Configuration Guide - IP Service(V200R002C00_02)

March 19, 2018 | Author: dzar123 | Category: I Pv6, Ip Address, Computer Network, Proxy Server, Domain Name System
Share
Report this link


Comments



Description

Huawei AR150&200 Series Enterprise RoutersV200R002C00 Configuration Guide - IP Service Issue 02 Date 2012-03-30 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: [email protected] Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. i Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service About This Document About This Document Intended Audience This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the IP service feature supported by the AR150/200. This document describes how to configure the IP service feature. This document is intended for: l Data configuration engineers l Commissioning engineers l Network monitoring engineers l System maintenance engineers Symbol Conventions The symbols that may be found in this document are defined as follows. Symbol Description DANGER WARNING CAUTION Issue 02 (2012-03-30) Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury. Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. TIP Indicates a tip that may help you solve a problem or save time. NOTE Provides additional information to emphasize or supplement important points of the main text. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. ii Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service About This Document Command Conventions The command conventions that may be found in this document are defined as follows. Convention Description Boldface The keywords of a command line are in boldface. Italic Command arguments are in italics. [] Items (keywords or arguments) in brackets [ ] are optional. { x | y | ... } Optional items are grouped in braces and separated by vertical bars. One item is selected. [ x | y | ... ] Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. { x | y | ... }* Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. [ x | y | ... ]* Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected. &<1-n> The parameter before the & sign can be repeated 1 to n times. # A line starting with the # sign is comments. Interface Numbering Conventions Interface numbers used in this manual are examples. In device configuration, use the existing interface numbers on devices. Change History Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues. Changes in Issue 02 (2012-03-30) Based on issue 01 (2011-12-30), the document is updated as follows: The following information is added: l Disabling the Routing and Forwarding Function on High-end LAN Cards The following information is modified: l Issue 02 (2012-03-30) 6.6.3 Enabling the DHCP/BOOTP Client Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. iii Huawei AR150&200 Series Enterprise Routers Configuration Guide . Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. iv ..IP Service About This Document Changes in Issue 01 (2011-12-30) Initial commercial release. Ltd. .........................................................7.......................3 1...........4 Configuring a Static ARP Entry in a VPN Instance..................................6...14 1........8 1...................................................................7 Configuring Inter-VLAN Proxy ARP.....3............................5 Configuring Routed Proxy ARP..........6 1............................10 1. v ...............................................................................................12 1..............................4............2 Configuring a Static ARP Entry...........................3..............................................................3............................................................3 1......13 1.........................................5 Checking the Configuration..........................................................................................ii 1 ARP Configuration.....4......3................................................................................................2 Configuring an IP Addresses for an Interface..................................................................................................................................1 ARP Overview.............................................................................................................................6......................................................................................3 (Optional) Configuring the VLAN ID of the Sub-interface.............................................1 Establishing the Configuration Task............5 1................................4 Checking the Configuration......14 1.....................5....6.....................................................................................................................................................................................................IP Service Contents Contents About This Document.........12 1......1 Establishing the Configuration Task..............................................................................................................3.....4 Enabling Layer 2 Topology Detection............17 1...............................................................................Huawei AR150&200 Series Enterprise Routers Configuration Guide ....................................1 Establishing the Configuration Task.....................4............................................9 1...................................13 1...................7 1............................5 Checking the Configuration.....................................10 1.......................................6..................................2 Adjusting Parameters of Dynamic ARP Entries........4........................................3 Enabling ARP Suppression........4 1..............................15 1...................................................................................................................7 1.....3 Configuring Static ARP...........................2 Configuring an IP Addresses for an Interface..............................................3 Configuring Routed Proxy ARP.....................................................................................................................................18 1..............................1 Establishing the Configuration Task...........5........................................................................9 1.........................11 1.............................1 Establishing the Configuration Task......................................................................................................4............................7...........................5.........................................................6 1.............2 Configuring an IP Address for an Interface......................................................................7.......................................................................................................5 1.............................................................................15 1.............................................................................................4 1..4 Enabling Intra-VLAN Proxy ARP.5.........7...........3 (Optional) Configuring the VLAN ID of a Sub-interface.............19 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co......5 Checking the Configuration......................................................9 1......................................16 1................................7.............4 Enabling Inter-VLAN Proxy ARP....6.....18 1........1 1.......................................................................................5 Checking the Configuration.........................................4 Optimizing Dynamic ARP.....3 Configuring a Static ARP Entry in a VLAN........................................................... Ltd....................2 ARP Features Supported by the AR150/200..................................16 1........6 Configuring Intra-VLAN Proxy ARP.......... ..............Huawei AR150&200 Series Enterprise Routers Configuration Guide ....52 3.................................5 Configuration Examples.........................................................................................................................24 1........................39 2................................................................2 Configuring a Primary IP Address for an Interface............................11......................................................................................................................................................................38 2........................40 2..............................3.....................50 3...4 Configuring an IPv6 Global Unicast Address for an Interface..................................................................3 Configuring an IPv6 Address for an Interface............................................................................5 Example for Configuring Layer 2 Topology Detection.....................................54 3............1 Establishing the Configuration Task..............................................3...11.................42 2..2 Monitoring the ARP Running Status...........................8 Configuring ARP-Ping IP.................................................................................3................39 2..........3 Configuring IP Addresses for an Interface........................................42 2......9......46 3 Basic IPv6 Configuration.....55 3......1 Establishing the Configuration Task.................10.......................................1 Deleting ARP Entries........2 Enabling IPv6 Packet Forwarding Capability......................................................................57 3.......................................................................1 Establishing the Configuration Task............................43 2.9.........................11..........................................20 1.....27 1.......................................................3.......................................................2 Checking a MAC Address by Using ARP-Ping MAC.....................................1 Establishing the Configuration Task..........................................................2 IPv6 Supported by the AR150/200...........................45 2.................................................................................3.............................5.................................................................................3 (Optional) Configuring a Secondary IP Address for an Interface...................................39 2.......................................................32 1....4...................................3 Configuring IP Address Unnumbered on an Interface................................................41 2............................22 1........3 Example for Configuring Intra-VLAN Proxy ARP...................IP Service Contents 1....................58 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co....19 1.............................................22 1.................................................................56 3................................................................................................5 Configuring an IPv6 Anycast Address for an Interface..............................................22 1............................................4 Checking the Configuration..............................24 1..20 1.............................................................................................................................9 Configuring ARP-Ping MAC............................................................................4 Checking the Configuration......................................................................................................................45 2...............................1 Example for Configuring Primary and Secondary IP Addresses for an Interface.6 Checking the Configuration..........................................................2 IP Addresses Supported by the AR150/200................8..1 Example for Configuring Static ARP........................................................................................................................39 2..................................................11 Configuration Examples...................................................................................................................................................34 2 IP Address Configuration............21 1................52 3........1 Introduction to IPv6.................................................................................................................10 Maintaining ARP.....................10..........................41 2....3 Configuring an IPv6 Link-Local Address for an Interface......................................................2 Example for Configuring Routed Proxy ARP.........3..44 2........................................................................................................................................................4........................................................8..........................4 Configuring IP Address Unnumbered on an Interface......................3..........3.................23 1.......5..11..............................2 Configuring a Primary IP Address for the Interface from Which an IP Address Will Be Borrowed ......................................................1 Establishing the Configuration Task.............................1 IP Address Overview...................................2 Checking an IP Address by Using ARP-Ping IP....................43 2............................11..21 1...............57 3..........4 Example for Configuring Inter-VLAN Proxy ARP........4..........2 Example for Configuring IP Address Unnumbered on an Interface.3.............................................................54 3........................................... Ltd......................................................3................................... vi ....................................29 1..........................................4...................................... ...............6 Configuring Other Information to Be Advertised..........7...............................71 3........65 3............7 Configuring the Default Router Priority and Route Information....................1 Example for Configuring an IPv6 Address for an Interface................................................................61 3................. vii ............4................2 Configuring a DNS Server...........68 3......................87 4........69 3.................................................................7............................................4...........................................................................................................................5 Configuring the Address Prefixes to Be Advertised.....................................3 Configuring Dynamic DNS......................72 3..72 3.............3 Enabling RA Message Advertising...............4.................63 3..............................................................4 Checking the Configuration.....7..................................................6...3 Configuring PMTU Aging Time....................62 3................4 Configuring IPv6 Neighbor Discovery.........................................6....................................4..........73 3............3.................................................................................................3 Configuring IPv4 and IPv6 Addresses for the Interface.....................................76 3..........2 DNS Features Supported by the AR150/200...........................75 3..4.............69 3...................................................3.....................................................................69 3...................3.........................................................................................84 4..............61 3.86 4.78 4 DNS Configuration...................7 Configuring TCP6...............................7.........................83 4........................................6 Configuring PMTU...................67 3........................................................................................................8....................88 4.................................................66 3............................4..........................................................................................................................................................................................62 3..........................................................................................2 Creating Static PMTU Entries..............................................1 Establishing the Configuration Task........................................4.......................2 Example for Configuring IPv6 Neighbor Discovery.........................................................................1 Establishing the Configuration Task.........................2 Configuring Static DNS...5........................................................................6.................................................................................................85 4......................................84 4...................... Ltd...6...........................................................................................1 Establishing the Configuration Task....................................................87 4.....................................................................................................IP Service Contents 3.....4 Configuring DNS Proxy or Relay................................................................................................................................................................................................Huawei AR150&200 Series Enterprise Routers Configuration Guide ..............................88 4.............2 Enabling IPv6 Packet Forwarding..............................1 Resetting IPv6...66 3......................................59 3.....9...4 Checking the Configuration.9.........................................3 Configuring the Size of the TCP6 Sliding Window..................................................................................................................4....1 DNS Overview........................................................................5.............3 Configuring a DNS Client..........................1 Establishing the Configuration Task.........................................................1 Establishing the Configuration Task...........................................................70 3....................................................................75 3..............4 Checking the Configuration.......................................................................................8 Checking the Configuration....4........................89 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.....................................................................................4........................................85 4............3 (Optional) Configuring DNS Spoofing.............................................................................60 3..73 3..........3.............................................72 3.........4 Checking the Configuration..........................................4.....................................4...................2 Configuring Static Neighbors..........................4 Setting the Interval for Advertising RA Messages.............................................................................................83 4...............................................2 Configuring TCP6 Timers............................................................................9 Configuration Examples............................8 Maintaining IPv6..............................................70 3.............................................................................................................................................5........................................5...............................................................................76 3.....................................................4 (Optional) Setting the Aging Time of DNS Entries............................1 Establishing the Configuration Task.............5 Configuring IPv4/IPv6 Dual Stacks...................................................64 3................................82 4....... ........127 6.....................................113 5.....................94 4...109 5......................................................12 Checking the Configuration.................................112 5..........................................3 Configuring NAT......................3...................................................3...........................................117 5...................................1 Example for Configuring a DNS Client.3..4 Configuration Examples...............................................3..............2 Configuring an Address Pool.......................................114 5...........................................................................................1 Deleting Dynamic DNS Entries of DNS Clients..........................................................................................................5 Configuring a DDNS Client..................IP Service Contents 4.................5...........................................................................................................................2 Example for Configuring DNS Proxy........................................................7 Configuration Examples.............93 4......................4 Binding a DDNS Policy to an Interface..111 5...........................................91 4..........................................................1 Establishing the Configuration Task.........3...............................................11 Configuring Twice NAT...........................................................7 Enabling NAT ALG........2 Example for Configuring Outbound NAT........................................................104 5.............93 4.......2 DHCP Features Supported by the AR150/200.............................................................................................................119 5................3 Example for Configuring Twice NAT...........................................4................112 5........1 Establishing the Configuration Task.......113 5..........................130 6.................................................................................128 6.................1 DHCP Overview............4..........122 6 DHCP Configuration......................................................................................3............. Ltd......5 Configuring an Internal Server......3 Example for Configuring a DDNS Client..........................................3 Associating an ACL with an Address Pool............3................................................2 Creating a DDNS Policy................................................................................................100 5 NAT Configuration.....................................................................................94 4......................................3 Configuring a DDNS Policy.......1 Example for Configuring the NAT Server........3.....................................................................................................................................................3 Configuring a DHCP Server Based on a Global Address Pool..........130 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...................................117 5..............3..............................................................................115 5...6....................1 Establishing the Configuration Task..............109 5............................................2 Configuring an Interface to Select a Global Address Pool for IP Address Allocation...................................7................................9 Configuring NAT Mapping.....................................................................90 4.........................................91 4.......................................................................90 4....................................................................................................................................................................3................90 4....................................................................................5.................8 Configuring NAT Filtering...............................................................3..........................................93 4.........10 Configuring DNS Mapping........................................110 5.115 5..................................................................................................................................3.......................................................3 Manually Updating a DDNS Policy................................................................92 4...................................6.................................94 4........................................................................................116 5...............................................................4 Configuring Easy IP........................6 Configuring Static NAT............................................................................................................................125 6................................3...111 5................7.....................105 5...........................................................................94 4.........................................................................................3..........................2 Deleting DNS Entries of the DNS Proxy or Relay................4....106 5.....................................................................................2 NAT Features Supported by the AR150/200..................................................................................................................128 6........5.5 Checking the Configuration....1 NAT Overview...................................................5.127 6.......................................................Huawei AR150&200 Series Enterprise Routers Configuration Guide ......................................5........................6...............................................6 Maintaining DNS........3............4......98 4......5 Checking the Configuration......................................................................................................... viii ....................7.............................3 Configuring Global Address Pool Attributes...................................................... ........................3.........................4............................................5..............................................4........................136 6.......2 Configuring Interface Address Pool Attributes...........4 Checking the Configuration.......................................157 6....................5 (Optional) Configuring the DHCP Relay Agent to Instruct the DHCP Server to Reclaim the Client IP address..........................................3.........................................................................................................................4...............................1 Establishing the Configuration Task..................138 6............4 Example for Configuring the DHCP and BOOTP Clients........................................................................................................................................5...........................................................................................................9............4................................8 Checking the Configuration.164 6.....3 Specifying a Server Group on the DHCP Relay Agent.................................................................................6.............................156 6.........3 Enabling the DHCP/BOOTP Client..................................................................132 6..........................6 (Optional) Configuring the Static NetBIOS Service on a DHCP Client.......................1 Example for Configuring a DHCP Server Based on a Global Address Pool in the Scenario Where DHCP Clients and the DHCP Server Are on the Same Network Segment....144 6...........................................141 6...................2 Example for Configuring a DHCP Server Based on an Interface Address Pool in the Scenario Where DHCP Clients and the Server Are on the Same Network Segment........................................................6 Configuring a DHCP/BOOTP Client.....................................153 6.............143 6.........................................................133 6.................................................148 6...1 Establishing the Configuration Task.....4.........................................................174 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.157 6.......5................7 (Optional) Configuring the Function That Prevents Identical IP Addresses.................................151 6.....................160 6..................4 Configuring a DHCP Server Based on an Interface Address Pool..172 7 IP Performance Configuration..............................6....................9............134 6.................148 6...................................................................2 Configuring an Interface to Function as a DHCP Relay Agent.....................................7 Configuring the DHCP Rate Limit Function........................................................................................................8 (Optional) Configuring the Function That Prevents Identical IP Addresses.......................150 6......................4 Binding a DHCP Server Group to a DHCP Relay Interface....3 (Optional) Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client ...............................6 (Optional) Configuring User-Defined DHCP Options of the Interface Address Pool.........6.................................5.........7 (Optional) Configuring User-Defined DHCP Options of the Global Address Pool......................................5 Configuring a DHCP Relay Agent...................135 6.................142 6...................156 6.................................................................................9 Checking the Configuration...................................143 6..............3...4....................................9....................146 6....4.......6 Checking the Configuration..................................................152 6......167 6................9........4 (Optional) Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client .................149 6..................................................5..........................................................................8.............8.............................................................................................IP Service Contents 6.........4...............2 (Optional) Configuring the DHCP/BOOTP Client Attributes..................3.............. Ltd...........................140 6...............139 6...............133 6................................................................................................137 6......144 6...........9 Configuration Examples....................137 6.............................................................4 (Optional) Configuring the Static DNS Service on a DHCP Client.....5..........................5 (Optional) Configuring the Static DNS Service on a DHCP Client...................................Huawei AR150&200 Series Enterprise Routers Configuration Guide ...................................147 6...........8 Maintaining DHCP..........................................................................................................................5 Example for Configuring DHCP Rate Limit.149 6................................................................................................................................6..............1 Clearing DHCP Statistics........................................................................3..........................3.............................1 Establishing the Configuration Task.........156 6........................................2 Monitoring the Operating Status of DHCP.....147 6...............................5 (Optional) Configuring the Static NetBIOS Service on a DHCP Client.............9............. ix ..........................3 Example for Configuring a DHCP Server and a DHCP Relay Agent When the DHCP Server and Clients Are on Different Network Segments.............................................. .5 Configuring TCP Attributes.............................................5....................184 7........................3........................................................194 8............5 Setting the MSS of TCP Packets on an Interface.........2 Monitoring the IP Running Status.................................................3..........................5...........................4..........187 7............4 Configuring an Interface to Forward Broadcast Packets.............5...193 8.......................202 9.........................................................................................................................................................................................................IP Service Contents 7.1 PBR Overview..............................................5 Configuring an Outbound Interface to Fragment IP Packets...............188 7..............................................................................................5....1 Example for Configuring IP Unicast PBR......................1 Establishing the Configuration Task..........184 7..................3......................203 9.....................................................192 8...............................................................................................................4.....3 Setting the Aging Time of the PMTU..............................186 7..........................................................3.175 7............197 8..................2 Setting Values of TCP Timers.............1 Establishing the Configuration Task.........................................5...........................................................................................................................Huawei AR150&200 Series Enterprise Routers Configuration Guide ....................185 7........175 7...198 8..............................................2 UDP Helper Features Supported by the AR150/200......................................................5 Checking the Configuration..........................................................................................................................................................................1 UDP Helper Overview...................................................3.........................................................4 Setting the Size of the TCP Sliding Window.....178 7....................2 IP Performance Features Supported by the AR150/200...................................................6.....3 Configuring UDP Helper...........................................................................6..................................................................................203 9..3.....................................................179 7...................................................................178 7....................189 8 IP Unicast PBR Configuration..................................................................4...4 Configuration Examples.......177 7.................................................3............1 Establishing the Configuration Task..................................................................................................................197 8..............................................................2 Defining the Matching Rule of PBR........................................6 Maintaining IP Performance.......................................................................................................................4............................................................................................................................3 Defining Actions of PBR......................6 Checking the Configuration..........................1 Example for Disabling the Sending of ICMP Redirection Packets..........1 Establishing the Configuration Task.....................................................198 9 UDP Helper Configuration....1 IP Performance Overview.................4 Applying PBR..................175 7............204 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co......................7 Setting the Mode in Which Protocol Packets Are Sent.....187 7....3 Configuring IP Policy-based Routing.2 PBR Supported by the AR150/200.................................................................................3 Optimizing IP Performance....................175 7...............................................193 8..............................................................................................................................3.......................................3.....................................................................................183 7................7..182 7..............................................176 7.......7 Configuration Examples........................5..............................2 Configuring the Unequal-Cost Multiple Path During IP Packet Forwarding........2 Checking Validity of Source IP Addresses of Received Packets.................................................................3...........................3............189 7....................................................184 7............................................1 Clearing IP Performance Statistics............................... Ltd.........................................176 7......................................193 8.....................................................8 Checking the Configuration........................................................ x ..................................................................................................................................6 Configuring an Interface to Send ICMP Redirection Packets..3....4 Configuring Load Balancing for IP Packet Forwarding......................................................177 7...............................................181 7..................3 Controlling IP packets with Source Route Options..185 7.....................................................181 7..........................................................193 8............................................3................3 Checking the Configuration...........................................................................195 8...................186 7...................... .................................. Ltd............205 9...................204 9....205 9......... xi ................................................207 9..................3......................2 Enabling UDP Helper............................1 Establishing the Configuration Task..........3......................................................................................................................................................................................206 9...........207 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..204 9...................................3...............................3.........................1 Clearing the UDP Helper Statistics.....................................................4 Configuring a Destination Server....................................................4.....................1 Example for Configuring UDP Helper..............................................................4 Maintaining UDP Helper................IP Service Contents 9..............................5 Configuration Examples....................Huawei AR150&200 Series Enterprise Routers Configuration Guide .........................207 9.............207 9...............................................................................................................................................5........................5 Checking the Configuration..3.............3 (Optional) Configuring a UDP Port for Packets to Be Relayed..................... Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4 Optimizing Dynamic ARP If dynamic ARP is configured. 1. the system resolves an IP address into an Ethernet MAC address. Dynamic ARP entries are maintained dynamically by the ARP protocol.Huawei AR150&200 Series Enterprise Routers Configuration Guide .5 Configuring Routed Proxy ARP Routed proxy ARP implements communication between devices on the same network segment but on different physical networks. 1.1 ARP Overview ARP dynamically maps Layer 3 IP addresses to Layer 2 MAC addresses. 1. An Ethernet device must support ARP. 1.9 Configuring ARP-Ping MAC ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending Internet Control Management Protocol (ICMP) packets.IP Service 1 ARP Configuration 1 ARP Configuration About This Chapter ARP can map an IP address to a MAC address and implements transmission of Ethernet frames. 1. You can adjust parameters of dynamic ARP entries such as the number of ARP probes and the aging time of dynamic ARP entries to optimize forwarding performance of the AR150/200.3 Configuring Static ARP Static ARP entries record fixed mappings between IP addresses and MAC addresses. 1.8 Configuring ARP-Ping IP ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets. 1.. Ltd. They are configured manually by network administrators.7 Configuring Inter-VLAN Proxy ARP Inter-VLAN proxy ARP enables hosts in different sub-VLANs of a super-VLAN to communicate with each other. 1. 1 .2 ARP Features Supported by the AR150/200 This section describes ARP Features supported by the AR150/200. 1.6 Configuring Intra-VLAN Proxy ARP Intra-VLAN proxy ARP enables hosts that are isolated at Layer 2 in a VLAN to communicate with each other. 2 . 1..10 Maintaining ARP This section describes how to maintain ARP. Ltd.Huawei AR150&200 Series Enterprise Routers Configuration Guide .11 Configuration Examples Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.IP Service 1 ARP Configuration 1. The AR150/200 supports dynamic ARP. An Ethernet device must support ARP.IP Service 1 ARP Configuration 1. Instead. the device cannot forward data packets.Huawei AR150&200 Series Enterprise Routers Configuration Guide . l Dynamic ARP: Dynamic ARP entries are maintained by the ARP protocol. the device does not know how to reach the intermediate system of the network). static ARP. 3 . and ARPing. the interface sends the MAC address of the AR150/200 to the sender of the ARP request. Proxy ARP The AR150/200 supports the following types of proxy ARP: l Routed proxy ARP Routed proxy ARP implements communication between devices on the same network segment but on different physical networks. the mapping from an IP address to a physical address is required. Proxy ARP can also shield topologies of physical networks so that internal hosts of Ethernet A and Ethernet B on different physical networks but on the same network segment can communicate. it does not discard the ARP request packet that is destined for another interface. to enable the two users to communicate. a host or a network device must know the IP address of another host or network device to send data to it. you must enable intra-VLAN proxy ARP on an interface associated with the VLAN. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Therefore. The AR150/200 then functions as the gateway to route packets to the actual destination. If an interface on the AR150/200 is enabled with intra-VLAN proxy ARP. the physical address of the destination device must also be known because IP packets are encapsulated in frames for transmission across a physical network. l Intra-VLAN proxy ARP If two users belong to the same VLAN but port isolation is configured in the VLAN. Routed proxy ARP solves this problem. If the ARP entry is found. ARP maps IP addresses to physical addresses. it searches for the corresponding ARP entry of the interface..2 ARP Features Supported by the AR150/200 This section describes ARP Features supported by the AR150/200. After receiving the packet. the AR150/200 enabled with proxy ARP replies with its own MAC address. In addition. On a LAN.1 ARP Overview ARP dynamically maps Layer 3 IP addresses to Layer 2 MAC addresses. 1. ARP ARP is classified into the following types: l Static ARP: Mappings between IP addresses and MAC addresses are configured manually. Ltd. proxy ARP. If a device connected to the AR150/200 is not configured with a default gateway address (that is. A device sends an ARP Request packet to request the MAC address of the destination host. 3 Configuring Static ARP Static ARP entries record fixed mappings between IP addresses and MAC addresses. l Inter-VLAN proxy ARP If two users belong to different VLANs. a sub-interface for VLAN tag termination. They are configured manually by network administrators. 1. Applicable Environment Static ARP entries ensure communication between the local device and another specified device.Huawei AR150&200 Series Enterprise Routers Configuration Guide . it searches for the corresponding ARP entry of the interface. When static ARP and the Virtual Router Redundancy Protocol (VRRP) are configured on the router.IP Service 1 ARP Configuration Proxy ARP within a VLAN implements the interworking between isolated users in the same VLAN. complete the pre-configuration tasks. it does not discard the ARP request packet that is destined for another interface. Pre-configuration Tasks Before configuring static ARP. If the ARP entry is found. and obtain the data required for the configuration. complete the following tasks: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. causing forwarding errors. Instead. ARPing facilitates maintenance of deployed Layer 2 features. 4 . or a VLANIF interface. 1.3.. Inter-VLAN proxy ARP implements the following functions: – Layer 3 communication between users in different VLANs – Communication between users in sub-VLANs (you must enable inter-VLAN proxy ARP on the VLANIF interface corresponding to the super-VLAN) ARPing ARPing is classified into ARP-Ping IP and ARP-Ping MAC. you must enable inter-VLAN proxy ARP on an interface associated with the VLANs.1 Establishing the Configuration Task Before configuring static ARP. ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending Internet Control Management Protocol (ICMP) packets. the interface sends the MAC address of the AR150/200 to the sender of the ARP request. Ltd. an incorrect host route is generated. ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets. They use the specified MAC address to keep attackers from modifying mappings between IP addresses and MAC addresses in static ARP entries. the IP address in a static ARP entry cannot be set to the VRRP virtual IP address on a sub-interface for dot1q VLAN tag termination. familiarize yourself with the applicable environment. Otherwise. This will help you complete the configuration task quickly and accurately. to implement communication between the two users. If an interface on the AR150/200 is enabled with inter-VLAN proxy ARP. Step 2 Run: arp static ip-address mac-address A static ARP entry is configured. No. Ltd. Procedure Step 1 Run: system-view The system view is displayed. ----End 1.2 Configuring a Static ARP Entry Static ARP entries are valid as long as the AR150/200 works properly.3. Context NOTE To configure static ARP entries for double-tagged packets. run the arp static cevid command.. run the arp static cevid command. 5 .3. Context NOTE To configure static ARP entries for double-tagged packets.Huawei AR150&200 Series Enterprise Routers Configuration Guide .3 Configuring a Static ARP Entry in a VLAN This section describes how to configure a static ARP entry in a VLAN. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.IP Service 1 ARP Configuration l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up l Setting network layer protocol parameters for the interfaces to ensure that the routing protocol status on the interfaces is Up Data Preparation To configure static ARP. Data 1 IP address and MAC address in a static ARP entry 2 Name of the VPN instance and ID of the VLAN that a static ARP entry belongs to 3 Outbound interface of ARP packets 1. you need the following data. Step 2 Run: arp static ip-address mac-address vpn-instance vpn-instance-name A static ARP entry is configured for a VPN instance. run the arp static cevid command. you must specify the outbound interface so that the packets are sent out from the specified outbound interface. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. including static ARP entries and dynamic ARP entries. Context NOTE To configure static ARP entries for double-tagged packets. l Run the display arp network net-number net-mask [ dynamic | static ] command to check ARP entries on the specified network segment.4 Configuring a Static ARP Entry in a VPN Instance To implement Layer 2 communication between devices in a VPN instance. Procedure Step 1 Run: system-view The system view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide . l Run the display arp static command to check static ARP entries. you can configure static ARP entries in the VPN instance. Ltd.5 Checking the Configuration Procedure l Run the display arp [ all ] command to check all ARP entries.3. 6 .. l Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface.3. Step 2 Run: arp static ip-address mac-address vid vlan-id interface interface-type interfacenumber A static ARP entry is configured in a VLAN. ----End 1.IP Service 1 ARP Configuration Procedure Step 1 Run: system-view The system view is displayed. ----End 1. When configuring a static ARP entry in a VLAN. Ltd. <Huawei> display arp static IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------1.1.0.1.1.102. corresponding dynamic ARP entries are deleted.118. The AR150/200 can dynamically create dynamic ARP entries.1 00e0-fc01-0000 S-118.0. <Huawei> display arp all IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------129.1 0018-2000-0083 I Vlanif11 vpna 10. You can adjust parameters of dynamic ARP entries to optimize forwarding performance of the AR150/200. and obtain the data required for the configuration. familiarize yourself with the applicable environment.118.1. 7 .1 0efc-0505-86e3 S-10/129.116 0018-2000-0083 I Eth 100.102.4.1 aa00-fcc0-1200 S-3/-----------------------------------------------------------------------------Total:3 Dynamic:0 Static:3 Interface:0 # Display all the ARP entries.1. This will help you complete the configuration task quickly and accurately. complete the following tasks: l Issue 02 (2012-03-30) Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Dynamic ARP entries are maintained dynamically by the ARP protocol. the system resolves an IP address into an Ethernet MAC address.4 0016-ecb7-a879 18 D-0 Eth -----------------------------------------------------------------------------Total:6 Dynamic:2 Static:1 Interface:3 1.1.1.1 Establishing the Configuration Task Before optimizing Dynamic ARP. 1.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1. When the aging time is reached or the interface is Down.1 0018-2000-0083 I Vlanif10 100.1.1.118 0001-0c01-3401 14 D-0 Eth 100. Applicable Environment Dynamic ARP entries are maintained dynamically by the ARP protocol. updated.1 0e00-fc01-0000 S-11. Pre-configuration Tasks Before optimizing Dynamic ARP. complete the pre-configuration tasks. or overridden by static ARP entries.IP Service 1 ARP Configuration Example # Display all the static ARP entries..0.4 Optimizing Dynamic ARP If dynamic ARP is configured. You can adjust parameters of dynamic ARP entries such as the number of ARP probes and the aging time of dynamic ARP entries to optimize forwarding performance of the AR150/200.0. They can be aged out. Ltd. Data 1 Number of the interface where dynamic ARP entries are created 2 Maximum number of ARP probes 3 Aging time of dynamic ARP entries 1. No. Procedure Step 1 Run: system-view The system view is displayed. If the AR150/200 does not receive an ARP Reply packet from the peer device after the specified number of ARP probes. Step 2 Run: interface interface-type interface-number The interface view is displayed.IP Service 1 ARP Configuration l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up l Configuring the network layer protocol on the interfaces Data Preparation To optimize Dynamic ARP. it deletes the ARP entry. When the aging time of a dynamic ARP entry is reached. Eth-Trunk interfaces. you need the following data.2 Adjusting Parameters of Dynamic ARP Entries When the AR150/200 frequently updates ARP entries. you can adjust the parameters of parameters of dynamic ARP entries on Ethernet interfaces.. you can shorten the aging time of dynamic ARP entries and the interval for ARP probes and increase the number of ARP probes. On the AR150/200. the aging time is 1200s. By default. 8 . By default. the maximum number of ARP probes is 3. Step 4 Run: arp detect-times detect-times The number of ARP probes is set. Step 3 Run: arp expire-time expire-time The aging time of dynamic ARP entries is set. and VE interfaces. VLANIF interfaces. the AR150/200 sends an ARP probe packet to the peer device periodically.4.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Step 5 (Optional) Run: arp detect-mode unicast Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.IP Service 1 ARP Configuration An interface is configured to send ARP probe packets in unicast mode. By default. an interface broadcasts ARP probe packets. 9 . Procedure Step 1 Run: system-view The system view is displayed. it has to update ARP entries repeatedly.3 Enabling ARP Suppression If the system receives a great number of ARP packets from the same source at a time. Procedure Step 1 Run: system-view The system view is displayed. ----End 1.5 Checking the Configuration You can view the dynamic ARP configuration. Step 2 Run: arp-suppress enable ARP suppression is enabled. Layer 2 topology detection is disabled. causing performance deterioration.Huawei AR150&200 Series Enterprise Routers Configuration Guide . By default. you can enable ARP suppression. Step 2 Run: l2-topology detect enable Layer 2 topology detection is enabled. ARP suppression is disabled in the system but is enabled on VLANIF interfaces. ----End 1. ----End 1.. By default.4. The system then only responds to the ARP packets but does not update ARP entries. After ARP suppression is enabled.4 Enabling Layer 2 Topology Detection Layer 2 topology detection enables the system to update all the ARP entries in the VLAN that a Layer 2 interface belongs to when the Layer 2 interface status changes from Down to Up. it takes effect for only Eth-Trunk interfaces and VLANIF interfaces. To ensure system performance. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4.4. and you can view ARP entries on Eth1/0/0.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1 # Display all the dynamic ARP entries. complete the pre-configuration tasks.5.0. and obtain the data required for the configuration.2.216.5 Configuring Routed Proxy ARP Routed proxy ARP implements communication between devices on the same network segment but on different physical networks.168.168. ----End Example # Run the display arp interface command.1 00e0-fc99-9999 I Eth-Trunk0 10.2.34 00e0-fc01-0204 I Eth2/0/0. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.210 00e0-fc01-0203 I Eth1/0/0 10.137.137.168.217.0.6.1. familiarize yourself with the applicable environment. l Run the display arp dynamic command to check dynamic ARP entries.20. including static ARP entries and dynamic ARP entries.1 00e0-fc99-9999 I Vlanif100 10..137. l Run the display arp network net-number net-mask [ dynamic | static ] command to check ARP entries on the specified network segment. l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check ARP entries on the specified interface.IP Service 1 ARP Configuration Procedure l Run the display arp [ all ] command to check all ARP entries.208 00e0-fc01-0205 16 D-0 Eth1/0/0 10.1 00e0-fc99-9999 I Vlanif200 -----------------------------------------------------------------------------Total:7 Dynamic:2 Static:0 Interface:5 1. l Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface. This will help you complete the configuration task quickly and accurately.1 Establishing the Configuration Task Before configuring routed proxy ARP. 1. 10 .Huawei AR150&200 Series Enterprise Routers Configuration Guide . <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------192.1 192.11 0000-0a41-0201 I Eth1/0/0 r1 192.217.1 0025-9e38-a09e 20 D-0 Eth1/0/0 10.1.3. Ltd. <Huawei> display arp dynamic IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------10. Step 3 Run: ip address ip-address { mask | mask-length } An IP address is configured for the interface. No.. you need the following data. Ltd. Data 1 Number of the interface where routed proxy ARP is to be enabled 2 IP address of the interface where routed proxy ARP is to be enabled 1. The IP address of the interface enabled with routed proxy ARP must be on the same network segment as the IP address of the connected host on a LAN. 11 . complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up Data Preparation To configure routed proxy ARP. you can enable routed proxy ARP to on a routing device connecting the two hosts to resolve IP addresses between the two hosts. Step 2 Run: interface interface-type interface-number [. and VLANIF interfaces. Eth-Trunk interfaces. Routed proxy ARP can be enabled on Ethernet interfaces.2 Configuring an IP Addresses for an Interface The IP address of the interface enabled with routed proxy ARP must be on the same network segment as the IP address of the connected host on a LAN. Procedure Step 1 Run: system-view The system view is displayed.subinterface-number ] The interface view is displayed.IP Service 1 ARP Configuration Applicable Environment If two hosts on different network segments are not configured with the default gateways. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5. VE interfaces. Ethernet sub-interfaces. Eth-Trunk sub-interfaces. Pre-configuration Tasks Before configuring routed proxy ARP.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The preceding interfaces and sub-interfaces are Layer 3 interfaces and sub-interfaces. Huawei AR150&200 Series Enterprise Routers Configuration Guide . <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------192. Eth-Trunk sub-interfaces. Eth-Trunk interfaces.4 Checking the Configuration After configuring routed proxy ARP. By default.3 Configuring Routed Proxy ARP Routed proxy ARP implements communication between devices on different subnets.5.. Routed proxy ARP can be enabled on Ethernet interfaces.5. Step 3 Run: arp-proxy enable Routed proxy ARP is enabled on the interface. l Run the display arp dynamic command to check dynamic ARP entries. The preceding interfaces and sub-interfaces are Layer 3 interfaces and sub-interfaces. Ltd. ----End Example # Run the display arp interface command. routed proxy ARP is disabled on an interface. 12 .1. you can view the configuration.168. and you can view ARP entries on Eth1/0/0.11 0000-0a41-0201 I Eth1/0/0 r1 192. Step 2 Run: interface interface-type interface-number The interface view is displayed.168. Procedure l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check ARP entries on the specified interface.IP Service 1 ARP Configuration 1.1. Procedure Step 1 Run: system-view The system view is displayed. l Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface. VE interfaces.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End 1. and VLANIF interfaces. Ethernet sub-interfaces. l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check ARP entries in the specified VPN instance. Huawei AR150&200 Series Enterprise Routers Configuration Guide .IP Service 1 ARP Configuration # Run the display arp vpn-instance command.10. 13 .. and you can view the statistics on ARP entries.10. <Huawei> display arp vpn-instance r1 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------10.1 Establishing the Configuration Task Before configuring intra-VLAN proxy ARP. familiarize yourself with the applicable environment. and you can view all the ARP entries in the VPN instance r1. Data 1 Number of the interface where intra-VLAN proxy ARP is to be enabled 2 IP address of the interface where intra-VLAN proxy ARP is to be enabled 3 VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.20. Pre-configuration Tasks Before configuring intra-VLAN proxy ARP. and obtain the required data. Applicable Environment If two users are connected to Layer 2 isolated interfaces in the same VLAN.6 Configuring Intra-VLAN Proxy ARP Intra-VLAN proxy ARP enables hosts that are isolated at Layer 2 in a VLAN to communicate with each other.6. 1. Issue 02 (2012-03-30) No.10.6 0018-2000-0083 I Vlanif833 -----------------------------------------------------------------------------Total:2 Dynamic:0 Static:0 Interface:2 # Run the display arp statistics command. complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Configuring a VLAN l Configuring port isolation in a VLAN Data Preparation To configure intra-VLAN proxy ARP. complete the pre-configuration tasks. you need the following data.9 0018-2000-0083 I Vlanif888 10. Ltd. you can enable intra-VLAN proxy ARP to implement Layer 3 communication between the two users. <Huawei> display arp statistics all Dynamic:1 Static:0 1. This will help you complete the configuration task quickly and accurately. run: interface vlanif vlan-id The VLANIF interface view is displayed. Step 3 Run: ip address ip-address { mask | mask-length } An IP address is configured for the interface. Step 2 Run: interface { ethernet | eth-trunk } interface-number. You can skip step when you are enabling intra-VLAN proxy ARP on the VLANIF interface. Step 2 Run: interface { ethernet | eth-trunk } interface-number.2 Configuring an IP Address for an Interface The IP address of the interface must be on the same network segment as the IP addresses in the associated VLAN.sub-interface-number The sub-interface view is displayed. Ltd.sub-interface-number The sub-interface view is displayed.IP Service 1 ARP Configuration 1.6. Procedure Step 1 Run: system-view The system view is displayed. Procedure Step 1 Run: system-view The system view is displayed. or EthTrunk sub-interfaces.6. Context NOTE You must complete this task before you enable intra-VLAN proxy ARP on Ethernet sub-interfaces. ----End 1.. 14 . The IP address of the interface must be on the same network segment as the IP addresses in the associated VLAN.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Intra-VLAN proxy ARP can be enabled on VLANIF interfaces. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3 (Optional) Configuring the VLAN ID of a Sub-interface This section describes how to configure the VLAN ID of a sub-interface. Or. Ethernet sub-interfaces. and Eth-Trunk sub-interfaces. intra-VLAN proxy ARP is disabled.4 Enabling Intra-VLAN Proxy ARP Intra-VLAN proxy ARP implements Layer 3 communication between isolated users in a VLAN. Procedure l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check ARP entries on the specified interface. Or. l Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. you can view the intra-VLAN proxy ARP configuration.sub-interface-number The sub-interface view is displayed. Step 2 Run: interface { ethernet | eth-trunk } interface-number. l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check ARP entries in the specified VPN instance. Ltd. ----End 1. ----End 1.6. run: interface vlanif vlan-id The VLANIF interface view is displayed. Procedure Step 1 Run: system-view The system view is displayed. By default..IP Service 1 ARP Configuration Step 3 Run: control-vid vid dot1q-termination The control VLAN and encapsulation mode of the sub-interface are configured.6. l Run the display arp dynamic command to check dynamic ARP entries.Huawei AR150&200 Series Enterprise Routers Configuration Guide .5 Checking the Configuration After configuring intra-VLAN proxy ARP. Step 3 Run: arp-proxy inner-sub-vlan-proxy enable Intra-VLAN proxy ARP is enabled. Step 4 Run: dot1q termination vid vid The single VLAN ID for dot1q encapsulation on a sub-interface is configured. 15 . Ltd. In a superVLAN. This technology introduces the super-VLAN and sub-VLAN. complete the pre-configuration tasks.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1 # Run the display arp vpn-instance command. <Huawei> display arp vpn-instance r1 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------10. The VLAN aggregation function allows different broadcast domains to use the same subnet address.10. A super-VLAN contains one or more sub-VLANs in different broadcast domains. To enable these hosts to communicate with each other.1.Huawei AR150&200 Series Enterprise Routers Configuration Guide . IP addresses of hosts in different sub-VLANs are on the subnet segment corresponding to the super-VLAN. Sub-VLANs use the same Layer 3 interface to communicate.6 0018-2000-0083 I Vlanif833 -----------------------------------------------------------------------------Total:2 Dynamic:0 Static:0 Interface:2 # Run the display arp statistics command.9 0018-2000-0083 I Vlanif888 10.1. and you can view ARP entries on Eth1/0/0. familiarize yourself with the applicable environment. 16 .20. A sub-VLAN does not occupy an independent subnet segment.7. This will help you complete the configuration task quickly and accurately. and obtain the data required for the configuration.7 Configuring Inter-VLAN Proxy ARP Inter-VLAN proxy ARP enables hosts in different sub-VLANs of a super-VLAN to communicate with each other. <Huawei> display arp statistics all Dynamic:1 Static:0 1. Applicable Environment The VLAN aggregation technology isolates broadcast domain by using multiple VLANs on a physical network so that different VLANs belong to the same subnet.. This reduces subnet IDs and subnet default gateway addresses. Hosts in different sub-VLANs of a super-VLAN cannot communicate with each other.1 Establishing the Configuration Task Before configuring inter-VLAN proxy ARP.168. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------192. and saves IP addresses. and you can view all the ARP entries in the VPN instance r1.168. implements flexible addressing.11 0000-0a41-0201 I Eth1/0/0 r1 192.IP Service 1 ARP Configuration Example # Run the display arp interface command. and you can view the statistics on ARP entries. you can enable inter-VLAN proxy ARP on the subinterface or VLANIF interface corresponding to the super-VLAN.10. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.10. 1. Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd. 17 .2 Configuring an IP Addresses for an Interface The IP address of the interface must be on the same network segment as the IP address of the user in a VLAN that the interface belongs to.IP Service 1 ARP Configuration Pre-configuration Tasks Before configuring inter-VLAN proxy ARP.7. Data 1 Number of the interface where inter-VLAN proxy ARP is to be enabled 2 IP address of the interface where inter-VLAN proxy ARP is to be enabled 3 VLAN ID associated with the interface to be enabled with proxy ARP between VLANs 1. Step 2 Run: interface { ethernet | eth-trunk } interface-number. Step 3 Run: ip address ip-address { mask | mask-length } An IP address is configured for the interface. you need the following data. Or. The IP address of the interface must be on the same network segment as the IP address of the user in a VLAN that the interface belongs to. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed. complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Configuring VLAN aggregation Data Preparation To configure inter-VLAN proxy ARP. Ethernet sub-interfaces.sub-interface-number The sub-interface view is displayed. No. run: interface vlanif vlan-id The VLANIF interface view is displayed. Inter-VLAN proxy ARP can be enabled on VLANIF interfaces. and Eth-Trunk sub-interfaces.. 4 Enabling Inter-VLAN Proxy ARP To implement communication between users in different sub-VLANs. Ltd. Procedure Step 1 Run: system-view The system view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Or.IP Service 1 ARP Configuration 1. Step 3 Run: control-vid vid dot1q-termination The control VLAN and encapsulation mode of the sub-interface are configured. 18 . Step 2 Run: interface { ethernet | eth-trunk } interface-number. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed. You can skip this task if you are enabling inter-VLAN proxy ARP on the VLANIF interface. run: interface vlanif vlan-id The VLANIF interface view is displayed. Context NOTE You must complete this task before you enable inter-VLAN proxy ARP on Ethernet sub-interfaces. or EthTrunk sub-interfaces.7.7..sub-interface-number The sub-interface view is displayed. ----End 1. enable inter-VLAN proxy ARP on the sub-interface corresponding to the super-VLAN. Step 4 Run: dot1q termination vid vid The single VLAN ID for dot1q encapsulation on a sub-interface is configured. Step 2 Run: interface { ethernet | eth-trunk } interface-number.sub-interface-number The sub-interface view is displayed.3 (Optional) Configuring the VLAN ID of the Sub-interface This section describes how to configure the VLAN ID of the sub-interface. and you can view all the ARP entries in the VPN instance r1. <Huawei> display arp statistics all Dynamic:1 Static:0 1. and you can view ARP entries on Eth1/0/0.IP Service 1 ARP Configuration Step 3 Run: arp-proxy inter-sub-vlan-proxy enable Inter-VLAN proxy ARP is enabled.5 Checking the Configuration After configuring inter-VLAN proxy ARP.168. l Run the display arp dynamic command to check dynamic ARP entries. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End 1.10.10.10.7. you can view the inter-VLAN proxy ARP configuration. l Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1. Procedure l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check ARP entries on the specified interface. and you can view the statistics on ARP entries.. l Run the display arp vpn-instance vpn-instance-name [ dynamic | static ] command to check ARP entries in the specified VPN instance.8 Configuring ARP-Ping IP ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------192.20. inter-VLAN proxy ARP is disabled. ----End Example # Run the display arp interface command. By default.6 0018-2000-0083 I Vlanif833 -----------------------------------------------------------------------------Total:2 Dynamic:0 Static:0 Interface:2 # Run the display arp statistics command. 19 .1. Ltd. <Huawei> display arp vpn-instance r1 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------10.11 0000-0a41-0201 I Eth1/0/0 r1 192.9 0018-2000-0083 I Vlanif888 10.168.1 0000-0a41-0200 15 D-6 Eth1/0/0 r1 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1 # Run the display arp vpn-instance command. Applicable Environment ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets. complete the following task: l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up Data Preparation To configure ARP-Ping IP. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.8. You can also use the ping command to check whether an IP address is in use. 20 . You can configure ARP-Ping IP on the device. and obtain the data required for the configuration. therefore. Procedure Step 1 Run: arp-ping ip ip-address [ interface interface-type interface-number [ vlan-id vlanid ] ] The AR150/200 is configured to check whether the IP address is in use on a LAN. If the destination host or the routing device enabled with the firewall function is configured not to respond to the ICMP Echo Request packets. The ping command uses Layer 3 packets as ICMP Echo Request packets. ensure that this IP address is not in use by sending ARP packets. ARP packets. the result of ARP-Ping IP is accurate.Huawei AR150&200 Series Enterprise Routers Configuration Guide . but the result of this method may be inaccurate. the IP address is considered unused. Before configuring an IP address for a device. No. can pass through the firewall that is configured not to reply to ICMP Echo Request packets. Data 1 IP address to be checked 1. which are Layer 2 protocol packets.2 Checking an IP Address by Using ARP-Ping IP ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP Request packets..IP Service 1 ARP Configuration 1. you need the following data. Pre-configuration Tasks Before configuring ARP-Ping IP. Consequently.8. familiarize yourself with the applicable environment. Context ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets. the destination host or the routing device does not send ICMP Reply packets. This will help you complete the configuration task quickly and accurately. complete the pre-configuration tasks.1 Establishing the Configuration Task Before configuring ARP-Ping IP. Ltd. 2 ARP-Pinging 110. complete the following task: l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up Data Preparation To configure ARP-Ping MAC. In this way.1.1 is used by 00e0-517d-f202 1. Error: Request timed out.1 ARP-Pinging 128. 1.1. [Huawei] arp-ping ip 128. the IP address is not used.1. you can obtain the IP address mapping the MAC address on the network segment. the IP address is used. and obtain the data required for the configuration.1: 128. This will help you complete the configuration task quickly and accurately. Data 1 MAC address to be checked Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. Issue 02 (2012-03-30) No.1. Info: The IP address is not used by anyone! l If the following information is displayed.1.1.1. [Huawei] arp-ping ip 110..1. you need the following data.1 Establishing the Configuration Task Before configuring ARP-Ping MAC.Huawei AR150&200 Series Enterprise Routers Configuration Guide . you can obtain the corresponding IP address by using ARP-Ping MAC to broadcast ICMP packets. complete the pre-configuration tasks.9 Configuring ARP-Ping MAC ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending Internet Control Management Protocol (ICMP) packets. Pre-configuration Tasks Before configuring ARP-Ping MAC. Ltd. Error: Request timed out.IP Service 1 ARP Configuration Example l If the following information is displayed. familiarize yourself with the applicable environment.9. Applicable Environment If you know the specific MAC address but not the corresponding IP address on a network segment. 21 .1.2: Error: Request timed out. 22 .2 MAC ADDRESS 00-E0-FC-03-02-01 1. <Huawei> arp-ping mac 00e0-fc03-0201 interface Vlanif 5 OutInterface: Vlanif5 MAC[00-E0-FC-03-02-01].Huawei AR150&200 Series Enterprise Routers Configuration Guide .. the MAC address is not used.ARP-Ping MAC statistics ----3 packet(s) transmitted 0 packet(s) received MAC[00-13-46-E7-2E-F5] not be used l If the following information is displayed. press CTRL_C to break ----.ARP-Ping MAC statistics ----1 packet(s) transmitted 1 packet(s) received IP ADDRESS 50. press CTRL_C to break Error: Request timed out Error: Request timed out Error: Request timed out ----.9.10 Maintaining ARP This section describes how to maintain ARP. the MAC address is used. <Huawei> arp-ping mac 0013-46e7-2ef5 interface Eth-Trunk 0 OutInterface: Eth-Trunk0 MAC[00-13-46-E7-2E-F5]. Ltd. 1.1. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: arp-ping mac mac-address { ip-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number } The AR150/200 is configured to check whether the MAC address is in use on a LAN.2 Checking a MAC Address by Using ARP-Ping MAC ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending ICMP packets.1 Deleting ARP Entries This section describes how to delete ARP entries.1. ----End Example l If the following information is displayed.10.IP Service 1 ARP Configuration 1. 1 0000-0a41-0200 15 D-6 Eth1/0/0 r1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. l Run the display arp network net-number net-mask [ dynamic | static ] command to check ARP entries on the specified network segment.10. Procedure Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | packet statistics | static } command in the user view to delete ARP entries. including static ARP entries and dynamic ARP entries. Context To check the ARP running status during routine maintenance. Procedure l Run the display arp [ all ] command to check all ARP entries. l Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlanid ] ] command to check ARP entries on the specified interface. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------192. l Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface. As a result. l Run the display arp dynamic command to check dynamic ARP entries. l Static ARP entries cannot be restored after being deleted.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2 Monitoring the ARP Running Status You can monitor the ARP running status by running display commands.168..11 0000-0a41-0201 I Eth1/0/0 r1 192. 23 .1. users may fail to access some devices.168. ----End Example # Run the display arp interface command. Exercise caution when you delete ARP entries. and you can view ARP entries on Eth1/0/0. l Run the display arp static command to check static ARP entries.IP Service 1 ARP Configuration Context CAUTION l After ARP entries are deleted. Exercise caution when you delete static ARP entries. run the following display commands in any view.1. ----End 1. mappings between IP addresses and MAC addresses are deleted. 0.1 Example for Configuring Static ARP Static ARP is configured to ensure communication security between enterprise departments. Hosts in the marketing department can access the Internet and are often attacked by ARP packets.210 00e0-fc01-0203 I Eth1/0/0 10. Ltd.20.1 192.1 00e0-fc99-9999 I Vlanif200 -----------------------------------------------------------------------------Total:7 Dynamic:2 Static:0 Interface:5 1.1 00e0-fc99-9999 I Eth-Trunk0 10. As a result.137.2.137.6.1 00e0-fc99-9999 I Vlanif100 10. Hosts in the headquarters office and the file backup server are allocated manually configured IP addresses.168. and hosts in departments dynamically obtain IP addresses by using DHCP. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3.1 0025-9e38-a09e 20 D-0 Eth1/0/0 10. Attackers attack the Router and modify dynamic ARP entries on the Router.216.2. and you can view all the dynamic ARP entries.217. the Router connects departments of a company and each department joins different VLANs.Huawei AR150&200 Series Enterprise Routers Configuration Guide . communication between hosts in the headquarters office and external devices is interrupted and hosts in departments fail to access the file backup server.0. Networking Requirements As shown in Figure 1-1.IP Service 1 ARP Configuration -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1 # Run the display arp dynamic command. The company requires that static ARP entries be configured on the Router so that hosts in the headquarters office can communicate with external devices and hosts in departments can access the file backup server.11 Configuration Examples 1. 24 .137.208 00e0-fc01-0205 16 D-0 Eth1/0/0 10.217. <Huawei> display arp dynamic IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC -----------------------------------------------------------------------------10..34 00e0-fc01-0204 I Eth2/0/0.11. 164.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 2.1.164.IP Service 1 ARP Configuration Figure 1-1 Network diagram for configuring static ARP entries File backup server Ethernet2/0/0 Etherent0/0/1 Router 10.10.0/24 10.164. you need the following data: l Interface connecting the Router and hosts in the headquarters office: Ethernet0/0/0 l ID of the VLAN that Ethernet0/0/0 joins: VLAN 10 l IP address of VLANIF10: 10. The IP address 10..1.1.1.3.10.0/24 VLAN 30 Configuration Roadmap The configuration roadmap is as follows: 1.0/24 (PC A with IP address 10.1 maps the MAC address 00e0-fc01-0001.2.0/24 VLAN 20 VLAN 10 R&D department 10.164. 25 .164.1. Data Preparation To complete the configuration.164.1/24 00e0-fc01-0001 PC A Etherent0/0/0 Etherent0/0/2 Headquarters office Marketing department 10.164.164.10.164.1/24 (corresponding MAC address 0df0fc01-003a) Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.164.10/24 l IP address of the file backup server: 10. Configure static ARP entries for hosts in the headquarters office on the Router to prevent ARP entries of the hosts in the headquarters office from being modified in ARP attack packets. Ltd.1 is used as an example.1.164.) l Interface connecting the Router and the file backup server: Ethernet2/0/0 l IP address of Ethernet2/0/0: 10.20/24 l Network segment where the IP addresses of hosts in the headquarters office are located: 10.1/24 0df0-fc01-003a 10. Configure a static ARP entry for the file backup server on the Router to prevent the ARP entry of the file backup server from being modified in ARP attack packets. 255. [Router] arp static 10.1 0df0-fc01-003a ----End Example The following lists the configuration file of the Router. In the static ARP entry.1/24 maps the MAC address 0df0-fc01-003a.1 0df0-fc01-003a Step 3 Verify the configuration.0 [Router-Ethernet2/0/0] quit # Configure a static ARP entry for the file backup server: The IP address 10.164. The configuration method is similar to that of PC A.164.1. Configuring a static ARP entry for PC A is used as an example. [Router] interface vlanif 10 [Router-Vlanif10] ip address 10. PCA IP address 10.164.20 255.Huawei AR150&200 Series Enterprise Routers Configuration Guide .164. [Router] interface ethernet 2/0/0 [Router-Ethernet2/0/0] ip address 10.255.1. Ltd.164.10. and the VLAN ID is 10 and the outbound interface is Ethernet0/0/0.10. # Create VLAN 10.1 maps the MAC address 00e0-fc01-0001.10 255.0 [Router-Vlanif10] quit # Configure static ARP entries for hosts in the headquarters office. Step 2 Configure a static ARP entry for the file backup server on the Router. 26 .255. <Router> display current-configuration | include arp arp static 10.1..10.1 00e0-fc01-0001 vid 10 interface ethernet 0/0/0 arp static 10.1.164.2 00e0-fc01-0002 vid 10 interface ethernet 0/0/0 arp static 10. [Router] arp static 10.1. # Configure an IP address for Ethernet2/0/0. <Huawei> system-view [Huawei] sysname Router [Router] vlan 10 [Router-vlan10] quit # Add Ethernet0/0/0 to VLAN 10.3 00e0-fc01-0003 vid 10 interface ethernet 0/0/0 arp static 10.IP Service 1 ARP Configuration Procedure Step 1 Configure static ARP entries for the host in the headquarters office on the Router.255.164.164.164.1 00e0-fc01-0001 vid 10 interface ethernet 0/0/0 # Configure static ARP entries for other hosts in the headquarters office. # Run the display current-configuration command to view static ARP entries. [Router] interface ethernet 0/0/0 [Router-Ethernet0/0/0] port hybrid tagged vlan 10 # Configure an IP address for VLANIF 10.10.1. # sysname Router # vlan batch 10 20 30 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.164. 164.1 0df0-fc01-003a # return 1.2 00e0-fc01-0002 vid 10 interface ethernet 0/0/0 arp static 10.10.0/16.255. Hosts of branches are not configured with default gateway addresses.10. NOTE AR150/200 is RouterA or RouterB.164.255.2. branch A and branch B of a company are located in different cities. Ltd.Huawei AR150&200 Series Enterprise Routers Configuration Guide .255.16.1. Branch A and branch B belong to different broadcast domains.0 # interface Ethernet 2/0/0 ip address 10.2 Example for Configuring Routed Proxy ARP Routed proxy ARP implements communication between the two branches on the same network segment but on different physical networks.0.IP Service 1 ARP Configuration # interface Ethernet 0/0/0 port hybrid tagged vlan 10 # interface Ethernet 0/0/1 port hybrid tagged vlan 20 # interface Ethernet 0/0/2 port hybrid tagged vlan 30 ## interface Vlanif 10 ip address 10.2 255.2/16 0000-5e33-ee20 Issue 02 (2012-03-30) Host B 172.1.16.1. Networking Requirements As shown in Figure 1-2.3 00e0-fc01-0003 vid 10 interface ethernet 0/0/0 arp static 10. Figure 1-2 Network diagram for configuring routed proxy ARP RouterA RouterD RouterC RouterB Internet Etherent0/0/0 Etherent0/0/0 VLAN10 Branch A VLAN20 Branch B Host A 172. multiple routing devices are deployed between branches and routes are reachable.164. therefore.16.2..10 255. The company requires that branch A and branch B communicate without changing the host configurations. IP addresses of the routing devices are on the same network segment 172.1. 27 .164.164.1 00e0-fc01-0001 vid 10 interface ethernet 0/0/0 arp static 10. they cannot communicate across network segments. therefore.2.255. they cannot communicate on a LAN.2/16 0000-5e33-ee10 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.11.0 # arp static 10. 16. Ltd. Add the interface connecting RouterA and branch A to VLAN 10 and add the interface connecting RouterB and branch B to VLAN 20.2. 28 . Step 3 Verify the configuration.16.2. <Huawei> system-view [Huawei] sysname RouterA [RouterA] vlan 10 [RouterA-vlan10] quit # Add Ethernet0/0/0 to VLAN 10. you need the following data: l Ethernet0/0/0 connecting RouterA and branch A l Ethernet0/0/0 connecting RouterB and branch B l IP address 172.16.1/24 of VLANIF 20 l MAC address 00e0-fc39-80bb of VLANIF 20 Procedure Step 1 Configure RouterA. [RouterA] interface ethernet 0/0/0 [RouterA-Ethernet0/0/0] port link-type access [RouterA-Ethernet0/0/0] port default vlan 10 [RouterA-Ethernet0/0/0] quit # Configure an IP address for VLANIF 10.16.IP Service 1 ARP Configuration Configuration Roadmap The configuration roadmap is as follows: 1. Data Preparation To complete the configuration.1 255.Huawei AR150&200 Series Enterprise Routers Configuration Guide . C:\Documents and Settings\Administrator>ping 172. Enable routed proxy ARP on VLANIF interfaces of branch A and branch B to implement communication between the two branches.16.2/16 in branch A and select host B at 172.1.2.16.2.1. [RouterA-Vlanif10] arp-proxy enable [RouterA-Vlanif10] quit Step 2 Configure RouterB. The configuration of RouterB is similar to that of RouterA. # Select host A at 172.2: bytes=56 Sequence=1 ttl=255 time=10 ms Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1/24 of VLANIF 10 l MAC address 00e0-fc39-80aa of VLANIF 10 l IP address 172.2.255..16.2: 56 data bytes.255.0 # Enable routed proxy ARP on VLANIF 10. # Create VLAN 10. [RouterA] interface vlanif 10 [RouterA-Vlanif10] ip address 172. 2. press CTRL_C to break Reply from 172.2 PING 172. Ping the IP address of host B from host A.16.2/16 in branch B. 1 255. Ltd.00% packet loss round-trip min/avg/max = 10/10/10 ms # View the ARP table of host A.2 00e0-fc39-80aa dynamic ----End Configuration Files Configuration file of RouterA # sysname RouterA # vlan batch 10 # interface Vlanif 10 ip address 172. C:\Documents and Settings\Administrator>arp -a Interface: 172.0 arp-proxy enable # interface ethernet 0/0/0 port link-type access port default vlan 10 # return Configuration file of RouterB # sysname RouterB # vlan batch 20 # interface Vlanif 20 ip address 172.1.16.2. 29 .16. You can see that the MAC address of host B is the MAC address of VLANIF 10.172.16.16.2.2: 172.16.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2: 172.16.2.IP Service Reply Reply Reply Reply from from from from 172.255. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.16.255.2.0 arp-proxy enable # interface ethernet 0/0/0 port link-type access port default vlan 20 # return 1.2.2: 1 ARP Configuration bytes=56 bytes=56 bytes=56 bytes=56 Sequence=2 Sequence=3 Sequence=4 Sequence=5 ttl=255 ttl=255 ttl=255 ttl=255 time=10 time=10 time=10 time=10 ms ms ms ms --.2: 172.11.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.3 Example for Configuring Intra-VLAN Proxy ARP Intra-VLAN proxy ARP implements Layer 3 communication between enterprise departments in a VLAN to prevent broadcast storms.1 255.255.2.16.0x2 Internet Address Physical Address Type 172.2 --.255..16.2. <Huawei> system-view [Huawei] sysname Router [Router] vlan 10 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Hosts of the accounting department are attacked by viruses when they access the Internet..1.1.1. 2. The attacked hosts send a large number of broadcast packets.IP Service 1 ARP Configuration Networking Requirements As shown in Figure 1-3. The company requires that broadcast storms be prevented to ensure communication between hosts and information security.10/24 VLAN 10 Accounting Department Configuration Roadmap The configuration roadmap is as follows: 1. Ltd. Data Preparation To complete the configuration. Enable intra-VLAN proxy ARP on the VLANIF interface to prevent broadcast storms and Layer 3 communication between hosts in the accounting department. Even hosts cannot communicate. 30 .1. Configure port isolation on the downstream interface of the Router to forbid Layer 2 communication and remove broadcast storms. you need the following data: l Interface connecting the Router and the accounting department: Ethernet0/0/0 l ID of the VLAN that Ethernet0/0/0 joins: VLAN 10 l IP address of VLANIF10: 100.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1. # Create VLAN 10. causing broadcast storms in the VLAN. hosts of the accounting department are located in a VLAN.1.12/24 Procedure Step 1 Add Ethernet0/0/0 to VLAN 10.100/24 100. Figure 1-3 Networking diagram of intra-VLAN proxy ARP Router Ethernet0/0/0 PC B PC A 100. Huawei AR150&200 Series Enterprise Routers Configuration Guide .00% packet loss round-trip min/avg/max = 10/10/10 ms ----End Configuration Files Configuration file of the Router # sysname Router # vlan batch 10 # interface Vlanif 10 ip address 100.1.100: Reply from 100. 31 ..1.255. [Router] interface vlanif 10 [Router-Vlanif10] ip address 100. Step 4 Enable intra-VLAN proxy ARP on VLANIF 10. [Router] interface ethernet 0/0/0 [Router-Ethernet0/0/0] port hybrid tagged vlan 10 # Configure an IP address for VLANIF 10.100: Reply from 100.1.1.1.12 255.1. Create VLAN 10 on the Router and add all interfaces to VLAN 10.255. each PC and the Router can be pinged successfully. # Ping PC A and PC B.1.1.100 PING 100.1.100.255.100 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.0 arp-proxy inner-sub-vlan-proxy enable # interface ethernet 0/0/0 port hybrid tagged vlan 10 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. [Router] ping 100.1.1.1. press CTRL_C bytes=56 Sequence=1 bytes=56 Sequence=2 bytes=56 Sequence=3 bytes=56 Sequence=4 bytes=56 Sequence=5 to break ttl=255 time=10 ttl=255 time=10 ttl=255 time=10 ttl=255 time=10 ttl=255 time=10 ms ms ms ms ms --. [Router] interface vlanif 10 [Router-Vlanif10] arp-proxy inner-sub-vlan-proxy enable [Router-Vlanif10] quit Step 5 Verify the configuration.1.100: 56 data Reply from 100. The configuration details are not mentioned here.100: bytes.1. however.0 [Router-Vlanif10] quit Step 2 Configure the Router. Step 3 Configure IP addresses for PCs.100: Reply from 100. # Configure IP addresses for PCs and ensure that their IP addresses and the IP address of VLANIF10 are on the same network segment.1. They can be pinged successfully.1. PCs. # After the configuration is complete.1.1. cannot be pinged.255.1. Configure isolation for downstream interfaces connected to users.1. Ltd.12 255.100: Reply from 100.IP Service 1 ARP Configuration [Router-vlan10] quit # Add Ethernet0/0/0 to VLAN 10. IP Service 1 ARP Configuration # return 1. configure inter-VLAN proxy ARP. sub-VLANs VLAN 2 and VLAN 3 compose super-VLAN 4.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Data Preparation To complete the configuration. Create and configure the super-VLAN and sub-VLANs. Figure 1-4 Network diagram for configuring inter-VLAN proxy ARP Router VLAN2 VLAN3 VLAN4 VLAN2 VLAN3 Configuration Roadmap The configuration roadmap is as follows: 1. Create a VLANIF interface corresponding to the super-VLAN and assign an IP address to the VLANIF interface. Enable inter-VLAN proxy ARP. Add interfaces to the sub-VLANs. 32 . To implement communication between hosts in VLAN 2 and VLAN 3. you need the following data: l IDs of the super-VLAN and sub-VLANs l Sub-VLAN 2 that Ethernet0/0/0 and Ethernet0/0/1 belong to l Sub-VLAN 3 that Ethernet0/0/2 and Ethernet0/0/3 belong to Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.11. Ltd. 4.4 Example for Configuring Inter-VLAN Proxy ARP Networking Requirements As shown in Figure 1-4. 2. 3.. Hosts in VLAN 2 and VLAN 3 cannot ping each other. 255.0 of the VLANIF interface corresponding to the super-VLAN Procedure Step 1 Create and configure the super-VLAN and sub-VLANs. <Huawei> system-view [Huawei] sysname Router [Router] vlan 2 [Router-vlan2] quit # Add Ethernet0/0/0 and Ethernet0/0/1 to sub-VLAN 2. [Router] interface ethernet [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] quit [Router] interface ethernet [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] quit 0/0/0 link-type access default vlan 2 0/0/1 link-type access default vlan 2 # Create sub-VLAN 3. # Create sub-VLAN 2.IP Service l 1 ARP Configuration IP address 10. [Router-Vlanif4] arp-proxy inter-sub-vlan-proxy enable [Router-Vlanif4] quit Step 4 Verify the configuration. [Router] interface vlanif 4 # Configure an IP address for VLANIF 4. and you can view the configuration of the super-VLAN. and VLANIF interface.255. [Router] interface ethernet [Router-Ethernet0/0/2] port [Router-Ethernet0/0/2] port [Router-Ethernet0/0/2] quit [Router] interface ethernet [Router-Ethernet0/0/3] port [Router-Ethernet0/0/3] port [Router-Ethernet0/0/3] quit 0/0/2 link-type access default vlan 3 0/0/3 link-type access default vlan 3 # Create super-VLAN 4 and add sub-VLAN 2 and sub-VLAN 3 to super-VLAN 4. 33 . Ltd.1 24 Step 3 Enable inter-VLAN proxy ARP on VLANIF 4. [Router-Vlanif4] ip address 10.Huawei AR150&200 Series Enterprise Routers Configuration Guide .10. sub-VLANs. [Router] vlan 4 [Router-vlan4] aggregate-vlan [Router-vlan4] access-vlan 2 [Router-vlan4] access-vlan 3 [Router-vlan4] quit Step 2 Create and configure VLANIF 4. and you can view all the ARP entries.1 and mask 255.10. [Router] vlan 3 [Router-vlan3] quit # Add Ethernet0/0/2 and Ethernet0/0/3 to sub-VLAN 3. # Run the display arp command. # Run the display current-configuration command.10.10. # Create VLANIF 4.. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. To view changes of ARP entries.10.4 00e0-fc00-0004 19 D-0 Ethernet0/0/2 3/10.10.IP Service 1 ARP Configuration <Router> display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN -----------------------------------------------------------------------------10.10.10.10.10. configure Layer 2 topology detection.5 00e0-fc00-0005 19 D-0 Ethernet0/0/3 3/-----------------------------------------------------------------------------Total:5 Dynamic:4 Static:0 Interface:1 ----End Example The following lists only the configuration file of the Router.3 00e0-fc00-0003 19 D-0 Ethernet0/0/1 2/10.Huawei AR150&200 Series Enterprise Routers Configuration Guide .10.11..10.1 0018-2000-0083 I Vlanif4 10. # sysname Router # vlan batch 2 to 4 # vlan 4 aggregate-vlan access-vlan 2 to 3 # interface Vlanif4 ip address 10.255.10. two Ethernet interfaces are added to VLAN 100 in default mode. 34 .10.10.2 00e0-fc00-0002 19 D-0 Ethernet0/0/0 2/10. Ltd.5 Example for Configuring Layer 2 Topology Detection Networking Requirements As shown in Figure 1-5.10.255.1 255.0 arp-proxy inter-sub-vlan-proxy enable # interface ethernet 0/0/0 port link-type access port default vlan 2 # interface ethernet 0/0/1 port link-type access port default vlan 2 # interface ethernet 0/0/2 port link-type access port default vlan 3 # interface ethernet 0/0/3 port link-type access port default vlan 3 # return 1. 1.1. # Create VLAN 100 and configure an IP addresses for the VLANIF interface.1. 35 .1/24 Etherent 0/0/1 VLANIF100 10.2/24 VLAN100 PC B 10.1. Ltd.Huawei AR150&200 Series Enterprise Routers Configuration Guide .3/24 Configuration Roadmap The configuration roadmap is as follows: 1. Data Preparation To complete the configuration.1. 2.1. Add two Ethernet interfaces to VLAN 100 in default mode. you need the following data: l Types and numbers of the interfaces to be added to a VLAN l IP addresses of the VLANIF interface and the PCs Procedure Step 1 Create VLAN 100 and add the two Ethernet interfaces on the Router to VLAN 100 in default mode. [Router] interface ethernet [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] quit [Router] interface ethernet [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] quit Issue 02 (2012-03-30) 0/0/0 link-type access default vlan 100 0/0/1 link-type access default vlan 100 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Enable Layer 2 topology detection to view changes of ARP entries. <Huawei> system-view [Huawei] sysname Router [Router] vlan 100 [Router-vlan100] quit [Router] interface vlanif 100 [Router-vlanif100] ip address 10.2 24 [Router-vlanif100] quit # Add the two Ethernet interfaces to VLAN 100 in default mode.IP Service 1 ARP Configuration Figure 1-5 Network diagram for configuring Layer 2 topology detection Router Etherent 0/0/0 PC A 10..1.1. 