Page 1
HP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine Layer 3 Configuration Guide Part number: 5998-3931 Software version: 3308P26 Document version: 6W101-20130628...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Contents Configuring ARP ··························································································································································· 1 Overview ············································································································································································ 1 ARP message format ················································································································································ 1 ARP operation ··························································································································································· 1 ARP table ··································································································································································· 2 Configuring a static ARP entry ········································································································································· 3 Configuring the maximum number of dynamic ARP entries for an interface ······························································ 4 ...
Page 4
Configuring DNS servers for the client ··············································································································· 25 Configuring WINS servers and NetBIOS node type for the client ·································································· 26 Configuring BIMS server information for the client ···························································································· 26 Configuring gateways for the client ···················································································································· 27 Configuring Option 184 parameters for the client with voice service ····························································...
Page 5
Solution ··································································································································································· 49 Configuring DHCP client ··········································································································································· 50 Introduction to DHCP client ··········································································································································· 50 Enabling the DHCP client on an interface ··················································································································· 50 Displaying and maintaining the DHCP client ·············································································································· 50 DHCP client configuration example ····························································································································· 51 ...
Page 6
Configuring IPv6 DNS ··············································································································································· 76 Configuring the IPv6 DNS client ·································································································································· 76 Configuring static domain name resolution ········································································································ 76 Configuring dynamic domain name resolution ·································································································· 76 Displaying and maintaining IPv6 DNS ························································································································ 77 IPv6 DNS configuration examples ······························································································································· 77 ...
Page 7
Configuring ND snooping ·································································································································· 109 Configuring path MTU discovery ······························································································································· 110 Configuring a static path MTU for a specific IPv6 address ············································································ 110 Configuring the aging time for dynamic path MTUs ······················································································· 110 Configuring IPv6 TCP properties ································································································································ 111 ...
Page 8
Configure RIPng basic functions ························································································································ 158 Configuring RIPng route redistribution ·············································································································· 160 Support and other resources ·································································································································· 164 Contacting HP ······························································································································································ 164 Subscription service ············································································································································ 164 Related information ······················································································································································ 164 Documents ···························································································································································· 164...
Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into physical addresses such as MAC addresses. On an Ethernet LAN, a device uses ARP to get the MAC address of the target device for a packet. ARP message format ARP uses two types of messages, ARP request and ARP reply.
If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request comprises the following information: Sender IP address and sender MAC address—Host A's IP address and MAC address Target IP address—Host B's IP address Target MAC address—An all-zero MAC address All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)
Static ARP entry A static ARP entry is manually configured and maintained. It does not age out, and cannot be overwritten by a dynamic ARP entry. Static ARP entries protect communication between devices, because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry. Static ARP entries can be classified into long and short ARP entries.
Configuring the maximum number of dynamic ARP entries for an interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. By default, a Layer 2 interface does not limit the number of dynamic ARP Set the maximum number of dynamic entries.
Configuring gratuitous ARP Overview In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device. A device sends a gratuitous ARP packet for either of the following purposes: • Determine whether its IP address is already used by another device.
You can enable periodic sending of gratuitous ARP packets on a maximum of 1024 interfaces. • • Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled interface goes up and an IP address has been assigned to the interface. If you change the interval for sending gratuitous ARP packets, the configuration is effective at the •...
Configuring IP addressing This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) is beyond the scope of this chapter. Overview This section describes the IP addressing basics. IP addressing uses a 32-bit address to identify each host on a network. To make addresses easier to read, they are written in dotted decimal notation, each address being four octets in length.
Class Address range Remarks 224.0.0.0 to Multicast addresses. 239.255.255.255 240.0.0.0 to Reserved for future use except for the broadcast address 255.255.255.255 255.255.255.255. Special IP addresses The following IP addresses are for special use and cannot be used as host IP addresses. IP address with an all-zero net ID—Identifies a host on the local network.
Assigning an IP address to an interface You can assign an interface one primary address and multiple secondary addresses. Generally, you only need to assign the primary address to an interface. In some cases, you must assign secondary IP addresses to the interface. For example, if the interface connects to two subnets, to enable the device to communicate with all hosts on the LAN, assign a primary IP address and a secondary IP address to the interface.
DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. As shown in Figure 1, DHCP client can obtain an IP address and other configuration parameters from a DHCP server on another subnet through a DHCP relay agent. For more information about the DHCP relay agent, see "Configuring the DHCP relay agent."...
Figure 7 Dynamic IP address allocation process The dynamic IP address allocation process uses the following steps: The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message.
DHCP message format Figure 8 shows the DHCP message format, which is based on the BOOTP message format although DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes. Figure 8 DHCP message format op—Message type defined in option field.
DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the Option field to carry information for dynamic address allocation and to provide additional configuration information to clients. Figure 9 DHCP option format Common DHCP options The following are common DHCP options: Option 3—Router option.
Page 25
Auto-Configuration Server (ACS) parameters, including the ACS URL, username, and password. • • Service provider identifier, which is acquired by the Customer Premises Equipment (CPE) from the DHCP server and sent to the ACS for selecting vender-specific configurations and parameters. Preboot Execution Environment (PXE) server address, which is used to obtain the bootfile or other •...
Page 26
Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.
Page 27
Figure 15 Sub-option 1 in verbose padding format Sub-option 2—Contains the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client's request. It has the same format as that in normal padding format. See Figure •...
Figure 19 Sub-option 1 in standard padding format Sub-option 2—Contains the MAC address of the DHCP snooping device that received the client's request. The value of the sub-option type is 2, and that of the remote ID type is 0. It has the same format as sub-option 2 in normal padding format.
Configuring the DHCP server The DHCP server configuration is supported only on VLAN interfaces and loopback interfaces. The subaddress pool configuration is not supported on loopback interfaces. Overview The DHCP server is well suited to networks where: Manual configuration and centralized management are difficult to implement. •...
If the receiving interface has an extended address pool referenced, the DHCP server assigns an IP address from this address pool. If no IP address is available in the address pool, the DHCP server fails to assign an address to the client. For the configuration of such an address pool, see "Configuring dynamic address allocation for an extended address pool."...
Task Remarks Configuring the DHCP server security functions Optional. Enabling handling of Option 82 Optional. Specifying the threshold for sending trap messages Optional. Configuring an address pool on the DHCP server Configuration task list Task Remarks Creating a DHCP address pool Required.
Configuring address allocation mode for a common address pool CAUTION: You can configure either a static binding or dynamic address allocation for a common address pool, but not both. You need to specify a subnet for dynamic address allocation. A static binding is a special address pool containing only one IP address.
Step Command Remarks Optional. Specify the lease duration for the expired { day day [ hour hour By default, the lease duration IP address. [ minute minute ] ] | unlimited } of the IP address is unlimited. Configuring dynamic address allocation For dynamic address allocation, you must configure a DHCP address pool, specify one and only one address range for the pool, and specify the lease duration.
After the assignable IP address range and the mask are specified, the address pool becomes valid. To configure dynamic address allocation for an extended address pool: Step Command Remarks Enter system view. system-view Enter extended address pool dhcp server ip-pool pool-name view.
Step Command Remarks Enter DHCP address pool dhcp server ip-pool pool-name view. [ extended ] No DNS server is specified by Specify DNS servers. dns-list ip-address&<1-8> default. Configuring WINS servers and NetBIOS node type for the client A Microsoft DHCP client using NetBIOS protocol must contact a Windows Internet Naming Service (WINS) server for name resolution.
Step Command Remarks Enter DHCP address pool dhcp server ip-pool pool-name view. [ extended ] Specify the BIMS server IP bims-server ip ip-address [ port No BIMS server information is address, port number, and port-number ] sharekey key specified by default. shared key.
Configuring the TFTP server and bootfile name for the client For the DHCP server to support client auto-configuration, specify the IP address or name of a TFTP server and the bootfile name in the DHCP address pool. You do not need to perform any configuration on the DHCP client.
Step Command Remarks Enter system view. system-view Enter DHCP address pool dhcp server ip-pool pool-name view. [ extended ] option code { ascii ascii-string | Configure a self-defined No self-defined DHCP option is hex hex-string&<1-16> | DHCP option. configured by default. ip-address ip-address&<1-8>...
If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of • whether the subaddress keyword is used, selects an IP address from the address pool containing the primary IP address of the DHCP relay agent's interface (connected to the client) for a requesting client.
Step Command Remarks Optional. By default, the DHCP server has no Apply an extended address dhcp server apply ip-pool extended address pool applied on its pool on the interface. pool-name interface, and assigns an IP address from a common address pool to a requesting client.
Step Command Remarks Optional. Specify the maximum number of dhcp server ping packets The default setting is one. ping packets to be sent for number The value 0 disables IP address conflict conflict detection. detection. Optional. dhcp server ping timeout The default setting is 500 ms.
Configuration procedure A DHCP server sends trap messages to the network management server when one of the following items reaches the specified threshold: The ratio of successfully allocated IP addresses to received DHCP requests • • The average IP address use of the address pool The maximum IP address use of the address pool •...
Task Command Remarks Clear information about IP address Available in user reset dhcp server conflict { all | ip ip-address } conflicts. view. Clear information about dynamic reset dhcp server ip-in-use { all | ip Available in user bindings. ip-address | pool [ pool-name ] } view.
10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, HP recommends that the number of DHCP clients that apply for IP addresses through VLAN-interface 1 should be no more than 122, and that through VLAN-interface 2 should be no more...
