Page 1 Huawei AR150&200 Series Enterprise Routers V200R002C00 Configuration Guide - IP Service Issue Date 2012-03-30 HUAWEI TECHNOLOGIES CO., LTD.
Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.
Page 3: About This Document
Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement NOTE important points of the main text. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 4: Command Conventions
Based on issue 01 (2011-12-30), the document is updated as follows: The following information is added: Disabling the Routing and Forwarding Function on High-end LAN Cards The following information is modified: 6.6.3 Enabling the DHCP/BOOTP Client Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 5 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service About This Document Changes in Issue 01 (2011-12-30) Initial commercial release. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 6: Table Of Contents
1.7.1 Establishing the Configuration Task.......................16 1.7.2 Configuring an IP Addresses for an Interface..................17 1.7.3 (Optional) Configuring the VLAN ID of the Sub-interface..............18 1.7.4 Enabling Inter-VLAN Proxy ARP......................18 1.7.5 Checking the Configuration........................19 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 7 3.3.3 Configuring an IPv6 Link-Local Address for an Interface..............56 3.3.4 Configuring an IPv6 Global Unicast Address for an Interface..............57 3.3.5 Configuring an IPv6 Anycast Address for an Interface................57 3.3.6 Checking the Configuration........................58 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 8 4.4 Configuring DNS Proxy or Relay........................87 4.4.1 Establishing the Configuration Task.......................87 4.4.2 Configuring a DNS Server........................88 4.4.3 (Optional) Configuring DNS Spoofing....................88 4.4.4 (Optional) Setting the Aging Time of DNS Entries................89 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 9 6.3 Configuring a DHCP Server Based on a Global Address Pool..............128 6.3.1 Establishing the Configuration Task.....................128 6.3.2 Configuring an Interface to Select a Global Address Pool for IP Address Allocation......130 6.3.3 Configuring Global Address Pool Attributes..................130 Issue 02 (2012-03-30) Huawei Proprietary and Confidential viii Copyright © Huawei Technologies Co., Ltd.
Page 10 6.9.3 Example for Configuring a DHCP Server and a DHCP Relay Agent When the DHCP Server and Clients Are on Different Network Segments......................164 6.9.4 Example for Configuring the DHCP and BOOTP Clients..............167 6.9.5 Example for Configuring DHCP Rate Limit..................172 7 IP Performance Configuration....................174 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 11 8.4.1 Example for Configuring IP Unicast PBR....................198 9 UDP Helper Configuration......................202 9.1 UDP Helper Overview............................203 9.2 UDP Helper Features Supported by the AR150/200..................203 9.3 Configuring UDP Helper..........................204 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 12 9.3.4 Configuring a Destination Server......................205 9.3.5 Checking the Configuration........................206 9.4 Maintaining UDP Helper..........................207 9.4.1 Clearing the UDP Helper Statistics.......................207 9.5 Configuration Examples..........................207 9.5.1 Example for Configuring UDP Helper....................207 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 13: Arp Configuration
ARP-Ping IP checks whether an IP address on a LAN is in use by sending ARP packets. 1.9 Configuring ARP-Ping MAC ARP-Ping MAC checks whether a MAC address on a LAN is in use by sending Internet Control Management Protocol (ICMP) packets. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 14 Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 1 ARP Configuration 1.10 Maintaining ARP This section describes how to maintain ARP. 1.11 Configuration Examples Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 15: Arp Overview
ARP entry of the interface. If the ARP entry is found, the interface sends the MAC address of the AR150/200 to the sender of the ARP request. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 16: Configuring Static Arp
VLAN tag termination, a sub-interface for VLAN tag termination, or a VLANIF interface. Otherwise, an incorrect host route is generated, causing forwarding errors. Pre-configuration Tasks Before configuring static ARP, complete the following tasks: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 17: Configuring A Static Arp Entry
This section describes how to configure a static ARP entry in a VLAN. Context NOTE To configure static ARP entries for double-tagged packets, run the arp static cevid command. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 18: Configuring A Static Arp Entry In A Vpn Instance
Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 19: Optimizing Dynamic Arp
Before optimizing Dynamic ARP, complete the following tasks: Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 20: Adjusting Parameters Of Dynamic Arp Entries
AR150/200 does not receive an ARP Reply packet from the peer device after the specified number of ARP probes, it deletes the ARP entry. Step 5 (Optional) Run: arp detect-mode unicast Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 21: Enabling Arp Suppression
Layer 2 topology detection is enabled. By default, Layer 2 topology detection is disabled. ----End 1.4.5 Checking the Configuration You can view the dynamic ARP configuration. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 22: Configuring Routed Proxy Arp
ARP entries on the AR150/200 or the specified interface. ----End Example # Run the display arp interface command, and you can view ARP entries on Eth1/0/0. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE...
Page 23: Configuring An Ip Addresses For An Interface
The IP address of the interface enabled with routed proxy ARP must be on the same network segment as the IP address of the connected host on a LAN. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 24: Configuring Routed Proxy Arp
ARP entries on the AR150/200 or the specified interface. ----End Example # Run the display arp interface command, and you can view ARP entries on Eth1/0/0. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE...
Page 25: Configuring Intra-Vlan Proxy Arp
IP address of the interface where intra-VLAN proxy ARP is to be enabled VLAN ID associated with the interface to be enabled with proxy ARP in a VLAN Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 26: Configuring An Ip Address For An Interface
Trunk sub-interfaces. You can skip step when you are enabling intra-VLAN proxy ARP on the VLANIF interface. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface { ethernet | eth-trunk } interface-number.sub-interface-number The sub-interface view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 27: Enabling Intra-Vlan Proxy Arp
Run the display arp statistics { all | interface interface-type interface-number } command to check statistics on ARP entries on the AR150/200 or the specified interface. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 28: Configuring Inter-Vlan Proxy Arp
Huawei AR150&200 Series Enterprise Routers Configuration Guide - IP Service 1 ARP Configuration Example # Run the display arp interface command, and you can view ARP entries on Eth1/0/0. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE...
Page 29: Configuring An Ip Addresses For An Interface
The IP address of the interface must be on the same network segment as the IP address of the user in a VLAN that the interface belongs to. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 30: Optional) Configuring The Vlan Id Of The Sub-Interface
The system view is displayed. Step 2 Run: interface { ethernet | eth-trunk } interface-number.sub-interface-number The sub-interface view is displayed. Or, run: interface vlanif vlan-id The VLANIF interface view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 31: Checking The Configuration
ARP entries on the AR150/200 or the specified interface. ----End Example # Run the display arp interface command, and you can view ARP entries on Eth1/0/0. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE...
Page 32: Establishing The Configuration Task
[ interface interface-type interface-number [ vlan-id vlan- id ] ] The AR150/200 is configured to check whether the IP address is in use on a LAN. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 33: Configuring Arp-Ping Mac
Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up Data Preparation To configure ARP-Ping MAC, you need the following data. Data MAC address to be checked Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 34: Checking A Mac Address By Using Arp-Ping Mac
The AR150/200 is configured to check whether the MAC address is in use on a LAN. ----End Example If the following information is displayed, the MAC address is not used. <Huawei> arp-ping mac 0013-46e7-2ef5 interface Eth-Trunk 0 OutInterface: Eth-Trunk0 MAC[00-13-46-E7-2E-F5], press CTRL_C to break Error: Request timed...
Page 35: Monitoring The Arp Running Status
ARP entries on the AR150/200 or the specified interface. ----End Example # Run the display arp interface command, and you can view ARP entries on Eth1/0/0. <Huawei> display arp interface ethernet 1/0/0 IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE...
Page 36: Configuration Examples
ARP entries be configured on the Router so that hosts in the headquarters office can communicate with external devices and hosts in departments can access the file backup server. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 37 Interface connecting the Router and the file backup server: Ethernet2/0/0 IP address of Ethernet2/0/0: 10.164.10.10/24 IP address of the file backup server: 10.164.10.1/24 (corresponding MAC address 0df0- fc01-003a) Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 38 10.164.1.3 00e0-fc01-0003 vid 10 interface ethernet 0/0/0 arp static 10.164.10.1 0df0-fc01-003a ----End Example The following lists the configuration file of the Router. sysname Router vlan batch 10 20 30 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 39: Example For Configuring Routed Proxy Arp
Figure 1-2 Network diagram for configuring routed proxy ARP RouterA RouterD RouterC RouterB Internet Etherent0/0/0 Etherent0/0/0 VLAN10 VLAN20 Branch A Branch B Host A Host B 172.16.1.2/16 172.16.2.2/16 0000-5e33-ee20 0000-5e33-ee10 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 40 Ping the IP address of host B from host A. C:\Documents and Settings\Administrator>ping 172.16.2.2 PING 172.16.2.2: 56 data bytes, press CTRL_C to break Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=255 time=10 ms Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 41: Example For Configuring Intra-Vlan Proxy Arp
20 return 1.11.3 Example for Configuring Intra-VLAN Proxy ARP Intra-VLAN proxy ARP implements Layer 3 communication between enterprise departments in a VLAN to prevent broadcast storms. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 42: Networking Requirements
ID of the VLAN that Ethernet0/0/0 joins: VLAN 10 IP address of VLANIF10: 100.1.1.12/24 Procedure Step 1 Add Ethernet0/0/0 to VLAN 10. # Create VLAN 10. <Huawei> system-view [Huawei] sysname Router [Router] vlan 10 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 43 Configuration file of the Router sysname Router vlan batch 10 interface Vlanif 10 ip address 100.1.1.12 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable interface ethernet 0/0/0 port hybrid tagged vlan 10 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 44: Example For Configuring Inter-Vlan Proxy Arp
To complete the configuration, you need the following data: IDs of the super-VLAN and sub-VLANs Sub-VLAN 2 that Ethernet0/0/0 and Ethernet0/0/1 belong to Sub-VLAN 3 that Ethernet0/0/2 and Ethernet0/0/3 belong to Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 45 # Run the display current-configuration command, and you can view the configuration of the super-VLAN, sub-VLANs, and VLANIF interface. # Run the display arp command, and you can view all the ARP entries. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 46: Example For Configuring Layer 2 Topology Detection
As shown in Figure 1-5, two Ethernet interfaces are added to VLAN 100 in default mode. To view changes of ARP entries, configure Layer 2 topology detection. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 47 [Router] interface ethernet 0/0/0 [Router-Ethernet0/0/0] port link-type access [Router-Ethernet0/0/0] port default vlan 100 [Router-Ethernet0/0/0] quit [Router] interface ethernet 0/0/1 [Router-Ethernet0/0/1] port link-type access [Router-Ethernet0/0/1] port default vlan 100 [Router-Ethernet0/0/1] quit Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 48 After ARP entries are updated, the aging time is restored to be the default value, 1200s. ----End Configuration Files Configuration file of the Router sysname Router l2-topolgy detect enable Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 49 Vlanif100 ip address 10.1.1.2 255.255.255.0 interface Ethernet 0/0/0 port link-type access port default vlan 100 interface Ethernet 0/0/1 port link-type access port default vlan 100 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 50: Ip Address Configuration
2.4 Configuring IP Address Unnumbered on an Interface This section describes how to configure IP address unnumbered. 2.5 Configuration Examples This section provides several IP address configuration examples. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 51: Ip Address Overview
For example, an interface of the AR150/200 is connects to a physical network, and hosts on this physical network belong to two network Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 52: Configuring A Primary Ip Address For An Interface
An interface has only one primary IP address. If you configure a new primary address on an interface that already has a primary IP address, the new IP address overrides the original one. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 53: Optional) Configuring A Secondary Ip Address For An Interface
Example # Run the display ip interface command to view information about the IP address on Ethernet1/0/0. <Huawei> display ip interface ethernet 1/0/0 Ethernet1/0/0 current state : UP Line protocol current state : UP The Maximum Transmit Unit : 1500 bytes...
Page 54: Configuring Ip Address Unnumbered On An Interface
Netmask request: Netmask reply: Unknown type: # Run the display ip interface brief command to view brief information about the IP address on Ethernet1/0/0. <Huawei> display ip interface brief ethernet 1/0/0 *down: administratively down (l): loopback (s): spoofing Interface IP Address/Mask...
Page 55: Configuring A Primary Ip Address For The Interface From Which An Ip Address Will Be Borrowed
IP address, the new IP address overrides the original one. ----End 2.4.3 Configuring IP Address Unnumbered on an Interface Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 56: Checking The Configuration
Example # Run the display ip interface command to view information about Eth2/0/0 borrowing an IP address from LoopBack0. <Huawei> display ip interface ethernet 2/0/0 Ethernet2/0/0 is standby, Line protocol current state : DOWN The Maximum Transmit Unit : 1500 bytes...
Page 57: Configuration Examples
The configuration roadmap is as follows: Plan IP addresses for interfaces. Configure the primary and secondary IP addresses for an interface. Data Preparation To complete the configuration, you need the following data: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 58: Example For Configuring Ip Address Unnumbered On An Interface
Configuration file of the Router sysname Router interface 0/0/0 ip address 172.16.1.1 255.255.255.0 ip address 172.16.2.1 255.255.255.0 sub return 2.5.2 Example for Configuring IP Address Unnumbered on an Interface Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 59 This example provides only the configurations of IP address unnumbered. Procedure Step 1 Configure RouterA. # Configure an IP address for Loopback0. <Huawei> system-view [Huawei] sysname RouterA Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 60 Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: ----End Configuration Files Configuration file of RouterA sysname RouterA interface LoopBack0 ip address 6.6.6.6 255.255.225.255 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 61 Configuration file of RouterC sysname RouterC interface LoopBack0 ip address 9.9.9.9 255.255.225.255 interface Tunnel 0/0/1 ip address unnumbered interface LoopBack0 ospf 1 area 0.0.0.0 network 9.9.9.9 0.0.0.0 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 62: Basic Ipv6 Configuration
By setting TCP6 packets, you can improve the performance of the network. 3.8 Maintaining IPv6 This section describes how to maintain IPv6. Detailed operations include deleting information about IPv6 operation and monitoring IPv6 operation. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 63 This section includes the networking requirements, precautions for configuration, and configuration roadmap. An example is used to describe how to configure an IPv6 address and Neighbor Discovery Protocol for an interface. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 64: Introduction To Ipv6
Each "d" stands for eight bits that are represented by decimal numbers. "d.d.d.d" is a standard IPv4 address. An IPv6 address can be divided into two parts: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 65 RM module for delivering FIB entries to the forwarding engine, and to the I/O board in a distributed system. A FIB contains the following information: Destination address: indicates the network or host a packet is destined for. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 66: Configuring An Ipv6 Address For An Interface
Tunnel ID: Indicates the ID of VPN Tunnel. NOTE The IPv6 function is used with a license. To use the IPv6 function, apply for and purchase the following license from the Huawei local office: AR150&200 Value-Added Data Package 3.3 Configuring an IPv6 Address for an Interface Assigning an IPv6 address to a device on a network enables the device to communicate with the other devices on the network.
Page 67: Enabling Ipv6 Packet Forwarding Capability
If you run the ipv6 command only in the system view, only the IPv6 packet forwarding capability is enabled on a device. The IPv6 function, however, is not enabled on the interface and hence you cannot perform any IPv6 configurations. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 68: Configuring An Ipv6 Link-Local Address For An Interface
Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The interface view is displayed. Step 3 Perform the following as required. Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 69: Configuring An Ipv6 Global Unicast Address For An Interface
(The distance between an interface and the source node is calculated based on the routing Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 70: Checking The Configuration
Example Run the display ipv6 interface command. If the IPv6 address of the interface is displayed, it means that the configuration succeeds. For example: <Huawei> display ipv6 interface ethernet 1/0/0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 71: Configuring Ipv6 Neighbor Discovery
The Neighbor Discovery Protocol (NDP) replaces the Address Resolution Protocol (ARP), ICMP Router Discovery messages, and ICMP Redirect messages, and introduces neighbor reachability detection. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 72: Establishing The Configuration Task
Intervals, prefix, and life duration of RA messages Flag bit of automatic configuration Hop limit of ND Sending times of DAD Intervals for re-transmitting NS messages NUD reachable time Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 73: Configuring Static Neighbors
After being enabled with router advertisement, the device can send router advertisement messages, providing prefixes for hosts. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The interface view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 74: Setting The Interval For Advertising Ra Messages
The interface view is displayed. Step 3 Run: ipv6 nd ra prefix { ipv6-address ipv6-prefix-length | ipv6-prefix/ipv6-prefix- length } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ] Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 75: Configuring Other Information To Be Advertised
Step 5 Run: ipv6 nd ra router-lifetime ra-lifetime The life duration of RA messages is configured. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 76: Configuring The Default Router Priority And Route Information
Then, the host selects a router with the highest priority on the local link to send packets. If the router is faulty, the host selects another router in descending order of priority. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 77: Checking The Configuration
Example Run the display ipv6 neighbors command. If the cache of the neighbor information contains neighbors' IPv6 addresses and the specified interfaces, it means that the configuration succeeds. <Huawei> display ipv6 neighbors ethernet 1/0/0 -------------------------------------------------------- IPv6 Address : 3003::2 Link-layer...
Page 78: Configuring Ipv4/Ipv6 Dual Stacks
Run the display ipv6 interface command. If information about the IPv6 address on the interface is displayed, it means that the configuration succeeds. <Huawei> display ipv6 interface ethernet 1/0/0 Ethernet1/0/0 current state : UP IPv6 protocol current state : UP...
Page 79: Enabling Ipv6 Packet Forwarding
IPv6 data. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ipv6 The IPv6 packet forwarding capability is enabled. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 80: Configuring Ipv4 And Ipv6 Addresses For The Interface
The interface view of the IPv6 network is displayed. Step 6 Perform the following configuration as required. l Run: ipv6 address auto link-local The link-local address is set to be automatically generated. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 81: Checking The Configuration
In addition, network resources are used more efficiently and the network throughput reaches the optimal value. 3.6.1 Establishing the Configuration Task This section describes the applicable environment, pre-configuration tasks, data preparation, and configuration procedure for configuring the PMTU. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 82: Creating Static Pmtu Entries
3.6.3 Configuring PMTU Aging Time By setting the PMTU aging time, you can change the keepalive time of dynamic PMTU entries in the cache. A static PMTU entry never ages. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 83: Checking The Configuration
Static: 1 Run the display ipv6 interface command. If the current MTU of the interface is displayed, it means that the configuration succeeds. <Huawei> display ipv6 interface ethernet 1/0/0 Ethernet1/0/0 current state : UP IPv6 protocol current state : UP...
Page 84: Configuring Tcp6
Size of TCP6 Sliding Window 3.7.2 Configuring TCP6 Timers By setting two TCP6 timers, you can control the TCP connection time. Procedure Step 1 Run: system-view The system view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 85: Configuring The Size Of The Tcp6 Sliding Window
Run the display udp ipv6 statistics command to check related UDP6 statistics. Run the display ipv6 socket [ socktype socket-type | task-id task-id socket-id socket-id ] command to check the information of the specified socket. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 86 0 no multicast port: 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 packets sent for external pre processing: 1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 87: Maintaining Ipv6
IPv6 neighbor entries in the cache after you confirm it. Run the reset ipv6 address-policy command in the user view to clear address selection policy entries. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 88: Configuration Examples
Enable IPv6 forwarding capability on devices. Configure IPv6 global unicast addresses for the interfaces. Data Preparation To complement the configuration, you need the following data: Global unicast addresses of the interfaces Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 89 Ethernet1/0/0 current state : UP IPv6 protocol current state : UP IPv6 is enabled, link-local address is FE80::A19:A6FF:FE9B:6D3B Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es): FF02::1:FF00:2 FF02::2 FF02::1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 90: Example For Configuring Ipv6 Neighbor Discovery
As shown in Figure 3-2, two routers are connected through GE interfaces. Configure IPv6 link- local address for the GE interfaces and enable the routers to send RA messages. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 91 Step 3 Enable the routers to send RA messages. # Enable RouterA to send RA messages. [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] undo ipv6 nd ra halt # Enable RouterB to send RA messages. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 92 : 27 VLAN CEVLAN: - Is Router : TRUE Secure FLAG : UN-SECURE ----------------------------------------------------------------------------- Total: 1 Dynamic: 1 Static: 0 # Display information about IPv6 neighbors of RouterB. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 93 Configuration file of RouterB sysname RouterB ipv6 interface Ethernet1/0/0 ipv6 enable ipv6 address auto link-local undo ipv6 nd ra halt return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 94: Dns Configuration
4.6 Maintaining DNS This section describes how to maintain DNS. 4.7 Configuration Examples This section provides DNS configuration examples. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 95: Dns Overview
The DDNS server dynamically updates the mapping between the domain name and the IP address on the DNS server to ensure that the IP address can be resolved correctly. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 96: Configuring A Dns Client
Domain name and corresponding IP address in a static DNS entry (Optional) IP address of a DNS server (Optional) IP address of the local routing device (Optional) Domain name suffix list Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 97: Configuring Static Dns
Dynamic DNS resolution is enabled. Step 3 (Optional) Run: dns server ip-address The IP address of the DNS server is configured. Step 4 (Optional) Run: dns server source-ip ip-address Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 98: Checking The Configuration
S:Static DNS Server Type IP Address 10.10.1.1 10.10.1.2 # Run the display dns domain command to view the domain name suffix configuration. <Huawei> display dns domain Domain-name Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 99: Configuring Dns Proxy Or Relay
Configuring routes between the local routing device and the DNS client and between the local routing device and the DNS server Data Preparation Data IP address of a DNS server (Optional) IP address in response messages for DNS spoofing Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 100: Configuring A Dns Server
If one of the preceding conditions is met, when the DNS proxy or relay receives an address record query, it spoofs reply messages to any DNS query messages using the configured IP address. Procedure Step 1 Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 101: Optional) Setting The Aging Time Of Dns Entries
DNS query messages from DNS clients. The DNS relay, however, directly forwards DNS query messages to the DNS server, reducing the workload. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 102: Checking The Configuration
The AR150/200 can function as the DDNS client. The AR150/200 notifies the DDNS server about the new IP address when the IP address of the interface that provides web services changes. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 103: Creating A Ddns Policy
A DDNS policy is created and the DDNS policy view is displayed. ----End 4.5.3 Configuring a DDNS Policy This section describes how to configure a DDNS policy. Procedure Step 1 Run: system-view The system view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 104: Binding A Ddns Policy To An Interface
Step 2 Run: interface interface-type interface-number The interface view is displayed. Step 3 Run: ddns apply policy policy-name fqdn domain-name The DDNS policy is bound to the interface. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 105: Checking The Configuration
===== interface Ethernet1/0/0 ====== Statuses: START Refresh: enable # Run the display ddns interface command to view the DDNS policy information on VLANIF 100. <Huawei> display ddns interface Vlanif 100 ===== Policy JackPolicy ======= URL: oray://Jack:Jack2010@phddnsdev.oray.net Statuses: START Refresh: enable 4.6 Maintaining DNS...
Page 106: Deleting Dns Entries Of The Dns Proxy Or Relay
Figure 4-1, RouterA functions as a DNS client and cooperates with the DNS server. RouterA can access the host at 2.1.1.3/16 by domain name huawei.com. The domain name suffixes are configured as com and net. Static DNS entries of RouterB and RouterC are configured on RouterA so that RouterA can manage RouterB and RouterC.
Page 107 <Huawei> system-view [Huawei] sysname RouterA [RouterA] interface Ethernet 1/0/0 [RouterA-Ethernet1/0/0] ip address 1.1.1.2 255.255.0.0 [RouterA-Ethernet1/0/0] quit # Configure OSPF. [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 108 For details about OSPF configurations on RouterB and RouterC, see the configuration files. Step 2 Verify the configuration. # Run the ping huawei.com command on RouterA. You can see that the ping operation succeeds and the destination IP address is 2.1.1.3. <RouterA> ping huawei.com Trying DNS server (3.1.1.2)
Page 109 Configuration file of RouterC sysname RouterC interface LoopBack0 ip address 4.1.1.2 255.255.255.255 interface Ethernet 1/0/0 ip address 3.1.1.1 255.255.0.0 interface Ethernet 2/0/0 ip address 2.1.1.2 255.255.0.0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 110: Example For Configuring Dns Proxy
Aging time of DNS entries. IP address configured by DNS spoofing. Procedure Step 1 Configure an IP address for Eth1/0/0. <Huawei> system-view [Huawei] sysname RouterA [RouterA] interface ethernet 1/0/0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 111 Configuration file of RouterA sysname RouterA interface Ethernet 1/0/0 ip address 1.1.1.1 255.255.0.0 dns resolve dns server 2.1.1.1 dns proxy enable dns forward expire-time 150 dns spoofing 10.1.1.3 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 112: Example For Configuring A Ddns Client
Figure 4-3 Network diagram Loopback0 Loopback0 4.1.1.1/32 4.1.1.2/32 RouterA RouterB RouterC 1.1.1.2/16 Eth1/0/0 Eth1/0/0 3.1.1.1/16 Eth1/0/0 Eth2/0/0 Eth2/0/0 1.1.1.1/16 DDNS Client DNS Server 2.1.1.1/16 2.1.1.2/16 3.1.1.2/16 DDNS Server 2.1.1.3/16 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 113 DDNS server. By doing this, users on the Internet can resolve a new IP address mapping the domain name www.abc.com. # Configure OSPF. [RouterA] ospf [RouterA-ospf-1] area 0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 114 1.1.1.2 255.255.0.0 ddns apply policy mypolicy fqdn www.abc.com ospf 1 area 0.0.0.0 network 1.1.0.0 0.0.255.255 return Configuration file of RouterB sysname RouterB interface LoopBack0 ip address 4.1.1.1 255.255.255.255 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 115 4.1.1.2 255.255.255.255 interface Ethernet1/0/0 ip address 3.1.1.1 255.255.0.0 interface Ethernet2/0/0 ip address 2.1.1.2 255.255.0.0 ospf 1 area 0.0.0.0 network 2.1.0.0 0.0.255.255 network 3.1.0.0 0.0.255.255 network 4.1.1.2 0.0.0.0 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 116: Nat Configuration
To implement communication between the private network and the public network through NAT, use Easy IP for a single user and an address pool for multiple users. 5.4 Configuration Examples This section provides several configuration examples of NAT. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 117: Nat Overview
After the address is translated, the source address/port of the packet is changed to 203.196.3.23:32814, and the destination address/port remains unchanged. The AR150/200 maintains a mapping table between addresses and ports. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 118: Nat Features Supported By The Ar150/200
PAT-enabled device translates the destination IP addresses to private addresses according to the port numbers. Figure 5-2 shows how PAT translates IP addresses and port numbers. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 119: Internal Server
A NAT device filters the traffic from external network to internal network. After a host on the internal network sends an access request to a host on the external network, the host on the external Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 120: Nat Alg
IP addresses 200.0.0.1 to 200.0.0.100 and apply it to the interface connecting to the WAN. Configure the mapping from overlapping addresses to temporary addresses: 10.0.0.0 to 3.0.0.0. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 121: Configuring Nat
NAT, use Easy IP for a single user and an address pool for multiple users. 5.3.1 Establishing the Configuration Task Before configuring NAT, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 122: Configuring An Address Pool
A public address pool is a set of public addresses. When performing NAT on data packets from the private network, the AR150/200 selects an IP address from the address pool as the source address. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 123: Associating An Acl With An Address Pool
Step 2 Run: interface interface-type interface-number The interface view is displayed. Step 3 Run: nat outbound acl-number [ address-group group-index [ no-pat ] | interface loopback interface-number ] Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 124: Configuring An Internal Server
Static NAT maps a private address to a public address. Static NAT does not save public addresses but shields the private network topology. Procedure Step 1 Run: system-view Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 125: Enabling Nat Alg
The NAT device filters the traffic sent to the internal host. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 126: Configuring Nat Mapping
IP address and port to the same external IP address and port while the mapping is still active. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 127: Configuring Dns Mapping
Then the overlapping address is translated to a unique temporary address and packets can be forwarded correctly. In addition, configure outbound NAT to implement twice NAT. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 128: Checking The Configuration
Run the display nat mapping table { all | number } command to view the NAT mapping table information or number of entries in the table. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 129: Configuration Examples
Configure a default route. Enable the FTP NAT ALG function to allow the external FTP packets to traverse the NAT servers. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 130 [Huawei-Ethernet0/0/1] port default vlan 200 [Huawei-Ethernet0/0/1] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] ip address 202.169.10.1 24 [Huawei-Ethernet2/0/0] nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080 [Huawei-Ethernet2/0/0] nat server protocol tcp global 202.169.10.33 ftp inside 10.0.0.3 ftp [Huawei-Ethernet2/0/0] quit Step 2 On the AR150/200, configure a static route with the next hop address 202.169.10.2...
Page 131: Example For Configuring Outbound Nat
On the AR150/200, the public address of Ethernet2/0/0 on the AR150/200 is 202.169.10.1/24 and the interface address of the AR150/200 connected to the carrier device is 202.169.10.2/24. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 132 [Huawei-Vlanif200] quit [Huawei] interface Ethernet 0/0/1 [Huawei-Ethernet0/0/1] port link-type access [Huawei-Ethernet0/0/1] port default vlan 200 [Huawei-Ethernet0/0/1] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] ip address 202.169.10.1 24 [Huawei-Ethernet2/0/0] quit Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 133 Step 3 Configure outbound NAT on the AR150/200. [Huawei] nat address-group 1 202.169.10.100 202.169.10.200 [Huawei] nat address-group 2 202.169.10.80 202.169.10.83 [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] acl 2001 [Huawei-acl-basic-2001] rule 5 permit source 10.0.0.0 0.0.0.255...
Page 134: Example For Configuring Twice Nat
Figure 5-6 Networking diagram for twice NAT configuration www.Server.com Host A Company A 192.168.20.2/24 192.168.20.2/24 PC 1 PC 1 Eth0/0/0 Eth2/0/0 202.169.10.2 Router Eth0/0/1 Company B PC 2 DNS Server 10.0.0.3/24 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 135 Step 3 Configure the mapping between the overlapping address pool and the temporary address pool on the AR150/200. [Huawei] nat overlap-address 0 192.168.20.2 202.169.100.2 pool-length 254 Step 4 Configure a static route on the AR150/200 from the temporary address pool to outbound interface Ethernet2/0/0.
Page 136 100 interface Ethernet0/0/1 port link-type access port default vlan 200 interface Ethernet2/0/0 ip address 202.169.10.1 255.255.255.0 nat outbound 3180 address-group 1 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 137: Dhcp Configuration
VLAN view takes effect. If the rate configured in the VLAN view also does not takes effect, the rate configured in the system view takes effect. 6.8 Maintaining DHCP Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 138 This section describes how to clear DHCP statistics and monitor DHCP status. 6.9 Configuration Examples The DHCP configuration examples provide networking requirements, networking diagram, precautions, configuration roadmaps, and configuration procedures. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 139: Dhcp Overview
DHCP server. In this manner, DHCP clients on multiple network segments can share one DHCP server. This reduces costs and facilitates centralized management. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 140: Configuring A Dhcp Server Based On A Global Address Pool
DHCP clients and the AR150/200 functioning as a DHCP server are on different network segments. DHCP clients can obtain IP addresses and other configuration parameters from a global address pool through a DHCP relay agent. Figure 6-2 shows the networking. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 141 (Optional) IP address of the NetBIOS server and the NetBIOS node type of a DHCP client (Optional) Code of a user-defined DHCP option, and ASCII string, hexadecimal number, or IP address of the option Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 142: Configuring An Interface To Select A Global Address Pool For Ip Address Allocation
This section describes how to configure attributes for a global address pool, including the IP address range and lease, IP addresses that cannot be assigned dynamically, and IP addresses that Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 143 IP addresses that cannot be dynamically assigned. Step 6 Run: gateway-list ip-address &<1-8> The IP address of the gateway for the DHCP client is configured. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 144: Optional) Configuring The Dns Service And Netbios Service Dynamically On The Dhcp Client
Step 1 Run: system-view The system view is displayed. Step 2 Run: ip pool ip-pool-name The IP address pool view is displayed. Step 3 Run: import all Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 145: Optional) Configuring The Static Dns Service On A Dhcp Client
6.3.6 (Optional) Configuring the Static NetBIOS Service on a DHCP Client The NetBIOS server parses host names into IP addresses for the hosts that communicate based on NetBIOS and runs the Windows operating system. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 146: Optional) Configuring User-Defined Dhcp Options Of The Global Address Pool
If the Option attribute has been configured on the DHCP server and a DHCP client applies for an IP address, the client can obtain the configurations in the Option field of the DHCPREPLY packet from the server. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 147: Optional) Configuring The Function That Prevents Identical Ip Addresses
This ensures that the IP address to be assigned is unique. Procedure Step 1 Run: system-view The system view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 148: Checking The Configuration
Dhcp Ack: Dhcp Nak: Bad Messages: Run the display ip pool name ip-pool-name command to view information about the IP address pool named pool1. <Huawei> display ip pool name pool1 Pool-Name : pool1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential...
Page 149: Configuring A Dhcp Server Based On An Interface Address Pool
Figure 6-3 Application scenario of an interface address pool DHCP Server DHCP Client Pre-configuration Tasks Before configuring a DHCP server based on an interface address pool, complete the following tasks: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 150: Configuring Interface Address Pool Attributes
On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface or its sub-interface, or a VLANIF interface can be configured to select an interface address pool for IP address allocation. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 151: Optional) Configuring The Dns Service And Netbios Service Dynamically On The Dhcp Client
IP addresses to the DHCP client. If you do not have the configurations allocated by the carrier, dynamically allocate the DNS and NetBIOS configurations to the DHCP client. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 152: Optional) Configuring The Static Dns Service On A Dhcp Client
IP address to the client. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The interface view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 153: Optional) Configuring The Static Netbios Service On A Dhcp Client
On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface or its sub-interface, or a VLANIF interface can be configured to select an interface address pool for IP address allocation. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 154: Optional) Configuring User-Defined Dhcp Options Of The Interface Address Pool
IP address allocation. Step 3 Run: dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hex- string | ip-address ip-address &<1-8> } Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 155: Optional) Configuring The Function That Prevents Identical Ip Addresses
This section describes how to check the configurations of a DHCP server based on an interface address pool. Context The configurations of a DHCP server based on an interface address pool are complete. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 156: Configuring A Dhcp Relay Agent
Dhcp Ack: Dhcp Nak: Bad Messages: Run the display ip pool interface ip-pool-name command to view information about the interface address pool on VLANIF 10. <Huawei> display ip pool interface VLANIF10 Pool-name : vlanif10 Pool-No Lease : 1 Days 0 Hours 0 Minutes...
Page 157 Name of a DHCP server group IP address of a DHCP server in the DHCP server group Number and IP address of the interface on which the DHCP relay function is enabled Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 158: Configuring An Interface To Function As A Dhcp Relay Agent
DHCP relay function. The AR150/200 supports the following methods by which the IP address of the DHCP server is specified on the interface that functions as a DHCP relay agent: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 159: Specifying A Server Group On The Dhcp Relay Agent
On the AR150/200, a Layer 3 Ethernet interface or its sub-interface, a Layer 3 Eth-trunk interface or its sub-interface, or a VLANIF interface can be configured to function as a DHCP relay agent. Step 3 Run: dhcp relay server-select group-name Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 160: Optional) Configuring The Dhcp Relay Agent To Instruct The Dhcp Server To Reclaim The Client Ip Address
DHCP server group that is bound to the interface and information about the DHCP group servers. Run the display dhcp relay statistics command to check the statistics on the DHCP relay agent. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 161: Configuring A Dhcp/Bootp Client
Run the display dhcp relay interface interface-type interface-number command to view the DHCP server group bound to VLANIF 100 and information about the DHCP group servers. <Huawei> display dhcp relay interface vlanif 100 Vlanif100 DHCP Relay Configuration DHCP server group name : group1 DHCP server IP [0] :10.10.10.10...
Page 162: Optional) Configuring The Dhcp/Bootp Client Attributes
Configure DHCP client attributes. Run: system-view The system view is displayed. Run: dhcp enable The DHCP service is enabled. Run: interface interface-type interface-number The interface view is displayed. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 163: Enabling The Dhcp/Bootp Client
After the DHCP/BOOTP client function is enabled on an interface, the interface can obtain an IP address and other configurations from the DHCP server. Procedure Enable the DHCP client. Run: system-view The system view is displayed. Run: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 164: Checking The Configuration
This section describes how to check the configurations of the DHCP/BOOTP client. Prerequisites The DHCP/BOOTP client configurations are complete. Procedure Run the display current-configuration command to check the configurations of the DHCP/BOOTP client. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 165: Configuring The Dhcp Rate Limit Function
Procedure Configure the highest rate at which DHCP packets are sent to the protocol stack in the system view. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 166 The DHCP function is enabled. Run: vlan vlan-id The VLAN view is displayed. Run: dhcp check dhcp-rate enable The DHCP message checking is enabled. By default, this function is disabled. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 167 # Run the display current-configuration | include dhcp command to check information about the rate limit for DHCP packets in the system view. <Huawei> display current-configuration | include dhcp It will take a long time if the content you search is too much or the string you...
Page 168: Maintaining Dhcp
Run the display dhcp relay statistics command to check the statistics on a DHCP relay agent. Run the display dhcp server group [ group-name ] command to check the configurations of the servers in the DHCP server group. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 169: Configuration Examples
DHCP client server client client Etherent0/0/0 Etherent0/0/1 VLANIF10 VLANIF20 10.1.1.1/25 10.1.1.129/25 Router DHCP server DHCP DHCP DHCP server client client client Network: 10.1.1.0/25 Network: 10.1.1.128/25 Office1 Office2 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 170 IP address lease. [Router] ip pool pool2 [Router-ip-pool-pool2] network 10.1.1.128 mask 255.255.255.128 [Router-ip-pool-pool2] dns-list 10.1.1.2 [Router-ip-pool-pool2] nbns-list 10.1.1.4 [Router-ip-pool-pool2] gateway-list 10.1.1.129 [Router-ip-pool-pool2] lease day 2 [Router-ip-pool-pool2] quit Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 171 : 255.255.255.128 Vpn instance : -- IP address Statistic Total :250 Used Idle :248 Expired Conflict Disable ----End Configuration Files Configuration file of the Router sysname Router Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 172: Example For Configuring A Dhcp Server Based On An Interface Address Pool In The Scenario Where Dhcp Clients And The Server Are On The Same Network Segment
An interface address pool needs to be configured on the Router. In addition, IP addresses need to be dynamically assigned to the hosts in the two offices. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 173 IP address leases for Office 1 and Office 2: 30 days and 20 days respectively IP address of the DNS server: 10.1.1.2 IP address of the NetBIOS server: 10.1.1.3 Procedure Step 1 Enable the DHCP service. <Huawei> system-view [Huawei] sysname Router Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 174 [Router] display ip pool interface vlanif10 Pool-name : vlanif10 Pool-No Lease : 30 Days 0 Hours 0 Minutes Domain-name : huawei.com DNS-Server0 : 10.1.1.2 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 175 Ethernet 0/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface Ethernet 0/0/1 port hybrid pvid vlan 20 port hybrid untagged vlan 20 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 176: Example For Configuring A Dhcp Server And A Dhcp Relay Agent When The Dhcp Server And Clients Are On Different Network Segments
Figure 6-7 Networking diagram for configuring the DHCP relay RouterB Etherent3/0/0 DHCP Server Internet 100.10.10.1/24 Etherent0/0/8 100.10.20.1/24 RouterA DHCP Relay VLANIF100 Etherent2/0/0 20.20.20.1/24 DHCP DHCP DHCP Client Client Client VLAN100 OFFICE A Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 177 [RouterA-Vlanif100] quit Bind the DHCP server group to VLANIF 100. # Configure an IP address for VLANIF 100. [RouterA] interface vlanif 100 [RouterA-Vlanif100] ip address 20.20.20.1 24 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 178 : 10.1.1.1 Mask : 255.255.255.0 Vpn instance : -- IP address Statistic Total :250 Used Idle :248 Expired Conflict Disable ----End Configuration Files Configuration file of RouterA Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 179: Example For Configuring The Dhcp And Bootp Clients
IP-MAC binding entry, a DNS server address, and a gateway address from Router C functioning as a DHCP server. NOTE AR150/200 is RouterA, RouterC, or RouterD. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 180 [RouterA] interface ethernet 1/0/0 [RouterA-Ethernet1/0/0] ip address dhcp-alloc Configure the BOOTP client function on Router B. # Enable the DHCP service. <Huawei> system-view [Huawei] sysname RouterB [RouterB] dhcp enable Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 181 Speed : 100, Loopback: NONE Duplex: FULL, Negotiation: ENABLE AUTO Last 300 seconds input rate 0 bits/sec, 0 packets/ Last 300 seconds output rate 0 bits/sec, 0 packets/ Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 182 Input peak rate 1928 bits/sec,Record time: 2007-11-30 14:57:22 Output peak rate 7384 bits/sec,Record time: 2007-11-30 10:13:15 Input: 833 packets, 72696 bytes Unicast: Multicast: Broadcast: Jumbo: Discard: Total Error: Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 183 10.1.1.0 mask 24 gateway-list 10.1.1.126 static-bind ip-address 10.1.1.3 mac-address a234-e211-a256 dns-list 10.1.1.2 interface Ethernet 1/0/0 ip address 10.1.1.1 24 dhcp select global return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 184: Example For Configuring Dhcp Rate Limit
This allows Router A to limit the rate at which DHCP packets are received within a normal range. Data Preparation Highest rate at which DHCP packets are sent to the protocol stack: 90 pps Alarm threshold: 80 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 185 Configuration file of Router A sysname RouterA dhcp enable dhcp check dhcp-rate enable dhcp check dhcp-rate 90 dhcp check dhcp-rate alarm enable dhcp check dhcp-rate alarm threshold 80 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 186: Ip Performance Configuration
7.6 Maintaining IP Performance You can maintain IP performance by clearing IP performance statistics, and monitoring the IP running status. 7.7 Configuration Examples This section provides IP performance configuration examples. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 187: Ip Performance Overview
Before optimizing IP performance, complete the following tasks: Connecting interfaces and setting physical parameters for the interfaces to ensure that the physical layer status of the interfaces is Up Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 188: Checking Validity Of Source Ip Addresses Of Received Packets
By controlling IP packets with source route options, the AR150/200 can prevent malicious attackers from detecting network topologies by using source route options. This improves network security. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 189: Configuring An Interface To Forward Broadcast Packets
7.3.5 Configuring an Outbound Interface to Fragment IP Packets You can configure an outbound interface to fragment IP packets. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 190: Configuring An Interface To Send Icmp Redirection Packets
7.3.7 Setting the Mode in Which Protocol Packets Are Sent You can set the mode in which protocol packets are sent to control IP unicast protocol packets. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 191: Checking The Configuration
0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 954 not delivered, input socket full: 0 input packets missing pcb cache: 0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 192 Total: 11904 Total(64bit high-capacity counter): 11904 # Run the display ip interface command, and you can view information about the interface. <Huawei> display ip interface ethernet 1/0/0 Ethernet1/0/0 current state : UP Line protocol current state : DOWN The Maximum Transmit Unit : 1500 bytes...
Page 193: Configuring Load Balancing For Ip Packet Forwarding
To configure load balancing for IP packet forwarding, you need the following data. Data Number of the interface where UCMP will be enabled (Optional) Number of the interface where the bandwidth will be configured manually (Optional) Manually configured bandwidth Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 194: Configuring The Unequal-Cost Multiple Path During Ip Packet Forwarding
By default, UCMP is disabled on an interface. Step 5 Run: shutdown The interface is shut down. Step 6 Run: undo shutdown The interface is started. Step 7 Run: quit Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 195: Checking The Configuration
Total number of Routes : 4 Destination/Mask Nexthop Flag TimeStamp Interface TunnelID 127.0.0.1/32 127.0.0.1 t[49] InLoop0 127.0.0.0/8 127.0.0.1 t[49] InLoop0 127.255.255.255/32 127.0.0.1 t[49] InLoop0 255.255.255.255/32 127.0.0.1 t[49] InLoop0 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 196: Configuring Tcp Attributes
SYN-Wait timer ranges from 2 to 600, in seconds. The default value is 75s. FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to FIN_WAIT_2, the FIN-Wait timer is started. If no response packet is received after the Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 197: Setting The Aging Time Of The Pmtu
You can set the size of the TCP sliding window, that is, the packet receive or transmit buffer size of a connection-oriented socket, to improve network performance. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 198: Setting The Mss Of Tcp Packets On An Interface
Run the display tcp statistics command to check the TCP traffic statistics. ----End Example # Run the display tcp status command to view the TCP connection status. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 199: Maintaining Ip Performance
You can maintain IP performance by clearing IP performance statistics, and monitoring the IP running status. 7.6.1 Clearing IP Performance Statistics You can run the following reset commands to clear IP performance statistics. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 200: Monitoring The Ip Running Status
Run the display fib [ slot-id ] destination-address1 destination-mask1 destination- address2 destination-mask2 [ verbose ] command in any view to check FIB entries matching destination addresses in the range of destination-address1 destination-mask1 to destination-address2 destination-mask2. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 201: Configuration Examples
RouterC are required to be connected with each other by using layer 3 interfaces. Figure 7-1 Network diagram of Disabling the Sending of ICMP Redirection Packets RouterA Eth1/0/0 1.1.1.1/24 Internet Eth1/0/0 Eth1/0/0 2.2.2.2/24 1.1.1.2/24 RouterC RouterB Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 202 [RouterB] interface ethernet 1/0/0 [RouterB-Ethernet1/0/0] undo icmp redirect send [RouterB-Ethernet1/0/0] quit Step 4 Verify the configuration. # Enable ICMP packet debugging on RouterB. <RouterB> debugging ip icmp Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 203 1.1.1.2 255.255.255.0 undo icmp redirect send ip route-static 2.2.2.0 255.255.255.0 1.1.1.1 return Configuration file of RouterC sysname RouterC interface Ethernet1/0/0 ip address 2.2.2.2 255.255.255.0 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 204: Ip Unicast Pbr Configuration
By configuring IP unicast PBR, you can ensure that a certain packet is forwarded through a specified outbound interface. 8.4 Configuration Examples This section includes the networking requirements, precautions for configuration, and configuration roadmap. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 205: Pbr Overview
Load balancing: specifies a forwarding path for special packets. l Security inspection: redirects certain packets to the firewall. For details about the redirection configuration, see Configuring Redirection in the Huawei AR150&200 Series Enterprise Routers Configuration Guide - QoS. 8.3 Configuring IP Policy-based Routing By configuring IP unicast PBR, you can ensure that a certain packet is forwarded through a specified outbound interface.
Page 206: Defining The Matching Rule Of Pbr
A policy or a policy node is created. Step 3 Run: if-match packet-length min-length max-length or if-match acl acl-number The match rule of the IP packet length is set. ----End Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 207: Defining Actions Of Pbr
The default next hop cannot be a local IP address. Step 5 Run: apply default output-interface interface-type1 interface-number1 [ interface-type2 interface-number2 ] The default outbound interface of the packet is specified. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 208 Critical Internet Network ----End Follow-up Procedure Note the following when defining actions in PBR: A policy can include multiple apply clauses, which can be used in combination. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 209: Applying Pbr
Run the display policy-based-route [ policy-name ] command to check the created policy. ----End Example Run the display ip policy-based-route command to check the enabled PBR. <Huawei> display ip policy-based-route Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 210: Configuration Examples
Run the display ip policy-based-route setup local command. If configurations of the local PBR are displayed, the configuration is successful. <Huawei> display ip policy-based-route setup local policy-based-route aaa permit node 5 if-match acl 2000 apply output-interface Ethernet1/0/0 Run the display ip policy-based-route statistics local command. If statistics of local PBR is displayed, it means the configuration succeeds.
Page 211 [RouterA] policy-based-route lab1 permit node 20 [RouterA-policy-based-route-lab1-20] if-match packet-length 1401 1500 [RouterA-policy-based-route-lab1-20] apply ip-address next-hop 151.1.1.2 [RouterA-policy-based-route-lab1-20] quit # Enable local PBR. [RouterA] ip local policy-based-route lab1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 212 9 2011 15:41:28.340.1 RouterA PBR/7/POLICY-ROUTING:IP Policy routing succes s : next-hop : 151.1.1.2 Reply from 100.1.2.1: bytes=1401 Sequence=5 ttl=254 time=2 ms --- 100.1.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 213 Configuration file of RouterB sysname RouterB interface Ethernet1/0/0 ip address 150.1.1.2 255.255.255.0 interface Ethernet2/0/0 ip address 151.1.1.2 255.255.255.0 ip route-static 10.1.1.0 255.255.255.0 150.1.1.1 ip route-static 10.1.1.0 255.255.255.0 151.1.1.1 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 214: Udp Helper Configuration
This section describes how to configure UDP helper to relay broadcast packets with a specified UDP port. 9.4 Maintaining UDP Helper This section describes how to maintain UDP helper. 9.5 Configuration Examples This section provides a UDP helper configuration example. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 215: Udp Helper Overview
The UDP helper function cannot relay Dynamic Host Configuration Protocol (DHCP) messages, so the destination port numbers cannot be set to 67 or 68. To relay DHCP messages, enable the DHCP relay function. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 216: Configuring Udp Helper
If the packet destination UDP port number is the same as the specified UDP port number and the destination MAC address is a broadcast MAC address, the Router changes the Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 217: Optional) Configuring A Udp Port For Packets To Be Relayed
} The UDP port of packets to be relayed is configured. ----End 9.3.4 Configuring a Destination Server This section describes how to configure a destination server. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 218: Checking The Configuration
<Huawei> display udp-helper port Udp-Port-Number Description ------------------------------------------------------------- TCP Port Service Multiplexer Time Login Host Protocol Domain Name Server Trivial File Transfer NETBIOS Name Service NETBIOS Datagram Service Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 219: Maintaining Udp Helper
When the Router receives a broadcast NetBIOS-NS Register packet, it changes the destination IP address to the IP address of the NetBIOS-NS name server and forwards the packet to the NetBIOS-NS name server. Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 220 [Huawei] sysname Router [Router] udp-helper enable Step 2 Add Ethernet0/0/0 to VLAN 100. [Router] vlan 100 [Router-Vlan100] quit [Router] interface ethernet 0/0/0 [Router-Ethernet0/0/0] port hybrid pvid vlan 100 Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 221 100 interface Ethernet0/0/0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 interface Vlanif100 ip address 10.110.1.1 255.255.0.0 udp-helper server 10.2.1.1 return Issue 02 (2012-03-30) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

This manual is also suitable for:

Ar200 series Ar3200 series

Huawei AR150 series Configuration Manual

About this Document

1 ARP Configuration

2 IP Address Configuration

3 Basic Ipv6 Configuration

4 DNS Configuration

5 NAT Configuration

6 DHCP Configuration

7 IP Performance Configuration

8 IP Unicast PBR Configuration

9 UDP Helper Configuration

Quick Links

Related Manuals for Huawei AR150 series

Summary of Contents for Huawei AR150 series