Layer 3 - IP Services Configuration Guide
-
Upload
domingo-adonai -
Category
Documents
-
view
223 -
download
0
Transcript of Layer 3 - IP Services Configuration Guide
-
8/18/2019 Layer 3 - IP Services Configuration Guide
1/179
HP A5120 EI Switch SeriesLayer 3 - IP Services
Configuration Guide
Abstract
This document describes the software features for the HP A Series products and guides you through thesoftware configuration procedures. These configuration guides also provide configuration examples tohelp you apply software features to different network scenarios.
This documentation is intended for network planners, field technical support and servicing engineers, andnetwork administrators working with the HP A Series products.
Part number: 5998-1795
Software version: Release 2208
Document version: 5W100-20110530
-
8/18/2019 Layer 3 - IP Services Configuration Guide
2/179
Legal and notice information
© Copyright 2011 Hewlett-Packard Development Company, L.P.
No part of this documentation may be reproduced or transmitted in any form or by any means withoutprior written consent of Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors containedherein or for incidental or consequential damages in connection with the furnishing, performance, or useof this material.
The only warranties for HP products and services are set forth in the express warranty statementsaccompanying such products and services. Nothing herein should be construed as constituting anadditional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
-
8/18/2019 Layer 3 - IP Services Configuration Guide
3/179
iii
Contents
ARP configuration ···························································································································································· 1 ARP overview ····································································································································································· 1
ARP function ······························································································································································ 1
ARP message format ················································································································································ 1
Operation of ARP ····················································································································································· 2 ARP table ··································································································································································· 3
Configuring ARP ································································································································································ 3 Configuring a static ARP entry ································································································································ 3 Configuring the maximum number of dynamic ARP entries for an interface ····················································· 4 Setting the age timer for dynamic ARP entries ······································································································ 4 Enabling dynamic ARP entry check ························································································································ 5 Configuring ARP quick update ······························································································································· 5
Displaying and maintaining ARP ···································································································································· 6 ARP configuration example ·············································································································································· 6
Gratuitous ARP configuration ········································································································································· 8 Introduction to gratuitous ARP ·········································································································································· 8
Configuring gratuitous ARP ·············································································································································· 8
Proxy ARP configuration ··············································································································································· 10 Proxy ARP overview ······················································································································································· 10
Proxy ARP ······························································································································································· 10 Local Proxy ARP ····················································································································································· 11
Enabling proxy ARP ······················································································································································· 11
Displaying and maintaining proxy ARP ······················································································································ 12
Proxy ARP configuration examples ······························································································································ 12 Proxy ARP configuration example ······················································································································· 12
Local proxy ARP configuration example in case of port isolation ··································································· 13
Local proxy ARP configuration example in isolate-user-VLAN ·········································································· 14
IP addressing configuration ·········································································································································· 17 IP addressing overview·················································································································································· 17
IP address classes ·················································································································································· 17 Special IP addresses ············································································································································· 18 Subnetting and masking ······································································································································· 18
Configuring IP addresses ·············································································································································· 19 Assigning an IP address to an interface ············································································································· 19 IP addressing configuration example ·················································································································· 19
Displaying and maintaining IP addressing ················································································································· 21
DHCP overview ······························································································································································ 22 Introduction to DHCP ····················································································································································· 22 DHCP address allocation ·············································································································································· 22
Allocation mechanisms ········································································································································· 22 Dynamic IP address allocation process ·············································································································· 23 IP address lease extension ··································································································································· 23
DHCP message format ·················································································································································· 24 DHCP options ································································································································································· 25
Overview ································································································································································ 25 Introduction to DHCP options ······························································································································· 25 Self-defined options ··············································································································································· 25
-
8/18/2019 Layer 3 - IP Services Configuration Guide
4/179
iv
Protocols and standards ················································································································································ 28
DHCP server configuration ··········································································································································· 30 Introduction to DHCP server ·········································································································································· 30
Application environment ······································································································································· 30 DHCP address pool··············································································································································· 30 IP address allocation sequence···························································································································· 31
DHCP server configuration task list ······························································································································ 31 Configuring an address pool for the DHCP server····································································································· 32
Configuration task list ··········································································································································· 32
Creating a DHCP address pool ··························································································································· 32 Configuring an address allocation mode for a common address pool ·························································· 33 Configuring dynamic address allocation for an extended address pool ························································ 35 Configuring a domain name suffix for the client ······························································································· 36 Configuring DNS servers for the client ··············································································································· 36 Configuring WINS servers and NetBIOS node type for the client ·································································· 36
Configuring BIMS server information for the client ··························································································· 37
Configuring gateways for the client ···················································································································· 37 Configuring Option 184 parameters for the client with voice service ···························································· 38 Configuring the TFTP server and bootfile name for the client ··········································································· 38 Configuring self-defined DHCP options ·············································································································· 39
Enabling DHCP ······························································································································································ 40 Enabling the DHCP server on an interface ·················································································································· 40
Applying an extended address pool on an interface ································································································ 41 Configuring the DHCP server security functions ········································································································· 41
Configuration prerequisites ·································································································································· 41 Enabling unauthorized DHCP server detection ·································································································· 42 Configuring IP address conflict detection ··········································································································· 42
Enabling Option 82 handling ······································································································································ 42 Specifying the threshold for sending trap messages ·································································································· 43
Configuration prerequisites ·································································································································· 43 Configuration procedure ······································································································································ 43
Displaying and maintaining the DHCP server ············································································································ 44
DHCP server configuration examples ·························································································································· 44 Static IP address assignment configuration example ························································································ 45
Dynamic IP address assignment configuration example ··················································································· 46 Self-defined option configuration example ········································································································· 47
Troubleshooting DHCP server configuration ··············································································································· 48
DHCP relay agent configuration ·································································································································· 50 Introduction to DHCP relay agent ································································································································ 50
Application environment ······································································································································· 50 Fundamentals ························································································································································· 50 DHCP relay agent support for Option 82 ·········································································································· 51
DHCP relay agent configuration task list ····················································································································· 52 Enabling DHCP ······························································································································································ 52
Enabling the DHCP relay agent on an interface ········································································································ 52
Correlating a DHCP server group with a relay agent interface ··············································································· 53 Configuring the DHCP relay agent security functions ································································································ 54
Creating static bindings and enabling address check ······················································································ 54 Configuring periodic refresh of dynamic client entries ····················································································· 54 Enabling unauthorized DHCP server detection ·································································································· 55 Enabling DHCP starvation attack protection ······································································································ 55
Enabling offline detection·············································································································································· 56 Configuring the DHCP relay agent to release an IP address ···················································································· 56 Configuring the DHCP relay agent to support Option 82 ························································································· 57
-
8/18/2019 Layer 3 - IP Services Configuration Guide
5/179
v
Displaying and maintaining the DHCP relay agent ··································································································· 58
DHCP relay agent configuration examples ················································································································· 59
DHCP relay agent configuration example ·········································································································· 59
DHCP relay agent Option 82 support configuration example········································································· 60
Troubleshooting DHCP relay agent configuration ······································································································ 61
DHCP client configuration ············································································································································· 62 Introduction to DHCP client ··········································································································································· 62 Enabling the DHCP client on an interface ··················································································································· 62
Displaying and maintaining the DHCP client ·············································································································· 62
DHCP client configuration example ····························································································································· 63
DHCP snooping configuration ······································································································································ 65 DHCP snooping overview ············································································································································· 65
Functions of DHCP snooping ······························································································································· 65 Application environment of trusted ports ············································································································ 66 DHCP snooping support for Option 82 ·············································································································· 67
DHCP snooping configuration task list ························································································································ 68 Configuring DHCP snooping basic functions ·············································································································· 68 Configuring DHCP snooping to support Option 82··································································································· 69 Configuring DHCP snooping entries backup ·············································································································· 70
Enabling DHCP starvation attack protection ··············································································································· 71
Enabling DHCP-REQUEST message attack protection ······························································································· 72
Configuring DHCP packet rate limit ····························································································································· 72 Displaying and maintaining DHCP snooping ············································································································· 73 DHCP snooping configuration examples····················································································································· 73
DHCP snooping configuration example ············································································································· 73 DHCP snooping Option 82 support configuration example ············································································ 74
BOOTP client configuration ·········································································································································· 76 Introduction to BOOTP client ········································································································································ 76
BOOTP application ··············································································································································· 76 Obtaining an IP address dynamically ················································································································· 76 Protocols and standards ······································································································································· 76
Configuring an interface to dynamically obtain an IP address through BOOTP ···················································· 77 Displaying and maintaining BOOTP client configuration·························································································· 77
BOOTP client configuration example ·························································································································· 77
IPv4 DNS configuration ················································································································································ 78 DNS overview ································································································································································ 78
Static domain name resolution ···························································································································· 78 Dynamic domain name resolution ······················································································································· 78 DNS proxy ····························································································································································· 79 DNS spoofing ························································································································································ 80
Configuring the IPv4 DNS client ·································································································································· 81 Configuring static domain name resolution········································································································ 81 Configuring dynamic domain name resolution ·································································································· 82
Configuring the DNS proxy ·········································································································································· 83
Configuring DNS spoofing ··········································································································································· 83
Configuration prerequisites ·································································································································· 83
Configuration procedure ······································································································································ 83
Displaying and maintaining IPv4 DNS ························································································································ 83 IPv4 DNS configuration examples ······························································································································· 84
Static domain name resolution configuration example ····················································································· 84 Dynamic domain name resolution configuration example ··············································································· 85 DNS proxy configuration example······················································································································ 88
Troubleshooting IPv4 DNS configuration ···················································································································· 89
-
8/18/2019 Layer 3 - IP Services Configuration Guide
6/179
vi
IPv6 DNS configuration ················································································································································ 90 Introduction to IPv6 DNS ··············································································································································· 90 Configuring the IPv6 DNS client ·································································································································· 90
Configuring static domain name resolution········································································································ 90 Configuring dynamic domain name resolution ·································································································· 90
Displaying and maintaining IPv6 DNS ························································································································ 91 IPv6 DNS configuration examples ······························································································································· 91
Static domain name resolution configuration example ····················································································· 91
Dynamic domain name resolution configuration example ··············································································· 92
IP performance optimization configuration ················································································································· 98 IP performance optimization overview ························································································································ 98 Enabling reception and forwarding of directed broadcasts to a directly connected network ······························ 98
Enabling reception of directed broadcasts to a directly connected network ·················································· 98 Enabling forwarding of directed broadcasts to a directly connected network··············································· 98 Configuration example ········································································································································· 99
Configuring TCP attributes ·········································································································································· 100 Configuring the TCP send/receive buffer size ································································································· 100 Configuring TCP timers ······································································································································· 100
Configuring ICMP to send error packets ··················································································································· 100 Introduction ·························································································································································· 100
Configuration procedure ···································································································································· 102
Displaying and maintaining IP performance optimization ······················································································ 102
IRDP configuration ······················································································································································ 104 IRDP overview ······························································································································································· 104
Background ·························································································································································· 104 Working mechanism ··········································································································································· 104 Terminology ························································································································································· 105 Protocols and standards ····································································································································· 105
Configuring IRDP ·························································································································································· 105 IRDP configuration example ········································································································································ 106
UDP Helper configuration ·········································································································································· 109
Introduction to UDP Helper ········································································································································· 109 Configuring UDP Helper ············································································································································· 109
Displaying and maintaining UDP Helper ·················································································································· 110
UDP Helper configuration example ··························································································································· 110
IPv6 basics configuration ··········································································································································· 112 IPv6 overview ······························································································································································· 112
IPv6 features························································································································································· 112 IPv6 addresses ····················································································································································· 113 IPv6 neighbor discovery protocol ······················································································································ 116 IPv6 PMTU discovery ·········································································································································· 118 IPv6 transition technologies ································································································································ 119 Protocols and standards ····································································································································· 120
IPv6 basics configuration task list ······························································································································· 120
Configuring basic IPv6 functions ································································································································ 121 Enabling IPv6 ······················································································································································· 121 Configuring an IPv6 global unicast address ···································································································· 121 Configuring an IPv6 link-local address ············································································································· 123 Configure an IPv6 anycast address ·················································································································· 124
Configuring IPv6 ND ··················································································································································· 125 Configuring a static neighbor entry ·················································································································· 125 Configuring the maximum number of neighbors dynamically learned ························································· 125
-
8/18/2019 Layer 3 - IP Services Configuration Guide
7/179
vii
Configuring parameters related to RA messages ···························································································· 126
Configuring the maximum number of attempts to send an NS message for DAD ······································· 128
Setting the age timer for ND entries ·················································································································· 129
Configuring ND snooping ·································································································································· 129
Enabling ND proxy ············································································································································· 130 Configuring PMTU discovery ······································································································································ 131
Configuring a static PMTU for a specified IPv6 address ················································································ 131 Configuring the aging time for dynamic PMTUs ······························································································ 132
Configuring IPv6 TCP properties ································································································································ 132
Configuring ICMPv6 packet sending ························································································································· 133 Configuring the maximum ICMPv6 error packets sent in an interval ···························································· 133 Enabling replying to multicast echo requests ··································································································· 133 Enabling sending of ICMPv6 time exceeded messages ················································································· 133 Enabling sending of ICMPv6 destination unreachable messages ································································· 134
Displaying and maintaining IPv6 basics configuration···························································································· 135 IPv6 configuration example ········································································································································ 136 Troubleshooting IPv6 basics configuration ················································································································ 141
DHCPv6 overview ······················································································································································· 142 Introduction to DHCPv6 ··············································································································································· 142 DHCPv6 address/prefix assignment ·························································································································· 142
Rapid assignment involving two messages ······································································································ 142 Assignment involving four messages ················································································································· 142
Address/Prefix lease renewal ···································································································································· 143 Stateless DHCPv6 configuration ································································································································· 144
Introduction ·························································································································································· 144 Operation ····························································································································································· 145
Protocols and standards ·············································································································································· 145
DHCPv6 server configuration ···································································································································· 146 Introduction to the DHCPv6 server ····························································································································· 146
Application environment ····································································································································· 146 Basic concepts ····················································································································································· 146 Prefix selection process ······································································································································· 147
DHCPv6 server configuration task list ························································································································ 148
Configuration prerequisites ········································································································································· 148 Enabling the DHCPv6 server ······································································································································ 148 Creating a prefix pool ················································································································································· 148
Configuring a DHCPv6 address pool ························································································································ 148
Applying the address pool to an interface ················································································································ 149
Displaying and maintaining the DHCPv6 server ······································································································ 150 DHCPv6 server configuration example ····················································································································· 150
DHCPv6 relay agent configuration ··························································································································· 154 Introduction to the DHCPv6 relay agent ···················································································································· 154
Application environment ····································································································································· 154
Operation of DHCPv6 relay agent ···················································································································· 154
Configuring the DHCPv6 relay agent ························································································································ 155 Configuration prerequisites ································································································································ 155 Configuration procedure ···································································································································· 155
Displaying and maintaining the DHCPv6 relay agent ····························································································· 156 DHCPv6 relay agent configuration example ············································································································ 156
DHCPv6 client configuration ····································································································································· 159
Introduction to the DHCPv6 client ······························································································································ 159 Configuring the DHCPv6 client ·································································································································· 159
Configuration prerequisites ································································································································ 159
-
8/18/2019 Layer 3 - IP Services Configuration Guide
8/179
viii
Configuration procedure ···································································································································· 159
Displaying and maintaining the DHCPv6 client ······································································································· 159
Stateless DHCPv6 configuration example ················································································································· 160
DHCPv6 snooping configuration ······························································································································ 162 DHCPv6 snooping overview ······································································································································· 162 Enabling DHCPv6 snooping ······································································································································· 163 Configuring a DHCPv6 snooping trusted port ·········································································································· 163 Configuring the maximum number of DHCPv6 Snooping entries an interface can learn ··································· 164
Displaying and maintaining DHCPv6 snooping ······································································································· 164
DHCPv6 snooping configuration example ················································································································ 164 Network requirements ········································································································································· 164 Configuration procedure ···································································································································· 165
Support and other resources ····································································································································· 166
Contacting HP ······························································································································································ 166 Subscription service ············································································································································ 166
Related information ······················································································································································ 166 Documents ···························································································································································· 166
Websites ······························································································································································ 166 Conventions ·································································································································································· 167
Index ············································································································································································· 169
-
8/18/2019 Layer 3 - IP Services Configuration Guide
9/179
1
ARP configuration
ARP overview ARP function
The Address Resolution Protocol (ARP) is used to resolve an IP address into a physical address (EthernetMAC address, for example).
In an Ethernet LAN, a switch uses ARP to resolve the IP address of the next hop to the correspondingMAC address.
ARP message format
ARP messages include ARP requests and ARP replies. Figure 1 shows the format of the ARP request/reply.Numbers in the figure refer to field lengths.
Figure 1 ARP message format
28-byte ARP request/reply
OPSender hardware
address
Sender protocol
addressTarget hardware
address
Target protocol
address
Protocol
type
22 61 442 61
Hardware address length
Protocol address length
Hardware
type
The following describe the fields in Figure 1.
Hardware type: The hardware address type. The value 1 represents Ethernet.
Protocol type: The type of the protocol address to be mapped. The hexadecimal value 0x0800represents IP.
Hardware address length and protocol address length: Length, in bytes, of a hardware address andprotocol address. For an Ethernet address, the value of the hardware address length field is 6. Foran IP(v4) address, the value of the protocol address length field is 4.
OP: Operation code. The type of the ARP message. The value 1 represents an ARP request and 2represents an ARP reply.
Sender hardware address: Hardware address of the switch sending the message.
Sender protocol address: Protocol address of the switch sending the message.
Target hardware address: Hardware address of the switch the message is being sent to.
Target protocol address: Protocol address of the switch the message is being sent to.
-
8/18/2019 Layer 3 - IP Services Configuration Guide
10/179
2
Operation of ARPIf Host A and Host B are on the same subnet and Host A sends a packet to Host B, as shown in Figure 2:
1. Host A looks in its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses the
MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends theframe to Host B.
2.
If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request usingthe following information.
Source IP address and source MAC address: Host A’s own IP address and the MAC address
Target IP address: Host B’s IP address
Target MAC address: An all-zero MAC address
Because the ARP request is broadcast, all hosts on this subnet can receive the request, but only therequested host (Host B) will process the request.
3. Host B compares its own IP address with the target IP address in the ARP request. If they are thesame, Host B:
Adds the sender IP address and sender MAC address into its ARP table.
Encapsulates its MAC address into an ARP reply.
Unicasts the ARP reply to Host A.
4. After receiving the ARP reply, Host A:
Adds the MAC address of Host B into its ARP table.
Encapsulates the MAC address in the IP packet and sends it to Host B.
Figure 2 ARP address resolution process
Target IP
address
192.168.1.1
Target IP
address
192.168.1.2
Host A
192.168.1.1
0002-6779-0f4c
Host B
192.168.1.2
00a0-2470-febd
Target MAC
address
0000-0000-0000
Sender MAC
address
00a0-2470-febd
Target MAC
address
0002-6779-0f4c
Sender IP
address
192.168.1.1
Sender MAC
address
0002-6779-0f4c
Sender IP
address
192.168.1.2
If Host A and Host B are not on the same subnet:
5. Host A sends an ARP request to the gateway. The target IP address in the ARP request is the IP
address of the gateway.
6. After obtaining the MAC address of the gateway from an ARP reply, Host A sends the packet to thegateway.
7. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it
broadcasts an ARP request, in which the target IP address is the IP address of Host B.
8.
After obtaining the MAC address of Host B, the gateway sends the packet to Host B.
-
8/18/2019 Layer 3 - IP Services Configuration Guide
11/179
3
ARP table After obtaining a host’s MAC address, the switch adds the IP-to-MAC mapping to its own ARP table. Thismapping is used for forwarding packets with the same destination in the future.
An ARP table contains dynamic and static ARP entries.
Dynamic ARP entry
A dynamic entry is automatically created and maintained by ARP. It can age out, be updated by a new ARP packet, and be overwritten by a static ARP entry. A dynamic ARP entry is removed when its agetimer expires or the interface goes down.
Static ARP entry
A static ARP entry is manually configured and maintained. It does not age out and cannot be overwrittenby a dynamic ARP entry.
Static ARP entries protect communication between devices, because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry.
Static ARP entries can be long or short.
A long static ARP entry can be directly used to forward packets directly, because it includes not onlythe IP address and MAC address, but also a configured VLAN and outbound interface.
A short static ARP entry includes only an IP address and a MAC address. It cannot be used toforward data directly if the outbound interface is a VLAN interface. When a short static ARP entrymatches an IP packet to be forwarded, the switch sends an ARP request first. If the sender IP andMAC addresses in the received ARP reply match the IP and MAC addresses of the short static ARPentry, the switch adds the interface receiving the ARP reply to the short static ARP entry. Then theentry can be used for forwarding IP packets.
NOTE:
Usually ARP dynamically resolves IP addresses to MAC addresses without manual intervention.
To allow communication with a host using a fixed IP-to-MAC mapping, configure a short static ARP entry for it.To allow communication with a host using a fixed IP-to-MAC mapping through a specific interface in a specific VLAN, configure a long static ARP entry for it.
Configuring ARP
Configuring a static ARP entry A static ARP entry is effective when the device it corresponds to works normally. However, when a VLAN
or VLAN interface is deleted, any static ARP entry corresponding to it will also be deleted (if it is a longstatic ARP entry) or will become unresolved (if it is a short and resolved static ARP entry).
Follow these steps to configure a static ARP entry:
To do… Use the command… Remarks
Enter system view system-view —
-
8/18/2019 Layer 3 - IP Services Configuration Guide
12/179
4
To do… Use the command… Remarks
Configure a long static ARP entry
arp static ip-address mac-address vlan-id interface-type interface- number
Required
No long static ARP entry is configured bydefault.
Configure a short static
ARP entry arp static ip-address mac-address
Required
No short static ARP entry is configured bydefault.
CAUTION:
The vlan-id argument must be the ID of an existing VLAN that corresponds to the ARP entries. In addition, theEthernet interface following the argument must belong to that VLAN. A VLAN interface must be created for the VLAN.
The IP address of the VLAN interface corresponding to the vlan-id