Page 45
Figure 21 Network diagram Configuration procedure Specify IP addresses for VLAN interfaces. (Details not shown.) Configure the DHCP server: # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 1 and VLAN-interface 2. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] dhcp select server global-pool [SwitchA-Vlan-interface1] quit [SwitchA] interface vlan-interface 2...
[SwitchA] dhcp server ip-pool 2 [SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [SwitchA-dhcp-pool-2] expired day 5 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 Verifying the configuration After the preceding configuration is complete, clients on networks 10.1.1.0/25 and 10.1.1.128/25 can obtain correct IP addresses and other network parameters from Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients.
Verifying the configuration After the preceding configuration is complete, Switch B can obtain its IP address on 10.1.1.0/24 and the PXE server addresses from the Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients. Troubleshooting DHCP server configuration Symptom A client's IP address obtained from the DHCP server conflicts with another IP address.
Configuring the DHCP relay agent The DHCP relay agent configuration is supported only on VLAN interfaces. Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet, centralizes management, and reduces investment.
After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode. Based on the giaddr field, the DHCP server returns an IP address and other configuration parameters in a response to the relay agent, and the relay agent conveys it to the client.
You can specify up to 20 DHCP server groups on the relay agent. • • You can specify up to eight DHCP server addresses for each DHCP server group. The IP addresses of DHCP servers and those of relay agent's interfaces that connect DHCP clients •...
The dhcp relay address-check enable command only checks IP and MAC addresses but not • interfaces. When using the dhcp relay security static command to bind an interface to a static binding entry, • make sure the interface is configured as a DHCP relay agent. Otherwise, address entry conflicts may occur.
With unauthorized DHCP servers detection enabled, the DHCP relay agent checks whether a request contains Option 54 (Server Identifier Option). If yes, the DHCP relay agent records in the option the IP address of the DHCP server that assigned an IP address to a requesting DHCP client, and records the receiving interface.
Enabling client offline detection With this feature enabled, the DHCP relay agent considers that a DHCP client goes offline when the ARP entry for the client ages out. In addition, it removes the client entry and sends a DHCP-RELEASE message to the DHCP server to release the IP address of the client.
Page 55
To support Option 82, you must perform related configurations on both the DHCP server and relay agent. For more information about DHCP server configuration, see "Configuring the DHCP server." If the handling strategy of the DHCP relay agent is configured as replace, you must configure a padding format for Option 82.
Displaying and maintaining the DHCP relay agent Task Command Remarks Display information about DHCP server display dhcp relay { all | interface Available in any groups correlated to a specific or all interface-type interface-number } [ | { begin view. interfaces.
# Add DHCP server 10.1.1.1 into DHCP server group 1. [SwitchA] dhcp relay server-group 1 ip 10.1.1.1 # Enable the DHCP relay agent on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] dhcp select relay # Correlate VLAN-interface 1 to DHCP server group 1. [SwitchA-Vlan-interface1] dhcp relay server-select 1 # Enable the DHCP relay agent to support Option 82, and perform Option 82-related configurations.
Configuring DHCP client The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be a Windows Server 2000 or Windows Server 2003. Introduction to DHCP client With DHCP client enabled, an interface uses DHCP to obtain configuration parameters such as an IP address from the DHCP server.
DHCP client configuration example Network requirements As shown in Figure 27, on a LAN, Switch B contacts the DHCP server via VLAN-interface 2 to obtain an IP address, DNS server address, and static route information. The DHCP client IP address resides on network 10.1.1.0/24.
Configuring DHCP snooping A DHCP snooping-enabled device must be either between the DHCP client and relay agent, or between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. Overview DHCP snooping defines trusted and untrusted ports to make sure that clients obtain IP addresses only from authorized DHCP servers.
DHCP snooping support for Option 82 Option 82 records the location information about the DHCP client so the administrator can locate the DHCP client for security control and accounting purposes. For more information, see "Configuring the DHCP relay agent." If DHCP snooping supports Option 82, it handles clients' requests according to Option 82, if any. Table describes the handling strategies.
If a DHCP request Handling Padding format The DHCP snooping device… has… strategy Forwards the message after adding the Option normal 82 padded in normal format. Forwards the message after adding Option 82 private padded in private format. Forwards the message after adding Option 82 no Option 82 standard padded in standard format.
Step Command Remarks interface interface-type The interface connects to the DHCP Enter Ethernet interface view. interface-number server. Optional. Specify the port as a trusted dhcp-snooping trust port that does not record the After DHCP snooping is enabled, a no-user-binding IP-to-MAC bindings of clients. port is an untrusted port by default.
Step Command Remarks • Configure the padding format Optional. for Option 82: By default: dhcp-snooping information • The padding format for Option format { normal | private 82 is normal. private | standard |verbose • The code type for the circuit ID [ node-identifier { mac | sub-option depends on the sysname | user-defined...
Step Command Remarks Optional. Back up DHCP snooping entries to dhcp-snooping binding DHCP snooping entries are stored to the file. database update now the file each time this command is used. Optional. dhcp-snooping binding Set the interval at which the DHCP database update interval By default, the file is not refreshed snooping entry file is refreshed.
To prevent such attacks, you can enable DHCP-REQUEST message check on DHCP snooping devices. This feature uses DHCP snooping entries to check incoming DHCP-REQUEST messages. If a matching entry is found for a message, the DHCP snooping device compares the entry with the •...
DHCP snooping configuration example Network requirements As shown in Figure 29, perform configurations on Switch B to achieve the following purposes: The port connected to the DHCP server can forward responses from the server, but the other ports • cannot forward responses from any DHCP server. •...
Configuring BOOTP client BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003. BOOTP application After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server.
Configuring an interface to dynamically obtain an IP address through BOOTP Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Configure an interface to By default, an interface does not dynamically obtain an IP address ip address bootp-alloc use BOOTP to obtain an IP through BOOTP.
Configuring IPv4 DNS Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into IP addresses. With DNS, you can use easy-to-remember domain names in some applications and let the DNS server translate them into correct IP addresses. DNS services can be static or dynamic.
The DNS client comprises the resolver and cache. The user program and DNS client can run on the same device or different devices, but the DNS server and the DNS client usually run on different devices. Dynamic domain name resolution allows the DNS client to store the latest mappings between domain names and IP addresses in the dynamic domain name cache.
Figure 31 DNS proxy networking application A DNS proxy operates as follows: A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy. The destination address of the request is the IP address of the DNS proxy. The DNS proxy searches the local static domain name resolution table and dynamic domain name resolution table after receiving the request.
The device serves as a DNS proxy and is specified as a DNS server on the hosts. After the dial-up • connection is established through the dial-up interface, the device dynamically obtains the DNS server address through DHCP or other autoconfiguration mechanisms. Without DNS spoofing enabled, the device forwards the DNS requests received from the hosts to the DNS server, if it cannot find a match in the local domain name resolution table.
Step Command Remarks Not configured by default. The IPv4 address you last assign to the host Configure a mapping name overwrites the previous one if there is between a host name ip host hostname ip-address any. and an IPv4 address. You may create up to 50 static mappings between domain names and IPv4 addresses.
Configuring the DNS proxy You can specify multiple DNS servers by using the dns server command repeatedly. Upon receiving a name query request from a client, the DNS proxy forwards the request to the DNS server that has the highest priority. If the DNS proxy does not receive a reply, it forwards the request to a DNS server that has the second highest priority.
Task Command Remarks Clear information about the reset dns host ip Available in user view. dynamic IPv4 domain name cache. IPv4 DNS configuration examples Static domain name resolution configuration example Network requirements As shown in Figure 33, the device wants to access the host by using an easy-to-remember domain name rather than an IP address.
Dynamic domain name resolution configuration example Network requirements As shown in Figure 34, the device wants to access the host by using an easy-to-remember domain name rather than an IP address, and to request the DNS server on the network for an IP address by using dynamic domain name resolution.
Page 81
Figure 35 Creating a zone On the DNS server configuration page, right-click zone com, and select New Host. Figure 36 Adding a host On the page that appears, enter host name host and IP address 3.1.1.1. Click Add Host. The mapping between the IP address and host name is created.
Page 82
Figure 37 Adding a mapping between domain name and IP address Configure the DNS client: # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Verifying the configuration # Use the ping host command on the device to verify that the communication between the device and the...
DNS proxy configuration example Network requirements When the IP address of the DNS server changes, you must configure the new IP address of the DNS server on each device on the LAN. To simplify network management, you can use the DNS proxy function.
# Specify the DNS server 2.1.1.2. [DeviceB] dns server 2.1.1.2 Verifying the configuration # Execute the ping host.com command on Device B to verify that the communication between the device and the host is normal and that the corresponding destination IP address is 3.1.1.1. [DeviceB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)
Configuring IPv6 DNS IPv6 Domain Name System (DNS) is responsible for translating domain names into IPv6 addresses. Like IPv4 DNS, IPv6 DNS includes static domain name resolution and dynamic domain name resolution. The functions and implementations of the two types of domain name resolution are the same as those of IPv4 DNS.
Step Command Remarks Enable dynamic domain dns resolve Disabled by default. name resolution. Not specified by default. dns server ipv6 ipv6-address If the IPv6 address of a DNS server is a Specify a DNS server. [ interface-type link-local address, you need to specify the interface-number ] interface-type and interface-number arguments.
Configuration procedure # Configure a mapping between host name host.com and IPv6 address 1::2. <Device> system-view [Device] ipv6 host host.com 1::2 # Enable IPv6 packet forwarding. [Device] ipv6 # Use the ping ipv6 host.com command to verify that the device can use static domain name resolution to resolve domain name host.com into IPv6 address 1::2.
Figure 40 Network diagram Configuration procedure Before performing the following configuration, make sure the device and the host are accessible to each other through available routes, and the IPv6 addresses of the interfaces are configured as shown Figure This configuration may vary with DNS servers. The following configuration is performed on a PC running Windows Server 2003.
Page 89
Figure 42 Creating a record On the page that appears, select IPv6 Host (AAAA) as the resource record type. Click Create Record.
Page 90
Figure 43 Selecting the resource record type On the page that appears, enter host name host and IPv6 address 1::1, and then click OK. The system creates mapping between the host name and the IPv6 address.
Figure 44 Adding a mapping between domain name and IPv6 address Configure the DNS client: # Enable dynamic domain name resolution. <Device> system-view [Device] dns resolve # Specify the DNS server 2::2. [Device] dns server ipv6 2::2 # Configure com as the DNS suffix. [Device] dns domain com Verifying the configuration # Use the ping ipv6 host command on the device to verify that the communication between the device...
Page 92
bytes=56 Sequence=2 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=3 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=4 hop limit=126 time = 1 ms Reply from 1::1 bytes=56 Sequence=5 hop limit=126 time = 1 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...
Optimizing IP performance This chapter describes multiple features for IP performance optimization. Enabling receiving and forwarding of directed broadcasts to a directly connected network A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all If a device is allowed to forward directed broadcasts to a directly-connected network, hackers can exploit this vulnerability to attack the target network.
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable the interface to forward ip forward-broadcast [ acl Disabled by default. directed broadcasts. acl-number ] Receiving and forwarding directed broadcasts configuration example) Network requirements As shown in Figure 45, the default gateway of the host is the IP address 1.1.1.2/24 of VLAN-interface 3 of Switch A.
After the configurations, if you ping the subnet broadcast address (2.2.2.255) of VLAN-interface 2 of Switch A on the host, the ping packets can be received by VLAN-interface 2 of Switch B. However, if you disable the ip forward-broadcast command, the ping packets cannot be received by the VLAN-interface 2 of Switch B.
Configuring ICMP to send error packet Sending error packets is a major function of ICMP. Error packets are usually sent by the network or transport layer protocols to notify the source device of network failures or errors. Advantages of sending ICMP error packets ICMP error packets include redirect, timeout, and destination unreachable packets.
Disadvantages of sending ICMP error packets Sending ICMP error packets facilitates network control and management, but it has the following disadvantages: Sending a lot of ICMP packets increases network traffic. • • A device's performance degrades if it receives a lot of malicious packets that cause it to respond with ICMP error packets.
Page 98
Task Command Remarks display ip socket [ socktype sock-type ] [ task-id socket-id ] [ slot slot-number ] [ | Display socket information. Available in any view. { begin | exclude | include } regular-expression ] display fib ip-address [ mask | mask-length ] Display FIN information matching [ | { begin | exclude | include } Available in any view.
Configuring UDP helper UDP helper can be configured only on VLAN interfaces. Overview UDP helper enables a device to convert received UDP broadcast packets into unicast packets and forward them to a specific server. UDP helper is suitable for the scenario where hosts cannot obtain configuration information or device names by broadcasting packets because the target server or host resides on another broadcast domain.
Step Command Remarks interface interface-type Enter interface view. interface-number No destination server is Specify a destination server. udp-helper server ip-address specified by default. Displaying and maintaining UDP helper Task Command Remarks display udp-helper server [ interface Display information about packets interface-type interface-number ] [ | { begin Available in any view.
Page 101
[SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.110.1.1 16 [SwitchA-Vlan-interface1] udp-helper server 10.2.1.1...
Configuring IPv6 basics Overview IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. The significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.
Stateful address autoconfiguration enables a host to acquire an IPv6 address and other • configuration information from a server (for example, a DHCP server). Stateless address autoconfiguration enables a host to generate an IPv6 address and other • configuration information automatically by using its link-layer address and the prefix information advertised by a router.
Page 104
An IPv6 address prefix is written in IPv6-address/prefix-length notation, where the IPv6-address is represented in any of the formats previously mentioned and the prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address comprises the address prefix. IPv6 address types IPv6 addresses fall into the following types: Unicast address—Identifier for a single interface, similar to an IPv4 unicast address.
Page 105
An unspecified address is 0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before • acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets. The unspecified address cannot be used as a destination IPv6 address. Multicast addresses IPv6 multicast addresses listed in Table 6...
The lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros. For more information about tunnels, see "Configuring tunneling."...
Page 107
Figure 49 Address resolution The address resolution operates as follows: Host A multicasts an NS message. The source address of the NS message is the IPv6 address of the sending interface of Host A. The destination address is the solicited-node multicast address of Host B.
Host A learns that the IPv6 address is being used by Host B after receiving the NA message from Host B. If Host A does not get any NA message, Host A decides that the IPv6 address is not in use, and uses this address.
Figure 51 Path MTU discovery process The source host compares its MTU with the packet to be sent, performs necessary fragmentation, and sends the resulting packet to the destination host. If the MTU supported by a forwarding interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error packet containing the interface MTU to the source host.
The switching engine on the HP 830 Series PoE+ Unified Wired-WLAN switch does not support tunneling and NAT-PT. Protocols and standards Protocols and standards related to IPv6 include: RFC 1881, IPv6 Address Allocation Management • • RFC 1887, An Architecture for IPv6 Unicast Address Allocation RFC 1981, Path MTU Discovery for IP version 6 •...
Step Command Remarks Configure the interface to ipv6 address By default, no IPv6 global unicast generate an EUI-64 IPv6 ipv6-address/prefix-length eui-64 address is configured on an interface. address. Manual configuration To specify an IPv6 address manually for an interface: Step Command Remarks Enter system view.
If you delete the manually assigned address, the automatically generated link-local address is validated. To configure automatic generation of an IPv6 link-local address for an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Configure the interface By default, no link-local address is to generate an IPv6...
Step Command Remarks Optional. Configure an IPv6 anycast ipv6 address By default, no IPv6 anycast address. ipv6-address/prefix-length anycast address is configured on an interface. Configuring IPv6 ND Configuring a static neighbor entry You can resolve the IPv6 address of a neighboring node into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry.
Step Command Remarks Optional. Configure the maximum By default, a Layer 2 interface does number of neighbors that can ipv6 neighbors max-learning-num not limit the number of neighbors be learned dynamically by an number dynamically learned. A Layer 3 interface. interface can dynamically learn a maximum of 256 neighbors.
Page 116
Enabling sending of RA messages Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Disable RA message undo ipv6 nd ra halt By default, RA messages are suppressed. suppression. Optional. By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds.
Step Command Remarks Optional. By default, the O flag bit is set to 0 and Set the O flag bit to 1. ipv6 nd autoconfig other-flag hosts acquire other configuration information through stateless autoconfiguration. Optional. Configure the router ipv6 nd ra router-lifetime value lifetime in RA messages.
Configuring ND snooping The ND snooping feature is used in Layer 2 switching networks. You must enable ND snooping on a VLAN of a device, ND packets received by the interfaces of the VLAN are redirected to the CPU. When ND snooping is enabled globally, the CPU uses the ND packets to create or update ND snooping entries.
Configuring IPv6 TCP properties You can configure the following IPv6 TCP properties: synwait timer—When a SYN packet is sent, the synwait timer is triggered. If no response packet is • received before the synwait timer expires, the IPv6 TCP connection establishment fails. finwait timer—When the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered.
Step Command Remarks • Configure load sharing based on the hash algorithm: Optional. ipv6 fib-loadbalance-type By default, load sharing based on hash-based Configure the IPv6 FIB polling is adopted and ECMP load sharing mode. • Configure load sharing based on routes are used in turn to forward polling: packets.
To enable replying to multicast echo requests: Step Command Remarks Enter system view. system-view Enable replying to multicast ipv6 icmpv6 multicast-echo-reply The device is disabled from echo requests. enable replying to multicast echo requests. Enabling sending ICMPv6 time exceeded messages A device sends out an ICMPv6 Time Exceeded message in the following cases: •...
If an attacker sends abnormal traffic that causes the device to generate ICMPv6 destination unreachable messages, end users may be affected. To prevent such attacks, you can disable the device from sending ICMPv6 destination unreachable messages. To enable sending ICMPv6 destination unreachable messages: Step Command Remarks...
Task Command Remarks display ipv6 nd snooping [ ipv6-address | vlan Display ND snooping vlan-id ] [ | { begin | exclude | include } Available in any view. entries. regular-expression ] Clear FIB cache entries. reset ipv6 fibcache { slot-number | all } Available in user view.
Page 125
# Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default). [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ipv6 address 2001::1/64 [SwitchA-Vlan-interface1] undo ipv6 nd ra halt [SwitchA-Vlan-interface1] quit Configure Switch B: # Enable IPv6.
Verifying the configuration # Display the IPv6 interface settings on Switch A. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchA] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:2 Global unicast address(es): 3001::1, subnet is 3001::/64...
Page 127
[SwitchA] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es): FF02::1:FF00:0 FF02::1:FF00:1 FF02::1:FF00:1C0 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds...
Page 128
# Display the IPv6 interface settings on Switch B. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es):...
CAUTION: When you ping a link-local address, you should use the -i parameter to specify an interface for the link-local address. [SwitchB] ping ipv6 -c 1 3001::1 PING 3001::1 : 56 data bytes, press CTRL_C to break Reply from 3001::1 bytes=56 Sequence=1 hop limit=64 time = 2 ms --- 3001::1 ping statistics ---...
IP routing basics IP routing directs IP packet forwarding on routers based on a routing table. This book focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide. Routing table A router maintains at least two routing tables: a global routing table and a FIB. The FIB table contains only the optimal routes, and the global routing table contains all routes.
NextHop—Next hop. • • Interface—Output interface. Route preference Routing protocols (including static and direct routing) each by default have a preference. If they find multiple routes to the same destination, the router selects the route with the highest preference as the optimal route.
Page 132
Task Command Remarks display ip routing-table ip-address [ mask Display information about routes to | mask-length ] [ longer-match ] Available in any view. a specific destination address. [ verbose ] [ | { begin | exclude | include } regular-expression ] display ip routing-table ip-address1 Display information about routes to { mask | mask-length } ip-address2 { mask...
Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually.
Displaying and maintaining static routes Task Command Remarks display ip routing-table protocol static [ inactive | Available in any Display static route information. verbose ] [ | { begin | exclude | include } view. regular-expression ] Basic static route configuration example Network requirements Configure static routes in Figure 53...
Page 135
Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0...
Page 136
Tracing route to 1.1.2.2 over a maximum of 30 hops <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.
Configuring IPv6 static routing Overview Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator has to modify the static routes manually.
IPv6 static routing configuration example Network requirements As shown in Figure 54, configure IPv6 static routes so that hosts can reach one another. Figure 54 Network diagram Configuration procedure Configure the IPv6 addresses for all VLAN interfaces. (Details not shown.) Configure IPv6 static routes: # Enable IPv6 and configure an IPv6 static route on Switch A.
Configuring RIP Routing Information Protocol (RIP) is a distance-vector simple interior gateway protocol suited to small-sized networks. It employs UDP to exchange route information through port 520. Overview RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0.
Split horizon—Disables RIP from sending routing information on the interface from which the • information was learned to prevent routing loops and save bandwidth. Poison reverse—Enables RIP to set the metric of routes received from a neighbor to 16 and sends •...
Step Command Remarks Enable RIP on the interface By default, RIP is disabled on attached to the specified network network-address interfaces. network. Configuring the interface behavior Step Command Remarks Enter system view. system-view Enter RIP view. rip [ process-id ] Disable the specified interface Optional.
Step Command Remarks Optional. By default, if an interface has an interface-specific RIP version, the version takes precedence over the global one. If no interface-specific Specify a global RIP version. version { 1 | 2 } RIP version is specified, the interface can send RIPv1 broadcasts, and receive RIPv1 broadcasts and unicasts, and...
Step Command Remarks Optional. Specify an inbound rip metricin value additional routing metric. The default setting is 0. Optional. Specify an outbound rip metricout value additional routing metric. The default setting is 1. Configuring RIPv2 route summarization Perform this task to summarize contiguous subnets into a summary network and send the network to neighbors.
Step Command Remarks rip summary-address ip-address Configure a summary route. { mask | mask-length } Disabling host route reception Perform this task to disable RIPv2 from receiving host routes from the same network and save network resources. This feature does not apply to RIPv1. To disable RIP from receiving host routes: Step Command...
Configuring inbound/outbound route filtering Perform this task to filter inbound and outbound routes by using an ACL or IP prefix list. You can also configure RIP to receive routes only from a specified neighbor. To configure route filtering: Step Command Remarks Enter system view.
• The garbage-collect timer is 120s. update-value } * HP recommends that you not change the default values of these timers. Configuring split horizon and poison reverse The split horizon and poison reverse functions can prevent routing loops. If both split horizon and poison reverse are configured, only the poison reverse function takes effect.
To enable split horizon: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Enable split horizon. rip split-horizon By default, split horizon is enabled. Enabling poison reverse Poison reverse allows RIP to send routes through the interface where the routes were learned. The metric of these routes is always set to 16 (unreachable) to prevent routing loops between neighbors.
Step Command Remarks Enter system view. system-view Enter RIP view. rip [ process-id ] Optional. Enable zero field check on checkzero incoming RIPv1 messages. By default, this function is enabled. Enabling source IP address check on incoming RIP updates WARNING! Disable the source IP address check feature if the RIP neighbor is not directly connected.
Specifying a RIP neighbor Usually, RIP sends messages to broadcast or multicast addresses. On non-broadcast or multicast links, you must manually specify RIP neighbors. Follow these guidelines when you specify a RIP neighbor: • Do not use the peer ip-address command when the neighbor is directly connected. Otherwise, the neighbor might receive both the unicast and multicast (or broadcast) of the same routing information.
Step Command Remarks Specify the interval for Optional. sending RIP packets and the By default, an interface sends up to maximum number of RIP output-delay time count count three RIP packets every 20 packets that can be sent at milliseconds. each interval.
