Escolar Documentos
Profissional Documentos
Cultura Documentos
V100R006C00
01
Date
2011-07-15
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2011-07-15)
NM configuration engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 01 (2011-07-15)
TIP
NOTE
ii
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... }*
[ x | y | ... ]*
&<1-n>
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all changes made in previous issues.
Issue 01 (2011-07-15)
iii
Contents
Contents
About This Document.....................................................................................................................ii
1 IP Addresses Configuration........................................................................................................1
1.1 Introduction to IP Addresses..............................................................................................................................2
1.2 Features of IP Addresses Supported by the S2700.............................................................................................2
1.3 Configuring IP Addresses for Interfaces............................................................................................................3
1.3.1 Establishing the Configuration Task.........................................................................................................3
1.3.2 Configuring a Primary IP Address for an Interface...................................................................................3
1.3.3 (Optional) Configuring a Secondary IP Address for an Interface.............................................................4
1.3.4 Checking the Configuration.......................................................................................................................4
1.4 Configuration Examples.....................................................................................................................................5
1.4.1 Example for Setting Primary and Secondary IP Addresses......................................................................5
2 ARP Configuration........................................................................................................................8
2.1 Overview of ARP...............................................................................................................................................9
2.2 ARP Features Supported by the S2700..............................................................................................................9
2.3 Configuring Static ARP....................................................................................................................................10
2.3.1 Establishing the Configuration Task.......................................................................................................10
2.3.2 Configuring Common Static ARP Entries...............................................................................................11
2.3.3 Configuring Static ARP Entries in a VLAN...........................................................................................11
2.3.4 Checking the Configuration.....................................................................................................................12
2.4 Optimizing Dynamic ARP................................................................................................................................12
2.4.1 Establishing the Configuration Task.......................................................................................................13
2.4.2 Modify the aging parameters of dynamic ARP.......................................................................................13
2.4.3 Enabling ARP Suppression Function......................................................................................................14
2.4.4 Enabling Layer 2 Topology Detection Function.....................................................................................14
2.4.5 Checking the Configuration.....................................................................................................................14
2.5 Configuring Routed Proxy ARP.......................................................................................................................15
2.5.1 Establishing the Configuration Task.......................................................................................................15
2.5.2 Configure an IP Addresses for the Interface............................................................................................16
2.5.3 Enabling the Routed Proxy ARP Function..............................................................................................16
2.5.4 Checking the Configuration.....................................................................................................................16
2.6 Configuring Proxy ARP Within a VLAN........................................................................................................17
2.6.1 Establishing the Configuration Task.......................................................................................................17
Issue 01 (2011-07-15)
iv
Contents
3 IP Performance Configuration..................................................................................................35
3.1 Introduction to IP Performance........................................................................................................................36
3.2 IP Performance Supported by the S2700..........................................................................................................36
3.3 Optimizing IP Performance..............................................................................................................................36
3.3.1 Establishing the Configuration Task.......................................................................................................36
3.3.2 Enabling an Interface to Check the Source IP Addresses of Packets......................................................37
3.3.3 Configuring ICMP Attributes..................................................................................................................38
3.3.4 Setting TCP Parameters...........................................................................................................................38
3.3.5 Checking the Configuration.....................................................................................................................39
3.4 Maintaining IP Performance.............................................................................................................................40
3.4.1 Clearing IP Performance Statistics..........................................................................................................40
3.4.2 Monitoring the Running Status of IP Performance.................................................................................41
3.4.3 Debugging IP Performance.....................................................................................................................41
3.5 Configuration Examples...................................................................................................................................42
3.5.1 Example for Disabling the Sending of ICMP Host Unreachable Packets...............................................42
4 DNS Configuration.....................................................................................................................46
4.1 Introduction to DNS.........................................................................................................................................47
4.2 DNS Supported by the S2700...........................................................................................................................47
4.3 Configuring DNS..............................................................................................................................................47
4.3.1 Establishing the Configuration Task.......................................................................................................47
4.3.2 Configuring Static DNS Entries..............................................................................................................48
4.3.3 Configuring Dynamic DNS.....................................................................................................................48
4.3.4 Checking the Configuration.....................................................................................................................49
4.4 Maintaining DNS..............................................................................................................................................50
Issue 01 (2011-07-15)
Contents
Issue 01 (2011-07-15)
vi
Contents
Issue 01 (2011-07-15)
vii
1 IP Addresses Configuration
IP Addresses Configuration
Issue 01 (2011-07-15)
1 IP Addresses Configuration
The S2700 supports the space overlapping of network segment addresses to save the address
space.
l
Different IP addresses in the overlapped network segments but not same can be configured
on different interfaces of the same device. For example, after an interface on a device is
configured with the IP address 20.1.1.1/16, if another interface is configured with the IP
address 20.1.1.2/24, the system prompts a message. However, the configuration is still
successful; if another interface is configured with the IP address 20.1.1.2/16, the system
prompts an IP address conflict. The configuration fails.
The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on the same interface. For example, after the interface is
configured with a primary IP address 20.1.1.1/24, if the secondary IP address is 20.1.1.2/16
sub, the system prompts a message. However, the configuration is still successful.
The primary IP address and the secondary IP address in the overlapped network segments
but not same can be configured on different interfaces of the same device. However, the
primary IP address and the secondary IP address cannot be the same. For example, after an
interface on a device is configured with the IP address 20.1.1.1/16, if another interface is
configured with the IP address 20.1.1.2/24 sub, the system prompts a message. However,
the configuration is still successful.
The S2700 supports 31-bit IP address masks. Therefore, there are only two IP addresses in a
network segment, that is, the network address and broadcast address. The two IP addresses can
be used as host addresses.
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Applicable Environment
To start IP services on an interface, configure the IP address for the interface. You can assign
several IP addresses to each interface. Among them, one is the primary IP address and the others
are secondary IP addresses.
Generally, you need to configure only a primary IP address for an interface. Secondary IP
addresses, however, are required in some cases. For instance, when a device connects to a
physical network through an interface, and computers on this network belong to two Class C
networks, you need to configure a primary IP address and a secondary IP address for this interface
to ensure that the device can communication with all computers on this network.
Pre-configuration Tasks
Before configuring an IP addresses for an interface, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the physical layer
status of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IP addresses for an interface, you need the following data.
No.
Data
Interface number
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the IP addresses for the interface are complete.
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Procedure
l
----End
Networking Requirements
As shown in Figure 1-1, Ethernet 0/0/1 of the Switch is connected to a LAN, in which hosts
belong to two different network segments, that is 172.16.1.0/24 and 172.16.2.0/24. It is required
that the Switch can access the two network segments but the host in 172.16.1.0/24 cannot
interconnect with the host in 172.16.2.0/24.
