Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 961 to Favourites
    image text
    Enable zoom 
    							 272 
   Route Flags: A - Aging, S - Suppressed, G - Garbage-collect 
 ---------------------------------------------------------------- 
 
 Peer FE80::20F:E2FF:FE23:82F5  on Vlan-interface100 
 Dest 1::/64, 
     via FE80::20F:E2FF:FE23:82F5, cost  1, tag 0, A, 2 Sec 
 Dest 2::/64, 
     via FE80::20F:E2FF:FE23:82F5, cost  1, tag 0, A, 2 Sec 
 
 Peer FE80::20F:E2FF:FE00:100  on Vlan-interface200 
 Dest 4::/64, 
     via FE80::20F:E2FF:FE00:100, cost  1, tag 0, A, 5 Sec 
 Dest 5::/64, 
     via FE80::20F:E2FF:FE00:100, cost  1, tag 0, A, 5 Sec 
[SwitchA] display ripng 1 route 
   Route Flags: A - Aging, S - Suppressed, G - Garbage-collect 
 ---------------------------------------------------------------- 
 
 Peer FE80::20F:E2FF:FE00:1235  on Vlan-interface100 
 Dest 1::/64, 
     via FE80::20F:E2FF:FE00:1235, cost  1, tag 0, A, 2 Sec 
 Dest 4::/64, 
     via FE80::20F:E2FF:FE00:1235, cost  2, tag 0, A, 2 Sec 
 Dest 5::/64, 
     via FE80::20F:E2FF:FE00:1235, cost  2, tag 0, A, 2 Sec 
Configuring RIPng route redistribution 
Network requirements 
Two RIPng processes are running on Switch B, which communicates with Switch A through RIPng 100 
and with Switch C through RIPng 200. 
Configure route redistribution on Switch B, letting the two RIPng processes redistribute routes from each 
other. Set the default cost of redistributed routes from RIPng 200 to 3. 
Figure 104 Network diagram 
 
 
Configuration procedure 
1. Configure IPv6 addresses for the in terfaces. (Details not shown.) 
2. Configure RIPng basic functions: 
#  Enable RIPng 100 on Switch A. 
 system-view
    Add page 962 to Favourites
    image text
    Enable zoom 
    							 273 
[SwitchA] ripng 100 
[SwitchA-ripng-100] quit 
[SwitchA] interface vlan-interface 100 
[SwitchA-Vlan-interface100] ripng 100 enable 
[SwitchA-Vlan-interface100] quit 
[SwitchA] interface vlan-interface 200 
[SwitchA-Vlan-interface200] ripng 100 enable 
[SwitchA-Vlan-interface200] quit 
# Enable RIP 100 and RIP 200 on Switch B. 
 system-view 
[SwitchB] ripng 100 
[SwitchB-ripng-100] quit 
[SwitchB] interface vlan-interface 100 
[SwitchB-Vlan-interface100] ripng 100 enable 
[SwitchB-Vlan-interface100] quit 
[SwitchB] ripng 200 
[SwitchB-ripng-200] quit 
[SwitchB] interface vlan-interface 300 
[SwitchB-Vlan-interface300] ripng 200 enable 
[SwitchB-Vlan-interface300] quit 
# Enable RIPng 200 on Switch C. 
 system-view 
[SwitchC] ripng 200 
[SwitchC] interface vlan-interface 300 
[SwitchC-Vlan-interface300] ripng 200 enable 
[SwitchC-Vlan-interface300] quit 
[SwitchC] interface vlan-interface 400 
[SwitchC-Vlan-interface400] ripng 200 enable 
[SwitchC-Vlan-interface400] quit 
# Display the routing table of Switch A. 
[SwitchA] display ipv6 routing-table 
Routing Table : 
         Destinations : 6        Routes : 6 
 
Destination: ::1/128                                     Protocol  : Dir\
ect 
NextHop    : ::1                                         Preference: 0 
Interface  : InLoop0                                     Cost      : 0 
 
Destination: 1::/64                                      Protocol  : Dir\
ect 
NextHop    : 1::1                                        Preference: 0 
Interface  : Vlan100                                     Cost      : 0 
 
Destination: 1::1/128                                    Protocol  : Dir\
ect 
NextHop    : ::1                                         Preference: 0 
Interface  : InLoop0                                     Cost      : 0 
 
Destination: 2::/64                                      Protocol  : Dir\
ect 
NextHop    : 2::1                                        Preference: 0
    Add page 963 to Favourites
    image text
    Enable zoom 
    							 274 
Interface  : Vlan200                                     Cost      : 0 
 
Destination: 2::1/128                                    Protocol  : Dir\
ect 
NextHop    : ::1                                         Preference: 0 
Interface  : InLoop0                                     Cost      : 0 
 
Destination: FE80::/10                                   Protocol  : Dir\
ect 
NextHop    : ::                                          Preference: 0 
Interface  : NULL0                                       Cost      : 0 
3. Configure RIPng route redistribution: 
# Configure route redistribution between the two RIPng processes on Switch B. 
[SwitchB] ripng 100 
[SwitchB-ripng-100] default cost 3 
[SwitchB-ripng-100] import-route ripng 200 
[SwitchB-ripng-100] quit 
[SwitchB] ripng 200 
[SwitchB-ripng-200] import-route ripng 100 
[SwitchB-ripng-200] quit 
# Display the routing table of Switch A. 
[SwitchA] display ipv6 routing-table 
Routing Table : 
         Destinations : 7        Routes : 7 
 
Destination: ::1/128                                     Protocol  : Dir\
ect 
NextHop    : ::1                                         Preference: 0 
Interface  : InLoop0                                     Cost      : 0 
 
Destination: 1::/64                                      Protocol  : Dir\
ect 
NextHop    : 1::1                                        Preference: 0 
Interface  : Vlan100                                     Cost      : 0 
 
Destination: 1::1/128                                    Protocol  : Dir\
ect 
NextHop    : ::1                                         Preference: 0 
Interface  : InLoop0                                     Cost      : 0 
 
Destination: 2::/64                                      Protocol  : Dir\
ect 
NextHop    : 2::1                                        Preference: 0 
Interface  : Vlan200                                     Cost      : 0 
 
Destination: 2::1/128                                    Protocol  : Dir\
ect 
NextHop    : ::1                                         Preference: 0 
Interface  : InLoop0                                     Cost      : 0 
 
Destination: 4::/64                                      Protocol  : RIP\
ng 
NextHop    : FE80::200:BFF:FE01:1C02                     Preference: 100\
 
Interface  : Vlan100                                     Cost      : 4 
 
Destination: FE80::/10                                   Protocol  : Dir\
ect
    Add page 964 to Favourites
    image text
    Enable zoom 
    							 275 
NextHop    : ::                                          Preference: 0 
Interface  : NULL0                                       Cost      : 0d \
Configuring RIPng IPsec policies 
Network requirements 
In the following figure, configure RIPng on the switches, and configure IPsec policies on the switches to 
authenticate and encrypt protocol packets.  
Figure 105 Network diagram 
 
 
Configuration procedure 
1. Configure IPv6 addresses for inte rfaces. (Details not shown.) 
2. Configure RIPng basic functions: 
# Configure Switch A. 
 system-view 
[SwitchA] ripng 1 
[SwitchA-ripng-1] quit 
[SwitchA] interface vlan-interface 100 
[SwitchA-Vlan-interface100] ripng 1 enable 
[SwitchA-Vlan-interface100] quit 
# Configure Switch B. 
 system-view 
[SwitchB] ripng 1 
[SwitchB-ripng-1] quit 
[SwitchB] interface vlan-interface 200 
[SwitchB-Vlan-interface200] ripng 1 enable 
[SwitchB-Vlan-interface200] quit 
[SwitchB] interface vlan-interface 100 
[SwitchB-Vlan-interface100] ripng 1 enable 
[SwitchB-Vlan-interface100] quit 
# Configure Switch C. 
 system-view 
[SwitchC] ripng 1 
[SwitchC-ripng-1] quit 
[SwitchC] interface vlan-interface 200 
[SwitchC-Vlan-interface200] ripng 1 enable 
[SwitchC-Vlan-interface200] quit 
3. Configure RIPng IPsec policies:  
# On Switch A, create an IPsec proposal named  tran1, and set the encapsulation mode to 
transport mode, the security protocol to ESP, the  encryption algorithm to DES, and authentication 
algorithm to SHA1; create an IPsec policy named  policy001, specify the manual mode for it,
    Add page 965 to Favourites
    image text
    Enable zoom 
    							 276 
reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the 
keys for the inbound and outbound SAs using ESP to abcdefg. 
[SwitchA] ipsec proposal tran1 
[SwitchA-ipsec-proposal-tran1] encapsulation-mode transport 
[SwitchA-ipsec-proposal-tran1] transform esp 
[SwitchA-ipsec-proposal-tran1] esp encryption-algorithm des 
[SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1 
[SwitchA-ipsec-proposal-tran1] quit 
[SwitchA] ipsec policy policy001 10 manual 
[SwitchA-ipsec-policy-manual-policy001-10] proposal tran1 
[SwitchA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 
[SwitchA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 
[SwitchA-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\
cdefg 
[SwitchA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\
defg 
[SwitchA-ipsec-policy-manual-policy001-10] quit 
# On Switch B, create an IPsec proposal named  tran1, and set the encapsulation mode to 
transport mode, the security protocol to ESP, the  encryption algorithm to DES, and authentication 
algorithm to SHA1; create an IPsec policy named  policy001, specify the manual mode for it, 
reference IPsec proposal  tran1, set the SPIs of the inbound and outbound SAs to 12345, and the 
keys for the inbound and outbound SAs using ESP to abcdefg. 
[SwitchB] ipsec proposal tran1 
[SwitchB-ipsec-proposal-tran1] encapsulation-mode transport 
[SwitchB-ipsec-proposal-tran1] transform esp 
[SwitchB-ipsec-proposal-tran1] esp encryption-algorithm des 
[SwitchB-ipsec-proposal-tran1] esp authentication-algorithm sha1 
[SwitchB-ipsec-proposal-tran1] quit 
[SwitchB] ipsec policy policy001 10 manual 
[SwitchB-ipsec-policy-manual-policy001-10] proposal tran1 
[SwitchB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 
[SwitchB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 
[SwitchB-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\
cdefg 
[SwitchB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\
defg 
[SwitchB-ipsec-policy-manual-policy001-10] quit 
# On Switch C, create an IPsec proposal named  tran1, and set the encapsulation mode to 
transport mode, the security protocol to ESP, the  encryption algorithm to DES, and authentication 
algorithm to SHA1; create an IPsec policy named  policy001, specify the manual mode for it, 
reference IPsec proposal  tran1, set the SPIs of the inbound and outbound SAs to 12345, and the 
keys for the inbound and outbound SAs using ESP to abcdefg. 
[SwitchC] ipsec proposal tran1 
[SwitchC-ipsec-proposal-tran1] encapsulation-mode transport 
[SwitchC-ipsec-proposal-tran1] transform esp 
[SwitchC-ipsec-proposal-tran1] esp encryption-algorithm des 
[SwitchC-ipsec-proposal-tran1] esp authentication-algorithm sha1 
[SwitchC-ipsec-proposal-tran1] quit 
[SwitchC] ipsec policy policy001 10 manual 
[SwitchC-ipsec-policy-manual-policy001-10] proposal tran1 
[SwitchC-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 
[SwitchC-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345
    Add page 966 to Favourites
    image text
    Enable zoom 
    							 277 
[SwitchC-ipsec-policy-manual-policy001-10] sa string-key outbound esp ab\
cdefg 
[SwitchC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abc\
defg 
[SwitchC-ipsec-policy-manual-policy001-10] quit 
4. Apply the IPsec policies in the RIPng process:  
# Configure Switch A. 
[SwitchA] ripng 1 
[SwitchA-ripng-1] enable ipsec-policy policy001 
[SwitchA-ripng-1] quit 
# Configure Switch B. 
[SwitchB] ripng 1 
[SwitchB-ripng-1] enable ipsec-policy policy001 
[SwitchB-ripng-1] quit 
# Configure Switch C. 
[SwitchC] ripng 1 
[SwitchC-ripng-1] enable ipsec-policy policy001 
[SwitchC-ripng-1] quit 
5. Verify the configuration:  
RIPng traffic between Switches A,  B and C is protected by IPsec.
    Add page 967 to Favourites
    image text
    Enable zoom 
    							 278 
Configuring OSPFv3 
Hardware compatibility 
The HP 5500 SI Switch Series does not support OSPFv3.  
Introduction to OSPFv3 
OSPFv3 overview 
O p e n  S h o r t e s t  Pa t h  Fi r s t  ve r s io n  3  ( OS P F v 3 )  s u p p o r t s  I P v 6  a n d  c o m p l i e s  wi t h  R F C  2740  ( OS P F  fo r  I P v 6 ) .  
The term router in this chapter refers to both routers and Layer 3 switches. 
OSPFv3 and OSPFv2 have the following similarities: 
•  32-bits router ID and area ID 
•   Packets, including Hello, DD (Data Description), LSR (Link State Request), LSU (Link State Update), 
and LSAck (Link State Acknowledgment) 
•   Mechanism for finding neighbors and establishing adjacencies 
•   Mechanism for LSA flooding and aging 
OSPFv3 and OSPFv2 have the following differences: 
•   OSPFv3 runs on a per-link basis, and  OSPFv2 runs on a per-IP-subnet basis. 
•   OSPFv3 supports multiple instances per link, but OSPFv2 does not. 
•   OSPFv3 identifies neighbors by Router ID, and OSPFv2 by IP address. 
OSPFv3 packets 
OSPFv3 has the following packet types: hello, DD, LSR, LSU, and LSAck. These packets have the same 
packet header, which is different from the OSPFv2 packet header. The OSPFv3 packet header is only 16 
bytes in length, has no authentication field, and is added with an Instance ID field to support VPN per 
link. 
Figure 106  OSPFv3 packet header 
 
 
Major fields for OSPFv3 packets are as follows: 
•  Version # —Version of OSPF, which is 3 for OSPFv3. 
•   Ty p e —Type of OSPF packet; types 1 to 5 are hello, DD, LSR, LSU, and LSAck. 
•   Pac ke t l e ngt h —Packet length in bytes, including header.
    Add page 968 to Favourites
    image text
    Enable zoom 
    							 279 
•  Instance ID —Instance ID for a link. 
•   0—Reserved. It must be 0. 
OSPFv3 LSA types  
OSPFv3 sends routing information in LSAs, which, as  defined in RFC 2740, have the following types: 
•   Router-LSA —Originated by all routers. This LSA descri bes the collected states of the routers 
interfaces to an area, and is flood ed throughout a single area only. 
•   Network-LSA —Originated for broadcast and NBMA networks by the Designated Router. This LSA 
contains the list of routers connected to the networ k, and is flooded throughout a single area only. 
•   Inter-Area-Prefix-LSA —Similar to Type 3 LSA of OSPFv2, originated by ABRs (Area Border Routers), 
and flooded throughout the LSAs associated area.  Each Inter-Area-Prefix-LSA describes a route with 
IPv6 address prefix to a destination outside the area , yet still inside the AS (an inter-area route). 
•   Inter-Area-Router-LSA—Similar to Type 4 LSA of OSPFv2, originated by ABRs and flooded 
throughout the LSAs associated area. Each Inter-Area-Router-LSA describes a route to ASBR 
(Autonomous System Boundary Router). 
•   AS-external-LSA —Originated by ASBRs, and flooded throughout the AS (except Stub and NSSA 
areas). Each AS-external-LSA describes a route to  another autonomous system. A default route can 
be described by an AS-external-LSA. 
•   Link-LSA —A router originates a separate Link-LSA for ea ch attached link. Link-LSAs have link-local 
flooding scope. Each Link-LSA describes the IPv6 address prefix of the link and Link-local address of 
the router. 
•   Intra-Area-Prefix-LSA —Each Intra-Area-Prefix-LSA contains IPv6  prefix information on a router, stub 
area, or transit area information, and has area flooding scope. It was introduced because 
Router-LSAs and Network-LSAs do not contain address information. 
RFC 5187 defines the Type 1 1 LSA, Grace-LSA. A Grace-LSA is generated by a GR (Graceful Restart) 
Restarter at reboot and transmitted on the local link. The restarter describes the cause and interval of the 
reboot in the Grace-LSA to tell its neighbors that it performs a GR operation. 
OSPFv3 timers 
Timers in OSPFv3 include the following: 
•   OSPFv3 packet timer 
•   LSA delay timer 
•   SPF timer 
•   GR timer 
OSPFv3 packet timer 
Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor 
relationships, or for DR or BDR election. The hello interval must be identical on neighboring interfaces. 
The smaller the hello interval, the faster the network convergence speed and the bigger the network load. 
If a router does not receive a hello packet from a ne ighbor within a given period—dead interval, it then 
declares the peer down.  
After sending an LSA to its adjacen cy, a router waits for an acknowledgment from the adjacency. If no 
response is received after the retransmission interv al elapses, the router will send the LSA again. The 
retransmission interval must be longer than the round-trip time of the LSA.
    Add page 969 to Favourites
    image text
    Enable zoom 
    							 280 
LSA delay time 
Each LSA has an age in the local LSDB (incremented by one per second), but an LSA does not age on 
transmission. You must add an LSA delay time into the age time before transmission, which is important 
for low-speed networks.  
SPF timer 
Whenever the LSDB changes, an SPF calculation occurs. If recalculations become frequent, a large 
amount of resources will be occupied. You can adjust the SPF calculation interval and delay time to 
protect networks from being overloaded by frequent changes.  
GR timer 
If a failure to establish adjacencies occurs during a  GR, the device will be in the GR process for a long 
time. To avoid this, configure the GR timer for the devi ce to exit the GR process when the timer expires.  
OSPFv3 features supported 
•  Basic features defined in RFC 2740 
•   OSPFv3 stub area 
•   OSPFv3 multi-process 
•   VPN instances 
•   OSPFv3 GR 
•   BFD 
Protocols and standards 
•  RFC 2740,  OSPF for IPv6  
•   RFC 2328,  OSPF Version 2  
•   RFC 5187,  OSPFv3 Graceful Restart  
OSPFv3 configuration task list 
 
Task  Remarks 
Enabling OSPFv3  Required 
Configuring OSPFv3 area 
parameters Configuring an OSPFv3 stub area 
Optional 
Configuring an OSPFv3 virtual link Optional 
Configuring OSPFv3 network 
types Configuring the OSPFv3 network type for an 
interfa

ce  Optional 
Configuring an NBMA or P2MP neighbor 
Optional 
Configuring OSPFv3 routing 
information control Configuring OSPFv3 route summarization 
Optional Configuring OSPFv3 inbound route filtering Optional 
Configuring an OSPFv3 cost for an interface Optional 
Configuring the maximum number of OSPFv3 ECMP 
routes Optional
    Add page 970 to Favourites
    image text
    Enable zoom 
    							 281 
Task  Remarks 
Configuring a priority for OSPFv3 Optional 
Configuring OSPFv3 route redistribution Optional 
Tuning and optimizing OSPFv3 
networks Configuring OSPFv3 timers 
Optional 
Configuring a DR priority for an interface Optional 
Ignoring MTU check for DD packets Optional 
Disabling interfaces from receiving and sending 
OSPFv3 packets Optional 
Enabling the logging of neighbor state changes 
Optional 
Configuring OSPFv3 GR Configuring GR Restarter 
Optional Configuring GR Helper Optional 
Configuring BFD for OSPFv3  Optional 
Applying IPsec policies for OSPFv3 Optional 
 
Enabling OSPFv3 
Configuration prerequisites 
Before you enable OSPFv3, complete the following tasks: 
•  Make neighboring nodes accessible with each other at the network layer. 
•   Enable IPv6 packet forwarding. 
Enabling OSPFv3 
To enable an OSPFv3 process on a router, you must  enable the OSPFv3 process globally, assign the 
OSPFv3 process a router ID, and enable the OSPFv3 process on related interfaces. 
A  r o u t e r  I D  u n i q u e l y  i d e n t i f i e s  a  r o u t e r  w i t h i n  a n  A S .  Yo u  m u s t  s p e c i f y  a  u n i q u e  r o u t e r  I D  f o r  e a c h  O S P F v 3  
router within the AS to ensure normal operation. If a router runs multiple OSPFv3 processes, you must 
specify a unique router ID for each process.  
An OSPFv3 process ID has only local significance. Process 1 on a router can exchange packets with 
process 2 on another router. 
To enable OSPFv3: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Enable an OSPFv3 process 
and enter its view.  ospfv3 
[ process-id  ] [ vpn-instance 
vpn-instance-name  ]  By default, no OSPFv3 process is 
enabled. 
3.
  Specify a router ID. 
router-id router-id  N/A  
4.  Enter interface view.  interface
 interface-type 
interface-number  N/A
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide