HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 636
154
# After the client whose DUID is 00030001CA0006A40000 obtains an IPv6 prefix, display the PD
information on the DHCPv6 server.
[Switch-Vlan-interface2] display ipv6 dhcp server pd-in-use all
Total number = 1
Prefix Type Pool Lease-expirat\
ion
2001:410:201::/48 Static(C) 1 Jul 10 2009\
19:45:01
# After the other client obtains an IPv6 prefix, display the PD information on the DHCPv6 server.
[Switch-Vlan-interface2]...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-635.png "Page 636
154
# After the client whose DUID is 00030001CA0006A40000 obtains an IPv6 prefix, display the PD
information on the DHCPv6 server.
[Switch-Vlan-interface2] display ipv6 dhcp server pd-in-use all
Total number = 1
Prefix Type Pool Lease-expirat\
ion
2001:410:201::/48 Static(C) 1 Jul 10 2009\
19:45:01
# After the other client obtains an IPv6 prefix, display the PD information on the DHCPv6 server.
[Switch-Vlan-interface2]...")
![Page 639
157
Step Command Remarks
3. Enable DHCPv6 relay agent
on the interface and specify a
DHCPv6 server. ipv6 dhcp relay server-address
ipv6-address
[ interface interface-type
interface-number ] By default, DHCPv6 relay
agent is disabled and no
DHCPv6 server is specified on
the interface.
Setting the DSCP value for DHCPv6 packets
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Set the DSCP value for
DHCPv6 packets sent by
the DHCPv6 relay agent. ipv6 dhcp dscp...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-638.png "Page 639
157
Step Command Remarks
3. Enable DHCPv6 relay agent
on the interface and specify a
DHCPv6 server. ipv6 dhcp relay server-address
ipv6-address
[ interface interface-type
interface-number ] By default, DHCPv6 relay
agent is disabled and no
DHCPv6 server is specified on
the interface.
Setting the DSCP value for DHCPv6 packets
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Set the DSCP value for
DHCPv6 packets sent by
the DHCPv6 relay agent. ipv6 dhcp dscp...")
![Page 640
158
Figure 69 Network diagram
Configuration procedure
1. Configure Switch A as a DHCPv6 relay agent:
# Enable the IPv6 packet forwarding function.
system-view
[SwitchA] ipv6
# Configure the IPv6 addresses of VLAN-inter face 2 and VLAN-interface 3 respectively.
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ipv6 address 2::1 64
[SwitchA-Vlan-interface2] quit
[SwitchA] interface vlan-interface 3
[SwitchA-Vlan-interface3] ipv6 address 1::1 64
# Enable DHCPv6 relay agent...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-639.png "Page 640
158
Figure 69 Network diagram
Configuration procedure
1. Configure Switch A as a DHCPv6 relay agent:
# Enable the IPv6 packet forwarding function.
system-view
[SwitchA] ipv6
# Configure the IPv6 addresses of VLAN-inter face 2 and VLAN-interface 3 respectively.
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ipv6 address 2::1 64
[SwitchA-Vlan-interface2] quit
[SwitchA] interface vlan-interface 3
[SwitchA-Vlan-interface3] ipv6 address 1::1 64
# Enable DHCPv6 relay agent...")
![Page 643
161
Step Command Remarks
2. Set the DSCP value for the DHCPv6
packets sent by the DHCPv6 client. ipv6 dhcp client dscp
dscp-value
Optional.
By default, the DSCP value in
DHCPv6 packets is 56.
Displaying and maintaining the DHCPv6 client
Task Command Remarks
Display DHCPv6 client
information.
display ipv6 dhcp client
[ interface interface-type
interface-number ] [ | { begin | exclude | include }
regular-expression ] Available in any view
Display DHCPv6 client
statistics....](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-642.png "Page 643
161
Step Command Remarks
2. Set the DSCP value for the DHCPv6
packets sent by the DHCPv6 client. ipv6 dhcp client dscp
dscp-value
Optional.
By default, the DSCP value in
DHCPv6 packets is 56.
Displaying and maintaining the DHCPv6 client
Task Command Remarks
Display DHCPv6 client
information.
display ipv6 dhcp client
[ interface interface-type
interface-number ] [ | { begin | exclude | include }
regular-expression ] Available in any view
Display DHCPv6 client
statistics....")
![Page 644
162
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ipv6 address 1::1 64
# Set the O flag in the RA messages to 1.
[SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag
# Enable Switch B to send RA messages.
[SwitchB-Vlan-interface2] undo ipv6 nd ra halt
2. Configure Switch A:
# Enable the IPv6 packet forwarding function.
system-view
[SwitchA] ipv6
# Enable stateless IPv6 address autoconfiguration on VLAN-interface 2.
[SwitchA] interface vlan-interface 2...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-643.png "Page 644
162
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ipv6 address 1::1 64
# Set the O flag in the RA messages to 1.
[SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag
# Enable Switch B to send RA messages.
[SwitchB-Vlan-interface2] undo ipv6 nd ra halt
2. Configure Switch A:
# Enable the IPv6 packet forwarding function.
system-view
[SwitchA] ipv6
# Enable stateless IPv6 address autoconfiguration on VLAN-interface 2.
[SwitchA] interface vlan-interface 2...")
159
SOLICIT : 0
REQUEST : 0
CONFIRM : 0
RENEW : 0
REBIND : 0
RELEASE : 0
DECLINE : 0
INFORMATION-REQUEST : 7
RELAY-FORWARD : 0
RELAY-REPLY : 7
Packets sent : 14
ADVERTISE : 0
RECONFIGURE : 0
REPLY : 7
RELAY-FORWARD : 7
RELAY-REPLY : 0
160 Configuring DHCPv6 client Overview Serving as a DHCPv6 client, the device only supports stateless DHCPv6 configuration, that is, the device can only obtain other network configuration parameters, except the IPv6 address and prefix from the DHCPv6 server. With an IPv6 address obtained through stateless address autoconfiguration, the device automatically enables the stateless DHCPv6 function after it receives an RA message with the M flag set to 0 and the O flag set to 1. Configuring the DHCPv6 client Configuration prerequisites To make the DHCPv6 client successfully obtain configuration parameters through stateless DHCPv6 configuration, make sure that the DHCPv6 server is available. Configuration guidelines • For more information about the ipv6 address auto command, see the Layer 3—IP Services Command Reference . • HP does not recommend enabling the DHCPv6 clie nt and DHCPv6 server, or the DHCPv6 client and DHCPv6 relay agent on the same interface at the same time. Configuration procedure To configure the DHCPv6 client: Step Command 1. Enter system view. system-view 2. Enable the IPv6 packet forwarding function. ipv6 3. Enter interface view. interface interface-type interface-number 4. Enable IPv6 stateless address autoconfiguration. ipv6 address auto Setting the DSCP value for DHCPv6 packets Step Command Remarks 1. Enter system view. system-view N/A
161
Step Command Remarks
2. Set the DSCP value for the DHCPv6
packets sent by the DHCPv6 client. ipv6 dhcp client dscp
dscp-value
Optional.
By default, the DSCP value in
DHCPv6 packets is 56.
Displaying and maintaining the DHCPv6 client
Task Command Remarks
Display DHCPv6 client
information.
display ipv6 dhcp client
[ interface interface-type
interface-number ] [ | { begin | exclude | include }
regular-expression ] Available in any view
Display DHCPv6 client
statistics. display ipv6 dhcp client statistics
[ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ] Available in any view
Display the DUID of the local
device. display ipv6 dhcp duid
[ | { begin | exclude |
include } regular-expression ] Available in any view
Clear DHCPv6 client statistics. reset ipv6 dhcp client statistics
[ interface
interface-type interface-number ] Available in user view
Stateless DHCPv6 configuration example
Network requirements
As shown in Figure 70
, through stateless DHCPv6, Switch A obtains the DNS server address, domain
name, and other information from the server.
Switch B acts as the gateway to send RA messages periodically.
Figure 70 Network diagram
Configuration procedure
1. Configure Switch B:
# Enable the IPv6 packet forwarding function.
system-view
[SwitchB] ipv6
# Configure the IPv6 address of VLAN-interface 2.
162
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ipv6 address 1::1 64
# Set the O flag in the RA messages to 1.
[SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag
# Enable Switch B to send RA messages.
[SwitchB-Vlan-interface2] undo ipv6 nd ra halt
2. Configure Switch A:
# Enable the IPv6 packet forwarding function.
system-view
[SwitchA] ipv6
# Enable stateless IPv6 address autoconfiguration on VLAN-interface 2.
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ipv6 address auto
With this command executed, if VLAN-interface 2 has no IPv6 address configured, Switch A will
automatically generate a link-local address, an d send an RS message, requesting the gateway
(Switch B) to reply with an RA message immediately.
Verifying the configuration
After receiving an RA message with the M flag set to 0 and the O flag set to 1, Switch A automatically
enables the stateless DHCPv6 function.
# Use the display ipv6 dhcp client command to view the current client configuration information. If the
client successfully obtains configuration information from the server, the following information will be
displayed.