Figure 1-1 Networking diagram for setting IP addresses
172.16.1.0/24
Switch
Ethernet 0/0/1
VLANIF 100
172.16.1.1/24
172.16.2.1/24 sub
172.16.2.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
Analyze the address of the network segment to which each interface is connected.
2.
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Data Preparation
To complete the configuration, you need the following data.
l
Procedure
Step 1 Set the IP address for VLANIF 100 where Ethernet 0/0/1 of the Switch belongs.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-Vlan100] quit
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port hybrid pvid vlan 100
[Quidway-Ethernet0/0/1] port hybrid untagged vlan 100
[Quidway-Ethernet0/0/1] quit
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ip address 172.16.1.1 24
[Quidway-Vlanif100] ip address 172.16.2.1 24 sub
time=25
time=27
time=26
time=26
time=26
ms
ms
ms
ms
ms
Ping a host on network segment 172.16.2.0 from the Switch. The ping succeeds.
<Quidway> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26
--- 172.16.2.2 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
ms
ms
ms
ms
ms
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan 100
#
interface Vlanif100
Issue 01 (2011-07-15)
1 IP Addresses Configuration
Issue 01 (2011-07-15)
2 ARP Configuration
ARP Configuration
Issue 01 (2011-07-15)
2 ARP Configuration
ARP
ARP is classified into the following types: dynamic ARP and static ARP.
l
Static ARP means the mapping between manually configured IP addresses and MAC
addresses.
Dynamic ARP means that the ARP mapping table is dynamically maintained by the ARP
protocol.
proxy ARP
The S2700 supports the following types of proxy ARP:
NOTE
The S2700SI does not support Intra-VLAN proxy ARP and Inter-VLAN proxy ARP.
Issue 01 (2011-07-15)
2 ARP Configuration
The switch enabled with proxy ARP can also hide the details of the physical networks and
implement the communication between hosts that are in different physical networks but on
the same network segment.
l
Applicable Environment
Static ARP is used in the following situations:
l
For the packets whose destination IP address is on another network segment, static ARP
can help these packets traverse a gateway of the local network segment so that the gateway
can forward the packets to their destination.
When you need to filter out some packets with illegitimate destination IP addresses, static
ARP can bind these illegitimate addresses to a nonexistent MAC address.
Issue 01 (2011-07-15)
10
2 ARP Configuration
Pre-configuration Tasks
Before configuring ARP, complete the following tasks:
l
Configuring physical parameters for the interface and ensuring that the status of the physical
layer of the interface is Up
Configuring link layer protocol parameters for the interface and ensuring that the status of
the link layer protocol on the interface is Up
Data Preparation
To configure ARP, you need the following data.
No.
Data
VPN instance name and VLAN ID to which the static ARP entry belongs
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
----End
11
2 ARP Configuration
Context
If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device
simultaneously, the virtual IP address of the VRRP backup group configured on the VLAN
interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host
routes are generated and thus packets cannot be normally forwarded.
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the ARP function are complete.
Procedure
l
Run the display arp statistics { all } command to check the statistics for ARP entries.
----End
Issue 01 (2011-07-15)
12
2 ARP Configuration
Applicable Environment
Dynamic ARP is one of functions owned by a device or host. You do not need to run a command
to enable dynamic ARP but you can modify some parameters of dynamic ARP.
Pre-configuration Tasks
None
Data Preparation
Optimizing dynamic ARP, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
The number of aging detection times of the dynamic ARP entries is configured.
Step 4 Run:
arp expire-time expire-times
13
2 ARP Configuration
By default, the aging detection times of the dynamic ARP entries is three, and the aging timeout
period is 1200 seconds.
Step 5 Run:
arp detect-mode unicast
The interface is configured to send ARP Aging Detection packets in unicast mode.
By default, an interface sends ARP Aging Detection packets in broadcast mode.
----End
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
14
2 ARP Configuration
Prerequisite
The configurations of the ARP function are complete.
Procedure
l
Run the display arp statistics { all } command to check the statistics for ARP entries.
----End
Applicable Environment
The two physical networks of an enterprise are in different subnets of the same IP network, and
are separated by a device. You need to enable the proxy ARP on the device interface connected
to the physical networks. This enables communication between the two networks.
Network IDs of subnet hosts must be the same. You need not configure default gateways for
hosts.
Pre-configuration Tasks
Before configuring routed proxy ARP, complete the following tasks:
l
Configuring the physical parameters for the interface and ensuring that the status of the
physical layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure routed proxy ARP, you need the following data.
Issue 01 (2011-07-15)
No.
Data
15
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
16
2 ARP Configuration
Prerequisite
The configurations of the routed proxy ARP function are complete.
Procedure
l
Run the display arp statistics command to check statistics about ARP entries.
----End
Applicable Environment
If two users are in the same VLAN but they are isolated from each other, to ensure the two users
can communicate, you need to enable proxy ARP within the VLAN on the interface associated
with the VLAN.
Pre-configuration Tasks
Before configuring proxy ARP within a VLAN, complete the following tasks:
l
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
Data Preparation
To configure proxy ARP within a VLAN, you need the following data.
Issue 01 (2011-07-15)
No.
Data
VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN
17
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
18
2 ARP Configuration
Prerequisite
The configurations of the proxy ARP within a VLAN function are complete.
Procedure
l
Run the display arp statistics command to check statistics about ARP entries.
----End
Applicable Environment
If two users belong to different VLANs and they need to communicate, you need to enable proxy
ARP between VLANs on the sub-interface associated with the VLAN.
IP addresses of hosts in a VLAN must be in the same network segment.
Pre-configuration Tasks
Before configuring proxy ARP between VLANs, complete the following tasks:
l
Configuring physical attributes for the interface and ensuring that the status of the physical
layer of the interface is Up
Data Preparation
To configure proxy ARP between VLANs, you need the following data.
Issue 01 (2011-07-15)
No.
Data
VLAN ID associated with the interface to be enabled with proxy ARP between
VLANs
19
2 ARP Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
20
2 ARP Configuration
Prerequisite
The configurations of Proxy ARP Between VLANs are complete.
Procedure
l
Run the display arp statistics command to check statistics about ARP entries.
----End
Context
CAUTION
l The mapping between the IP and MAC addresses is deleted after you clear ARP entries. So,
confirm the action before you use the command.
l The static ARP entries cannot restore after you clear it. So, confirm the action before you
use the command.
Procedure
Step 1 Run the reset arp { all | dynamic | interface interface-type interface-number | static } command
in the user view to clear the ARP entries in the ARP mapping table.
----End
Context
In routine maintenance, you can run the following command in any view to check the operation
of ARP.
Issue 01 (2011-07-15)
21
2 ARP Configuration
Procedure
l
Run the display arp interface interface-type interface-number command in any view to
check the information about the ARP mapping table based on interfaces.
----End
Context
CAUTION
Debugging affects the performance of the system. Thus, after debugging, run the undo
debugging all command to disable debugging immediately. When the CPU usage is close to
100%, debugging ARP may cause the board resetting. So, confirm the action before you use the
command.
When faults occur during ARP operation, run the following debugging command in the user
view to debug ARP and locate the fault.
For more information, see chapter "Information Center Configuration" in the Quidway S2700
Series Ethernet Switches Configuration Guide-System Management. For descriptions about the
debugging commands, see the Quidway S2700 Series Ethernet Switches Debugging
Reference.
Procedure
l
----End
22
2 ARP Configuration
To adapt to fast changes of the network and ensure correct forwarding of packets, dynamic
ARP parameters should be set on VLANIF 2 of the Switch.
To ensure the security of the server and prevent invalid ARP packets, a static ARP entry
should be created on GE 0/0/2 of the Switch, with the IP address of the router being 10.2.2.3
and the MAC address being 00e0-fc01-0000.
Server
Internet
Router
GE0/0/2
Switch
GE0/0/1
LSW
PC1
PC2
PC2
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
VLANIF 2 with the IP address being 2.2.2.2 and subnet mask being 255.255.255.0, aging
time of ARP entries being 60s, and number of detection times being 2
VLANIF 3 with the IP address being 10.2.2.2 and subnet mask being 255.255.255.0
Issue 01 (2011-07-15)
23
2 ARP Configuration
Interface connecting the router and the Switch, with the IP address being 10.2.2.3, subnet
mask being 255.255.255.0, and MAC address being 00e0-fc01-0000
Procedure
Step 1 Create a VLAN and add an interface to the VLAN.
# Create VLAN 2 and VLAN 3.
<Quidway> system-view
[Quidway] vlan batch 2 3
0/0/1
hybrid tagged vlan 2
0/0/2
hybrid tagged vlan 3
# Create VLANIF 3.
[Quidway] interface vlanif 3
----End
Issue 01 (2011-07-15)
24
2 ARP Configuration
Configuration Files
The following is the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 3
#
interface Vlanif2
ip address 2.2.2.2 255.255.255.0
arp expire-time 60
arp detect-times 2
#
interface Vlanif3
ip address 10.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 3
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2
#
return
Host A
172.16.1.2/16
0000-5e33-ee20
Host B
172.16.2.2/16
0000-5e33-ee10
GE0/0/1
172.16.1.1/24
GE0/0/2
172.16.2.1/24
VLAN 2
VLAN 3
Switch
Ethernet A
Ethernet B
Configuration Roadmap
The configuration roadmap is as follows:
1.
Issue 01 (2011-07-15)
25
2.
2 ARP Configuration
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Create VLAN 2 and add GE 0/0/1 to VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type access
[Quidway-GigabitEthernet0/0/1] port default vlan 2
[Quidway-GigabitEthernet0/0/1] quit
Configuration Files
Configuration file of the Switch
#
sysname Quidway
Issue 01 (2011-07-15)
26
2 ARP Configuration
#
vlan batch 2 to 3
#
interface Vlanif2
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Vlanif3
ip address 172.16.2.1 255.255.255.0
arp-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
#
return
Host A should communicate with host B at Layer 3 through intra-VLAN proxy ARP.
The IP address and subnet mask of the VLANIF interface in Super-VLAN 3 should be 10.10.10.1
and 255.255.255.0.
Figure 2-3 Networking diagram for configuring intra-VLAN proxy ARP
Internet
Switch
GE0/0/2
GE0/0/1
hostB
10.10.10.3/24
00-e0-fc-00-00-03
hostA
10.10.10.2/24
00-e0-fc-00-00-02
sub-VLAN2
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-07-15)
27
2 ARP Configuration
1.
2.
3.
Create a VLANIF interface of the Super-VLAN and assign an IP address to the VLANIF
interface.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure the Super-VLAN and Sub-VLAN.
# Configure Sub-VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
0/0/1
link-type access
default vlan 2
0/0/2
link-type access
default vlan 2
28
2 ARP Configuration
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
-----------------------------------------------------------------------------10.10.10.1
0018-2000-0083
I Vlanif3
10.10.10.2
00e0-fc00-0002 19
D-0
GE0/0/1
2
10.10.10.3
00e0-fc00-0003 19
D-0
GE0/0/2
2
-----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
----End
Configuration Files
The following lists the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
port-isolate enable group 1
#
return
Hosts in VLAN 2 and VLAN 3 should be pinged mutually after inter-VLAN proxy ARP
is enabled.
Issue 01 (2011-07-15)
29
2 ARP Configuration
Switch
VLAN2
VLAN3
VLAN4
VLAN2
VLAN3
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Create an VLANIF interface of the Super-VLAN and assign an IP address to the VLANIF
interface.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure the Super-VLAN and Sub-VLAN.
# Configure Sub-VLAN 2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
Issue 01 (2011-07-15)
30
2 ARP Configuration
[Quidway-Ethernet0/0/1] quit
[Quidway] interface ethernet 0/0/2
[Quidway-Ethernet0/0/2] port link-type access
[Quidway-Ethernet0/0/2] port default vlan 2
[Quidway-Ethernet0/0/2] quit
# Configure Sub-VLAN 3.
<Quidway> system-view
[Quidway] vlan 3
[Quidway-vlan3] quit
0/0/3
link-type access
default vlan 3
0/0/4
link-type access
default vlan 3
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN/CEVLAN
-----------------------------------------------------------------------------10.10.10.1
0018-2000-0083
I Vlanif4
10.10.10.2
00e0-fc00-0002 19
D-0
Eth0/0/1
2/10.10.10.3
00e0-fc00-0003 19
D-0
Eth0/0/2
2/10.10.10.4
00e0-fc00-0004 19
D-0
Eth0/0/3
3/10.10.10.5
00e0-fc00-0005 19
D-0
Eth0/0/4
3/-----------------------------------------------------------------------------Total:5
Dynamic:4
Static:0
Interface:1
----End
Issue 01 (2011-07-15)
31
2 ARP Configuration
Configuration Files
The following lists the configuration file of the Switch.
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.10.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
#
interface Ethernet0/0/2
port link-type access
port default vlan 2
#
interface Ethernet0/0/3
port link-type access
port default vlan 3
#
interface Ethernet0/0/4
port link-type access
port default vlan 3
#
return
Switch
VLANIF100
10.1.1.2/24
PC A
10.1.1.1/24
Issue 01 (2011-07-15)
VLAN100
PC B
10.1.1.3/24
32
2 ARP Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Create VLAN 100 and add the two GE interfaces of the Switch to VLAN 100 in default mode.
# Create VLANIF 100 and assign an IP addresses to VLANIF 100.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-vlan100] quit
[Quidway] interface vlanif 100
[Quidway-vlanif100] ip address 10.1.1.2 24
[Quidway-vlanif100] quit
0/0/1
link-type access
default vlan 100
0/0/2
link-type access
default vlan 100
Step 3 Restart GE 0/0/1 and view changes of the ARP entries and aging time.
# View ARP entries on the Switch. You can find that the Switch has learnt the MAC address of
the PC.
[Quidway] display arp all
IP ADDRESS
MAC ADDRESS
INSTANCE
EXPIRE(M)
TYPE
INTERFACE
VPN-
VLAN
----------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.1
00e0-c01a-4901 20
D-0
GE0/0/1
10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
----------------------------------------------------------------------------Total:3
Dynamic:2
Static:0
Interface:1
# Run the shutdown command and then the undoshutdown command on GE 0/0/1 to view the
aging time of ARP entries.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] shutdown
[Quidway-GigabitEthernet0/0/1] undo shutdown
[Quidway-GigabitEthernet0/0/1] display arp all
Issue 01 (2011-07-15)
33
2 ARP Configuration
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 0
D-0
GE0/0/2
-----------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
NOTE
According to the displayed information, the ARP entry learned from GE 0/0/1 is deleted after GE 0/0/1 is
shut down. The aging time of ARP entries learned from GE 0/0/2 becomes 0 after GE0/0/1 is restored and
becomes Up again. When the aging time is 0, the Switch sends an ARP probe packet for updating ARP
entries.
[Quidway-GigabitEthernet0/0/1] display arp all
IP ADDRESS
MAC ADDRESS
EXPIRE(M) TYPE
INTERFACE
VPN-INSTANCE
VLAN
---------------------------------------------------------------------------10.1.1.2
00e0-c01a-4900
I Vlanif100
10.1.1.3
00e0-de24-bf04 20
D-0
GE0/0/2
---------------------------------------------------------------------------Total:2
Dynamic:1
Static:0
Interface:1
NOTE
After the ARP entry is updated, the aging time is restored to the default value, 20 minutes.
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
L2-topolgy detect enable
#
vlan 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
return
Issue 01 (2011-07-15)
34
3 IP Performance Configuration
IP Performance Configuration
Issue 01 (2011-07-15)
35
3 IP Performance Configuration
Pre-configuration Tasks
Before optimizing IP performance, complete the following tasks:
l
Issue 01 (2011-07-15)
Connecting interfaces and setting physical parameters of the interfaces to ensure that the
physical layer of the interfaces is in the Up state
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
36
3 IP Performance Configuration
Setting parameters of the link layer protocol for the interfaces to ensure that the status of
the link layer protocol on the interfaces is Up
Data Preparation
To optimize IP performance, you need the following data.
No.
Data
Number of the interface which needs to forward broadcast packets and ACL number
which is used to specify the broadcast packets
SYN-WAIT timer, FIN-WAIT timer, receiving and sending buffer size of the socket
Procedure
Step 1 Run:
system-view
A VLAN is created.
Step 3 Run:
quit
Issue 01 (2011-07-15)
37
3 IP Performance Configuration
CAUTION
l If the transmission of ICMP host unreachable messages is disabled, the device no longer
sends the ICMP host unreachable message.
Do as follows on the S2700:
Procedure
Step 1 Run:
system-view
SYN-Wait timer: When sending packets with the SYN flag, TCP starts the SYN-Wait timer.
If no response is received before the SYN-Wait timer expires, the TCP connection ends.
The timeout interval of the TCP SYN-Wait timer is an integer that ranges from 2 to 600,
in seconds. By default, the value is 75s.
FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer is enabled. If no packet with the FIN flag is received
before the FIN-Wait timer expires, the TCP connection ends. The timeout interval of the
Issue 01 (2011-07-15)
38
3 IP Performance Configuration
TCP FIN-Wait timer is an integer that ranges from 76 to 3600, in seconds. By default, the
value is 675s.
l
Size of the packet receive or transmit buffer: The value is an integer that ranges from 1 to
32, in Kbytes. By default, the value is 8 Kbytes.
If you run the tcp window command repeatedly in the same system view, the latest configuration
overrides the previous configuration.
Do as follows on the S2700.
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status.
Run the display tcp statistics command to check the statistics on TCP traffic.
Run the display udp statistics command to check the statistics on UDP traffic.
Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
socket-type ] command to check information about the created IPv4 socket.
Run the display icmp statistics command to check the statistics on ICMP traffic.
Run the display rawlink statistics command to check the Rawlink statistics.
Run the display fib [ slot-id ] command to check the Forwarding Information Base (FIB)
table on the Line Processing Unit (LPU).
Issue 01 (2011-07-15)
39
3 IP Performance Configuration
Run the display fib [ slot-id ] [ verbose ] command to check information about the FIB
table.
Run the display fib acl acl-number [ verbose ] command to check information about the
FIB entries that match ACL rules in a certain format.
Run the display fib ip-prefix prefix-name [ verbose ] command to check information about
the FIB entries that match a specified IP prefix list.
Run the display fib next-hop ip-address command to check information about the FIB
entries that match the specified next hop address.
Run the display fib [ slot-id ] statistics command to check the total number of FIB entries.
----End
CAUTION
The statistics on IP, TCP, or UDP traffic cannot be restored after you clear them. So, confirm
the action before you use the command.
Procedure
l
Run the reset ip socket monitor [ task-id task-id socket-id socket-id ] command in the
user view to clear the information about the socket monitor.
Run the reset tcp statistics command in the user view to clear the statistics on TCP traffic.
Run the reset udp statistics command in the user view to clear the statistics on UDP traffic.
Run the reset rawlink statistics command in the user view to clear the Rawlink statistics.
----End
Issue 01 (2011-07-15)
40
3 IP Performance Configuration
Procedure
l
Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ipaddress ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remoteport-number ] ] command to check the TCP connection status.
Run the display tcp statistics command to check the statistics on TCP traffic.
Run the display udp statistics command to check the statistics on UDP traffic.
Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | sock-type
socket-type ] command to check information about the created IPv4 socket.
Run the display icmp statistics command to check the statistics on ICMP traffic.
Run the display rawlink statistics command to check the Rawlink statistics.
Run the display fib [ slot-id ] command to check the FIB table on the LPU.
Run the display fib [ slot-id ] [ verbose ] command to check information about the FIB
table.
Run the display fib acl acl-number [ verbose ] command to check information about the
FIB entries that match ACL rules in a certain format.