3 00e0-de24-bf04 20 D-0 Ethernet0/0/1 ----------------------------------------------------------------------------Total:3 Dynamic:2 Static:0 Interface:1 # Run the shutdown and undo shutdown commands on Ethernet0/0/0 and view the aging time of ARP entries.1.2 00e0-c01a-4900 I Vlanif100 10.1.1.IP Service 1 ARP Configuration Step 2 Enable Layer 2 topology detection.1.1. [Router-Ethernet0/0/0] display arp all IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN ---------------------------------------------------------------------------10.1 00e0-c01a-4901 20 D-0 Ethernet0/0/0 10.1.1.2 00e0-c01a-4900 I Vlanif100 10. # View ARP entries on the Router. Ltd.1.1. the aging time is restored to be the default value. You can see that the Router has learned the MAC address of the PC.1. the Router sends an ARP probe packet for updating ARP entries.1.2 00e0-c01a-4900 I Vlanif100 10. the aging time of ARP entries learned from Ethernet0/0/1 changes to 0.1.. # When the aging time is 0. ----End Configuration Files Configuration file of the Router # sysname Router # l2-topolgy detect enable Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1. After Ethernet0/0/0 is enabled and becomes Up. the ARP entries learned from Ethernet0/0/1 are deleted after Ethernet0/0/0 is shut down. [Router] l2-topology detect enable Step 3 Restart Ethernet 0/0/0 and view changes of ARP entries and aging time. [Router] display arp all IP ADDRESS MAC ADDRESS INSTANCE EXPIRE(M) TYPE INTERFACE VPN- VLAN/CEVLAN PVC ----------------------------------------------------------------------------10.3 00e0-de24-bf04 0 D-0 Ethernet0/0/1 -----------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1 NOTE According to the preceding information. [Router] interface ethernet 0/0/0 [Router-Ethernet0/0/0] shutdown [Router-Ethernet0/0/0] undo shutdown [Router-Ethernet0/0/0] display arp all IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC ---------------------------------------------------------------------------10. 1200s. 36 .Huawei AR150&200 Series Enterprise Routers Configuration Guide .3 00e0-de24-bf04 20 D-0 Ethernet0/0/1 ---------------------------------------------------------------------------Total:2 Dynamic:1 Static:0 Interface:1 NOTE After ARP entries are updated. Huawei AR150&200 Series Enterprise Routers Configuration Guide ..1.IP Service 1 ARP Configuration # vlan batch 100 # interface Vlanif100 ip address 10.255.2 255.1.255. 37 .0 # interface Ethernet 0/0/0 port link-type access port default vlan 100 # interface Ethernet 0/0/1 port link-type access port default vlan 100 # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. 2. 2.3 Configuring IP Addresses for an Interface This section describes how to configure IP addresses for an interface.4 Configuring IP Address Unnumbered on an Interface This section describes how to configure IP address unnumbered. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.5 Configuration Examples This section provides several IP address configuration examples..Huawei AR150&200 Series Enterprise Routers Configuration Guide . 2.IP Service 2 2 IP Address Configuration IP Address Configuration About This Chapter This chapter describes how to configure Internet protocol (IP) addresses for network devices so that they can communicate.1 IP Address Overview This section describes the concept of IP addresses. 2. 2.2 IP Addresses Supported by the AR150/200 This section describes the methods for setting IP addresses for the AR150/200. 38 . . Applicable Environment To run IP services on an interface. you must configure IP addresses for the interface. After a 31-bit address mask is configured.1 Establishing the Configuration Task Before configuring IP addresses for an interface. For example. The AR150/200 supports the 32-bit address mask on a loopback interface. the AR150/200 supports the 31-bit address mask on a P2P interface. It consists of a network ID and a host ID. Ltd.3. and obtain the data required for the configuration. the secondary IP addresses need to be configured for the interface. an interface needs only the primary IP address. and hosts on this physical network belong to two network Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1 IP Address Overview This section describes the concept of IP addresses. Hosts on an IP network use IP addresses to communicate with each other. an interface of the AR150/200 is connects to a physical network. The AR150/200 supports the following methods for setting IP addresses: l Setting static IP addresses for interfaces manually l Configuring an interface to borrow an IP address from another interface l Using the IP address negotiation function of PPP to assign IP addresses to interfaces To save IP addresses. 2. 2.3 Configuring IP Addresses for an Interface This section describes how to configure IP addresses for an interface. An IP address is a 32-bit address that identifies every computer or web server on the Internet. This will help you complete the configuration task quickly and accurately. one of which is the primary IP address and the others are secondary IP addresses. 39 .2 IP Addresses Supported by the AR150/200 This section describes the methods for setting IP addresses for the AR150/200.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Both the addresses are called host addresses. 2. complete the pre-configuration tasks. familiarize yourself with the applicable environment.IP Service 2 IP Address Configuration 2. Each interface of the AR150/200 can be allocated multiple IP addresses. In special cases. they reside on the same network regardless of their physical locations. The network ID identifies a network and the host ID identifies a specific network device on the network. If multiple network devices have the same network ID. Generally. there are two IP addresses on a subnet: the subnet address and the broadcast address of the subnet. NOTE IP addresses refer to IPv4 addresses in this document. 2 Configuring a Primary IP Address for an Interface An interface has only one primary IP address. the new IP address overrides the original one. No.3. 40 .IP Service 2 IP Address Configuration segments.Huawei AR150&200 Series Enterprise Routers Configuration Guide . To allow the AR150/200 to communicate with all the hosts on the physical network. If you configure a new primary address on an interface that already has a primary IP address. An interface has only one primary IP address. complete the following tasks: l Connecting interfaces and setting physical parameters of each interface so that the physical status of the interfaces is Up l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up Data Preparation To configure IP addresses for an interface. NOTE Layer 2 interfaces on the AR150/200 cannot be allocated IP addresses. Ltd. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. you need the following data. Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: ip address ip-address { mask | mask-length } A primary IP address is configured for the interface. Step 2 Run: interface interface-type interface-number The interface view is displayed. Data 1 Number of the interface 2 Primary IP address and subnet mask of the interface 3 (Optional) Secondary IP address and subnet mask of the interface 2. configure a primary IP address and a secondary IP address for the interface. Pre-configuration Tasks Before configuring IP addresses for an interface. Huawei AR150&200 Series Enterprise Routers Configuration Guide . sent packets: forwarded packets: 0.3 (Optional) Configuring a Secondary IP Address for an Interface If an interface needs to communicate with hosts on different network segments. dropped packets: ARP packet input number: 52872 Request packet: 52852 Reply packet: 20 Unknown packet: 0 Internet Address is 10.. configure secondary IP addresses for the interface. <Huawei> display ip interface ethernet 1/0/0 Ethernet1/0/0 current state : UP Line protocol current state : UP The Maximum Transmit Unit : 1500 bytes input packets : 11022. repeat this step.137.255 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.210/23 Broadcast address : 10. Ltd. l Run the display ip interface brief [ interface-type [ interface-number ] ] command to check brief information about the interface IP address. bytes : 533292. To configure multiple secondary IP addresses for an interface.3. Procedure Step 1 Run: system-view The system view is displayed. ----End Example # Run the display ip interface command to view information about the IP address on Ethernet1/0/0.3.217. Each interface can be configured with a maximum of 31 secondary IP addresses. ----End 2.4 Checking the Configuration Procedure l Run the display ip interface [ interface-type interface-number ] command to check information about the interface IP address.137. multicasts : 0 Directed-broadcast packets: received packets: 1796. 0 0 41 . multicasts : 0 output packets : 9634. Step 3 Run: ip address ip-address { mask | mask-length } sub A secondary IP address is configured for the interface. Step 2 Run: interface interface-type interface-number The interface view is displayed.217.IP Service 2 IP Address Configuration 2. bytes : 660443. . you need the following data. complete the pre-configuration tasks. You can configure the interface to borrow an IP address from another interface.137. Pre-configuration Tasks Before configuring IP address unnumbered on an interface.4 Configuring IP Address Unnumbered on an Interface This section describes how to configure IP address unnumbered.IP Service TTL being 1 packet number: TTL invalid packet number: ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: 2 IP Address Configuration 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 # Run the display ip interface brief command to view brief information about the IP address on Ethernet1/0/0. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. If an interface is seldom used.210/23 Physical up Protocol up 2. a fixed IP address is unnecessary. <Huawei> display ip interface brief ethernet 1/0/0 *down: administratively down (l): loopback (s): spoofing Interface IP Address/Mask Ethernet1/0/0 10.Huawei AR150&200 Series Enterprise Routers Configuration Guide .217. Ltd. complete the following tasks: l Setting physical attributes of the IP unnumbered interface and the interface from which an IP address will be borrowed l Setting link layer protocols of the IP unnumbered interface and the interface from which an IP address will be borrowed Data Preparation To configure IP address unnumbered on an interface. 42 .4. familiarize yourself with the applicable environment. 2. This will help you complete the configuration task quickly and accurately.1 Establishing the Configuration Task Before configuring IP address unnumbered. an interface needs to be configured to borrow an IP address from another interface to save IP addresses. Applicable Environment In some application environments. and obtain the data required for the configuration. 43 . 2. Step 2 Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. The interface can be an Ethernet interface. The procedure for configuring a static route to the peer device is not mentioned here.3 Configuring IP Address Unnumbered on an Interface Procedure Step 1 Run: system-view The system view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide . configure a static route to the peer device. an Eth-Trunk interface. a loopback interface. Step 2 Run: interface interface-type interface-number The view of the interface from which an IP address will be borrowed is displayed. Data 1 Number. If you configure a new primary address on an interface that already has a primary IP address. IP address.4. Step 3 Run: ip address ip-address { mask | mask-length } A primary IP address is configured for the interface from which an IP address will be borrowed.IP Service 2 IP Address Configuration No.. and mask of the interface from which an IP address will be borrowed 2 Number of the IP unnumbered interface NOTE Only the configurations related to IP address unnumbered are described here. To implement communication between the AR150/200 and the peer device. The IP unnumbered interface cannot be enabled with dynamic routing protocols because it does not have an IP address itself. or a VLANIF interface. An interface has only one primary IP address. the new IP address overrides the original one. ----End 2.4.2 Configuring a Primary IP Address for the Interface from Which an IP Address Will Be Borrowed Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: ip address unnumbered interface interface-type interface-number The IP unnumbered interface is configured to borrow an IP address from the specified interface. bytes : 0.45/24) Broadcast address : 202. multicasts : 0 output packets : 0.117.. using address of LoopBack0(202.4.4 Checking the Configuration Procedure l Run the display ip interface [ interface-type interface-number ] command to check information about the interface IP address. sent packets: 0 forwarded packets: 0. dropped packets: 0 ARP packet input number: 0 Request packet: 0 Reply packet: 0 Unknown packet: 0 Internet Address is unnumbered. Line protocol current state : DOWN The Maximum Transmit Unit : 1500 bytes input packets : 0. bytes : 0. tunnel interfaces.23. Ethernet interfaces can borrow IP addresses from loopback interfaces.23. <Huawei> display ip interface ethernet 2/0/0 Ethernet2/0/0 is standby.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 44 . ----End 2. ATM interfaces. ----End Example # Run the display ip interface command to view information about Eth2/0/0 borrowing an IP address from LoopBack0. and interfaces encapsulated with the Point-to-Point Protocol (PPP) or High-level Data Link Control (HDLC) can borrow IP addresses from other types of interfaces.IP Service 2 IP Address Configuration interface interface-type interface-number The IP unnumbered interface view is displayed.255 TTL being 1 packet number: 0 TTL invalid packet number: 0 ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. multicasts : 0 Directed-broadcast packets: received packets: 0.117. P2P sub-interfaces encapsulated with frame relay (FR) can borrow IP addresses from other types of interfaces. l Run the display ip interface brief [ interface-type [ interface-number ] ] command to check brief information about the interface IP address. 2.2.0/24 Configuration Roadmap The configuration roadmap is as follows: 1.16.16. 2.0/24 Ethernet 0/0/0 172.16. Data Preparation To complete the configuration. Plan IP addresses for interfaces.5 Configuration Examples This section provides several IP address configuration examples.1/24 172.1 Example for Configuring Primary and Secondary IP Addresses for an Interface Networking Requirements As shown in Figure 2-1.1.2.IP Service 2 IP Address Configuration Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: 0 0 0 0 0 0 0 0 0 2.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2. two hosts belong to network segment 172.1. The Router is required to access the two network segments. Ethernet0/0/0 on the Router is connected to a LAN. you need the following data: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0/24 and another two hosts belong to network segment 172. Configure the primary and secondary IP addresses for an interface.16. On the LAN. 45 .1/24 sub 172.16.5.. Figure 2-1 Network diagram for configuring IP addresses Router 172. Ltd.1.16.0/24. 16. <Router> ping 172.2: bytes=56 Sequence=4 ttl=128 time=26 Reply from 172.1..2 Example for Configuring IP Address Unnumbered on an Interface Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. Ltd.16. The ping operation succeeds.2.2. 46 .16.00% packet loss round-trip min/avg/max = 25/26/27 ms ms ms ms ms ms Ping a host on network segment 172.2.16.2: bytes=56 Sequence=1 ttl=128 time=25 Reply from 172.2.2: bytes=56 Sequence=5 ttl=128 time=26 --.1.16.1. press CTRL_C to break Reply from 172.2: bytes=56 Sequence=4 ttl=128 time=26 Reply from 172.IP Service l Primary IP address and subnet mask of the interface l Secondary IP address and subnet mask of the interface 2 IP Address Configuration Procedure Step 1 Configure primary and secondary IP addresses for Ethernet0/0/0 on Router.172.0 sub # return 2.1 24 sub Step 2 Verify the configuration.2: bytes=56 Sequence=1 ttl=128 time=25 Reply from 172.16.0 from the Router.16.172.1 255.16.1.16.2 PING 172.2: bytes=56 Sequence=3 ttl=128 time=26 Reply from 172.255.1.2 PING 172.16.1.1.2.Huawei AR150&200 Series Enterprise Routers Configuration Guide .5.2: bytes=56 Sequence=5 ttl=128 time=26 --.16. <Huawei> system-view [Huawei] sysname Router [Router] interface ethernet 0/0/0 [Router-Ethernet0/0/0] ip address 172.16.16.16.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.255. <Router> ping 172.2.16.2: bytes=56 Sequence=2 ttl=128 time=27 Reply from 172.2: bytes=56 Sequence=2 ttl=128 time=26 Reply from 172. # Ping a host on network segment 172.1 255.2: 56 data bytes.2: 56 data bytes.16.1 24 [Router-Ethernet0/0/0] ip address 172.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. press CTRL_C to break Reply from 172.2.00% packet loss round-trip min/avg/max = 25/25/26 ms ms ms ms ms ms ----End Configuration Files Configuration file of the Router # sysname Router # interface 0/0/0 ip address 172. The ping operation succeeds.16.16.16.0 ip address 172.2: bytes=56 Sequence=3 ttl=128 time=26 Reply from 172.0 from the Router.1.16.2.255.255.2.16.1.2.16. Procedure Step 1 Configure RouterA. Tunnel0/0/1 of RouterA and Tunnel0/0/1 of RouterC are seldom used.. l On RouterC. l Configure OSPF.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Tunnel0/0/1 of RouterA is required to borrow the IP address of Loopback0 on RouterA. Ltd.9.IP Service 2 IP Address Configuration Context As shown in Figure 2-2.6. 47 . you need the following data: l IP address of Loopback0 on RouterA l IP address of Loopback0 on RouterC NOTE This example provides only the configurations of IP address unnumbered. configure Tunnel0/0/1 to borrow the IP address of Loopback0.6/32 RouterA Tunnel Tunnel 0/0/1 Tunnel 0/0/1 PC 1 PC 2 Configuration Roadmap The configuration roadmap is as follows: l Configure IP addresses for Loopback0 interfaces on RouterA and RouterC. To save IP addresses. and Tunnel0/0/1 of RouterC is required to borrow the IP address of Loopback0 on RouterC. # Configure an IP address for Loopback0. <Huawei> system-view [Huawei] sysname RouterA Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Data Preparation To complete the configuration. configure Tunnel0/0/1 to borrow the IP address of Loopback0.9/32 LoopBack 0 6.6. Figure 2-2 Network diagram of IP address unnumbered RouterB RouterC LoopBack 0 9. Tunnel0/0/1 of RouterA connects to RouterC by a tunnel. l On RouterA.9. 6 32 [RouterA-LoopBack0] quit # Configure OSPF. <RouterA> display ip interface Tunnel 0/0/1 Tunnel0/0/1 current state : UP Line protocol current state : DOWN The Maximum Transmit Unit : 1500 bytes input packets : 0.6.6 255. [RouterA] interface tunnel 0/0/1 [RouterA-Tunnel0/0/1] ip address unnumbered interface loopback 0 [RouterA-Tunnel0/0/1] quit Step 2 Configure RouterC.0. sent packets: 0 forwarded packets: 0. using address of LoopBack0(6.0. Ltd.0.6.Huawei AR150&200 Series Enterprise Routers Configuration Guide .6. dropped packets: 0 Internet Address is unnumbered. multicasts : 0 Directed-broadcast packets: received packets: 0.6.255 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.225. [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0. The configuration of RouterC is similar to that of RouterA.255. bytes : 0.0] network 6.0.6.0 [RouterA-ospf-1-area-0.6. bytes : 0.6.0.IP Service 2 IP Address Configuration [RouterA] interface loopback 0 [RouterA-LoopBack0] ip address 6. multicasts : 0 output packets : 0.6 0.6 TTL being 1 packet number: 0 TTL invalid packet number: 0 ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 ----End Configuration Files l Configuration file of RouterA # sysname RouterA # interface LoopBack0 ip address 6. Step 3 Verify the configuration.6.0.6. 48 .6. # Check the configuration on Tunnel0/0/1 of RouterA. and is not mentioned here.0] quit [RouterA-ospf-1] quit # Configure Tunnel0/0/1 to borrow the IP address of Loopback0..6/32) Broadcast address : 6. 0.225.0.9 0.0.6.0 network 9.0.0.255 # interface Tunnel 0/0/1 ip address unnumbered interface LoopBack0 # ospf 1 area 0.9 255.IP Service 2 IP Address Configuration # interface Tunnel 0/0/1 ip address unnumbered interface LoopBack0 # ospf 1 area 0.0.0 network 6.0 # return l Configuration file of RouterC # sysname RouterC # interface LoopBack0 ip address 9.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 49 .6 0.9.9.6.9.255.9.0.0. Ltd..0 # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 2 IPv6 Supported by the AR150/200 The basic functions of IPv6 include IPv6 address configuration. ICMP Router Discovery messages. packets do not have to be fragmented during transmission and loads on intermediate devices are reduced.7 Configuring TCP6 By setting TCP6 packets. 3. router advertisement. you can improve the performance of the network. IPv6 neighbor discovery. Detailed operations include deleting information about IPv6 operation and monitoring IPv6 operation. In this manner.6 Configuring PMTU By setting the PMTU. and introduces neighbor reachability detection. 3. 3. and Path MTU (PMTU) configuration.3 Configuring an IPv6 Address for an Interface Assigning an IPv6 address to a device on a network enables the device to communicate with the other devices on the network.5 Configuring IPv4/IPv6 Dual Stacks To establish an IPv6 over IPv4 tunnel.4 Configuring IPv6 Neighbor Discovery IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship between neighboring nodes. you can select a proper MTU for packet transmission. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 3. 3. Ltd. you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network. ICMPv6 packet control. network resources are used more efficiently and the network throughput reaches the optimal value.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 50 . 3. 3. 3. The IPv6 protocol stack is a support for routing protocols and application protocols. In addition. and ICMP Redirect messages.IP Service 3 3 Basic IPv6 Configuration Basic IPv6 Configuration About This Chapter The IPv6 protocol stack is a support for routing protocols and application protocols on an IPv6 network.1 Introduction to IPv6 IPv6 is an upgraded version of IPv4 and solves many problems with IPv4.. The Neighbor Discovery Protocol (NDP) replaces the Address Resolution Protocol (ARP).8 Maintaining IPv6 This section describes how to maintain IPv6. 9 Configuration Examples This section includes the networking requirements. An example is used to describe how to configure an IPv6 address and Neighbor Discovery Protocol for an interface.IP Service 3 Basic IPv6 Configuration 3. and configuration roadmap. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. precautions for configuration.Huawei AR150&200 Series Enterprise Routers Configuration Guide .. Ltd. 51 . is the standard network protocol of the second generation. The 16 bits of each group are represented by four hexadecimal characters. IPv6 neighbor discovery.d This format is for the following types of addresses: – IPv4-compatible IPv6 address – IPv4-mapped IPv6 address In this type of address. and Path MTU (PMTU) configuration. The IPv6 protocol stack is a support for routing protocols and application protocols. and IP-Trunk interfaces l VLANIF interfaces IPv6 Address A 128-bit IPv6 address has the following formats: l X:X:X:X:X:X:X:X In this format. that is. "X" represents the first six groups of numbers. Every "X" represents a group of hexadecimal values.2 IPv6 Supported by the AR150/200 The basic functions of IPv6 include IPv6 address configuration. The AR150/200 supports the IPv6 protocol suite and TCP6 protocol suite. ICMPv6 packet control. It is a set of specifications designed by the Internet Engineering Task Force (IETF).1 Introduction to IPv6 IPv6 is an upgraded version of IPv4 and solves many problems with IPv4. The groups are separated by colons.d. Ltd. IPv6 is the upgraded version of IPv4.d" is a standard IPv4 address. An IPv6 address can be divided into two parts: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. 3.Huawei AR150&200 Series Enterprise Routers Configuration Guide . a 128-bit IP address is divided into eight groups. router advertisement.) l Tunnel interfaces l Loopback interfaces l Eth-Trunk interfaces. Eth-Trunk sub-interfaces.d. Internet Protocol Version 6 (IPv6). Each "d" stands for eight bits that are represented by decimal numbers. Each "X" stands for 16 bits that are represented by hexadecimal numbers. The most remarkable difference between IPv6 and IPv4 is that the IP address lengthens from 32 bits to 128 bits. "d. and A to F. 52 . AR150/200 supports IPv6 on the following interfaces: l Ethernet interfaces and sub-interfaces l Gigabit-Ethernet interfaces and sub-interfaces l Serial interfaces (Only the Serial interfaces configured with PPP or HDLC as the link protocol support IPv6. l X:X:X:X:X:X:d.IP Service 3 Basic IPv6 Configuration 3.d.d.) l POS interfaces (Only the POS interfaces configured with PPP or HDLC as the link protocol support IPv6. "d" represents the subsequent four group of numbers. 0 to 9. also called IP Next Generation (IPng). Ltd. A FIB agent is responsible for interacting with the RM module for delivering FIB entries to the forwarding engine. they can define a group of address selection rules. and to the I/O board in a distributed system. The Path MTU (PMTU) Discovery mechanism aims at finding a proper MTU value on the path from the source to the destination. IPv6 Neighbor Discovery The IPv6 neighbor discovery (ND) is a group of messages and processes that define the relationship between neighboring nodes. however. l The source host sends packets based on a proper MTU so that packets need not be fragmented on the intermediate router. Guided by route management policies. the intermediate router not only needs to fragment packets. next-hop address. A device forwards packets according to FIB entries. packet processing burden on the intermediate router can be reduced. ND replaces the Address Resolution Protocol (ARP) messages and the Internet Control Message Protocol (ICMP) device discovery messages. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. In such a case.. IPv6 PMTU Generally. The address is selected based on a source and a destination addresses. During IPv6 packet transmission. An FIB entry usually contains the destination address. It is of n bits. An address selection policy table can be created based on these rules. this table can be queried based on the longest match rule. This brings about Routing Information Base (RIB).IP Service 3 Basic IPv6 Configuration l Network prefix: equals the network ID of an IPv4 address. 53 . l Interface identifier: equals the host ID in an IPv4 address. Through the route management module. The RIB is a base of the Forwarding Information Base (FIB). a device extracts a minimum of necessary forwarding information from RIB and adds the information to the FIB.Huawei AR150&200 Series Enterprise Routers Configuration Guide . It is of 128-n bits. and time stamp. transport port. route flag. the problem that different networks have different Maximum Transmission Units (MTU) can be solved in the following ways: l Devices fragment packets as required. but also to reassemble packets. you can also add static routes into the FIB. prefix length. It also provides additional functions. Similar to a routing table. IPv6 FIB Connecting network topologies of different types needs the configuration of different routing protocols. A FIB contains a group of minimum information needed by a device during packet forwarding. A FIB contains the following information: l Issue 02 (2012-03-30) Destination address: indicates the network or host a packet is destined for. The source host only needs to fragment packets. The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB container (used on the forwarding plane). Selection of Source and Destination Addresses When network administrators need to specify or plan a source and a destination addresses. only this way can be adopted because IPv6 intermediate routers do not support packet fragmentation. and configuration procedure for assigning an IPv6 address to an interface. l Tunnel ID: Indicates the ID of VPN Tunnel. pre-configuration tasks. The link-local address configured manually must be a valid link-local address (FE80::/10). NOTE The IPv6 function is used with a license.1 Establishing the Configuration Task This section describes the applicable environment. Ltd. After being enable with automatic address generation capability. To use the IPv6 function. you can infer that the destination address is a network address or a host address. The AR150/200 supports configuring IPv6 addresses for the following interfaces: l Ethernet interfaces and sub-interfaces l Tunnel interfaces l Loopback interfaces l Eth-Trunk interfaces. Addresses can be the link-local address and the global unicast address. the system automatically generates a linklocal address. 3.IP Service 3 Basic IPv6 Configuration l Prefix length: indicates the length of the destination address prefix. l Flag(s): identifies route features. From the prefix length. The packets using the link-local address as the source or destination address are not forwarded to other links. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Eth-Trunk sub-interfaces(support IPv6 only when they work in Layer 3 mode) l VLANIF interfaces l VE interfaces l VT interfaces You can configure 10 addresses for one interface. The link-local address is used in ND. and in the communication between nodes on the local link in the stateless address auto-configuration. l Interface: indicates the outgoing interface of the packet.3 Configuring an IPv6 Address for an Interface Assigning an IPv6 address to a device on a network enables the device to communicate with the other devices on the network. you need to configure IPv6 address for the interface.3. 54 .. Applicable Environment When a device communicates with an IPv6 device. The link-local address can be automatically generated or manually configured. apply for and purchase the following license from the Huawei local office: l AR150&200 Value-Added Data Package 3. l Nexthop: indicates the address of the close next hop through which the packet reaches the destination. l Timestamp: Indicates the time when an FIB entry is established. data preparation. . you must enable the IPv6 capability in both the system view and the interface view. Commonly. which is necessary for the communication between users. The difference is that only the network bits need to be specified for the EUI-64 address and the host bits are transformed from the MAC addresses of the interface while a complete 128-bit address need to be specified for the global unicast address. Ltd. To enable IPv6 packet forwarding on an interface. The global unicast address is equivalent to the IPv4 public address. This is because: l Issue 02 (2012-03-30) If you run the ipv6 command only in the system view. complete the following tasks: l Configuring the physical features of the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Data Preparation To configure IPv6 addresses for an interface. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. However. An EUI-64 address has the same function as an global unicast address. Pre-configuration Tasks Before configuring IPv6 addresses. 55 . however. it is used to implement communication requirements of protocol and is not directly related to the communication between users. is not enabled on the interface and hence you cannot perform any IPv6 configurations. Note that the prefix length of the network bits in an EUI-64 address must not be longer than 64 bits. The EUI-64 address and the global unicast address can be configured simultaneously or alternatively. Data 1 Number of the interface 2 Link-local address configured manually 3 Global unicast address and prefix length 3.2 Enabling IPv6 Packet Forwarding Capability You can perform other IPv6 configurations on an interface only when IPv6 is enabled in the interface view.3.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The IPv6 function. only the IPv6 packet forwarding capability is enabled on a device.IP Service 3 Basic IPv6 Configuration It is recommended to automatically generate a link-local address because the link-local address is used only for the communication between link-local nodes. No. It is used for data forwarding across the pubic network. you must configure IPv6 in the system view. the IP addresses configured for one interface cannot be in the same network segment. you need the following data. Context To enable a device to forward IPv6 packets. the IPv6 capability is enabled only on an interface. 56 . otherwise. Ltd. Step 3 Perform the following as required. you must run this command in the system view. Step 2 Run: ipv6 The IPv6 packet forwarding capability is enabled. the IPv6 capability is disabled on the interface. Therefore. A packet with a link-local address as the source or destination address is forwarded only along the local link.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed. To enable a device to forward IPv6 packets. you must enable the IPv6 capability in the interface view. and in the communications between nodes on the local end of the link in stateless address auto-configuration. By default.. the device cannot forward IPv6 data. The local address of a link is valid only for the link. Step 2 Run: interface interface-type interface-number The interface view is displayed. ----End 3. Step 4 Run: ipv6 enable The IPv6 capability is enabled on the interface.3.IP Service l 3 Basic IPv6 Configuration If you run the ipv6 enable command only in the interface view. By default.3 Configuring an IPv6 Link-Local Address for an Interface The local address of a link is used in the neighbor discovery protocol. the IPv6 packet forwarding capability is disabled. the device cannot forward IPv6 packets although you enable IPv6 on the interface. Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: interface interface-type interface-number The view of the interface to be enabled with the IPv6 capability is displayed. Before performing IPv6 configurations in the interface view. Huawei AR150&200 Series Enterprise Routers Configuration Guide . An anycast address is used to identify a group of interfaces on different nodes. see Configuring an IPv6 Global Unicast Address for an Interface. Procedure Step 1 Run: system-view The system view is displayed.4 Configuring an IPv6 Global Unicast Address for an Interface A global unicast IP address is equal to an Internet IPv4 address and can be used for links whose route prefixes can be aggregated. Step 2 Run: interface interface-type interface-number The interface view is displayed. Context Anycast addresses and unicast addresses are in the same address range.. you can also configure a global unicast IPv6 address for auto generating a link-local address. ----End 3. Besides configuring a link-local address through the preceding two commands. ----End 3. an anycast address is listened to by multiple nodes. In this manner. Or Run: ipv6 address ipv6-address link-local The IPv6 link-local address is manually configured. Step 3 Run: ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } or ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64 The global unicast address is configured on the interface. l The packets destined for an anycast address are transmitted to an interface that is in the interface group identified by the anycast address and is closest to the source node. it is only used as a destination address.5 Configuring an IPv6 Anycast Address for an Interface An anycast address is used to identify a group of interfaces. Ltd. l Similar to a multicast address. Therefore.3.IP Service 3 Basic IPv6 Configuration ipv6 address auto link-local Auto generation of the IPv6 link-local address is enabled. 57 . For details. routing entries can be reduced. (The distance between an interface and the source node is calculated based on the routing Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. ----End 3. 58 . l If an anycast address is used. If the IPv6 address of the interface is displayed.. Alternatively.Huawei AR150&200 Series Enterprise Routers Configuration Guide . When multiple 6to4 relay route devices are configured on the network.IP Service 3 Basic IPv6 Configuration protocol). the number of addresses is reduced. The packets destined for a multicast address are transmitted to a group of interfaces with the multicast address. For example: <Huawei> display ipv6 interface ethernet 1/0/0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the AR150/200 supports the configuration of an anycast address with the prefix of 2002:c058:6301:: on the tunnel interface of the 6to4 relay route device. ----End Example Run the display ipv6 interface command. Step 2 Run: interface interface-type interface-number The interface view is displayed. Ltd. Step 3 Run: ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast An IPv6 anycast address is assigned to an interface. the difference between the two methods is as follows: l If an 6to4 address is used.3. you need to configure different addresses for tunnel interfaces of all devices. l Run the display ipv6 statistics command to check the IPv6 packet statistics. it means that the configuration succeeds. Prerequisites The configurations of the IPv6 addresses are complete. Procedure l Run the display ipv6 interface [ interface-type interface-number | brief ] command to check the IPv6 information of an interface. Procedure Step 1 Run: system-view The system view is displayed. When the 6to4 tunnel is used for the communication between the 6to4 network and the native IPv6 network.6 Checking the Configuration You can view the configuration of the IPv6 address for an interface. In this manner. you can configure a 6to4 address on the tunnel interface of the 6to4 relay route device. you need to configure the same address for the tunnel interfaces of all devices. ICMP Router Discovery messages. 59 .Huawei AR150&200 Series Enterprise Routers Configuration Guide . it means that the configuration succeeds. and ICMP Redirect messages. If the statistics on IPv6 packets is displayed. number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses Run the display ipv6 interface command. The Neighbor Discovery Protocol (NDP) replaces the Address Resolution Protocol (ARP). <Huawei> display ipv6 statistics IPv6 Protocol: Sent packets: Total Local sent out Raw packets Fragmented Fragments failed : : : : : 3630 3630 0 0 0 Forwarded Discarded Fragments Multicast : : : : 0 0 0 0 Received packets: Total Hop count exceeded Too big Address error Truncated Fragments Reassembly timeout : : : : : : : 3630 0 0 0 0 0 0 Local host Header error Routing failed Protocol error Option error Reassembled Multicast : : : : : : : 3630 0 0 0 0 0 0 3. and introduces neighbor reachability detection. If the configured IPv6 address and interface status are displayed. Ltd. <Huawei> display ipv6 interface brief *down: administratively down (l): loopback (s): spoofing Interface Physical Ethernet2/0/0 up [IPv6 Address] 2030::101:101 Ethernet2/0/1 up [IPv6 Address] 2001::1 LoopBack0 up [IPv6 Address] Unassigned Protocol up up up(s) Run the display ipv6 statistics command.IP Service 3 Basic IPv6 Configuration Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled. link-local address is FE80::200:1FF:FE04:5D00 [TENTATIVE] Global unicast address(es): 2001::1. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. subnet is 2001::/64 [TENTATIVE] Joined group address(es): FF02::1:FF00:1 FF02::1:FF04:5D00 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled..4 Configuring IPv6 Neighbor Discovery IPv6 neighbor discovery (ND) is a packet transmission process to identify the relationship between neighboring nodes. it means that the configuration succeeds. IP Service 3 Basic IPv6 Configuration 3.Huawei AR150&200 Series Enterprise Routers Configuration Guide . data preparation. During IPv6 packet forwarding. and configuration procedure for IPv6 neighbor discovery. address prefix. If a node is a router.. you need the following data. the node checks whether this address can be used and does not conflict with any other address. and other configuration parameters to instruct hosts to configure parameters. Issue 02 (2012-03-30) No. a router needs to notify the host of the optimal next hop address of a packet to be sent by the host to a specific destination. 60 .1 Establishing the Configuration Task This section describes the applicable environment. Applicable Environment After an IPv6 address is configured for a node. pre-configuration tasks.4. The IPv6 ND configuration is supported on the following interfaces: l Ethernet interface sand sub-interfaces l Tunnel interfaces l Eth-Trunk interfaces. Most of the ND configurations are implemented based on the interfaces. and life duration of RA messages 4 Flag bit of automatic configuration 5 Hop limit of ND 6 Sending times of DAD 7 Intervals for re-transmitting NS messages 8 NUD reachable time Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. The Neighbor Discovery (ND) function can be used to meet the requirements. Data 1 Number of interface which needs to be configured with IPv6 ND 2 IPv6 address and MAC address of the static neighbor 3 Intervals. Ltd. a node needs to know the neighboring nodes' link-layer addresses and check their reachability. If a node is a host. it needs to advertise its address. complete the following tasks: l Configuring the physical features for the interface and ensuring that the status of the physical layer of the interface is Up l Configuring link layer parameters for the interface l Configuring the IPv6 address for the interface Data Preparation To configure IPv6 neighbor discovery. prefix. Eth-Trunk sub-interfaces l VLANIF interfaces Pre-configuration Tasks Before configuring IPv6 neighbor discovery. Ltd. run the ipv6 neighbor ipv6-address mac-address vid vid [ cevid cevid ] command. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Run one of the following commands as required: l To configure a static neighbor entry on a common Layer 3 interface. You can configure up to 300 neighbors on each interface. you cannot configure a static neighbor entry on it. Step 2 Run: interface interface-type interface-number The interface view is displayed. run the ipv6 neighbor ipv6address mac-address vid vlan-id interface-type interface-number command.4.Huawei AR150&200 Series Enterprise Routers Configuration Guide . l To configure a static neighbor entry on a sub-interface for QinQ VLAN tag termination. the device can send router advertisement messages.2 Configuring Static Neighbors By configuring a static neighbor.4. you can obtain the mapping of the IPv6 address and MAC address of the neighbor. run the ipv6 neighbor ipv6-address mac-address command. Step 2 Run: interface interface-type interface-number The interface view is displayed. Procedure Step 1 Run: system-view The system view is displayed. ----End 3. NOTE If an interface is configured with dynamic QinQ. Static neighbors can be configured for interfaces and their sub-interfaces. Data 9 Interface MTU 3 Basic IPv6 Configuration 3. Procedure Step 1 Run: system-view The system view is displayed.. 61 . l To configure a static neighbor entry on a VLANIF interface.3 Enabling RA Message Advertising After being enabled with router advertisement.IP Service No. providing prefixes for hosts. ----End 3.. The maximum interval can not be shorter than the minimum interval. Procedure Step 1 Run: system-view The system view is displayed.4 Setting the Interval for Advertising RA Messages The device periodically sends router advertisement messages containing information such as prefixes and flag bits. By default. the minimum interval is set to the same value as the maximum interval. ----End 3. the maximum interval is 600 seconds and the minimum interval is 200 seconds. When the maximum interval is less than 9 seconds.IP Service 3 Basic IPv6 Configuration Step 3 Run: (Optional)undo ipv6 nd ra halt The function of advertising RA messages is enabled. Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: ipv6 nd ra prefix { ipv6-address ipv6-prefix-length | ipv6-prefix/ipv6-prefixlength } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ] Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. Step 3 Run: ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval } The interval for advertising RA messages is configured. 62 .5 Configuring the Address Prefixes to Be Advertised Nodes of the local links can perform address auto-configuration by using prefixes of these addresses.4.4. Step 2 Run: interface interface-type interface-number The interface view is displayed. Step 2 Run: interface interface-type interface-number The interface view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The value of limit ranges from 1 to 255. NOTE l If the ipv6 nd ra hop-limit command has been run on an interface. NS re-transmitting time interval is 1000ms. l If the ipv6 nd ra hop-limit command has not been run on an interface. By default. The value of limit ranges from 0 to 255. Context Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. The MTU on an Ethernet defaults to be 1500 bytes.. Step 3 Run: interface interface-type interface-number The interface view is displayed. Ltd. By default. By default. it is 64. prefix option. neighbor hold time. Step 5 Run: ipv6 nd ra router-lifetime ra-lifetime The life duration of RA messages is configured.4. ----End 3. that is. and keepalive time. Step 4 Run: ipv6 nd ra hop-limit limit ND hop limit is configured.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Procedure Step 1 Run: system-view The system view is displayed. You can configure the number of DAD messages which are sent continuously. Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. the value configured in the ipv6 nd hop-limit command. the hop limit for an RA message uses the value configured on the interface. it is 64.6 Configuring Other Information to Be Advertised A router advertisement message carries information such as the maximum number of hops. The MTU of the interface determines whether to fragment IP packets on the interface.IP Service 3 Basic IPv6 Configuration The prefix of RA messages is configured. By default. the hop limit for an RA message uses the value configured globally. Default MTUs vary with interface types. Set the interval of sending Neighbor Solicitation (NS) messages on the device. 63 . NUD value is 30000ms. Step 2 Run: ipv6 nd hop-limit limit ND hop limit is configured. When sending packets to another device. a proper router can be selected to forward packets of a host. l By default. if there is no route to be selected. When receiving the RA packets that carry the priority of default routers. Step 8 Run: ipv6 nd nud reachable-time value The NUD reachable time is set. Context If a host is connected to multiple routers. Ltd. the host must select a router to forward packets based on the destination addresses of packets. If the router is faulty. the host selects another router in descending order of priority. the maximum interval is 600 seconds. run the shutdown command and the undo shutdown command orderly in the interface view to validate the configuration. Step 7 Run: ipv6 nd ns retrans-timer interval The interval for re-sending NS messages is set. 3. 64 . Step 9 Run: ipv6 mtu mtu MTU of the interface is configured. the host queries the routing table and selects a proper route to send packets. the host updates its routing table. ----End Follow-up Procedure If the IPv6 MTU value is changed. and the minimum interval is 200 seconds. the interval must be less than or equal to the life duration. the life duration of RA messages is 1800 seconds. l By default. If the prefix is configured. The router can advertise the default router priority and specified route information to the host so that the host can select a proper forwarding router based on the destination addresses of packets. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..4.7 Configuring the Default Router Priority and Route Information RA packets that carry the default router priority and route information can be transmitted over the local link. Step 6 Run: ipv6 nd dad attempts value Times to send DAD messages are configured. Then. When sending packets to another device. the host updates its default router table. the host queries the default router table. the duration is still 1800 seconds. After receiving the RA packets carrying the route information. In this manner. the host selects a router with the highest priority on the local link to send packets.Huawei AR150&200 Series Enterprise Routers Configuration Guide .IP Service 3 Basic IPv6 Configuration NOTE l When the ipv6 nd ra command is run to set the interval for advertising RA messages. . If the interface is in the Up state. ----End 3. If the cache of the neighbor information contains neighbors' IPv6 addresses and the specified interfaces.8 Checking the Configuration You can view the configuration of IPv6 neighbor discovery. Step 4 Run: ipv6 nd ra route-information ipv6-address prefix-length lifetime route-lifetime [ preference { high | medium | low } ] Route information is configured in RA packets. Prerequisites The configurations of the IPv6 neighbor discovery function are complete. l Run the display ipv6 interface [ interface-type interface-number | brief ] command to check the IPv6 information of an interface. it means that the configuration succeeds. <Huawei> display ipv6 neighbors ethernet 1/0/0 -------------------------------------------------------IPv6 Address : 3003::2 Link-layer : 00e0-fc89-fe6e State : STALE Interface : Eth1/0/0 Age : 7 VLAN : 10 CEVLAN: VPN name : vpn1 Is Router: TRUE Secure FLAG : UN-SECURE IPv6 Address : FE80::2E0:FCFF:FE89:FE6E Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 65 . Step 3 Run: ipv6 nd ra preference { high | medium | low } The default router priority is configured in RA packets.IP Service 3 Basic IPv6 Configuration Procedure Step 1 Run: system-view The system view is displayed. the configuration is successful.4.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd. ----End Example Run the display ipv6 neighbors command. Procedure l Run the display ipv6 neighbors [ ipv6-address | [ vid vlan-id ] interface-type interfacenumber | vpn-instance vpn-instance-name ]display ipv6 neighbors interface-type interface-number| [vid vid ] | [cevid cevid] command to check the neighbor information in the cache. Step 2 Run: interface interface-type interface-number The interface view is displayed. Huawei AR150&200 Series Enterprise Routers Configuration Guide .1 Establishing the Configuration Task This section describes the applicable environment. Enable the IPv6 packet forwarding capacity in the system view and configure an IPv4 address or IPv6 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 66 . <Huawei> display ipv6 interface ethernet 1/0/0 Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled. Run the display ipv6 interface brief command. it means that the configuration succeeds.. the IPv4/IPv6 dual protocol stacks need to be enabled on the device. pre-configuration tasks. you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network. link-local address is FE80::1 Global unicast address(es): 2001::1. If information about the IPv6 address on the interface is displayed. <Huawei> display ipv6 interface brief *down: administratively down (l): loopback (s): spoofing Interface Physical Ethernet2/0/2 up [IPv6 Address] 2030::101:101 Ethernet2/0/3 up [IPv6 Address] 2001::1 LoopBack0 up [IPv6 Address] Unassigned Protocol up up up(s) 3. If information about the IPv6 address on the interface and interface status are displayed. data preparation. subnet is 2001::/64 5000::A19:A6FF:FECE:7D4B. Applicable Environment If a device has both IPv4 and IPv6 connections.5. Enabling the IPv4/IPv6 dual protocol stacks on the AR150/200 is a simple process. Ltd. it means that the configuration succeeds.IP Service 3 Basic IPv6 Configuration Link-layer : 00e0-fc89-fe6e State : STALE Interface : Eth1/0/0 Age : 7 VLAN : 10 CEVLAN: Is Router: TRUE Secure FLAG : UN-SECURE --------------------------------------------------------Total: 2 Dynamic: 2 Static: 0 Run the display ipv6 interface command. and configuration procedure for the IPv4/IPv6 dual protocol stack. subnet is 5000::/63 Joined group address(es): FF02::1:FFCE:7D4B FF02::2 FF02::1 FF02::1:FF00:1 MTU is 1280 bytes ND DAD is disabled ND reachable time is 10000 milliseconds ND retransmit interval is 10000 milliseconds Hosts use DHCP to obtain routable addresses.5 Configuring IPv4/IPv6 Dual Stacks To establish an IPv6 over IPv4 tunnel. 3. 67 . Step 2 Run: ipv6 The IPv6 packet forwarding capability is enabled.2 Enabling IPv6 Packet Forwarding To enable IPv6 packet forwarding. The device can then forward IPv4 and IPv6 packets on the corresponding interface.Huawei AR150&200 Series Enterprise Routers Configuration Guide . l If you run the ipv6 enable command only in the interface view. No. Context To enable a device to forward IPv6 packets. only the IPv6 packet forwarding capability is enabled on a device. Procedure Step 1 Run: system-view The system view is displayed. you need the following data.. Pre-configuration Tasks Before configuring IPv6 tunnels.IP Service 3 Basic IPv6 Configuration address on the corresponding interface. This is because: l If you run the ipv6 command only in the system view.5. The interface on the device is not of the IPv6 capability and hence you cannot perform any IPv6 configurations. you need to enable IPv6 in both the interface view and the system view. Ltd. the IPv6 capability is enabled only on an interface but the device cannot forward IPv6 data. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. you must enable the IPv6 capability in both the system view and the interface view. complete the following tasks: l Configuring the physical parameters for the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer parameters for the interface Data Preparation To configure IPv4/IPv6 dual stacks. Data 1 Type and number of the interface connected with the IPv4 network 2 IPv4 address and mask of the interface connected with the IPv4 network 3 Type and number of the interface connected with the IPv6 network 4 IPv6 address and prefix of the interface connected with the IPv6 network 3. ----End 3. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: interface interface-type interface-number The view of the interface to be enabled with the IPv6 capability is displayed.. the IPv6 packet forwarding capability is disabled. Step 6 Perform the following configuration as required. the IPv6 capability is disabled on the interface. you must run this command in the system view. Step 4 Run: ipv6 enable The IPv6 capability is enabled on the interface. By default. you must enable the IPv6 capability in the interface view. Before performing IPv6 configurations in the interface view.3 Configuring IPv4 and IPv6 Addresses for the Interface You need to configure IPv4 and IPv6 addresses separately on the IPv4 and IPv6 networks. Ltd. 68 . otherwise.Huawei AR150&200 Series Enterprise Routers Configuration Guide . the device cannot forward IPv6 packets although the interface is configured with an IPv6 address. By default. Step 3 Run: ip address ip-address { mask | mask-length } An IPv4 address is assigned to the interface.5. Step 5 Run: interface interface-type interface-number The interface view of the IPv6 network is displayed.IP Service 3 Basic IPv6 Configuration To enable a device to forward IPv6 packets. l Run: ipv6 address auto link-local The link-local address is set to be automatically generated. Step 4 Run: quit Return to the system view. Step 2 Run: interface interface-type interface-number The interface view of the IPv4 network is displayed. Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 3 Basic IPv6 Configuration l Run: ipv6 address ipv6-address link-local The link-local address of the interface is configured. l Run: ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } The global unicast address is configured. l Run: ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64 The IPv6 EUI-64 address is configured. ----End 3.5.4 Checking the Configuration You can check the configuration of the IPv4/IPv6 stack. Prerequisites The IPv4/IPv6 stack has been configured. Procedure l Run the display this command in the interface view to view the information about the IPv4/ IPv6 stack. ----End Example EthRun the display this command to view information about the IPv4/IPv6 stack. [Huawei-Ethernet1/0/0] display this [V200R002C00] # interface GigabitEthernet0/0/1 ipv6 enable ip address 20.1.1.1 255.255.255.0 ipv6 address 1002::1/64 ospfv3 1 area 0.0.0.0 # return 3.6 Configuring PMTU By setting the PMTU, you can select a proper MTU for packet transmission. In this manner, packets do not have to be fragmented during transmission and loads on intermediate devices are reduced. In addition, network resources are used more efficiently and the network throughput reaches the optimal value. 3.6.1 Establishing the Configuration Task This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring the PMTU. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 69 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 3 Basic IPv6 Configuration Applicable Environment By setting PMTUs on interfaces, you can enable devices to send packets based on proper MTUs across the network. This avoids packet fragmentation, reduces the burden of the devices, implements efficient usage of network resources and achieves the best throughput. Pre-configuration Tasks Before configuring PMTUs, complete the following tasks: l Configuring the physical features for the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer protocol for the interface Data Preparation To configure PMTUs, you need the following data. No. Data 1 IPv6 address and PMTU value to be configured 2 PMTU aging time 3.6.2 Creating Static PMTU Entries You can configure a static PMTU according to the lowest MTU of the path that a packet is to traverse. This speeds up packet transmission. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ipv6 pathmtu ipv6-address [ path-mtu ] The PMTU value of a specified IPv6 address is configured. By default, the PMTU of the IPv6 address is 1500 bytes. l The maximum number of static PMTU entries is 300. l The maximum number of dynamic and static PMTU entries on the public network is 512 for the AR200 or AR1200, and 1024 for the AR2200 or AR3200. ----End 3.6.3 Configuring PMTU Aging Time By setting the PMTU aging time, you can change the keepalive time of dynamic PMTU entries in the cache. A static PMTU entry never ages. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 70 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 3 Basic IPv6 Configuration Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ipv6 pathmtu age age-time The aging time of PMTU is configured. By default, the dynamic PMTU aging time is 10 minutes. If the static PMTU exist, the dynamic PMTU dose not take effect. ----End 3.6.4 Checking the Configuration You can view the configuration of a PMTU. Prerequisites The configurations of the PMTU are complete. Procedure l Run the display ipv6 pathmtu { ipv6-address | all | dynamic | static } command to check all PMTU items. l Run the display ipv6 interface [ interface-type interface-number | brief ] command to check the current MTU of the interface. ----End Example Run the display ipv6 pathmtu command. If the destination IPv6 address, the PMTU value, the aging time and type are displayed, it means that the configuration succeeds. <Huawei> display ipv6 pathmtu all IPv6 Destination Address ZoneID PathMTU LifeTime(M) Type fe80::12 0 1300 40 Dynamic 2222::3 0 1280 -Static ------------------------------------------------------------------------------Total: 2 Dynamic: 1 Static: 1 Run the display ipv6 interface command. If the current MTU of the interface is displayed, it means that the configuration succeeds. <Huawei> display ipv6 interface ethernet 1/0/0 Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1:FF00:1 FF02::1:FF04:5D00 FF02::2 FF02::1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 71 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 3 Basic IPv6 Configuration MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses 3.7 Configuring TCP6 By setting TCP6 packets, you can improve the performance of the network. 3.7.1 Establishing the Configuration Task This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring TCP6. Applicable Environment To optimize network performance, you need to adjust the TCP6 parameters. Pre-configuration Tasks Before configuring TCP6, complete the following tasks: l Connecting and configuring the physical features for the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer protocol parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Data Preparation To configure TCP6, you need the following data. No. Data 1 Value of TCP6 FIN-WAIT timer 2 Value of TCP6 SYN-WAIT timer 3 Size of TCP6 Sliding Window 3.7.2 Configuring TCP6 Timers By setting two TCP6 timers, you can control the TCP connection time. Procedure Step 1 Run: system-view The system view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 72 .Huawei AR150&200 Series Enterprise Routers Configuration Guide . By default. ----End 3.7. l Run the display udp ipv6 statistics command to check related UDP6 statistics.7. The size of the TCP6 sliding window ranges from 1 KB to 32 KB. In this manner. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. By default. Ltd.4 Checking the Configuration You can view the configuration of TCP6. the SYN-WAIT timer is 75s. the FIN-WAIT timer is 600s. 73 . Step 2 Run: tcp ipv6 window window-size The size of the TCP6 sliding window is configured. the size of the TCP6 sliding window is 8 KB. l Run the display tcp ipv6 status command to check the TCP6 connection status. you can improve the performance of the network. By default.IP Service 3 Basic IPv6 Configuration Step 2 Run: tcp ipv6 timer syn-timeout timer-value The TCP6 SYN-WAIT timer is set. Prerequisites The configurations of the TCP6 function are complete. Procedure Step 1 Run: system-view The system view is displayed. ----End 3. Procedure l Run the display tcp ipv6 statistics command to check related TCP6 statistics. l Run the display ipv6 socket [ socktype socket-type | task-id task-id socket-id socket-id ] command to check the information of the specified socket. Step 3 Run: tcp ipv6 timer fin-timeout timer-value The TCP6 FIN-WAIT timer is set. you can set the sizes of the receiving buffer and transmitting buffer in the socket.3 Configuring the Size of the TCP6 Sliding Window By setting the sliding window size for TCP6. display tcp ipv6 status. so connections disconnected: 0 initiated connections: 0 accepted connections: 0 established connections: 0 closed connections: 0 (dropped: 0.. If the connection status and statistic of TCP6 and UDP6 are displayed. <Huawei> display tcp ipv6 statistics Received packets: total: 0 total(64bit high-capacity counter): 0 packets in sequence: 0 (0 bytes) window probe packets: 0 window update packets: 0 checksum error: 0 offset error: 0 short error: 0 duplicate packets: 0 (0 bytes) partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 0 (0 bytes) duplicate ACK packets: 0 too much ACK packets: 0 packets dropped due to MD5 authentication failure: 0 packets dropped due to absence of MSO: 0 packets dropped due to presence of MSO: 0 packets received with MD5 Signature Option: 0 Sent packets: total: 0 urgent packets: 0 total(64bit high-capacity counter): 0 control packets: 0 (including 0 RST) window probe packets: 0 window update packets: 0 data packets: 0 (0 bytes) data packets retransmitted: 0 (0 bytes) ACK only packets: 0 (0 delayed) packets sent with MD5 Signature Option: 0 Other Statistics: retransmitted timeout: 0 connections dropped in retransmitted timeout: 0 keepalive timeout: 0 keepalive probe: 0 keepalive timeout. TCP6CB TID/SoID Local Address Foreign Address 19df05d0 9/3 ::->23 ::->0 <Huawei> display udp ipv6 statistics Received packets: total: 0 total(64bit high-capacity counter): 0 checksum error: 0 shorter than header: 0 invalid message length: 0 no socket on port: 0 no multicast port: 0 not delivered. initiated dropped: 0) <Huawei> display tcp ipv6 status * . State Listening VPNID 0 74 . it means that the configuration succeeds.Huawei AR150&200 Series Enterprise Routers Configuration Guide . input socket full: 0 input packets missing pcb cache: 0 packets sent for external pre processing: 1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.MD5 Authentication is enabled.IP Service 3 Basic IPv6 Configuration Example Run the display tcp ipv6 statistics. Ltd. and display udp ipv6 statistics commands. FA = ::->0. LA = ::->22. sndbuf = 8192.1 Resetting IPv6 This section describes clearance of information about IPv6 operation through the reset command.. rcvbuf = 8192. l Run the reset ipv6 address-policy command in the user view to clear address selection policy entries. 3. Proto = 6. socketid = 3. socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID. sndbuf = 8192. sb_cc = 0. rb_cc = 0. confirm the action before you use the command. socket state = SS_PRIV SS_ASYNC SOCK_RAW: 3.IP Service 3 Basic IPv6 Configuration Sent packets: total: 0 total(64bit high-capacity counter): 0 Run the display ipv6 socket command. Context CAUTION IPv6 statistics cannot restore after you clear it. If the related socket information is displayed. rcvbuf = 8192.8 Maintaining IPv6 This section describes how to maintain IPv6. <Huawei> display ipv6 socket SOCK_STREAM: Task = VTYD(14). Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.8. socketid = 4. Proto = 6. So. rb_cc = 0. socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID. LA = ::->23. sb_cc = 0. socket state = SS_PRIV SS_ASYNC SOCK_DGRAM: Task = VTYD(14). it means that the configuration succeeds. Ltd. Procedure l Run the reset ipv6 statistics command in the user view to clear statistics of processing IPv6 packets after you confirm it. l Run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interfacenumber] | interface-type interface-number [ dynamic | static ] } command in the user view to clear IPv6 neighbor entries in the cache after you confirm it. Detailed operations include deleting information about IPv6 operation and monitoring IPv6 operation. FA = ::->0. l Run the reset ipv6 pathmtu { all | dynamic | static } command in the user view to clear PMTU entries in the cache after you confirm it.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 75 . 9 Configuration Examples This section includes the networking requirements. 76 .IP Service 3 Basic IPv6 Configuration l Run the reset tcp ipv6 statistics command in the user view to clear all TCP6 statistics after you confirm it. precautions for configuration. Router A and Router B are connected through GE interfaces. and configuration roadmap. l Run the reset udp ipv6 statistics command in the user view to clear all UDP6 statistics after you confirm it.1 Example for Configuring an IPv6 Address for an Interface This part provides an example for configuring the IPv6 address of an interface. 3. you need the following data: l Issue 02 (2012-03-30) Global unicast addresses of the interfaces Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Figure 3-1 Networking diagram of configuring an IPv6 address for an interface Eth 1/0/0 3001::1/64 RouterA Eth 1/0/0 3001::2/64 RouterB Configuration Roadmap The configuration roadmap is as follows: 1.. Configure IPv6 global unicast addresses for the interfaces.Huawei AR150&200 Series Enterprise Routers Configuration Guide . It is required to configure IPv6 global unicast addresses for the interfaces and test the connectivity between them. ----End 3.9. Data Preparation To complement the configuration. 2. The IPv6 global unicast addresses to be configured for the interfaces are 3001::1/64 and 3001::2/64. An example is used to describe how to configure an IPv6 address and Neighbor Discovery Protocol for an interface. Ltd. Networking Requirement As shown in Figure 3-1. Enable IPv6 forwarding capability on devices. [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] ipv6 enable [RouterA-Ethernet1/0/0] ipv6 address 3001::1/64 [RouterA-Ethernet1/0/0] quit # Configure Router B. subnet is 3001::/64 Joined group address(es): FF02::1:FF00:2 FF02::2 FF02::1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. # Configure Router A <Huawei> system-view [Huawei] sysname RouterA [RouterA] ipv6 # Configure Router B <Huawei> system-view [Huawei] sysname RouterB [RouterB] ipv6 Step 2 Configure IPv6 global unicast addresses for the interfaces.IP Service 3 Basic IPv6 Configuration Procedure Step 1 Enable IPv6 packet forwarding on Router A and Router B. you can view the configured IPv6 global unicast addresses and status of the interface and the IPv6 protocol are both Up. If the configuration succeeds. number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Display interface information of Router B. [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] ipv6 enable [RouterB-Ethernet1/0/0] ipv6 address 3001::2/64 [RouterB-Ethernet1/0/0] quit Step 3 Verify the configuration. [RouterA] display ipv6 interface ethernet 1/0/0 Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled. [RouterB] display ipv6 interface ethernet 1/0/0 Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled. # Configure Router A. subnet is 3001::/64 Joined group address(es): FF02::1:FF00:1 FF02::2 FF02::1 FF02::1:FF01:E3 MTU is 1500 bytes ND DAD is enabled.Huawei AR150&200 Series Enterprise Routers Configuration Guide . # Display interface information of Router A. Ltd. link-local address is FE80::2E0:FCFF:FE01:E3 Global unicast address(es): 3001::1. link-local address is FE80::A19:A6FF:FE9B:6D3B Global unicast address(es): 3001::2. 77 . Networking Requirements As shown in Figure 3-2.00% packet loss round-trip min/avg/max = 2/2/2 ms ----End Configuration Files l Configuration file of Router A # sysname RouterA # ipv6 # interface ethernet1/0/0 ipv6 enable ipv6 address 3001::1/64 # return l Configuration file of Router B # sysname RouterB # ipv6 # interface ethernet1/0/0 ipv6 enable ipv6 address 3001::2/64 # return 3. number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # On Router A.. Configure IPv6 linklocal address for the GE interfaces and enable the routers to send RA messages. [RouterA] ping ipv6 3001::2 PING 3001::2 : 56 data bytes.IP Service 3 Basic IPv6 Configuration FF02::1:FF9B:6D3B MTU is 1500 bytes ND DAD is enabled.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 78 .3001::2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.9. two routers are connected through GE interfaces. press CTRL_C to break Reply from 3001::2 bytes=56 Sequence=1 hop limit=64 time = 2 ms Reply from 3001::2 bytes=56 Sequence=2 hop limit=64 time = 2 ms Reply from 3001::2 bytes=56 Sequence=3 hop limit=64 time = 2 ms Reply from 3001::2 bytes=56 Sequence=4 hop limit=64 time = 2 ms Reply from 3001::2 bytes=56 Sequence=5 hop limit=64 time = 2 ms --.2 Example for Configuring IPv6 Neighbor Discovery This section describes how to configure IPv6 neighbor discovery. Ltd. ping the global unicast IPv6 address of Router B. Data Preparation To complete the configuration. [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] ipv6 enable [RouterB-Ethernet1/0/0] ipv6 address auto link-local Step 3 Enable the routers to send RA messages. 79 . Ltd. <Huawei> system-view [Huawei] sysname RouterA [RouterA] ipv6 # Configure RouterB. # Configure RouterA. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Enable the routers to send RA messages on Ethernet 1/0/0. # Enable RouterA to send RA messages.Huawei AR150&200 Series Enterprise Routers Configuration Guide .. 3.IP Service 3 Basic IPv6 Configuration Figure 3-2 Networking diagram for IPv6 neighbor discovery Eth1/0/0 RouterA Eth 1/0/0 RouterB Configuration Roadmap The configuration roadmap is as follows: 1. # Configure RouterA. <Huawei> system-view [Huawei] sysname RouterB [RouterB] ipv6 Step 2 Configure the link-local unicast address. Configure the link-local unicast address on Ethernet 1/0/0. Procedure Step 1 Enable the IPv6 forwarding capability on the routers. [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] undo ipv6 nd ra halt # Enable RouterB to send RA messages. you need the following data: l IPv6 link-local address for an interface. 2. [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] ipv6 enable [RouterA-Ethernet1/0/0] ipv6 address auto link-local # Configure RouterB. Enable IPv6 forwarding capability on the router. min interval 200 seconds ND router advertisements live for 1800 seconds ND router advertisements hop-limit 64 ND default router preference medium Hosts use stateless autoconfig for addresses # Display the neighbor entries of RouterA..IP Service 3 Basic IPv6 Configuration [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] undo ipv6 nd ra halt Step 4 Verify the configuration. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. The status of the interfaces and the IPv6 protocol are Up. number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisement max interval 600 seconds. link-local address is FE80::2E0:FCFF:FE01:E3 No global unicast address configured Joined group address(es): FF02::1:FF01:E3 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled.Huawei AR150&200 Series Enterprise Routers Configuration Guide . # Display information about Ethernet1/0/0 on RouterA. you can view the configured link-local unicast addresses. number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisement max interval 600 seconds. Ltd. min interval 200 seconds ND router advertisements live for 1800 seconds ND router advertisements hop-limit 64 ND default router preference medium Hosts use stateless autoconfig for addresses # Display information about GE 1/0/0 on RouterB. [RouterA] display ipv6 neighbors ----------------------------------------------------------------------------IPv6 Address : FE80::A19:A6FF:FE9B:6D3B Link-layer : 0819-a69b-6d3b State : STALE Interface : Eth1/0/0 Age : 27 VLAN : CEVLAN: Is Router : TRUE Secure FLAG : UN-SECURE ----------------------------------------------------------------------------Total: 1 Dynamic: 1 Static: 0 # Display information about IPv6 neighbors of RouterB. 80 . [RouterA-Ethernet1/0/0] display this ipv6 interface Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled. link-local address is FE80::A19:A6FF:FE9B:6D3B No global unicast address configured Joined group address(es): FF02::1:FF9B:6D3B FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled. [RouterB-Ethernet1/0/0] display this ipv6 interface Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled. If the configuration succeeds. IP Service 3 Basic IPv6 Configuration [RouterB] display ipv6 neighbors ----------------------------------------------------------------------------IPv6 Address : FE80::2E0:FCFF:FE01:E3 Link-layer : 00e0-fc01-00e3 State : STALE Interface : Eth1/0/0 Age : 39 VLAN : CEVLAN: Is Router : TRUE Secure FLAG : UN-SECURE ----------------------------------------------------------------------------Total: 1 Dynamic: 1 Static: 0 ----End Configuration Files l Configuration file of RouterA # sysname RouterA # ipv6 # interface Ethernet1/0/0 ipv6 enable ipv6 address auto link-local undo ipv6 nd ra halt # return l Configuration file of RouterB # sysname RouterB # ipv6 # interface Ethernet1/0/0 ipv6 enable ipv6 address auto link-local undo ipv6 nd ra halt # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. 81 . Ltd.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 7 Configuration Examples This section provides DNS configuration examples.1 DNS Overview This section describes the DNS concept. 82 . and provides configuration examples. 4. Ltd. 4.5 Configuring a DDNS Client The AR150/200 can function as the DDNS client to dynamically obtain latest mappings between domain names of web sites and IP addresses on the DNS server.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 4. 4.4 Configuring DNS Proxy or Relay This section describes how to configure DNS proxy or relay. DNS proxy/relay.IP Service 4 DNS Configuration 4 DNS Configuration About This Chapter This chapter describes the principles and configuration procedures of the Domain Name System (DNS) on the AR150/200. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3 Configuring a DNS Client A DNS client uses domain names to communicate with other devices.2 DNS Features Supported by the AR150/200 The AR150/200 can function as the DNS client. 4. or dynamic DNS (DDNS) client. This allows your organization to use domain names to access web sites. 4. 4.6 Maintaining DNS This section describes how to maintain DNS.. the AR150/200 notifies the DDNS server about the new IP address when the IP address of the interface enabled with DDNS client changes. 83 . 4. however.IP Service 4 DNS Configuration 4. directly forwards DNS query messages to the DNS server. After a Layer 3 interface or a VLANIF interface of the AR150/200 is configured as a DDNS client. Therefore. The difference is that the DNS proxy searches for DNS entries saved in the local cache after receiving DNS query messages from DNS clients. DNS relay is similar to DNS proxy. TCP/IP defines IP addresses to locate devices. When the DNS server receives a query message from a DNS client. DNS proxy/relay. These host names are in oneto-one mapping with IP addresses. This process continues until the DNS server finds the corresponding IP address or detecting that the domain name does not exist. The DNS relay. it searches for the IP address mapping the domain name in its DNS database. it searches for the specified domain name in the static DNS table to obtain the mapping IP address. The DNS server then sends a response to the DNS client. After the external DNS server translates the domain name of the DNS client to an IP address. it sends a query message to an upper-level DNS server. DNS is developed to provide a translation and query mechanism between IP addresses and host names. Mappings between domain names and IP addresses are configured manually. When a DNS client requests the IP address mapping a domain name.. l Dynamic DNS resolution. If no matching entry is found. you can use the simple and meaningful domain names instead of the complicated IP addresses. therefore.Huawei AR150&200 Series Enterprise Routers Configuration Guide . the DNS client can access the Internet.1 DNS Overview This section describes the DNS concept. The DDNS server dynamically updates the mapping between the domain name and the IP address on the DNS server to ensure that the IP address can be resolved correctly. or dynamic DNS (DDNS) client. AR150/200 Functioning as a DDNS Client The AR150/200 can function as the DDNS client. It is difficult to remember the IP address of a device. AR150/200 Functioning as a DNS Proxy/Relay The AR150/200 supports the DNS Proxy/Relay function. A DNS server searches for the IP address mapping a domain name. host names are designed in the form of strings.2 DNS Features Supported by the AR150/200 The AR150/200 can function as the DNS client. Ltd. In this manner. reducing the workload. The DNS is a hierarchical naming system that designates meaningful names for devices on the network and sets a DNS server to associate domain names with IP addresses. a DNS client on the LAN can connect to an external DNS server through the AR150/200 enabled with DNS proxy or relay. If no DNS server is deployed on a LAN. A DNS client provides the following functions: l Static DNS resolution. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. AR150/200 Functioning as a DNS Client The AR150/200 can be used as a DNS Client. 131. you can configure dynamic DNS entries.109 are difficult to remember. When mappings between domain names and IP addresses change.sina. most organizations use abbreviations or meaningful names (also called domain names) such as www..com. you need the following data. Issue 02 (2012-03-30) No. Pre-configuration Tasks Before configuring a DNS client. you must know mappings between domain names and IP addresses. therefore.IP Service 4 DNS Configuration 4.3 Configuring a DNS Client A DNS client uses domain names to communicate with other devices. Name resolvers or domain servers resolve mappings between IP addresses and domain names. If your organization uses domain names to access many devices and DNS servers are available.3. If your organization seldom uses domain names to access other devices or there are no available DNS servers. complete the pre-configuration tasks. familiarize yourself with the applicable environment. complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up l Configuring a DNS server l Configuring a route between the local routing device and the DNS server Data Preparation To configure a DNS client.1 Establishing the Configuration Task Before configuring a DNS client. you must manually modify DNS entries. This will help you complete the configuration task quickly and accurately.112. you must configure static DNS entries. 84 . Data 1 Domain name and corresponding IP address in a static DNS entry 2 (Optional) IP address of a DNS server 3 (Optional) IP address of the local routing device 4 (Optional) Domain name suffix list Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. Applicable Environment IP addresses such as 202.Huawei AR150&200 Series Enterprise Routers Configuration Guide .cn to identify devices. and obtain the data required for the configuration. 4. A DNS client provides functions of a name resolver and completes resolution between IP addresses and domain names. To configure static DNS entries. repeat step 2. Context To implement dynamic DNS. you need to enable dynamic DNS resolution. Step 3 (Optional) Run: dns server ip-address The IP address of the DNS server is configured. Step 4 (Optional) Run: dns server source-ip ip-address Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 85 .3. and configure a source IP address for the local routing device and a domain name suffix.IP Service 4 DNS Configuration 4. Ltd. Step 2 Run: ip host host-name ip-address A static DNS entry is configured. Step 2 Run: dns resolve Dynamic DNS resolution is enabled. configure a DNS server. ----End 4..3 Configuring Dynamic DNS This section describes how to configure dynamic DNS. If the local routing device uses an IP address allocated by the DHCP server and the information delivered by the DHCP server to the local routing device contains the DNS server address and the domain name suffix list.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Procedure Step 1 Run: system-view The system view is displayed. you only need to enable dynamic DNS resolution. only the latest configuration takes effect.3. Each host name can be mapped to only one IP address.2 Configuring Static DNS This section describes how to configure static DNS. When multiple IP addresses are mapped to a host name. Procedure Step 1 Run: system-view The system view is displayed. If multiple host names need to be resolved. l Run the display dns dynamic-host command to check dynamic DNS entries. Ltd. repeat step 3.com 0 members. <Huawei> display ip host Host Age www.51 10. and 10 domain name suffixes. l Run the display dns domain command to check the domain name suffix configuration..10.4 Checking the Configuration After completing the DNS client configuration.90.Huawei AR150&200 Series Enterprise Routers Configuration Guide .org 0 checkip. repeat step 5. 4.51 # Run the display dns server command to view the DNS server configuration. ----End Example # Run the display ip host command to view static DNS entries.138.90. <Huawei> display dns domain No Domain-name 1 com 2 net Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3322.138.10.dyndns. <Huawei> display dns server Type: D:Dynamic S:Static DNS Server 1 2 Type S S IP Address 10.2 # Run the display dns domain command to view the domain name suffix configuration. The local routing device uses the specified address to communicate with the DNS server. This ensures communication security.1 10.90.138.org 0 Flags static static static static Address 10.3.1.1. If multiple domain name suffixes are required. Procedure l Run the display ip host command to check static DNS entries. one specified source address. l Run the display dns server command to check the DNS server configuration. If multiple DNS servers are required.90.dyndns.34 10.51 10.3322. you can view the configuration. 86 .138. ----End Follow-up Procedure The system supports a maximum of six DNS servers.IP Service 4 DNS Configuration The source IP address is specified for the local routing device to communicate with the DNS client.org 0 members. Step 5 (Optional) Run: dns domain domain-name A domain name suffix is configured. autona 4.Huawei AR150&200 Series Enterprise Routers Configuration Guide .168.com autonaptr.168. <Huawei> display dns dynamic-host Host sipx. Applicable Environment If no DNS server is deployed on a LAN. familiarize yourself with the applicable environment.com 192.autosrv.4._tcp. Changing the IP address of the DNS server requires that you change only the configuration on the DNS proxy or relay.1 Establishing the Configuration Task Before configuring DNS proxy or relay. complete the pre-configuration tasks.autosrv.com 192. Pre-configuration Tasks Before configuring DNS proxy or relay. 87 .2.com 0 0 0 sip.2. This will help you complete the configuration task quickly and accurately.com 101 10 A SIP+D2T sip. a DNS client on the LAN can connect to an external DNS server through the AR150/200 enabled with DNS proxy or relay.autosrv.19 _sip.autosrv. DNS proxy or relay reduces network management costs.IP Service 4 DNS Configuration # Run the display dns dynamic-host command to view dynamic DNS entries saved in the domain name cache.. and obtain the data required for the configuration.autosrv.2. Data 1 IP address of a DNS server 2 (Optional) IP address in response messages for DNS spoofing Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. After the external DNS server translates the domain name of the DNS client to an IP address. the DNS client can access the Internet.4 Configuring DNS Proxy or Relay This section describes how to configure DNS proxy or relay.61 sip.com TTL 114 Type IP 237 IP 117 IP 55 SRV 0 NAPTR Address(es) 0 0 0 sipx.18 sip.com 192. complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up l Configuring a DNS server l Configuring routes between the local routing device and the DNS client and between the local routing device and the DNS server Data Preparation Issue 02 (2012-03-30) No.168. Ltd.autonaptr. 4. 2 Configuring a DNS Server This section describes how to configure a DNS server. it does not forward or respond to DNS query messages from DNS clients. it spoofs reply messages to any DNS query messages using the configured IP address. Procedure Step 1 Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed. the AR150/200 uses the configured IP address to respond to all DNS query messages. Data 3 (Optional) Aging time of DNS entries 4 DNS Configuration 4.4. l There is no source IP address on the outbound interface connected to the DNS server.4. If DNS spoofing is enabled. l A DNS server is configured. but dynamic DNS resolution is disabled.3 (Optional) Configuring DNS Spoofing This section describes how to configure DNS spoofing.IP Service No. when the DNS proxy or relay receives an address record query. one of the following conditions must be met to make DNS spoofing take effect: l No DNS server is configured.. Step 2 Run: dns resolve Dynamic DNS resolution is enabled. ----End 4. In addition to enabling DNS proxy or relay. Ltd. If one of the preceding conditions is met. Step 3 Run: dns server ip-address The IP address of the DNS server that the DNS proxy or relay access is configured.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Context If the AR150/200 is enabled with DNS proxy or relay but is not configured with a DNS server address or has no route to the DNS server. 88 . l There is no route to the DNS server. Context When the DNS proxy or relay is attacked. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed. you can set the aging time of DNS entries so that the local routing device can delete expired DNS entries. Or. however. The DNS relay. The DNS relay.IP Service 4 DNS Configuration system-view The system view is displayed. 89 .4. To solve the problem. directly forwards DNS query messages to the DNS server. Step 2 Run: dns proxy enable DNS proxy is enabled.. however. run: dns relay enable DNS relay is enabled. ----End 4. Or run: dns relay enable DNS relay is enabled. The difference is that the DNS proxy searches for DNS entries saved in the local cache after receiving DNS query messages from DNS clients. DNS relay is similar to DNS proxy. Step 3 Run: dns spoofing ip-address DNS spoofing is enabled and an IP address in response messages is specified. reducing the workload. the DNS proxy or relay cannot resolve new domain names into IP addresses.Huawei AR150&200 Series Enterprise Routers Configuration Guide . As a result. the DNS table becomes full. DNS relay is similar to DNS proxy. The difference is that the DNS proxy searches for DNS entries saved in the local cache after receiving DNS query messages from DNS clients. Step 2 Run: dns proxy enable DNS proxy is enabled. reducing the workload. Ltd.4 (Optional) Setting the Aging Time of DNS Entries This section describes how to set the Aging Time of DNS Entries. directly forwards DNS query messages to the DNS server. Applicable Environment DNS can resolve domain names into IP addresses so that you can use domain names to access network nodes. This will help you complete the configuration task quickly and accurately.1. familiarize yourself with the applicable environment.3 Source port : 33025 Source packet id : 42564 Forward packet id : 1 Retry count : 2 Query type : 1 4. Procedure l Run the display dns forward table [ source-ip ip-address ] command to check the DNS table. By default. Ltd. If you use the original domain name to access the node. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5.. ----End Example # Run the display dns forward table [ source-ip ip-address ] command to view the DNS table of the DNS proxy or relay. 4. ----End 4. The AR150/200 notifies the DDNS server about the new IP address when the IP address of the interface that provides web services changes. and obtain the data required for the configuration. you can view the DNS table.5 Configuring a DDNS Client The AR150/200 can function as the DDNS client to dynamically obtain latest mappings between domain names of web sites and IP addresses on the DNS server.IP Service 4 DNS Configuration Step 3 Run: dns forward expire-time time The aging time is set for DNS entries on the DNS proxy or relay. you cannot access the node because the IP address mapping the domain name is incorrect. The AR150/200 can function as the DDNS client.Huawei AR150&200 Series Enterprise Routers Configuration Guide . This allows your organization to use domain names to access web sites. <Huawei> display dns forward table Domain name : ma.huawei. DNS just provides static mappings between domain names and IP addresses. the aging time of DNS entries is 60s.1 Establishing the Configuration Task Before configuring a DDNS client. complete the pre-configuration tasks. It cannot dynamically update the mapping when the IP address of a node changes. 90 .5 Checking the Configuration After configuring DNS proxy/relay.com Source IP : 1.1.4. you must create a DDNS policy in the system view. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5.3 Configuring a DDNS Policy This section describes how to configure a DDNS policy. Procedure Step 1 Run: system-view The system view is displayed.. Procedure Step 1 Run: system-view The system view is displayed. complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up l Registering routes on the DDNS server Web site l Configuring a route between the local routing device and the DDNS server Data Preparation No. Pre-configuration Tasks Before configuring a DDNS client.IP Service 4 DNS Configuration The DDNS server dynamically updates the mapping between the domain name and the IP address on the DNS server to ensure that the IP address can be resolved correctly. Step 2 Run: ddns policy policy-name A DDNS policy is created and the DDNS policy view is displayed. ----End 4.5.2 Creating a DDNS Policy Before using DDNS functions. 91 . Ltd. Data 1 URL in the DDNS server 2 (Optional) Interval for sending DDNS update requests 3 Number of the interface bound to a DDNS policy 4.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Step 2 Run: interface interface-type interface-number The interface view is displayed. the URL in a DDNS update request is: oray://username:password@phddnsdev.. Step 3 Run: url request-url The Uniform Resource Location (URL) in DDNS update requests is specified. 92 . After a DDNS policy is created.net Step 4 Run: interval interval-time The interval for sending DDNS update requests is set.3322.oray. enter the URL and specify a DDNS server in the URL. the URL configuration of DDNS servers is different. By default. the URL in a DDNS update request is: http://username:[email protected]. Step 3 Run: ddns apply policy policy-name fqdn domain-name The DDNS policy is bound to the interface. The processes for the AR150/200 to request DDNS updates from different DDNS servers are different.IP Service 4 DNS Configuration Step 2 Run: ddns policy policy-name A DDNS policy is created and the DDNS policy view is displayed. Procedure Step 1 Run: system-view The system view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide .3322.org. Ltd. therefore. l When the AR150/200 uses HTTP to communicate with the DDNS server provided by the vendor at www.oray.cn. After the interval for sending DDNS update requests is set in the configured DDNS policy.org/dyndns/ update'system=dyndns&hostname=<h>&ip=<a> l When the AR150/200 uses TCP to communicate with the DDNS server provided by the vendor at www. the AR150/200 sends DDNS update requests at intervals. the interval for sending DDNS update requests is 3600s. ----End 4. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4 Binding a DDNS Policy to an Interface You can bind a DDNS policy to an interface to update the mapping between the specified fully qualified domain name (FQDN) and an IP address. Ltd. ----End Example # Run the display ddns policy command to view information about the DDNS policy JackPolicy.1 Deleting Dynamic DNS Entries of DNS Clients This section describes how to delete dynamic DNS entries of DNS clients.6 Maintaining DNS This section describes how to maintain DNS. DDNS policies can only be bound to Layer 3 interfaces and VLANIF interfaces. <Huawei> display ddns policy JackPolicy Policy name : JackPolicy Policy interval time : 3600 Policy URL : oray://Jack:[email protected]. you can view the DDNS client configuration. ----End 4.net Policy bind count : 1 ===== interface Ethernet1/0/0 ====== Statuses: START Refresh: enable # Run the display ddns interface command to view the DDNS policy information on VLANIF 100.oray. 4. Exercise caution when you run the command.oray. Dynamic DNS entries cannot be restored after being deleted.net Statuses: START Refresh: enable 4. l Run the display ddns interface interface-type interface-number command to view DDNS policy information on the interface.5 Checking the Configuration After configuring a DDNS client.IP Service 4 DNS Configuration On the AR150/200. 93 . Procedure Step 1 Run the reset dns dynamic-host command to delete dynamic DNS entries of DNS clients. Procedure l Run the display ddns policy policy-name command to view DDNS policy information. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. <Huawei> display ddns interface Vlanif 100 ===== Policy JackPolicy ======= URL: oray://Jack:[email protected] AR150&200 Series Enterprise Routers Configuration Guide .5. RouterA functions as a DNS client and cooperates with the DNS server. RouterA can access the host at 2. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.6. Procedure Step 1 Run the reset ddns policy policy-name [ interface-type interface-num ] command to update mappings between all the IP addresses and host names in the DDNS policy are updated.3 Manually Updating a DDNS Policy This section describes how to manually update a DDNS policy. ----End 4. the DNS table becomes full.1.1 Example for Configuring a DNS Client Networking Requirements As shown in Figure 4-1.com. The domain name suffixes are configured as com and net.7.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1.2 Deleting DNS Entries of the DNS Proxy or Relay When the DNS proxy or relay is attacked. 94 . 4. Ltd. Static DNS entries of RouterB and RouterC are configured on RouterA so that RouterA can manage RouterB and RouterC. Procedure Step 1 Run the reset dns forward table [ ip-address ] command to delete DNS entries of the DNS proxy or relay.IP Service 4 DNS Configuration 4..3/16 by domain name huawei.7 Configuration Examples This section provides DNS configuration examples.6. NOTE AR150/200 is RouterA. ----End 4. The reset dns forward table command can delete all DNS entries. 4.2/16 DNS Server 3.1.1/16 Eth2/0/0 2.0 0. 3.1. Ltd.1.0. l Domain names of RouterB and RouterC.1.0.1. Configure a domain name suffix.255.2/16 DNS Client RouterA Eth1/0/0 1.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2/16 huawei. Configure an IP address for the DNS server.1.1.0. Enable DNS resolution. # Configure an IP address for Eth1/0/0.2/32 RouterC Eth1/0/0 3.1/16 1.0 [RouterA-Ethernet1/0/0] quit # Configure OSPF. you need the following data: l Number and IP address of the interface connecting RouterA and RouterB.1.255 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 2..IP Service 4 DNS Configuration Figure 4-1 Network diagram Loopback0 4. Procedure Step 1 Configure RouterA. 5. Configure OSPF.1.255. 