Layer 3 - IP Services Configuration Guide

8/18/2019 Layer 3 - IP Services Configuration Guide

1/179

HP A5120 EI Switch SeriesLayer 3 - IP Services

Configuration Guide

Abstract

This document describes the software features for the HP A Series products and guides you through thesoftware configuration procedures. These configuration guides also provide configuration examples tohelp you apply software features to different network scenarios.

This documentation is intended for network planners, field technical support and servicing engineers, andnetwork administrators working with the HP A Series products.

Part number: 5998-1795

Software version: Release 2208

Document version: 5W100-20110530


2/179

Legal and notice information

© Copyright 2011 Hewlett-Packard Development Company, L.P.

No part of this documentation may be reproduced or transmitted in any form or by any means withoutprior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS

MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors containedherein or for incidental or consequential damages in connection with the furnishing, performance, or useof this material.

The only warranties for HP products and services are set forth in the express warranty statementsaccompanying such products and services. Nothing herein should be construed as constituting anadditional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.


3/179

iii

Contents

ARP configuration ···························································································································································· 1 ARP overview ····································································································································································· 1

ARP function ······························································································································································ 1

ARP message format ················································································································································ 1

Operation of ARP ····················································································································································· 2 ARP table ··································································································································································· 3

Configuring ARP ································································································································································ 3 Configuring a static ARP entry ································································································································ 3 Configuring the maximum number of dynamic ARP entries for an interface ····················································· 4 Setting the age timer for dynamic ARP entries ······································································································ 4 Enabling dynamic ARP entry check ························································································································ 5 Configuring ARP quick update ······························································································································· 5

Displaying and maintaining ARP ···································································································································· 6 ARP configuration example ·············································································································································· 6

Gratuitous ARP configuration ········································································································································· 8 Introduction to gratuitous ARP ·········································································································································· 8

Configuring gratuitous ARP ·············································································································································· 8

Proxy ARP configuration ··············································································································································· 10 Proxy ARP overview ······················································································································································· 10

Proxy ARP ······························································································································································· 10 Local Proxy ARP ····················································································································································· 11

Enabling proxy ARP ······················································································································································· 11

Displaying and maintaining proxy ARP ······················································································································ 12

Proxy ARP configuration examples ······························································································································ 12 Proxy ARP configuration example ······················································································································· 12

Local proxy ARP configuration example in case of port isolation ··································································· 13

Local proxy ARP configuration example in isolate-user-VLAN ·········································································· 14

IP addressing configuration ·········································································································································· 17 IP addressing overview·················································································································································· 17

IP address classes ·················································································································································· 17 Special IP addresses ············································································································································· 18 Subnetting and masking ······································································································································· 18

Configuring IP addresses ·············································································································································· 19 Assigning an IP address to an interface ············································································································· 19 IP addressing configuration example ·················································································································· 19

Displaying and maintaining IP addressing ················································································································· 21

DHCP overview ······························································································································································ 22 Introduction to DHCP ····················································································································································· 22 DHCP address allocation ·············································································································································· 22

Allocation mechanisms ········································································································································· 22 Dynamic IP address allocation process ·············································································································· 23 IP address lease extension ··································································································································· 23

DHCP message format ·················································································································································· 24 DHCP options ································································································································································· 25

Overview ································································································································································ 25 Introduction to DHCP options ······························································································································· 25 Self-defined options ··············································································································································· 25


4/179

iv

Protocols and standards ················································································································································ 28

DHCP server configuration ··········································································································································· 30 Introduction to DHCP server ·········································································································································· 30

Application environment ······································································································································· 30 DHCP address pool··············································································································································· 30 IP address allocation sequence···························································································································· 31

DHCP server configuration task list ······························································································································ 31 Configuring an address pool for the DHCP server····································································································· 32

Configuration task list ··········································································································································· 32

Creating a DHCP address pool ··························································································································· 32 Configuring an address allocation mode for a common address pool ·························································· 33 Configuring dynamic address allocation for an extended address pool ························································ 35 Configuring a domain name suffix for the client ······························································································· 36 Configuring DNS servers for the client ··············································································································· 36 Configuring WINS servers and NetBIOS node type for the client ·································································· 36

Configuring BIMS server information for the client ··························································································· 37

Configuring gateways for the client ···················································································································· 37 Configuring Option 184 parameters for the client with voice service ···························································· 38 Configuring the TFTP server and bootfile name for the client ··········································································· 38 Configuring self-defined DHCP options ·············································································································· 39

Enabling DHCP ······························································································································································ 40 Enabling the DHCP server on an interface ·················································································································· 40

Applying an extended address pool on an interface ································································································ 41 Configuring the DHCP server security functions ········································································································· 41

Configuration prerequisites ·································································································································· 41 Enabling unauthorized DHCP server detection ·································································································· 42 Configuring IP address conflict detection ··········································································································· 42

Enabling Option 82 handling ······································································································································ 42 Specifying the threshold for sending trap messages ·································································································· 43

Configuration prerequisites ·································································································································· 43 Configuration procedure ······································································································································ 43

Displaying and maintaining the DHCP server ············································································································ 44

DHCP server configuration examples ·························································································································· 44 Static IP address assignment configuration example ························································································ 45

Dynamic IP address assignment configuration example ··················································································· 46 Self-defined option configuration example ········································································································· 47

Troubleshooting DHCP server configuration ··············································································································· 48

DHCP relay agent configuration ·································································································································· 50 Introduction to DHCP relay agent ································································································································ 50

Application environment ······································································································································· 50 Fundamentals ························································································································································· 50 DHCP relay agent support for Option 82 ·········································································································· 51

DHCP relay agent configuration task list ····················································································································· 52 Enabling DHCP ······························································································································································ 52

Enabling the DHCP relay agent on an interface ········································································································ 52

Correlating a DHCP server group with a relay agent interface ··············································································· 53 Configuring the DHCP relay agent security functions ································································································ 54

Creating static bindings and enabling address check ······················································································ 54 Configuring periodic refresh of dynamic client entries ····················································································· 54 Enabling unauthorized DHCP server detection ·································································································· 55 Enabling DHCP starvation attack protection ······································································································ 55

Enabling offline detection·············································································································································· 56 Configuring the DHCP relay agent to release an IP address ···················································································· 56 Configuring the DHCP relay agent to support Option 82 ························································································· 57


5/179

v

Displaying and maintaining the DHCP relay agent ··································································································· 58

DHCP relay agent configuration examples ················································································································· 59

DHCP relay agent configuration example ·········································································································· 59

DHCP relay agent Option 82 support configuration example········································································· 60

Troubleshooting DHCP relay agent configuration ······································································································ 61

DHCP client configuration ············································································································································· 62 Introduction to DHCP client ··········································································································································· 62 Enabling the DHCP client on an interface ··················································································································· 62

Displaying and maintaining the DHCP client ·············································································································· 62

DHCP client configuration example ····························································································································· 63

DHCP snooping configuration ······································································································································ 65 DHCP snooping overview ············································································································································· 65

Functions of DHCP snooping ······························································································································· 65 Application environment of trusted ports ············································································································ 66 DHCP snooping support for Option 82 ·············································································································· 67

DHCP snooping configuration task list ························································································································ 68 Configuring DHCP snooping basic functions ·············································································································· 68 Configuring DHCP snooping to support Option 82··································································································· 69 Configuring DHCP snooping entries backup ·············································································································· 70

Enabling DHCP starvation attack protection ··············································································································· 71

Enabling DHCP-REQUEST message attack protection ······························································································· 72

Configuring DHCP packet rate limit ····························································································································· 72 Displaying and maintaining DHCP snooping ············································································································· 73 DHCP snooping configuration examples····················································································································· 73

DHCP snooping configuration example ············································································································· 73 DHCP snooping Option 82 support configuration example ············································································ 74

BOOTP client configuration ·········································································································································· 76 Introduction to BOOTP client ········································································································································ 76

BOOTP application ··············································································································································· 76 Obtaining an IP address dynamically ················································································································· 76 Protocols and standards ······································································································································· 76

Configuring an interface to dynamically obtain an IP address through BOOTP ···················································· 77 Displaying and maintaining BOOTP client configuration·························································································· 77

BOOTP client configuration example ·························································································································· 77

IPv4 DNS configuration ················································································································································ 78 DNS overview ································································································································································ 78

Static domain name resolution ···························································································································· 78 Dynamic domain name resolution ······················································································································· 78 DNS proxy ····························································································································································· 79 DNS spoofing ························································································································································ 80

Configuring the IPv4 DNS client ·································································································································· 81 Configuring static domain name resolution········································································································ 81 Configuring dynamic domain name resolution ·································································································· 82

Configuring the DNS proxy ·········································································································································· 83

Configuring DNS spoofing ··········································································································································· 83

Configuration prerequisites ·································································································································· 83

Configuration procedure ······································································································································ 83

Displaying and maintaining IPv4 DNS ························································································································ 83 IPv4 DNS configuration examples ······························································································································· 84

Static domain name resolution configuration example ····················································································· 84 Dynamic domain name resolution configuration example ··············································································· 85 DNS proxy configuration example······················································································································ 88

Troubleshooting IPv4 DNS configuration ···················································································································· 89


6/179

vi

IPv6 DNS configuration ················································································································································ 90 Introduction to IPv6 DNS ··············································································································································· 90 Configuring the IPv6 DNS client ·································································································································· 90

Configuring static domain name resolution········································································································ 90 Configuring dynamic domain name resolution ·································································································· 90

Displaying and maintaining IPv6 DNS ························································································································ 91 IPv6 DNS configuration examples ······························································································································· 91

Static domain name resolution configuration example ····················································································· 91

Dynamic domain name resolution configuration example ··············································································· 92

IP performance optimization configuration ················································································································· 98 IP performance optimization overview ························································································································ 98 Enabling reception and forwarding of directed broadcasts to a directly connected network ······························ 98

Enabling reception of directed broadcasts to a directly connected network ·················································· 98 Enabling forwarding of directed broadcasts to a directly connected network··············································· 98 Configuration example ········································································································································· 99

Configuring TCP attributes ·········································································································································· 100 Configuring the TCP send/receive buffer size ································································································· 100 Configuring TCP timers ······································································································································· 100

Configuring ICMP to send error packets ··················································································································· 100 Introduction ·························································································································································· 100

Configuration procedure ···································································································································· 102

Displaying and maintaining IP performance optimization ······················································································ 102

IRDP configuration ······················································································································································ 104 IRDP overview ······························································································································································· 104

Background ·························································································································································· 104 Working mechanism ··········································································································································· 104 Terminology ························································································································································· 105 Protocols and standards ····································································································································· 105

Configuring IRDP ·························································································································································· 105 IRDP configuration example ········································································································································ 106

UDP Helper configuration ·········································································································································· 109

Introduction to UDP Helper ········································································································································· 109 Configuring UDP Helper ············································································································································· 109

Displaying and maintaining UDP Helper ·················································································································· 110

UDP Helper configuration example ··························································································································· 110

IPv6 basics configuration ··········································································································································· 112 IPv6 overview ······························································································································································· 112

IPv6 features························································································································································· 112 IPv6 addresses ····················································································································································· 113 IPv6 neighbor discovery protocol ······················································································································ 116 IPv6 PMTU discovery ·········································································································································· 118 IPv6 transition technologies ································································································································ 119 Protocols and standards ····································································································································· 120

IPv6 basics configuration task list ······························································································································· 120

Configuring basic IPv6 functions ································································································································ 121 Enabling IPv6 ······················································································································································· 121 Configuring an IPv6 global unicast address ···································································································· 121 Configuring an IPv6 link-local address ············································································································· 123 Configure an IPv6 anycast address ·················································································································· 124

Configuring IPv6 ND ··················································································································································· 125 Configuring a static neighbor entry ·················································································································· 125 Configuring the maximum number of neighbors dynamically learned ························································· 125


7/179

vii

Configuring parameters related to RA messages ···························································································· 126

Configuring the maximum number of attempts to send an NS message for DAD ······································· 128

Setting the age timer for ND entries ·················································································································· 129

Configuring ND snooping ·································································································································· 129

Enabling ND proxy ············································································································································· 130 Configuring PMTU discovery ······································································································································ 131

Configuring a static PMTU for a specified IPv6 address ················································································ 131 Configuring the aging time for dynamic PMTUs ······························································································ 132

Configuring IPv6 TCP properties ································································································································ 132

Configuring ICMPv6 packet sending ························································································································· 133 Configuring the maximum ICMPv6 error packets sent in an interval ···························································· 133 Enabling replying to multicast echo requests ··································································································· 133 Enabling sending of ICMPv6 time exceeded messages ················································································· 133 Enabling sending of ICMPv6 destination unreachable messages ································································· 134

Displaying and maintaining IPv6 basics configuration···························································································· 135 IPv6 configuration example ········································································································································ 136 Troubleshooting IPv6 basics configuration ················································································································ 141

DHCPv6 overview ······················································································································································· 142 Introduction to DHCPv6 ··············································································································································· 142 DHCPv6 address/prefix assignment ·························································································································· 142

Rapid assignment involving two messages ······································································································ 142 Assignment involving four messages ················································································································· 142

Address/Prefix lease renewal ···································································································································· 143 Stateless DHCPv6 configuration ································································································································· 144

Introduction ·························································································································································· 144 Operation ····························································································································································· 145

Protocols and standards ·············································································································································· 145

DHCPv6 server configuration ···································································································································· 146 Introduction to the DHCPv6 server ····························································································································· 146

Application environment ····································································································································· 146 Basic concepts ····················································································································································· 146 Prefix selection process ······································································································································· 147

DHCPv6 server configuration task list ························································································································ 148

Configuration prerequisites ········································································································································· 148 Enabling the DHCPv6 server ······································································································································ 148 Creating a prefix pool ················································································································································· 148

Configuring a DHCPv6 address pool ························································································································ 148

Applying the address pool to an interface ················································································································ 149

Displaying and maintaining the DHCPv6 server ······································································································ 150 DHCPv6 server configuration example ····················································································································· 150

DHCPv6 relay agent configuration ··························································································································· 154 Introduction to the DHCPv6 relay agent ···················································································································· 154

Application environment ····································································································································· 154

Operation of DHCPv6 relay agent ···················································································································· 154

Configuring the DHCPv6 relay agent ························································································································ 155 Configuration prerequisites ································································································································ 155 Configuration procedure ···································································································································· 155

Displaying and maintaining the DHCPv6 relay agent ····························································································· 156 DHCPv6 relay agent configuration example ············································································································ 156

DHCPv6 client configuration ····································································································································· 159

Introduction to the DHCPv6 client ······························································································································ 159 Configuring the DHCPv6 client ·································································································································· 159

Configuration prerequisites ································································································································ 159


8/179

viii

Configuration procedure ···································································································································· 159

Displaying and maintaining the DHCPv6 client ······································································································· 159

Stateless DHCPv6 configuration example ················································································································· 160

DHCPv6 snooping configuration ······························································································································ 162 DHCPv6 snooping overview ······································································································································· 162 Enabling DHCPv6 snooping ······································································································································· 163 Configuring a DHCPv6 snooping trusted port ·········································································································· 163 Configuring the maximum number of DHCPv6 Snooping entries an interface can learn ··································· 164

Displaying and maintaining DHCPv6 snooping ······································································································· 164

DHCPv6 snooping configuration example ················································································································ 164 Network requirements ········································································································································· 164 Configuration procedure ···································································································································· 165

Support and other resources ····································································································································· 166

Contacting HP ······························································································································································ 166 Subscription service ············································································································································ 166

Related information ······················································································································································ 166 Documents ···························································································································································· 166

Websites ······························································································································································ 166 Conventions ·································································································································································· 167

Index ············································································································································································· 169


9/179

1

ARP configuration

ARP overview ARP function

The Address Resolution Protocol (ARP) is used to resolve an IP address into a physical address (EthernetMAC address, for example).

In an Ethernet LAN, a switch uses ARP to resolve the IP address of the next hop to the correspondingMAC address.

ARP message format

ARP messages include ARP requests and ARP replies. Figure 1 shows the format of the ARP request/reply.Numbers in the figure refer to field lengths.

Figure 1 ARP message format

28-byte ARP request/reply

OPSender hardware

address

Sender protocol

addressTarget hardware

address

Target protocol

address

Protocol

type

22 61 442 61

Hardware address length

Protocol address length

Hardware

type

The following describe the fields in Figure 1.

Hardware type: The hardware address type. The value 1 represents Ethernet.

Protocol type: The type of the protocol address to be mapped. The hexadecimal value 0x0800represents IP.

Hardware address length and protocol address length: Length, in bytes, of a hardware address andprotocol address. For an Ethernet address, the value of the hardware address length field is 6. Foran IP(v4) address, the value of the protocol address length field is 4.

OP: Operation code. The type of the ARP message. The value 1 represents an ARP request and 2represents an ARP reply.

Sender hardware address: Hardware address of the switch sending the message.

Sender protocol address: Protocol address of the switch sending the message.

Target hardware address: Hardware address of the switch the message is being sent to.

Target protocol address: Protocol address of the switch the message is being sent to.


10/179

2

Operation of ARPIf Host A and Host B are on the same subnet and Host A sends a packet to Host B, as shown in Figure 2:

1. Host A looks in its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses the

MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends theframe to Host B.

2.

If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request usingthe following information.

Source IP address and source MAC address: Host A’s own IP address and the MAC address

Target IP address: Host B’s IP address

Target MAC address: An all-zero MAC address

Because the ARP request is broadcast, all hosts on this subnet can receive the request, but only therequested host (Host B) will process the request.

3. Host B compares its own IP address with the target IP address in the ARP request. If they are thesame, Host B:

Adds the sender IP address and sender MAC address into its ARP table.

Encapsulates its MAC address into an ARP reply.

Unicasts the ARP reply to Host A.

4. After receiving the ARP reply, Host A:

Adds the MAC address of Host B into its ARP table.

Encapsulates the MAC address in the IP packet and sends it to Host B.

Figure 2 ARP address resolution process

Target IP

address

192.168.1.1

Target IP

address

192.168.1.2

Host A

192.168.1.1

0002-6779-0f4c

Host B

192.168.1.2

00a0-2470-febd

Target MAC

address

0000-0000-0000

Sender MAC

address

00a0-2470-febd

Target MAC

address

0002-6779-0f4c

Sender IP

address

192.168.1.1

Sender MAC

address

0002-6779-0f4c

Sender IP

address

192.168.1.2

If Host A and Host B are not on the same subnet:

5. Host A sends an ARP request to the gateway. The target IP address in the ARP request is the IP

address of the gateway.

6. After obtaining the MAC address of the gateway from an ARP reply, Host A sends the packet to thegateway.

7. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it

broadcasts an ARP request, in which the target IP address is the IP address of Host B.

8.

After obtaining the MAC address of Host B, the gateway sends the packet to Host B.


11/179

3

ARP table After obtaining a host’s MAC address, the switch adds the IP-to-MAC mapping to its own ARP table. Thismapping is used for forwarding packets with the same destination in the future.

An ARP table contains dynamic and static ARP entries.

Dynamic ARP entry

A dynamic entry is automatically created and maintained by ARP. It can age out, be updated by a new ARP packet, and be overwritten by a static ARP entry. A dynamic ARP entry is removed when its agetimer expires or the interface goes down.

Static ARP entry

A static ARP entry is manually configured and maintained. It does not age out and cannot be overwrittenby a dynamic ARP entry.

Static ARP entries protect communication between devices, because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry.

Static ARP entries can be long or short.

A long static ARP entry can be directly used to forward packets directly, because it includes not onlythe IP address and MAC address, but also a configured VLAN and outbound interface.

A short static ARP entry includes only an IP address and a MAC address. It cannot be used toforward data directly if the outbound interface is a VLAN interface. When a short static ARP entrymatches an IP packet to be forwarded, the switch sends an ARP request first. If the sender IP andMAC addresses in the received ARP reply match the IP and MAC addresses of the short static ARPentry, the switch adds the interface receiving the ARP reply to the short static ARP entry. Then theentry can be used for forwarding IP packets.

NOTE:

Usually ARP dynamically resolves IP addresses to MAC addresses without manual intervention.

To allow communication with a host using a fixed IP-to-MAC mapping, configure a short static ARP entry for it.To allow communication with a host using a fixed IP-to-MAC mapping through a specific interface in a specific VLAN, configure a long static ARP entry for it.

Configuring ARP

Configuring a static ARP entry A static ARP entry is effective when the device it corresponds to works normally. However, when a VLAN

or VLAN interface is deleted, any static ARP entry corresponding to it will also be deleted (if it is a longstatic ARP entry) or will become unresolved (if it is a short and resolved static ARP entry).

Follow these steps to configure a static ARP entry:

To do… Use the command… Remarks

Enter system view system-view —


12/179

4

To do… Use the command… Remarks

Configure a long static ARP entry

arp static ip-address mac-address vlan-id interface-type interface- number

Required

No long static ARP entry is configured bydefault.

Configure a short static

ARP entry arp static ip-address mac-address

Required

No short static ARP entry is configured bydefault.

CAUTION:

The vlan-id argument must be the ID of an existing VLAN that corresponds to the ARP entries. In addition, theEthernet interface following the argument must belong to that VLAN. A VLAN interface must be created for the VLAN.

The IP address of the VLAN interface corresponding to the vlan-id

Layer 3 - IP Services Configuration Guide

Documents

Transcript of Layer 3 - IP Services Configuration Guide