HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 649
167
Figure 72 Network diagram
Configuration procedure
# Enable DHCPv6 snooping globally.
system-view
[Switch] ipv6 dhcp snooping enable
# Add GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 2.
[Switch] vlan 2
[Switch-vlan2] port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 GigabitE\
thernet 1/0/3
# Enable DHCPv6 snooping for VLAN 2.
[Switch-vlan2] ipv6 dhcp snooping vlan enable
[Switch] quit
# Configure GigabitEthernet 1/0/1 as a DHCPv6 snooping trusted...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-648.png "Page 649
167
Figure 72 Network diagram
Configuration procedure
# Enable DHCPv6 snooping globally.
system-view
[Switch] ipv6 dhcp snooping enable
# Add GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 2.
[Switch] vlan 2
[Switch-vlan2] port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 GigabitE\
thernet 1/0/3
# Enable DHCPv6 snooping for VLAN 2.
[Switch-vlan2] ipv6 dhcp snooping vlan enable
[Switch] quit
# Configure GigabitEthernet 1/0/1 as a DHCPv6 snooping trusted...")
![Page 651
169
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable dynamic
domain name
resolution. dns resolve
Disabled by default.
3. Specify a DNS server. dns server
ipv6 ipv6-address
[ interface-type interface-number ]
Not specified by default.
If the IPv6 address of a DNS server is a
link-local address, you must specify the
interface-type and interface-number
arguments.
4. Configure a DNS
suffix. dns domain
domain-name Optional.
Not configured by default. Only...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-650.png "Page 651
169
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable dynamic
domain name
resolution. dns resolve
Disabled by default.
3. Specify a DNS server. dns server
ipv6 ipv6-address
[ interface-type interface-number ]
Not specified by default.
If the IPv6 address of a DNS server is a
link-local address, you must specify the
interface-type and interface-number
arguments.
4. Configure a DNS
suffix. dns domain
domain-name Optional.
Not configured by default. Only...")
![Page 656
174
Figure 78 Adding a mapping between do main name and IPv6 address
2. Configure the DNS client:
# Enable dynamic domain name resolution.
system-view
[Device] dns resolve
# Specify the DNS server 2::2.
[Device] dns server ipv6 2::2
# Configure com as the DNS suffix.
[Device] dns domain com
Verifying the configuration
# Use the ping ipv6 host command on the device to verify that the communication between the device
and the host is normal and that the corresponding destination IP...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-655.png "Page 656
174
Figure 78 Adding a mapping between do main name and IPv6 address
2. Configure the DNS client:
# Enable dynamic domain name resolution.
system-view
[Device] dns resolve
# Specify the DNS server 2::2.
[Device] dns server ipv6 2::2
# Configure com as the DNS suffix.
[Device] dns domain com
Verifying the configuration
# Use the ping ipv6 host command on the device to verify that the communication between the device
and the host is normal and that the corresponding destination IP...")
169
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable dynamic
domain name
resolution. dns resolve
Disabled by default.
3. Specify a DNS server. dns server
ipv6 ipv6-address
[ interface-type interface-number ]
Not specified by default.
If the IPv6 address of a DNS server is a
link-local address, you must specify the
interface-type and interface-number
arguments.
4. Configure a DNS
suffix. dns domain
domain-name Optional.
Not configured by default. Only the
provided domain name is resolved.
Setting the DSCP value for IPv6 DNS packets
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Set the DSCP value for
IPv6 DNS packets. dns ipv6 dscp
dscp-value Optional.
By default, the DSCP value in IPv6
DNS packets is 0.
Displaying and maintaining IPv6 DNS
Task Command
Remarks
Display the static IPv6 domain
name resolution table. display ipv6 host [ |
{ begin | exclude | include }
regular-expression ] Available in any
view
Display IPv6 DNS server
information. display
dns ipv6 server [ dynamic ] [ | { begin |
exclude | include } regular-expression ] Available in any
view
Display DNS suffixes.
display
dns domain [ dynamic ] [ | { begin | exclude
| include } regular-expression ] Available in any
view
Display information about
dynamic IPv6 domain name
cache. display dns host ipv6
[ | { begin | exclude | include }
regular-expression ] Available in any
view
Clear information about
dynamic IPv6 domain name
cache.
reset dns host ipv6
Available in user
view
170
Static domain name resolution configuration
example
Network requirements
As shown in Figure 73, t h e d evic e wa nt s to a c c e ss t h e hos t by us i n g a n e asy - to - re m e mb e r d o m a i n n a m e
rather than an IPv6 address. Configure static domain name resolution on the device so that the device
can use the domain name host.com to access the host whose IPv6 address is 1::2.
Figure 73 Network diagram
Configuration procedure
# Configure a mapping between host name host.com and IPv6 address 1::2.
system-view
[Device] ipv6 host host.com 1::2
# Enable IPv6 packet forwarding.
[Device] ipv6
# Use the ping ipv6 host.com command to verify that the device can use static domain name resolution
to resolve domain name host.com into IPv6 address 1::2.
[Device] ping ipv6 host.com
PING host.com (1::2):
56 data bytes, press CTRL_C to break
Reply from 1::2
bytes=56 Sequence=1 hop limit=128 time = 3 ms
Reply from 1::2
bytes=56 Sequence=2 hop limit=128 time = 1 ms
Reply from 1::2
bytes=56 Sequence=3 hop limit=128 time = 1 ms
Reply from 1::2
bytes=56 Sequence=4 hop limit=128 time = 2 ms
Reply from 1::2
bytes=56 Sequence=5 hop limit=128 time = 2 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/3 ms
171 Dynamic domain name resolution configuration example Network requirements As shown in Figure 74, the device wants to ac c ess the host by us i ng an e asy- to - remember domai n n ame rather than an IPv6 address. The IPv6 address of th e DNS server is 2::2/64 and the server has a com domain, which stores the mapping between domain name host and IPv6 address 1::1/64. Configure dynamic domain name resolution and the do main name suffix com on the device that serves as a DNS client so that the device can use domain name host to access the host with the domain name host.com and the IPv6 address 1::1/64. Figure 74 Network diagram Configuration procedure Before performing the following configuration, make sure that the device and the host are accessible to each other via available routes, and the IPv6 addresses of the interfaces are configured as shown Figure 74 . T his configuration may vary with DNS servers. The following configuration is performed on a PC running Windows Server 2003. Make sure that the DNS server supports the IPv6 DNS function so that the server can process IPv6 DNS packets, and the interfaces of the DNS server can forward IPv6 packets. 1. Configure the DNS server: a. Select Start > Programs > Administrative Tools > DNS . The DNS server configuration page appears, as shown in Figure 75. b. Right-click Forward Lookup Zones , select New Zone, and then follow the instructions to create a new zone named com.
172 Figure 75 Creating a zone c. On the DNS server configuration page, right-click zone com and select Other New Records . Figure 76 Creating a record d. On the page that appears, select IPv6 Host (AAAA) as the resource record type, and click Create Record .
173 Figure 77 Selecting the resource record type e. On the page that appears, enter host name host and IPv6 address 1::1. f. Click OK. The mapping between the IP address and host name is created.
174
Figure 78 Adding a mapping between do main name and IPv6 address
2. Configure the DNS client:
# Enable dynamic domain name resolution.
system-view
[Device] dns resolve
# Specify the DNS server 2::2.
[Device] dns server ipv6 2::2
# Configure com as the DNS suffix.
[Device] dns domain com
Verifying the configuration
# Use the ping ipv6 host command on the device to verify that the communication between the device
and the host is normal and that the corresponding destination IP address is 1::1.
[Device] ping ipv6 host
Trying DNS resolve, press CTRL_C to break
Trying DNS server (2::2)
PING host.com (1::1):
56 data bytes, press CTRL_C to break
Reply from 1::1
bytes=56 Sequence=1 hop limit=126 time = 2 ms
Reply from 1::1
175
bytes=56 Sequence=2 hop limit=126 time = 1 ms
Reply from 1::1
bytes=56 Sequence=3 hop limit=126 time = 1 ms
Reply from 1::1
bytes=56 Sequence=4 hop limit=126 time = 1 ms
Reply from 1::1
bytes=56 Sequence=5 hop limit=126 time = 1 ms
--- host.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
176 Configuring tunneling(only available on the HP 5500 EI) Overview Tunneling is an encapsulation technology: one network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated and de-encapsulated at both ends of a tunnel. Tunneling refers to the whole process from data encapsulation to data transfer to data de-encapsulation. Tunneling provides the following features: • Transition techniques, such as IPv6 over IPv4 tu nneling, to interconnect IPv4 and IPv6 networks. • Virtual Private Networks (VPNs) for guaranteeing communication security, such as IPv4 over IPv4 tunneling, IPv4/IPv6 over IPv6 tunneling, Generi c Routing Encapsulation (GRE), Dynamic Virtual Private Network (DVPN), and IPsec tunneling. • Traffic engineering, such as Multiprotocol Label Switching traffic engineering (MPLS TE) to prevent network congestion. Unless otherwise specified, the term tunnel used throughout this chapter refers to an IPv6 over IPv4, IPv4 over IPv4, IPv4 over IPv6, or IPv6 over IPv6 tunnel. IPv6 over IPv4 tunneling Implementation IPv6 over IPv4 tunneling adds an IPv4 header to IPv6 data packets so that IPv6 packets can pass an IPv4 network through a tunnel to realize internetworking between isolated IPv6 networks, as shown in Figure 79 . T he IPv6 over IPv4 tunnel can be established between two hosts, a host and a device, or two devices. The tunnel destination node can forward IPv6 packets if it is not the destination of the IPv6 packets. The devices at both ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack. Figure 79 IPv6 over IPv4 tunnel The IPv6 over IPv4 tunnel processes packets in the following ways. 1. A host in the IPv6 network sends an IPv6 packet to Device A at the tunnel source.
177 2. After determining from the routing table that the packet needs to be forwarded through the tunnel, Device A encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel. 3. Upon receiving the packet, Device B de-encapsulates the packet. 4. Device B forwards the packet according to the destination address in the de-encapsulated IPv6 packet. If the destination address is the device it self, Device B forwards the IPv6 packet to the upper-layer protocol for processing. Tunnel types Depending on how the IPv4 address of the tunnel dest ination is acquired, IPv6 over IPv4 tunnels are divided into the following types: • Manually configured tunnel —The destination address of the tunnel cannot be automatically acquired through the destination IPv6 address of an IPv6 packet at the tunnel source, and must be manually configured. • Automatic tunnel—The destination address of the tunnel is an IPv6 address with an IPv4 address embedded, and the IPv4 address can be automatically acquired through the destination IPv6 address of an IPv6 packet at the tunnel source. Table 10 IPv6 over IPv4 tunnel modes and key parameters Tunnel type Tunnel mode Tunnel source/destination address Tunnel interface address t ype Manually configured tunnel IPv6 manual tunneling The source/destination IP address is a manually configured IPv4 address. IPv6 address Automatic tunnel 6to4 tunneling The source IP address is a manually configured IPv4 address. The destination IP address does not need to be configured. 6to4 address, in the format of 2002:IPv4-source-addr ess::/48 Intra-site automatic tunnel addressing protocol (ISATAP) tunneling The source IP address is a manually configured IPv4 address. The destination IP address does not need to be configured. ISATAP address, in the format of Prefix:0:5EFE:IPv4-sour ce-address/64 According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the following modes: • IPv6 manual tunneling A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manual tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks. • 6to4 tunneling An automatic 6to4 tunnel is a point-to-multipoint tunnel mainly constructed between edge routers, and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 addre ss in an IPv6 address is used to automatically acquire the destination IPv4 address of the tunnel. The automatic 6to4 tunnel adopts 6to4 addresse s. The address format is 2002:abcd:efgh:subnet number::interface ID/64, where 2002 represents the fixed IPv6 address prefix, and abcd:efgh represents the 32-bit globally un ique source IPv4 address of the 6to4 tunnel, in hexadecimal
178 notation. For example, 1.1.1.1 can be represented by 0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4 network. The tunnel destination is automatically determined by the embedded IPv4 address, which make s it easy to create a 6to4 tunnel. The tunnel can forward IPv6 packets because the 16 -bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and the firs t 48 bits in the address prefix are fixed to a permanent value and the IPv4 address of the tunnel source or destination. Figure 80 6to4 tunnel • ISATAP tunneling An ISATAP tunnel is a point-to-multipoint auto matic tunnel. The destination of a tunnel can automatically be acquired from the embedded IP v4 address in the destination address of an IPv6 packet. When an ISATAP tunnel is used, the destinatio n address of an IPv6 packet and the IPv6 address of a tunnel interface both adopt special ISATAP addresses. The ISATAP address format is prefix(64bit):0:5EFE:abcd:efgh. The 64-bit prefix is the prefix of a valid IPv6 unicast address, but abcd:efgh is a 32-bit source IPv4 address in hex adecimal, which might not be globally unique. Through the embedded IPv4 address, an ISATAP tu nnel can be automatically created to transfer IPv6 packets. The ISATAP tunnel is mainly used for communicat ion between IPv6 routers or between a host and an IPv6 router over an IPv4 network. Figure 81 Principle of ISATAP tunneling Protocols and standards • RFC 1853, IP in IP Tunneling • RFC 2473, Generic Packet Tunneling in IPv6 Specification • RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers • RFC 3056, Connection of IPv6 Domains via IPv4 Clouds • RFC 4214, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Tunneling configuration task list IPv4 network6to4 network Site 16to4 networkSite 2 6to4 tunnelDevice A Device B 6to4 router 6to4 router