoopBack1] binding tunnel gre
[RouterC-LoopBack1] quit
[RouterC] interface Tunnel 6/0/0
[RouterC-Tunnel6/0/0] ipv6 enable
[RouterC-Tunnel6/0/0] ipv6 address 3001::2 64
[RouterC-Tunnel6/0/0] source loopback 1
[RouterC-Tunnel6/0/0] destination 1.1.1.1
[RouterC-Tunnel6/0/0] quit
NOTE
The device supports the tunnel binding only on the loopback interface.
Step 4 Verify the configuration
# On Router C, ping the IPv6 address of Tunnel 1/0/0 on Router A. Router C receives the response
packets from Router A.
[RouterC] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press
Reply from 3001::1
bytes=56 Sequence=1 hop limit=255
Reply from 3001::1
bytes=56 Sequence=2 hop limit=255
Reply from 3001::1
bytes=56 Sequence=3 hop limit=255
Reply from 3001::1
bytes=56 Sequence=4 hop limit=255
Reply from 3001::1
bytes=56 Sequence=5 hop limit=255
--- 3001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/28 ms
CTRL_C to break
time = 28 ms
time = 27 ms
time = 26 ms
time = 27 ms
time = 26 ms
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface pos1/0/0
link-protocol ppp
ip address 192.168.50.2 255.255.255.0
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
target-board 6
binding tunnel gre
#
interface Tunnel6/0/0
ipv6 enable
ipv6 address 3001::1/64
tunnel-protocol gre
source loopback 1
destination 2.2.2.2
#
ip route-static 192.168.51.2 255.255.255.0 192.168.50.1
12-30
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
ip route-static 2.2.2.2 255.255.255.255 192.168.50.1
#
return
l
Configuration file of Router B
#
sysname RouterB
#
interface Pos1/0/0
link-protocol ppp
ip address 192.168.50.1 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 192.168.51.1 255.255.255.0
#
return
l
Configuration file of Router C
#
sysname RouterC
#
ipv6
#
interface pos1/0/0
link-protocol ppp
ip address 192.168.51.2 255.255.255.0
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
target-board 6
binding tunnel gre
#
interface Tunnel6/0/0
ipv6 enable
ipv6 address 3001::2/64
tunnel-protocol gre
source loopback 1
destination 1.1.1.1
#
ip route-static 192.168.50.0 255.255.255.0 192.168.51.1
ip route-static 1.1.1.1 255.255.255.255 192.168.51.1
#
return
12.6.3 Example for Configuring an IPv6 over IPv4 Automatic
Tunnel
Networking Requirements
As shown in Figure 12-8, two IPv6 networks are connected with the IPv4 backbone network
respectively through Router A and Router B. To enable communication between the two IPv6
networks, configure an IPv6 over IPv4 automatic tunnel between Router A and Router B.
Interfaces connecting Router A and the IPv4 backbone network and connecting Router B and
the IPv4 backbone network should be configured public IPv4 addresses.
NOTE
It is recommended that in an actual networking environment, the source address of the tunnel is specified
as the IP address of the loopback interface of the local device or the source interface of the tunnel is specified
as the loopback interface on the local device. It is also recommended that in an actual networking
environment, the destination address of the tunnel is specified as the IP address of the loopback interface
of the peer device.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-31
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Figure 12-8 Networking diagram of the IPv6 over IPv4 automatic tunnel
loopback1
3.3.3.3/32
Dual
Stack
RouterA
IPv6
POS1/0/0
2.1.1.1/8
Tunnel 1/0/0
::2.1.1.1/96
IPv4
loopback1
4.4.4.4/32
Dual
Stack
POS1/0/0
2.1.1.2/8
Tunnel 1/0/0
::2.1.1.2/96
RouterB
IPv6
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IP addresses for interfaces.
2.
Configure the IPv6 addresses and source interface of the tunnel interface.
3.
Set the tunnel protocol as automatic tunnel protocol.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
IPv6 address and source interface of the tunnel interface
To configure an automatic tunnel, you need to specify only the source interface rather than the
destination interface of the tunnel.
Procedure
Step 1 Configure Router A.
# Configure the IPv4/IPv6 dual protocol stacks.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface pos 1/0/0
[RouterA-pos1/0/0] ip address 2.1.1.1 255.0.0.0
[RouterA-pos1/0/0] quit
# Create a loopback interface and assign an IPv4 address to it.
[RouterA] interface loopback 1
[RouterA-LoopBack1] ip address 3.3.3.3 32
[RouterA-LoopBack1] quit
# Configure a static route from Router A to Router B.
[RouterA] ip route-static 2.1.1.2 255.0.0.0 2.1.1.2
[RouterA] ip route-static 4.4.4.4 255.255.255.255 2.1.1.2
# Configure an automatic tunnel.
12-32
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
[RouterA] interface tunnel 1/0/0
[RouterA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 auto-tunnel
[RouterA-Tunnel1/0/0] ipv6 enable
[RouterA-Tunnel1/0/0] ipv6 address ::3.3.3.3/96
[RouterA-Tunnel1/0/0] source loopback 1
[RouterA-Tunnel1/0/0] quit
Step 2 Configure Router B.
# Configure the IPv4/IPv6 dual protocol stacks.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ipv6
[RouterB] interface pos 1/0/0
[RouterB-pos1/0/0] ip address 2.1.1.2 255.0.0.0
[RouterB-Pos1/0/0] quit
# Create a loopback interface and assign an IPv4 address to it.
[RouterB] interface loopback 1
[RouterB-LoopBack1] ip address 4.4.4.4 32
[RouterB-LoopBack1] quit
# Configure a static route from Router B to Router A.
[RouterB] ip route-static 2.1.1.1 255.0.0.0 2.1.1.1
[RouterB] ip route-static 3.3.3.3 255.255.255.255 2.1.1.1
# Configure an automatic tunnel.
[RouterB] interface tunnel 1/0/0
[RouterB-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 auto-tunnel
[RouterB-Tunnel1/0/0] ipv6 enable
[RouterB-Tunnel1/0/0] ipv6 address ::4.4.4.4/96
[RouterB-Tunnel1/0/0] source loopback 1
[RouterB-Tunnel1/0/0] quit
Step 3 Verify the configuration.
# On Router A, view the status of Tunnel 1/0/0 and find it is Up.
[RouterA] display ipv6 interface tunnel 1/0/0
Tunnel1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::201:101
Global unicast address(es):
::3.3.3.3, subnet is ::/96
Joined group address(es):
FF02::1:FF01:101
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# On Router A, ping the IPv4-compatible IPv6 address of tunnel peer.
[RouterA] ping ipv6 ::4.4.4.4
PING ::4.4.4.4 : 56 data bytes, press CTRL_C to break
Reply from ::4.4.4.4
bytes=56 Sequence=1 hop limit=64 time = 30 ms
Reply from ::4.4.4.4
bytes=56 Sequence=2 hop limit=64 time = 40 ms
Reply from ::4.4.4.4
bytes=56 Sequence=3 hop limit=64 time = 50 ms
Reply from ::4.4.4.4
bytes=56 Sequence=4 hop limit=64 time = 1 ms
Reply from ::4.4.4.4
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-33
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
bytes=56 Sequence=5 hop limit=64 time = 50 ms
--- ::4.4.4.4 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/34/50 ms
----End
Configuration File
l
Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface pos1/0/0
link-protocol ppp
ip address 2.1.1.1 255.0.0.0
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
interface Tunnel 1/0/0
ipv6 enable
ipv6 address ::3.3.3.3/96
tunnel-protocol ipv6-ipv4 auto-tunnel
source loopback 1
#
ip route-static 2.1.1.2 255.0.0.0 2.1.1.2
ip route-static 4.4.4.4 255.255.255.255 2.1.1.2
#
return
l
Configuration file of Router B
#
sysname RouterB
#
ipv6
#
interface pos1/0/0
link-protocol ppp
ip address 2.1.1.2 255.0.0.0
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
interface Tunnel 1/0/0
ipv6 enable
ipv6 address ::4.4.4.4/96
tunnel-protocol ipv6-ipv4 auto-tunnel
source loopback 1
#
ip route-static 2.1.1.1 255.0.0.0 2.1.1.1
ip route-static 3.3.3.3 255.255.255.255 2.1.1.1
#
return
12.6.4 Example for Configuring a 6to4 Tunnel
Networking Requirements
As shown in Figure 12-9, two IPv6 networks are both 6to4 networks. Router A and Router B
are connected with the 6to4 network and the IPv4 network. To enable communication between
12-34
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
the hosts in the two 6to4 network, it is required to set up a 6to4 tunnel between Router A and
Router B.