[SwitchA-Vlan-interface2] display ipv6 dhcp client interface vlan-interf\
ace 2
Vlan-interface2 is in stateless DHCPv6 client mode
State is OPEN
Preferred Server:
Reachable via address : FE80::213:7FFF:FEF6:C818
DUID : 0003000100137ff6c818
DNS servers : 1:2:3::5
1:2:4::7
Domain names : abc.com
Sysname.com
# Use the display ipv6 dhcp client statistics command to view the current client statistics.
[SwitchA-Vlan-interface2] display ipv6 dhcp client statistics
Interface : Vlan-interface2
Packets Received : 1
Reply : 1
Advertise : 0
Reconfigure : 0
Invalid : 0
Packets Sent : 5
Solicit : 0
Request : 0
Confirm : 0
Renew : 0
163
Rebind : 0
Information-request : 5
Release : 0
Decline : 0
164 Configuring DHCPv6 snooping A D H C P v 6 s n o o p i n g d evic e d o e s n o t wo rk i f i t i s between a DHCPv6 relay agent and a DHCPv6 server. The DHCPv6 snooping device works when it is between a DHCPv6 client and a DHCPv6 relay agent or between a DHCPv6 client and a DHCPv6 server. You can configure only Layer 2 Ethernet ports or Layer 2 aggregate interfaces as DHCPv6 snooping trusted ports. For more informatio n about aggregate interfaces, see Layer 2—LAN Switching Configuration Guide . Overview DHCPv6 snooping is security feature with the following functions: • Ensure that DHCPv6 clients obtain IPv6 addresses from authorized DHCPv6 servers. • Record IP-to-MAC mappings of DHCPv6 clients. Ensuring that DHCPv6 clients obtain IPv6 addresses from authorized DHCPv6 servers If DHCPv6 clients obtain invalid IPv6 addresses and network configuration parameters from an unauthorized DHCP server, they will be unable to communicate normally with other network devices. With DHCPv6 snooping, the ports of a device can be configured as trusted or untrusted to make sure that the clients obtain IPv6 addresses only from authorized DHCPv6 servers. • Trusted —A trusted port forwards DHCPv6 messages normally. • Untrusted —An untrusted port discards reply messages from any DHCPv6 server. Figure 71 Trusted and untrusted ports A DHCPv6 snooping device’s port that is connected to an authorized DHCPv6 server, DHCPv6 relay agent, or another DHCPv6 snooping device should be configured as a trusted port. The trusted port forwards reply messages from the authorized DHCPv6 server. Other ports are configured as untrusted so Trusted DHCPv6 server DHCPv6 snooping Untrusted Untrusted Unauthorized DHCPv6 server DHCPv6 client DHCPv6 reply messages
165 that they do not forward reply messages from any DHCPv6 servers. This ensures that the DHCPv6 client can obtain an IPv6 address from the authorized DHCPv6 server only. As shown in Figure 71, c onfigure the port that connects to the DHCPv6 server as a trusted port, and other ports as untrusted. Recording IP-to-MAC mappings of DHCPv6 clients DHCPv6 snooping reads DHCPv6 messages to create and update DHCPv6 snoopi ng entries, including MAC addresses of clients, IPv6 addresses obtained by the clients, ports that connect to DHCPv6 clients, and VLANs to which the ports belong. You can use the display ipv6 dhcp snooping user-binding c o m m a n d t o vi ew t h e I P v 6 a d d re s s o b t a i n e d by e a ch cl ie n t, s o yo u c a n m a n a g e a n d m o n i t o r t h e cl ie n t s IPv6 addresses. Enabling DHCPv6 snooping To allow clients to obtain IPv6 addresses from an authorized DHCPv6 server, enable DHCPv6 snooping globally and configure trusted and untrusted ports properly. To record DHCPv6 snooping entries for a VLAN, enable DHCPv6 snooping for the VLAN. To enable DHCPv6 snooping: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DHCPv6 snooping globally. ipv6 dhcp snooping enable Disabled by default. 3. Enter VLAN view. vlan vlan-id N/A 4. Enable DHCPv6 snooping for the VLAN. ipv6 dhcp snooping vlan enable Optional. Disabled by default. Configuring a DHCPv6 snooping trusted port After enabling DHCPv6 snooping globally, you can specify trusted and untrusted ports for a VLAN as needed. A DHCPv6 snooping trusted port normally forwards received DHCPv6 packets. A DHCPv6 snooping untrusted port discards any DHCPv6 reply message received from a DHCPv6 server. Upon receiving a DHCPv6 request from a client in the VLAN, the DHCPv6 snooping device forwards the packet through trusted ports rather than any untrusted port in the VLAN, reducing network traffic. Yo u m u s t s p e ci f y a p o r t c o n n e c t e d t o a n a u t h o rize d D H C P v 6 s e r ve r a s t r u s t e d t o m a ke s u re t h a t D H C P v 6 clients can obtain valid IPv6 addresses. The trusted port and the ports connected to the DHCPv6 clients must be in the same VLAN. If a Layer 2 Ethernet port is added to an aggregation group, the DHCPv6 snooping configuration of the interface will not take effect until the interface quits from the aggregation group. To configure a DHCPv6 snooping trusted port: Step Command Remarks 1. Enter system view. system-view N/A
166
Step Command Remarks
2. Enter interface view. interface
interface-type
interface-number N/A
3.
Configure the port as trusted.
ipv6 dhcp snooping trust By default, all ports of the device
with DHCPv6 snooping globally
enabled are untrusted.
Configuring the maximum number of DHCPv6
snooping entries an interface can learn
Perform this optional task to prevent an interface
from learning too many DHCPv6 snooping entries and
to save system resources.
To configure the maximum number of DHCPv6 snooping entries an interface can learn:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view. interface
interface-type
interface-number N/A
3.
Configure the maximum number
of DHCPv6 snooping entries
that the interface can learn. ipv6 dhcp snooping
max-learning-num
number Optional.
By default, the number of DHCPv6
snooping entries learned by an
interface is not limited.
Displaying and maintaining DHCPv6 snooping
Task Command Remarks
Display DHCPv6 snooping
trusted ports.
display ipv6 dhcp snooping trust
[ | { begin |
exclude | include } regular-expression ] Available in any view
Display DHCPv6 snooping
entries. display ipv6 dhcp snooping user-binding
{ ipv6-address | dynamic } [ | { begin | exclude |
include } regular-expression ] Available in any view
Clear DHCPv6 snooping
entries. reset ipv6 dhcp snooping user-binding
{ ipv6-address | dynamic } Available in user view
DHCPv6 snooping configuration example
Network requirements
As shown in Figure 72
, Switch is connected to a DHCPv6 server through GigabitEthernet 1/0/1, and is
connected to DHCPv6 clients through GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. These three
interfaces belong to VLAN 2. Configure Switch to forward DHCPv6 reply messages received on
GigabitEthernet 1/0/1 only and record the IP-to-MAC mappings for DHCPv6 clients.
167 Figure 72 Network diagram Configuration procedure # Enable DHCPv6 snooping globally. system-view [Switch] ipv6 dhcp snooping enable # Add GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 2. [Switch] vlan 2 [Switch-vlan2] port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 GigabitE\ thernet 1/0/3 # Enable DHCPv6 snooping for VLAN 2. [Switch-vlan2] ipv6 dhcp snooping vlan enable [Switch] quit # Configure GigabitEthernet 1/0/1 as a DHCPv6 snooping trusted port. [Switch] interface GigabitEthernet 1/0/1 [Switch-GigabitEthernet1/0/1] ipv6 dhcp snooping trust Verifying the configuration Connect GigabitEthernet 1/0/2 to a DHCPv6 client, GigabitEthernet 1/0/1 to a DHCPv6 server, and GigabitEthernet 1/0/3 to an unauthorized DHCPv6 server. The DHCPv6 client obtains an IPv6 address from DHCPv6 server, but cannot obtain any IPv6 address from the unauthorized DHCPv6 server. You can use the display ipv6 dhcp snooping user-binding command to view the DHCPv6 snooping entries on Switch.
168 Configuring IPv6 DNS Overview IPv6 Domain Name System (DNS) is responsible for translating domain names into IPv6 addresses. Like I P v 4 D NS, I P v 6 D NS i ncl u de s s ta t ic d o m ai n n a m e resolution and dynamic domain name resolution. The functions and implementations of the two types of doma in name resolution are the same as those of IPv4 DNS. For more information, see Configuring IPv4 DNS. Configuring the IPv6 DNS client Configuring static domain name resolution Configuring static domain name resolution refers to specifying the mappings between host names and IPv6 addresses. Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv6 addresses. Follow these guidelines when you config ure static domain name resolution: • A host name can be mapped to one IPv6 address on ly. If you map a host name to different IPv6 addresses, the last configuration takes effect. • You can configure up to 50 mappings between domain name and IPv6 address on the switch. To configure static domain name resolution: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure a mapping between a host name and an IPv6 address. ipv6 host hostname ipv6-address Not configured by default Configuring dynamic domain name resolution To send DNS queries to a correct server for resolu tion, dynamic domain name resolution needs to be enabled and a DNS server needs to be configured. In addition, you can configure a DNS suffix that the system automatically adds to the provided domain name for resolution. Follow these guidelines when you configure dynamic domain name resolution: • You can configure up to six DNS servers, including those with IPv4 addresses on the switch. • You can specify up to ten DNS suffixes on the switch. To configure dynamic domain name resolution: