manualshive.com logo in svg

Huawei AR150 series, Configuration Manual

Share
Download
Huawei AR150 series Configuration Manual Download Page 207

Follow-up Procedure

Note the following when configuring PBR:

l

You can use the policy to import the routes or to forward the IP packets.

l

You can specify the routing policy by using the 

if-match

 and 

apply

 clauses.

l

A single policy can include multiple 

if-match

 clauses, such as 

if-match acl

 and 

if-match

packet-length

, which can be used in combination.

If 

if-match acl

 

acl-number

 is used repeatedly to set ACL rules, the new configuration

supersedes the old configuration.

If 

if-match packet-length

 

min-length

 

max-length

 is used repeatedly to set ACL rules,

the new configuration supersedes the old configuration.

l

permit

 means allowing the packets matching the rule to pass during the policy-based

routing; 

deny

 means denying the packets that match the rule to pass during the policy-based

routing.

l

A routing policy contains several policy nodes. Each policy node is specified by a 

node-

id

. The smaller the 

node-id

 is, the higher the preference of the policy node is. The policy

of a higher preference is first executed.

8.3.3 Defining Actions of PBR

This part describes how to define actions of PBR, including setting the outbound interface and
nexthop for a packet.

Procedure

Step 1

Run:

system-view

The system view is displayed.

Step 2

Run:

policy-based-route

 

policy-name

 { 

deny

 | 

permit

 } 

node

 

node-id

A policy or a policy node is created.

Step 3

Run:

apply ip-precedence

 

precedence

The precedence of the IP packet is set.

Step 4

Run:

apply ip-address default next-hop

 

ip-address1

 [ 

ip-address2

 ]

The default next hop of the packet is specified.

NOTE

The default next hop cannot be a local IP address.

Step 5

Run:

apply default output-interface

 

interface-type1 interface-number1

 [ 

interface-type2 

interface-number2

 ]

The default outbound interface of the packet is specified.

Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service

8 IP Unicast PBR Configuration

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

195

Summary of Contents for AR150 series

Page 1: ...Huawei AR150 200 Series Enterprise Routers V200R002C00 Configuration Guide IP Service Issue 02 Date 2012 03 30 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ...be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensu...

Page 3: ...R Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury WARNING Indicates a hazard with a medium or low level of risk which if not avoided could result in minor or moderate injury CAUTION Indicates a potentially hazardous situation which if not avoided could result in equipment damage data loss performance degradation or unexpected results TIP Ind...

Page 4: ...l items or no item can be selected 1 n The parameter before the sign can be repeated 1 to n times A line starting with the sign is comments Interface Numbering Conventions Interface numbers used in this manual are examples In device configuration use the existing interface numbers on devices Change History Updates between document issues are cumulative Therefore the latest document issue contains ...

Page 5: ...1 12 30 Initial commercial release Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service About This Document Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iv ...

Page 6: ...iguration Task 10 1 5 2 Configuring an IP Addresses for an Interface 11 1 5 3 Configuring Routed Proxy ARP 12 1 5 4 Checking the Configuration 12 1 6 Configuring Intra VLAN Proxy ARP 13 1 6 1 Establishing the Configuration Task 13 1 6 2 Configuring an IP Address for an Interface 14 1 6 3 Optional Configuring the VLAN ID of a Sub interface 14 1 6 4 Enabling Intra VLAN Proxy ARP 15 1 6 5 Checking th...

Page 7: ... 41 2 3 4 Checking the Configuration 41 2 4 Configuring IP Address Unnumbered on an Interface 42 2 4 1 Establishing the Configuration Task 42 2 4 2 Configuring a Primary IP Address for the Interface from Which an IP Address Will Be Borrowed 43 2 4 3 Configuring IP Address Unnumbered on an Interface 43 2 4 4 Checking the Configuration 44 2 5 Configuration Examples 45 2 5 1 Example for Configuring P...

Page 8: ...7 Configuring TCP6 72 3 7 1 Establishing the Configuration Task 72 3 7 2 Configuring TCP6 Timers 72 3 7 3 Configuring the Size of the TCP6 Sliding Window 73 3 7 4 Checking the Configuration 73 3 8 Maintaining IPv6 75 3 8 1 Resetting IPv6 75 3 9 Configuration Examples 76 3 9 1 Example for Configuring an IPv6 Address for an Interface 76 3 9 2 Example for Configuring IPv6 Neighbor Discovery 78 4 DNS ...

Page 9: ...th an Address Pool 111 5 3 4 Configuring Easy IP 111 5 3 5 Configuring an Internal Server 112 5 3 6 Configuring Static NAT 112 5 3 7 Enabling NAT ALG 113 5 3 8 Configuring NAT Filtering 113 5 3 9 Configuring NAT Mapping 114 5 3 10 Configuring DNS Mapping 115 5 3 11 Configuring Twice NAT 115 5 3 12 Checking the Configuration 116 5 4 Configuration Examples 117 5 4 1 Example for Configuring the NAT S...

Page 10: ...on the DHCP Relay Agent 147 6 5 4 Binding a DHCP Server Group to a DHCP Relay Interface 147 6 5 5 Optional Configuring the DHCP Relay Agent to Instruct the DHCP Server to Reclaim the Client IP address 148 6 5 6 Checking the Configuration 148 6 6 Configuring a DHCP BOOTP Client 149 6 6 1 Establishing the Configuration Task 149 6 6 2 Optional Configuring the DHCP BOOTP Client Attributes 150 6 6 3 En...

Page 11: ... 7 5 3 Setting the Aging Time of the PMTU 185 7 5 4 Setting the Size of the TCP Sliding Window 185 7 5 5 Setting the MSS of TCP Packets on an Interface 186 7 5 6 Checking the Configuration 186 7 6 Maintaining IP Performance 187 7 6 1 Clearing IP Performance Statistics 187 7 6 2 Monitoring the IP Running Status 188 7 7 Configuration Examples 189 7 7 1 Example for Disabling the Sending of ICMP Redir...

Page 12: ...Server 205 9 3 5 Checking the Configuration 206 9 4 Maintaining UDP Helper 207 9 4 1 Clearing the UDP Helper Statistics 207 9 5 Configuration Examples 207 9 5 1 Example for Configuring UDP Helper 207 Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service Contents Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd xi ...

Page 13: ...s and the aging time of dynamic ARP entries to optimize forwarding performance of the AR150 200 1 5 Configuring Routed Proxy ARP Routed proxy ARP implements communication between devices on the same network segment but on different physical networks 1 6 Configuring Intra VLAN Proxy ARP Intra VLAN proxy ARP enables hosts that are isolated at Layer 2 in a VLAN to communicate with each other 1 7 Conf...

Page 14: ...ibes how to maintain ARP 1 11 Configuration Examples Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 1 ARP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 2 ...

Page 15: ...eway address that is the device does not know how to reach the intermediate system of the network the device cannot forward data packets Routed proxy ARP solves this problem A device sends an ARP Request packet to request the MAC address of the destination host After receiving the packet theAR150 200 enabled with proxy ARP replies with its own MAC address The AR150 200 then functions as the gatewa...

Page 16: ...ent Protocol ICMP packets 1 3 Configuring Static ARP Static ARP entries record fixed mappings between IP addresses and MAC addresses They are configured manually by network administrators 1 3 1 Establishing the Configuration Task Before configuring static ARP familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration...

Page 17: ... to 3 Outbound interface of ARP packets 1 3 2 Configuring a Static ARP Entry Static ARP entries are valid as long as the AR150 200 works properly Context NOTE To configure static ARP entries for double tagged packets run the arp static cevid command Procedure Step 1 Run system view The system view is displayed Step 2 Run arp static ip address mac address A static ARP entry is configured End 1 3 3 ...

Page 18: ...tem view The system view is displayed Step 2 Run arp static ip address mac address vpn instance vpn instance name A static ARP entry is configured for a VPN instance End 1 3 5 Checking the Configuration Procedure l Run the display arp all command to check all ARP entries including static ARP entries and dynamic ARP entries l Run the display arp network net number net mask dynamic static command to...

Page 19: ...o optimize forwarding performance of the AR150 200 1 4 1 Establishing the Configuration Task Before optimizing Dynamic ARP familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment Dynamic ARP entries are maintained dyna...

Page 20: ...he interface view is displayed On the AR150 200 you can adjust the parameters of parameters of dynamic ARP entries on Ethernet interfaces Eth Trunk interfaces VLANIF interfaces and VE interfaces Step 3 Run arp expire time expire time The aging time of dynamic ARP entries is set By default the aging time is 1200s Step 4 Run arp detect times detect times The number of ARP probes is set By default th...

Page 21: ...stem but is enabled on VLANIF interfaces After ARP suppression is enabled it takes effect for only Eth Trunk interfaces and VLANIF interfaces End 1 4 4 Enabling Layer 2 Topology Detection Layer 2 topology detection enables the system to update all the ARP entries in the VLAN that a Layer 2 interface belongs to when the Layer 2 interface status changes from Down to Up Procedure Step 1 Run system vi...

Page 22: ...tal 2 Dynamic 1 Static 0 Interface 1 Display all the dynamic ARP entries Huawei display arp dynamic IP ADDRESS MAC ADDRESS EXPIRE M TYPE INTERFACE VPN INSTANCE VLAN CEVLAN PVC 10 137 217 210 00e0 fc01 0203 I Eth1 0 0 10 137 216 1 0025 9e38 a09e 20 D 0 Eth1 0 0 10 137 217 208 00e0 fc01 0205 16 D 0 Eth1 0 0 10 2 2 1 00e0 fc99 9999 I Eth Trunk0 10 6 3 34 00e0 fc01 0204 I Eth2 0 0 1 192 168 20 1 00e0 ...

Page 23: ...an IP Addresses for an Interface The IP address of the interface enabled with routed proxy ARP must be on the same network segment as the IP address of the connected host on a LAN Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number subinterface number The interface view is displayed Routed proxy ARP can be enabled on Ethernet interface...

Page 24: ...type interface number vid vlan id cevid cevlan id command to check ARP entries on the specified interface l Run the display arp vpn instance vpn instance name dynamic static command to check ARP entries in the specified VPN instance l Run the display arp dynamic command to check dynamic ARP entries l Run the display arp statistics all interface interface type interface number command to check stat...

Page 25: ...lete the configuration task quickly and accurately Applicable Environment If two users are connected to Layer 2 isolated interfaces in the same VLAN you can enable intra VLAN proxy ARP to implement Layer 3 communication between the two users Pre configuration Tasks Before configuring intra VLAN proxy ARP complete the following tasks l Connecting interfaces and setting physical parameters for the i...

Page 26: ...address of the interface must be on the same network segment as the IP addresses in the associated VLAN End 1 6 3 Optional Configuring the VLAN ID of a Sub interface This section describes how to configure the VLAN ID of a sub interface Context NOTE You must complete this task before you enable intra VLAN proxy ARP on Ethernet sub interfaces or Eth Trunk sub interfaces You can skip step when you a...

Page 27: ...led By default intra VLAN proxy ARP is disabled End 1 6 5 Checking the Configuration After configuring intra VLAN proxy ARP you can view the intra VLAN proxy ARP configuration Procedure l Run the display arp interface interface type interface number vid vlan id cevid cevlan id command to check ARP entries on the specified interface l Run the display arp vpn instance vpn instance name dynamic stati...

Page 28: ...asks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment The VLAN aggregation technology isolates broadcast domain by using multiple VLANs on a physical network so that different VLANs belong to the same subnet This technology introduces the super VLAN and sub VLAN A super VLAN contains one or more sub ...

Page 29: ... same network segment as the IP address of the user in a VLAN that the interface belongs to Procedure Step 1 Run system view The system view is displayed Step 2 Run interface ethernet eth trunk interface number sub interface number The sub interface view is displayed Or run interface vlanif vlan id The VLANIF interface view is displayed Inter VLAN proxy ARP can be enabled on VLANIF interfaces Ethe...

Page 30: ... and encapsulation mode of the sub interface are configured Step 4 Run dot1q termination vid vid The single VLAN ID for dot1q encapsulation on a sub interface is configured End 1 7 4 Enabling Inter VLAN Proxy ARP To implement communication between users in different sub VLANs enable inter VLAN proxy ARP on the sub interface corresponding to the super VLAN Procedure Step 1 Run system view The syste...

Page 31: ... ARP entries on Eth1 0 0 Huawei display arp interface ethernet 1 0 0 IP ADDRESS MAC ADDRESS EXPIRE M TYPE INTERFACE VPN INSTANCE VLAN CEVLAN PVC 192 168 1 11 0000 0a41 0201 I Eth1 0 0 r1 192 168 1 1 0000 0a41 0200 15 D 6 Eth1 0 0 r1 Total 2 Dynamic 1 Static 0 Interface 1 Run the display arp vpn instance command and you can view all the ARP entries in the VPN instance r1 Huawei display arp vpn inst...

Page 32: ... a LAN is in use by sending ARP Request packets Context ARP Ping IP checks whether an IP address on a LAN is in use by sending ARP packets You can also use the ping command to check whether an IP address is in use but the result of this method may be inaccurate The ping command uses Layer 3 packets as ICMP Echo Request packets If the destination host or the routing device enabled with the firewall...

Page 33: ...in the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment If you know the specific MAC address but not the corresponding IP address on a network segment you can obtain the corresponding IP address by using ARP Ping MAC to broadcast ICMP packets In this way you can obtain the IP address mapping the MAC address on the ...

Page 34: ...rror Request timed out Error Request timed out ARP Ping MAC statistics 3 packet s transmitted 0 packet s received MAC 00 13 46 E7 2E F5 not be used l If the following information is displayed the MAC address is used Huawei arp ping mac 00e0 fc03 0201 interface Vlanif 5 OutInterface Vlanif5 MAC 00 E0 FC 03 02 01 press CTRL_C to break ARP Ping MAC statistics 1 packet s transmitted 1 packet s receive...

Page 35: ...arp interface interface type interface number vid vlan id cevid cevlan id command to check ARP entries on the specified interface l Run the display arp network net number net mask dynamic static command to check ARP entries on the specified network segment l Run the display arp static command to check static ARP entries l Run the display arp dynamic command to check dynamic ARP entries l Run the d...

Page 36: ...rtments of a company and each department joins different VLANs Hosts in the headquarters office and the file backup server are allocated manually configured IP addresses and hosts in departments dynamically obtain IP addresses by using DHCP Hosts in the marketing department can access the Internet and are often attacked by ARP packets Attackers attack the Router and modify dynamic ARP entries on t...

Page 37: ...eing modified in ARP attack packets Data Preparation To complete the configuration you need the following data l Interface connecting the Router and hosts in the headquarters office Ethernet0 0 0 l ID of the VLAN that Ethernet0 0 0 joins VLAN 10 l IP address of VLANIF10 10 164 1 20 24 l Network segment where the IP addresses of hosts in the headquarters office are located 10 164 1 0 24 PC A with I...

Page 38: ...hat of PC A Step 2 Configure a static ARP entry for the file backup server on the Router Configure an IP address for Ethernet2 0 0 Router interface ethernet 2 0 0 Router Ethernet2 0 0 ip address 10 164 10 10 255 255 255 0 Router Ethernet2 0 0 quit Configure a static ARP entry for the file backup server The IP address 10 164 10 1 24 maps the MAC address 0df0 fc01 003a Router arp static 10 164 10 1 ...

Page 39: ...y are located in different cities multiple routing devices are deployed between branches and routes are reachable IP addresses of the routing devices are on the same network segment 172 16 0 0 16 Branch A and branch B belong to different broadcast domains therefore they cannot communicate on a LAN Hosts of branches are not configured with default gateway addresses therefore they cannot communicate...

Page 40: ...ernet0 0 0 to VLAN 10 RouterA interface ethernet 0 0 0 RouterA Ethernet0 0 0 port link type access RouterA Ethernet0 0 0 port default vlan 10 RouterA Ethernet0 0 0 quit Configure an IP address for VLANIF 10 RouterA interface vlanif 10 RouterA Vlanif10 ip address 172 16 1 1 255 255 255 0 Enable routed proxy ARP on VLANIF 10 RouterA Vlanif10 arp proxy enable RouterA Vlanif10 quit Step 2 Configure Ro...

Page 41: ...amic End Configuration Files Configuration file of RouterA sysname RouterA vlan batch 10 interface Vlanif 10 ip address 172 16 1 1 255 255 255 0 arp proxy enable interface ethernet 0 0 0 port link type access port default vlan 10 return Configuration file of RouterB sysname RouterB vlan batch 20 interface Vlanif 20 ip address 172 16 2 1 255 255 255 0 arp proxy enable interface ethernet 0 0 0 port ...

Page 42: ... follows 1 Configure port isolation on the downstream interface of the Router to forbid Layer 2 communication and remove broadcast storms 2 Enable intra VLAN proxy ARP on the VLANIF interface to prevent broadcast storms and Layer 3 communication between hosts in the accounting department Data Preparation To complete the configuration you need the following data l Interface connecting the Router an...

Page 43: ...er sub vlan proxy enable Router Vlanif10 quit Step 5 Verify the configuration Ping PC A and PC B They can be pinged successfully Router ping 100 1 1 100 PING 100 1 1 100 56 data bytes press CTRL_C to break Reply from 100 1 1 100 bytes 56 Sequence 1 ttl 255 time 10 ms Reply from 100 1 1 100 bytes 56 Sequence 2 ttl 255 time 10 ms Reply from 100 1 1 100 bytes 56 Sequence 3 ttl 255 time 10 ms Reply fr...

Page 44: ...follows 1 Create and configure the super VLAN and sub VLANs 2 Add interfaces to the sub VLANs 3 Create a VLANIF interface corresponding to the super VLAN and assign an IP address to the VLANIF interface 4 Enable inter VLAN proxy ARP Data Preparation To complete the configuration you need the following data l IDs of the super VLAN and sub VLANs l Sub VLAN 2 that Ethernet0 0 0 and Ethernet0 0 1 belo...

Page 45: ... 0 2 quit Router interface ethernet 0 0 3 Router Ethernet0 0 3 port link type access Router Ethernet0 0 3 port default vlan 3 Router Ethernet0 0 3 quit Create super VLAN 4 and add sub VLAN 2 and sub VLAN 3 to super VLAN 4 Router vlan 4 Router vlan4 aggregate vlan Router vlan4 access vlan 2 Router vlan4 access vlan 3 Router vlan4 quit Step 2 Create and configure VLANIF 4 Create VLANIF 4 Router inte...

Page 46: ... 255 255 255 0 arp proxy inter sub vlan proxy enable interface ethernet 0 0 0 port link type access port default vlan 2 interface ethernet 0 0 1 port link type access port default vlan 2 interface ethernet 0 0 2 port link type access port default vlan 3 interface ethernet 0 0 3 port link type access port default vlan 3 return 1 11 5 Example for Configuring Layer 2 Topology Detection Networking Req...

Page 47: ...n the Router to VLAN 100 in default mode Create VLAN 100 and configure an IP addresses for the VLANIF interface Huawei system view Huawei sysname Router Router vlan 100 Router vlan100 quit Router interface vlanif 100 Router vlanif100 ip address 10 1 1 2 24 Router vlanif100 quit Add the two Ethernet interfaces to VLAN 100 in default mode Router interface ethernet 0 0 0 Router Ethernet0 0 0 port lin...

Page 48: ...4900 I Vlanif100 10 1 1 3 00e0 de24 bf04 0 D 0 Ethernet0 0 1 Total 2 Dynamic 1 Static 0 Interface 1 NOTE According to the preceding information the ARP entries learned from Ethernet0 0 1 are deleted after Ethernet0 0 0 is shut down After Ethernet0 0 0 is enabled and becomes Up the aging time of ARP entries learned from Ethernet0 0 1 changes to 0 When the aging time is 0 the Router sends an ARP pro...

Page 49: ...ink type access port default vlan 100 interface Ethernet 0 0 1 port link type access port default vlan 100 return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 1 ARP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 37 ...

Page 50: ...ses for the AR150 200 2 3 Configuring IP Addresses for an Interface This section describes how to configure IP addresses for an interface 2 4 Configuring IP Address Unnumbered on an Interface This section describes how to configure IP address unnumbered 2 5 Configuration Examples This section provides several IP address configuration examples Huawei AR150 200 Series Enterprise Routers Configuratio...

Page 51: ... a subnet the subnet address and the broadcast address of the subnet Both the addresses are called host addresses The AR150 200 supports the 32 bit address mask on a loopback interface 2 3 Configuring IP Addresses for an Interface This section describes how to configure IP addresses for an interface 2 3 1 Establishing the Configuration Task Before configuring IP addresses for an interface familiar...

Page 52: ... Data 1 Number of the interface 2 Primary IP address and subnet mask of the interface 3 Optional Secondary IP address and subnet mask of the interface 2 3 2 Configuring a Primary IP Address for an Interface An interface has only one primary IP address Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed S...

Page 53: ...the interface IP address l Run the display ip interface brief interface type interface number command to check brief information about the interface IP address End Example Run the display ip interface command to view information about the IP address on Ethernet1 0 0 Huawei display ip interface ethernet 1 0 0 Ethernet1 0 0 current state UP Line protocol current state UP The Maximum Transmit Unit 15...

Page 54: ...the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment In some application environments an interface needs to be configured to borrow an IP address from another interface to save IP addresses If an interface is seldom used a fixed IP address is unnecessary You can configure the ...

Page 55: ...Step 2 Run interface interface type interface number The view of the interface from which an IP address will be borrowed is displayed The interface can be an Ethernet interface a loopback interface an Eth Trunk interface or a VLANIF interface Step 3 Run ip address ip address mask mask length A primary IP address is configured for the interface from which an IP address will be borrowed An interface...

Page 56: ...and to check brief information about the interface IP address End Example Run the display ip interface command to view information about Eth2 0 0 borrowing an IP address from LoopBack0 Huawei display ip interface ethernet 2 0 0 Ethernet2 0 0 is standby Line protocol current state DOWN The Maximum Transmit Unit 1500 bytes input packets 0 bytes 0 multicasts 0 output packets 0 bytes 0 multicasts 0 Di...

Page 57: ...nd another two hosts belong to network segment 172 16 2 0 24 The Router is required to access the two network segments Figure 2 1 Network diagram for configuring IP addresses 172 16 1 0 24 172 16 2 0 24 Router Ethernet 0 0 0 172 16 1 1 24 172 16 2 1 24 sub Configuration Roadmap The configuration roadmap is as follows 1 Plan IP addresses for interfaces 2 Configure the primary and secondary IP addre...

Page 58: ...transmitted 5 packet s received 0 00 packet loss round trip min avg max 25 26 27 ms Ping a host on network segment 172 16 2 0 from the Router The ping operation succeeds Router ping 172 16 2 2 PING 172 16 2 2 56 data bytes press CTRL_C to break Reply from 172 16 2 2 bytes 56 Sequence 1 ttl 128 time 25 ms Reply from 172 16 2 2 bytes 56 Sequence 2 ttl 128 time 26 ms Reply from 172 16 2 2 bytes 56 Se...

Page 59: ...l Configure IP addresses for Loopback0 interfaces on RouterA and RouterC l Configure OSPF l On RouterA configure Tunnel0 0 1 to borrow the IP address of Loopback0 l On RouterC configure Tunnel0 0 1 to borrow the IP address of Loopback0 Data Preparation To complete the configuration you need the following data l IP address of Loopback0 on RouterA l IP address of Loopback0 on RouterC NOTE This examp...

Page 60: ...00 bytes input packets 0 bytes 0 multicasts 0 output packets 0 bytes 0 multicasts 0 Directed broadcast packets received packets 0 sent packets 0 forwarded packets 0 dropped packets 0 Internet Address is unnumbered using address of LoopBack0 6 6 6 6 32 Broadcast address 6 6 6 6 TTL being 1 packet number 0 TTL invalid packet number 0 ICMP packet input number 0 Echo reply 0 Unreachable 0 Source quenc...

Page 61: ...interface LoopBack0 ip address 9 9 9 9 255 255 225 255 interface Tunnel 0 0 1 ip address unnumbered interface LoopBack0 ospf 1 area 0 0 0 0 network 9 9 9 9 0 0 0 0 return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 2 IP Address Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 49 ...

Page 62: ...solution Protocol ARP ICMP Router Discovery messages and ICMP Redirect messages and introduces neighbor reachability detection 3 5 Configuring IPv4 IPv6 Dual Stacks To establish an IPv6 over IPv4 tunnel you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network 3 6 Configuring PMTU By setting the PMTU you can select a...

Page 63: ...tion roadmap An example is used to describe how to configure an IPv6 address and Neighbor Discovery Protocol for an interface Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 3 Basic IPv6 Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 51 ...

Page 64: ...ol support IPv6 l POS interfaces Only the POS interfaces configured with PPP or HDLC as the link protocol support IPv6 l Tunnel interfaces l Loopback interfaces l Eth Trunk interfaces Eth Trunk sub interfaces and IP Trunk interfaces l VLANIF interfaces IPv6 Address A 128 bit IPv6 address has the following formats l X X X X X X X X In this format a 128 bit IP address is divided into eight groups Th...

Page 65: ...te router can be reduced During IPv6 packet transmission only this way can be adopted because IPv6 intermediate routers do not support packet fragmentation The Path MTU PMTU Discovery mechanism aims at finding a proper MTU value on the path from the source to the destination IPv6 FIB Connecting network topologies of different types needs the configuration of different routing protocols This brings...

Page 66: ...nt When a device communicates with an IPv6 device you need to configure IPv6 address for the interface The AR150 200 supports configuring IPv6 addresses for the following interfaces l Ethernet interfaces and sub interfaces l Tunnel interfaces l Loopback interfaces l Eth Trunk interfaces Eth Trunk sub interfaces support IPv6 only when they work in Layer 3 mode l VLANIF interfaces l VE interfaces l ...

Page 67: ...resses complete the following tasks l Configuring the physical features of the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Data Preparation To configure IPv6 addresses for an interface you need the following data No Data 1 ...

Page 68: ...configurations in the interface view you must enable the IPv6 capability in the interface view By default the IPv6 capability is disabled on the interface End 3 3 3 Configuring an IPv6 Link Local Address for an Interface The local address of a link is used in the neighbor discovery protocol and in the communications between nodes on the local end of the link in stateless address auto configuration...

Page 69: ...s prefix length ipv6 address prefix length or ipv6 address ipv6 address prefix length ipv6 address prefix length eui 64 The global unicast address is configured on the interface End 3 3 5 Configuring an IPv6 Anycast Address for an Interface An anycast address is used to identify a group of interfaces Context Anycast addresses and unicast addresses are in the same address range An anycast address i...

Page 70: ...ced Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run ipv6 address ipv6 address prefix length ipv6 address prefix length anycast An IPv6 anycast address is assigned to an interface End 3 3 6 Checking the Configuration You can view the configuration of the IPv6 address for an interface Prereq...

Page 71: ...ipv6 statistics command If the statistics on IPv6 packets is displayed it means that the configuration succeeds Huawei display ipv6 statistics IPv6 Protocol Sent packets Total 3630 Local sent out 3630 Forwarded 0 Raw packets 0 Discarded 0 Fragmented 0 Fragments 0 Fragments failed 0 Multicast 0 Received packets Total 3630 Local host 3630 Hop count exceeded 0 Header error 0 Too big 0 Routing failed ...

Page 72: ...IPv6 ND configuration is supported on the following interfaces l Ethernet interface sand sub interfaces l Tunnel interfaces l Eth Trunk interfaces Eth Trunk sub interfaces l VLANIF interfaces Pre configuration Tasks Before configuring IPv6 neighbor discovery complete the following tasks l Configuring the physical features for the interface and ensuring that the status of the physical layer of the ...

Page 73: ...ighbor entry on a sub interface for QinQ VLAN tag termination run the ipv6 neighbor ipv6 address mac address vid vid cevid cevid command NOTE If an interface is configured with dynamic QinQ you cannot configure a static neighbor entry on it Static neighbors can be configured for interfaces and their sub interfaces You can configure up to 300 neighbors on each interface End 3 4 3 Enabling RA Messag...

Page 74: ...The maximum interval can not be shorter than the minimum interval When the maximum interval is less than 9 seconds the minimum interval is set to the same value as the maximum interval End 3 4 5 Configuring the Address Prefixes to Be Advertised Nodes of the local links can perform address auto configuration by using prefixes of these addresses Procedure Step 1 Run system view The system view is di...

Page 75: ...p 1 Run system view The system view is displayed Step 2 Run ipv6 nd hop limit limit ND hop limit is configured The value of limit ranges from 1 to 255 By default it is 64 Step 3 Run interface interface type interface number The interface view is displayed Step 4 Run ipv6 nd ra hop limit limit ND hop limit is configured The value of limit ranges from 0 to 255 By default it is 64 NOTE l If the ipv6 ...

Page 76: ...anner a proper router can be selected to forward packets of a host Context If a host is connected to multiple routers the host must select a router to forward packets based on the destination addresses of packets The router can advertise the default router priority and specified route information to the host so that the host can select a proper forwarding router based on the destination addresses ...

Page 77: ...ipv6 neighbors interface type interface number vid vid cevid cevid command to check the neighbor information in the cache l Run the display ipv6 interface interface type interface number brief command to check the IPv6 information of an interface If the interface is in the Up state the configuration is successful End Example Run the display ipv6 neighbors command If the cache of the neighbor infor...

Page 78: ...ay ipv6 interface brief down administratively down l loopback s spoofing Interface Physical Protocol Ethernet2 0 2 up up IPv6 Address 2030 101 101 Ethernet2 0 3 up up IPv6 Address 2001 1 LoopBack0 up up s IPv6 Address Unassigned 3 5 Configuring IPv4 IPv6 Dual Stacks To establish an IPv6 over IPv4 tunnel you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices w...

Page 79: ... Packet Forwarding To enable IPv6 packet forwarding you need to enable IPv6 in both the interface view and the system view Context To enable a device to forward IPv6 packets you must enable the IPv6 capability in both the system view and the interface view This is because l If you run the ipv6 command only in the system view only the IPv6 packet forwarding capability is enabled on a device The int...

Page 80: ...6 Addresses for the Interface You need to configure IPv4 and IPv6 addresses separately on the IPv4 and IPv6 networks Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view of the IPv4 network is displayed Step 3 Run ip address ip address mask mask length An IPv4 address is assigned to the interface Step 4 Run quit Retur...

Page 81: ... Huawei Ethernet1 0 0 display this V200R002C00 interface GigabitEthernet0 0 1 ipv6 enable ip address 20 1 1 1 255 255 255 0 ipv6 address 1002 1 64 ospfv3 1 area 0 0 0 0 return 3 6 Configuring PMTU By setting the PMTU you can select a proper MTU for packet transmission In this manner packets do not have to be fragmented during transmission and loads on intermediate devices are reduced In addition n...

Page 82: ...You can configure a static PMTU according to the lowest MTU of the path that a packet is to traverse This speeds up packet transmission Procedure Step 1 Run system view The system view is displayed Step 2 Run ipv6 pathmtu ipv6 address path mtu The PMTU value of a specified IPv6 address is configured By default the PMTU of the IPv6 address is 1500 bytes l The maximum number of static PMTU entries i...

Page 83: ... IPv6 address the PMTU value the aging time and type are displayed it means that the configuration succeeds Huawei display ipv6 pathmtu all IPv6 Destination Address ZoneID PathMTU LifeTime M Type fe80 12 0 1300 40 Dynamic 2222 3 0 1280 Static Total 2 Dynamic 1 Static 1 Run the display ipv6 interface command If the current MTU of the interface is displayed it means that the configuration succeeds H...

Page 84: ...ollowing tasks l Connecting and configuring the physical features for the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer protocol parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Data Preparation To configure TCP6 you need the following data No Data 1 Value of TCP6 FIN WAIT ...

Page 85: ...ze of the TCP6 sliding window ranges from 1 KB to 32 KB By default the size of the TCP6 sliding window is 8 KB End 3 7 4 Checking the Configuration You can view the configuration of TCP6 Prerequisites The configurations of the TCP6 function are complete Procedure l Run the display tcp ipv6 statistics command to check related TCP6 statistics l Run the display tcp ipv6 status command to check the TC...

Page 86: ...uding 0 RST window probe packets 0 window update packets 0 data packets 0 0 bytes data packets retransmitted 0 0 bytes ACK only packets 0 0 delayed packets sent with MD5 Signature Option 0 Other Statistics retransmitted timeout 0 connections dropped in retransmitted timeout 0 keepalive timeout 0 keepalive probe 0 keepalive timeout so connections disconnected 0 initiated connections 0 accepted conn...

Page 87: ...s clearance of information about IPv6 operation through the reset command Context CAUTION IPv6 statistics cannot restore after you clear it So confirm the action before you use the command Procedure l Run the reset ipv6 statistics command in the user view to clear statistics of processing IPv6 packets after you confirm it l Run the reset ipv6 pathmtu all dynamic static command in the user view to ...

Page 88: ...ter B are connected through GE interfaces It is required to configure IPv6 global unicast addresses for the interfaces and test the connectivity between them The IPv6 global unicast addresses to be configured for the interfaces are 3001 1 64 and 3001 2 64 Figure 3 1 Networking diagram of configuring an IPv6 address for an interface RouterA RouterB Eth 1 0 0 3001 1 64 Eth 1 0 0 3001 2 64 Configurat...

Page 89: ...rmation of Router A RouterA display ipv6 interface ethernet 1 0 0 Ethernet1 0 0 current state UP IPv6 protocol current state UP IPv6 is enabled link local address is FE80 2E0 FCFF FE01 E3 Global unicast address es 3001 1 subnet is 3001 64 Joined group address es FF02 1 FF00 1 FF02 2 FF02 1 FF02 1 FF01 E3 MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 millis...

Page 90: ...cs 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 2 2 2 ms End Configuration Files l Configuration file of Router A sysname RouterA ipv6 interface ethernet1 0 0 ipv6 enable ipv6 address 3001 1 64 return l Configuration file of Router B sysname RouterB ipv6 interface ethernet1 0 0 ipv6 enable ipv6 address 3001 2 64 return 3 9 2 Example for Configuring IPv6 Neighb...

Page 91: ...v6 Configure RouterB Huawei system view Huawei sysname RouterB RouterB ipv6 Step 2 Configure the link local unicast address Configure RouterA RouterA interface ethernet 1 0 0 RouterA Ethernet1 0 0 ipv6 enable RouterA Ethernet1 0 0 ipv6 address auto link local Configure RouterB RouterB interface ethernet 1 0 0 RouterB Ethernet1 0 0 ipv6 enable RouterB Ethernet1 0 0 ipv6 address auto link local Step...

Page 92: ...about GE 1 0 0 on RouterB RouterB Ethernet1 0 0 display this ipv6 interface Ethernet1 0 0 current state UP IPv6 protocol current state UP IPv6 is enabled link local address is FE80 A19 A6FF FE9B 6D3B No global unicast address configured Joined group address es FF02 1 FF9B 6D3B FF02 2 FF02 1 MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 milliseconds ND retr...

Page 93: ...erA sysname RouterA ipv6 interface Ethernet1 0 0 ipv6 enable ipv6 address auto link local undo ipv6 nd ra halt return l Configuration file of RouterB sysname RouterB ipv6 interface Ethernet1 0 0 ipv6 enable ipv6 address auto link local undo ipv6 nd ra halt return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 3 Basic IPv6 Configuration Issue 02 2012 03 30 Huawei Propriet...

Page 94: ...4 Configuring DNS Proxy or Relay This section describes how to configure DNS proxy or relay 4 5 Configuring a DDNS Client The AR150 200 can function as the DDNS client to dynamically obtain latest mappings between domain names of web sites and IP addresses on the DNS server This allows your organization to use domain names to access web sites 4 6 Maintaining DNS This section describes how to maint...

Page 95: ...base If no matching entry is found it sends a query message to an upper level DNS server This process continues until the DNS server finds the corresponding IP address or detecting that the domain name does not exist The DNS server then sends a response to the DNS client AR150 200 Functioning as a DNS Proxy Relay The AR150 200 supports the DNS Proxy Relay function If no DNS server is deployed on a...

Page 96: ...must know mappings between domain names and IP addresses When mappings between domain names and IP addresses change you must manually modify DNS entries If your organization uses domain names to access many devices and DNS servers are available you can configure dynamic DNS entries Pre configuration Tasks Before configuring a DNS client complete the following tasks l Connecting interfaces and sett...

Page 97: ...r and configure a source IP address for the local routing device and a domain name suffix If the local routing device uses an IP address allocated by the DHCP server and the information delivered by the DHCP server to the local routing device contains the DNS server address and the domain name suffix list you only need to enable dynamic DNS resolution Procedure Step 1 Run system view The system vi...

Page 98: ... check the DNS server configuration l Run the display dns domain command to check the domain name suffix configuration l Run the display dns dynamic host command to check dynamic DNS entries End Example Run the display ip host command to view static DNS entries Huawei display ip host Host Age Flags Address www 3322 org 0 static 10 138 90 34 members 3322 org 0 static 10 138 90 51 checkip dyndns com...

Page 99: ...ith DNS proxy or relay After the external DNS server translates the domain name of the DNS client to an IP address the DNS client can access the Internet DNS proxy or relay reduces network management costs Changing the IP address of the DNS server requires that you change only the configuration on the DNS proxy or relay Pre configuration Tasks Before configuring DNS proxy or relay complete the fol...

Page 100: ... DNS clients If DNS spoofing is enabled the AR150 200 uses the configured IP address to respond to all DNS query messages In addition to enabling DNS proxy or relay one of the following conditions must be met to make DNS spoofing take effect l No DNS server is configured l A DNS server is configured but dynamic DNS resolution is disabled l There is no route to the DNS server l There is no source I...

Page 101: ...lay is attacked the DNS table becomes full As a result the DNS proxy or relay cannot resolve new domain names into IP addresses To solve the problem you can set the aging time of DNS entries so that the local routing device can delete expired DNS entries Procedure Step 1 Run system view The system view is displayed Step 2 Run dns proxy enable DNS proxy is enabled Or run dns relay enable DNS relay ...

Page 102: ...ites 4 5 1 Establishing the Configuration Task Before configuring a DDNS client familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment DNS can resolve domain names into IP addresses so that you can use domain names to...

Page 103: ... local routing device and the DDNS server Data Preparation No Data 1 URL in the DDNS server 2 Optional Interval for sending DDNS update requests 3 Number of the interface bound to a DDNS policy 4 5 2 Creating a DDNS Policy Before using DDNS functions you must create a DDNS policy in the system view Procedure Step 1 Run system view The system view is displayed Step 2 Run ddns policy policy name A D...

Page 104: ...DNS update request is oray username password phddnsdev oray net Step 4 Run interval interval time The interval for sending DDNS update requests is set After the interval for sending DDNS update requests is set in the configured DDNS policy the AR150 200 sends DDNS update requests at intervals By default the interval for sending DDNS update requests is 3600s End 4 5 4 Binding a DDNS Policy to an In...

Page 105: ...ind count 1 interface Ethernet1 0 0 Statuses START Refresh enable Run the display ddns interface command to view the DDNS policy information on VLANIF 100 Huawei display ddns interface Vlanif 100 Policy JackPolicy URL oray Jack Jack2010 phddnsdev oray net Statuses START Refresh enable 4 6 Maintaining DNS This section describes how to maintain DNS 4 6 1 Deleting Dynamic DNS Entries of DNS Clients T...

Page 106: ...s and host names in the DDNS policy are updated End 4 7 Configuration Examples This section provides DNS configuration examples 4 7 1 Example for Configuring a DNS Client Networking Requirements As shown in Figure 4 1 RouterA functions as a DNS client and cooperates with the DNS server RouterA can access the host at 2 1 1 3 16 by domain name huawei com The domain name suffixes are configured as co...

Page 107: ... the following data l Number and IP address of the interface connecting RouterA and RouterB l Domain names of RouterB and RouterC l IP address of the DNS server l Domain name suffix Procedure Step 1 Configure RouterA Configure an IP address for Eth1 0 0 Huawei system view Huawei sysname RouterA RouterA interface Ethernet 1 0 0 RouterA Ethernet1 0 0 ip address 1 1 1 2 255 255 0 0 RouterA Ethernet1 ...

Page 108: ...s CTRL_C to break Reply from 2 1 1 3 bytes 56 Sequence 1 ttl 126 time 6 ms Reply from 2 1 1 3 bytes 56 Sequence 2 ttl 126 time 4 ms Reply from 2 1 1 3 bytes 56 Sequence 3 ttl 126 time 4 ms Reply from 2 1 1 3 bytes 56 Sequence 4 ttl 126 time 4 ms Reply from 2 1 1 3 bytes 56 Sequence 5 ttl 126 time 4 ms huawei com ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip...

Page 109: ...ck0 ip address 4 1 1 1 255 255 255 255 interface Ethernet 1 0 0 ip address 1 1 1 1 255 255 0 0 interface Ethernet 2 0 0 ip address 2 1 1 1 255 255 0 0 ospf 1 area 0 0 0 0 network 1 1 0 0 0 0 255 255 network 2 1 0 0 0 0 255 255 network 4 1 1 1 0 0 0 0 return Configuration file of RouterC sysname RouterC interface LoopBack0 ip address 4 1 1 2 255 255 255 255 interface Ethernet 1 0 0 ip address 3 1 1...

Page 110: ... DNS proxy RouterA DNS Server DNS Proxy 2 1 1 1 16 RouterB 1 1 1 1 16 Eth1 0 0 1 1 1 2 16 Eth2 0 0 2 1 1 2 16 Eth1 0 0 NetworkA Configuration Roadmap The configuration roadmap is as follows 1 Configure a DNS server 2 Configure DNS spoofing Data Preparation To complete the configuration you need the following data l IP address of the DNS server l Aging time of DNS entries l IP address configured by...

Page 111: ...it NOTE You must configure OSPF on RouterB so that a route between RouterA and the DNS server can be generated For details about OSPF configurations on RouterB see the configuration file Step 5 Verify the configuration Run the display current configuration command on RouterA to view the DNS proxy configuration RouterA display current configuration include dns dns resolve dns server 2 1 1 1 dns pro...

Page 112: ...etween the domain name and the IP address The DDNS service provider www oray com is used as the DDNS server RouterA functions as the DDNS client to send a request to the DDNS server when the IP address of RouterA changes Then the DDNS server instructs the DNS server to reconfigure the mapping between the domain name and the IP address NOTE AR150 200 is RouterA Figure 4 3 Network diagram Loopback0 ...

Page 113: ... ddns policy mypolicy interval 3600 RouterA ddns policy mypolicy quit Enable DNS resolution RouterA dns resolve Configure an IP address for the DNS server RouterA dns server 3 1 1 2 Bind the DDNS policy to Eth1 0 0 RouterA interface ethernet 1 0 0 RouterA Ethernet1 0 0 ip address 1 1 1 2 255 255 0 0 RouterA Ethernet1 0 0 ddns apply policy mypolicy fqdn www abc com RouterA Ethernet1 0 0 quit After ...

Page 114: ...TABLISH Refresh enable Run the display ddns interface ethernet 1 0 0 command on RouterA and you can view information about the DDNS policy on Eth1 0 0 RouterA display ddns interface ethernet 1 0 0 Policy mypolicy URL oray steven nevets phddnsdev oray net Statuses ESTABLISH Refresh enable End Configuration Files Configuration file of RouterA sysname RouterA ddns policy mypolicy url oray steven neve...

Page 115: ...C interface LoopBack0 ip address 4 1 1 2 255 255 255 255 interface Ethernet1 0 0 ip address 3 1 1 1 255 255 0 0 interface Ethernet2 0 0 ip address 2 1 1 2 255 255 0 0 ospf 1 area 0 0 0 0 network 2 1 0 0 0 0 255 255 network 3 1 0 0 0 0 255 255 network 4 1 1 2 0 0 0 0 return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 4 DNS Configuration Issue 02 2012 03 30 Huawei Propr...

Page 116: ... NAT port address translation PAT internal server NAT Application Level Gateway ALG NAT filtering NAT mapping Easy IP twice NAT and NAT multi instance 5 3 Configuring NAT To implement communication between the private network and the public network through NAT use Easy IP for a single user and an address pool for multiple users 5 4 Configuration Examples This section provides several configuration...

Page 117: ...her networks Principle of NAT As shown in Figure 5 1 the private address must be translated when a host on a private network accesses the Internet or interworks with the hosts on a public network Figure 5 1 Networking of NAT PC WWWclient PC 10 1 1 10 10 1 1 48 Internalnetwork Externalnetwork 203 196 3 23 WWW Server 202 18 245 251 Router The private network uses network segment 10 0 0 0 and its pub...

Page 118: ...the private address PAT Port address translation PAT which is also called network address port translation NAPT maps a public address to multiple private addresses Therefore public addresses are saved PAT translates source IP addresses of packets from hosts that reside on the private network to a public address The translated port numbers of these packets are different and the private addresses ca...

Page 119: ... Web servers for example can be provided for external user You can configure an internal server and map the public address and port to the internal server In this way hosts on the public network can access the internal server NAT Mapping The NAT function saves IPv4 addresses and improves network security NAT implementation of different vendors may be different therefore the applications using the ...

Page 120: ...nation addresses The twice NAT technology applies to the scenario where IP addresses of hosts on private and public networks overlap As shown in Figure 5 3 the IP address of PC1 on the private network is the same as the IP address of PC3 on the public network If PC2 on the private network sends a packet to PC3 the packet will be forwarded to PC1 Twice NAT translates the overlapping IP address into...

Page 121: ...lapping address 10 0 0 1 3 The AR150 200 sends the packet to the WAN side outbound interface The packet is then forwarded to PC3 hop by hop 4 When the packet sent from PC3 to PC2 reaches the AR150 200 the AR150 200 checks the source address 10 0 0 1 which is the overlapping address it is in the overlapping address pool The AR150 200 translates the source address to the temporary address 3 0 0 1 an...

Page 122: ...mber private address the VPN instance may be included optional private port number and subnet mask 5 Index of the overlapping address pool and temporary address pool start IP address address pool length and optional VPN instance 6 Domain name public address and public port number 5 3 2 Configuring an Address Pool Configure a NAT address pool when multiple users on the private network need to acces...

Page 123: ...tes source addresses of data packets matching the ACL to an IP address in the address pool Different IP address translation entries can be configured on an interface In the command no pat indicates one to one NAT that is only the IP address is translated and the port number is not translated End 5 3 4 Configuring Easy IP Easy IP uses an interface IP address as the source address of data packets ma...

Page 124: ...tcp udp global global address inside host address vpn instance vpn instance name acl acl number description description An internal server is configured Users on the public network can access the configured internal server When a host on the public network sends a connection request to the public address global address of the internal server NAT translates the destination address of the request to...

Page 125: ...End 5 3 7 Enabling NAT ALG Errors may occur when NAT translates protocol packets encapsulated in IP data packets The NAT ALG function ensures that the protocol packets are translated successfully Procedure Step 1 Run system view The system view is displayed Step 2 Run nat alg all dns ftp rtsp sip enable The NAT ALG function is enabled After the NAT ALG function is enabled for an application protoc...

Page 126: ...erse the NAT server Context The NAT function saves IPv4 addresses and improves network security NAT mapping has the following modes l Endpoint independent mapping reuses the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port l Address dependent mapping reuses the port mapping for subsequent packets sent from the same internal IP ...

Page 127: ... on the AR150 200 Step 3 Run nat alg all dns ftp rtsp sip enable The NAT ALG function is enabled for DNS CAUTION The NAT ALG function allows hosts on a private network to access servers on the private network through the external DNS server End 5 3 11 Configuring Twice NAT Twice NAT translates both the source and destination IP addresses of a data packet It applies to the situation where IP addres...

Page 128: ...of the NAT address pool l Run the display nat dns map domain name command to check information about DNS mapping l Run the display nat outbound acl acl number address group group index interface Ethernet interface number subnumber command to check information about outbound NAT l Run the display nat overlap address map index all inside vpn instance inside vpn instance name command to check informa...

Page 129: ...s 202 169 10 33 24 and the interface address of the AR150 200 connected to the carrier device is 202 169 10 2 24 Figure 5 4 Network diagram for configuring the NAT server Eth2 0 0 Router FTP Server 10 0 0 3 24 WWW Server 192 168 20 2 8080 Eth0 0 0 Eth0 0 1 Host Configuration Roadmap The configuration roadmap is as follows 1 Configure IP addresses for interfaces and configure the NAT servers on the...

Page 130: ...l tcp global 202 169 10 33 ftp inside 10 0 0 3 ftp Huawei Ethernet2 0 0 quit Step 2 On the AR150 200 configure a static route with the next hop address 202 169 10 2 Huawei ip route static 0 0 0 0 0 0 0 0 202 169 10 2 Step 3 Enable the NAT ALG function for FTP packets on the AR150 200 Huawei nat alg ftp enable Step 4 Verify the configuration Run the display nat server command on the AR150 200 to vi...

Page 131: ... enabled on the AR150 200 To ensure the security of company A s intranet you need to use the IP addresses in the public address pool 202 169 10 100 202 169 10 200 to replace the host addresses of area A on the network segment 192 168 20 0 24 The hosts of area A then can access servers on the WAN The intranet of area B is also connected to the WAN through the AR150 200 Only a few public IP addresse...

Page 132: ...0 ip address 192 168 20 1 24 Huawei Vlanif100 quit Huawei interface Ethernet 0 0 0 Huawei Ethernet0 0 0 port link type access Huawei Ethernet0 0 0 port default vlan 100 Huawei Ethernet0 0 0 quit Huawei vlan 200 Huawei vlan200 quit Huawei interface vlanif 200 Huawei Vlanif200 ip address 10 0 0 1 24 Huawei Vlanif200 quit Huawei interface Ethernet 0 0 1 Huawei Ethernet0 0 1 port link type access Huaw...

Page 133: ... 1 202 169 10 2 PING 202 169 10 2 56 data bytes press CTRL_C to break Reply from 202 169 10 2 bytes 56 Sequence 1 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 2 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 3 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 4 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 5 ttl 255 time 1 ms Huawei ping a 10 0 0...

Page 134: ...host A on the public network When PC2 sends a packet to host A the packet may be forwarded to PC1 In addition to the network address translation function twice NAT of the AR150 200 specifies the mapping between the overlapping address pool and the temporary address pool The overlapping IP address is translated to a unique temporary address so that packets can be forwarded correctly Figure 5 6 Netw...

Page 135: ...ei Ethernet2 0 0 quit Step 2 Configure DNS mappings on the AR150 200 Huawei nat alg dns enable Huawei nat dns map www Server com 192 168 20 2 80 tcp Step 3 Configure the mapping between the overlapping address pool and the temporary address pool on the AR150 200 Huawei nat overlap address 0 192 168 20 2 202 169 100 2 pool length 254 Step 4 Configure a static route on theAR150 200 from the temporar...

Page 136: ... 5 permit ip source 192 168 20 0 0 0 0 255 nat alg dns enable nat address group 1 160 160 0 2 160 160 0 254 nat dns map www server com 192 168 20 2 80 tcp nat overlap address 0 192 168 20 2 202 169 100 2 pool length 254 ip route static 202 169 100 2 255 255 255 255 Ethernet2 0 0 202 169 10 2 interface Vlanif100 ip address 192 168 20 1 255 255 255 0 interface Vlanif200 ip address 10 0 0 1 255 255 2...

Page 137: ...om the address pool 6 5 Configuring a DHCP Relay Agent This section describes how a DHCP client communicates with a DHCP server on another network segment by using a DHCP relay agent to obtain an IP address and other configurations 6 6 Configuring a DHCP BOOTP Client After a Layer 3 interface of the AR150 200 is specified to function as a DHCP BOOTP client the interface can dynamically obtain an I...

Page 138: ...ation examples provide networking requirements networking diagram precautions configuration roadmaps and configuration procedures Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 6 DHCP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 126 ...

Page 139: ...IP address a subnet mask and a default gateway the server responds with a packet carrying the requested configurations according to a certain policy Both the request packet and the response packet are encapsulated as UDP packets When the AR150 200 functions as a server create an address pool on the AR150 200 to provide IP addresses to DHCP clients The address pool can be a global address pool or a...

Page 140: ...uired for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment When the AR150 200 functions as a DHCP server you can configure a global address pool on the AR150 200 The AR150 200 then allocates IP addresses and configuration parameters to clients from the global address pool The global address pool applies to the following scenarios DH...

Page 141: ...ptions on the DHCP server Data Preparation To configure the DHCP server based on a global address pool you need the following data No Data 1 Name of a global address pool IP address range and lease optional range of IP addresses that cannot be assigned dynamically and optional IP and MAC address entries that need to be statically bound 2 Egress gateway of a DHCP client 3 Optional IP address of the...

Page 142: ...e same network segment as the interface to users who get online from the interface If no IP address is configured for the interface or there is no address pool having the same network segment as the interface users cannot get online l If a DHCP client and the AR150 200 functioning as a DHCP server are on different network segments and a DHCP relay agent is deployed between them the AR150 200 parse...

Page 143: ...nal Run lease day day hour hour minute minute unlimited An IP address lease is configured By default the IP address lease is one day The DHCP server can specify different IP address leases for different address pools All IP addresses in an address pool must have the same lease Step 5 Optional Run excluded ip address start ip address end ip address The range of the IP addresses that cannot be dynam...

Page 144: ...nd ip address IP addresses that cannot be released from the IP address pool are recycled End 6 3 4 Optional Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client When functioning as the DHCP server the AR150 200 is configured to dynamically allocate carrier provided DNS and NetBIOS configurations to the DHCP clients Context The DNS and NetBIOS configurations have been spec...

Page 145: ... is displayed Step 3 Run domain name domain name The DNS domain name that is assigned to the DHCP client is configured On the DHCP server you can specify a DNS domain name used by the client for each address pool Step 4 Run dns list ip address 1 8 The IP address of the DNS server connected to the DHCP client is configured To perform load balancing on traffic and improve network reliability you can...

Page 146: ...n ip pool ip pool name The IP address pool view is displayed Step 3 Run nbns list ip address 1 8 The IP address of the NetBIOS server connected to the DHCP client is configured An address pool can be configured with a maximum of eight NetBIOS server addresses Step 4 Run netbios type b node h node m node p node A NetBIOS node type is specified for the DHCP client By default the client is not specif...

Page 147: ...of options before running the option command For descriptions of common DHCP options see RFC 2132 End 6 3 8 Optional Configuring the Function That Prevents Identical IP Addresses Before assigning an IP address to a client the AR150 200 functioning as a DHCP server must ping the IP address to prevent address conflicts Context You can use the dhcp server ping command to check whether a response to t...

Page 148: ...tics command to check the statistics on the DHCP server l Run the display ip pool name ip pool name low ip address high ip address all expired conflict used command to check information about the configured global address pool End Example Run the display dhcp server statistics command to view statistics on the DHCP server Huawei display dhcp server statistics DHCP Server Statistics Client Request ...

Page 149: ...n interface address pool familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment On the AR150 200 functioning as a DHCP server you can configure an interface address pool As shown in Figure 6 3 interface address pools ...

Page 150: ...de of a user defined DHCP option and ASCII string hexadecimal number or IP address of the option 6 4 2 Configuring Interface Address Pool Attributes This section describes how to configure the attributes for an interface address pool including IP address lease IP addresses that cannot be assigned dynamically and IP addresses that are bound manually IP addresses in the interface address pool can be...

Page 151: ...luded ip address command multiple times specifies multiple IP addresses that cannot be dynamically assigned Step 8 Optional Run dhcp server static bind ip address ip address mac address mac address An IP address in the interface address pool is bound to a MAC address manually If a user requires a fixed IP address you can bind an unused IP address in the interface address pool to the MAC address of...

Page 152: ...guring the Static DNS Service on a DHCP Client This section describes how to specify the DNS domain name used by the DHCP client on the network and the IP address of the DNS server Context When a host accesses the Internet through the domain name the domain name needs to be resolved to the IP address This is implemented by the DNS To ensure that a DHCP client can successfully connect to the Intern...

Page 153: ...s between the host names and IP addresses need to be established The DHCP client can be specified as one of the following NetBIOS nodes based on mappings between host names and IP addresses l B node b indicates broadcast B nodes obtain mappings between host names and IP addresses in broadcast mode l P node p indicates peer to peer P nodes obtain mappings between host names and IP addresses from th...

Page 154: ...red by using commands If these commands are not supported by the device you can run the option command to configure values for the options corresponding to the DNS service NetBIOS service and IP address lease The related commands are as follows l DNS service dhcp server domain name and dhcp server dns list l NetBIOS service dhcp server nbns list and dhcp server netbios type l IP address lease dhcp...

Page 155: ...does not receive a response packet the IP address is not used on the local network segment This ensures that the IP address to be assigned is unique Procedure Step 1 Run system view The system view is displayed Step 2 Run dhcp server ping packet number The maximum number of ping packets that the AR150 200 can send to the same destination is configured The default value is 0 The AR150 200 sends no ...

Page 156: ...lanif10 Pool No 2 Lease 1 Days 0 Hours 0 Minutes Domain name DNS server0 NBNS server0 Netbios type Position Interface Status Unlocked Gateway 0 192 168 10 2 Mask 255 255 255 0 VPN instance Start End Total Used Idle Expired Conflict Disable 192 168 10 1 192 168 10 254 253 0 253 0 0 0 6 5 Configuring a DHCP Relay Agent This section describes how a DHCP client communicates with a DHCP server on anoth...

Page 157: ... Relay Internet DHCP Server NOTE AR150 200WAN side Ethernet interfaces do not support DHCP relay Pre configuration Tasks Before configuring a DHCP relay agent complete the following tasks l Configuring a DHCP server l Configuring a route destined to the DHCP server on the AR150 200 Data Preparation To configure a DHCP relay agent you need the following data No Data 1 Name of a DHCP server group 2 ...

Page 158: ...ace or its sub interface a Layer 3 Eth trunk interface or its sub interface or a VLANIF interface can be configured to function as a DHCP relay agent Step 4 Run ip address ip address mask mask length An IP address is configured for the interface NOTE The IP address of the egress gateway that is configured in the IP address pool of the server must be consistent with the IP address of the DHCP relay...

Page 159: ...roup comprises a maximum of eight DHCP servers If no indexes are specified for the DHCP group servers the system automatically assigns idle indexes to them End 6 5 4 Binding a DHCP Server Group to a DHCP Relay Interface This section describes how to bind a DHCP server group to an interface enabled with the DHCP relay function After this configuration DHCP clients can access the DHCP server in the ...

Page 160: ... its sub interface a Layer 3 Eth trunk interface or its sub interface or a VLANIF interface can be configured to function as a DHCP relay agent Step 3 Run dhcp relay release client ip address mac address server ip address A request packet is sent to the DHCP server to instruct the server to reclaim the IP address that is obtained by a DHCP client End 6 5 6 Checking the Configuration This section d...

Page 161: ...om servers 0 DHCP OFFER packets received 0 DHCP ACK packets received 0 DHCP NAK packets received 0 DHCP packets sent to servers 0 DHCP Bad packets received 0 Run the display dhcp server group group name command to view the configurations of DHCP server group 1 Huawei display dhcp server group group1 Group name group1 Group type 0 Server IP 100 10 10 1 1 Server IP 100 10 10 2 Gateway VPN instance 1...

Page 162: ...r the DHCP server on the AR150 200 Data Preparation To configure a DHCP BOOTP client you need the following data No Data 1 Name of a DHCP server group 2 IP addresses of DHCP servers in the DHCP server group 3 Number and IP address of the interface on which the DHCP relay function is enabled 6 6 2 Optional Configuring the DHCP BOOTP Client Attributes The DHCP BOOTP client attributes can be used to ...

Page 163: ... 2 Run dhcp enable The DHCP service is enabled 3 Run interface interface type interface number The interface view is displayed On the AR150 200 a Layer 3 Ethernet interface or its sub interface a Layer 3 Eth trunk interface or its sub interface or a VE interface can be configured to function as a BOOTP client 4 Run ip address bootp client hostname hostname A host name is configured for the BOOTP c...

Page 164: ...w is displayed On the AR150 200 a Layer 3 Ethernet interface or its sub interface a Layer 3 Eth trunk interface or its sub interface or a VE interface can be configured to function as a BOOTP client 4 Run ip address bootp alloc The BOOTP client function is enabled on the AR150 200 End 6 6 4 Checking the Configuration This section describes how to check the configurations of the DHCP BOOTP client P...

Page 165: ...rror 0 6 7 Configuring the DHCP Rate Limit Function You can configure the highest rate at which DHCP packets are sent to the protocol stack in the system view VLAN view or interface view If different rates are configured in these views the rate configured in the interface view takes effect If this rate does not take effect the rate configured in the VLAN view takes effect If the rate configured in...

Page 166: ...d threshold The alarm threshold for the DHCP message checking is configured By default the threshold is 100 If the number of packets that are discarded because their sending rates exceed the upper limit is larger than the threshold an alarm is generated l Configure the highest rate at which DHCP packets are sent to the protocol stack in the VLAN view 1 Run system view The system view is displayed ...

Page 167: ...enable The DHCP message checking alarm on an interface is enabled By default this function is disabled 6 Optional Run dhcp alarm dhcp rate threshold threshold The alarm threshold for the DHCP message checking on an interface is configured By default the threshold is 100 When the number of packets that are discarded because their sending rates exceed the upper limit is larger than the threshold an ...

Page 168: ...er view to clear the statistics on a DHCP relay agent End 6 8 2 Monitoring the Operating Status of DHCP This section describes how to check the operating status of DHCP in any view for routine maintenance Procedure l Run the display dhcp relay all interface interface type interface number command to check the DHCP server group that is bound to the relay interface and information about the group se...

Page 169: ...uter that functions as a DHCP server Office 1 belongs to the network segment 10 1 1 0 25 and all hosts in Office 1 are added to VLAN 10 These hosts use the DNS service but not the NetBIOS service Office 2 belongs to the network segment 10 1 1 128 25 and all hosts in Office 2 are added to VLAN 20 These hosts use both DNS and NetBIOS services A global address pool needs to be configured on the Route...

Page 170: ...ANIF 20 10 1 1 1 and 10 1 1 129 respectively Procedure Step 1 Enable the DHCP function Huawei system view Huawei sysname Router Router dhcp enable Step 2 Create IP address pools and configure related attributes Create pool1 and configure attributes for pool1 including address range DNS server address egress gateway and IP address lease Router ip pool pool1 Router ip pool pool1 network 10 1 1 0 mas...

Page 171: ...ected to VLANIF 20 to obtain IP addresses from the global address pool Router interface vlanif 20 Router Vlanif20 ip address 10 1 1 129 255 255 255 128 Router Vlanif20 dhcp select global Router Vlanif20 quit Step 4 Verify the configuration Run the display ip pool command on the Router You can view the configurations of the IP address pool Router display ip pool Pool name pool1 Pool No 0 Position L...

Page 172: ...on describes how to configure a DHCP server based on an interface address pool After the configuration is complete the clients can obtain IP address from the server that is on the network of the DHCP client Networking Requirements As shown in Figure 6 6 the two offices of a company are deployed on the same network To save resources all hosts in the two offices are assigned IP addresses by the Rout...

Page 173: ...nable the interface address pool 4 Configure address pool attributes for the clients including the DNS server address NetBOIS server address and IP address leases Data Preparation To complete the configuration you need the following data 1 IP addresses of VLANIF 10 and VLANIF 20 10 1 1 1 and 10 1 2 1 respectively 2 IP address leases for Office 1 and Office 2 30 days and 20 days respectively 3 IP a...

Page 174: ...nterface address pool Configure the DNS and NetBOIS services for VLANIF 10 address pool Router interface vlanif 10 Router Vlanif10 dhcp server domain name huawei com Router Vlanif10 dhcp server dns list 10 1 1 2 Router Vlanif10 dhcp server nbns list 10 1 1 3 Router Vlanif10 dhcp server excluded ip address 10 1 1 2 Router Vlanif10 dhcp server excluded ip address 10 1 1 3 Router Vlanif10 dhcp server...

Page 175: ...r vlan batch 10 to 20 dhcp enable interface Vlanif10 ip address 10 1 1 1 255 255 255 0 dhcp select interface dhcp server dns list 10 1 1 2 dhcp server netbios type b node dhcp server nbns list 10 1 1 3 dhcp server excluded ip address 10 1 1 2 10 1 1 3 dhcp server lease day 30 hour 0 minute 0 dhcp server domain name huawei com interface Vlanif20 ip address 10 1 2 1 255 255 255 0 dhcp select interfa...

Page 176: ...ured to function as a DHCP relay agent to forward DHCP packets so that the DHCP clients can obtain IP addresses and other configurations from the DHCP server On RouterA the public address of Ethernet0 0 8 is 100 10 20 1 24 and the interface address of RouterA connected to the carrier device is 100 10 20 2 24 On RouterB the public address of Ethernet3 0 0 is 100 10 10 1 24 and the interface address...

Page 177: ...r to the group Create a DHCP server group Huawei system view Huawei sysname RouterA RouterA dhcp server group dhcpgroup1 Add a DHCP server to the DHCP server group RouterA dhcp server group dhcpgroup1 dhcp server 100 10 10 1 RouterA dhcp server group dhcpgroup1 quit 2 Enable the DHCP relay function on VLANIF 100 Create a VLAN and add Ethernet 2 0 0 to the VLAN RouterA vlan batch 100 RouterA interf...

Page 178: ...A This ensures that the route from the DHCP server to the network segment 20 20 20 0 24 is reachable The configuration details are not provided here l Configure a default route on RouterB RouterA ip route static 0 0 0 0 0 0 0 0 100 10 10 2 l Verify the configuration Run the display dhcp relay command on RouterA You can view the DHCP relay configurations on VLANIF 100 RouterA display dhcp relay int...

Page 179: ... 0 0 0 100 10 10 2 return 6 9 4 Example for Configuring the DHCP and BOOTP Clients This section describes how to configure the DHCP and BOOTP clients Networking Requirements As shown in Figure 6 8 Router A functions as a DHCP client Router B functions as a BOOTP client Router C functions as a DHCP server Router A dynamically obtains an IP address a DNS server address and a gateway address from Rou...

Page 180: ...address of Eth1 0 0 on Router C 10 1 1 1 3 IP address of the egress gateway configured for the DHCP client 10 1 1 126 4 IP address of the DNS server connected to the DHCP client 10 1 1 2 Procedure l Configure the DHCP client function on Router A Enable the DHCP service Huawei system view Huawei sysname RouterA RouterA dhcp enable Enable the DHCP client function on Eth 1 0 0 RouterA interface ether...

Page 181: ...You can view the configurations of the DHCP client function RouterA display current configuration interface Ethernet1 0 0 ip address dhcp alloc Run the display interface command on Router A after the interface obtains an IP address You can view the IP address of the interface RouterA display interface ethernet 1 0 0 Ethernet1 0 0 current state DOWN Line protocol current state DOWN Description HUAW...

Page 182: ...Interface Route Port The Maximum Transmit Unit is 1500 Internet Address is allocated by DHCP 10 1 1 22 24 IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc11 000a Last physical up time 2007 12 01 10 48 50 Last physical down time 2007 12 01 10 52 56 Current system time 2007 12 01 16 52 01 Port Mode COMMON COPPER Speed 100 Loopback NONE Duplex FULL Negotiation ENABLE Mdi AUTO La...

Page 183: ...t 1 0 0 ip address dhcp alloc return Configuration file of Router B sysname RouterB dhcp enable interface Ethernet 1 0 0 ip address bootp alloc return Configuration file of Router C sysname RouterC dhcp enable ip pool pool1 network 10 1 1 0 mask 24 gateway list 10 1 1 126 static bind ip address 10 1 1 3 mac address a234 e211 a256 dns list 10 1 1 2 interface Ethernet 1 0 0 ip address 10 1 1 1 24 dh...

Page 184: ... which DHCP packets are sent to Router A This allows Router A to effectively defend against DHCP attack packets and to process requests of authorized users in time Figure 6 9 Networking diagram for configuring the DHCP relay DHCP Server Internet DHCP Client DHCP Client Attacker DHCP Relay RouterB RouterA Configuration Roadmap The configuration roadmap is as follows l Configure the highest rate at ...

Page 185: ...nt configuration include dhcp command on Router A You can view the DHCP function and DHCP rate limit have been enabled in the global view RouterB display current configuration include dhcp It will take a long time if the content you search is too much or the string you input is too long you can press CTRL_C to break dhcp enable dhcp check dhcp rate enable dhcp check dhcp rate 90 dhcp check dhcp ra...

Page 186: ...iguring Load Balancing for IP Packet Forwarding Unequal Cost Multiple Path UCMP improves packet forwarding performance on a network 7 5 Configuring TCP Attributes You can configure TCP attributes to improve network performance 7 6 Maintaining IP Performance You can maintain IP performance by clearing IP performance statistics and monitoring the IP running status 7 7 Configuration Examples This sec...

Page 187: ...ing Time of the PMTU l Setting the MSS of TCP Packets on an Interface 7 3 Optimizing IP Performance You can set parameters for IP packets to optimize network performance 7 3 1 Establishing the Configuration Task Before optimizing IP performance familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help...

Page 188: ...mproves network security Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run ip verify source address The interface is enabled to check validity of source IP addresses of received packets By default an interface does not check validity of source IP addresses of received packets The AR150 200 o...

Page 189: ...erface interface type interface number The interface view is displayed Step 3 Run ip forward broadcast acl acl number The interface is configured to forward broadcast packets By default an interface does not forward broadcast packets End 7 3 5 Configuring an Outbound Interface to Fragment IP Packets You can configure an outbound interface to fragment IP packets Procedure Step 1 Run system view The...

Page 190: ...d to send ICMP redirection packets CAUTION If an interface is not enabled to send ICMP redirection packets the router does not send ICMP redirection packets Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run icmp redirect send The interface is enabled to send ICMP redirection packets End 7 3 ...

Page 191: ...ace brief interface type interface number command to check information about the interface l Run the display ip statistics command to check the IP traffic statistics l Run the display icmp statistics command to check the ICMP traffic statistics l Run the display ip socket monitor task id task id socket id socket id socket type socket type command to check the IP socket information End Example Run ...

Page 192: ...mation reply 0 Netmask request 0 Netmask reply 0 Unknown type 0 Run the display ip statistics command and you can view the IP traffic statistics Huawei display ip statistics Input sum 31786 local 31786 bad protocol 0 bad format 0 bad checksum 0 bad options discard srr 0 TTL exceeded 0 Output forwarding 0 local 41289 dropped 0 no route 1 Fragment input 0 output 0 dropped 0 fragmented 0 couldn t fra...

Page 193: ...ode congestion may occur on low speed links and bandwidth of high speed links cannot be used efficiently ECMP evenly load balances traffic over multiple equal cost links regardless of the bandwidth Consequently traffic congestion may occur on low speed links and bandwidth of high speed links cannot be used efficiently To load balance traffic on the equal cost links based on bandwidth configure UCM...

Page 194: ...ased on the configured bandwidth l The outbound interface of the equal cost route is a logical interface Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed NOTE To configure UCMP on a logical interface you must perform step 3 Step 3 Optional Run load balance bandwidth bandwidth The bandwidth is manually...

Page 195: ...on addresses in the range of destination address1 destination mask1 to destination address2 destination mask2 l Run the display fib ip prefix prefix name verbose command to check FIB entries matching the specified IP prefix list l Run the display fib interface interface type interface number command to check FIB entries matching a specified interface l Run the display fib next hop ip address comma...

Page 196: ...l parameters for interfaces to ensure that the routing protocol status on the interfaces is Up Data Preparation To configure TCP attributes you need the following data No Data 1 Values of the SYN Wait timer and FIN Wait timer and packet receive or transmit buffer size of a connection oriented socket 7 5 2 Setting Values of TCP Timers You can set values of the SYN Wait timer and FIN Wait timer to c...

Page 197: ...multiple networks it is important to determine the minimum MTU on the network path because the MTUs of the link layers on different networks are different The minimum MTU on the network path is called the PMTU Procedure Step 1 Run system view The system view is displayed Step 2 Run tcp timer pathmtu age age time The aging time of the PMTU is set The aging time of an IPv4 PMTU is an integer ranging...

Page 198: ...ep 3 Run tcp adjust mss value The MSS of TCP packets is set on the interface The MSS of TCP packets on an interface is an integer that ranges from 128 to 2048 in bytes End 7 5 6 Checking the Configuration After configuring TCP attributes you can view the configuration Procedure l Run the display tcp status task id task id socket id socket id local ip ipv4 address local port local port number remot...

Page 199: ...ndow update packets 0 data packets 5364 126736 bytes data packets retransmitted 0 0 byte s ACK only packets 657 626 delayed Other information Retransmitted timeout 0 connections dropped in retransmitted timeout 0 Keep alive timeout 29072 keep alive probe 29072 Keep alive timeout so connections disconnected 0 Initiated connections 0 accepted connections 16 established connecti ons 16 Closed connect...

Page 200: ... l Run the display tcp statistics command in any view to check the TCP traffic statistics l Run the display udp statistics command in any view to check the UDP traffic statistics l Run the display ip interface interface type interface number command in any view to check information about an interface l Run the display ip statistics command in any view to check the IP traffic statistics l Run the d...

Page 201: ... id socket id socket id sock type socket type command in any view to check the IP socket information End 7 7 Configuration Examples This section provides IP performance configuration examples 7 7 1 Example for Disabling the Sending of ICMP Redirection Packets Networking Requirements As shown in Figure 7 1 to limit the sending of ICMP redirection packets RouterA RouterB and RouterC are required to ...

Page 202: ... 1 0 0 RouterB Ethernet1 0 0 ip address 1 1 1 2 24 RouterB Ethernet1 0 0 quit Configure RouterC Huawei system view Huawei sysname RouterC RouterC interface ethernet 1 0 0 RouterC Ethernet1 0 0 ip address 2 2 2 2 24 RouterC Ethernet1 0 0 quit Step 2 Configure static routes Configure RouterA RouterA ip route static 2 2 2 0 255 255 255 0 1 1 1 2 Configure RouterB RouterB ip route static 2 2 2 0 255 2...

Page 203: ...ransmitted 5 packet s received 0 00 packet loss round trip min avg max 3 3 3 ms End Configuration Files l Configuration file of RouterA sysname RouterA interface Ethernet1 0 0 ip address 1 1 1 1 255 255 255 0 ip route static 2 2 2 0 255 255 255 0 1 1 1 2 return l Configuration file of RouterB sysname RouterB interface Ethernet1 0 0 ip address 1 1 1 2 255 255 255 0 undo icmp redirect send ip route ...

Page 204: ...y based Routing By configuring IP unicast PBR you can ensure that a certain packet is forwarded through a specified outbound interface 8 4 Configuration Examples This section includes the networking requirements precautions for configuration and configuration roadmap Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 8 IP Unicast PBR Configuration Issue 02 2012 03 30 Huawei ...

Page 205: ...l Security inspection redirects certain packets to the firewall For details about the redirection configuration see Configuring Redirection in the Huawei AR150 200 Series Enterprise Routers Configuration Guide QoS 8 3 Configuring IP Policy based Routing By configuring IP unicast PBR you can ensure that a certain packet is forwarded through a specified outbound interface 8 3 1 Establishing the Conf...

Page 206: ...e number of the packet in the specified policy 7 VPN instance name to which the packet in the specified policy belongs 8 3 2 Defining the Matching Rule of PBR By defining the matching rule of PBR you can determine the type of packets to which PBR is applied Procedure Step 1 Run system view The system view is displayed Step 2 Run policy based route policy name deny permit node node id A policy or a...

Page 207: ...y a node id The smaller the node id is the higher the preference of the policy node is The policy of a higher preference is first executed 8 3 3 Defining Actions of PBR This part describes how to define actions of PBR including setting the outbound interface and nexthop for a packet Procedure Step 1 Run system view The system view is displayed Step 2 Run policy based route policy name deny permit ...

Page 208: ... The apply ip precedence command is used to set the precedence of the packet The value of precedence ranges from 0 to 7 In addition some key words can be used as the value of precedence Table 8 1 shows the relationship between key words and precedence Table 8 1 Relationship between keywords and precedence Precedence Key Word 0 Routine 1 Priority 2 Immediate 3 Flash 4 Flash override 5 Critical 6 In...

Page 209: ...BR applies to only the local packets You can configure only one local policy End 8 3 5 Checking the Configuration You can view the configuration of IP unicast PBR Prerequisites The configurations of the IP Policy based Routing function are complete Procedure l Run the display ip policy based route command to check the enabled PBR l Run the display ip policy based route setup local command to check...

Page 210: ...oadmap 8 4 1 Example for Configuring IP Unicast PBR This section provides an example for configuring IP unicast PBR Networking Requirements As shown in Figure 8 1 IP unicast PBR is applied to RouterA l The next hop address 150 1 1 2 is set for packets with 64 to 1400 bytes l The next hop address 151 1 1 2 is set for packets with 1401 to 1500 bytes l Packets with other lengths are routed based on d...

Page 211: ...dress 151 1 1 2 255 255 255 0 RouterB Ethernet2 0 0 quit Step 2 Configure static routes Configure a static route on RouterA RouterA ip route static 10 1 2 0 24 150 1 1 2 RouterA ip route static 10 1 2 0 24 151 1 1 2 Configure a static route on RouterB RouterB ip route static 10 1 1 0 24 150 1 1 1 RouterB ip route static 10 1 1 0 24 151 1 1 1 Step 3 Configure a PBR route Configure a PBR route lab1 ...

Page 212: ...IP Policy routing success next hop 150 1 1 2 RouterA forwards the received packets from Ethernet1 0 0 because the next hop address in the PBR route is 150 1 1 2 On RouterA ping the IP address of Loopback0 interface on RouterB and set the packet length to 1401 bytes RouterA ping s 1401 10 1 2 1 PING 100 1 2 1 1401 data bytes press CTRL_C to break Mar 9 2011 15 41 26 350 2 RouterA PBR 7 POLICY ROUTI...

Page 213: ...t node 10 if match packet length 64 1400 apply ip address next hop 150 1 1 2 policy based route lab1 permit node 20 if match packet length 1401 1500 apply ip address next hop 151 1 1 2 ip local policy based route lab1 Configuration file of RouterB sysname RouterB interface Ethernet1 0 0 ip address 150 1 1 2 255 255 255 0 interface Ethernet2 0 0 ip address 151 1 1 2 255 255 255 0 ip route static 10...

Page 214: ...res supported by the AR150 200 9 3 Configuring UDP Helper This section describes how to configure UDP helper to relay broadcast packets with a specified UDP port 9 4 Maintaining UDP Helper This section describes how to maintain UDP helper 9 5 Configuration Examples This section provides a UDP helper configuration example Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 9 U...

Page 215: ...R150 200 After UDP helper is enabled on the AR150 200 the AR150 200 relays broadcast packets with the default UDP ports to corresponding destination servers Table 9 1 lists the default UDP ports Other UDP ports must be configured manually after UDP helper is enabled Table 9 1 List of default UDP ports Protocol UDP Port Number Trivial File Transfer Protocol TFTP 69 Domain Name System DNS 53 Time Se...

Page 216: ...ing broadcast packets into unicast packets and sending the unicast packets to the specified destination server Pre configuration Tasks Before configuring UDP helper complete the following task l Configuring a reachable route from the AR150 200 to the destination server Data Preparation To configure UDP helper you need the following data No Data 1 Optional UDP ports of packets need to be relayed 2 ...

Page 217: ...st packets with UDP ports 37 49 53 69 137 and 138 by default If the port number that needs to be configured is in the range of default UDP port numbers you can skip this configuration procedure The AR150 200 does not relay DHCP messages with UDP ports 67 or 68 Perform the following operations on the AR150 200 Procedure Step 1 Run system view The system view is displayed Step 2 Run udp helper port ...

Page 218: ... number of forwarded UDP packets l Run the display udp helper port command to check the UDP port numbers of the packets that need to be relayed End Example Run the display udp helper server command to view UDP helper information Huawei display udp helper server Server interface Server Ip packet num Vlanif20 1 1 1 2 0 Ethernet1 0 0 1 192 168 1 200 0 Run the display udp helper port command to view t...

Page 219: ...the IP address of the NetBIOS NS name server is 10 2 1 1 16 The Router and the NetBIOS NS name server are in different network segments and there is a reachable route between the Router and the NetBIOS NS name server The Router is configured to forward broadcast packets with destination UDP port number 137 and destination IP addresses 255 255 255 255 and 10 110 255 255 to the NetBIOS NS name serve...

Page 220: ...destination UDP port 137 by default The UDP port number therefore does not need to be configured here Data Preparation To complete the configuration you need the following data l VLANIF interface from which UDP packets will be relayed l IP address of the destination server Procedure Step 1 Enable UDP helper Huawei system view Huawei sysname Router Router udp helper enable Step 2 Add Ethernet0 0 0 ...

Page 221: ...server Router display udp helper server Server interface Server Ip packet num Vlanif100 10 2 1 1 0 End Configuration Files Configuration file of the Router sysname Router udp helper enable vlan batch 100 interface Ethernet0 0 0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 interface Vlanif100 ip address 10 110 1 1 255 255 0 0 udp helper server 10 2 1 1 return Huawei AR150 200 Series Ente...

Reviews:

No comments

Brands by name

Popular brands

Load more brands