To enable communication between 6to4 networks, configure 6to4 addresses for the hosts in the
6to4 network. A 6to4 address has a 48-bit prefix composed of 2002:IPv4 address:. As shown
in Figure 12-9, the IPv4 address of the interface through which A is connected to the IPv4
network is 2.1.1.1. Therefore, the 6to4 address of A in the 6to4 network should start with
2002:0201:0101::.
NOTE
It is recommended that in an actual networking environment, the source address of the tunnel is specified
as the IP address of the loopback interface of the local device or the source interface of the tunnel is specified
as the loopback interface on the local device. It is also recommended that in an actual networking
environment, the destination address of the tunnel is specified as the IP address of the loopback interface
of the peer device.
Figure 12-9 Networking diagram of the 6to4 tunnel
IPv4
POS1/0/0
POS1/0/0
2.1.1.1
2.1.1.2
RouterA
RouterB
GE2/0/0
6to4
6to4
2002:201:101:1::1/64
GE2/0/0
Router
Router
2002:201:102:1::1/64
Tunnel 1/0/0
Tunnel 1/0/0
2002:201:101::1/64
P C1
2002:201:101:1::2 2002:201:102::1/64
IPv6
2002:201:102:1::2
IPv6
P C2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IPv4/IPv6 dual-protocol stacks.
2.
Configure the tunnel protocol as 6to4.
3.
Configure related routes.
Data Preparation
To complete the configuration, you need the following data:
l
IPv4 or IPv6 addresses of interfaces
l
Source tunnel interface
Procedure
Step 1 Configure Router A.
# Configure IPv4/IPv6 dual protocol stacks.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-35
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface pos 1/0/0
[RouterA-pos1/0/0] ip address 2.1.1.1 8
[RouterA-pos1/0/0] undo shutdown
[RouterA-pos1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] ipv6 enable
[RouterA-GigabitEthernet2/0/0] ipv6 address 2002:0201:0101:1::1/64
[RouterA-GigabitEthernet2/0/0] undo shutdown
[RouterA-GigabitEthernet2/0/0] quit
# Configure a 6to4 tunnel.
[RouterA] interface tunnel 1/0/0
[RouterA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4
[RouterA-Tunnel1/0/0] ipv6 enable
[RouterA-Tunnel1/0/0] ipv6 address 2002:0201:0101::1/64
[RouterA-Tunnel1/0/0] source 2.1.1.1
[RouterA-Tunnel1/0/0] quit
# Configure a route to other 6to4 networks.
[RouterA] ipv6 route-static 2002:: 16 tunnel 1/0/0
Step 2 Configure Router B.
# Configure IPv4/IPv6 dual protocol stacks.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ipv6
[RouterB] interface pos 1/0/0
[RouterB-pos1/0/0] ip address 2.1.1.2 8
[RouterB-pos1/0/0] undo shutdown
[RouterB-pos1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] ipv6 enable
[RouterB-GigabitEthernet2/0/0] ipv6 address 2002:0201:0102:1::1/64
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] quit
# Configure a 6to4 tunnel.
[RouterB] interface tunnel 1/0/0
[RouterB-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4
[RouterB-Tunnel1/0/0] ipv6 enable
[RouterB-Tunnel1/0/0] ipv6 address 2002:0201:0102::1/64
[RouterB-Tunnel1/0/0] source 2.1.1.2
[RouterB-Tunnel1/0/0] quit
# Configure a route to other 6to4 networks.
[RouterB] ipv6 route-static 2002:: 16 tunnel 1/0/0
NOTE
There must be an accessible route between Router A and Router B. In this example, both the devices are
directly connected; therefore, no routing protocol needs to be configured.
Step 3 Verify the configuration.
# Check the IPv6 state of Tunnel 1/0/0 on Router A and find it is UP.
[RouterA] display ipv6 interface tunnel 1/0/0
Tunnel1/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::201:101
Global unicast address(es):
12-36
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
2002:201:101::1, subnet is 2002:201:101::/64
Joined group address(es):
FF02::1:FF01:101
FF02::1:FF00:1
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# Router A can ping through the 6to4 address of GE 2/0/0 of Router B.
[RouterA] ping ipv6 2002:0201:0102:1::1
PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break
Reply from 2002:201:102:1::1
bytes=56 Sequence=1 hop limit=255 time = 8 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=2 hop limit=255 time = 25 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=3 hop limit=255 time = 4 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=4 hop limit=255 time = 5 ms
Reply from 2002:201:102:1::1
bytes=56 Sequence=5 hop limit=255 time = 5 ms
--- 2002:0201:0102:1::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/9/25 ms
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface pos1/0/0
link-protocol ppp
undo shutdown
ip address 2.1.1.1 255.0.0.0
#
interface GigabitEthernet 2/0/0
undo shutdown
ipv6 enable
ipv6 address 2002:201:101:1::1/64
#
interface Tunnel 1/0/0
ipv6 enable
ipv6 address 2002:201:101::1/64
tunnel-protocol ipv6-ipv4 6to4
source 2.1.1.1
#
ipv6 route-static 2002:: 16 Tunnel 1/0/0
#
return
l
Configuration file of Router B
#
sysname RouterB
#
ipv6
#
interface pos1/0/0
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-37
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
link-protocol ppp
undo shutdown
ip address 2.1.1.2 255.0.0.0
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2002:201:102:1::1/64
#
interface Tunnel 1/0/0
ipv6 enable
ipv6 address 2002:201:102::1/64
tunnel-protocol ipv6-ipv4 6to4
source 2.1.1.2
#
ipv6 route-static 2002:: 16 Tunnel 1/0/0
#
return
12.6.5 Example for Configuring 6to4 Relay
Networking Requirements
As shown in Figure 12-10, Router A is a 6to4 device and is connected with an IPv6 network.
As a 6to4 relay device, Router B is connected with the IPv6 Internet (2001::/64). To enable
communication between the host in the 6to4 network and the host in the IPv6 Internet, configure
a 6to4 tunnel between Router A and Router B.
The configuration of the tunnel between a 6to4 relay device and a common 6to4 device is similar
to that between common 6to4 devices. A static route to the IPv6 Internet shall be configured on
the common 6to4 device so that the 6to4 network and the IPv6 network can communicate with
each other.
NOTE
It is recommended that in an actual networking environment, the source address of the tunnel is specified
as the IP address of the loopback interface of the local device or the source interface of the tunnel is specified
as the loopback interface on the local device. It is also recommended that in an actual networking
environment, the destination address of the tunnel is specified as the IP address of the loopback interface
of the peer device.
Figure 12-10 Networking diagram of accessing the IPv6 network through 6to4 relay
POS1/0/0
2.1.1.1
RouterA
GE2/0/0
2002:201:101:1::1/64
PC1
6to4
12-38
IPv4
6to4
Router
Tunnel 1/0/0
2002:201:101::1/64
POS1/0/0
2.1.1.2
6to4
Relay
RouterB
GE2/0/0
2001::1/64
Tunnel 1/0/0
2002:201:102::1/64
2002:201:101:1::2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2001::2
PC2
IPv6
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IPv4/IPv6 dual protocol stacks.
2.
Configure a 6to4 tunnel.
3.
Configure related static routes.
Data Preparation
To complete the configuration, you need the following data:
l
IPv4 or IPv6 addresses of interfaces
l
Source tunnel interface
l
Static routes to the devices that are not directly connected
Procedure
Step 1 Configure Router A.
# Configure IPv4/IPv6 dual protocol stacks.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] ipv6
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] ip address 2.1.1.1 255.0.0.0
[RouterA-Pos1/0/0] undo shutdown
[RouterA-Pos1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] ipv6 enable
[RouterA-GigabitEthernet2/0/0] ipv6 address 2002:0201:0101:1::1/64
[RouterA-GigabitEthernet2/0/0] undo shutdown
[RouterA-GigabitEthernet2/0/0] quit
# Configure a 6to4 tunnel.
[RouterA] interface tunnel 1/0/0
[RouterA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4
[RouterA-Tunnel1/0/0] ipv6 enable
[RouterA-Tunnel1/0/0] ipv6 address 2002:0201:0101::1/64
[RouterA-Tunnel1/0/0] source 2.1.1.1
[RouterA-Tunnel1/0/0] quit
# Configure a static route to 2002::/16.
[RouterA] ipv6 route-static 2002:: 16 tunnel 1/0/0
# Configure a default route to the IPv6 network.
[RouterA] ipv6 route-static :: 0 2002:0201:0102::1
Step 2 Configure Router B.
# Configure IPv4/IPv6 dual protocol stacks.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] ipv6
[RouterB] interface pos 1/0/0
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-39
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
[RouterB-Pos1/0/0] ip address 2.1.1.2 255.0.0.0
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] ipv6 enable
[RouterB-GigabitEthernet2/0/0] ipv6 address 2001::1/64
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] quit
# Configure a 6to4 tunnel.
[RouterB] interface tunnel 1/0/0
[RouterB-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4
[RouterB-Tunnel1/0/0] ipv6 enable
[RouterB-Tunnel1/0/0] ipv6 address 2002:0201:0102::1/64
[RouterB-Tunnel1/0/0] source 2.1.1.2
[RouterB-Tunnel1/0/0] quit
# Configure a static route to 2002::/16.
[RouterB] ipv6 route-static 2002:: 16 tunnel1/0/0
Step 3 Verify the configuration.
# Router A can ping through the IPv6 address of GE 2/0/0 on Router B.
[RouterA] ping ipv6 2001::1
PING 2001::1 : 56 data bytes, press
Reply from 2001::1
bytes=56 Sequence=1 hop limit=255
Reply from 2001::1
bytes=56 Sequence=2 hop limit=255
Reply from 2001::1
bytes=56 Sequence=3 hop limit=255
Reply from 2001::1
bytes=56 Sequence=4 hop limit=255
Reply from 2001::1
bytes=56 Sequence=5 hop limit=255
--- 2001::1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 5/14/29 ms
CTRL_C to break
time = 29 ms
time = 5 ms
time = 5 ms
time = 5 ms
time = 26 ms
----End
Configuration Files
l
Configuration file of Router A
#
sysname RouterA
#
ipv6
#
interface pos1/0/0
link-protocol ppp
undo shutdown
ip address 2.1.1.1 255.0.0.0
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2002:201:101:1::1/64
#
interface Tunnel 1/0/0
ipv6 enable
ipv6 address 2002:201:101::1/64
tunnel-protocol ipv6-ipv4 6to4
12-40
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
source 2.1.1.1
#
#
ipv6 route-static :: 0 2002:201:102::1
#
ipv6 route-static 2002:: 16 Tunnel 1/0/0
#
return
l
Configuration file of Router B
#
sysname RouterB
#
ipv6
#
source 2.1.1.2
#
link-protocol ppp
undo shutdown
ip address 2.1.1.2 255.0.0.0
#
interface GigabitEthernet2/0/0
undo shutdown
ipv6 enable
ipv6 address 2001::1/64
#
interface Tunnel 1/0/0
ipv6 enable
ipv6 address 2002:201:102::1/64
tunnel-protocol ipv6-ipv4 6to4
source Pos1/0/0
#
ipv6 route-static 2002:: 16 Tunnel 1/0/0
#
return
12.6.6 Example for Configuring an ISATAP Tunnel
Network Requirements
As shown in Figure 12-11, an IPv6 host in the IPv4 network running the Windows XP system
needs to access the IPv6 network through a border device. Both the IPv6 host and the border
device support ISATAP. Then you need to set up an ISATAP tunnel between the IPv6 host and
the border device.
Figure 12-11 Networking diagram of the ISATAP tunnel
IPv6
network
IPv6 Host
3001::2
Issue 03 (2010-03-31)
ISATAP
Router
IPv4
network
GE1/0/0 GE2/0/0
3001::1/64 2.1.1.1/8
ISATAP Host
FE80::5EFE:0201:0102
2.1.1.2
2001::5EFE:0201:0102
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-41
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure IPv4/IPv6 dual protocol stacks.
2.
Configure an ISATAP tunnel.
3.
Configure static routes from the IPv6 host to the ISATAP host.
Data Preparation
To complete the configuration, you need the following data:
l
IPv4 or IPv6 addresses of interfaces
l
Source interface of the tunnel
Procedure
Step 1 Configure the ISATAP device.
# Enable IPv4/IPv6 dual protocol stacks and configure an IP address for each interface.
<HUAWEI> system-view
[HUAWEI] sysname Router
[Router] ipv6
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] ipv6 enable
[Router-GigabitEthernet1/0/0] ipv6 address 3001::1/64
[Router-GigabitEthernet1/0/0] undo shutdown
[Router-GigabitEthernet1/0/0] quit
[Router] interface gigabitethernet 2/0/0
[Router-GigabitEthernet2/0/0] ip address 2.1.1.1 255.0.0.0
[Router-GigabitEthernet2/0/0] undo shutdown
[Router-GigabitEthernet2/0/0] quit
# Configure an ISATAP tunnel.
[Router] interface tunnel 2/0/0
[Router-Tunnel2/0/0] tunnel-protocol ipv6-ipv4 isatap
[Router-Tunnel2/0/0] ipv6 enable
[Router-Tunnel2/0/0] ipv6 address 2001::/64 eui-64
[HUAWEI-Tunnel2/0/0] source 2.1.1.1
[Router-Tunnel2/0/0] undo ipv6 nd ra halt
[Router-Tunnel2/0/0] quit
Step 2 Configure the ISATAP host.
# Configure a static route to the border device. (The pseudo interface number of the host is 2.
You can run the ipv6 if command to view the interface corresponding to the automatic tunneling
pseudo interface.
C:\> ipv6 rlu 2 2.1.1.1
Step 3 Configure the IPv6 host.
# Configure a static route on the IPv6 host to the border device, so hosts in different networks
can communicate through the ISATAP tunnel.
C:\> ipv6 rtu 2001::/64 6/3001::1
Step 4 Verify the configuration.
Check the status of the Tunnel 2/0/0 on the ISATAP device and find it is Up.
12-42
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
[Router] display ipv6 interface tunnel 2/0/0
Tunnel2/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::5EFE:201:101
Global unicast address(es):
2001::5EFE:201:101, subnet is 2001::/64
Joined group address(es):
FF02::1:FF01:101
FF02::2
FF02::1
MTU is 1500 bytes
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisement max interval 600 seconds, min interval 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses
# On the ISATAP device, ping the global unicast IP address of the tunnel interface on the
ISATAP host.
[Router] ping ipv6 2001::5efe:2.1.1.2
PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from 2001::5EFE:201:102
bytes=56 Sequence=1 hop limit=64 time = 4 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=3 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=5 hop limit=64 time = 2 ms
--- 2001::5efe:2.1.1.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/4 ms
# On the ISATAP host, ping the global unicast IP address of the ISATAP device.
C:\> ping6 2001::5efe:2.1.1.1
Pinging 2001::5efe:2.1.1.1
from 2001::5efe:2.1.1.2 with 32 bytes of data:
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Reply from 2001::5efe:2.1.1.1: bytes=32 time=1ms
Ping statistics for 2001::5efe:2.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
# The ISATAP host can ping through the IPv6 host.
C:\> ping6 3001::2
Pinging 3001::2 with 32 bytes of data:
Reply from 3001::2: time<1ms
Reply from 3001::2: time<1ms
Reply from 3001::2: time<1ms
Reply from 3001::2: time<1ms
Ping statistics for 3001::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
----End
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-43
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
Configuration Files
The configuration file of the ISATAP device is as follows:
#
sysname ISATAP
#
ipv6
#
interface GigabitEthernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 3001::1/64
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 2.1.1.1 255.0.0.0
#
interface Tunnel2/0/0
ipv6 enable
ipv6 address 2001::/64 eui-64
undo ipv6 nd ra halt
tunnel-protocol ipv6-ipv4 isatap
source 2.1.1.1
#
return
12.6.7 Example for Configuring 6PE
Networking Requirements
As shown in Figure 12-12, PE1 and PE2 support the 6PE features and CE1 and CE2 support
the IPv6 protocol. IPv4 IBGP connections need to be established between PEs in the IPv4/MPLS
network. Run the OSPF protocol in the IPv4/MPLS network. CEs are in the IPv6 networks,
Using the IPv6 address, CEs exchange the routing information with PEs along the static routes.
It is required to use the 6PE feature to connect the IPv6 networks of the user over the IPv4/MPLS
network of the ISP.
Figure 12-12 Networking diagram of 6PE
IPv4/MPLS
PE1 POS2/0/0
POS1/0/0
3000:435::1/64
CE1
IPv6
Customer
site
PE2
4.3.5.1/24
POS2/0/0
4.3.5.2/24
POS1/0/0
3000:435::2/64
POS1/0/0
3000:1065::1/64
POS1/0/0
3000:1065::2/64
CE2
IPv6
Customer
site
Configuration Roadmap
The configuration roadmap is as follows:
12-44
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
1.
Configure 6PE, enable IPv6 capability, and configure IPv4/IPv6 dual protocol stacks.
2.
Configure 6PE and enable MPLS capability.
3.
Configure the 6PE peer.
4.
Configure an IPv6 address for the interface and a static route on CE.
Data Preparation
To complete the configuration, you need the following data:
l
IP addresses of interfaces
l
LSR ID
Procedure
Step 1 Configure 6PE, enable IPv6 capability, and configure IPv4/IPv6 dual protocol stacks.
# Configure PE1 and enable its IPv6 capability.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] ipv6
# Configure PE2 and enable its IPv6 capability.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] ipv6
# Configure an IPv6 address for POS 1/0/0 on PE1 and an IP address for loopback0.
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ipv6 enable
[PE1-Pos1/0/0] ipv6 address 3000:435::1 64
[PE1-Pos1/0/0] undo shutdown
[PE1-Pos1/0/0] quit
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255
[PE1-LoopBack0] quit
# Configure an IPv6 address for POS 1/0/0 on PE2 and an IP address for loopback0.
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ipv6 enable
[PE2-Pos1/0/0] ipv6 address 3000:1065::1 64
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.9 255.255.255.255
[PE2-LoopBack0] quit
Step 2 Configure 6PE and enable MPLS capability.
# Configure an IP address for POS 2/0/0 on PE1 and enable MPLS and LDP on it.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
Mpls starting, please wait... OK!
[PE1-mpls] lsp-trigger all
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 4.3.5.1 255.255.255.0
[PE1-Pos2/0/0] mpls
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-45
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] undo shutdown
[PE1-Pos2/0/0] quit
# Configure an IP address for POS 2/0/0 on PE2 and enable MPLS and LDP on it.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
Mpls starting, please wait... OK!
[PE2-mpls] lsp-trigger all
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 2/0/0
[PE2-Pos2/0/0] ip address 4.3.5.2 255.255.255.0
[PE2-Pos2/0/0] mpls
[PE2-Pos2/0/0] mpls ldp
[PE2-Pos2/0/0] undo shutdown
[PE2-Pos2/0/0] quit
# Configure OSPF on PE1 and trigger the setup of LSPs.
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 4.3.5.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure OSPF on PE2 and trigger the setup of LSPs.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 4.3.5.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
Step 3 Configure the 6PE peer.
# Configure IBGP on PE1 and enable 6PE capability on the peer and import IPv6 direct routes
and static routes from each other.
[PE1] bgp 65100
[PE1-bgp] peer 2.2.2.9 as-number 65100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] ipv6-family
[PE1-bgp-af-ipv6] import-route direct
[PE1-bgp-af-ipv6] import-route static
[PE1-bgp-af-ipv6] peer 2.2.2.9 enable
[PE1-bgp-af-ipv6] peer 2.2.2.9 label-route-capability
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# Configure IBGP on PE2 and enable 6PE capability on the peer and import IPv6 direct routes
and static routes from each other.
[PE2] bgp 65100
[PE2-bgp] peer 1.1.1.9 as-number 65100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp] ipv6-family
[PE2-bgp-af-ipv6] import-route direct
[PE2-bgp-af-ipv6] import-route static
[PE2-bgp-af-ipv6] peer 1.1.1.9 enable
[PE2-bgp-af-ipv6] peer 1.1.1.9 label-route-capability
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
Step 4 Configure an IPv6 address for the interface and a static route on CE.
12-46
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
# Configure CE1 and set up an IPv6 connection between CE1 and PE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] ipv6
[CE1] interface pos 1/0/0
[CE1-Pos1/0/0] ipv6 enable
[CE1-Pos1/0/0] ipv6 address 3000:435::2 64
[CE1-Pos1/0/0] undo shutdown
[CE1-Pos1/0/0] quit
[CE1] ipv6 route-static :: 0 pos 1/0/0
# Configure CE2 and set up an IPv6 connection between CE2 and PE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] ipv6
[CE2] interface pos 1/0/0
[CE2-Pos1/0/0] ipv6 enable
[CE2-Pos1/0/0] ipv6 address 3000:1065::2 64
[CE2-Pos1/0/0] undo shutdown
[CE2-Pos1/0/0] quit
[CE2] ipv6 route-static :: 0 pos 1/0/0
Step 5 Verify the configuration.
# Display the LSP information on PE1.
[PE1] display mpls lsp
----------------------------------------------------------LSP Information: LDP LSP
----------------------------------------------------------FEC
In/Out Label In/Out IF
Vrf Name
2.2.2.9/32
NULL/3
-/Pos2/0/0
2.2.2.9/32
3/NULL
-/----------------------------------------------------------LSP Information: BGP IPV6 LSP
----------------------------------------------------------FEC
: 3000:435::/64
In Label
: 109568
Out Label
: ----In Interface
: ----OutInterface : ----Vrf Name
:
# Display the IPv6 routing information on PE1.
[PE1] display bgp ipv6 routing-table
Total Number of Routes: 5
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Issue 03 (2010-03-31)
Network
NextHop
MED
Label
Path/Ogn
:
:
:
:
:
::1
::
0
*>
Network
NextHop
MED
Label
Path/Ogn
:
:
:
:
:
3000:435::
::
0
NULL/109568
?
*>
Network
NextHop
MED
Label
: 3000:435::1
: ::
: 0
:
PrefixLen : 128
LocPrf
:
PrefVal
: 0
?
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
PrefixLen : 64
LocPrf
:
PrefVal
: 0
PrefixLen : 128
LocPrf
:
PrefVal
: 0
12-47
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
Path/Ogn : ?
*>i Network
NextHop
MED
Label
Path/Ogn
:
:
:
:
:
3000:1065::
::FFFF:2.2.2.9
0
109568/NULL
?
PrefixLen : 64
LocPrf
: 100
PrefVal
: 0
*>
:
:
:
:
:
FE80::
::
0
PrefixLen : 10
LocPrf
:
PrefVal
: 0
Network
NextHop
MED
Label
Path/Ogn
?
# CE1 can ping through the IPv6 address of CE2.
[CE1] ping ipv6 3000:1065::2
PING 3000:1065::2 : 56 data bytes, press CTRL_C to break
Reply from 3000:1065::2
bytes=56 Sequence=1 hop limit=63 time = 50 ms
Reply from 3000:1065::2
bytes=56 Sequence=2 hop limit=63 time = 1 ms
Reply from 3000:1065::2
bytes=56 Sequence=3 hop limit=63 time = 1 ms
Reply from 3000:1065::2
bytes=56 Sequence=4 hop limit=63 time = 1 ms
Reply from 3000:1065::2
bytes=56 Sequence=5 hop limit=63 time = 1 ms
--- 3000:1065::2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/10/50 ms
----End
Configuration Files
l
Configuration file of PE1
#
sysname PE1
#
ipv6
#
mpls lsr-id 1.1.1.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 3000:435::1
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 4.3.5.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
bgp 65100
12-48
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
12 IPv6 over IPv4 Tunnel Configuration
peer 2.2.2.9 as-number 65100
peer 2.2.2.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv6-family
undo synchronization
import-route direct
import-route static
peer 2.2.2.9 enable
peer 2.2.2.9 label-route-capability
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 4.3.5.0 0.0.0.255
#
return
l
Configuration file of PE2
#
sysname PE2
#
ipv6
#
mpls lsr-id 2.2.2.9
mpls
lsp-trigger all
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 3000:1065::1
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 4.3.5.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
bgp 65100
peer 1.1.1.9 as-number 65100
peer 1.1.1.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv6-family
undo synchronization
import-route direct
import-route static
peer 1.1.1.9 enable
peer 1.1.1.9 label-route-capability
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 4.3.5.0 0.0.0.255
#
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12-49
12 IPv6 over IPv4 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
return
l
Configuration file of CE1
#
sysname CE1
#
ipv6
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 3000:435::2
#
ipv6 route-static :: 0 Pos1/0/0
#
return
l
Configuration file of CE2
#
sysname CE2
#
ipv6
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 3000:1065::2
#
ipv6 route-static :: 0 Pos1/0/0
#
return
12-50
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13
13 IPv4 over IPv6 Tunnel Configuration
IPv4 over IPv6 Tunnel Configuration
About This Chapter
This chapter describes the fundamentals, configuration steps, and typical examples of IPv4 over
IPv6 tunnel.
13.1 IPv4 over IPv6 Tunnel Overview
This section describes the basic principles and concepts of IPv4 over IPv6.
13.2 Configuring an IPv4 over IPv6 Tunnel
This section describes how to configure an IPv4 over IPv6 tunnel.
13.3 Maintaining IPv4 over IPv6 Tunnels
This section describes how to debug IPv4 over IPv6 tunnels.
13.4 Configuration Examples
This section provides a configuration example of IPv4 over IPv6 tunnels.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
13.1 IPv4 over IPv6 Tunnel Overview
This section describes the basic principles and concepts of IPv4 over IPv6.
13.1.1 Introduction to IPv4 over IPv6
13.1.2 IPv4 over IPv6 Supported by the NE80E/40E
13.1.1 Introduction to IPv4 over IPv6
During the transition from the IPv4 Internet to the IPv6 Internet, IPv6 networks have been widely
deployed, whereas IPv4 networks are isolated. The tunnel technology can be adopted to establish
tunnels over IPv6 networks to connect isolated IPv4 networks. This is similar to the situation
where the tunnel technology is used to deploy VPNs on IP networks. The tunnel used to connect
isolated IPv4 networks over IPv6 networks is called an IPv4 over IPv6 tunnel.
13.1.2 IPv4 over IPv6 Supported by the NE80E/40E
The NE80E/40E supports the enabling of IPv4 and IPv6 protocol stacks on the devices at the
border of IPv6 and IPv4 networks.
Figure 13-1 Networking diagram of an IPv4 over IPv6 tunnel
Dual Stack
Router
IPv4
network
IPv4
Host
Dual Stack
Router
IPv6
network
IPv4
network
IPv4
Host
IPv4 over IPv6 Tunnel
IPv4
Header
IPv4
Payload
IPv6
Header
IPv4
Header
IPv4
Payload
IPv4
Header
IPv4
Payload
Figure 13-1 shows the principles of the IPv4 over IPv6 tunnel technology.
1.
Enabling IPv4/IPv6 dual stacks
Enable IPv4 and IPv6 protocol stacks on the border device.
2.
13-2
Encapsulating IPv6 packets
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
After receiving a packet from the IPv4 network, the border device takes the received IPv4
packet as the payload, adds an IPv6 packet header before the payload, and encapsulates it
into an IPv6 packet if the device finds that the destination of the packet is not itself.
3.
Transmitting the encapsulated packet
In the IPv6 network, the encapsulated packet is transmitted to the peer border device.
4.
Decapsulating the packet
The peer border device decapsulates the packet, removes the IPv6 packet header, and
forwards the decapsulated IPv4 packet to the remote IPv4 network.
13.2 Configuring an IPv4 over IPv6 Tunnel
This section describes how to configure an IPv4 over IPv6 tunnel.
13.2.1 Establishing the Configuration Task
13.2.2 Configuring a Tunnel Interface
13.2.3 Configuring Routes in the Tunnel
13.2.4 Configuring Other Items for an IPv4 over IPv6 Tunnel
13.2.5 Checking the Configuration
13.2.1 Establishing the Configuration Task
Applicable Environment
To implement communication between IPv4 networks over the IPv6 network, configure an IPv4
over IPv6 tunnel on the border device of IPv4 and IPv6 networks.
Pre-configuration Tasks
Before configuring an IPv4 over IPv6 tunnel, complete the following tasks:
l
Implementing the IP connectivity between the source and destination interfaces
l
Configuring IPv4 and IPv6 protocol stacks
Data Preparation
To configure an IPv4 over IPv6 tunnel, you need the following data.
Issue 03 (2010-03-31)
No.
Data
1
Number of the tunnel interface
2
Source IPv6 address or source interface of the tunnel interface
3
Destination IPv6 address of the tunnel interface
4
IPv4 address of the tunnel interface or the interface from which the IPv4 address is
borrowed
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13-3
13 IPv4 over IPv6 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13.2.2 Configuring a Tunnel Interface
Context
Do as follows on the routers on both ends of the tunnel:
Procedure
Step 1 Run:
set board-type slot slot slot-id tunnel
The service mode of the SPUC is set to Tunnel.
Step 2 Run:
system-view
The system view is displayed.
Step 3 Run:
interface tunnel interface-number
The tunnel interface is created and the tunnel interface view is displayed.
The slot number of the created tunnel interface must be the same as that of the SPUC. For
instance, when the SPUC is inserted in slot 2, the slot number of the tunnel interface must be 2.
Step 4 Run:
tunnel-protocol ipv4-ipv6
The tunnel is specified as an IPv4 over IPv6 tunnel.
When you configure an IPv4 over IPv6 GRE tunnel, you must run the target-board slotnumber command on the loopback interface to bind the SPUC to 4 over 6 protocol.
Step 5 Run:
source { source-ipv6-address | interface-type interface-number }
The source IPv6 address or source interface of the tunnel interface is specified.
The source address specified by sourceipv6-address must be the IPv6 address of the loopback
interface bound to the SPUC through the target-board command; the source interface specified
by sourceinterface-type must be the loopback interface bound to the SPUC through the targetboard command.
Step 6 Run:
destination ipv6-address
The destination IPv6 address of the Tunnel interface is configured.
Step 7 Run one of the following commands to specify the IP address of the tunnel interface:
l
Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IPv4
address of the tunnel interface.
l
Run the ip address unnumbered interface interface-type interface-number command to
configure the tunnel interface to borrow an IPv4 address.
----End
13-4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
13.2.3 Configuring Routes in the Tunnel
Context
The route with the outgoing interface as the tunnel interface must exist on the source and
destination devices. This ensures that the packets to be encapsulated with the IPv4 over IPv6
tunnel can be correctly forwarded.
Do as follows on the routers on both ends of the tunnel:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Choose one of the following methods to configure the route with the outgoing interface as the
tunnel interface:
l
Run the ip route-static dest-ipv4-address { mask | mask-length } tunnel interface-number
command to configure static routes. When configuring the static routes, you must configure
the both ends of the tunnel. Note that the destination address is the destination IPv4 address
of the packet to be encapsulated with the IPv4 over IPv6 tunnel; the next hop is the local
tunnel interface.
l
Configure dynamic routes. You can use the Border Gateway Protocol (BGP) or the Interior
Gateway Protocol (IGP), excluding Intermediate System-to-Intermediate System (IS-IS).
Detailed configurations are not mentioned here.
When configuring a dynamic routing protocol, you must enable it on the tunnel interface and
the interface on the link through which the IPv4 network is connected to the IPv6 network.
----End
13.2.4 Configuring Other Items for an IPv4 over IPv6 Tunnel
Context
Do as follows on the routers on both ends of the tunnel:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface tunnel interface-number
The tunnel interface view is displayed.
Step 3 Run:
tunnel ipv4-ipv6 flow-label label-value
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13-5
13 IPv4 over IPv6 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
The flow label value is set.
By default, the flow label value is 0.
Step 4 Run:
tunnel ipv4-ipv6 hop-limit hop-limit
The hop limit is set.
By default, the hop limit is set to 64.
Step 5 Run:
tunnel ipv4-ipv6 traffic-class { original | class-value }
The traffic level is set.
By default, the traffic level is 0.
----End
13.2.5 Checking the Configuration
Prerequisite
The configurations of the IPv4 over IPv6 Tunnel function are complete.
Procedure
l
Run the display device slot-id command to check whether the service mode of the SPUC
is Tunnel.
l
Run the display interface tunnel [ interface-number ] command to check the working
status of the tunnel interface.
l
Run the display ip routing-table command to check the routing table.
----End
Example
If the service mode of the SPUC is Tunnel, run the display device 3 command, and you can
view that the type of the SPUC on the router is displayed as General.
<HUAWEI> display device 3
SPU3's detail information:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Description:
Line Processing Unit - General
Board status:
Normal
Register:
Registered
Uptime:
2009/02/26
18:33:23
CPU Utilization(%):
3%
Mem Usage(%):
19%
Clock information:
State item
State
Current syn-clock:
17
Current line-clock:
23
Syn-clock state:
Locked
VCXO_OK
REF_OK
Syn-clock 17 state:
Actived
Syn-clock 18 state:
Inactived
Line-clock 23 state:
Inactived
Line-clock 24 state:
Inactived
Statistic information:
Statistic item
Statistic number
13-6
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
SERDES interface link lost:
Mpu switchs:
Syn-clock switchs:
- - - - - - - - - - - - - - - - - - - - -
0
0
0
- - - - - - - - - - - - - - - - -
Run the display interface tunnel command. If the status of the tunnel interface is Up, it means
that the configuration succeeds. For example:
<HUAWEI> display interface tunnel 2/0/0
Tunnel2/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-11-16, 12:26:17
Description : Tunnel2/0/0 Interface, Route Port
Route Port,The Maximum Transmit Unit is 1452 bytes
Internet Address is 10.1.1.1/30
Encapsulation is TUNNEL6, loopback not set
Tunnel protocol/transport (IPv6 or IPV4) over IPv6
Tunnel Source 2001::1 (Pos2/0/0)
Tunnel Destination 2002::2
Tunnel Encapsulation limit 4
Tunnel Traffic class not set
Tunnel Flow label not set
Tunnel Hop limit 64
5 minutes input rate 10 bits/sec, 0 packets/sec
5 minutes output rate 14 bits/sec, 0 packets/sec
493 packets input, 38480 bytes
0 input error
447 packets output, 53144 bytes
0 output error
Run the display ip routing-table command. If the route with the outgoing interface as the tunnel
interface is displayed in the IPv4 routing table, it means that the configuration succeeds. For
example:
<HUAWEI> display ip routing-table
Routing Tables: Public
Destinations : 11
Routes : 11
Destination/Mask
Proto Pre Cost
NextHop
10.1.1.0/24 Direct 0
0
10.1.1.2
10.1.1.2/32 Direct 0
0
127.0.0.1
10.2.1.0/24 Static 60
0
40.1.1.1
20.1.1.0/24 Direct 0
0
20.1.1.1
20.1.1.1/32 Direct 0
0
127.0.0.1
20.1.1.2/32 Direct 0
0
20.1.1.2
30.1.1.0/24 OSPF
10
3124
20.1.1.2
40.1.1.0/24 Direct 0
0
40.1.1.1
40.1.1.1/32 Direct 0
0
127.0.0.1
127.0.0.0/8
Direct 0
0
127.0.0.1
127.0.0.1/32 Direct 0
0
127.0.0.1
Interface
GigabitEthernet2/0/0
InLoopBack0
Tunnel2/0/0
Pos2/0/0
InLoopBack0
Pos1/0/0
Pos1/0/0
Tunnel2/0/0
InLoopBack0
InLoopBack0
InLoopBack0
Run the ping -a source-ipv4-address dest-ipv4-address command. The local tunnel interface
can ping through the destination tunnel interface.
13.3 Maintaining IPv4 over IPv6 Tunnels
This section describes how to debug IPv4 over IPv6 tunnels.
13.3.1 Monitoring the Operation Status of IPv4 over IPv6 Tunnel
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13-7
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
13.3.1 Monitoring the Operation Status of IPv4 over IPv6 Tunnel
Context
In routine maintenance, you can run the following command in any view to check the operation
of IPv4 over IPv6 tunnel.
Procedure
l
Run the display interface tunnel [ interface-number ] [ | { begin | exclude | include }
regular-expression ] command in any view to check the operation status of the tunnel
interface.
l
Run the display interface tunnel interface-number command in any view to check the
IPv4 attributes of the tunnel interface.
----End
13.4 Configuration Examples
This section provides a configuration example of IPv4 over IPv6 tunnels.
13.4.1 Example for Configuring an IPv4 over IPv6 Tunnel
13.4.1 Example for Configuring an IPv4 over IPv6 Tunnel
Networking Requirements
Figure 13-2 Networking diagram of an IPv4 over IPv6 tunnel
IPv4
network
RT1
IPv6
network
RT2 POS1/0/0 RT3 POS1/0/0
POS1/0/0
2001::2/64
2002::2/64
10.1.2.1/30
POS1/0/0
POS2/0/0
POS2/0/0
10.1.2.2/30
2001::1/64
2002::1/64
RT4
POS2/0/0
10.1.3.1/30
POS1/0/0
10.1.3.2/30
RT5
IPv4
network
13-8
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
As shown in Figure 13-2, two IPv4 networks are connected to the IPv6 network respectively
through Router 1 and Router 5. Border devices Router 2 and Router 4 of the IPv6 network support
IPv4 and IPv6 dual stacks. To enable communication between the two IPv4 networks, configure
an IPv4 over IPv6 tunnel between Router 2 and Router 4.
NOTE
l
An IPv4 over IPv6 tunnel does not support IS-IS.
l
When configuring an IPv4 over IPv6 tunnel, you must set the service mode of the SPUC to Tunnel. In
addition, you must bind the SPUC to the tunnel.
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure an IPv4 over IPv6 tunnel on the border devices on both ends of the IPv6 network.
2.
Configure the route with the outgoing interface as the tunnel interface by adopting the
dynamic routing protocol.
Data Preparation
To complete the configuration, you need the following data:
l
Routing protocols applied to the IPv6 and IPv4 networks
l
Source and destination IPv6 addresses of the tunnel
l
IPv4 address of the tunnel interface
Procedure
Step 1 Configure the IPv6 address of the physical interface and IS-ISv6 of the IPv6 network to
implement the connectivity of the IPv6 network.
# Configure Router 2.
<HUAWEI> system-view
[HUAWEI] sysname Router2
[Router2] ipv6
[Router2] interface pos 2/0/0
[Router2-Pos2/0/0] ipv6 enable
[Router2-Pos2/0/0] ipv6 address 2001::1 64
[Router2-Pos2/0/0] undo shutdown
[Router2-Pos2/0/0] quit
[Router2] isis 1
[Router2-isis-1] network-entity 10.0000.0000.0001.00
[Router2-isis-1] ipv6 enable topology standard
[Router2-isis-1] quit
[Router2] interface pos 2/0/0
[Router2-Pos2/0/0] isis ipv6 enable 1
[Router2-Pos2/0/0] quit
# Create a loopback interface, assign an IPv6 address to it, and enable IS-ISv6.
[Router2] interface
[Router2-LoopBack1]
[Router2-LoopBack1]
[Router2-LoopBack1]
[Router2-LoopBack1]
Loopback 1
ipv6 enable
ipv6 address 2::2 64
isis ipv6 enable 1
quit
# Configure Router 3.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13-9
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
<HUAWEI> system-view
[HUAWEI] sysname Router3
[Router3] ipv6
[Router3] interface pos 1/0/0
[Router3-Pos1/0/0] ipv6 enable
[Router3-Pos1/0/0] ipv6 address 2001::2 64
[Router3-Pos1/0/0] undo shutdown
[Router3-Pos1/0/0] quit
[Router3] interface pos 2/0/0
[Router3-Pos2/0/0] ipv6 enable
[Router3-Pos2/0/0] ipv6 address 2002::1 64
[Router3-Pos2/0/0] undo shutdown
[Router3-Pos2/0/0] quit
[Router3] isis 1
[Router3-isis-1] network-entity 10.0000.0000.0002.00
[Router3-isis-1] ipv6 enable topology standard
[Router3-isis-1] quit
[Router3] interface pos 1/0/0
[Router3-Pos1/0/0] isis ipv6 enable 1
[Router3-Pos1/0/0] quit
[Router3] interface pos 2/0/0
[Router3-Pos2/0/0] isis ipv6 enable 1
[Router3-Pos2/0/0] quit
# Configure Router 4.
<HUAWEI> system-view
[HUAWEI] sysname Router4
[Router4] ipv6
[Router4] interface pos 1/0/0
[Router4-Pos1/0/0] ipv6 enable
[Router4-Pos1/0/0] ipv6 address 2002::2 64
[Router4-Pos1/0/0] undo shutdown
[Router4-Pos1/0/0] quit
[Router4] isis 1
[Router4-isis-1] network-entity 10.0000.0000.0003.00
[Router4-isis-1] ipv6 enable topology standard
[Router4-isis-1] quit
[Router4] interface pos 1/0/0
[Router4-Pos1/0/0] isis ipv6 enable 1
[Router4-Pos1/0/0] quit
# Create a loopback interface, assign an IPv6 address to it, and enable IS-ISv6.
[Router4] interface
[Router4-LoopBack1]
[Router4-LoopBack1]
[Router4-LoopBack1]
[Router4-LoopBack1]
Loopback 1
ipv6 enable
ipv6 address 4::4 64
isis ipv6 enable 1
quit
Step 2 Configure the IPv4 address and OSPF of the physical interfaces of the IPv4 network to
implement the connectivity of the IPv4 network.
# Configure Router 1.
<HUAWEI> system-view
[HUAWEI] sysname Router1
[Router1] interface pos 1/0/0
[Router1-Pos1/0/0] ip address 10.1.2.2 30
[Router1-Pos1/0/0] undo shutdown
[Router1-Pos1/0/0] quit
[Router1] ospf 1
[Router1-ospf-1] area 0
[Router1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3
# Configure Router 2.
<Router2> system-view
[Router2] interface pos 1/0/0
13-10
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
[Router2-Pos1/0/0] ip address 10.1.2.1 30
[Router2-Pos1/0/0] undo shutdown
[Router2-Pos1/0/0] quit
[Router2] ospf 1
[Router2-ospf-1] area 0
[Router2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3
# Configure Router 4.
<Router4> system-view
[Router4] interface pos 1/0/0
[Router4-Pos1/0/0] ip address 10.1.3.1 30
[Router4-Pos1/0/0] quit
[Router4] ospf 1
[Router4-ospf-1] area 0
[Router4-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3
# Configure Router 5.
<HUAWEI> system-view
[HUAWEI] sysname Router5
[Router5] interface pos 1/0/0
[Router5-Pos1/0/0] ip address 10.1.3.2 30
[Router5-Pos1/0/0] undo shutdown
[Router5-Pos1/0/0] quit
[Router5] ospf 1
[Router5-ospf-1] area 0
[Router5-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3
Step 3 Configure the tunnel interface.
# Create a tunnel interface and configure the IPv4 address, source IPv6 address (or source
interface), and destination IPv6 address of the tunnel interface. Bind the SPUC to the tunnel.
NOTE
The device supports the tunnel binding only on the loopback interface.
# Configure Router 2.
<Router2> set board-type slot 6 tunnel
<Router2> system-view
[Router2] interface Loopback 1
[Router2-LoopBack1] target-board 6
[Router2-LoopBack1] binding tunnel ipv4-ipv6
[Router2-LoopBack1] quit
[Router2] interface tunnel 6/0/0
[Router2-Tunnel6/0/0] tunnel-protocol ipv4-ipv6
[Router2-Tunnel6/0/0] ip address 10.1.1.1 30
[Router2-Tunnel6/0/0] source loopback1
[Router2-Tunnel6/0/0] destination 4::4
# Configure Router 4.
<Router4> set board-type slot 6 tunnel
<Router4> system-view
[Router4] interface Loopback 1
[Router4-LoopBack1] target-board 6
[Router4-LoopBack1] binding tunnel ipv4-ipv6
[Router4-LoopBack1] quit
[Router4] interface tunnel 6/0/0
[Router4-Tunnel6/0/0] tunnel-protocol ipv4-ipv6
[Router4-Tunnel6/0/0] ip address 10.1.1.2 30
[Router4-Tunnel6/0/0] source loopback1
[Router4-Tunnel6/0/0] destination 2::2
Step 4 Configure the route with the outgoing interface as the tunnel interface.
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13-11
13 IPv4 over IPv6 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
# Configure Router 2.
<Router2> system-view
[Router2] ospf 1
[Router2-ospf-1] area 0
[Router2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3
[Router2-ospf-1-area-0.0.0.0] quit
[Router2-ospf-1] quit
# Configure Router 4.
<Router4> system-view
[Router4] ospf 1
[Router4-ospf-1] area 0
[Router4-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3
Step 5 Verify the configuration.
After the configuration, view the tunnel interface on Router 2 and Router 4. You can view that
the protocol status of the tunnel interface is Up.
[Router2] display interface tunnel 6/0/0
Tunnel6/0/0 current state : UP
Line protocol current state : UP
Last up time: 2007-11-16, 12:26:17
Description : Tunnel2/0/0 Interface, Route Port
The Maximum Transmit Unit is 1452 bytes
Internet Address is 10.1.1.1/30
Encapsulation is TUNNEL6, loopback not set
Tunnel protocol/transport (IPv6 or IPV4) over IPv6
Tunnel Source 2001::1 (Pos2/0/0)
Tunnel Destination 2002::2
Tunnel Encapsulation limit 4
Tunnel Traffic class not set
Tunnel Flow label not set
Tunnel Hop limit 64
5 minutes input rate 10 bits/sec, 0 packets/sec
5 minutes output rate 14 bits/sec, 0 packets/sec
493 packets input, 38480 bytes
0 input error
447 packets output, 53144 bytes
0 output error
On Router 2 and Router 4, view the IPv4 routing table. You can view that the outgoing interfaces
to the remote IPv4 network are tunnel interfaces.
[Router2] display ip routing-table
Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Proto Pre Cost
NextHop
1.1.1.1/32 Direct 0
0
127.0.0.1
10.1.1.0/30 Direct 0
0
10.1.1.1
10.1.1.1/32 Direct 0
0
127.0.0.1
10.1.2.0/30 Direct 0
0
10.1.2.1
10.1.2.1/32 Direct 0
0
127.0.0.1
10.1.2.2/32 Direct 0
0
10.1.2.2
10.1.3.0/24 OSPF
10
2
10.1.1.2
127.0.0.0/8
Direct 0
0
127.0.0.1
127.0.0.1/32 Direct 0
0
127.0.0.1
Interface
InLoopBack0
Tunnel2/0/0
InLoopBack0
Pos1/0/0
InLoopBack0
Pos1/0/0
Tunnel2/0/0
InLoopBack0
InLoopBack0
Router 1 and Router 5 can ping through each other.
----End
Configuration Files
l
Configuration file of Router 1
#
13-12
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
13 IPv4 over IPv6 Tunnel Configuration
sysname Router1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.1.2.2 255.255.255.252
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.3
#
return
l
Configuration file of Router 2
#
sysname Router2
#
ipv6
#
isis 1
network-entity 10.0000.0000.0001.00
#
ipv6 enable topology standard
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.2.1 255.255.255.252
#
interface Pos2/0/0
link-protocol ppp
ipv6 enable
ipv6 address 2001::1/64
isis ipv6 enable 1
#
interface LoopBack1
ipv6 enable
ipv6 address 2::2 64
isis ipv6 enable 1
target-board 6
binding tunnel ipv4-ipv6
#
interface Tunnel6/0/0
ip address 10.1.1.1 255.255.255.252
tunnel-protocol ipv4-ipv6
source loopback 1
destination 4::4
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.3
network 10.1.1.0 0.0.0.3
#
return
l
Configuration file of Router 3
#
sysname Router3
#
ipv6
#
isis 1
network-entity 10.0000.0000.0002.00
#
ipv6 enable topology standard
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ivp6 enable
ipv6 address 2001::2/64
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13-13
13 IPv4 over IPv6 Tunnel Configuration
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
isis ipv6 enable 1
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ipv6 enable
ipv6 address 2002::1/64
isis ipv6 enable 1
#
return
l
Configuration file of Router 4
#
sysname Router4
#
ipv6
#
isis 1
network-entity 10.0000.0000.0003.00
#
ipv6 enable topology standard
#
#
interface Pos1/0/0
link-protocol ppp
ipv6 enable
ipv6 address 2002::2/64
isis ipv6 enable 1
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.3.1 255.255.255.252
#
interface LoopBack1
ipv6 enable
ipv6 address 4::4 64
isis ipv6 enable 1
target-board 6
binding tunnel ipv4-ipv6
#
interface Tunnel6/0/0
ip address 10.1.1.2 255.255.255.252
tunnel-protocol ipv4-ipv6
source loopback 1
destination 2::2
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.1.3.0 0.0.0.3
#
return
l
Configuration file of Router 5
#
sysname Router1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.1.3.2 255.255.255.252
#
ospf 1
area 0.0.0.0
network 10.1.3.0 0.0.0.3
#
return
13-14
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
A Glossary
A
Glossary
This appendix collates frequently used glossaries in this document.
A
Access Control List
A list composed of multiple sequential permit/deny statements.
In firewall, after ACL is applied to an interface on the device, the
device decides which packet can be forwarded and which packet
should be denied. In QoS, ACL is used to classify traffic.
Acknowledge
To confirm an action. The acknowledgement (ACK) message is
sent from one device to another.
Address Resolution
Protocol
A protocol used to map an IP Address to a MAC address, as
defined in RFC 826.
ATM
An asynchronous Transfer Mode. It is a data transmission
technology in which data (files, voice and video) is transferred in
cells with a fixed length (53 Bytes). The fixed length makes the
cell be processed by the hardware. The object of ATM is to make
good use of high-speed transmission medium such as E3, SONET
and T3.
B
Broadcast
To send packets to all ports of the nodes in the network.
D
Domain name
A name composed of numbers or characters. Each domain name
corresponds to an IP address.
Dotted decimal notation
A format of IP address. IP addresses in this format are separated
into four parts by a dot "." with each part is in the decimal numeral.
E
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
A-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
A Glossary
Ethernet
A technology complemented in LAN. It adopts Carrier Sense
Multiple Access/Collision Detection. The speed of an Ethernet
interface can be 10 Mbit/s, 100 Mbit/s, 1000 Mbit/s or 10000
Mbit/s. The Ethernet network features high reliability and easy
maintaining..
F
File Transfer Protocol
An application layer protocol based on TCP/IP. It is used to
transfer large amounts of data reliably between the user and the
remote host. FTP is implemented based on corresponding file
system.
I
IPv6
A update version of IPv4. It is also called IP Next Generation
(IPng). The specifications and standardizations provided by it are
consistent with the Internet Engineering Task Force
(IETF).Internet Protocol Version 6 (IPv6) is also called. It is a
new version of the Internet Protocol, designed as the successor to
IPv4. The specifications and standardizations provided by it are
consistent with the Internet Engineering Task Force (IETF).The
difference between IPv6 and IPv4 is that an IPv4 address has 32
bits while an IPv6 address has 128 bits.
L
Local Area Network
A network intended to serve a small geographic area, (few square
kilometers or less), a single office or building, or a small defined
group of users. It features high speed and little errors. Ethernet,
FDDI and Toke Ring are three technologies implemented in LAN.
M
MAC address
A link layer address or physical address. It is six bytes long.
MTU
A maximum size of packets that an interface can process. It is in
bytes
N
Neighbor Discovery
A process to discover neighboring modes.
P
Ping
A-2
To test the reachablitly of a device in the network through ICMP
Echo message.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
A Glossary
Policy-based Routing
A routing mechanism based on user-defined policies. It can
implement secure communication and load balancing.
PPP
A serial point to point link used for special transmission between
two devices.
R
Router
A device running on the network layer. After receiving a packet,
the device searches the routing table for a proper route and sends
the packet to the next hop. The last hop device sends the packet
to the host directly.
T
Telnet
An application layer protocol based on TCP/IP. It implements
remote login and virtual terminal. It
Time Range
A special time period.
Traffic
A group of packets sent from the source to the destination and
matching certain classification.
Tunnel
In VPN, it is a transport tunnel set up between two entities to
prevent interior users from interrupting and ensure security.
U
Unicast
To send packets to one destination network.
V
VPN
Virtual Private Network (VPN). It implements an apparent single
private network (as seen by the user), over a number of separate
public and private networks. Virtual indicates that this kind of
network is a logical network.
NE80E/40E
Versatile Routing Platform. It is a versatile operation system
platform developed by Huawei.
W
Wide Area Network
A network that covers a large geographic area, such as a country
or a state. Devices in this network are connected through certain
protocol or physical links.
X
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
A-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
A Glossary
X.25
A-4
A data link layer protocol. It defines the communication in the
Public Data Network (PDN) between a host and a remote
terminal.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
B Acronyms and Abbreviations
B
Acronyms and Abbreviations
This appendix collates frequently used acronyms and abbreviations in this document.
A
AAA
Authentication, Authorization and Accounting
ACK
Acknowledgement
ASCII
American Standard Code for Information Interchange
ATM
Asynchronous Transfer Mode
B
BGP
Border Gateway Protocol
C
CIDR
Classless Inter-Domain Routing
D
DHCP
Dynamic Host Configuration Protocol
DLCI
Data Link Control Identifier
DNS
Domain Name System
DOS
Denial of Service
DAD
Duplicate Address Detect
E
EBGP
Issue 03 (2010-03-31)
External BGP
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
B-1
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
B Acronyms and Abbreviations
F
FEC
Forward Error Correction
FIB
Forward Information Base
G
GRE
Generic Routing Encapsulation
H
HDLC
High level Data Link Control
HTTP
Hyper Text Transport Protocol
I
IBGP
Internal BGP
ICMP
Internet Control Message Protocol
IEEE
Institute of Electrical and Electronics Engineers
IETF
Internet Engineering Task Force
IGP
Interior Gateway Protocol
IP
Internet Protocol
IPoEoA
IP over Ethernet over AAL5
IPSec
Internet Protocol SECurity extensions
IS-IS
Intermediate System-Intermediate System
ISP
Internet Service Provider
L
LDP
Label Distribution Protocol
LSP
Label Switch Path
M
MAC
Medium Access Control
MED
Multi-Exit discrimination
MPLS
Multi-Protocol Label Switching
N
B-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
B Acronyms and Abbreviations
NAT
Network Address Translation
NAT-PT
Network Address Translation - Protocol Translation
NIC
Network Information Center
O
OSPF
Open Shortest Path First
P
PC
Personal Computer
PE
Provider Edge
POS
Packet Over SDH/SONET
PPP
Point-to-Point Protocol
PVC
Permanent Virtual Circuit
Q
QoS
Quality of Service
R
RIP
Routing Information Protocol
RPR
Resilient Packet Ring
S
SLIP
Serial Line Internet Protocol
SNMP
Simple Network Management Protocol
SVC
Switched Virtual Channel
T
Issue 03 (2010-03-31)
TCP
Transmission Control Protocol
TFTP
Trivial File Transfer Protocol
TOS
Type of Service
TTL
Time To Live
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
B-3
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Services
B Acronyms and Abbreviations
U
UDP
User Datagram Protocol
URPF
Unicast Reverse Path Forwarding
V
VLAN
Virtual Local Area Network
VPN
Virtual Private Network
NE80E/40E
Versatile Routing Platform
VRRP
Virtual Router Redundancy Protocol
VT
Virtual-Template
W
B-4
WINS
Windows Internet Name Service
WWW
World Wide Web
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2010-03-31)
Download