Page 153
Configure basic RIP: # Configure Switch A. [SwitchA] rip [SwitchA-rip-1] network 192.168.1.0 [SwitchA-rip-1] network 172.16.0.0 [SwitchA-rip-1] network 172.17.0.0 [SwitchA-rip-1] quit # Configure Switch B. [SwitchB] rip [SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0 [SwitchB-rip-1] quit # Display the RIP routing table on Switch A. [SwitchA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect...
Configuring RIP route redistribution Network requirements As shown in Figure 56, Switch B communicates with Switch A through RIP 100 and with Switch C through RIP 200. Configure RIP 200 to redistribute direct routes and routes from RIP 100 on Switch B so Switch C can learn routes destined for 10.2.1.0/24 and 1 1.1.1.0/24.
Page 155
[SwitchC-rip-200] version 2 [SwitchC-rip-200] undo summary [SwitchC-rip-200] quit # Display the IP routing table on Switch C. [SwitchC] display ip routing-table Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Cost NextHop Interface 12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1...
11.1.1.0/24 12.3.1.1 Vlan200 12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configuring an additional metric for a RIP interface Network requirements As shown in Figure...
Analysis After enabling RIP, use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end. Solution Use the display current-configuration command to verify RIP configuration.
Configuring RIPng Overview RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 has the following basic differences from RIP: • UDP port number—RIPng uses UDP port 521 for sending and receiving routing information. Multicast address—RIPng uses FF02::9 as the link-local-router multicast address.
Figure 58 RIPng basic packet format Packet header description: Command—Type of message. 0x01 indicates Request, 0x02 indicates Response. • Version—Version of RIPng. It can only be 0x01. • • RTE—Route table entry. It is 20 bytes for each entry. RTE format The following are types of RTEs in RIPng: •...
When a RIPng neighbor receives the request packet, it sends back a response packet that contains the local routing table. RIPng can also periodically advertise route updates in response packets or advertise a triggered update caused by a route change. The RIPng router processes RTEs in the request.
Configuration procedure To configure the basic RIPng functions: Step Command Remarks Enter system view. system-view Create a RIPng process and ripng [ process-id ] Not created by default. enter RIPng view. Return to system view. quit interface interface-type Enter interface view. interface-number Enable RIPng on the interface.
Configuring RIPng route summarization Step Command Enter system view. system-view Enter interface view. interface interface-type interface-number Advertise a summary IPv6 prefix. ripng summary-address ipv6-address prefix-length Advertising a default route When this feature is enabled, a default route is advertised through the specified interface regardless of whether the default route is available in the local IPv6 routing table.
Step Command Remarks Enter system view. system-view Enter RIPng view. ripng [ process-id ] Optional. Configure a RIPng priority. preference preference By default, the RIPng priority is 100. Configuring RIPng route redistribution Step Command Remarks Enter system view. system-view Enter RIPng view. ripng [ process-id ] Optional.
Configuring split horizon Split horizon disables RIPng from sending routes through the interface where the routes were learned to prevent routing loops between adjacent routers. HP recommends enabling split horizon to prevent routing loops. To configure split horizon: Step Command Remarks Enter system view.
If you are sure that all packets are trustworthy, disable the zero field check to reduce the CPU processing time. To configure RIPng zero field check: Step Command Remarks Enter system view. system-view Enter RIPng view. ripng [ process-id ] Optional.
RIPng configuration examples Configure RIPng basic functions Network requirements As shown in Figure 61, all switches run RIPng. Configure Switch B to filter the route (3::/64) learned from Switch C, which means the route is not added to the routing table of Switch B, and Switch B does not forward it to Switch A.
Page 168
[SwitchC] interface vlan-interface 500 [SwitchC-Vlan-interface500] ripng 1 enable [SwitchC-Vlan-interface500] quit [SwitchC] interface vlan-interface 600 [SwitchC-Vlan-interface600] ripng 1 enable [SwitchC-Vlan-interface600] quit # Display the routing table of Switch B. [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100...
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 175
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 176
Configuring the maximum number of dynamic ARP BOOTP client configuration example,63 entries for an interface,4 Configuring UDP helper,90 Configuration guidelines,7 Contacting HP,164 Configuration procedure,90 Conventions,165 Configuration procedure,8 Correlating a DHCP server group with a relay agent Configuring a static ARP entry,3 interface,41...
Page 177
Displaying and maintaining IPv6 DNS,77 Overview,1 Displaying and maintaining IPv6 static routes,128 Overview,93 Displaying and maintaining RIP,143 Overview,90 Displaying and maintaining RIPng,157 Overview,150 Displaying and maintaining static routes,125 Overview,64 Displaying and maintaining the DHCP client,50 Overview,7 Displaying and maintaining the DHCP relay agent,47 Overview,53 Displaying and maintaining the DHCP...