Run the display fib ip-prefix prefix-name [ verbose ] command to check information about
the FIB entries that match a specified IP prefix list.
Run the display fib next-hop ip-address command to check information about the FIB
entries that match the specified next hop address.
Run the display fib [ slot-id ] statistics command to check the total number of FIB entries.
----End
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
Issue 01 (2011-07-15)
41
3 IP Performance Configuration
When an IP, TCP, UDP, RAWIP, or RAWLINK fault occurs, run the following debugging
commands in the user view to locate the fault.
For details on debugging commands, see the Quidway S2700 Series Ethernet Switches
Debugging Reference.
Procedure
l
Run the debugging ip packet [ error ] [ acl acl-number ] [ verbose ] command in the user
view to debug IP packets.
Run the debugging ip icmp [ verbose ] command in the user view to debug ICMP packets.
Run the debugging udp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging udp packet [ task-id task-id ] [ socket-id
socket-id ] command in the user view to debug UDP packets.
Run the debugging tcp packet [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] [ flag flag-number ] or debugging tcp packet [ task-id
task-id ] [ socket-id socket-id ] [ flag flag-number ] command in the user view to debug
UDP packets.
Run the debugging tcp event [ local-ip local-address ] [ local-port local-port ] [ remoteip remote-address ] [ remote-port remote-port ] or debugging tcp event [ task-id taskid ] [ socket-id socket-id ] command in the user view to debug TCP events.
Run the debugging tcp md5 [ src-ip src-address ] [ src-port src-port ] [ dest-ip destaddress ] [ dest-port dest-port ] or debugging tcp md5 [ task-id task-id ] [ socket-id
socket-id ] command in the user view to debug TCP Message Digest Algorithm 5 (MD5)
authentication.
----End
Networking Requirements
As shown in Figure 3-1, to limit the sending of ICMP redirection packets, Switch A, Switch B,
and Switch C are required and these devices are connected through their Ethernet interfaces.
Issue 01 (2011-07-15)
42
3 IP Performance Configuration
Figure 3-1 Networking diagram for disabling the sending of ICMP host unreachable packets
Ethernet0/0/2
VLANIF11
2.2.2.2/24
Ethernet0/0/2
VLANIF11
2.2.2.1/24
SwitchB
Ethernet0/0/1
SwitchC
Ethernet0/0/1
VLANIF10
1.1.1.2/24
VLANIF10
1.1.1.1/24
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Enable the sending of ICMP host unreachable packets in the interface view.
NOTE
By default, the sending of ICMP host unreachable packets is enabled on the interface view. If the
configuration is not changed, you can skip this configuration.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure Switch A.
# Assign an IP address to VLANIF 10.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-Vlan10] quit
[SwitchA] interface ethernet0/0/1
[SwitchA-Ethernet0/0/1] port hybrid tagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
43
3 IP Performance Configuration
# Run the ping 2.2.2.3 command on Switch A. According to the received packet captured by
the tester on Switch A, Switch B sends host unreachable packets.
[SwitchA] ping 2.2.2.3
----End
Configuration Files
l
Issue 01 (2011-07-15)
44
3 IP Performance Configuration
#
interface Ethernet0/0/1
port hybrid tagged vlan 10
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return
Issue 01 (2011-07-15)
45
4 DNS Configuration
DNS Configuration
Issue 01 (2011-07-15)
46
4 DNS Configuration
Applicable Environment
If local users accessing devices need to communicate with other devices by using domain names,
you can configure DNS on the device. An DNS entry is an mapping between a domain name
and an IP address.
If local users communicate with other devices hardly through the domain name or if the DNS
server is unavailable, configure static DNS. Prior to configuring static DNS, you must know the
mapping between the domain name and the IP address. In case of a change in the mapping, you
must modify the DNS entry manually.
You can configure dynamic DNS on the device if local users frequently use domain names for
communicating with other devices and the DNS server is available.
Pre-configuration Tasks
Before configuring DNS, complete the following tasks:
Issue 01 (2011-07-15)
47
4 DNS Configuration
Configuring physical attributes of the interface and ensuring that the physical layer status
of the interface is Up
Configuring parameters of the link layer protocol of the interface and ensuring that the link
layer protocol status of the interface is Up
Configuring routes between the local device and the DNS server
Data Preparation
To configure DNS, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
48
4 DNS Configuration
Procedure
Step 1 Run:
system-view
Follow-up Procedure
The system supports the configuration of a maximum of 6 domain name servers, 1 source
address, and 10 domain name suffixes.
To configure more than one domain name server, repeat Step 3.
To configure more than one domain name suffix, repeat Step 5.
Prerequisite
The configurations of the DNS function are complete.
Procedure
l
Run the display ip host command to check the information about the static DNS entry
table.
Run the display dns server command to check the configurations about DNS servers.
Run the display dns domain command to check the configurations about domain name
suffixes.
Issue 01 (2011-07-15)
49
4 DNS Configuration
Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.
----End
Example
Run the display ip host command. If static DNS entries including the mappings between host
names and IP addresses, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ip host
Host
Age
Flags
hw
0
static
gww
0
static
Address
10.1.1.1
192.168.1.1
Run the display dns server command. If IP addresses of all domain servers are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
172.16.1.1
2
172.16.1.2
IPv6 Dns Servers :
No configured servers.
Run the display dns domain command. If the list of suffixes of domain names is displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns domain
No
Domain-name
1
com
2
net
Run the display dns dynamic-host command. If information about the dynamic domain name
cache is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns dynamic-host
No Domain-name
IpAddress
1
www.huawei.com
91.1.1.1
2
www.huawei.com.cn
87.1.1.1
TTL
3521
3000
Alias
Context
CAUTION
DNS entries cannot be restored after being cleared. So, confirm the action before you use this
command.
Issue 01 (2011-07-15)
50
4 DNS Configuration
Procedure
Step 1 Run the reset dns dynamic-host command in the user view to clear dynamic DNS entries
statistics in the domain name cache.
----End
Context
In routine maintenance, you can run the following command in any view to check the operation
of DNS.
Procedure
l
Run the display ip host command to check the information about the static DNS entry
table.
Run the display dns server command to check configurations about DNS servers.
Run the display dns domain command to check configurations about domain name
suffixes.
Run the display dns dynamic-host command to check the information about dynamic DNS
entries in the domain name cache.
----End
Context
CAUTION
Debugging affects the performance of the system. So after debugging, run the undo debugging
all command to disable it immediately.
Run the following debugging command in the user view to debug DNS and locate the fault.
For more information, refer to the chapter "Information Center Configuration" in the Quidway
S2700 Series Ethernet Switches Configuration Guide - System Management. For descriptions
about the debugging commands, refer to the Quidway S2700 Series Ethernet Switches
Debugging Reference.
Procedure
Step 1 Run the debugging dns command in the user view to debug dynamic DNS.
----End
Issue 01 (2011-07-15)
51
4 DNS Configuration
Networking Requirements
As shown in Figure 4-1, Switch A acts as a DNS client, being required to access the host
2.1.1.3/16 by using the domain name huawei.com. You need to configure domain name suffixes
"com" and "net".
On Switch A, configure static DNS entries of Switch B and Switch C so that Switch A can
communicate with them by using domain names.
Figure 4-1 Networking diagram of DNS
Loopback0
4.1.1.1/32
Ethernet0/0/1
VLANIF 100 SwitchB
1.1.1.2/16
Loopback0
4.1.1.2/32
SwitchC
Ethernet0/0/1
VLANIF 100
2.1.1.1/16
Ethernet0/0/2
VLANIF 101
3.1.1.1/16
Ethernet0/0/1
VLANIF 100 DNS Server
2.1.1.2/16
3.1.1.2/16
huawei.com
2.1.1.3/16
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-07-15)
52
4 DNS Configuration
Procedure
Step 1 Configure Switch A.
# Configure static DNS entries.
<SwitchA> system-view
[SwitchA] ip host SwitchB 4.1.1.1
[SwitchA] ip host SwitchC 4.1.1.2
To complete DNS resolution, configuring routes from Switch A to the DNS server is mandatory. For
procedures for configuring routes, refer to the Quidway S2700 Series Ethernet Switches Configuration
Guide - IP Routing.
# Run the display ip host command on Switch A to view static DNS entries, including mappings
between host names and IP addresses.
<SwitchA> display ip host
Host
Age
SwitchB
0
SwitchC
0
Flags Address
static 4.1.1.1
static 4.1.1.2
# Run the display dns dynamic-host command on Switch A to view dynamic DNS entries in
the domain name cache.
Issue 01 (2011-07-15)
53
4 DNS Configuration
TTL
3579
Alias
NOTE
TTL value in the above display indicates the lifetime of an entry. It is in seconds.
----End
Configuration Files
l
Issue 01 (2011-07-15)
54
4 DNS Configuration
Issue 01 (2011-07-15)
55
Issue 01 (2011-07-15)
56
Basic Concepts
Internet Protocol Version 6 (IPv6), also called IP Next Generation (IPng), is the standard network
protocol of 2nd generation. It is designed by Internet Engineering Task Force as an upgraded
version of IPv4. The major feature of IPv6 is the larger address space: addresses in IPv6 are 128
bits long versus 32 bits in IPv4.
X:X:X:X:X:X:X:X
In this format, a 128-bit IP address is divided into eight groups. The 16 bits of each group
are represented by four hexadecimal characters, that is, 0 to 9, and A to F. The groups are
separated by ":". Every "X" represents four hexadecimal characters.
X:X:X:X:X:X:d.d.d.d
Addresses in this format are classified into two types:
IPv4-compatible IPv6 addresses
IPv4-mapped IPv6 addresses
IPv4-compatible IPv6 addresses are used to configure the IPv6 over IPv4 tunnel.
Each "X" stands for 16 bits that are represented by four hexadecimal characters. Each "d"
stands for 8 bits that are represented by decimal numbers. "d.d.d.d" is a standard IPv4
address.
Interface identifier: 128-n bits, equivalent to the host ID in the IPv4 address.
57
address for an interface. The link-local address manually set must be a valid link-local address
(FE80::/10).
Automatically generated link-local addresses are recommended because link-local addresses are
used only for communications between link-local nodes usually to satisfy the communication
request of protocols and irrelevant to communications between users.
A global unicast address is equal to an IP address on the IPv4 public network, which is used to
forward data on the public network and mandatory for communications between users.
An EUI-64 address is equivalent to a global unicast address in view of functions. For an EUI-64
address, however, only the network bits need to be specified. Its host bits are transformed from
the MAC address of the interface. For a global unicast address, complete 128 bits of the address
have to be specified.
IPv6 FIB
Connecting network topologies of different types needs the configuration of different routing
protocols. This brings about Routing Information Base (RIB). The RIB is a base of the FIB.
Guided by route management policies, the S2700 obtains minimum necessary forwarding
information from the RIB and adds the information to the FIB. Through the route management
module, you can also add static routes into the FIB.
Forwarding Information Base (FIB) contains minimum necessary information needed by an
S2700 to forward packets. An FIB entry usually contains the destination address, prefix length,
transport port, next-hop address, route flag, time stamp. An S2700 forwards packets according
to FIB entries.
The FIB mechanism consists of two parts: FIB agent (used on the control plane) and FIB
container (used on the forwarding plane). The control plane (FibAgent) is responsible for
interacting with the RM module and downloading the FIB to the forwarding engine. For a
distributed system, the FIB needs to be downloaded to the I/O board.
A FIB contains the following information:
l
Prefix length: indicates the length of the destination address prefix. From the prefix length,
you can infer that the destination address is a network address or a host address.
Nexthop: indicates the address of the next hop through which the packet reaches the
destination.
Issue 01 (2011-07-15)
58
Applicable Environment
When a device communicates with an IPv6 device, you need to configure IPv6 address for the
interface.
An EUI-64 address has the same function as an global unicast address. The difference is that
only the network bits need to be specified for the EUI-64 address and the host bits are transformed
from the MAC addresses of the interface while a complete 128-bit address need to be specified
for the global unicast address. Note that the prefix length of the network bits in an EUI-64 address
must not be longer than 64 bits.
The EUI-64 address and the global unicast address can be configured simultaneously or
alternatively. However, the IP addresses configured for one interface cannot be in the same
network segment.
Pre-configuration Tasks
Before configuring IPv6 addresses, complete the following tasks:
l
Configuring the physical features of the interface and ensuring that the status of the physical
layer of the interface is Up
Configuring the link layer parameters for the interface and ensuring that the status of the
link layer protocol on the interface is Up
Data Preparation
To configure IPv6 addresses for an interface, you need the following data.
Issue 01 (2011-07-15)
No.
Data
59
Context
To enable a device to forward IPv6 packets, you must enable the IPv6 capability in both the
system view and the interface view. This is because:
l
If you run the ipv6 command only in the system view, only the IPv6 packet forwarding
capability is enabled on a device. The IPv6 function, however, is not enabled on the interface
and hence you cannot perform any IPv6 configurations.
If you run the ipv6 enable command only in the interface view, the IPv6 capability is
enabled only on an interface but the IPv6 protocol status on the interface is Down.
Therefore, the device cannot forward IPv6 data.
Procedure
Step 1 Run:
system-view
The view of the VLANIF interface to be enabled with the IPv6 capability is displayed.
Step 4 Run:
ipv6 enable
60
address of a link is valid only for the link. A packet with a link-local address as the source or
destination address is forwarded only along the local link.
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
61
Procedure
l
Run the display ipv6 statistics command to view statistics on IPv6 packets.
----End
Applicable Environment
Most of the ND configurations are implemented based on the interfaces.
Pre-configuration Tasks
Before configuring IPv6 neighbor discovery, complete the following tasks:
l
Configuring the physical features for the interface and ensuring that the status of the
physical layer of the interface is Up
Data Preparation
To configure IPv6 neighbor discovery, you need the following data.
Issue 01 (2011-07-15)
62
No.
Data
Hop limit of ND
Interface MTU
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
63
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
64
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
65
Context
Duplicate Address Detect (DAD) is a process of IPv6 automatic address configuration. You can
configure the number of DAD messages which are sent continuously.
Set the interval of sending Neighbor Solicitation (NS) messages on the device. By default, NS
re-transmitting time interval is 1000ms.
Neighbor Unreachability Detection (NUD) checks the reachability of neighbors. By default,
NUD value is 30000ms.
The MTU of the interface determines whether to fragment IP packets on the interface. Default
MTUs vary with interface types. The MTU on an GigabitEthernet interface defaults to be 1500
bytes.
Procedure
Step 1 Run:
system-view
66
NOTE
l When the ipv6 nd ra command is run to set the interval for advertising RA messages, the interval must
be less than or equal to the life duration.
l By default, the maximum interval is 600 seconds, and the minimum interval is 200 seconds.
l By default, the life duration of RA messages is 1800 seconds. If the prefix is configured, the duration
is still 1800 seconds.
Step 6 Run:
ipv6 nd dad attempts value
Follow-up Procedure
If the IPv6 MTU value is changed, run the shutdown command and the undo shudown
command orderly in the interface view to validate the configuration.
Prerequisite
The configurations of the IPv6 neighbor discovery function are complete.
Procedure
l
----End
Example
Run the display ipv6 neighbors command. If the cache of the neighbor information contains
neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds.
<Quidway> display ipv6 neighbors VLANIF10
Issue 01 (2011-07-15)
67
Run the display ipv6 interface brief command. If information about the IPv6 address on the
interface and interface status are displayed, it means that the configuration succeeds.
<Quidway> display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface
Physical
VLANIF20
up
up
[IPv6 Address] 2030::101:101
VLANIF30
up
up
[IPv6 Address] 2001::1
LoopBack0
up
[IPv6 Address] Unassigned
Protocol
up(s)
CAUTION
Statistics cannot be restored after being cleared. So, confirm the action before you run the
command.
Procedure
l
To clear statistics about processing IPv6 packets, run the reset ipv6 statistics command in
the user view.
To clear the IPv6 neighbor cache entry, run the reset ipv6 neighbors { all | dynamic |
static | vid vlan-id [ interface-type interface-number] | interface-type interface-number }
command in the user view.
To clear statistics about TCP6, run the reset tcp ipv6 statistics command in the user view.
To clear statistics about UDP6, run the reset udp ipv6 statistics command in the user view.
----End
Issue 01 (2011-07-15)
68
Procedure
l
Run the display ipv6 interface [ interface-type interface-number | brief ] command in any
view to view information about IPv6 on an interface.
Run the display ipv6 statistics command in any view to view statistics on IPv6 packets.
Run the display tcp ipv6 statistics command in any view to view statistics on TCP6
packets.
Run the display tcp ipv6 status command in any view to view the status of a TCP6
connection.
Run the display udp ipv6 statistics command in any view to view statistics on UDP6
packets.
Run the display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] command in any
view to view information about the specified socket.
Run the display ipv6 fib [ existing-slot-id ] command in any view to view information
about FIB.
----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, execute the undo
debugging all command to disable it immediately.
Run the following debugging commands in the user view to debug IPv6 and locate the fault.
For the procedures of displaying the debugging information, refer to the chapter "Information
Center Configuration" in the S2700 Ethernet Switches Configuration Guide - System
Management. For descriptions about the debugging commands, refer to the S2700 Ethernet
Switches Debugging Reference.
Procedure
l
Issue 01 (2011-07-15)
Run the debugging ipv6 icmpv6 command in the user view to debug ICMPv6.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
69
Run the debugging ipv6 nd command in the user view to debug IPv6 neighbors status and
ND messages.
Run the debugging ipv6 packet [ error ] [ acl acl-number ] command in the user view to
debug IPv6 packet.
Run the debugging ipv6 pathmtu command in the user view to debug PMTU.
Run the debugging tcp ipv6 { event | packet } [ task-id task id | socket-id socket id ]
command in the user view to debug TCP6.
Run the debugging udp ipv6 packet [ task-id task id | socket-id socket id ] command in
the user view to debug UDP6.
----End
Networking Requirements
As shown in Figure 5-1, two Switches are connected through Eth 0/0/1. The Eth 0/0/1 interfaces
of Switch A and Switch B correspond to their VLANIF 100 interfaces. You need to set IPv6
global unicast addresses for the VLANIF 100 interfaces and check the Layer 3 interconnection
between them.
The IPv6 global unicast addresses for the interfaces are 3001::1/64 and 3001::2/64.
Figure 5-1 Networking diagram for setting IPv6 addresses
SwitchA
SwitchB
Ethernet 0/0/1
VLANIF 100
3001::1/64
Ethernet 0/0/1
VLANIF 100
3001::2/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data.
Issue 01 (2011-07-15)
70
Procedure
Step 1 Enable the IPv6 forwarding capability on the Switch.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6
# Configure Switch B.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6
Step 2 Configure the IPv6 global unicast address for the interfaces.
# Configure Switch A.
[SwitchA] vlan 100
[SwitchA-Vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ipv6 enable
[SwitchA-Vlanif100] ipv6 address 3001::1/64
[SwitchA-Vlanif100] quit
# Configure Switch B.
[SwitchB] vlan 100
[SwitchB-Vlan100] quit
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchB-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ipv6 enable
[SwitchB-Vlanif100] ipv6 address 3001::2/64
[SwitchB-Vlanif100] quit
Issue 01 (2011-07-15)
71
# On Switch A, ping the link-local address of Switch B. Note that you need to use the parameter
-i to specify the interface of the link-local address.
[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100
PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=1 hop limit=64 time = 7 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- FE80::2E0:FCFF:FE33:11 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/7 ms
----End
Issue 01 (2011-07-15)
72
Configuration Files
l
Issue 01 (2011-07-15)
73
Issue 01 (2011-07-15)
74
Applicable Environment
DNS needs to be configured if the local users log on to a device using domain names to
communicate with other devices. The IPv6 DNS entries show the mapping between domain
names and IPv6 addresses.
If users seldom use the domain name to access other devices, or if the DNS server is unavailable,
a static DNS needs to be configured. To configure a static IPv6 DNS, the network administrator
needs to know the relation between domain names and IPv6 addresses, and manually modify
the IPv6 DNS entry when the relation changes.
If the users need to use the domain name to access many devices, and the DNS server is available,
a dynamic DNS can be configured. The dynamic DNS needs to be supported by a DNS server.
Pre-configuration Tasks
Before configuring IPv6 DNS, configure the route between a local device and a DNS server.
Data Preparation
To configure IPv6 DNS, you need the following data.
Issue 01 (2011-07-15)
75
No.
Data
Domain name of the static IPv6 DNS entry and the corresponding IPv6 address
Domain name of the dynamic IPv6 DNS or the domain name list
Procedure
Step 1 Run:
system-view
The host name and the corresponding IPv6 address are configured.
If the same host is configured with IPv6 addresses for several times (the maximum times is 8
IPv6 addresses), the IPv6 address configured earliest is used when needing to find the host with
the IPv6 address, such as ping this host.
----End
Context
If the IPv6 DNS server is configured with a link-local address, the interface name should also
be configured with the IPv6 address.
Figure 6-1 DNS server connecting IPv4 and IPv6 networks
DNS server
IPv4 link
Issue 01 (2011-07-15)
76
CAUTION
If multiple DNS servers are configured, the servers are queried in the order of configuration till
proper response is received. If both IPv4 and IPv6 servers are configured, the A query is first
sent to the IPv4 server, while AAAA query packets are first sent to the IPv6 server.
The DNS domains are configured on a device and the domain names can be searched. If the
DNS fails in searching for a host name, it appends a domain name to the host name following a
"." and continues the DNS search. You can configure some commonly used domain names like
"com", and "net". For example, if the search for the host name "huawei" fails, the system then
searches for "huawei.com" or "huawei.net".
Do as follows on the switch:
Procedure
Step 1 Run:
system-view
Prerequisite
The configurations of the IPv6 DNS function are complete.
Issue 01 (2011-07-15)
77
Procedure
l
Run the display ipv6 host command to check the static IPv6 DNS table.
Run the display dns server command to check the configuration of the DNS server.
Run the display dns domain command to check the configuration of the suffix list of the
domain name.
Run the display dns ipv6 dynamic-host command to check the cache of the dynamic
domain name.
----End
Example
Run the display ipv6 host command. If the static IPv6 DNS entries, including the host name
and the IPv6 address, are displayed, it means that the configuration succeeds. For example:
<Quidway> display ipv6 host
Host
Age
RTB
0
RTA
0
Flags
static
static
IPv6Address (es)
20::1
20::2
Run the display dns server command. If the IPv6 addresses of all DNS servers are displayed,
it means that the configuration succeeds. For example:
<Quidway> display dns server
IPv4 Dns Servers :
Domain-server
IpAddress
1
169.254.65.125
IPv6 Dns Servers:
Domain-server Ipv6Address
1
3001::2
2
FE80::2
(Interface Name)
GigabitEthernet6/0/0
Run the display dns domain command. If the suffixes of the domain names are displayed, it
means that the configuration succeeds. For example:
<Quidway> display dns domain
No
Domain-name
1
com
2
net
Run the display dns ipv6 dynamic-host command. If information about the cache of the
dynamic domain name is displayed, it means that the configuration succeeds. For example:
<Quidway> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
TTL
1
huawei6
3001::2
6
78
Context
CAUTION
IPv6 DNS entries cannot be restored after being cleared. So, confirm the action before you use
this command.
Procedure
Step 1 Run the reset dns ipv6 dynamic-host command in the user view to clear dynamic IPv6 DNS
entries statistics in the domain name cache.
----End
Context
In routine maintenance, you can run the following commands in any view to check the operation
of IPv6 DNS.
Procedure
l
Run:
display dns domain
Run:
display dns server
Run:
display dns ipv6 dynamic-host
Contents about the cache of the IPv6 dynamic domain names are checked.
l
Run:
display ipv6 host
79
Networking Requirements
As shown in Figure 6-2, Switch A, functioning as the IPv6 DNS client and working jointly
whose IPv6 DNS server, can access the host with the IP address as 2002::1/64 based on the
domain name huawei.com.
On Switch A, the static IPv6 DNS entries of Switch B and Switch C are configured. This ensures
that Switch A can manage both the routers based on the domain names Switch B and Switch C.
Figure 6-2 Networking diagram of IPv6 DNS configurations
Loopback0
4.1.1.1/32
Ethernet0/0/1
VLANIF100 SwitchB
2001::1/64
DNS client
SwitchA
Ethernet0/0/1
VLANIF101
2001::2/64
Loopback0
4.1.1.2/32
SwitchC
Ethernet0/0/2
VLANIF100
2002::2/64
Ethernet0/0/1
VLANIF101
2003::1/64
Ethernet0/0/2
VLANIF100 DNS server
2002::3/64
2003::2/64
huawei.com
2002::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Configure Switch A.
# Configure static IPv6 DNS entries.
<SwitchA> system-view
Issue 01 (2011-07-15)
80
To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server.
For details of how to configure the route, see Configuration example of IP static route in the Quidway
S2700 Series Ethernet Switches Configuration Guide - IP Routing.
break
time=6
time=4
time=4
time=4
time=4
ms
ms
ms
ms
ms
# Run the display ipv6 host command on SwitchA. You can view the mapping relationships
between the host names in static IPv6 DNS entries and the IPv6 addresses.
<SwitchA> display ipv6 host
Host
Age
SwitchB
0
SwitchC
0
Flags
static
static
IPv6Address (es)
2001::2
2002::3
Run the display dns ipv6 dynamic-host command on SwitchA. You can view information about
dynamic IPv6 DNS entries in the dynamic cache.
<SwitchA> display dns ipv6 dynamic-host
No Domain-name
Ipv6address
1
huawei.com
2002::1
TTL
3579
NOTE
TTL in the command output indicates the life time of the entry, in seconds.
----End
Issue 01 (2011-07-15)
81
Configuration Files
l
#
sysname SwitchA
#
vlan batch 100
#
ipv6
#
ipv6 host SwitchB 2001::2
ipv6 host SwitchC 2002::3
#
dns resolve
dns server ipv6 2003::2
dns domain net
dns domain com
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface vlanif100
ipv6 enable
ipv6 address 2001::1/64
#
return
Issue 01 (2011-07-15)
82
#
interface vlanif100
ipv6 enable
ipv6 address 2002::3/64
#
interface vlanif101
ipv6 enable
ipv6 address 2003::1/64
#
return
Issue 01 (2011-07-15)
83