95 .1.2 255.1.1.1. l Domain name suffix.1/16 Eth2/0/0 2.com 2.1.0] network 1.3/16 Configuration Roadmap The configuration roadmap is as follows: 1.1.0. Create static DNS entries.1.0.1.1. [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0. <Huawei> system-view [Huawei] sysname RouterA [RouterA] interface Ethernet 1/0/0 [RouterA-Ethernet1/0/0] ip address 1.1/32 RouterB Loopback0 4.1.1. Data Preparation To complete the configuration.1. l IP address of the DNS server. huawei.1 static 4.00% packet loss round-trip min/avg/max = 4/4/6 ms Run the display ip host command on RouterA. You can see that the ping operation succeeds and the destination IP address is 2.Huawei AR150&200 Series Enterprise Routers Configuration Guide . # Run the ping huawei. Ltd.1.1.3: bytes=56 data bytes.0. Address(es) 96 .1. press CTRL_C to break Sequence=1 ttl=126 time=6 ms Sequence=2 ttl=126 time=4 ms Sequence=3 ttl=126 time=4 ms Sequence=4 ttl=126 time=4 ms Sequence=5 ttl=126 time=4 ms --.1.1.1.1.com 2.com (2.3): 56 Reply from 2. see the configuration files. <RouterA> ping huawei.1.1.1.1.1.1. [RouterA] dns domain net # Configure a domain name suffix as com.3: bytes=56 Reply from 2..0.3: bytes=56 Reply from 2.1. [RouterA] dns server 3. <RouterA> display dns dynamic-host Host huawei.3 Issue 02 (2012-03-30) TTL 114 Type IP Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.com ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.3: bytes=56 Reply from 2.0] quit [RouterA-ospf-1] quit # Create static DNS entries.1.1.2) PING huawei.com Trying DNS server (3.1 [RouterA] ip host DeviceC 4.2 # Configure a domain name suffix as net.1. For details about OSPF configurations on RouterB and RouterC.1.2 # Run the display dns dynamic-host command on RouterA.1. <RouterA> display ip host Host Age DeviceB 0 DeviceC 0 Flags Address static 4.3: bytes=56 Reply from 2. Step 2 Verify the configuration. You can view mappings between host names and IP addresses in static DNS entries. [RouterA] dns resolve # Configure an IP address for the DNS server.1. [RouterA] dns domain com NOTE You must configure OSPF on RouterB and RouterC so that a route between RouterA and the DNS server can be generated. [RouterA] ip host DeviceB 4.com command on RouterA.1.1.IP Service 4 DNS Configuration [RouterA-ospf-1-area-0.1.2 # Enable DNS resolution.1.1. You can view information about dynamic DNS entries in the domain name cache.3. 0 # interface Ethernet 2/0/0 ip address 2.1.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 97 .2 # dns resolve dns server 3.255.255.255.1.1.0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.0.1.1.2 dns domain net dns domain com # interface Ethernet 1/0/0 ip address 1.1.1.1 255.1.0.0 # interface Ethernet 2/0/0 ip address 2.0.0.255.255 network 4.1.IP Service 4 DNS Configuration NOTE The TTL field in the command output indicates the time left before a DNS entry is aged out.0 # return Configuration file of RouterC # sysname RouterC # interface LoopBack0 ip address 4.0.1 255.0.0 network 1.255.1.1.1.0 # ospf 1 area 0.1 255.0.2 255.1.255 # interface Ethernet 1/0/0 ip address 1. Ltd.2 255.255 network 2.1.1 ip host DeviceC 4.255.0.1.1 0.1.1.255.255 # interface Ethernet 1/0/0 ip address 3.0 0.0.1 255.0.0.1. in seconds.255.255.255.0..1.1.255.0.0 network 1.1. ----End Configuration Files Configuration file of RouterA # sysname RouterA # ip host DeviceB 4.2 255.1.0 0.0.0 # ospf 1 area 0.0.0.0 0.0.1.255 # return Configuration file of RouterB # sysname RouterB # interface LoopBack0 ip address 4.1.255. 1.0.IP Service 4 DNS Configuration # ospf 1 area 0..1. If the route between RouterA and the DNS server is unreachable.2 Example for Configuring DNS Proxy Networking Requirements As shown in Figure 4-2.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0 0.0.1/16 Configuration Roadmap The configuration roadmap is as follows: 1.1. Figure 4-2 Network diagram for configuring DNS proxy RouterA DNS Proxy NetworkA Eth1/0/0 1.255 network 4.0.255. Ltd.1. Data Preparation To complete the configuration. the IP address configured for DNS spoofing is returned. 98 .0.0 network 2.0.1.1. NOTE AR150/200 is RouterA.0. you need the following data: l IP address of the DNS server. Procedure Step 1 Configure an IP address for Eth1/0/0.1. l Aging time of DNS entries. <Huawei> system-view [Huawei] sysname RouterA [RouterA] interface ethernet 1/0/0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. no DNS server is deployed on NetworkA.7. Configure a DNS server.1.0 0.1. 2.1. l IP address configured by DNS spoofing. Configure DNS spoofing.0.2/16 Eth1/0/0 1.1/16 Eth2/0/0 2.255.0.2 0.1.2/16 RouterB DNS Server 2.0 # return 4.255 network 3. Users on NetworkA access the external DNS server to resolve domain names through RouterA enabled with DNS proxy. Step 5 Verify the configuration.1. [RouterA] dns server 2.0.3 dns forward expire-time 150 ----End Configuration Files Configuration file of RouterA # sysname RouterA # interface Ethernet 1/0/0 ip address 1.3 Step 4 Configure OSPF.0.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0] network 1.1 255.255.1. 99 .1.0 [RouterA-Ethernet1/0/0] quit Step 2 Configure a DNS server.1.0 # dns resolve dns server 2.IP Service 4 DNS Configuration [RouterA-Ethernet1/0/0] ip address 1..1 dns proxy enable dns forward expire-time 150 # dns spoofing 10.1. [RouterA] dns forward expire-time 150 Step 3 Enable DNS spoofing and specify the IP address in response messages as 10.1 # Enable DNS proxy.1. # Enable dynamic DNS resolution. [RouterA] dns resolve # Configure a DNS server that the DNS proxy or relay access.1 255.0. [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.1 dns proxy enable dns spoofing 10.1. # Run the display current-configuration command on RouterA to view the DNS proxy configuration.3.1.0.255. <RouterA> display current-configuration | include dns dns resolve dns server 2. see the configuration file.0] quit [RouterA-ospf-1] quit NOTE You must configure OSPF on RouterB so that a route between RouterA and the DNS server can be generated.1.255.1. [RouterA] dns spoofing 10.255 [RouterA-ospf-1-area-0.1.0.1.1.0 0.0. For details about OSPF configurations on RouterB.1.1.1.1.1. Ltd.0.3 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. [RouterA] dns proxy enable # Set the aging time of DNS entries to 150s on the DNS proxy or relay.0. 1.0.0.1.1/16 Eth1/0/0 3.255.1.3/16 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1.2/16 RouterB Loopback0 4. Then the DDNS server instructs the DNS server to reconfigure the mapping between the domain name and the IP address. 100 .255.2 255. NOTE AR150/200 is RouterA. The DDNS service provider www.0.abc.0 # interface Ethernet 2/0/0 ip address 2.com.1. you must enable the DDNS client function to obtain the latest mapping between the domain name and the IP address.IP Service 4 DNS Configuration # ospf 1 area 0.7. the domain name of RouterA is www..1/16 Eth2/0/0 2.1. Ltd.0.3 Example for Configuring a DDNS Client Networking Requirements As shown in Figure 4-3. the IP address may change.255 network 2.255.255.2/32 RouterC Eth1/0/0 DDNS Client Eth1/0/0 1.1.1. RouterA obtains an IP address from the DHCP server.255 # return 4.1.1.0.oray. Figure 4-3 Network diagram Loopback0 4.0.2/16 DNS Server 3.0.1.0.1/32 RouterA 1.255 # return Configuration file of RouterB # sysname RouterB # interface Ethernet 1/0/0 ip address 1.1.1.0.0 0.1.1.com is used as the DDNS server. In this case.2 255.0.1.0 0.1.1.1.1.255.0.0.1.0 network 1.0 # ospf 1 area 0.1/16 Eth2/0/0 2. RouterA functions as the DDNS client to send a request to the DDNS server when the IP address of RouterA changes. therefore.1.1.2/16 DDNS Server 2.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0 0.0 network 1.1. [RouterA] ospf [RouterA-ospf-1] area 0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 3.2 255. Create a DDNS policy.0 [RouterA-Ethernet1/0/0] ddns apply policy mypolicy fqdn www. Configure the URL for the DDNS server. [RouterA-ddns-policy-mypolicy] url oray://steven:nevets@phddnsdev. # Create a DDNS policy. Bind a DDNS policy to an interface.1.1.abc.2 # Bind the DDNS policy to Eth1/0/0. RouterA instructs the DNS server to establish a mapping between the domain name www. 101 . 4. [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] ip address 1. you need the following data: l Domain name of RouterA l URL of the DDNS server l User name and password for the DDNS client to log in to the DDNS server l Interval for sending DDNS update requests Procedure Step 1 Configure RouterA. [RouterA-ddns-policy-mypolicy] interval 3600 [RouterA-ddns-policy-mypolicy] quit # Enable DNS resolution. Set the interval for sending DDNS update requests..net # Set the interval for sending DDNS update requests.1. 2. when the IP address of Eth1/0/0 changes.IP Service 4 DNS Configuration Configuration Roadmap The configuration roadmap is as follows: 1.1. [RouterA] dns server 3. By doing this.com [RouterA-Ethernet1/0/0] quit After the configuration is complete. users on the Internet can resolve a new IP address mapping the domain name www. # Configure OSPF. Data Preparation To complete the configuration.255.abc.oray. <Huawei> system-view [Huawei] sysname RouterA [RouterA] ddns policy mypolicy # Configure the URL of the DDNS server. [RouterA] dns resolve # Configure an IP address for the DNS server. Ltd.Huawei AR150&200 Series Enterprise Routers Configuration Guide .com and the new IP address through the DDNS server.com.abc.0. net # interface Ethernet1/0/0 ip address 1.0.2 255.0.1.1. configure OSPF on RouterB and RouterC.255 # return Configuration file of RouterB # sysname RouterB # interface LoopBack0 ip address 4.oray. <RouterA> display ddns Policy name : Policy interval time : Policy URL : Policy bind count : policy mypolicy mypolicy 3600 oray://steven:[email protected] 1 ===== interface Ethernet1/0/0 ====== Statuses: ESTABLISH Refresh: enable # Run the display ddns interface ethernet 1/0/0 command on RouterA.0 ddns apply policy mypolicy fqdn www.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0.oray.255.0.0 network 1.IP Service 4 DNS Configuration [RouterA-ospf-1-area-0.0.0.oray.0] network 1.abc.255.1.0. see the configuration files. 102 . # Run the display ddns policy mypolicy command on RouterA.0.0.0.255. and you can view information about the DDNS policy on Eth1/0/0.1. <RouterA> display ddns interface ethernet 1/0/0 ===== Policy mypolicy ======= URL: oray://steven:[email protected] [RouterA-ospf-1-area-0.net Statuses: ESTABLISH Refresh: enable ----End Configuration Files Configuration file of RouterA # sysname RouterA # ddns policy mypolicy url oray://steven:[email protected] # ospf 1 area 0. Ltd. Step 2 Verify the configuration. For details about OSPF configurations on RouterB and RouterC. DDNS server.0 0.1 255. and the DNS server.0 0.1.255.255 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. and you can view information about the DDNS policy named mypolicy.0.0] quit [RouterA-ospf-1] quit NOTE To implement communication between the DDNS client.255.. 2 255.0.1.0.0.255 network 4.0.255.0 0.255 network 3.0 network 1.255 # interface Ethernet1/0/0 ip address 3.1.0 # return Configuration file of RouterC # sysname RouterC # interface LoopBack0 ip address 4.1 0.1.0.0 # ospf 1 area 0.255.1.0.1. 103 .0.0 # interface Ethernet2/0/0 ip address 2.0 # ospf 1 area 0.1 255.1.255.0.0.1.0 0.255.0.0.1.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0.1.1.0.255 network 4..0 0.0 # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.255 network 2.255.255.0 0.255.0.255.1 255.0.255.0.0.1.1.2 255.0 # interface Ethernet2/0/0 ip address 2.1.0.1.2 0.1.0.1.0 network 2. Ltd.0.255.1.1 255.IP Service 4 DNS Configuration # interface Ethernet1/0/0 ip address 1.1. NAT Application Level Gateway (ALG).2 NAT Features Supported by the AR150/200 The AR150/200 supports the following NAT features: static NAT. twice NAT. Ltd. Easy IP.1 NAT Overview NAT enables hosts on a private network to access the public network. It conserves IPv4 addresses and improves network security by shielding the private network topology. NAT filtering.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 5. port address translation (PAT). 5. use Easy IP for a single user and an address pool for multiple users.4 Configuration Examples This section provides several configuration examples of NAT. NAT mapping.IP Service 5 NAT Configuration 5 NAT Configuration About This Chapter Network Address Translation (NAT) translates private addresses into public addresses. 104 . and NAT multi-instance.3 Configuring NAT To implement communication between the private network and the public network through NAT. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 5. internal server.. 5. 251 on the public network in Web mode..1 NAT Overview NAT enables hosts on a private network to access the public network.48 on the private network accesses the server 202.0-10.168.196.. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.196. Principle of NAT As shown in Figure 5-1.0.255.245.245. is a unique IP address on the Internet. the source address/port of the packet is changed to 203.3. The host sends a data packet.1. Router Internalnetwork 203.18.255.255 l Class B: 172.. Ltd.0-172. and the destination address/port remains unchanged. is the IP address of an internal network or host. and uses port 6084 as the source port and port 80 as the destination port.31.1.255.168.Huawei AR150&200 Series Enterprise Routers Configuration Guide ..0.1.18. After the address is translated.23.0. Private Network Address and Public Network Address A private network address.16. A public network address.255 l Class C: 192. The Internet Assigned Number Authority (IANA) defines the following IP addresses as private addresses: l Class A: 10.255. errors may occur during communication with other networks.0 and its public address is 203.1.IP Service 5 NAT Configuration 5.255 After planning the scale of the intranet.3.1.48 PC . If an intranet does not use the IP address in the defined private address segments. Figure 5-1 Networking of NAT PC 10.. an enterprise chooses the proper private address segment.0. The host 10.. the private address must be translated when a host on a private network accesses the Internet or interworks with the hosts on a public network.23:32814.3.0.23 Externalnetwork WWW Server 202.251 The private network uses network segment 10. which is also called a public address. 105 .10 WWW client 10..196.0-192.. The private address segments of enterprises can overlap each other.1. The AR150/200 maintains a mapping table between addresses and ports.0. which is also called a private address. When the public network returns a response. the PAT-enabled device translates the destination IP addresses to private addresses according to the port numbers. static NAT translates the destination IP address of the response packet to the private address. twice NAT. which is also called network address port translation (NAPT). NAT Application Level Gateway (ALG).. 106 . 5. PAT Port address translation (PAT). Ltd. but can shield the topology of the private network. PAT translates source IP addresses of packets from hosts that reside on the private network to a public address. When a packet is sent from a private network to the public network. are replaced with different port numbers. the AR150/200 translates the destination IP address/ port in the returned data packet to 10. The source port numbers of the packets. In this way.1. When the public network returns response packets to private networks.48:6084. public addresses are saved. internal server.2 NAT Features Supported by the AR150/200 The AR150/200 supports the following NAT features: static NAT. Therefore.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The translated port numbers of these packets are different.1. maps a public address to multiple private addresses. and NAT multi-instance. the number of private addresses is equal to the number of public addresses. NAT mapping. Figure 5-2 shows how PAT translates IP addresses and port numbers. the PAT-enabled device replaces the source addresses with the same public address.IP Service 5 NAT Configuration After the web server responds to the host. NAT filtering. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and the private addresses can share a public address. Before packets from different private addresses are sent to the public network. Easy IP. port address translation (PAT). Static NAT cannot save public addresses. A mapping table between private addresses and ports is configured for PAT. the host on the private network can access the server on the public network. static NAT translates the source IP address of the packet to a public address. That is. however. Static NAT Static NAT maps a private address to a public address. Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 5 NAT Configuration Figure 5-2 PAT working process PAT Datagram 1 Src IP:192.168.1.3 Src Port:23 Datagram 1 Src IP: 202.169.10.1 Src Port:10023 Datagram 2 Src IP: 192.168.1.3 Src Port:80 Datagram 2 Src IP: 202.169.10.1 Src Port:10080 192.168.1.3 Router 192.168.1.2 Datagram 3 Src IP: 192.168.1.2 Src Port:23 Datagram 4 Src IP: 192.168.1.2 Src Port:80 Datagram 3 Src IP: 202.169.10.1 Src Port:11023 Datagram 4 Src IP: 202.169.10.1 Src Port:11080 Internal Server NAT can shield internal hosts. In applications, users on the public network may need to access the internal hosts. For example, users on the public network need to access a Web server or a file transfer protocol (FTP) server. NAT allows you to flexibly configure IP addresses for internal servers. For example, you can use 202.110.10.10 or even 202.110.10.12:8080 as the public address of a Web server, and use 202.110.10.11 as the public address of an FTP server. Multiple servers (Web servers for example) can be provided for external user. You can configure an internal server and map the public address and port to the internal server. In this way, hosts on the public network can access the internal server. NAT Mapping The NAT function saves IPv4 addresses and improves network security. NAT implementation of different vendors may be different; therefore, the applications using the simple traversal of UDP through NAT (STUN), traversal using relay NAT (TURN), and Interactive Connectivity Establishment (ICE) technologies may fail to traverse the NAT devices of these vendors. These technologies are commonly used on the SIP proxy. NAT mapping enables these applications to traverse the NAT devices. NAT Filtering A NAT device filters the traffic from external network to internal network. After a host on the internal network sends an access request to a host on the external network, the host on the external Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 107 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 5 NAT Configuration network transmits traffic to the internal host. The NAT device filters the traffic sent to the internal host. Easy IP Easy IP takes the public IP address of the interface as the source address after NAT is performed. In addition, it uses the Access Control List (ACL) to control the private addresses to be translated. NAT ALG Some protocols are sensitive to the NAT function and cannot work correctly without special processing. Packets of these protocols contain the IP address and/or port number in the payload, which affects protocol interaction. The NAT ALG function allows such protocol packets to traverse NAT devices. It replaces the IP address and port number in the payload to implement transparent transmission and relay of protocol packets. The NAT ALG of the AR150/200 supports the domain name system (DNS), FTP, Real-Time Streaming Protocol (RTSP) and Session Initiation Protocol (SIP). Twice NAT Basic NAT translates only the source or destination address of packets, whereas twice NAT translates both the source and destination addresses. The twice NAT technology applies to the scenario where IP addresses of hosts on private and public networks overlap. As shown in Figure 5-3, the IP address of PC1 on the private network is the same as the IP address of PC3 on the public network. If PC2 on the private network sends a packet to PC3, the packet will be forwarded to PC1. Twice NAT translates the overlapping IP address into a unique temporary address (based on basic NAT) according to the mapping between the overlapping address pool and the temporary address pool. In this way, packets can be forwarded correctly. Figure 5-3 Networking of twice NAT PC 1 10.0.0.1/24 PC 3 Router PC 2 10.0.0.1/24 www.web.com 10.0.0.1/24 DNS Server You can configure twice NAT on the AR150/200 as follows: 1. Configure basic NAT (many-to-many NAT): Configure an NAT address pool that contains IP addresses 200.0.0.1 to 200.0.0.100 and apply it to the interface connecting to the WAN. 2. Configure the mapping from overlapping addresses to temporary addresses: 10.0.0.0 to 3.0.0.0. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 108 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 5 NAT Configuration The mapping indicates that one overlapping address pool maps one temporary address pool. The translation rules are as follows: Temporary address = Start IP address in the temporary address pool + (Overlapping IP address - Start IP address in the overlapping address pool) Overlapping address = Start IP address in the overlapping address pool + (Temporary IP address - Start IP address in the temporary address pool) When PC2 on the private network accesses PC3 on the public network using the domain name, packets are processed as follows: 1. PC2 sends a DNS request for resolving the domain name www.web.com of the web server. After the DNS server resolves the DNS request, the AR150/200 receives the response packet from the DNS server. The AR150/200 resolves the address 10.0.0.1 in the payload of the response packet and detects that the address is an overlapping address (it is in the overlapping address pool). The AR150/200 translates the address 10.0.0.1 into the temporary address 3.0.0.1, and translates the destination address of the response packet using basic NAT. Then the AR150/200 sends the packet to PC2. 2. PC2 sends an access request packet with the temporary address 3.0.0.1 corresponding to www.web.com to access the public network. When the packet reaches the AR150/200, the AR150/200 translates the source address of the packet using basic NAT and then translates the destination address (temporary address) to the overlapping address 10.0.0.1. 3. The AR150/200 sends the packet to the WAN-side outbound interface. The packet is then forwarded to PC3 hop by hop. 4. When the packet sent from PC3 to PC2 reaches the AR150/200, the AR150/200 checks the source address 10.0.0.1, which is the overlapping address (it is in the overlapping address pool). The AR150/200 translates the source address to the temporary address 3.0.0.1, and translates the destination address using basic NAT. Then the AR150/200 sends it to PC2. Source Address Associated with the VPN Before NAT Is Performed The NAT-enabled AR150/200 allows users on private networks to access the public network and allows users in different VPNs to access the public network through the same egress. In addition, users in the VPNs with the same IP address can access the public network. NAT Server Associated with VPNs The NAT-enabled AR150/200 supports association between VPNs and NAT server, and allows users on the public network to access hosts in the VPNs. This function is applicable when IP addresses of multiple VPNs overlap. 5.3 Configuring NAT To implement communication between the private network and the public network through NAT, use Easy IP for a single user and an address pool for multiple users. 5.3.1 Establishing the Configuration Task Before configuring NAT, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 109 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 5 NAT Configuration Applicable Environment NAT must be configured at the boundary between the private network and the public network so that it can translate private and public addresses. Pre-configuration Tasks Before configuring NAT, complete the following task: l Creating a basic ACL or an advanced ACL and configuring ACL rules Data Preparation To configure NAT, you need the following data. No. Data 1 Number of the public address pool, start IP address, and end IP address 2 Number of the basic ACL or advanced ACL 3 Information about the internal server, including the protocol type, public address, public port number, private address (the VPN instance may be included), and (optional) private port number 4 Information about static NAT, including the protocol type, public address, public port number, private address (the VPN instance may be included), (optional) private port number, and subnet mask 5 Index of the overlapping address pool and temporary address pool, start IP address, address pool length, and (optional) VPN instance 6 Domain name, public address, and public port number 5.3.2 Configuring an Address Pool Configure a NAT address pool when multiple users on the private network need to access the public network. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: nat address-group group-index start-address end-address A public address pool is configured. A public address pool is a set of public addresses. When performing NAT on data packets from the private network, the AR150/200 selects an IP address from the address pool as the source address. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 110 Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The interface view is displayed. Ltd. 111 .IP Service 5 NAT Configuration The public address pool IDs are numerals.4 Configuring Easy IP Easy IP uses an interface IP address as the source address of data packets matching an ACL.3. Different IP address translation entries can be configured on an interface. no-pat indicates one-to-one NAT. only the IP address is translated and the port number is not translated ----End 5. Step 2 Run: interface interface-type interface-number The interface view is displayed. ----End 5. Procedure Step 1 Run: system-view The system view is displayed.3. the AR150/200 translates source addresses of data packets matching the ACL to an IP address in the address pool.Huawei AR150&200 Series Enterprise Routers Configuration Guide . no public address pool is configured on the AR150/200.. Step 3 Run: nat outbound acl-number [ address-group group-index [ no-pat ] | interface loopback interface-number ] Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. that is. In the command. After an ACL is associated with an address pool. Step 3 Run: nat outbound acl-number [ address-group group-index [ no-pat ] | interface loopback interface-number ] An ACL is associated with an address pool. By default. Up to 8 address pools can be configured.3 Associating an ACL with an Address Pool Network administrators can use ACLs to control which users can access public networks using NAT. NAT translates the destination address of the request to a private address (host-address).IP Service 5 NAT Configuration Easy IP is configured. ----End 5.3. When a host on the public network sends a connection request to the public address (global-address) of the internal server.Huawei AR150&200 Series Enterprise Routers Configuration Guide . NOTE When configuring an internal server. Static NAT does not save public addresses but shields the private network topology.3.5 Configuring an Internal Server Deploying a server on the private network improves security of the server and prevents attacks from the public network. Procedure Step 1 Run: system-view The system view is displayed. Users on the public network can access the configured internal server. ensure that global-address and host-address are different from interface IP addresses and IP addresses in the user address pool. Step 3 Run: l nat server protocol { tcp | udp } global { global-address | current-interface } globalport inside host-address [ host-port ] [ vpn-instance vpn-instance-name ] [ acl aclnumber ] [ description description ] l nat server protocol { tcp | udp } global interface loopback interface-number globalport [ vpn-instance vpn-instance-name ] inside host-address [ host-port ] [ vpn-instance vpn-instance-name ] [ acl acl-number ] [ description description ] l nat server [ protocol { protocol-number | icmp | tcp | udp } ] global global-address inside host-address [ vpn-instance vpn-instance-name ] [ acl acl-number ] [ description description ] An internal server is configured. Ltd. Procedure Step 1 Run: system-view Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Users on the private and public networks can access the server.6 Configuring Static NAT Static NAT maps a private address to a public address. 112 . The AR150/200 then forwards the request the server.. Step 2 Run: interface interface-type interface-number The interface view is displayed. ----End 5. ensure that global-address and host-address are different from interface IP addresses and IP addresses in the user address pool. FTP. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. NOTE When configuring static NAT.IP Service 5 NAT Configuration The system view is displayed. packets of the application protocol can traverse the NAT server. all indicates that NAT traversal applies to the DNS. After the NAT ALG function is enabled for an application protocol. After an internal host sends an access request to an external host.3.. Step 2 Run: nat alg { all | dns | ftp | rtsp | sip } enable The NAT ALG function is enabled.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The NAT ALG function ensures that the protocol packets are translated successfully.8 Configuring NAT Filtering A NAT device filters the traffic from external network to internal network.7 Enabling NAT ALG Errors may occur when NAT translates protocol packets encapsulated in IP data packets. The application protocol cannot work without the NAT ALG function. Ltd. ----End 5. Procedure Step 1 Run: system-view The system view is displayed. and RTSP protocols. ----End 5. The NAT device filters the traffic sent to the internal host. Step 2 Run: interface interface-type interface-number The interface view is displayed. In the command. 113 . Step 3 Run: l nat static protocol { tcp | udp } global { global-address | current-interface } globalport inside host-address [ host-port ] [ vpn-instance vpn-instance-name ] [ netmask mask ] [ acl acl-number ] [ description description ] l nat static protocol { tcp | udp } global interface loopback interface-number global-port [ vpn-instance vpn-instance-name ]inside host-address [ host-port ] [ vpn-instance vpninstance-name ] [ netmask mask ] [ acl acl-number ] [ description description ] l nat static [ protocol { protocol-number | icmp | tcp | udp } ] global global-address inside host-address [ vpn-instance vpn-instance-name ] [ netmask mask ] [ acl aclnumber ] [ description description ] Static NAT is configured. the external host transmits traffic to the internal host.3. SIP. NAT filtering applies to the traffic from an external network to an internal network. and ICE technologies to traverse the NAT server. regardless of the external port. l Address-dependent mapping: reuses the port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address. destination port. 114 .IP Service 5 NAT Configuration Context NAT filtering has the following modes: l Endpoint-independent filtering l Address-dependent filtering l Address and port-dependent filtering Procedure Step 1 Run: system-view The system view is displayed.. l Address and port-dependent mapping: reuses the port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port while the mapping is still active.3. Step 2 Run: nat filter-mode { endpoint-dependent | endpoint-independent | endpoint-and-portdependent } The NAT filtering mode is set.Huawei AR150&200 Series Enterprise Routers Configuration Guide . source port. Ltd. Procedure Step 1 Run: system-view The system view is displayed. destination IP address.9 Configuring NAT Mapping NAT mapping allows applications using the STUN. ----End 5. The default mode is endpoint-and-port-dependent. Step 2 Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. In this mode. the system uses the source IP address. TURN. Context The NAT function saves IPv4 addresses and improves network security. NAT mapping has the following modes: l Endpoint-independent mapping: reuses the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. and protocol number as the index to search the NAT mapping table. 11 Configuring Twice NAT Twice NAT translates both the source and destination IP addresses of a data packet. Then the overlapping address is translated to a unique temporary address and packets can be forwarded correctly. Ltd.3. In addition. configure outbound NAT to implement twice NAT. Up to 32 mapping entries can be configured on the AR150/200. but has no DNS server deployed. ----End 5. If hosts on the private network need to differentiate and access servers using domain names. port number. It applies to the situation where IP addresses of internal hosts and external hosts overlap.. Procedure Step 1 Run: system-view The system view is displayed. The default mode is address and port-dependent mapping. NAT mapping applies to the traffic from an internal network to an external network.Huawei AR150&200 Series Enterprise Routers Configuration Guide . and protocol type is configured. Step 2 Run: nat dns-map domain-name global-address global-port { tcp | udp } The mapping from a domain name to a public IP address. configure the mapping between the overlapping address pool and the temporary address pool.10 Configuring DNS Mapping A private network may deploy different servers such as FTP servers and web servers. ----End 5. configure DNS mapping. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Run: nat alg { all | dns | ftp | rtsp | sip } enable The NAT ALG function is enabled for DNS. CAUTION The NAT ALG function allows hosts on a private network to access servers on the private network through the external DNS server.IP Service 5 NAT Configuration nat mapping-mode endpoint-independent [ tcp | udp ] [ dest-port port-number ] The NAT mapping mode is set.3. Context When IP addresses of internal hosts and external hosts overlap. 115 . 12 Checking the Configuration After NAT is configured.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The lengths of the two address pools are the same. Ltd.. l Run the display nat server [ global global-address | inside host-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number.subnumber ] command to check the configuration of the NAT server. the twice NAT configuration is also deleted. l Run the display nat outbound [ acl acl-number | address-group group-index | interface { Ethernet } interface-number. Procedure l Run the display nat alg command to check whether the NAT ALG function is enabled. ----End 5. l Run the display nat dns-map [ domain-name ] command to check information about DNS mapping.subnumber ] command to check information about outbound NAT. l Run the display nat mapping table { all | number } command to view the NAT mapping table information or number of entries in the table. l Run the display nat static [ global global-address | inside host-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-name ] command to check the configuration of static NAT. l Run the display nat address-group [ group-index ] [ verbose ] command to check the configuration of the NAT address pool.IP Service 5 NAT Configuration Procedure Step 1 Run: system-view The system view is displayed. 116 . and up to 255 IP addresses can be configured in each of the two address pools. l Run the display nat overlap-address { map-index | all | inside-vpn-instance inside-vpninstance-name } command to check information about twice NAT.3. Up to 8 mapping entries between the overlapping address pool and the temporary address pool can be configured. The overlapping address pool and temporary address pool contain consecutive IP addresses. When the VPN instance in the NAT mapping is deleted. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. you can view information about NAT. Step 2 Run: nat overlap-address map-index overlappool-startaddress temppool-startaddress poollength length [ inside-vpn-instance inside-vpn-instance-name ] Twice NAT is configured. 0.Huawei AR150&200 Series Enterprise Routers Configuration Guide .3/24 and its public address is 202. Configure a default route.169.169.1 Example for Configuring the NAT Server Networking Requirements As shown in Figure 5-4.0.and the interface address of the AR150/200 connected to the carrier device is 202.0.169. 3.IP Service 5 NAT Configuration 5.2/24. The private IP address of the web server is 192.20.5/24. Enable the FTP NAT ALG function to allow the external FTP packets to traverse the NAT servers. Ltd. The company provides the web server and FTP server for users on the public network to access.10. 117 .2:8080 Eth0/0/0 Eth2/0/0 Eth0/0/1 Router Host FTP Server 10.4. 5. Configure IP addresses for interfaces and configure the NAT servers on the WAN-side interface to allow external users to access the internal servers.20.10. a company is connected to the wide area network (WAN) through the AR150/200 enabled with the network address translation (NAT) function. Figure 5-4 Network diagram for configuring the NAT server WWW Server 192. The private IP address of the FTP server is 10.4 Configuration Examples This section provides several configuration examples of NAT.2:8080 and its public address is 202.33/24.168.. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0. 2.3/24 Configuration Roadmap The configuration roadmap is as follows: 1.168.10. 10.33/21(ftp) : 10.20. 118 .3/21(ftp) : ---: ---- 2 Run the display nat alg command on the AR150/200.0 202.5 www inside 192.Huawei AR150&200 Series Enterprise Routers Configuration Guide .169. configure a static route with the next hop address 202.169.0 0.0.1 24 [Huawei-Vlanif200] quit [Huawei] interface Ethernet 0/0/1 [Huawei-Ethernet0/0/1] port link-type access [Huawei-Ethernet0/0/1] port default vlan 200 [Huawei-Ethernet0/0/1] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] ip address 202. [Huawei] nat alg ftp enable Step 4 Verify the configuration.33 ftp inside 10.IP Service 5 NAT Configuration Procedure Step 1 Configure IP addresses for the interfaces on the AR150/200 and configure the NAT server on the WAN-side interface.5/80(www) Inside IP/Port : 192.10.169.169.0..20.169.169. [Huawei] display nat server Nat Server Information: Interface : Ethernet2/0/0 Global IP/Port : 202.20.1 24 [Huawei-Ethernet2/0/0] nat server protocol tcp global 202. and the command output is as follows: [Huawei] display nat alg NAT Application Level Gateway Information: ---------------------------------Application Status ---------------------------------dns Disabled Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0.10.0. <Huawei> system-view [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168. Ltd.1 24 [Huawei-Vlanif100] quit [Huawei] interface Ethernet 0/0/0 [Huawei-Ethernet0/0/0] port link-type access [Huawei-Ethernet0/0/0] port default vlan 100 [Huawei-Ethernet0/0/0] quit [Huawei] vlan 200 [Huawei-vlan200] quit [Huawei] interface vlanif 200 [Huawei-Vlanif200] ip address 10.0.168.0.10.2 [Huawei] ip route-static 0.0.10.3 ftp [Huawei-Ethernet2/0/0] quit Step 2 On the AR150/200.169.10.0.2/8080 Protocol : 6(tcp) VPN instance-name : ---Acl number : ---Global IP/Port Inside IP/Port Protocol : 6(tcp) VPN instance-name Acl number Total : : 202.2 8080 [Huawei-Ethernet2/0/0] nat server protocol tcp global 202.0.2 Step 3 Enable the NAT ALG function for FTP packets on the AR150/200.168.10. Run the display nat server command on the AR150/200 to view the NAT server configuration.0. 0 # interface Vlanif200 ip address 10. The intranet of area B is also connected to the WAN through the AR150/200. To ensure the security of company A's intranet. you need to use the IP addresses in the public address pool (202.0.169.255. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.169.0 # interface Ethernet0/0/0 port link-type access port default vlan 100 # interface Ethernet0/0/1 port link-type access port default vlan 200 # interface Ethernet2/0/1 ip address 202. you need to use the IP addresses in the public address pool (202.0/24.20. To save the public IP addresses and improve the security of company B's intranet.10.0 Ethernet 2/0/0 # return 5.10.20.20.10.168. 119 . The network address translation (NAT) function is enabled on the AR150/200.3 ftp # ip route-static 0.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The hosts of company B then can access servers on the WAN.255.10.2/24.10.169.83) to replace the host addresses of area B on the network segment 10.5 www inside 192.255.0.1/24 and the interface address of the AR150/200 connected to the carrier device is 202. Ltd.IP Service 5 NAT Configuration ftp Enabled rtsp Disabled sip Disabled ---------------------------------- Verify that external users can access the web server and FTP server.169.0.2 8080 nat server protocol tcp global 202.10.255. ----End Configuration Files # vlan batch 100 200 # nat alg ftp enable # interface Vlanif100 ip address 192.169.169.0 nat server protocol tcp global 202.10.0.255.169.0 0.1 255.169.10.33 ftp inside 10.1 255. the public address of Ethernet2/0/0 on the AR150/200 is 202.168.168.1 255.100-202.10.2 Example for Configuring Outbound NAT Networking Requirements As shown in Figure 5-5.0.255.4.200) to replace the host addresses of area A on the network segment 192.169.0. The hosts of area A then can access servers on the WAN. On the AR150/200. the intranet of area A is connected to the wide area network (WAN) through the AR150/200.0..0.0/24.80-202.0. Only a few public IP addresses are allocated to area B.0. 20.. 120 . Configure a default route. Configure outbound NAT on the WAN-side interface to allow internal hosts to access external networks. 2.0/24 Eth0/0/0 Eth2/0/0 Eth0/0/1 Router Area B PC 1.168. Configure IP addresses for interfaces.PC n 10.168. Ltd.20.0...10.IP Service 5 NAT Configuration Figure 5-5 Network diagram for configuring outbound NAT Area A PC 1. <Huawei> system-view [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.PC n 192. 3.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0.0/24 Configuration Roadmap The configuration roadmap is as follows: 1.0..169.1 24 [Huawei-Vlanif200] quit [Huawei] interface Ethernet 0/0/1 [Huawei-Ethernet0/0/1] port link-type access [Huawei-Ethernet0/0/1] port default vlan 200 [Huawei-Ethernet0/0/1] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] ip address 202.1 24 [Huawei-Vlanif100] quit [Huawei] interface Ethernet 0/0/0 [Huawei-Ethernet0/0/0] port link-type access [Huawei-Ethernet0/0/0] port default vlan 100 [Huawei-Ethernet0/0/0] quit [Huawei] vlan 200 [Huawei-vlan200] quit [Huawei] interface vlanif 200 [Huawei-Vlanif200] ip address 10..1 24 [Huawei-Ethernet2/0/0] quit Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0. Procedure Step 1 Configure IP addresses for the interfaces of the AR150/200. 168.0.0 0.10.2: bytes=56 Sequence=1 Reply from 202.20.10.10. <Huawei> ping -a 192.10.168.169.10. [Huawei] ip route-static 0.10.255 # interface Vlanif100 ip address 192.20.2.200 [Huawei] nat address-group 2 202.2 Step 3 Configure outbound NAT on the AR150/200.0. and the command output is as follows: [Huawei] display nat outbound NAT Outbound Information: ----------------------------------------------------------------Interface Acl Address-group/IP/Interface ----------------------------------------------------------------Ethernet2/0/0 2000 1 no-pat Ethernet2/0/0 2001 2 pat ----------------------------------------------------------------Total : 2 Type Perform the ping operation on the AR150/200.169.169.169.169.80 202.0.0.0.255.255.1 202.0.0 0.10.2: 56 data bytes.0.Huawei AR150&200 Series Enterprise Routers Configuration Guide .10.0. Run the display nat outbound command on the AR150/200.0 0.2: 56 data bytes.255.10.10.0.2: bytes=56 Sequence=5 to break ttl=255 time=1 ttl=255 time=1 ttl=255 time=1 ttl=255 time=1 ttl=255 time=1 ms ms ms ms ms to break ttl=255 time=1 ttl=255 time=1 ttl=255 time=1 ttl=255 time=1 ttl=255 time=1 ms ms ms ms ms ----End Configuration Files # vlan batch 100 200 # acl number 2000 rule 5 permit source 192.255 [Huawei-acl-basic-2000] quit [Huawei] acl 2001 [Huawei-acl-basic-2001] rule 5 permit source 10.169.0 # interface Vlanif200 ip address 10.169.2: bytes=56 Sequence=4 Reply from 202.100 202.0.10.169.1 255.0.20.10.0.169.0.0.0.10. press CTRL_C Reply from 202.20.255 [Huawei-acl-basic-2001] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] nat outbound 2000 address-group 1 no-pat [Huawei-Ethernet2/0/0] nat outbound 2001 address-group 2 [Huawei-Ethernet2/0/0] quit Step 4 Verify the configuration.2: bytes=56 Sequence=3 Reply from 202.169. Ltd.10.83 [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192. configure a static route with the next hop address 202.2: bytes=56 Sequence=5 <Huawei> ping -a 10.0 0.2: bytes=56 Sequence=2 Reply from 202.169.2: bytes=56 Sequence=3 Reply from 202.169.255 # acl number 2001 rule 5 permit source 10.0 202.169.169.10.169.2 PING 202.169.0 0.1 202.10.10. [Huawei] nat address-group 1 202.0.1 255.0..169.169. 121 .2: bytes=56 Sequence=2 Reply from 202.168. press CTRL_C Reply from 202.2: bytes=56 Sequence=4 Reply from 202.169.10.255.0.0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2: bytes=56 Sequence=1 Reply from 202.0.0.168.10.2 PING 202.IP Service 5 NAT Configuration Step 2 On the AR150/200.169.10. 4.169.10.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0.2 Company B PC 2 10.10.com Host A 192.0 Ethernet 2/0/0 # return 5.169.83 # ip route-static 0.168.10.0 nat outbound 2000 address-group 1 no-pat nat outbound 2001 address-group 2 # nat address-group 1 202. twice NAT of the AR150/200 specifies the mapping between the overlapping address pool and the temporary address pool.0.169.255.10.3/24 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..3 Example for Configuring Twice NAT Networking Requirements As shown in Figure 5-6.169.Server.255.10.169. In addition to the network address translation function. Figure 5-6 Networking diagram for twice NAT configuration www. When PC2 sends a packet to host A.10.0.2/24 PC 1 Eth0/0/0 Eth0/0/1 Eth2/0/0 Router 202.200 nat address-group 2 202.80 202. DNS Server 122 .1 255.0 0.2/24 Company A PC 1 192. The overlapping IP address is translated to a unique temporary address so that packets can be forwarded correctly.168.20.169.20.IP Service 5 NAT Configuration # interface Ethernet0/0/0 port link-type access port default vlan 100 # interface Ethernet0/0/1 port link-type access port default vlan 200 # interface Ethernet2/0/0 ip address 202.100 202.0. the packet may be forwarded to PC1.0. the IP address of PC1 on the private network is the same as the IP address of host A on the public network.0. Ltd. 1 24 [Huawei-Vlanif200] quit [Huawei] interface Ethernet 0/0/1 [Huawei-Ethernet0/0/1] port link-type access [Huawei-Ethernet0/0/1] port default vlan 200 [Huawei-Ethernet0/0/1] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] ip address 202.100.2 32 ethernet 2/0/0 202.0. Create an ACL and configure an ACL rule to permit the packets of host A.Server.10.100.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2 202. Configure outbound NAT to allow internal users to access external networks.0. 2.20.169.168.168.20.255 [Huawei-acl-adv-3180] quit 2. Configure IP addresses for interfaces.2 Step 5 Configure outbound NAT on outbound interface Ethernet2/0/0 of the AR150/200.com 192. [Huawei] nat alg dns enable [Huawei] nat dns-map www.IP Service 5 NAT Configuration Configuration Roadmap The configuration roadmap is as follows: 1.169. [Huawei] acl 3180 [Huawei-acl-adv-3180] rule permit ip source 192.20. 1.168.169.169.20.0.0.0 0. Configure the NAT address pool for outbound NAT. Procedure Step 1 Configure IP addresses for the interfaces of the AR150/200.10.2 24 [Huawei-Ethernet2/0/0] quit Step 2 Configure DNS mappings on the AR150/200.160.1 24 [Huawei-Vlanif100] quit [Huawei] interface Ethernet 0/0/0 [Huawei-Ethernet0/0/0] port link-type access [Huawei-Ethernet0/0/0] port default vlan 100 [Huawei-Ethernet0/0/0] quit [Huawei] vlan 200 [Huawei-vlan200] quit [Huawei] interface vlanif 200 [Huawei-Vlanif200] ip address 10.2 80 tcp Step 3 Configure the mapping between the overlapping address pool and the temporary address pool on the AR150/200.0. Map the overlapping address pool to the temporary address pool. [Huawei] nat address-group 1 160.2 160.160.0.168. <Huawei> system-view [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.2 pool-length 254 Step 4 Configure a static route on the AR150/200 from the temporary address pool to outbound interface Ethernet2/0/0. [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] nat outbound 3180 address-group 1 [Huawei-Ethernet2/0/0] quit Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. [Huawei] nat overlap-address 0 192. Configure DNS mappings to allow users to access servers by using domain names. 123 . 3. 4. Configure outbound NAT on outbound interface Ethernet2/0/0. [Huawei] ip route-static 202. Ltd..254 3. 20.255.10. [Huawei] display nat outbound NAT Outbound Information: ----------------------------------------------------------------Interface Acl Address-group/IP/Interface ----------------------------------------------------------------Ethernet2/0/0 3180 1 ----------------------------------------------------------------Total : 1 Type pat ----End Configuration Files # vlan batch 100 200 # acl number 3180 rule 5 permit ip source 192.Huawei AR150&200 Series Enterprise Routers Configuration Guide .100.server.0.10.20. 124 .160.254 # nat dns-map www.255.169. Run the display nat overlap-address all command on the AR150/200 to view the mapping between address pools.0 # interface Vlanif200 ip address 10.1 255.169.168.IP Service 5 NAT Configuration Step 6 Verify the configuration.20.2 pool-length 254 # ip route-static 202.169.169.2 202.100.2 160.255.169.0 # interface Ethernet0/0/0 port link-type access port default vlan 100 # interface Ethernet0/0/1 port link-type access port default vlan 200 # interface Ethernet2/0/0 ip address 202.20.255.168..0 0.2 # interface Vlanif100 ip address 192.0.255 Ethernet2/0/0 202.2 202.255.255 # nat alg dns enable # nat address-group 1 160.1 255.2 255.0.255.0.160.168.0.168. [Huawei] display nat overlap-address all Nat Overlap Address Pool To Temp Address Pool Map Information: ------------------------------------------------------------------------------Id Overlap-Address Temp-Address Pool-Length Inside-VPN-Instance-Name ------------------------------------------------------------------------------0 192.0.2 80 tcp # nat overlap-address 0 192.com 192.20.2 254 ------------------------------------------------------------------------------Total : 1 Run the display nat outbound command on the AR150/200 to view outbound NAT information.1 255. Ltd.168.255.255.0 nat outbound 3180 address-group 1 # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.100. 6.4 Configuring a DHCP Server Based on an Interface Address Pool This section describes how to configure a DHCP server based on an interface address pool. the rate configured in the interface view takes effect. users that get online from this interface can obtain IP addresses and other configuration information from the address pool. 6. 6.2 DHCP Features Supported by the AR150/200 This section describes the DHCP features supported by the AR150/200 6.IP Service 6 DHCP Configuration 6 DHCP Configuration About This Chapter The Dynamic Host Configuration Protocol (DHCP) dynamically assigns and manages IP addresses and other configuration parameters from specified address pools to clients. If the rate configured in the VLAN view also does not takes effect. If this rate does not take effect. Ltd. ensuring reasonable IP address allocation and high usage.. After the configuration. or interface view. 125 . the rate configured in the VLAN view takes effect. the interface can dynamically obtain an IP address and other configurations from the DHCP server by using the DHCP/BOOTP protocol.5 Configuring a DHCP Relay Agent This section describes how a DHCP client communicates with a DHCP server on another network segment by using a DHCP relay agent to obtain an IP address and other configurations.8 Maintaining DHCP Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3 Configuring a DHCP Server Based on a Global Address Pool After a DHCP server based on a global address pool is configured. all online users of the server can obtain IP addresses from this address pool. 6.1 DHCP Overview DHCP dynamically assigns IP addresses to users and manages configuration information in a centralized manner. VLAN view. 6.6 Configuring a DHCP/BOOTP Client After a Layer 3 interface of the AR150/200 is specified to function as a DHCP/BOOTP client. 6.Huawei AR150&200 Series Enterprise Routers Configuration Guide . the rate configured in the system view takes effect. 6.7 Configuring the DHCP Rate Limit Function You can configure the highest rate at which DHCP packets are sent to the protocol stack in the system view. If different rates are configured in these views. networking diagram.9 Configuration Examples The DHCP configuration examples provide networking requirements. and configuration procedures. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.IP Service 6 DHCP Configuration This section describes how to clear DHCP statistics and monitor DHCP status.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd. configuration roadmaps. 6.. 126 . precautions. l After a DHCP server based on an interface address pool is configured.. only users that get online from this specified interface can obtain IP addresses from this address pool. the server responds with a packet carrying the requested configurations according to a certain policy. This allows dynamic configuration for clients. Both the request packet and the response packet are encapsulated as UDP packets. a subnet mask. all online users of the server can obtain IP addresses from this address pool. and a default gateway. The early DHCP protocol is applicable only to the scenario where the DHCP clients and DHCP server reside on the same subnet.IP Service 6 DHCP Configuration 6. 6. As portable computers and wireless networks are widely used. This requires that each subnet be configured with a DHCP server. 127 . AR150/200 Functioning as a DHCP Relay Agent The AR150/200 supports the DHCP relay function. create an address pool on the AR150/200 to provide IP addresses to DHCP clients. The address pool can be a global address pool or an interface address pool. such as an IP address to the client. the client can communicate with a DHCP server on another network segment by using the AR150/200. When the AR150/200 functions as a DHCP relay agent. wasting resources. DHCP clients on multiple network segments can share one DHCP server. the positions of computers often change. and obtain an IP address and other configuration parameters from the global address pool of the DHCP server. In this manner. network configurations become increasingly complex. and the server replies with requested configurations. the number of hosts often exceeds the number of available IP addresses. Ltd. l After a DHCP server based on a global address pool is configured.2 DHCP Features Supported by the AR150/200 This section describes the DHCP features supported by the AR150/200 AR150/200 Functioning as a DHCP Server The AR150/200 can be used as a DHCP server to assign IP addresses to online users. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. After a DHCP client sends a packet to the server to apply for configuration parameters such as an IP address. A client sends a configuration request to the server. This reduces costs and facilitates centralized management. DHCP uses the client/server model. DHCP is developed to solve the preceding problems.1 DHCP Overview DHCP dynamically assigns IP addresses to users and manages configuration information in a centralized manner. The DHCP relay function is used to solve this problem. When the AR150/200 functions as a server.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The AR150/200 allocates IP addresses to clients by using the global address pool or an interface address pool. As a result. causing IP addresses of the computers to be changed accordingly. As the network expands and becomes complex. and obtain the data required for the configuration. Figure 6-1 shows the networking. This protects the DHCP protocol stack against attacks by sending a large number of DHCP packets.3. all online users of the server can obtain IP addresses from this address pool.. the interface can dynamically obtain an IP address and other configurations from a DHCP server by using the DHCP/BOOTP protocol. Applicable Environment When the AR150/200 functions as a DHCP server. complete the pre-configuration tasks. This facilitates configuration and centralized management.3 Configuring a DHCP Server Based on a Global Address Pool After a DHCP server based on a global address pool is configured. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. The AR150/200 then allocates IP addresses and configuration parameters to clients from the global address pool. Ltd. The global address pool applies to the following scenarios: DHCP clients and the AR150/200 used as a DHCP server are on the same network segment. Figure 6-2 shows the networking. 6. DHCP clients can obtain IP addresses and other configuration parameters from a global address pool through a DHCP relay agent.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1 Establishing the Configuration Task Before configuring a DHCP server based on a global address pool.IP Service 6 DHCP Configuration AR150/200 Functioning as a DHCP/BOOTP Client The AR150/200 supports the DHCP/BOOTP client function. This will help you complete the configuration task quickly and accurately. After a Layer 3 interface of the AR150/200 is configured as a DHCP/BOOTP client. familiarize yourself with the applicable environment. Figure 6-1 Application scenario 1 of a global address pool DHCP Server DHCP Client DHCP clients and the AR150/200 functioning as a DHCP server are on different network segments. you can configure a global address pool on the AR150/200. 6. 128 . DHCP clients can obtain IP addresses and other configuration parameters from a global address pool. DHCP Rate Limit The AR150/200 supports DHCP rate limit. ) l (Optional) Configuring user-defined DHCP options on the DHCP server Data Preparation To configure the DHCP server based on a global address pool. Data 1 Name of a global address pool. or IP address of the option Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 129 . hexadecimal number. and (optional) IP and MAC address entries that need to be statically bound 2 Egress gateway of a DHCP client 3 (Optional) IP address of the DNS server and domain name of a DHCP client 4 (Optional) IP address of the NetBIOS server and the NetBIOS node type of a DHCP client 5 (Optional) Code of a user-defined DHCP option. you need the following data. complete the following tasks: l Ensuring that the link between the DHCP client and the AR150/200 works properly l (Optional) Configuring the DNS service on a DHCP client l (Optional) Configuring the NetBIOS service on a DHCP client l Configuring the routes destined to the DNS server and the NetBIOS server on the AR150/200 (The routes are configured only after the DNS and NetBIOS servers are configured. Ltd. Issue 02 (2012-03-30) No..Huawei AR150&200 Series Enterprise Routers Configuration Guide . (optional) range of IP addresses that cannot be assigned dynamically. IP address range and lease.IP Service 6 DHCP Configuration Figure 6-2 Application scenario 2 of a global address pool DHCP Server Internet DHCP Relay DHCP Client Pre-configuration Tasks Before configuring a DHCP server based on a global address pool. and ASCII string. Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 6 DHCP Configuration 6.3.2 Configuring an Interface to Select a Global Address Pool for IP Address Allocation This section describes how to configure an interface to select a global address pool for IP address allocation. After the configuration is complete, users who get online from this interface can obtain IP addresses and other configuration parameters from a global address pool. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: dhcp enable The DHCP service is enabled. Step 3 Run: interface interface-type interface-number The interface view is displayed. On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface or its sub-interface, or a VLANIF interface can be configured to select a global address pool for IP address allocation. Step 4 Run: ip address ip address { mask | mask-length } An IP address is configured for the interface. l If a DHCP client and the AR150/200 functioning as the DHCP server are on the same network segment, and no relay agent is deployed between them, the AR150/200 assigns IP addresses on the same network segment as the interface to users who get online from the interface. If no IP address is configured for the interface, or there is no address pool having the same network segment as the interface, users cannot get online. l If a DHCP client and the AR150/200 functioning as a DHCP server are on different network segments, and a DHCP relay agent is deployed between them, the AR150/200 parses the giaddr field of a DHCP request packet to obtain an IP address. If the IP address does not match the corresponding address pool, the user cannot get online. Step 5 Run: dhcp select global The interface is configured to select a global address pool for IP address allocation. After the configuration, users who get online from this interface can obtain IP addresses and other configuration parameters from a global address pool. ----End 6.3.3 Configuring Global Address Pool Attributes This section describes how to configure attributes for a global address pool, including the IP address range and lease, IP addresses that cannot be assigned dynamically, and IP addresses that Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 130 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 6 DHCP Configuration are bound manually. IP addresses in the global address pool can be assigned dynamically or bound manually as required. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ip pool ip-pool-name The view of the global address pool is displayed. By default, no global address pool is created on the AR150/200. Step 3 Run: network ip-address [ mask { mask | mask-length } ] The range of dynamically assignable IP addresses in the global address pool is configured. Only one address segment can be specified for an address pool. A mask can be used to set the address range of the address pool. NOTE When configuring the range of dynamically assignable IP addresses in the global address pool, ensure that the range is that same as the network segment on which the DHCP server interface address or the DHCP relay agent interface address resides. This avoids incorrect assignment of IP addresses. Step 4 (Optional) Run: lease { day day [ hour hour [ minute minute ] ] | unlimited } An IP address lease is configured. By default, the IP address lease is one day. The DHCP server can specify different IP address leases for different address pools. All IP addresses in an address pool must have the same lease. Step 5 (Optional) Run: excluded-ip-address start-ip-address [ end-ip-address ] The range of the IP addresses that cannot be dynamically assigned in the global address pool is configured. If an IP address has been assigned to a server, such as a DNS server, it cannot be assigned to a DHCP client. You can run the excluded-ip-address command for one time to configure an IP address that cannot be assigned dynamically. Running the excluded-ip-address command multiple times specifies multiple IP addresses that cannot be dynamically assigned. Step 6 Run: gateway-list ip-address &<1-8> The IP address of the gateway for the DHCP client is configured. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 131 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 6 DHCP Configuration NOTE When a DHCP client is communicating with a server or a host outside the local network segment, the data transmitted between them is forwarded or received by using the gateway. To perform load balancing for traffic and improve network reliability, you can configure multiple gateways. An address pool can be configured with a maximum of eight gateway addresses. Gateway addresses cannot be subnet broadcast addresses. Step 7 (Optional) Run: static-bind ip-address ip-address mac-address mac-address An IP address in the global address pool is statically bound to a MAC address. If a user requires a fixed IP address, you can bind an unused IP address to the MAC address of the user device. NOTE Before binding the IP address to a MAC address, ensure that the IP address is one of IP addresses that can be dynamically assigned. Step 8 (Optional) Run: recycle start-ip-address [ end-ip-address ] IP addresses that cannot be released from the IP address pool are recycled. ----End 6.3.4 (Optional) Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client When functioning as the DHCP server, the AR150/200 is configured to dynamically allocate carrier-provided DNS and NetBIOS configurations to the DHCP clients. Context The DNS and NetBIOS configurations have been specified before the DHPC server allocates IP addresses to the DHCP client. If you do not have the configurations allocated by the carrier, dynamically allocate the DNS and NetBIOS configurations to the DHCP client. NOTE If the static DNS, NetBIOS, and domain name are available in the address pool, use the static configurations. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ip pool ip-pool-name The IP address pool view is displayed. Step 3 Run: import all Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 132 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 6 DHCP Configuration The DHCP client is dynamically allocated the DNS and NetBIOS configurations. ----End 6.3.5 (Optional) Configuring the Static DNS Service on a DHCP Client This section describes how to specify the DNS domain name used by the DHCP client on the network and the IP address of the DNS server. Context When a host accesses the Internet through the domain name, the domain name needs to be resolved to the IP address. This is implemented by the DNS. To ensure that a DHCP client can successfully connect to the Internet, the DHCP server needs to specify the DNS server address when allocating the IP address to the client. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ip pool ip-pool-name The IP address view is displayed. Step 3 Run: domain-name domain-name The DNS domain name that is assigned to the DHCP client is configured. On the DHCP server, you can specify a DNS domain name used by the client for each address pool. Step 4 Run: dns-list ip-address &<1-8> The IP address of the DNS server connected to the DHCP client is configured. To perform load balancing on traffic and improve network reliability, you can configure multiple DNS servers. An address pool can be configured with a maximum of eight DNS server addresses. ----End 6.3.6 (Optional) Configuring the Static NetBIOS Service on a DHCP Client The NetBIOS server parses host names into IP addresses for the hosts that communicate based on NetBIOS and runs the Windows operating system. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 133 Step 2 Run: ip pool ip-pool-name The IP address pool view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide . l M-node: m indicates mixed. P-nodes obtain mappings between host names and IP addresses from the NetBIOS server. l H-node: h indicates hybrid. They can be manually added to the attribute list of the DHCP server.7 (Optional) Configuring User-Defined DHCP Options of the Global Address Pool As DHCP develops. the client is not specified to be any NetBIOS node type. Procedure Step 1 Run: system-view The system view is displayed.. ----End 6. B-nodes obtain mappings between host names and IP addresses in broadcast mode. new DHCP options continue to be created.IP Service 6 DHCP Configuration Context NOTE NetBIOS is short for the Network Basic Input/Output System. Ltd. Step 3 Run: nbns-list ip-address &<1-8> The IP address of the NetBIOS server connected to the DHCP client is configured. Context If the Option attribute has been configured on the DHCP server and a DHCP client applies for an IP address. l P-node: p indicates peer-to-peer. the mapping between the host names and IP addresses of the client and host needs to be established. Before a DHCP client communicates with hosts by using NetBIOS. H-nodes are the b-nodes that provide the peer-to-peer communication mechanism. The DHCP client can be specified as one of the following NetBIOS nodes based on mappings between host names and IP addresses: l B-node: b indicates broadcast. the client can obtain the configurations in the Option field of the DHCPREPLY packet from the server. By default. An address pool can be configured with a maximum of eight NetBIOS server addresses. 134 . Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. M-nodes are the p-nodes that have some broadcast features. Step 4 Run: netbios-type { b-node | h-node | m-node | p-node } A NetBIOS node type is specified for the DHCP client. The option command specifies the options that are sent in the DHCP packet by the server to the client. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ip pool ip-pool-name The IP address pool view is displayed. NetBIOS service. 135 . If these commands are not supported by the device. the AR150/200 functioning as a DHCP server must ping the IP address to prevent address conflicts. and IP address lease can be configured by commands. it sends ping packets continuously until the number of sent ping packets reaches the upper limit. you can run the option command to configure values for the options corresponding to the DNS service. NetBIOS service. ----End 6. Ltd. If the AR150/200 still does not receive a response packet. For descriptions of common DHCP options. The related commands are as follows: l DNS service: domain-name and dns-list l Configuration command of the NetBIOS service: nbns-list and netbios-type l IP address lease: lease Procedure Step 1 Run: system-view The system view is displayed. and IP address lease. This ensures that the IP address to be assigned is unique.8 (Optional) Configuring the Function That Prevents Identical IP Addresses Before assigning an IP address to a client.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. see RFC 2132. If the AR150/200 does not receive a response packet within the specified period. the IP address is not used on the local network segment. Learn about the functions of options before running the option command..IP Service 6 DHCP Configuration NOTE The DNS service. Step 3 Run: option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | ipaddress ip-address &<1-8> } User-defined DHCP options are configured.3. Context You can use the dhcp server ping command to check whether a response to the ping packet is received within a specified period. . By default. The AR150/200 sends no ping packet and does not perform a ping.Huawei AR150&200 Series Enterprise Routers Configuration Guide .9 Checking the Configuration This section describes how to check the configurations of the DHCP server based on the global address pool.IP Service 6 DHCP Configuration Step 2 Run: dhcp server ping packet number The maximum number of ping packets that the AR150/200 can send to the same destination is configured. Step 3 Run: dhcp server ping timeout milliseconds The timeout period to wait for a response packet is set for the AR150/200. the timeout period is 500 milliseconds. The default value is 0. Prerequisites The configurations of the DHCP server based on the global address pool are complete. ----End 6. Procedure l Run the display dhcp server statistics command to check the statistics on the DHCP server.3. Ltd. 136 . <Huawei> display ip pool name pool1 Pool-Name Issue 02 (2012-03-30) : pool1 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. l Run the display ip pool name ip-pool-name [ low-ip-address high-ip-address | all | expired | conflict | used ] command to check information about the configured global address pool. <Huawei> display dhcp server statistics DHCP Server Statistics: Client Request: Dhcp Discover: Dhcp Request: Dhcp Decline: Dhcp Release: Dhcp Inform: Server Reply: Dhcp Offer: Dhcp Ack: Dhcp Nak: Bad Messages: 6 1 4 0 1 0 4 1 3 0 0 Run the display ip pool name ip-pool-name command to view information about the IP address pool named pool1. ----End Example Run the display dhcp server statistics command to view statistics on the DHCP server. 10.10. As shown in Figure 6-3.255.6 NBNS-Server0 : 20.IP Service 6 DHCP Configuration Pool-No : 2 Lease : 3 Days 0 Hours 0 Minutes Domain-name : DNS-Server0 : 10.0 Vpn instance : --------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable -------------------------------------------------------------------------10. After the configuration. Applicable Environment On the AR150/200 functioning as a DHCP server.10.10 Mask : 255.. Figure 6-3 Application scenario of an interface address pool DHCP Server DHCP Client Pre-configuration Tasks Before configuring a DHCP server based on an interface address pool. interface address pools are applicable only to the scenario where a DHCP client and a server are on the same network segment. 137 . This will help you complete the configuration task quickly and accurately.5 DNS-Server1 : 10.20.4 Configuring a DHCP Server Based on an Interface Address Pool This section describes how to configure a DHCP server based on an interface address pool.10.10.10.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 6. you can configure an interface address pool.4.10.10. complete the pre-configuration tasks. users that get online from this interface can obtain IP addresses and other configuration information from the address pool.254 253 0 253 0 0 -------------------------------------------------------------------------- 6.255.1 10. Ltd. and obtain the data required for the configuration. complete the following tasks: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. familiarize yourself with the applicable environment.10.20.5 Netbios-type : Position : Local Status : Unlocked Gateway-0 : 10.10.1 Establishing the Configuration Task Before configuring a DHCP server based on an interface address pool. including IP address lease. Step 3 Run: interface interface-type interface-number The interface view is displayed. (optional) range of IP addresses that cannot be assigned dynamically. Ltd. hexadecimal number.. IP address range and lease. and IP addresses that are bound manually. IP addresses in the interface address pool can be assigned dynamically or bound manually as required. or IP address of the option 6. and (optional) IP and MAC address entries that need to be bound statically 2 (Optional) IP address of the DNS server and domain name of a DHCP client 3 (Optional) IP address of the NetBIOS server and NetBIOS node type of a DHCP client 4 (Optional) Code of a user-defined DHCP option.4. and ASCII string. No. you need the following data. or a VLANIF interface can be configured to select an interface address pool for IP address allocation. a Layer 3 Ethernet interface or its sub-interface.2 Configuring Interface Address Pool Attributes This section describes how to configure the attributes for an interface address pool. IP addresses that cannot be assigned dynamically.) Data Preparation To configure a DHCP server based on an interface address pool. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. a Layer 3 Eth-trunk interface or its sub-interface. 138 .Huawei AR150&200 Series Enterprise Routers Configuration Guide . On the AR150/200. Procedure Step 1 Run: system-view The system view is displayed.IP Service 6 DHCP Configuration l Ensuring that the link between a DHCP client and the AR150/200 works properly l (Optional) Configuring the DNS server l (Optional) Configuring the NetBIOS server l Configuring the routes destined to the DNS server and the NetBIOS server on the AR150/200 (The routes can be configured only after the DNS and NetBIOS servers are configured. Step 2 Run: dhcp enable The DHCP service is enabled. Data 1 Number of the interface on which the interface address pool is enabled. 4. Ltd. NOTE Before binding the IP address to the MAC address. Running the dhcp server excluded-ip-address command multiple times specifies multiple IP addresses that cannot be dynamically assigned. If you do not have the configurations allocated by the carrier.. Step 8 (Optional) Run: dhcp server static-bind ip-address ip-address mac-address mac-address An IP address in the interface address pool is bound to a MAC address manually. such as a DNS server. You can run the dhcp server excluded-ip-address command at one time to configure an IP address that cannot be assigned dynamically. ----End 6. The range of dynamically assignable IP addresses in the interface address pool is the network segment to which the address of the interface belongs. If a user requires a fixed IP address. If an IP address has been assigned to a server.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Step 5 Run: dhcp select interface The AR150/200 is configured to select an interface address pool for IP address allocation. Step 6 (Optional) Run: dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited } An IP address lease is configured. Step 7 (Optional) Run: dhcp server excluded-ip-address start-ip-address [ end-ip-address ] The IP address that cannot be assigned dynamically in the interface address pool is specified. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 139 . you can bind an unused IP address in the interface address pool to the MAC address of the user device. dynamically allocate the DNS and NetBIOS configurations to the DHCP client. it cannot be assigned to a DHCP client. ensure that the IP address is dynamically assignable in the interface address pool. By default.3 (Optional) Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client When functioning as the DHCP server. Context The DNS and NetBIOS configurations have been specified before the DHPC server allocates IP addresses to the DHCP client. the IP address lease is one day. The users whose IP addresses are in this network segment can get online only from this interface.IP Service 6 DHCP Configuration Step 4 Run: ip address ip-address { mask | mask-length } An IP address is configured for the interface. the AR150/200 is configured to dynamically allocate carrier-provided DNS and NetBIOS configurations to the DHCP clients. Step 2 Run: interface interface-type interface-number The interface view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Step 4 Run: dhcp server import all The DHCP client is dynamically allocated the DNS and NetBIOS configurations. the DHCP server needs to specify the DNS server address when allocating the IP address to the client. NetBIOS. This is implemented by the DNS. Procedure Step 1 Run: system-view The system view is displayed. use the static configurations. Step 2 Run: interface interface-type interface-number The interface view is displayed. Interfaces on the AR150/200 that can work in the interface address pool mode are Ethernet interfaces and sub-interfaces. Context When a host accesses the Internet through the domain name. To ensure that a DHCP client can successfully connect to the Internet.. Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: dhcp select interface DHCP is enabled on the interface. 140 .IP Service 6 DHCP Configuration NOTE If the static DNS. and VLANIF interfaces. Eth-trunk interfaces and sub-interfaces. Ltd. and domain name are available in the address pool.4. the domain name needs to be resolved to the IP address. ----End 6. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4 (Optional) Configuring the Static DNS Service on a DHCP Client This section describes how to specify the DNS domain name used by the DHCP client on the network and the IP address of the DNS server. Step 4 Run: dhcp server dns-list ip-address &<1-8> The IP address of the DNS server used by the DHCP client is configured. or a VLANIF interface can be configured to select an interface address pool for IP address allocation. the mappings between the host names and IP addresses need to be established.4. l H-node: h indicates hybrid.5 (Optional) Configuring the Static NetBIOS Service on a DHCP Client The NetBIOS server parses host names into IP addresses for the hosts that communicate by using NetBIOS and run Windows Microsoft operating systems. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. An address pool can be configured with a maximum of eight DNS server addresses.Huawei AR150&200 Series Enterprise Routers Configuration Guide . you can configure multiple DNS servers. M-nodes are the p-nodes that have some broadcast features. P-nodes obtain mappings between host names and IP addresses from the NetBIOS server. On the AR150/200. H-nodes are the b-nodes that provide the peer-to-peer communication mechanism. B-nodes obtain mappings between host names and IP addresses in broadcast mode. ----End 6. Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: dhcp server domain-name domain-name The DNS domain name that is assigned to the DHCP client is configured.. Context Before a host on the DHCP client communicates with another host by using NetBIOS. and a VLANIF interface can be configured to select an interface address pool for IP address allocation. 141 . Ltd. l M-node: m indicates mixed. a Layer 3 Eth-trunk interface or its sub-interface. To perform load balancing on traffic and improve network reliability. a Layer 3 Ethernet interface or its sub-interface. l P-node: p indicates peer-to-peer. Step 2 Run: interface interface-type interface-number The interface view is displayed. a Layer 3 Ethernet interface or its sub-interface. The DHCP client can be specified as one of the following NetBIOS nodes based on mappings between host names and IP addresses: l B-node: b indicates broadcast. a Layer 3 Eth-trunk interface or its sub-interface.IP Service 6 DHCP Configuration On the AR150/200. 4.6 (Optional) Configuring User-Defined DHCP Options of the Interface Address Pool As DHCP develops. If these commands are not supported by the device. Step 3 Run: dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hexstring | ip-address ip-address &<1-8> } Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and IP address lease can be configured by using commands.IP Service 6 DHCP Configuration Step 3 Run: dhcp server nbns-list ip-address &<1-8> The IP address of the NetBIOS server used by the DHCP client is configured. a Layer 3 Ethernet interface or its sub-interface. Step 2 Run: interface interface-type interface-number The interface view is displayed. new DHCP options continue to be created. 142 . On the AR150/200. NetBIOS service. the client is not specified to be a NetBIOS node. The related commands are as follows: l DNS service: dhcp server domain-name and dhcp server dns-list l NetBIOS service: dhcp server nbns-list and dhcp server netbios-type l IP address lease: dhcp server lease Procedure Step 1 Run: system-view The system view is displayed. NetBIOS service.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Step 4 Run: dhcp server netbios-type { b-node | h-node | m-node | p-node } A NetBIOS node type is specified for the DHCP client. and IP address lease. a Layer 3 Eth-trunk interface or its sub-interface. Context If the Option attribute has been configured on the DHCP server and the DHCP client applies for an IP address. An address pool can be configured with a maximum of eight NetBIOS server addresses. the client can obtain the configurations in the Option field of the DHCP packet from the server. Ltd. You can add new options manually to the attribute list of the DHCP server. NOTE The DNS service. you can run the option command to configure values for the options corresponding to the DNS service.. ----End 6. By default. or a VLANIF interface can be configured to select an interface address pool for IP address allocation. Huawei AR150&200 Series Enterprise Routers Configuration Guide . Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the IP address is not used on the local network segment. If the AR150/200 still does not receive a response packet. Context You can use the dhcp server ping command to check whether a response to the ping packet is received within a specified period.7 (Optional) Configuring the Function That Prevents Identical IP Addresses Before assigning an IP address to a client. If the AR150/200 does not receive a response packet within the specified period. Context The configurations of a DHCP server based on an interface address pool are complete.4.. For descriptions of common DHCP options. By default. see RFC 2132. it sends ping packets continuously until the number of sent ping packets reaches the upper limit. Step 2 Run: dhcp server ping packet number The maximum number of ping packets that the AR150/200 can send to the same destination is configured. The AR150/200 sends no ping packet and does not perform a ping. ----End 6.IP Service 6 DHCP Configuration A user-defined DHCP option is configured. This ensures that the IP address to be assigned is unique. Step 3 Run: dhcp server ping timeout milliseconds The timeout period to wait for a response packet is set for the AR150/200. The dhcp server option command specifies the options that are sent in the DHCPREPLY packet by the server to the client.8 Checking the Configuration This section describes how to check the configurations of a DHCP server based on an interface address pool. The default value is 0. Procedure Step 1 Run: system-view The system view is displayed. 143 . ----End 6. the timeout period is 500 milliseconds. the AR150/200 functioning as a DHCP server must ping the IP address to prevent address conflicts. Ltd.4. Learn about the functions of options before running the option command. .1 Establishing the Configuration Task Before configuring a DHCP relay agent.5.2 Mask : 255. and obtain the data required for the configuration.10. l Run the display ip pool interface interface-name [ low-ip-address high-ip-address | all | expired | conflict | used ] command to check information about the configured interface address pool. <Huawei> display ip pool interface VLANIF10 Pool-name : vlanif10 Pool-No : 2 Lease : 1 Days 0 Hours 0 Minutes Domain-name : DNS-server0 : NBNS-server0 : Netbios-type : Position : Interface Status : Unlocked Gateway-0 : 192.168.255. 6. Ltd. This will help you complete the configuration task quickly and accurately. ----End Example Run the display dhcp server statistics command to view the statistics on the DHCP server.254 253 0 253 0 0 0 ----------------------------------------------------------------------------- 6. familiarize yourself with the applicable environment.Huawei AR150&200 Series Enterprise Routers Configuration Guide .168.5 Configuring a DHCP Relay Agent This section describes how a DHCP client communicates with a DHCP server on another network segment by using a DHCP relay agent to obtain an IP address and other configurations.IP Service 6 DHCP Configuration Procedure l Run the display dhcp server statistics command to check the statistics on the DHCP server.255. 144 . <Huawei> display dhcp server statistics DHCP Server Statistics: Client Request: Dhcp Discover: Dhcp Request: Dhcp Decline: Dhcp Release: Dhcp Inform: Server Reply: Dhcp Offer: Dhcp Ack: Dhcp Nak: Bad Messages: 6 1 4 0 1 0 4 1 3 0 0 Run the display ip pool interface ip-pool-name command to view information about the interface address pool on VLANIF 10.1 192.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------192. complete pre-configuration tasks.168.10. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.10. complete the following tasks: l Configuring a DHCP server l Configuring a route destined to the DHCP server on the AR150/200 Data Preparation To configure a DHCP relay agent. Figure 6-4 Application scenario of a DHCP relay agent DHCP Server Internet DHCP Relay DHCP Client NOTE AR150/200WAN-side Ethernet interfaces do not support DHCP relay.. This reduces costs and facilitates centralized management. Ltd. Data 1 Name of a DHCP server group 2 IP address of a DHCP server in the DHCP server group 3 Number and IP address of the interface on which the DHCP relay function is enabled Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 145 .Huawei AR150&200 Series Enterprise Routers Configuration Guide .IP Service 6 DHCP Configuration Applicable Environment A DHCP client can communicate with a DHCP server on another network segment by using the AR150/200 functioning as a DHCP relay agent to obtain an IP address and other configurations from the global address pool of the DHCP server. In this manner. DHCP clients on multiple network segments can share one DHCP server. Figure 6-4 shows the application scenario of a DHCP relay agent. Issue 02 (2012-03-30) No. Pre-configuration Tasks Before configuring a DHCP relay agent. you need the following data. The AR150/200 supports the following methods by which the IP address of the DHCP server is specified on the interface that functions as a DHCP relay agent: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed. it can forward the client's DHCP requests to the DHCP server. After the configuration. Step 5 Run: dhcp select relay The DHCP relay function is enabled on the interface.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd. Step 2 Run: dhcp enable The DHCP function is enabled. a Layer 3 Eth-trunk interface or its sub-interface. Context NOTE A DHCP packet can be relayed for a maximum of 16 times from a DHCP client to a DHCP server. On the AR150/200. Step 4 Run: ip address ip-address { mask | mask-length } An IP address is configured for the interface. Step 3 Run: interface interface-type interface-number The interface view is displayed.IP Service 6 DHCP Configuration 6.5. A super VLAN interface that has been enabled with the DHCP relay function cannot be enabled with the DHCP snooping function. ----End Follow-up Procedure When the AR150/200 functions as a DHCP relay agent. Configure the IP address of the DHCP server on the interface that has been enabled with the DHCP relay function. or a VLANIF interface can be configured to function as a DHCP relay agent. the interface enabled with the DHCP relay function can forward the client's request to the DHCP though the client and the server are on different network segments.2 Configuring an Interface to Function as a DHCP Relay Agent This section describes how to configure an interface to function as a DHCP relay agent. a Layer 3 Ethernet interface or its sub-interface. 146 .. NOTE The IP address of the egress gateway that is configured in the IP address pool of the server must be consistent with the IP address of the DHCP relay. A DHCP packet that has been relayed more than 16 times is dropped. After this configuration. Procedure Step 1 Run: system-view The system view is displayed.5. Procedure Step 1 Run: system-view The system view is displayed.5. a Layer 3 Ethernet interface or its sub-interface. The AR150/200 supports a maximum of 64 DHCP server groups.4 Binding a DHCP Server Group to a DHCP Relay Interface.IP Service 6 DHCP Configuration l 6.3 Specifying a Server Group on the DHCP Relay Agent and 6. ----End 6.5. If no indexes are specified for the DHCP group servers. 6.4 Binding a DHCP Server Group to a DHCP Relay Interface This section describes how to bind a DHCP server group to an interface enabled with the DHCP relay function. On the AR150/200. the system automatically assigns idle indexes to them.5. DHCP clients can access the DHCP server in the bound server group.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd. A DHCP server group comprises a maximum of eight DHCP servers. 147 . Step 3 Run: dhcp relay server-select group-name Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. or a VLANIF interface can be configured to function as a DHCP relay agent. l Run the dhcp relay server-ip ip-address command in the interface view to configure the IP address of the DHCP server connected to the DHCP relay agent. a Layer 3 Eth-trunk interface or its sub-interface. Step 3 Run: dhcp-server ip-address [ ip-address-index ] The IP address of a server is added to the DHCP server group. Step 2 Run: dhcp server group group-name A DHCP server group is created and the DHCP server group view is displayed.3 Specifying a Server Group on the DHCP Relay Agent This section describes how to configure a DHCP server group and add server IP addresses to the group. Step 2 Run: interface interface-type interface-number The interface view is displayed.. . Step 3 Run: dhcp relay release client-ip-address mac-address server-ip-address A request packet is sent to the DHCP server to instruct the server to reclaim the IP address that is obtained by a DHCP client. l Run the display dhcp relay statistics command to check the statistics on the DHCP relay agent. Procedure Step 1 Run: system-view The system view is displayed. Context When a DHCP relay agent is configured to instruct the DHCP server to reclaim the IP address of a DHCP client. to log out a user. a Layer 3 Eth-trunk interface or its sub-interface. Procedure l Run the display dhcp relay { all | interface interface-type interface-number } command to check the DHCP server group that is bound to the interface and information about the DHCP group servers. On the AR150/200. 148 . for example. ----End 6. Step 2 (Optional) Run: interface interface-type interface-number The interface view is displayed. the DHCP server reclaims the lease of the IP address. the relay agent sends a DHCP Release packet to the DHCP server.6 Checking the Configuration This section describes how to check DHCP relay configurations. Prerequisites The DHCP relay configurations are complete. Ltd.5 (Optional) Configuring the DHCP Relay Agent to Instruct the DHCP Server to Reclaim the Client IP address In some situations. a Layer 3 Ethernet interface or its sub-interface. ----End 6. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.IP Service 6 DHCP Configuration A DHCP server group is bound to the interface. a DHCP relay agent must send a request to the DHCP server to instruct the server to reclaim the IP address of a client. After receiving the packet.Huawei AR150&200 Series Enterprise Routers Configuration Guide .5.5. or a VLANIF interface can be configured to function as a DHCP relay agent. 10.10.6 Configuring a DHCP/BOOTP Client After a Layer 3 interface of the AR150/200 is specified to function as a DHCP/BOOTP client. 149 . <Huawei> display dhcp relay interface vlanif 100 ** Vlanif100 DHCP Relay Configuration DHCP server group name : group1 DHCP server IP [0] :10.10. and obtain the data required for the configuration. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2 Gateway : -VPN instance : -1 DHCP server group(s) in total 6. This will help you complete the configuration task quickly and accurately.10.. complete the pre-configuration tasks. 6.10. Ltd. familiarize yourself with the applicable environment.12 ** Run the display dhcp relay statistics command to view the statistics on the DHCP relay agent.11 DHCP server IP [2] :10.10.10 DHCP server IP [1] :10. <Huawei> display dhcp server group group1 Group-name : group1 Group-type : -(0) Server-IP : 100.10.10.1 (1) Server-IP : 100. ----End Example Run the display dhcp relay interface interface-type interface-number command to view the DHCP server group bound to VLANIF 100 and information about the DHCP group servers.IP Service l 6 DHCP Configuration Run the display dhcp server group group-name command to check the configurations of the DHCP server group. <Huawei> display dhcp relay statistics The statistics of DHCP RELAY: DHCP packets received from clients DHCP DISCOVER packets received DHCP REQUEST packets received DHCP RELEASE packets received DHCP INFORM packets received DHCP DECLINE packets received DHCP packets sent to clients Unicast packets sent to clients Broadcast packets sent to clients DHCP packets received from servers DHCP OFFER packets received DHCP ACK packets received DHCP NAK packets received DHCP packets sent to servers DHCP Bad packets received : : : : : : : : : : : : : : : 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Run the display dhcp server group group-name command to view the configurations of DHCP server group 1.6. the interface can dynamically obtain an IP address and other configurations from the DHCP server by using the DHCP/BOOTP protocol.10.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1 Establishing the Configuration Task Before configuring a DHCP/BOOTP client.10. the interface can use the DHCP/BOOTP protocol to dynamically obtain an IP address and other configurations from a DHCP server. Procedure l Configure DHCP client attributes. 1. This facilitates the configuration for users and centralized management. 3. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Pre-configuration Tasks Before configuring a DHCP/BOOTP client. Run: system-view The system view is displayed. Ltd. No. a BOOTP server is not necessary.. Run: dhcp enable The DHCP service is enabled. Therefore.IP Service 6 DHCP Configuration Applicable Environment After a Layer 3 interface on the AR150/200 is configured to function as a DHCP/BOOTP client. complete the following tasks: l Configuring a DHCP server l (Optional) Configuring a DHCP relay agent l Configuring a route destined to the DHCP relay agent or the DHCP server on the AR150/200 Data Preparation To configure a DHCP/BOOTP client.6. NOTE After the DHCP/BOOTP client is configured. 2. you need the following data.2 (Optional) Configuring the DHCP/BOOTP Client Attributes The DHCP/BOOTP client attributes can be used to establish the communication between the DHCP/BOOTP client and the DHCP server. Data 1 Name of a DHCP server group 2 IP addresses of DHCP servers in the DHCP server group 3 Number and IP address of the interface on which the DHCP relay function is enabled 6.Huawei AR150&200 Series Enterprise Routers Configuration Guide . the DHCP server can assign an IP address to the DHCP/BOOTP client. 150 . Run: interface interface-type interface-number The interface view is displayed. 6. a Layer 3 Ethtrunk interface or its sub-interface. l Configure BOOTP client attributes. or a VE interface can be configured to function as a DHCP client. Run: dhcp enable The DHCP service is enabled. Run: ip address dhcp client hostname hostname A host name is configured for the DHCP client. 4. Run: ip address bootp client hostname hostname A host name is configured for the BOOTP client.. 3.Huawei AR150&200 Series Enterprise Routers Configuration Guide . On the AR150/200. ----End 6. 151 . 1.IP Service 6 DHCP Configuration On the AR150/200. Run: interface interface-type interface-number The interface view is displayed. a Layer 3 Ethtrunk interface or its sub-interface. a Layer 3 Ethernet interface or its sub-interface. 5. Run: ip address dhcp client request-option { dhcp-file-name | dns-domain | ftpuser-ip | ftp-user-name | ftp-user-password | route | tftp-server-ip | tftp-server-name }* The list of options attributes is configured for the DHCP client. Run: system-view The system view is displayed. 2. 2. Run: system-view The system view is displayed. 6. 4. Procedure l Enable the DHCP client. a Layer 3 Ethernet interface or its sub-interface. or a VE interface can be configured to function as a BOOTP client.3 Enabling the DHCP/BOOTP Client After the DHCP/BOOTP client function is enabled on an interface. Issue 02 (2012-03-30) Run: Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. 1. the interface can obtain an IP address and other configurations from the DHCP server. Run: ip address dhcp client option61 client-name An identifier is configured for the DHCP client. Huawei AR150&200 Series Enterprise Routers Configuration Guide .. Ltd. a Layer 3 Ethernet interface or its sub-interface.IP Service 6 DHCP Configuration dhcp enable The DHCP service is enabled. Run: ip address dhcp-alloc The DHCP client function is enabled on the AR150/200. 2. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. On the AR150/200. l Enable the BOOTP client. Procedure l Run the display current-configuration command to check the configurations of the DHCP/BOOTP client. or a VE interface can be configured to function as a DHCP client. Run: ip address bootp-alloc The BOOTP client function is enabled on the AR150/200. 4. a Layer 3 Ethtrunk interface or its sub-interface. 3. a Layer 3 Ethernet interface or its sub-interface. 4. Run: dhcp enable The DHCP service is enabled. Run: interface interface-type interface-number The interface view is displayed. 3. or a VE interface can be configured to function as a BOOTP client.4 Checking the Configuration This section describes how to check the configurations of the DHCP/BOOTP client. On the AR150/200. 1. Run: interface interface-type interface-number The interface view is displayed.6. ----End 6. a Layer 3 Ethtrunk interface or its sub-interface. Run: system-view The system view is displayed. Prerequisites The DHCP/BOOTP client configurations are complete. 152 . the rate configured in the system view takes effect. the AR150/200 checks the rates at which DHCP packets are sent to the AR150/200. 72696 bytes Unicast: 59... Huawei Series.Record time: 2007-11-30 14:57:22 Output peak rate 7384 bits/sec. If this rate does not take effect. you can configure the highest rate at which DHCP packets are sent to the protocol stack on the AR150/200. 0 packets/sec Input peak rate 1928 bits/sec. If different rates are configured in these views. Procedure l Issue 02 (2012-03-30) Configure the highest rate at which DHCP packets are sent to the protocol stack in the system view. the rate configured in the interface view takes effect. If the rate configured in the VLAN view also does not takes effect. the rate configured in the VLAN view takes effect.. the DHCP protocol stack of the AR150/200 is affected.. Total Error: 757 0 0 6. [Huawei] display interface ethernet 1/0/0 Ethernet1/0/0 current state : DOWN Line protocol current state : DOWN Description:HUAWEI. To protect the AR150/200 against the attacks by sending a large number of DHCP packets.222/24 IP Sending Frames' Format is PKTFMT_ETHNT_2. Only a specific number of packets can be sent to the protocol stack in a specified period and excess packets are discarded. or interface view. VLAN view.IP Service 6 DHCP Configuration Example # Run the display current-configuration command to view the configurations of the DHCP client. Ethernet1/0/0 Interface Route Port.7 Configuring the DHCP Rate Limit Function You can configure the highest rate at which DHCP packets are sent to the protocol stack in the system view. Negotiation: ENABLE Mdi : AUTO Last 300 seconds input rate 0 bits/sec. Ltd. # Run the display interface command to view the IP address that is obtained by the interface. Applicable Environment If network attackers send DHCP packets continuously. Hardware address is 00e0-fc11-000a Last physical up time : 2007-12-01 10:48:50 Last physical down time : 2007-12-01 10:52:56 Current system time: 2007-12-01 16:52:01 Port Mode: COMMON COPPER Speed : 100. Jumbo: Discard: 0. 153 . Loopback: NONE Duplex: FULL. Multicast: Broadcast: 17.Huawei AR150&200 Series Enterprise Routers Configuration Guide . After the configuration is complete.Record time: 2007-11-30 10:13:15 Input: 833 packets. [Huawei] display current-configuration .22.The Maximum Transmit Unit is 1500 Internet Address is allocated by DHCP. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 22.22. 0 packets/sec Last 300 seconds output rate 0 bits/sec.. # interface Ethernet1/0/0 ip address dhcp-alloc # . By default. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 4. 2. this function is disabled. Run: vlan vlan-id The VLAN view is displayed. this function is disabled.. Run: dhcp enable The DHCP function is enabled. this function is disabled. Run: dhcp check dhcp-rate rate The checking rate of DHCP messages sent to the DHCP protocol stack is configured. Run: dhcp check dhcp-rate enable The DHCP message checking is enabled. 6 DHCP Configuration Run: system-view The system view is displayed. the rate does not exceed 100 pps. By default. 154 . 6. an alarm is generated. By default. 5. The DHCP messages that exceed the rate are discarded. (Optional) Run: dhcp check dhcp-rate alarm enable The DHCP message checking alarm is enabled. 3. l Configure the highest rate at which DHCP packets are sent to the protocol stack in the VLAN view. Ltd. 4.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 2. 3. Run: dhcp enable The DHCP function is enabled. (Optional) Run: dhcp check dhcp-rate alarm threshold threshold The alarm threshold for the DHCP message checking is configured. the threshold is 100. Run: system-view The system view is displayed.IP Service 1. Run: dhcp check dhcp-rate enable The DHCP message checking is enabled. By default. 1. If the number of packets that are discarded because their sending rates exceed the upper limit is larger than the threshold. By default. 5. Run: interface interface-type interface-number The interface view is displayed. By default. By default. When the number of packets that are discarded because their sending rates exceed the upper limit is larger than the threshold. an alarm is generated. By default. 1. ----End Checking the Configuration # Run the display current-configuration | include dhcp command to check information about the rate limit for DHCP packets in the system view. <Huawei> display current-configuration | include dhcp It will take a long time if the content you search is too much or the string you input is too long.IP Service 5. this function is disabled. the rate does not exceed 100 pps. By default. Run: dhcp check dhcp-rate rate The checking rate of DHCP messages sent to the DHCP protocol stack is configured. 3. l Configure the highest rate at which DHCP packets are sent to the protocol stack in the interface view. 6 DHCP Configuration Run: dhcp check dhcp-rate rate The checking rate of DHCP messages sent to the DHCP protocol stack is configured. 155 . the threshold is 100. 4. 2.. The DHCP messages that exceed the rate are discarded. the rate does not exceed 100 pps. (Optional) Run: dhcp alarm dhcp-rate threshold threshold The alarm threshold for the DHCP message checking on an interface is configured. you can press CTRL_C to break dhcp enable dhcp check dhcp-rate enable Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. this function is disabled. Ltd.Huawei AR150&200 Series Enterprise Routers Configuration Guide . (Optional) Run: dhcp alarm dhcp-rate enable The DHCP message checking alarm on an interface is enabled. By default. 6. Run: system-view The system view is displayed. The DHCP messages that exceed the rate are discarded. Run: dhcp check dhcp-rate enable The DHCP message checking is enabled. l Run the display dhcp server group [ group-name ] command to check the configurations of the servers in the DHCP server group.8. ----End 6. Ltd.8 Maintaining DHCP This section describes how to clear DHCP statistics and monitor DHCP status.1 Clearing DHCP Statistics This section describes how to clear statistics of a specified DHCP server group in routine maintenance. Procedure l Run the reset dhcp server statistics command in the user view to clear the statistics on a DHCP server.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Context CAUTION DHCP statistics cannot be restored after you clear them. Procedure l Run the display dhcp relay { all | interface interface-type interface-number } command to check the DHCP server group that is bound to the relay interface and information about the group servers. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 6. l Run the display dhcp relay statistics command to check the statistics on a DHCP relay agent.8.. 156 . l Run the reset dhcp relay statistics command in the user view to clear the statistics on a DHCP relay agent.IP Service 6 DHCP Configuration dhcp check dhcp-rate 90 dhcp check dhcp-rate alarm enable dhcp check dhcp-rate alarm threshold 80 6. Exercise caution when running reset commands.2 Monitoring the Operating Status of DHCP This section describes how to check the operating status of DHCP in any view for routine maintenance. Office 2 belongs to the network segment 10.9 Configuration Examples The DHCP configuration examples provide networking requirements. precautions. After the configuration is complete. 157 .0/25. Networking Requirements As shown in Figure 6-5.1. Figure 6-5 Networking diagram for configuring a DHCP server based on a global address pool NetBIOS server DHCP client DHCP client Etherent0/0/0 VLANIF10 10. networking diagram. the two offices of a company are deployed on the same network. In addition. and configuration procedures.0/25 Office1 Issue 02 (2012-03-30) DHCP client DHCP client Network: 10. and all hosts in Office 2 are added to VLAN 20. IP addresses need to be dynamically assigned to the hosts in the two offices. configuration roadmaps.1.1. the DHCP server can assign IP addresses in the global address pool to DHCP clients.1.1.9. Ltd. These hosts use both DNS and NetBIOS services.1 Example for Configuring a DHCP Server Based on a Global Address Pool in the Scenario Where DHCP Clients and the DHCP Server Are on the Same Network Segment This section describes how to configure a DHCP server based on a global address pool in the scenario where DHCP clients and the DHCP server are on the same network segment.1.IP Service 6 DHCP Configuration 6. 6. A global address pool needs to be configured on the Router. To save resources.1.128/25.128/25 Office2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. all hosts in the two offices are assigned IP addresses by the Router that functions as a DHCP server.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1..1. and all hosts in Office 1 are added to VLAN 10.1/25 DHCP client Etherent0/0/1 VLANIF20 10.1.1. Office 1 belongs to the network segment 10. These hosts use the DNS service but not the NetBIOS service.129/25 Router DHCP server DNS server DHCP client Network: 10.1. 0/25 and 10.1.IP Service 6 DHCP Configuration Configuration Roadmap The configuration roadmap is as follows: 1.1.1.128/25 respectively 3.1 and 10.1.1 excluded-ip-address 10.1 and 10. and IP address lease.Huawei AR150&200 Series Enterprise Routers Configuration Guide .128 dns-list 10.1. [Router] ip pool pool1 [Router-ip-pool-pool1] [Router-ip-pool-pool1] [Router-ip-pool-pool1] [Router-ip-pool-pool1] [Router-ip-pool-pool1] [Router-ip-pool-pool1] [Router-ip-pool-pool1] network 10.1. Configure the address assignment method for VLANIF interfaces of the local DHCP server.1.129 respectively Procedure Step 1 # Enable the DHCP function.255.1. DNS server address. Enable the DHCP function on the Router. egress gateway.1. IP address of the NetBIOS server: 10.1. and IP address lease.1. configure the DHCP server to assign IP addresses in global address pools to clients.255.128 mask 255.129 respectively 4.1. # Create pool1 and configure attributes for pool1. including address range of pool2.4 7.0 mask 255. you need the following data: 1. egress gateway. Names of the global address pools created for Office 1 and Office 2: pool1 and pool2 respectively 2.255. 158 .1.1.128 dns-list 10.129 lease day 2 quit Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. such as the address range. <Huawei> system-view [Huawei] sysname Router [Router] dhcp enable Step 2 Create IP address pools and configure related attributes. and IP address lease.1. Create a global address pool for Office 1 and another for Office 2.2 nbns-list 10.2 gateway-list 10. IP address leases for Office 1 and Office 2: 10 days and 2 days respectively 5.1.1.1. Ltd.4 gateway-list 10.1. DNS server address.2 excluded-ip-address 10.1.1. IP address of the DNS server: 10.1. Address ranges of pool1 and pool2: 10.1. and configure related attributes for each address pool. including address range. that is.1.1.1.1.1. NetBIOS server address. [Router] ip pool pool2 [Router-ip-pool-pool2] [Router-ip-pool-pool2] [Router-ip-pool-pool2] [Router-ip-pool-pool2] [Router-ip-pool-pool2] [Router-ip-pool-pool2] Issue 02 (2012-03-30) network 10.4 lease day 10 quit # Create pool2 and configure attributes for pool2. Data Preparation To complete the configuration.2 6. egress gateway. IP addresses of VLANIF 10 and VLANIF 20: 10.1. IP addresses of egress gateways configured for Office 1 and Office 2: 10. 3.1.1.1. 2.1..255.1. 1.128 Vpn instance : -IP address Statistic Total :250 Used :0 Expired :0 Idle Conflict :248 :0 Disable :2 ----End Configuration Files Configuration file of the Router # sysname Router Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1 Mask : 255.1.Huawei AR150&200 Series Enterprise Routers Configuration Guide .255. Run the display ip pool command on the Router. [Router] display ip pool ----------------------------------------------------------------------Pool-name : pool1 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : 10.1.1. 159 .1. # Adds Ethernet 0/0/0 and Ethernet 0/0/1 to the corresponding VLANs.IP Service 6 DHCP Configuration Step 3 Configure the address assignment method for VLANIF interfaces.129 Mask : 255.128 [Router-Vlanif10] dhcp select global [Router-Vlanif10] quit # Configure the clients connected to VLANIF 20 to obtain IP addresses from the global address pool.255.255.255. [Router] interface vlanif 20 [Router-Vlanif20] ip address 10.1 255.128 Vpn instance : -----------------------------------------------------------------------Pool-name : pool2 Pool-No : 1 Position : Local Status : Unlocked Gateway-0 : 10.1.128 [Router-Vlanif20] dhcp select global [Router-Vlanif20] quit Step 4 Verify the configuration.255. [Router] vlan batch 10 20 [Router] interface ethernet [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] quit [Router] interface ethernet [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] quit 0/0/0 hybrid pvid vlan 10 hybrid untagged vlan 10 0/0/1 hybrid pvid vlan 20 hybrid untagged vlan 20 # Configure the clients connected to VLANIF 10 to obtain IP addresses from the global address pool..255. [Router] interface vlanif 10 [Router-Vlanif10] ip address 10. You can view the configurations of the IP address pool.255.255.129 255. Ltd.1. 1.255.1.255.9. These hosts do not use DNS and NetBIOS services.1 network 10.1.4 lease day 2 hour 0 minute 0 # interface Vlanif10 ip address 10. all hosts in the two offices are assigned IP addresses by the Router that functions as a DHCP server. After the configuration is complete.255.129 255. These hosts use the DNS and NetBIOS services.1.1.1.2.4 dns-list 10.1. the clients can obtain IP address from the server that is on the network of the DHCP client. To save resources.128 dhcp select global # interface Vlanif20 ip address 10.255.1.1.1.2 nbns-list 10.1.0 mask 255.. 160 .0/24.1. the two offices of a company are deployed on the same network.1 255.2 Example for Configuring a DHCP Server Based on an Interface Address Pool in the Scenario Where DHCP Clients and the Server Are on the Same Network Segment This section describes how to configure a DHCP server based on an interface address pool. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0/24.1.1.1. An interface address pool needs to be configured on the Router.1.2 excluded-ip-address 10.128 dhcp select global # interface Ethernet 0/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface Ethernet 0/0/1 port hybrid pvid vlan 20 port hybrid untagged vlan 20 # return 6.1. Ltd.1.IP Service 6 DHCP Configuration # vlan batch 10 20 # dhcp enable # ip pool pool1 ip pool pool2 # ip pool pool1 gateway-list 10.2 lease day 10 hour 0 minute 0 # ip pool pool2 gateway-list 10.255.1.1.255. and all host in Office 2 are added to VLAN 20. Networking Requirements As shown in Figure 6-6.1.254 network 10.128 excluded-ip-address 10.128 dns-list 10. and all hosts in Office 1 are added to VLAN 10. Office 2 belongs to the network segment 10.255.1. IP addresses need to be dynamically assigned to the hosts in the two offices.1.1. In addition. Office 1 belongs to the network segment 10.128 mask 255.1.255.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 3/24 DHCP Client DNS Server 10. IP addresses of VLANIF 10 and VLANIF 20: 10.1.1.2.IP Service 6 DHCP Configuration Figure 6-6 Networking diagram for configuring a DHCP server based on an interface address pool Office1 NetBIOS Server 10.1. 3. 161 .1. <Huawei> system-view [Huawei] sysname Router Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 2.2.1 respectively 2.1.1 and 10..1.1.1. NetBOIS server address. you need the following data: 1. IP address of the DNS server: 10. and IP address leases. IP address leases for Office 1 and Office 2: 30 days and 20 days respectively 3. 4. including the DNS server address.2/24 VLANIF10 10. Ltd. Enable the DHCP function on the Router. and configure IP addresses for the VLANIF interfaces so that the interface address pool range can be determined.1.1.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1.1.1. Configure two VLANIF interfaces.1/24 DHCP Client DHCP Client Router DHCP Server DHCP Client Office2 Configuration Roadmap The configuration roadmap is as follows: 1. IP address of the NetBIOS server: 10.1/24 Etherent0/0/0 Etherent0/0/1 VLANIF20 10.1. Enable the interface address pool. Configure address pool attributes for the clients.3 Procedure Step 1 Enable the DHCP service.2 4. Data Preparation To complete the configuration. # Configure the DNS and NetBOIS services for VLANIF 10 address pool. [Router] interface vlanif 10 [Router-Vlanif10] ip address 10.com : 10. [Router] interface vlanif 20 [Router-Vlanif20] dhcp server lease day 20 [Router-Vlanif20] quit Step 5 Verify the configuration. Ltd. [Router] interface vlanif 10 [Router-Vlanif10] dhcp server [Router-Vlanif10] dhcp server [Router-Vlanif10] dhcp server [Router-Vlanif10] dhcp server [Router-Vlanif10] dhcp server [Router-Vlanif10] dhcp server domain-name huawei.1 255.com dns-list 10.1. [Router] display Pool-name Pool-No Lease Domain-name DNS-Server0 Issue 02 (2012-03-30) ip pool interface vlanif10 : vlanif10 : 0 : 30 Days 0 Hours 0 Minutes : huawei.0 [Router-Vlanif10] dhcp select interface [Router-Vlanif10] quit # Configure the clients connected to VLANIF 20 to obtain IP addresses from the interface address pool.0 [Router-Vlanif20] dhcp select interface [Router-Vlanif20] quit Step 3 Configure the attributes related to DNS and NetBOIS services for the interface address pool.2 nbns-list 10.255. # Add Ethernet 0/0/0 and Ethernet 0/0/1 to the corresponding VLANs respectively. You can view the configurations of the interface address pool. Run the display ip pool interface command on the Router.1.1.255.2 excluded-ip-address 10.3 netbios-type b-node Step 4 Configure the IP address lease for the interface address pool.255.1.IP Service 6 DHCP Configuration [Router] dhcp enable Step 2 Configure the address assignment method for the VLANIF interfaces.1.1.1 255.1.3 excluded-ip-address 10.1.1.1.2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 162 .1..2.Huawei AR150&200 Series Enterprise Routers Configuration Guide . [Router] interface vlanif 10 [Router-Vlanif10] dhcp server lease day 30 [Router-Vlanif10] quit # Set the IP address lease for Office 2 to 20 days. [Router] vlan batch 10 20 [Router] interface ethernet [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] port [Router-Ethernet0/0/0] quit [Router] interface ethernet [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] port [Router-Ethernet0/0/1] quit 0/0/0 hybrid pvid vlan 10 hybrid untagged vlan 10 0/0/1 hybrid pvid vlan 20 hybrid untagged vlan 20 # Configure the clients connected to VLANIF 10 to obtain IP addresses from the interface address pool. # Set the IP address lease for Office 1 to 30 days.255.1. [Router] interface vlanif 20 [Router-Vlanif20] ip address 10.1. 1.255.1.2. Ltd.255.1.1.2 10.1.255.1 10.1.1.IP Service 6 DHCP Configuration NBNS-Server0 : 10.1.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------10.255.255.Huawei AR150&200 Series Enterprise Routers Configuration Guide .3 Netbios-type : b-node Position : Interface Status : Unlocked Gateway-0 : 10.255.2.254 253 0 253 0 0 0 ----------------------------------------------------------------------------- ----End Example Configuration file of the Router # sysname Router # vlan batch 10 to 20 # dhcp enable # interface Vlanif10 ip address 10..1 Mask : 255.3 dhcp server excluded-ip-address 10.1.1.1.3 dhcp server lease day 30 hour 0 minute 0 dhcp server domain-name huawei.1.1 Mask : 255.1.1.254 253 0 251 0 0 2 ----------------------------------------------------------------------------[Router] display ip pool interface vlanif20 Pool-name : vlanif20 Pool-No : 1 Lease : 20 Days 0 Hours 0 Minutes Domain-name : DNS-Server0 : NBNS-Server0 : Netbios-type : Position : Interface Status : Unlocked Gateway-0 : 10.255.1.1.0 VPN instance : -----------------------------------------------------------------------------Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------10.com # interface Vlanif20 ip address 10.1.1 255.2.1.1.2 dhcp server netbios-type b-node dhcp server nbns-list 10.1 255.0 dhcp select interface dhcp server lease day 20 hour 0 minute 0 # interface Ethernet 0/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface Ethernet 0/0/1 port hybrid pvid vlan 20 port hybrid untagged vlan 20 # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1 10.1.0 dhcp select interface dhcp server dns-list 10.1.2. 163 .255. 2/24. and the hosts in one office are on the same VLAN.10. Ltd.10. the public address of Ethernet0/0/8 is 100. On RouterA.3 Example for Configuring a DHCP Server and a DHCP Relay Agent When the DHCP Server and Clients Are on Different Network Segments This section describes how to configure a DHCP server and a DHCP relay agent when the DHCP clients and DHCP server are on different network segments. On RouterB.10.20.20.9.10.1/24 RouterA DHCP Relay Etherent2/0/0 DHCP Client VLANIF100 20.Huawei AR150&200 Series Enterprise Routers Configuration Guide .20.0/24.20. multiple offices of a company are in different commercial buildings. Hosts in Office A of the company are on the network segment 20. 164 .20. Networking Requirements As shown in Figure 6-7.10.20. RouterB that functions as a DHCP server is required to assign IP addresses to hosts in different offices.10.1/24 Etherent0/0/8 100.1/24 and the interface address of RouterA connected to the carrier device is 100.10.10.2/24.10.0/24. Figure 6-7 Networking diagram for configuring the DHCP relay Etherent3/0/0 RouterB DHCP Server Internet 100.IP Service 6 DHCP Configuration 6.. and the DHCP server is on the network segment 100.10. the public address of Ethernet3/0/0 is 100.20. RouterA must be configured to function as a DHCP relay agent to forward DHCP packets so that the DHCP clients can obtain IP addresses and other configurations from the DHCP server.1/24 DHCP Client DHCP Client VLAN100 OFFICE A Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1/24 and the interface address of RouterB connected to the carrier device is 100.10. RouterA can forward DHCP packets between the hosts in Office A and hosts in other network segments. Bind the DHCP server group to VLANIF 100.10. Configure the DHCP relay function on RouterA.10.20. <Huawei> system-view [Huawei] sysname RouterA [RouterA] dhcp server group dhcpgroup1 # Add a DHCP server to the DHCP server group. VLAN that Office A belongs to: VLAN 100 4.1 l Configure the DHCP relay function on RouterA. 165 .20. IP address of the egress gateway configured for Office A: 20. # Configure an IP address for VLANIF 100. Create a DHCP server group and add a DHCP server to the group.1 3.20. Address range of pool1: 20.20. Name of the DHCP server group: dhcpgroup1 2.20.20.20.1 24 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. [RouterA] dhcp enable [RouterA] interface vlanif 100 [RouterA-Vlanif100] dhcp select relay [RouterA-Vlanif100] quit 3.10.1 [RouterA-dhcp-server-group-dhcpgroup1] quit 2. IP address of the DHCP server: 100. [RouterA] vlan batch 100 [RouterA] interface ethernet 2/0/0 [RouterA-Ethernet2/0/0] port hybrid pvid vlan 100 [RouterA-Ethernet2/0/0] port hybrid untagged vlan 100 [RouterA-Ethernet2/0/0] quit # Enable the DHCP function globally and the DHCP relay function on VLANIF 100.20.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Procedure 1. Enable the DHCP relay function on VLANIF 100.20. IP address of VLANIF 100: 20. RouterB can assign IP addresses in the global address pool to hosts in Office A on a different network segment. 2.0/24 7.IP Service 6 DHCP Configuration Configuration Roadmap The configuration roadmap is as follows: 1. [RouterA] interface vlanif 100 [RouterA-Vlanif100] ip address 20. you need the following data: 1. Data Preparation To complete the configuration. # Create a VLAN and add Ethernet 2/0/0 to the VLAN. Name of the global address pool: pool1 6. # Create a DHCP server group.1 5. Ltd.10. [RouterA-dhcp-server-group-dhcpgroup1] dhcp-server 100.20.0/24 on RouterB. Configure a global address pool 20.. Huawei AR150&200 Series Enterprise Routers Configuration Guide . Enable the DHCP service. <Huawei> system-view [Huawei] sysname RouterB [RouterB] dhcp enable 2.10.0/24 is reachable.20.255. Create an address pool and configure related attributes.) Configure a default route on RouterB.0. [RouterB] display ip pool ----------------------------------------------------------------------Pool-name : pool1 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : 10.10.0.1 Mask : 255.1.0 100.0 0.1 24 [RouterB-Ethernet3/0/0] dhcp select global [RouterB-Ethernet3/0/0] quit 3. Configure Ethernet3/0/0 to select a global address pool for address allocation.0. Ltd..0 0. [RouterA] ip route-static 0.10.0. [RouterA] ip route-static 0. You can view the configurations of the IP address pool.2 l Configure RouterB to function as a DHCP server based on a global address pool.20.0 mask 24 [RouterB-ip-pool-pool1] gateway-list 20. (The configuration details are not provided here. l Configure a static route from the DHCP server to RouterA.0.10.10.20. [RouterA] display dhcp relay interface vlanif 100 ** Vlanif100 DHCP Relay Configuration ** DHCP server group name : dhcpgroup1 DHCP server IP [0] :100.1.1 [RouterB-ip-pool-pool1] quit 4. # Run the display dhcp relay command on RouterA. 166 . [RouterA-Vlanif100] dhcp relay server-select dhcpgroup1 [RouterA-Vlanif100] quit l Configure a default route on RouterA.20. [RouterB] interface ethernet 3/0/0 [RouterB-Ethernet3/0/0] ip address 100.20.2 l Verify the configuration.20.10.0.0 100.255.0. This ensures that the route from the DHCP server to the network segment 20. [RouterB] ip pool pool1 [RouterB-ip-pool-pool1] network 20. 1.0.20.0 Vpn instance : -IP address Statistic Total :250 Used :0 Expired :0 Idle Conflict :248 :0 Disable :2 ----End Configuration Files Configuration file of RouterA Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.10.IP Service 6 DHCP Configuration # Bind the DHCP server group to VLANIF 100.1 # Run the display ip pool command on RouterB. You can view the DHCP relay configurations on VLANIF 100. .0.0. NOTE AR150/200 is RouterA.20.0 gateway-list 20. Router B obtains an IP address from an IP-MAC binding entry.0.10.0 100.255.10. or RouterD.1 255.20.4 Example for Configuring the DHCP and BOOTP Clients This section describes how to configure the DHCP and BOOTP clients.1 # interface Ethernet3/0/0 ip address 100.10.0.2 # return 6.9.0. Router A functions as a DHCP client.20. and a gateway address from Router C.0 dhcp select global # ip route-static 0.20. Networking Requirements As shown in Figure 6-8.0 dhcp select relay dhcp relay server-select dhcpgroup1 # interface Ethernet 2/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ip route-static 0.255.255.255. Router B functions as a BOOTP client.1 255.2 # return Configuration file of RouterB # sysname RouterB # vlan batch 20 # dhcp enable # ip pool pool1 network 20.20.IP Service 6 DHCP Configuration # sysname RouterA # vlan 100 # dhcp enable # dhcp server group dhcpgroup1 dhcp-server 100. and a gateway address from Router C functioning as a DHCP server.0.255. Router A dynamically obtains an IP address. Router C functions as a DHCP server.1 # interface Vlanif100 ip address 20.0. RouterC.10.10.0 mask 255.0 0.255. a DNS server address.0. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.10.20. a DNS server address.20. 167 . Ltd.10.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0 100.0 0. 168 . you need the following data: 1. IP address of Eth1/0/0 on Router C: 10..1.1.1. 3. 2.1.1. <Huawei> system-view [Huawei] sysname RouterA [RouterA] dhcp enable # Enable the DHCP client function on Eth 1/0/0.1.1. [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] ip address dhcp-alloc l Configure the BOOTP client function on Router B. # Enable the DHCP service. Procedure # Enable the DHCP service. Create a global address pool on Router C and configure related attributes.1. <Huawei> system-view [Huawei] sysname RouterB [RouterB] dhcp enable Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. IP address of the DNS server connected to the DHCP client: 10.126 4. IP address of the egress gateway configured for the DHCP client: 10.1 3.2/24 RouterC DHCP Server DNS Server Eth1/0/0 Eth1/0/0 RouterB BOOTP Client RouterA DHCP Client Configuration Roadmap The configuration roadmap is as follows: 1. Enable the DHCP client function on Router A.2 l Configure the DHCP client function on Router A. MAC address of Eth 1/0/0 on Router B: a234-e211-a256 2.126/24 Eth1/0/0 10. Ltd. Enable the BOOTP client function on Router B. Data Preparation To complete the configuration.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1.1.1.1/24 10.1.IP Service 6 DHCP Configuration Figure 6-8 Networking diagram for configuring DHCP and BOOTP clients Gateway 10. 1. 1.1.1.1 24 [RouterC-Ethernet1/0/0] dhcp select global [RouterC-Ethernet1/0/0] quit 3. Huawei Series.1.IP Service 6 DHCP Configuration # Enable the BOOTP client function on Eth 1/0/0..The Maximum Transmit Unit is 1500 Internet Address is allocated by DHCP. [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] ip address bootp-alloc l Create a global address pool on Router C and configure related attributes. Loopback: NONE Duplex: FULL. Configure Eth 1/0/0 to select a global address pool for IP address allocation. [RouterC] ip pool pool1 [RouterC-ip-pool-pool1] [RouterC-ip-pool-pool1] [RouterC-ip-pool-pool1] e211-a256 [RouterC-ip-pool-pool1] [RouterC-ip-pool-pool1] l network 10. <Huawei> system-view [Huawei] sysname RouterC [RouterC] dhcp enable 2.. 0 packets/ Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Hardware address is 00e0fc11-000a Last physical up time : 2007-12-01 10:48:50 Last physical down time : 2007-12-01 10:52:56 Current system time: 2007-12-01 16:52:01 Port Mode: COMMON COPPER Speed : 100.1. # interface Ethernet1/0/0 ip address dhcp-alloc # .1. You can view the configurations of the DHCP client function.1. # Run the display current-configuration command on Router A. Create an address pool and configure related attributes..1.1.1. You can view the IP address of the interface. # Run the display interface command on Router A after the interface obtains an IP address. Ethernet1/0/0 Interface Route Port.3 mac-address a234dns-list 10.2 quit Verify the configuration.11/24 IP Sending Frames' Format is PKTFMT_ETHNT_2.1.1. [RouterA] display current-configuration .. Negotiation: ENABLE Mdi : AUTO Last 300 seconds input rate 0 bits/sec.0 mask 24 gateway-list 10. 0 packets/ sec Last 300 seconds output rate 0 bits/sec.Huawei AR150&200 Series Enterprise Routers Configuration Guide .126 static-bind ip-address 10..10. [RouterA] display interface ethernet 1/0/0 Ethernet1/0/0 current state : DOWN Line protocol current state : DOWN Description:HUAWEI. [RouterC] interface Ethernet 1/0/0 [RouterC-Ethernet1/0/0] ip address 10. 169 . Enable the DHCP service. Ltd. Record time: 2007-11-30 14:57:22 Output peak rate 7384 bits/sec. Hardware address is 00e0fc11-000a Last physical up time : 2007-12-01 10:48:50 Last physical down time : 2007-12-01 10:52:56 Current system time: 2007-12-01 16:52:01 Port Mode: COMMON COPPER Speed : 100. # Run the display interface command on Router B after the interface obtains an IP address..IP Service 6 DHCP Configuration sec Input peak rate 1928 bits/sec. Huawei Series. # interface Ethernet1/0/0 ip address bootp-alloc # .22/24 IP Sending Frames' Format is PKTFMT_ETHNT_2. 0 packets/ sec Last 300 seconds output rate 0 bits/sec. Issue 02 (2012-03-30) Multicast: Jumbo: Total Error: Huawei Proprietary and Confidential Copyright © Huawei Technologies Co... 757 Broadcast: 17. Negotiation: ENABLE Mdi : AUTO Last 300 seconds input rate 0 bits/sec.10.Record time: 2007-11-30 10:13:15 Input: 833 packets. 72696 bytes Unicast: 59.Record time: 2007-11-30 10:13:15 Input: 833 packets.. [RouterB] display interface ethernet 1/0/0 Ethernet1/0/0 current state : DOWN Line protocol current state : DOWN Description:HUAWEI. 72696 bytes Unicast: 59. Multicast: Jumbo: Total Error: 0 # Run the display current-configuration command on Router B. You can view the IP address of the interface. 757 Broadcast: 17.The Maximum Transmit Unit is 1500 Internet Address is allocated by DHCP. Ethernet1/0/0 Interface Route Port. 0 packets/ sec Input peak rate 1928 bits/sec. [RouterB] display current-configuration . 0 Discard: 0.. Ltd. Loopback: NONE Duplex: FULL.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 0 170 .Record time: 2007-11-30 14:57:22 Output peak rate 7384 bits/sec.1. You can view the configurations of the BOOTP client function.1. 0 Discard: 0. 1 24 dhcp select global # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. You can view the configuration about the IP address pool of Router C.1.1.2 # interface Ethernet 1/0/0 ip address 10.1.IP Service 6 DHCP Configuration # Run the display ip pool command on Router C. [RouterB] display ip pool ----------------------------------------------------------------------Pool-name : pool1 Pool-No : 0 Position : Local Status : Unlocked Gateway-0 : 10. 171 .1.1.3 mac-address a234-e211-a256 dns-list 10. Ltd.1.1.1.1.1.0 mask 24 gateway-list 10.0 Vpn instance : -IP address Statistic Total :250 Used :1 Expired :0 Idle Conflict :248 :0 Disable :2 ----End Example Configuration file of Router A # sysname RouterA # dhcp enable # interface Ethernet 1/0/0 ip address dhcp-alloc # return Configuration file of Router B # sysname RouterB # dhcp enable # interface Ethernet 1/0/0 ip address bootp-alloc # return Configuration file of Router C # sysname RouterC # dhcp enable # ip pool pool1 network 10.Huawei AR150&200 Series Enterprise Routers Configuration Guide .255.1..255.1.126 static-bind ip-address 10.126 Mask : 255. Highest rate at which DHCP packets are sent to the protocol stack: 90 pps 2. This allows Router A to effectively defend against DHCP attack packets.Huawei AR150&200 Series Enterprise Routers Configuration Guide . a department uses Router A to directly connect the client. the requests of authorized users cannot be processed in time. Data Preparation 1. As a result.9. Networking Requirements As shown in Figure 6-9. If the attacker sends a large number of DHCP packets to Router A. Hosts in this department function as DHCP clients and are assigned IP addresses by the DHCP server. Alarm threshold: 80 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the CPU resources of Router A will become insufficient.IP Service 6 DHCP Configuration 6. 172 . and to process requests of authorized users in time.5 Example for Configuring DHCP Rate Limit This section describes how to configure the highest rate at which DHCP packets are sent to the protocol stack and the alarm function of DHCP rate limit. Figure 6-9 Networking diagram for configuring the DHCP relay DHCP Server Internet RouterB DHCP Relay RouterA DHCP Client DHCP Client Attacker Configuration Roadmap The configuration roadmap is as follows: l Configure the highest rate at which DHCP packets are sent to Router A in the system view.. network administrators limit the rate at which DHCP packets are sent to Router A. Ltd. This allows Router A to limit the rate at which DHCP packets are received within a normal range. To avoid this problem. Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 6 DHCP Configuration Procedure Step 1 Enable the DHCP service. <Huawei> system-view [Huawei] sysname RouterA [RouterA] dhcp enable Step 2 Configure the highest rate at which DHCP packets are sent to the protocol stack. # Enable the system to check the rate at which DHCP packets are sent to the protocol stack. [RouterA] dhcp check dhcp-rate enable # Configure the highest rate at which DHCP packets are sent to the protocol stack. [RouterA] dhcp check dhcp-rate 90 Step 3 Configure the alarm function. # Enable the alarm function. [RouterA] dhcp check dhcp-rate alarm enable # Configure an alarm threshold. [RouterA] dhcp check dhcp-rate alarm threshold 80 Step 4 Verify the configuration. # Run the display current-configuration | include dhcp command on Router A. You can view the DHCP function and DHCP rate limit have been enabled in the global view. [RouterB] display current-configuration | include dhcp It will take a long time if the content you search is too much or the string you input is too long, you can press CTRL_C to break dhcp enable dhcp check dhcp-rate enable dhcp check dhcp-rate 90 dhcp check dhcp-rate alarm enable dhcp check dhcp-rate alarm threshold 80 ----End Configuration Files Configuration file of Router A # sysname RouterA # dhcp enable dhcp check dhcp-rate dhcp check dhcp-rate dhcp check dhcp-rate dhcp check dhcp-rate # return Issue 02 (2012-03-30) enable 90 alarm enable alarm threshold 80 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 173 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 7 7 IP Performance Configuration IP Performance Configuration About This Chapter You can set parameters for IP packets to improve network performance. 7.1 IP Performance Overview You can set parameters for IP packets to improve network performance. 7.2 IP Performance Features Supported by the AR150/200 This section describes IP performance features supported by the AR150/200. 7.3 Optimizing IP Performance You can set parameters for IP packets to optimize network performance. 7.4 Configuring Load Balancing for IP Packet Forwarding Unequal-Cost Multiple Path (UCMP) improves packet forwarding performance on a network. 7.5 Configuring TCP Attributes You can configure TCP attributes to improve network performance. 7.6 Maintaining IP Performance You can maintain IP performance by clearing IP performance statistics, and monitoring the IP running status. 7.7 Configuration Examples This section provides IP performance configuration examples. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 174 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 7 IP Performance Configuration 7.1 IP Performance Overview You can set parameters for IP packets to improve network performance. 7.2 IP Performance Features Supported by the AR150/200 This section describes IP performance features supported by the AR150/200. The AR150/200 supports the following IP performance features: l Sending ICMP redirection packets l Setting the TCP FIN-Wait timer l Setting the TCP SYN-Wait timer l Setting the packet receive or transmit buffer of a connection-oriented socket l Configuring flow-based Equal-Cost Multipath Path during IP packet forwarding l Collecting and displaying TCP traffic, IP traffic, UDP traffic, and socket monitor statistics l Checking validity of source IP addresses l Forwarding broadcast packets l Controlling IP packets with source route options l Fragmenting IP packets l Setting the Aging Time of the PMTU l Setting the MSS of TCP Packets on an Interface 7.3 Optimizing IP Performance You can set parameters for IP packets to optimize network performance. 7.3.1 Establishing the Configuration Task Before optimizing IP performance, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. Applicable Environment On certain networks, you need to modify parameters for IP packets to optimize network performance. Pre-configuration Tasks Before optimizing IP performance, complete the following tasks: l Issue 02 (2012-03-30) Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 175 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 7 IP Performance Configuration l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up l Configuring IP addresses for interfaces l Configuring an ACL Data Preparation To optimize IP performance, you need the following data. No. Data 1 Number of the interface where validity of source addresses of received packets will be checked 2 Number of an ACL and number of the interface that will forward broadcast packets 3 Number of the interface that will reset the DF field of packets 4 Number of the interface where ICMP redirection will be configured 7.3.2 Checking Validity of Source IP Addresses of Received Packets You can enable an interface to check validity of source IP addresses of received packets. This improves network security. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The interface view is displayed. Step 3 Run: ip verify source-address The interface is enabled to check validity of source IP addresses of received packets. By default, an interface does not check validity of source IP addresses of received packets. The AR150/200 only checks validity of source IP addresses of packets forwarded from an interface to the CPU. ----End 7.3.3 Controlling IP packets with Source Route Options By controlling IP packets with source route options, the AR150/200 can prevent malicious attackers from detecting network topologies by using source route options. This improves network security. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 176 5 Configuring an Outbound Interface to Fragment IP Packets You can configure an outbound interface to fragment IP packets. Step 2 Run: interface interface-type interface-number The interface view is displayed. an interface does not forward broadcast packets. Procedure Step 1 Run: system-view The system view is displayed. Step 3 Run: discard srr The interface is configured to discard IP packets with source route options.4 Configuring an Interface to Forward Broadcast Packets By configuring an interface to forward broadcast packets. Step 3 Run: ip forward-broadcast [ acl acl-number ] The interface is configured to forward broadcast packets.IP Service 7 IP Performance Configuration Procedure Step 1 Run: system-view The system view is displayed. Procedure Step 1 Run: system-view The system view is displayed. Ltd. ----End 7. ----End 7.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 177 .3. Step 2 Run: interface interface-type interface-number The interface view is displayed.. By default. you can improve network performance.3. Step 2 Run: interface interface-type interface-number Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End 7. ----End 7. Procedure Step 1 Run: system-view The system view is displayed. the router can defend against attacks by using ICMP packets. CAUTION If an interface is not enabled to send ICMP redirection packets. NOTE The function that resets the DF field is valid for outgoing packets. an interface does not fragment outgoing IP packets. 178 . an interface is enabled to send ICMP redirection packets.Huawei AR150&200 Series Enterprise Routers Configuration Guide .3. therefore.6 Configuring an Interface to Send ICMP Redirection Packets By configuring an interface to send ICMP redirection packets. Ltd. Step 2 Run: interface interface-type interface-number The interface view is displayed. By default. the router does not send ICMP redirection packets.. Context By default.3.IP Service 7 IP Performance Configuration The interface view is displayed. Step 3 Run: clear ip df The interface is configured to fragment outgoing IP packets. this function must be configured on the outbound interface.7 Setting the Mode in Which Protocol Packets Are Sent You can set the mode in which protocol packets are sent to control IP unicast protocol packets. Step 3 Run: icmp redirect send The interface is enabled to send ICMP redirection packets. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 8 Checking the Configuration After optimizing IP performance.IP Service 7 IP Performance Configuration Context By default. Procedure Step 1 Run: system-view The system view is displayed. l Run the display icmp statistics command to check the ICMP traffic statistics. Step 2 Run: ip soft-forward enhance enable The enhanced IP forwarding function is enabled on the AR150/200. and you can view the UDP traffic statistics. Step 3 Run: set priority The DSCP priority of IP unicast protocol packets is set. l Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | socket-type socket-type ] command to check the IP socket information. ----End 7. <Huawei> display udp statistics Received packets: Total: 13228 Total(64bit high-capacity counter): 13228 checksum error: 0 shorter than header: 0. You can change the priority of IP unicast protocol packets generated by the AR150/200 to implement proper bandwidth allocation. Ltd. ----End Example # Run the display udp statistics command.Huawei AR150&200 Series Enterprise Routers Configuration Guide . input socket full: 0 input packets missing pcb cache: 0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. Procedure l Run the display udp statistics command to check the UDP traffic statistics. IP unicast protocol packets generated by the AR150/200 are scheduled first and can preempt all the bandwidth. data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 954 not delivered. you can view the IP performance configuration.. 179 . l Run the display ip statistics command to check the IP traffic statistics. l Run the display ip interface [ interface-type interface-number ] or display ip interface brief [ interface-type interface-number ] command to check information about the interface. Ltd. and you can view information about the interface. and you can view the IP traffic statistics.. bytes : 0.IP Service 7 IP Performance Configuration Sent packets: Total: 11904 Total(64bit high-capacity counter): 11904 # Run the display ip interface command.Huawei AR150&200 Series Enterprise Routers Configuration Guide . and you can view the ICMP traffic statistics.0. bytes : 0. sent packets: forwarded packets: 0. 180 .0 TTL being 1 packet number: 0 TTL invalid packet number: 0 ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 0 0 # Run the display ip statistics command. <Huawei> display ip statistics Input: sum 31786 bad protocol 0 bad checksum 0 discard srr 0 Output: forwarding 0 dropped 0 Fragment: input 0 dropped 0 fragmented 0 Reassembling:sum 0 local bad format bad options TTL exceeded local no route output 31786 0 couldn't fragment timeouts 0 41289 1 0 0 0 # Run the display icmp statistics command.0. multicasts : 0 Directed-broadcast packets: received packets: 0. multicasts : 0 output packets : 0. <Huawei> display icmp statistics Input: bad formats 0 echo 0 source quench 0 echo reply 0 timestamp 0 mask requests 0 time exceeded 0 Mping request 0 Output:echo 0 source quench 0 echo reply 0 Issue 02 (2012-03-30) bad checksum destination unreachable redirects parameter problem information request mask replies 0 0 0 0 0 0 Mping reply destination unreachable redirects parameter problem 0 168 0 0 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. <Huawei> display ip interface ethernet 1/0/0 Ethernet1/0/0 current state : UP Line protocol current state : DOWN The Maximum Transmit Unit : 1500 bytes input packets : 0. dropped packets: ARP packet input number: 0 Request packet: 0 Reply packet: 0 Unknown packet: 0 Internet protocol processing : disabled Broadcast address : 0. traffic congestion may occur on low-speed links and bandwidth of high-speed links cannot be used efficiently. there are high-speed links and low-speed links. the AR150/200 uses the flow-based ECMP mode. Pre-configuration Tasks Before configuring load balancing for IP packet forwarding. these routes are equal-cost routes. ECMP evenly load balances traffic over multiple equal-cost links.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Issue 02 (2012-03-30) No. Applicable Environment On the AR150/200. complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical status of the interfaces is Up l Setting parameters for data link layer protocols on interfaces to ensure that the data link layer protocol status of the interfaces is Up Data Preparation To configure load balancing for IP packet forwarding. regardless of the bandwidth. NOTE If multiple routes to the same destination have the same preference.1 Establishing the Configuration Task Before configuring load balancing for IP packet forwarding. the same number of hops. familiarize yourself with the applicable environment. 7. Ltd. In this mode. To load balance traffic on the equal-cost links based on bandwidth. Among the equal-cost links. congestion may occur on low-speed links and bandwidth of high-speed links cannot be used efficiently. there are multiple equal-cost routes over multiple equal-cost links to a destination.. By default. you need the following data.4.4 Configuring Load Balancing for IP Packet Forwarding Unequal-Cost Multiple Path (UCMP) improves packet forwarding performance on a network. This will help you complete the configuration task quickly and accurately.IP Service timestamp mask requests time exceeded Mping request 7 IP Performance Configuration 0 0 0 0 information reply mask replies 0 0 Mping reply 0 7. and the same cost. complete the pre-configuration tasks. 181 . and obtain the data required for the configuration. configure UCMP. in which traffic is evenly load balanced among equal-cost links regardless of the bandwidth. Data 1 Number of the interface where UCMP will be enabled 2 (Optional) Number of the interface where the bandwidth will be configured manually 3 (Optional) Manually configured bandwidth Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Consequently. Huawei AR150&200 Series Enterprise Routers Configuration Guide . traffic congestion may occur on low-speed links and bandwidth of high-speed links cannot be used efficiently. l The outbound interface of the equal-cost route is a logical interface. To load balance traffic on the equal-cost links based on bandwidth. Procedure Step 1 Run: system-view The system view is displayed. Step 3 (Optional) Run: load-balance bandwidth bandwidth The bandwidth is manually configured for the interface. UCMP is disabled on an interface. you must perform step 3. Step 6 Run: undo shutdown The interface is started. Ltd.. Step 7 Run: quit Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. manually set the bandwidth of an interface in the following scenarios: l Users need to adjust the bandwidth of equal-cost links so that the equal-cost links load balance traffic based on the configured bandwidth. NOTE To configure UCMP on a logical interface. 182 . Context ECMP evenly load balances traffic over multiple equal-cost links.2 Configuring the Unequal-Cost Multiple Path During IP Packet Forwarding UCMP load balances traffic among equal-cost links based on bandwidth. When configuring the UCMP function.IP Service 7 IP Performance Configuration 7. By default. regardless of the bandwidth.4. Consequently. Step 5 Run: shutdown The interface is shut down. Step 2 Run: interface interface-type interface-number The interface view is displayed. configure UCMP. Step 4 Run: load-balance unequal-cost enable UCMP is enabled on the interface. 255/32 127. l Run the display fib [ slot-id ] destination-address1 destination-mask1 destinationaddress2 destination-mask2 [ verbose ] command to check FIB entries matching destination addresses in the range of destination-address1 destination-mask1 to destination-address2 destination-mask2. NOTE Traffic is load balanced based on bandwidth only when UCMP is enabled on outbound interfaces of all the equal-cost links and FIB entry updating is triggered. B .0. D .255. you can view the load balancing configuration.. l Run the display fib ip-prefix prefix-name [ verbose ] command to check FIB entries matching the specified IP prefix list.3 Checking the Configuration After setting the load balancing mode for IP packet forwarding.Host Route. 183 .0.Huawei AR150&200 Series Enterprise Routers Configuration Guide .Black Hole Route -----------------------------------------------------------------------------FIB Table: Total number of Routes : 4 Destination/Mask Nexthop Flag TimeStamp Interface TunnelID 127. repeat steps 2 through 7.0. l Run the display fib interface interface-type interface-number command to check FIB entries matching a specified interface.255.0/8 127.1 HU t[49] InLoop0 0x0 127.0. l Run the display fib next-hop ip-address command to check FIB entries matching a specified next hop address. l Run the display fib acl acl-number [ verbose ] command to check FIB entries matching an ACL. H .1/32 127. If UCMP is not enabled on any outbound interface.1 HU t[49] InLoop0 0x0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. l Run the display fib [ slot-id ] destination-address1 [ destination-mask1 ] [ longer ] [ verbose ] command to check FIB entries matching destination addresses. Ltd.0.1 U t[49] InLoop0 0x0 127.0. the equal-cost links evenly load balance traffic even though FIB entry updating is triggered. To configure UCMP on other interfaces.Up Route S .255.0.0.Static Route. ----End 7. ----End Example # Run the display fib command to view the summary of the FIB table.255/32 127. Procedure l Run the display fib [ slot-id ] command to check the FIB table on a specified LPU.4.0.0.Gateway Route.0. <Huawei> display fib Route Flags: G .0.1 HU t[49] InLoop0 0x0 255.Dynamic Route.IP Service 7 IP Performance Configuration Return to the system view. U . l Run the display fib [ slot-id ] statistics command to check the total number of FIB entries.255. If no response packet is received after the SYN-Wait timer expires.Huawei AR150&200 Series Enterprise Routers Configuration Guide .5. and obtain the data required for the configuration.1 Establishing the Configuration Task Before configuring TCP attributes. you need the following data. the FIN-Wait timer is started. Applicable Environment On certain networks. the SYN-Wait timer is started. 7. complete the pre-configuration tasks. If no response packet is received after the Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. This will help you complete the configuration task quickly and accurately. l FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to FIN_WAIT_2. The value of the SYN-Wait timer ranges from 2 to 600.2 Setting Values of TCP Timers You can set values of the SYN-Wait timer and FIN-Wait timer to control TCP connections. and packet receive or transmit buffer size of a connection-oriented socket 7. familiarize yourself with the applicable environment.5 Configuring TCP Attributes You can configure TCP attributes to improve network performance. Pre-configuration Tasks Before configuring TCP attributes. The default value is 75s. Ltd. Data 1 Values of the SYN-Wait timer and FIN-Wait timer. complete the following tasks: l Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up l Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up l Setting network layer protocol parameters for interfaces to ensure that the routing protocol status on the interfaces is Up Data Preparation To configure TCP attributes. 184 ..5. No. Context TCP uses the following timers: l SYN-Wait timer: When SYN packets are sent. you need to adjust TCP parameters to improve network performance.IP Service 7 IP Performance Configuration 7. the TCP connection is closed. in seconds. The default value is 0 minutes. that is. Ltd. in minutes. that is.IP Service 7 IP Performance Configuration FIN-Wait timer expires. Procedure Step 1 Run: system-view The system view is displayed. the MTU of the network is important for the hosts.. When hosts communicate with each other across multiple networks. 185 ..5. Step 3 Run: tcp timer fin-timeout interval The value of the FIN-Wait (FIN_WAIT_2) timer is set. The default value is 675s. ----End 7. Step 2 Run: tcp timer pathmtu-age age-time The aging time of the PMTU is set.3 Setting the Aging Time of the PMTU You can set a proper aging time of the path MTU (PMTU) to improve transmission efficiency and network performance. to improve network performance. the packet receive or transmit buffer size of a connection-oriented socket. Procedure Step 1 Run: system-view The system view is displayed. in seconds. Step 2 Run: tcp timer syn-timeout interval The value of the SYN-Wait timer is set. The aging time of an IPv4 PMTU is an integer ranging from 10 to 100. Context When hosts on the same network communicate with each other. the PMTU never ages.5. it is important to determine the minimum MTU on the network path because the MTUs of the link layers on different networks are different. The value of the FIN-Wait timer ranges from 76 to 3600. The minimum MTU on the network path is called the PMTU.Huawei AR150&200 Series Enterprise Routers Configuration Guide . the TCP connection is closed.4 Setting the Size of the TCP Sliding Window You can set the size of the TCP sliding window. ----End 7. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 186 . in bytes. Procedure Step 1 Run: system-view The system view is displayed. The MSS of TCP packets on an interface is an integer that ranges from 128 to 2048. l Run the display tcp statistics command to check the TCP traffic statistics. Step 3 Run: tcp adjust-mss value The MSS of TCP packets is set on the interface. ----End 7.IP Service 7 IP Performance Configuration Procedure Step 1 Run: system-view The system view is displayed. in K bytes. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the size of received or sent TCP packets is limited within the MSS so that network performance is improved. Procedure l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipv4address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port remote-port-number ] ] command to check the TCP connection status. ----End Example # Run the display tcp status command to view the TCP connection status. Step 2 Run: interface interface-type interface-number The interface view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide .5 Setting the MSS of TCP Packets on an Interface After the maximum segment size (MSS) of TCP packets on an interface is set. The default value is 8K bytes. you can view the configuration.. Ltd. Step 2 Run: tcp window window-size The packet receive or transmit buffer size of a connection-oriented socket is set. ----End 7.6 Checking the Configuration After configuring TCP attributes. The value of window-size ranges from 1 to 32.5.5. 6. Keep alive timeout.0:23 0ba8fb2c 90 /11 100. offset error: 0. too much ACK packets: 0 Sent packets: Total: 35094 Total(64bit high-capacity counter): 35094 urgent packets: 0 control packets: 0 (including 1 RST) window probe packets: 0.0.0.4:2266 VPNID State 14849 Listening 0 Established 0 Established # Run the display tcp statistics command to view the TCP traffic statistics.0:0 100.0.0.1.Huawei AR150&200 Series Enterprise Routers Configuration Guide . keep alive probe: 29072.4:1334 100.6 Maintaining IP Performance You can maintain IP performance by clearing IP performance statistics. window update packets: 0 data packets: 5364 (126736 bytes). 187 . Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1 Clearing IP Performance Statistics You can run the following reset commands to clear IP performance statistics.1. partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets of data after window: 0 (0 bytes) packets received after close: 0 ACK packets: 3757 (126230 bytes) duplicate ACK packets: 29083. Ltd.1.. short error: 0 duplicate packets: 6 (6 bytes).1. <Huawei> display tcp statistics Received packets: Total: 34574 Total(64bit high-capacity counter): 34574 packets in sequence: 2852 (3242 bytes) window probe packets: 0. so connections disconnected : 0 Initiated connections: 0.1.1. accepted connections: 16. and monitoring the IP running status.116:23 7 IP Performance Configuration Foreign Add:port 0. data packets retransmitted: 0 (0 byte s) ACK-only packets: 657 (626 delayed) Other information: Retransmitted timeout: 0.1.116:23 0ba91254 90 /12 100. window update packets: 0 checksum error: 0. initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Send Packets permitted with Keychain authentication: 0 Receive Packets permitted with Keychain authentication: 0 Receive Packets Dropped with Keychain authentication: 0 7. connections dropped in retransmitted timeout: 0 Keep alive timeout: 29072. established connecti ons: 16 Closed connections: 13 ( dropped: 10.IP Service <Huawei> display tcp status TCPCB Tid/Soid Local Add:port 0b148a24 90 /1 0. 7.1. l Run the display udp statistics command in any view to check the UDP traffic statistics. l Run the reset tcp statistics command in the user view to clear the TCP traffic statistics. Context In routine maintenance. Procedure l Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipv4address ] [ local-port local-port-number ] [ remote-ip ipv4-address ] [ remote-port remote-port-number ] ] command in any view to check the TCP connection status. l Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the user view to clear information in a socket monitor. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. 188 . Procedure l Run the reset ip statistics [ interface interface-type interface-number ] command in the user view to clear the IP traffic statistics. l Run the display fib [ slot-id ] destination-address1 destination-mask1 destinationaddress2 destination-mask2 [ verbose ] command in any view to check FIB entries matching destination addresses in the range of destination-address1 destination-mask1 to destination-address2 destination-mask2. you can run the following commands in any view to view the IP running status.2 Monitoring the IP Running Status You can monitor the IP running status by running display commands.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Exercise caution when you run the commands.IP Service 7 IP Performance Configuration Context CAUTION The IP/TCP/UDP traffic statistics cannot be restored after being cleared. ----End 7.6. Ltd. l Run the display icmp statistics command in any view to check the ICMP traffic statistics. l Run the display ip interface [ interface-type interface-number ] command in any view to check information about an interface. l Run the display fib [ slot-id ] destination-address1 [ destination-mask1 ] [ longer ] [ verbose ] command in any view to check FIB entries matching the specified destination address. l Run the display tcp statistics command in any view to check the TCP traffic statistics. l Run the display ip statistics command in any view to check the IP traffic statistics. l Run the reset udp statistics command in the user view to clear the UDP traffic statistics. l Run the display fib acl acl-number [ verbose ] command in any view to check FIB entries matching the specified ACL. l Run the display fib [ slot-id ] statistics command in any view to check the total number of FIB entries.2. ----End 7.. 189 . 7.1. to limit the sending of ICMP redirection packets.1.2/24 RouterC Issue 02 (2012-03-30) Eth1/0/0 1. RouterA. and RouterC are required to be connected with each other by using layer 3 interfaces.7.1.1. l Run the display fib [ slot-id ] command in any view to check information about the FIB table. Figure 7-1 Network diagram of Disabling the Sending of ICMP Redirection Packets RouterA Eth1/0/0 1.2. RouterB.7 Configuration Examples This section provides IP performance configuration examples. l Run the display fib next-hop ip-address command in any view to check FIB entries matching a specified next hop address. Ltd.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2/24 RouterB Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. l Run the display fib interface interface-type interface-number command in any view to check FIB entries matching a specified interface.1/24 Internet Eth1/0/0 2. l Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type socket-type ] command in any view to check the IP socket information.1 Example for Disabling the Sending of ICMP Redirection Packets Networking Requirements As shown in Figure 7-1.IP Service 7 IP Performance Configuration l Run the display fib ip-prefix prefix-name [ verbose ] command in any view to check FIB entries matching the specified IP prefix list. 2 # Configure RouterB. Ltd. Configure static routes to indirectly connected devices. [RouterB] ip route-static 2. Disable an interface from sending ICMP redirection packets. 3.1. <Huawei> system-view [Huawei] sysname RouterA [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] ip address 1. <Huawei> system-view [Huawei] sysname RouterB [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] ip address 1.0 255. # Enable ICMP packet debugging on RouterB.2. 2. [RouterA] ip route-static 2.1.255. # Configure RouterA.1 Step 3 Disable Eth1/0/0 on RouterB from sending ICMP redirection packets.1.1. Configure an IP address for each connected interface.2. Procedure Step 1 Configure IP addresses for interfaces. l IP addresses of interfaces. 190 . Data Preparation To complete the configuration. you need the following data: l Static routes to indirectly connected devices.1 24 [RouterA-Ethernet1/0/0] quit # Configure RouterB. <RouterB> debugging ip icmp Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2 24 [RouterB-Ethernet1/0/0] quit # Configure RouterC.1.1.IP Service 7 IP Performance Configuration Configuration Roadmap The configuration roadmap is as follows: 1.0 1.255. <Huawei> system-view [Huawei] sysname RouterC [RouterC] interface ethernet 1/0/0 [RouterC-Ethernet1/0/0] ip address 2.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2.0 255.1.2.2.2.1.255.0 1.255.. # Configure RouterA.2 24 [RouterC-Ethernet1/0/0] quit Step 2 Configure static routes. [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] undo icmp redirect send [RouterB-Ethernet1/0/0] quit Step 4 Verify the configuration. 2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.2.0 255.255.0 1. You can see that RouterB does not send ICMP redirection packets.0 # ip route-static 2. Ltd.255.2.1.255.2.2: 56 data bytes.255.0 255.2: bytes=56 Sequence=4 ttl=255 time=3 Reply from 2.255.2.1.2 255.2.2.255.IP Service 7 IP Performance Configuration # Ping RouterA.0 # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0 1.255.2.255.2.1.255.1.2.2.2.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2.2: bytes=56 Sequence=3 ttl=255 time=3 Reply from 2.2 # return l Configuration file of RouterB # sysname RouterB # interface Ethernet1/0/0 ip address 1. There is no information about ICMP redirection packets in the debugging command output.1.0 undo icmp redirect send # ip route-static 2.2: bytes=56 Sequence=5 ttl=255 time=3 ms ms ms ms ms --.2: bytes=56 Sequence=1 ttl=255 time=3 Reply from 2.2.2.1.2.2.2.2 255.2 PING 2.2.1 255. press CTRL_C to break Reply from 2. [RouterA] ping 2.1.1..2.2.255.2.2.2: bytes=56 Sequence=2 ttl=255 time=3 Reply from 2. 191 .2.00% packet loss round-trip min/avg/max = 3/3/3 ms ----End Configuration Files l Configuration file of RouterA # sysname RouterA # interface Ethernet1/0/0 ip address 1.1 # return l Configuration file of RouterC # sysname RouterC # interface Ethernet1/0/0 ip address 2. IP Service 8 8 IP Unicast PBR Configuration IP Unicast PBR Configuration About This Chapter By configuring IP unicast PBR.4 Configuration Examples This section includes the networking requirements. 192 . 8. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and configuration roadmap. you can ensure that a certain packet is forwarded through a specified outbound interface.. 8. you can improve the security of the network and perform load balancing.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2 PBR Supported by the AR150/200 8. Ltd. 8. precautions for configuration.1 PBR Overview This section describes the concept of PBR.3 Configuring IP Policy-based Routing By configuring IP unicast PBR. 1 PBR Overview This section describes the concept of PBR. IP unicast PBR is a routing mechanism based on user-defined policies rather than the destination IP addresses of data packets. such as ICMP and BGP packets. see Configuring Redirection in the Huawei AR150&200 Series Enterprise Routers Configuration Guide . NOTE A traffic policy can be configured on the AR150/200's interface to redirect the data packets of which the destination address is not the local address. the system forwards the packet according to the Forwarding Information Base (FIB) table. you can ensure that a certain packet is forwarded through a specified outbound interface.QoS. and configuration procedure for configuring IP unicast PBR. You can use IP unicast PBR on the interface to control some packets to pass the specified egress of the router. 8. 8. This traffic policy is invalid for the local packets sent to the CPU.Huawei AR150&200 Series Enterprise Routers Configuration Guide . complete the following tasks: l Issue 02 (2012-03-30) Configuring the interface between the router and other devices Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 193 . After a packet arrives.. Applicable Environment An internal network is connected to an external network through a router.IP Service 8 IP Unicast PBR Configuration 8. or if PBR is configured but no matching entry exists. To perform PBR on the packets generated by the router. Pre-configuration Tasks Before configuring IP unicast PBR. Ltd. the system forwards the packet according to PBR. 8. The AR150/200 enforces the PBR to only the locally sent protocol packets. pre-configuration tasks. If no PBR is configured.3. you should configure the local PBR.2 PBR Supported by the AR150/200 The AR150/200 supports packet routing based on the source IP address and packet length of the packets. PBR can flexibly select routes. Therefore. It applies to the following situations: l Load balancing: specifies a forwarding path for special packets. The router has multiple egresses to the external network.3 Configuring IP Policy-based Routing By configuring IP unicast PBR. data preparation. l Security inspection: redirects certain packets to the firewall. PBR provides security and load balancing.1 Establishing the Configuration Task This section describes the applicable environment. For details about the redirection configuration. 3. Step 3 Run: if-match packet-length min-length max-length or if-match acl acl-number The match rule of the IP packet length is set. you need the following data.. 194 . Ltd.IP Service 8 IP Unicast PBR Configuration l Configuring the link layer protocol of the interface l Configuring the ACL used for packet matching l Configuring the VPN first if you want the packet to enter VPN Data Preparation To configure IP Policy-based Routing. Data 1 PBR name.2 Defining the Matching Rule of PBR By defining the matching rule of PBR. you can determine the type of packets to which PBR is applied. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure Step 1 Run: system-view The system view is displayed.Huawei AR150&200 Series Enterprise Routers Configuration Guide . No. Step 2 Run: policy-based-route policy-name { deny | permit } node node-id A policy or a policy node is created. the policy node number and the default action to the packet 2 Maximum and the minimum byte number of the packet 3 ACL number of the matched packets 4 New precedence of the packet 5 Default next hop or output interface of the packet in the specified policy 6 Next hop or the output interface number of the packet in the specified policy 7 VPN instance name to which the packet in the specified policy belongs 8. deny means denying the packets that match the rule to pass during the policy-based routing. such as if-match acl and if-match packet-length. the new configuration supersedes the old configuration.3 Defining Actions of PBR This part describes how to define actions of PBR. – If if-match acl acl-number is used repeatedly to set ACL rules. Step 4 Run: apply ip-address default next-hop ip-address1 [ ip-address2 ] The default next hop of the packet is specified. 195 . l You can specify the routing policy by using the if-match and apply clauses. The smaller the node-id is. Procedure Step 1 Run: system-view The system view is displayed. l A routing policy contains several policy nodes. Each policy node is specified by a nodeid.3.. the new configuration supersedes the old configuration. which can be used in combination. l A single policy can include multiple if-match clauses. 8. – If if-match packet-length min-length max-length is used repeatedly to set ACL rules. NOTE The default next hop cannot be a local IP address. Step 3 Run: apply ip-precedence precedence The precedence of the IP packet is set. Step 5 Run: apply default output-interface interface-type1 interface-number1 [ interface-type2 interface-number2 ] The default outbound interface of the packet is specified. The policy of a higher preference is first executed. the higher the preference of the policy node is. including setting the outbound interface and nexthop for a packet. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 2 Run: policy-based-route policy-name { deny | permit } node node-id A policy or a policy node is created.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd. l permit means allowing the packets matching the rule to pass during the policy-based routing.IP Service 8 IP Unicast PBR Configuration Follow-up Procedure Note the following when configuring PBR: l You can use the policy to import the routes or to forward the IP packets. such as an Ethernet interface. Step 7 Run: apply output-interface interface-type interface-number The outbound interface of the packet is specified. Ltd..Huawei AR150&200 Series Enterprise Routers Configuration Guide . NOTE The outbound interface cannot be a broadcast interface. 196 . which can be used in combination. In addition. Table 8-1 Relationship between keywords and precedence Precedence Key Word 0 Routine 1 Priority 2 Immediate 3 Flash 4 Flash-override 5 Critical 6 Internet 7 Network ----End Follow-up Procedure Note the following when defining actions in PBR: l Issue 02 (2012-03-30) A policy can include multiple apply clauses. The apply ip-precedence command is used to set the precedence of the packet. NOTE The next hop cannot be a local IP address. The value of precedence ranges from 0 to 7. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.IP Service 8 IP Unicast PBR Configuration NOTE The default outbound interface cannot be a broadcast interface. Step 8 Run: apply access-vpn vpn-instance vpn-instance-name &<1-6> The VPN instance allowed to be accessed is specified. some key words can be used as the value of precedence. Table 8-1 shows the relationship between key words and precedence. Step 6 Run: apply ip-address next-hop ip-address1 [ ip-address2 ] The next hop of the packet is specified. such as an Ethernet interface. 197 . Run: system-view The system view is displayed.IP Service 8 IP Unicast PBR Configuration l If multiple next hops are specified. ----End 8. l If you run the apply output-interface command to configure two egresses at first and then run the command again to configure another one. PBR applies to only the local packets.. Procedure l Enabling local PBR 1.3. the load balancing is implemented only on outbound interfaces. Ltd. the load balancing is complemented among multiple outbound interfaces. l Run the display ip policy-based-route setup local command to check the configuration of local PBR. Run: ip local policy-based-route policy-name The local PBR is enabled.5 Checking the Configuration You can view the configuration of IP unicast PBR. l Run the display policy-based-route [ policy-name ] command to check the created policy. Prerequisites The configurations of the IP Policy-based Routing function are complete. Here. You can configure only one local policy. ----End Example Run the display ip policy-based-route command to check the enabled PBR.3. <Huawei> display ip policy-based-route Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the load balancing is complemented among multiple next hops. 8. l If outbound interfaces and next hops are configured at the same time.4 Applying PBR This part describes how to apply PBR. l Run the display ip policy-based-route statistics local command to check the statistics of the local packet that is enabled with PBR. The thirdly configured egress supersedes only the first configured one. l If multiple outbound interfaces are specified. 2. Procedure l Run the display ip policy-based-route command to check the enabled PBR.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 1.Huawei AR150&200 Series Enterprise Routers Configuration Guide . <Huawei> display ip policy-based-route setup local policy-based-route aaa permit node 5 if-match acl 2000 apply output-interface Ethernet1/0/0 Run the display ip policy-based-route statistics local command. IP unicast PBR is applied to RouterA: l The next hop address 150. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1.1.1/24 Eth2/0/0 RouterB 151.1.4. Ltd. If configurations of the local PBR are displayed. 8.1. precautions for configuration. 198 .2/24 Configuration Roadmap The configuration roadmap is as follows: l Issue 02 (2012-03-30) Assign an IP address to each interface.1.2.1. <Huawei> display ip policy-based-route statistics local Local policy based routing information: policy-based-route: aaa permit node 21 Total denied: 0. forwarded: 0 8. Networking Requirements As shown in Figure 8-1. l The next hop address 151..2 is set for packets with 1401 to 1500 bytes. Figure 8-1 Networking diagram of IP unicast PBR configurations Loopback0 10.2/24 Eth2/0/0 151.IP Service policy Name aaa 8 IP Unicast PBR Configuration interface local Run the display ip policy-based-route setup local command. the configuration is successful.1 Example for Configuring IP Unicast PBR This section provides an example for configuring IP unicast PBR.1.1/24 Eth1/0/0 150. and configuration roadmap.1.1. l Packets with other lengths are routed based on destination addresses. If statistics of local PBR is displayed.1.1.1. it means the configuration succeeds.4 Configuration Examples This section includes the networking requirements.1/24 RouterA Loopback0 10.2 is set for packets with 64 to 1400 bytes.1/24 Eth1/0/0 150.1. 1.255.0 [RouterA-Ethernet2/0/0] quit # Assign an IP address to each interface on RouterB.1 255.1.0 [RouterB-Ethernet2/0/0] quit Step 2 Configure static routes.1.1.0 24 150..1.IP Service l Configure static routes.0 24 150.1.255.1.1.1.1. <Huawei> system-view [Huawei] sysname RouterA [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] ip address 150.1.255. [RouterA] ip local policy-based-route lab1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.0 24 151.0 [RouterA-Ethernet1/0/0] quit [RouterA] interface ethernet 2/0/0 [RouterA-Ethernet2/0/0] ip address 151.1.255.Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd.0 24 151.1. l Configure a PBR route that defines rules and actions.1. 199 .2 255.1.1 [RouterB] ip route-static 10.1 Step 3 Configure a PBR route. 8 IP Unicast PBR Configuration Data Preparation To complete the configuration. # Configure a PBR route lab1.2 255.1. # Configure a static route on RouterA.2 [RouterA-policy-based-route-lab1-20] quit # Enable local PBR.2.1. [RouterA] policy-based-route lab1 permit node 10 [RouterA-policy-based-route-lab1-10] if-match packet-length 64 1400 [RouterA-policy-based-route-lab1-10] apply ip-address next-hop 150.1. # Assign an IP address to each interface on RouterA. [RouterB] ip route-static 10.1.1.2 [RouterA-policy-based-route-lab1-10] quit [RouterA] policy-based-route lab1 permit node 20 [RouterA-policy-based-route-lab1-20] if-match packet-length 1401 1500 [RouterA-policy-based-route-lab1-20] apply ip-address next-hop 151.1.2 [RouterA] ip route-static 10.1.2. <Huawei> system-view [Huawei] sysname RouterB [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] ip address 150.255.1. you need the following data: l IP address and subnet mask of each interface l Packet length and next hop address in the PBR route Procedure Step 1 Assign an IP address to each interface.255.1 255.0 [RouterB-Ethernet1/0/0] quit [RouterB] interface ethernet 2/0/0 [RouterB-Ethernet2/0/0] ip address 151.2 # Configure a static route on RouterB.1.1.255.255. [RouterA] ip route-static 10. 1.1.2 RouterA PBR/7/POLICY-ROUTING:IP Policy s : next-hop : 151.2.1 ping statistics --5 packet(s) transmitted 5 packet(s) received Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1.2 Reply from 100.1.2 15:00:37.1.1 PING 100.2.1.840.2. Ltd.1. <RouterA> ping -s 80 10.2 RouterA PBR/7/POLICY-ROUTING:IP Policy routing success RouterA PBR/7/POLICY-ROUTING:IP Policy routing success RouterA PBR/7/POLICY-ROUTING:IP Policy routing success RouterA PBR/7/POLICY-ROUTING:IP Policy routing success RouterA forwards the received packets from Ethernet1/0/0 because the next hop address in the PBR route is 150.1.1.1.2.1 PING 100.2.2.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.2.2.340.1.1 RouterA PBR/7/POLICY-ROUTING:IP Policy s : next-hop : 151.2.2.50.2 Reply from 100.1 RouterA PBR/7/POLICY-ROUTING:IP Policy s : next-hop : 151.4 : 150.2 Reply from 100.1.350.2. press CTRL_C to break Mar 9 2011 15:41:26.850.2 Reply from 100. press CTRL_C to break Mar 9 2011 15:00:35.1: 80 data bytes.1: bytes=80 Sequence=5 ttl=254 time=1 ms --.1: bytes=1401 Sequence=4 ttl=254 time=2 ms Mar 9 2011 15:41:28. ping the IP address of Loopback0 interface on RouterB and set the packet length to 1401 bytes.1. 200 .IP Service 8 IP Unicast PBR Configuration Step 4 Verify the configuration.1 RouterA PBR/7/POLICY-ROUTING:IP Policy s : next-hop : 151.2..1.1: bytes=1401 Sequence=5 ttl=254 time=2 ms routing succes routing succes routing succes routing succes routing succes routing succes --.2 : 150.1.350.1: bytes=80 Sequence=1 ttl=254 time=1 ms Reply from 100.1: bytes=80 Sequence=3 ttl=254 time=1 ms Reply from 100.340.2 Mar 9 2011 15:41:26.50.1.2.100.3 RouterA PBR/7/POLICY-ROUTING:IP Policy s : next-hop : 151.40.Huawei AR150&200 Series Enterprise Routers Configuration Guide .1.1 RouterA PBR/7/POLICY-ROUTING:IP Policy s : next-hop : 151.1.1.3 : 150. <RouterA> debugging ip policy-based-route <RouterA> terminal debugging <RouterA> terminal monitor # On RouterA.1: bytes=1401 Sequence=3 ttl=254 time=2 ms Mar 9 2011 15:41:27.1.1: bytes=1401 Sequence=1 ttl=254 time=2 ms Mar 9 2011 15:41:26.1: bytes=80 Sequence=2 ttl=254 time=1 ms Reply from 100. ping the IP address of Loopback0 interface on RouterB and set the packet length to 80 bytes.100.1.50.1. # On RouterA.2 15:00:37.2 Reply from 100.00% packet loss round-trip min/avg/max = 1/1/1 ms # The following information about the PBR route is displayed on RouterA: <RouterA> Mar 9 2011 : next-hop Mar 9 2011 : next-hop Mar 9 2011 : next-hop Mar 9 2011 : next-hop 15:00:37.1.2 Reply from 100. # Run the debugging ip policy-based-route command on RouterA to debug the PBR route. <RouterA> ping -s 1401 10.1.1.1.2.2.1.1.1.2 RouterA PBR/7/POLICY-ROUTING:IP Policy routing success : next-hop : 150.1.1: bytes=1401 Sequence=2 ttl=254 time=2 ms Mar 9 2011 15:41:27.5 : 150.1.1.1.2 15:00:37.1: bytes=80 Sequence=4 ttl=254 time=1 ms Reply from 100.1.1.1.1: 1401 data bytes.2.1.2.50.1. 1.255. ----End Configuration Files Configuration file of RouterA # sysname RouterA # interface Ethernet1/0/0 ip address 150.1.2 255.0 151.255.1 255.1.0 151. Ltd.255.1.IP Service 8 IP Unicast PBR Configuration 0.0 # ip route-static 10.1.0 255..2 # ip local policy-based-route lab1 Configuration file of RouterB # sysname RouterB # interface Ethernet1/0/0 ip address 150.2.0 # interface Ethernet2/0/0 ip address 151.255.1.2 policy-based-route lab1 permit node 20 if-match packet-length 1401 1500 apply ip-address next-hop 151.1.255.0 255.255.1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1.1.1.2 255. 201 .1.255.1.0 255.255.2.1.1.255.0 150.1.255.255.255.0 # ip route-static 10.1.255.1.1.1.1.1.1 255.255.2 # policy-based-route lab1 permit node 10 if-match packet-length 64 1400 apply ip-address next-hop 150.0 150.255.1 ip route-static 10.1.1.255.2 ip route-static 10.1.1.0 # interface Ethernet2/0/0 ip address 151.2.1.1.00% packet loss round-trip min/avg/max = 2/2/2 ms RouterA forwards the received packets from Ethernet2/0/0 because the next hop address in the PBR route is 151.Huawei AR150&200 Series Enterprise Routers Configuration Guide .0 255. Ltd. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 202 .IP Service 9 9 UDP Helper Configuration UDP Helper Configuration About This Chapter This chapter describes the principle and configuration of UDP helper. and provides configuration examples.2 UDP Helper Features Supported by the AR150/200 This section describes the UDP helper features supported by the AR150/200. 9.5 Configuration Examples This section provides a UDP helper configuration example.. 9. 9.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 9. 9.4 Maintaining UDP Helper This section describes how to maintain UDP helper.3 Configuring UDP Helper This section describes how to configure UDP helper to relay broadcast packets with a specified UDP port.1 UDP Helper Overview This section describes the principle of UDP helper. enable the DHCP relay function.IP Service 9 UDP Helper Configuration 9. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Other UDP ports must be configured manually after UDP helper is enabled. Ltd. 203 . Table 9-1 List of default UDP ports Protocol UDP Port Number Trivial File Transfer Protocol (TFTP) 69 Domain Name System (DNS) 53 Time Service 37 NetBIOS Name Service (NetBIOSNS) 137 NetBIOS Datagram Service (NetBIOSDS) 138 Terminal Access Controller Access Control System (TACACS) 49 The UDP helper function cannot relay Dynamic Host Configuration Protocol (DHCP) messages. so the destination port numbers cannot be set to 67 or 68.. After UDP helper is enabled on the AR150/200. broadcast packets cannot reach the server and the host cannot obtain the configuration from the server. If the host and the server are located in different broadcast domains. It can relay broadcast packets with specified UDP ports by converting broadcast packets into unicast packets and sending the unicast packets to the specified destination server.1 UDP Helper Overview This section describes the principle of UDP helper. the AR150/200 relays broadcast packets with the default UDP ports to corresponding destination servers. A host on an intranet needs to obtain the configuration from a server by sending broadcast packets such as UDP broadcast packets.Huawei AR150&200 Series Enterprise Routers Configuration Guide . To relay DHCP messages. 9. Table 9-1 lists the default UDP ports.2 UDP Helper Features Supported by the AR150/200 This section describes the UDP helper features supported by the AR150/200. The AR150/200 provides the UDP Helper function to solve this problem. The AR150/200 provides the UDP Helper function to solve this problem. 9. Context After UDP helper is enabled.1 Establishing the Configuration Task Before configuring UDP helper. and obtain the data required for the configuration. you need the following data. complete the pre-configuration tasks. broadcast packets cannot reach the server and the host cannot obtain the configuration from the server. Ltd.3 Configuring UDP Helper This section describes how to configure UDP helper to relay broadcast packets with a specified UDP port. complete the following task: l Configuring a reachable route from the AR150/200 to the destination server Data Preparation To configure UDP helper. 204 .3. familiarize yourself with the applicable environment.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2 Enabling UDP Helper This section describes how to enable UDP helper. Data 1 (Optional) UDP ports of packets need to be relayed 2 Interface that relays packets of UDP ports and IP address of the destination server 9. No. the Router changes the Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Applicable Environment A host on an intranet needs to obtain the configuration from a server by sending broadcast packets such as UDP broadcast packets.3. Pre-configuration Tasks Before configuring UDP helper. If the host and the server are located in different broadcast domains. This will help you complete the configuration task quickly and accurately. the Router checks the destination UDP port of a received broadcast packet and determines whether to relay the packet: l Issue 02 (2012-03-30) If the packet destination UDP port number is the same as the specified UDP port number and the destination MAC address is a broadcast MAC address.. It can relay broadcast packets with specified UDP ports by converting broadcast packets into unicast packets and sending the unicast packets to the specified destination server.IP Service 9 UDP Helper Configuration 9. ----End 9. the AR150/200 relays broadcast packets with UDP ports 37. Step 2 Run: udp-helper enable UDP helper is enabled.Huawei AR150&200 Series Enterprise Routers Configuration Guide . 205 . Step 2 Run: udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } The UDP port of packets to be relayed is configured. 49.3. you can skip this configuration procedure. Ltd.IP Service 9 UDP Helper Configuration destination IP address in the IP packet header and sends the packet to a specified destination server. l If the destination UDP port number of packets is different from the specified UDP port number. and 138 by default. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Prerequisites UDP helper has been enabled.3 (Optional) Configuring a UDP Port for Packets to Be Relayed This section describes how to configure a UDP port for packets to be relayed. Perform the following operations on the AR150/200. Procedure Step 1 Run: system-view The system view is displayed. If the port number that needs to be configured is in the range of default UDP port numbers.4 Configuring a Destination Server This section describes how to configure a destination server.. Procedure Step 1 Run: system-view The system view is displayed. 53. The AR150/200 does not relay DHCP messages with UDP ports 67 or 68. Context After the UDP helper function is enabled.3. 69. the Router discards the packet. ----End 9. 137. 2 0 Ethernet1/0/0.3.Huawei AR150&200 Series Enterprise Routers Configuration Guide .. 206 . l Run the display udp-helper port command to check the UDP port numbers of the packets that need to be relayed.1. the interface forwards a received packet to the specified destination server if the destination UDP port of the packet received by an interface is the same as the specified UDP port.5 Checking the Configuration Procedure l Run the display udp-helper server command to check the numbers of the interfaces that have relayed UDP packets. IP addresses of destination servers. ----End 9.200 0 # Run the display udp-helper port command to view the UDP port numbers of the packets that need to be relayed. Step 2 Run: interface interface-type interface-number The interface view is displayed. and the number of forwarded UDP packets.1 192.168. Step 3 Run: udp-helper server ip-address A destination server is configured.1.1. ----End Example # Run the display udp-helper server command to view UDP helper information.IP Service 9 UDP Helper Configuration Procedure Step 1 Run: system-view The system view is displayed. After UDP helper is enabled. <Huawei> display udp-helper server Server-interface Server-Ip packet-num -----------------------------------------------------------------------Vlanif20 1. <Huawei> display udp-helper port Udp-Port-Number Description ------------------------------------------------------------1 TCP Port Service Multiplexer 37 Time 49 Login Host Protocol 53 Domain Name Server 69 Trivial File Transfer 137 NETBIOS Name Service 138 NETBIOS Datagram Service Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. The interface must be a VLANIF interface. When the Router receives a broadcast NetBIOS-NS Register packet.1 Example for Configuring UDP Helper Networking Requirements As shown in Figure 9-1. the IP address of VLANIF 100 on the Router is 10.110.1/16.255 and 10.1/16. the IP address of the NetBIOS-NS name server is 10. and there is a reachable route between the Router and the NetBIOS-NS name server. 9.5.1. ----End 9. 9.255.2. Procedure Step 1 Run the reset udp-helper packet command in the user view to clear UDP helper statistics. Ltd. Exercise caution when you run the reset udp-helper packet command.255 to the NetBIOS-NS name server.255. The Router and the NetBIOS-NS name server are in different network segments.5 Configuration Examples This section provides a UDP helper configuration example. it changes the destination IP address to the IP address of the NetBIOS-NS name server and forwards the packet to the NetBIOS-NS name server.IP Service 9 UDP Helper Configuration 9.1.110.4.1 Clearing the UDP Helper Statistics Context CAUTION UDP helper statistics cannot be restored after being cleared.4 Maintaining UDP Helper This section describes how to maintain UDP helper.Huawei AR150&200 Series Enterprise Routers Configuration Guide . The Router is configured to forward broadcast packets with destination UDP port number 137 and destination IP addresses 255.255. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. 207 . NOTE After UDP helper is enabled on the Router. does not need to be configured here..IP Service 9 UDP Helper Configuration Figure 9-1 Network diagram for configuring UDP helper Internet Ethernet0/0/0 VLANIF100 10. 2. therefore. Data Preparation To complete the configuration.1/16 Router PC1 NETBIOS-NS Name Server 10. 208 .Huawei AR150&200 Series Enterprise Routers Configuration Guide . Ltd.2. [Router] vlan 100 [Router-Vlan100] quit [Router] interface ethernet 0/0/0 [Router-Ethernet0/0/0] port hybrid pvid vlan 100 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the Router forwards broadcast packets with destination UDP port 137 by default.1/16 PC2 Configuration Roadmap The configuration roadmap is as follows: 1.110. and configure the destination server to which UDP packets will be relayed on the VLANIF interface. The UDP port number. <Huawei> system-view [Huawei] sysname Router [Router] udp-helper enable Step 2 Add Ethernet0/0/0 to VLAN 100.1.1. configure an IP address for the VLANIF interface. you need the following data: l VLANIF interface from which UDP packets will be relayed l IP address of the destination server Procedure Step 1 Enable UDP helper. Create a VLAN and a VLANIF interface. Enable UDP helper on the Router. IP Service 9 UDP Helper Configuration [Router-Ethernet0/0/0] port hybrid untagged vlan 100 [Router-Ethernet0/0/0] quit Step 3 Configure a destination server. The destination server configured on VLANIF 100 is the NetBIOS-NS name server.1 quit Step 4 Verify the configuration.1. [Router] interface [Router-Vlanif100] [Router-Vlanif100] [Router-Vlanif100] [Router] quit vlanif 100 ip address 10.1 # return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1.1.1 packet-num 0 ----End Configuration Files Configuration file of the Router # sysname Router # udp-helper enable # vlan batch 100 # interface Ethernet0/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # interface Vlanif100 ip address 10.1 16 udp-helper server 10.1 255.Huawei AR150&200 Series Enterprise Routers Configuration Guide .2.110.2.1. <Router> display udp-helper server Server-interface Server-Ip Vlanif100 10.0 udp-helper server 10.1. 209 .255. Ltd.110..0.2.
Copyright © 2024 DOKUMEN.SITE Inc.