Huawei AR150 series Скачать руководство пользователя страница 184 | Manualshive

Страница: 184 / 221

background image

6.9.5 Example for Configuring DHCP Rate Limit

This section describes how to configure the highest rate at which DHCP packets are sent to the
protocol stack and the alarm function of DHCP rate limit.

Networking Requirements

As shown in

, a department uses Router A to directly connect the client. Hosts in this

department function as DHCP clients and are assigned IP addresses by the DHCP server. If the
attacker sends a large number of DHCP packets to Router A, the CPU resources of Router A
will become insufficient. As a result, the requests of authorized users cannot be processed in
time. To avoid this problem, network administrators limit the rate at which DHCP packets are
sent to Router A. This allows Router A to effectively defend against DHCP attack packets, and
to process requests of authorized users in time.

Figure 6-9

Networking diagram for configuring the DHCP relay

DHCP Server

Internet

DHCP
Client

DHCP
Client

Attacker

DHCP Relay

RouterB

RouterA

Configuration Roadmap

The configuration roadmap is as follows:

l

Configure the highest rate at which DHCP packets are sent to Router A in the system view.
This allows Router A to limit the rate at which DHCP packets are received within a normal
range.

Data Preparation

1.

Highest rate at which DHCP packets are sent to the protocol stack: 90 pps

2.

Alarm threshold: 80

Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service

6 DHCP Configuration

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

172

«
...
182
183
184
185
186
...
»

Содержание AR150 series

Страница 1: ...Huawei AR150 200 Series Enterprise Routers V200R002C00 Configuration Guide IP Service Issue 02 Date 2012 03 30 HUAWEI TECHNOLOGIES CO LTD ...

Страница 2: ...be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensu...

Страница 3: ...R Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury WARNING Indicates a hazard with a medium or low level of risk which if not avoided could result in minor or moderate injury CAUTION Indicates a potentially hazardous situation which if not avoided could result in equipment damage data loss performance degradation or unexpected results TIP Ind...

Страница 4: ...l items or no item can be selected 1 n The parameter before the sign can be repeated 1 to n times A line starting with the sign is comments Interface Numbering Conventions Interface numbers used in this manual are examples In device configuration use the existing interface numbers on devices Change History Updates between document issues are cumulative Therefore the latest document issue contains ...

Страница 5: ...1 12 30 Initial commercial release Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service About This Document Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iv ...

Страница 6: ...iguration Task 10 1 5 2 Configuring an IP Addresses for an Interface 11 1 5 3 Configuring Routed Proxy ARP 12 1 5 4 Checking the Configuration 12 1 6 Configuring Intra VLAN Proxy ARP 13 1 6 1 Establishing the Configuration Task 13 1 6 2 Configuring an IP Address for an Interface 14 1 6 3 Optional Configuring the VLAN ID of a Sub interface 14 1 6 4 Enabling Intra VLAN Proxy ARP 15 1 6 5 Checking th...

Страница 7: ... 41 2 3 4 Checking the Configuration 41 2 4 Configuring IP Address Unnumbered on an Interface 42 2 4 1 Establishing the Configuration Task 42 2 4 2 Configuring a Primary IP Address for the Interface from Which an IP Address Will Be Borrowed 43 2 4 3 Configuring IP Address Unnumbered on an Interface 43 2 4 4 Checking the Configuration 44 2 5 Configuration Examples 45 2 5 1 Example for Configuring P...

Страница 8: ...7 Configuring TCP6 72 3 7 1 Establishing the Configuration Task 72 3 7 2 Configuring TCP6 Timers 72 3 7 3 Configuring the Size of the TCP6 Sliding Window 73 3 7 4 Checking the Configuration 73 3 8 Maintaining IPv6 75 3 8 1 Resetting IPv6 75 3 9 Configuration Examples 76 3 9 1 Example for Configuring an IPv6 Address for an Interface 76 3 9 2 Example for Configuring IPv6 Neighbor Discovery 78 4 DNS ...

Страница 9: ...th an Address Pool 111 5 3 4 Configuring Easy IP 111 5 3 5 Configuring an Internal Server 112 5 3 6 Configuring Static NAT 112 5 3 7 Enabling NAT ALG 113 5 3 8 Configuring NAT Filtering 113 5 3 9 Configuring NAT Mapping 114 5 3 10 Configuring DNS Mapping 115 5 3 11 Configuring Twice NAT 115 5 3 12 Checking the Configuration 116 5 4 Configuration Examples 117 5 4 1 Example for Configuring the NAT S...

Страница 10: ...on the DHCP Relay Agent 147 6 5 4 Binding a DHCP Server Group to a DHCP Relay Interface 147 6 5 5 Optional Configuring the DHCP Relay Agent to Instruct the DHCP Server to Reclaim the Client IP address 148 6 5 6 Checking the Configuration 148 6 6 Configuring a DHCP BOOTP Client 149 6 6 1 Establishing the Configuration Task 149 6 6 2 Optional Configuring the DHCP BOOTP Client Attributes 150 6 6 3 En...

Страница 11: ... 7 5 3 Setting the Aging Time of the PMTU 185 7 5 4 Setting the Size of the TCP Sliding Window 185 7 5 5 Setting the MSS of TCP Packets on an Interface 186 7 5 6 Checking the Configuration 186 7 6 Maintaining IP Performance 187 7 6 1 Clearing IP Performance Statistics 187 7 6 2 Monitoring the IP Running Status 188 7 7 Configuration Examples 189 7 7 1 Example for Disabling the Sending of ICMP Redir...

Страница 12: ...Server 205 9 3 5 Checking the Configuration 206 9 4 Maintaining UDP Helper 207 9 4 1 Clearing the UDP Helper Statistics 207 9 5 Configuration Examples 207 9 5 1 Example for Configuring UDP Helper 207 Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service Contents Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd xi ...

Страница 13: ...s and the aging time of dynamic ARP entries to optimize forwarding performance of the AR150 200 1 5 Configuring Routed Proxy ARP Routed proxy ARP implements communication between devices on the same network segment but on different physical networks 1 6 Configuring Intra VLAN Proxy ARP Intra VLAN proxy ARP enables hosts that are isolated at Layer 2 in a VLAN to communicate with each other 1 7 Conf...

Страница 14: ...ibes how to maintain ARP 1 11 Configuration Examples Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 1 ARP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 2 ...

Страница 15: ...eway address that is the device does not know how to reach the intermediate system of the network the device cannot forward data packets Routed proxy ARP solves this problem A device sends an ARP Request packet to request the MAC address of the destination host After receiving the packet theAR150 200 enabled with proxy ARP replies with its own MAC address The AR150 200 then functions as the gatewa...

Страница 16: ...ent Protocol ICMP packets 1 3 Configuring Static ARP Static ARP entries record fixed mappings between IP addresses and MAC addresses They are configured manually by network administrators 1 3 1 Establishing the Configuration Task Before configuring static ARP familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration...

Страница 17: ... to 3 Outbound interface of ARP packets 1 3 2 Configuring a Static ARP Entry Static ARP entries are valid as long as the AR150 200 works properly Context NOTE To configure static ARP entries for double tagged packets run the arp static cevid command Procedure Step 1 Run system view The system view is displayed Step 2 Run arp static ip address mac address A static ARP entry is configured End 1 3 3 ...

Страница 18: ...tem view The system view is displayed Step 2 Run arp static ip address mac address vpn instance vpn instance name A static ARP entry is configured for a VPN instance End 1 3 5 Checking the Configuration Procedure l Run the display arp all command to check all ARP entries including static ARP entries and dynamic ARP entries l Run the display arp network net number net mask dynamic static command to...

Страница 19: ...o optimize forwarding performance of the AR150 200 1 4 1 Establishing the Configuration Task Before optimizing Dynamic ARP familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment Dynamic ARP entries are maintained dyna...

Страница 20: ...he interface view is displayed On the AR150 200 you can adjust the parameters of parameters of dynamic ARP entries on Ethernet interfaces Eth Trunk interfaces VLANIF interfaces and VE interfaces Step 3 Run arp expire time expire time The aging time of dynamic ARP entries is set By default the aging time is 1200s Step 4 Run arp detect times detect times The number of ARP probes is set By default th...

Страница 21: ...stem but is enabled on VLANIF interfaces After ARP suppression is enabled it takes effect for only Eth Trunk interfaces and VLANIF interfaces End 1 4 4 Enabling Layer 2 Topology Detection Layer 2 topology detection enables the system to update all the ARP entries in the VLAN that a Layer 2 interface belongs to when the Layer 2 interface status changes from Down to Up Procedure Step 1 Run system vi...

Страница 22: ...tal 2 Dynamic 1 Static 0 Interface 1 Display all the dynamic ARP entries Huawei display arp dynamic IP ADDRESS MAC ADDRESS EXPIRE M TYPE INTERFACE VPN INSTANCE VLAN CEVLAN PVC 10 137 217 210 00e0 fc01 0203 I Eth1 0 0 10 137 216 1 0025 9e38 a09e 20 D 0 Eth1 0 0 10 137 217 208 00e0 fc01 0205 16 D 0 Eth1 0 0 10 2 2 1 00e0 fc99 9999 I Eth Trunk0 10 6 3 34 00e0 fc01 0204 I Eth2 0 0 1 192 168 20 1 00e0 ...

Страница 23: ...an IP Addresses for an Interface The IP address of the interface enabled with routed proxy ARP must be on the same network segment as the IP address of the connected host on a LAN Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number subinterface number The interface view is displayed Routed proxy ARP can be enabled on Ethernet interface...

Страница 24: ...type interface number vid vlan id cevid cevlan id command to check ARP entries on the specified interface l Run the display arp vpn instance vpn instance name dynamic static command to check ARP entries in the specified VPN instance l Run the display arp dynamic command to check dynamic ARP entries l Run the display arp statistics all interface interface type interface number command to check stat...

Страница 25: ...lete the configuration task quickly and accurately Applicable Environment If two users are connected to Layer 2 isolated interfaces in the same VLAN you can enable intra VLAN proxy ARP to implement Layer 3 communication between the two users Pre configuration Tasks Before configuring intra VLAN proxy ARP complete the following tasks l Connecting interfaces and setting physical parameters for the i...

Страница 26: ...address of the interface must be on the same network segment as the IP addresses in the associated VLAN End 1 6 3 Optional Configuring the VLAN ID of a Sub interface This section describes how to configure the VLAN ID of a sub interface Context NOTE You must complete this task before you enable intra VLAN proxy ARP on Ethernet sub interfaces or Eth Trunk sub interfaces You can skip step when you a...

Страница 27: ...led By default intra VLAN proxy ARP is disabled End 1 6 5 Checking the Configuration After configuring intra VLAN proxy ARP you can view the intra VLAN proxy ARP configuration Procedure l Run the display arp interface interface type interface number vid vlan id cevid cevlan id command to check ARP entries on the specified interface l Run the display arp vpn instance vpn instance name dynamic stati...

Страница 28: ...asks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment The VLAN aggregation technology isolates broadcast domain by using multiple VLANs on a physical network so that different VLANs belong to the same subnet This technology introduces the super VLAN and sub VLAN A super VLAN contains one or more sub ...

Страница 29: ... same network segment as the IP address of the user in a VLAN that the interface belongs to Procedure Step 1 Run system view The system view is displayed Step 2 Run interface ethernet eth trunk interface number sub interface number The sub interface view is displayed Or run interface vlanif vlan id The VLANIF interface view is displayed Inter VLAN proxy ARP can be enabled on VLANIF interfaces Ethe...

Страница 30: ... and encapsulation mode of the sub interface are configured Step 4 Run dot1q termination vid vid The single VLAN ID for dot1q encapsulation on a sub interface is configured End 1 7 4 Enabling Inter VLAN Proxy ARP To implement communication between users in different sub VLANs enable inter VLAN proxy ARP on the sub interface corresponding to the super VLAN Procedure Step 1 Run system view The syste...

Страница 31: ... ARP entries on Eth1 0 0 Huawei display arp interface ethernet 1 0 0 IP ADDRESS MAC ADDRESS EXPIRE M TYPE INTERFACE VPN INSTANCE VLAN CEVLAN PVC 192 168 1 11 0000 0a41 0201 I Eth1 0 0 r1 192 168 1 1 0000 0a41 0200 15 D 6 Eth1 0 0 r1 Total 2 Dynamic 1 Static 0 Interface 1 Run the display arp vpn instance command and you can view all the ARP entries in the VPN instance r1 Huawei display arp vpn inst...

Страница 32: ... a LAN is in use by sending ARP Request packets Context ARP Ping IP checks whether an IP address on a LAN is in use by sending ARP packets You can also use the ping command to check whether an IP address is in use but the result of this method may be inaccurate The ping command uses Layer 3 packets as ICMP Echo Request packets If the destination host or the routing device enabled with the firewall...

Страница 33: ...in the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment If you know the specific MAC address but not the corresponding IP address on a network segment you can obtain the corresponding IP address by using ARP Ping MAC to broadcast ICMP packets In this way you can obtain the IP address mapping the MAC address on the ...

Страница 34: ...rror Request timed out Error Request timed out ARP Ping MAC statistics 3 packet s transmitted 0 packet s received MAC 00 13 46 E7 2E F5 not be used l If the following information is displayed the MAC address is used Huawei arp ping mac 00e0 fc03 0201 interface Vlanif 5 OutInterface Vlanif5 MAC 00 E0 FC 03 02 01 press CTRL_C to break ARP Ping MAC statistics 1 packet s transmitted 1 packet s receive...

Страница 35: ...arp interface interface type interface number vid vlan id cevid cevlan id command to check ARP entries on the specified interface l Run the display arp network net number net mask dynamic static command to check ARP entries on the specified network segment l Run the display arp static command to check static ARP entries l Run the display arp dynamic command to check dynamic ARP entries l Run the d...

Страница 36: ...rtments of a company and each department joins different VLANs Hosts in the headquarters office and the file backup server are allocated manually configured IP addresses and hosts in departments dynamically obtain IP addresses by using DHCP Hosts in the marketing department can access the Internet and are often attacked by ARP packets Attackers attack the Router and modify dynamic ARP entries on t...

Страница 37: ...eing modified in ARP attack packets Data Preparation To complete the configuration you need the following data l Interface connecting the Router and hosts in the headquarters office Ethernet0 0 0 l ID of the VLAN that Ethernet0 0 0 joins VLAN 10 l IP address of VLANIF10 10 164 1 20 24 l Network segment where the IP addresses of hosts in the headquarters office are located 10 164 1 0 24 PC A with I...

Страница 38: ...hat of PC A Step 2 Configure a static ARP entry for the file backup server on the Router Configure an IP address for Ethernet2 0 0 Router interface ethernet 2 0 0 Router Ethernet2 0 0 ip address 10 164 10 10 255 255 255 0 Router Ethernet2 0 0 quit Configure a static ARP entry for the file backup server The IP address 10 164 10 1 24 maps the MAC address 0df0 fc01 003a Router arp static 10 164 10 1 ...

Страница 39: ...y are located in different cities multiple routing devices are deployed between branches and routes are reachable IP addresses of the routing devices are on the same network segment 172 16 0 0 16 Branch A and branch B belong to different broadcast domains therefore they cannot communicate on a LAN Hosts of branches are not configured with default gateway addresses therefore they cannot communicate...

Страница 40: ...ernet0 0 0 to VLAN 10 RouterA interface ethernet 0 0 0 RouterA Ethernet0 0 0 port link type access RouterA Ethernet0 0 0 port default vlan 10 RouterA Ethernet0 0 0 quit Configure an IP address for VLANIF 10 RouterA interface vlanif 10 RouterA Vlanif10 ip address 172 16 1 1 255 255 255 0 Enable routed proxy ARP on VLANIF 10 RouterA Vlanif10 arp proxy enable RouterA Vlanif10 quit Step 2 Configure Ro...

Страница 41: ...amic End Configuration Files Configuration file of RouterA sysname RouterA vlan batch 10 interface Vlanif 10 ip address 172 16 1 1 255 255 255 0 arp proxy enable interface ethernet 0 0 0 port link type access port default vlan 10 return Configuration file of RouterB sysname RouterB vlan batch 20 interface Vlanif 20 ip address 172 16 2 1 255 255 255 0 arp proxy enable interface ethernet 0 0 0 port ...

Страница 42: ... follows 1 Configure port isolation on the downstream interface of the Router to forbid Layer 2 communication and remove broadcast storms 2 Enable intra VLAN proxy ARP on the VLANIF interface to prevent broadcast storms and Layer 3 communication between hosts in the accounting department Data Preparation To complete the configuration you need the following data l Interface connecting the Router an...

Страница 43: ...er sub vlan proxy enable Router Vlanif10 quit Step 5 Verify the configuration Ping PC A and PC B They can be pinged successfully Router ping 100 1 1 100 PING 100 1 1 100 56 data bytes press CTRL_C to break Reply from 100 1 1 100 bytes 56 Sequence 1 ttl 255 time 10 ms Reply from 100 1 1 100 bytes 56 Sequence 2 ttl 255 time 10 ms Reply from 100 1 1 100 bytes 56 Sequence 3 ttl 255 time 10 ms Reply fr...

Страница 44: ...follows 1 Create and configure the super VLAN and sub VLANs 2 Add interfaces to the sub VLANs 3 Create a VLANIF interface corresponding to the super VLAN and assign an IP address to the VLANIF interface 4 Enable inter VLAN proxy ARP Data Preparation To complete the configuration you need the following data l IDs of the super VLAN and sub VLANs l Sub VLAN 2 that Ethernet0 0 0 and Ethernet0 0 1 belo...

Страница 45: ... 0 2 quit Router interface ethernet 0 0 3 Router Ethernet0 0 3 port link type access Router Ethernet0 0 3 port default vlan 3 Router Ethernet0 0 3 quit Create super VLAN 4 and add sub VLAN 2 and sub VLAN 3 to super VLAN 4 Router vlan 4 Router vlan4 aggregate vlan Router vlan4 access vlan 2 Router vlan4 access vlan 3 Router vlan4 quit Step 2 Create and configure VLANIF 4 Create VLANIF 4 Router inte...

Страница 46: ... 255 255 255 0 arp proxy inter sub vlan proxy enable interface ethernet 0 0 0 port link type access port default vlan 2 interface ethernet 0 0 1 port link type access port default vlan 2 interface ethernet 0 0 2 port link type access port default vlan 3 interface ethernet 0 0 3 port link type access port default vlan 3 return 1 11 5 Example for Configuring Layer 2 Topology Detection Networking Req...

Страница 47: ...n the Router to VLAN 100 in default mode Create VLAN 100 and configure an IP addresses for the VLANIF interface Huawei system view Huawei sysname Router Router vlan 100 Router vlan100 quit Router interface vlanif 100 Router vlanif100 ip address 10 1 1 2 24 Router vlanif100 quit Add the two Ethernet interfaces to VLAN 100 in default mode Router interface ethernet 0 0 0 Router Ethernet0 0 0 port lin...

Страница 48: ...4900 I Vlanif100 10 1 1 3 00e0 de24 bf04 0 D 0 Ethernet0 0 1 Total 2 Dynamic 1 Static 0 Interface 1 NOTE According to the preceding information the ARP entries learned from Ethernet0 0 1 are deleted after Ethernet0 0 0 is shut down After Ethernet0 0 0 is enabled and becomes Up the aging time of ARP entries learned from Ethernet0 0 1 changes to 0 When the aging time is 0 the Router sends an ARP pro...

Страница 49: ...ink type access port default vlan 100 interface Ethernet 0 0 1 port link type access port default vlan 100 return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 1 ARP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 37 ...

Страница 50: ...ses for the AR150 200 2 3 Configuring IP Addresses for an Interface This section describes how to configure IP addresses for an interface 2 4 Configuring IP Address Unnumbered on an Interface This section describes how to configure IP address unnumbered 2 5 Configuration Examples This section provides several IP address configuration examples Huawei AR150 200 Series Enterprise Routers Configuratio...

Страница 51: ... a subnet the subnet address and the broadcast address of the subnet Both the addresses are called host addresses The AR150 200 supports the 32 bit address mask on a loopback interface 2 3 Configuring IP Addresses for an Interface This section describes how to configure IP addresses for an interface 2 3 1 Establishing the Configuration Task Before configuring IP addresses for an interface familiar...

Страница 52: ... Data 1 Number of the interface 2 Primary IP address and subnet mask of the interface 3 Optional Secondary IP address and subnet mask of the interface 2 3 2 Configuring a Primary IP Address for an Interface An interface has only one primary IP address Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed S...

Страница 53: ...the interface IP address l Run the display ip interface brief interface type interface number command to check brief information about the interface IP address End Example Run the display ip interface command to view information about the IP address on Ethernet1 0 0 Huawei display ip interface ethernet 1 0 0 Ethernet1 0 0 current state UP Line protocol current state UP The Maximum Transmit Unit 15...

Страница 54: ...the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment In some application environments an interface needs to be configured to borrow an IP address from another interface to save IP addresses If an interface is seldom used a fixed IP address is unnecessary You can configure the ...

Страница 55: ...Step 2 Run interface interface type interface number The view of the interface from which an IP address will be borrowed is displayed The interface can be an Ethernet interface a loopback interface an Eth Trunk interface or a VLANIF interface Step 3 Run ip address ip address mask mask length A primary IP address is configured for the interface from which an IP address will be borrowed An interface...

Страница 56: ...and to check brief information about the interface IP address End Example Run the display ip interface command to view information about Eth2 0 0 borrowing an IP address from LoopBack0 Huawei display ip interface ethernet 2 0 0 Ethernet2 0 0 is standby Line protocol current state DOWN The Maximum Transmit Unit 1500 bytes input packets 0 bytes 0 multicasts 0 output packets 0 bytes 0 multicasts 0 Di...

Страница 57: ...nd another two hosts belong to network segment 172 16 2 0 24 The Router is required to access the two network segments Figure 2 1 Network diagram for configuring IP addresses 172 16 1 0 24 172 16 2 0 24 Router Ethernet 0 0 0 172 16 1 1 24 172 16 2 1 24 sub Configuration Roadmap The configuration roadmap is as follows 1 Plan IP addresses for interfaces 2 Configure the primary and secondary IP addre...

Страница 58: ...transmitted 5 packet s received 0 00 packet loss round trip min avg max 25 26 27 ms Ping a host on network segment 172 16 2 0 from the Router The ping operation succeeds Router ping 172 16 2 2 PING 172 16 2 2 56 data bytes press CTRL_C to break Reply from 172 16 2 2 bytes 56 Sequence 1 ttl 128 time 25 ms Reply from 172 16 2 2 bytes 56 Sequence 2 ttl 128 time 26 ms Reply from 172 16 2 2 bytes 56 Se...

Страница 59: ...l Configure IP addresses for Loopback0 interfaces on RouterA and RouterC l Configure OSPF l On RouterA configure Tunnel0 0 1 to borrow the IP address of Loopback0 l On RouterC configure Tunnel0 0 1 to borrow the IP address of Loopback0 Data Preparation To complete the configuration you need the following data l IP address of Loopback0 on RouterA l IP address of Loopback0 on RouterC NOTE This examp...

Страница 60: ...00 bytes input packets 0 bytes 0 multicasts 0 output packets 0 bytes 0 multicasts 0 Directed broadcast packets received packets 0 sent packets 0 forwarded packets 0 dropped packets 0 Internet Address is unnumbered using address of LoopBack0 6 6 6 6 32 Broadcast address 6 6 6 6 TTL being 1 packet number 0 TTL invalid packet number 0 ICMP packet input number 0 Echo reply 0 Unreachable 0 Source quenc...

Страница 61: ...interface LoopBack0 ip address 9 9 9 9 255 255 225 255 interface Tunnel 0 0 1 ip address unnumbered interface LoopBack0 ospf 1 area 0 0 0 0 network 9 9 9 9 0 0 0 0 return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 2 IP Address Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 49 ...

Страница 62: ...solution Protocol ARP ICMP Router Discovery messages and ICMP Redirect messages and introduces neighbor reachability detection 3 5 Configuring IPv4 IPv6 Dual Stacks To establish an IPv6 over IPv4 tunnel you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices where an IPv4 network borders an IPv6 network 3 6 Configuring PMTU By setting the PMTU you can select a...

Страница 63: ...tion roadmap An example is used to describe how to configure an IPv6 address and Neighbor Discovery Protocol for an interface Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 3 Basic IPv6 Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 51 ...

Страница 64: ...ol support IPv6 l POS interfaces Only the POS interfaces configured with PPP or HDLC as the link protocol support IPv6 l Tunnel interfaces l Loopback interfaces l Eth Trunk interfaces Eth Trunk sub interfaces and IP Trunk interfaces l VLANIF interfaces IPv6 Address A 128 bit IPv6 address has the following formats l X X X X X X X X In this format a 128 bit IP address is divided into eight groups Th...

Страница 65: ...te router can be reduced During IPv6 packet transmission only this way can be adopted because IPv6 intermediate routers do not support packet fragmentation The Path MTU PMTU Discovery mechanism aims at finding a proper MTU value on the path from the source to the destination IPv6 FIB Connecting network topologies of different types needs the configuration of different routing protocols This brings...

Страница 66: ...nt When a device communicates with an IPv6 device you need to configure IPv6 address for the interface The AR150 200 supports configuring IPv6 addresses for the following interfaces l Ethernet interfaces and sub interfaces l Tunnel interfaces l Loopback interfaces l Eth Trunk interfaces Eth Trunk sub interfaces support IPv6 only when they work in Layer 3 mode l VLANIF interfaces l VE interfaces l ...

Страница 67: ...resses complete the following tasks l Configuring the physical features of the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Data Preparation To configure IPv6 addresses for an interface you need the following data No Data 1 ...

Страница 68: ...configurations in the interface view you must enable the IPv6 capability in the interface view By default the IPv6 capability is disabled on the interface End 3 3 3 Configuring an IPv6 Link Local Address for an Interface The local address of a link is used in the neighbor discovery protocol and in the communications between nodes on the local end of the link in stateless address auto configuration...

Страница 69: ...s prefix length ipv6 address prefix length or ipv6 address ipv6 address prefix length ipv6 address prefix length eui 64 The global unicast address is configured on the interface End 3 3 5 Configuring an IPv6 Anycast Address for an Interface An anycast address is used to identify a group of interfaces Context Anycast addresses and unicast addresses are in the same address range An anycast address i...

Страница 70: ...ced Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run ipv6 address ipv6 address prefix length ipv6 address prefix length anycast An IPv6 anycast address is assigned to an interface End 3 3 6 Checking the Configuration You can view the configuration of the IPv6 address for an interface Prereq...

Страница 71: ...ipv6 statistics command If the statistics on IPv6 packets is displayed it means that the configuration succeeds Huawei display ipv6 statistics IPv6 Protocol Sent packets Total 3630 Local sent out 3630 Forwarded 0 Raw packets 0 Discarded 0 Fragmented 0 Fragments 0 Fragments failed 0 Multicast 0 Received packets Total 3630 Local host 3630 Hop count exceeded 0 Header error 0 Too big 0 Routing failed ...

Страница 72: ...IPv6 ND configuration is supported on the following interfaces l Ethernet interface sand sub interfaces l Tunnel interfaces l Eth Trunk interfaces Eth Trunk sub interfaces l VLANIF interfaces Pre configuration Tasks Before configuring IPv6 neighbor discovery complete the following tasks l Configuring the physical features for the interface and ensuring that the status of the physical layer of the ...

Страница 73: ...ighbor entry on a sub interface for QinQ VLAN tag termination run the ipv6 neighbor ipv6 address mac address vid vid cevid cevid command NOTE If an interface is configured with dynamic QinQ you cannot configure a static neighbor entry on it Static neighbors can be configured for interfaces and their sub interfaces You can configure up to 300 neighbors on each interface End 3 4 3 Enabling RA Messag...

Страница 74: ...The maximum interval can not be shorter than the minimum interval When the maximum interval is less than 9 seconds the minimum interval is set to the same value as the maximum interval End 3 4 5 Configuring the Address Prefixes to Be Advertised Nodes of the local links can perform address auto configuration by using prefixes of these addresses Procedure Step 1 Run system view The system view is di...

Страница 75: ...p 1 Run system view The system view is displayed Step 2 Run ipv6 nd hop limit limit ND hop limit is configured The value of limit ranges from 1 to 255 By default it is 64 Step 3 Run interface interface type interface number The interface view is displayed Step 4 Run ipv6 nd ra hop limit limit ND hop limit is configured The value of limit ranges from 0 to 255 By default it is 64 NOTE l If the ipv6 ...

Страница 76: ...anner a proper router can be selected to forward packets of a host Context If a host is connected to multiple routers the host must select a router to forward packets based on the destination addresses of packets The router can advertise the default router priority and specified route information to the host so that the host can select a proper forwarding router based on the destination addresses ...

Страница 77: ...ipv6 neighbors interface type interface number vid vid cevid cevid command to check the neighbor information in the cache l Run the display ipv6 interface interface type interface number brief command to check the IPv6 information of an interface If the interface is in the Up state the configuration is successful End Example Run the display ipv6 neighbors command If the cache of the neighbor infor...

Страница 78: ...ay ipv6 interface brief down administratively down l loopback s spoofing Interface Physical Protocol Ethernet2 0 2 up up IPv6 Address 2030 101 101 Ethernet2 0 3 up up IPv6 Address 2001 1 LoopBack0 up up s IPv6 Address Unassigned 3 5 Configuring IPv4 IPv6 Dual Stacks To establish an IPv6 over IPv4 tunnel you need to configure both the IPv4 protocol suite and the IPv6 protocol suite on the devices w...

Страница 79: ... Packet Forwarding To enable IPv6 packet forwarding you need to enable IPv6 in both the interface view and the system view Context To enable a device to forward IPv6 packets you must enable the IPv6 capability in both the system view and the interface view This is because l If you run the ipv6 command only in the system view only the IPv6 packet forwarding capability is enabled on a device The int...

Страница 80: ...6 Addresses for the Interface You need to configure IPv4 and IPv6 addresses separately on the IPv4 and IPv6 networks Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view of the IPv4 network is displayed Step 3 Run ip address ip address mask mask length An IPv4 address is assigned to the interface Step 4 Run quit Retur...

Страница 81: ... Huawei Ethernet1 0 0 display this V200R002C00 interface GigabitEthernet0 0 1 ipv6 enable ip address 20 1 1 1 255 255 255 0 ipv6 address 1002 1 64 ospfv3 1 area 0 0 0 0 return 3 6 Configuring PMTU By setting the PMTU you can select a proper MTU for packet transmission In this manner packets do not have to be fragmented during transmission and loads on intermediate devices are reduced In addition n...

Страница 82: ...You can configure a static PMTU according to the lowest MTU of the path that a packet is to traverse This speeds up packet transmission Procedure Step 1 Run system view The system view is displayed Step 2 Run ipv6 pathmtu ipv6 address path mtu The PMTU value of a specified IPv6 address is configured By default the PMTU of the IPv6 address is 1500 bytes l The maximum number of static PMTU entries i...

Страница 83: ... IPv6 address the PMTU value the aging time and type are displayed it means that the configuration succeeds Huawei display ipv6 pathmtu all IPv6 Destination Address ZoneID PathMTU LifeTime M Type fe80 12 0 1300 40 Dynamic 2222 3 0 1280 Static Total 2 Dynamic 1 Static 1 Run the display ipv6 interface command If the current MTU of the interface is displayed it means that the configuration succeeds H...

Страница 84: ...ollowing tasks l Connecting and configuring the physical features for the interface and ensuring that the status of the physical layer of the interface is Up l Configuring the link layer protocol parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up Data Preparation To configure TCP6 you need the following data No Data 1 Value of TCP6 FIN WAIT ...

Страница 85: ...ze of the TCP6 sliding window ranges from 1 KB to 32 KB By default the size of the TCP6 sliding window is 8 KB End 3 7 4 Checking the Configuration You can view the configuration of TCP6 Prerequisites The configurations of the TCP6 function are complete Procedure l Run the display tcp ipv6 statistics command to check related TCP6 statistics l Run the display tcp ipv6 status command to check the TC...

Страница 86: ...uding 0 RST window probe packets 0 window update packets 0 data packets 0 0 bytes data packets retransmitted 0 0 bytes ACK only packets 0 0 delayed packets sent with MD5 Signature Option 0 Other Statistics retransmitted timeout 0 connections dropped in retransmitted timeout 0 keepalive timeout 0 keepalive probe 0 keepalive timeout so connections disconnected 0 initiated connections 0 accepted conn...

Страница 87: ...s clearance of information about IPv6 operation through the reset command Context CAUTION IPv6 statistics cannot restore after you clear it So confirm the action before you use the command Procedure l Run the reset ipv6 statistics command in the user view to clear statistics of processing IPv6 packets after you confirm it l Run the reset ipv6 pathmtu all dynamic static command in the user view to ...

Страница 88: ...ter B are connected through GE interfaces It is required to configure IPv6 global unicast addresses for the interfaces and test the connectivity between them The IPv6 global unicast addresses to be configured for the interfaces are 3001 1 64 and 3001 2 64 Figure 3 1 Networking diagram of configuring an IPv6 address for an interface RouterA RouterB Eth 1 0 0 3001 1 64 Eth 1 0 0 3001 2 64 Configurat...

Страница 89: ...rmation of Router A RouterA display ipv6 interface ethernet 1 0 0 Ethernet1 0 0 current state UP IPv6 protocol current state UP IPv6 is enabled link local address is FE80 2E0 FCFF FE01 E3 Global unicast address es 3001 1 subnet is 3001 64 Joined group address es FF02 1 FF00 1 FF02 2 FF02 1 FF02 1 FF01 E3 MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 millis...

Страница 90: ...cs 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 2 2 2 ms End Configuration Files l Configuration file of Router A sysname RouterA ipv6 interface ethernet1 0 0 ipv6 enable ipv6 address 3001 1 64 return l Configuration file of Router B sysname RouterB ipv6 interface ethernet1 0 0 ipv6 enable ipv6 address 3001 2 64 return 3 9 2 Example for Configuring IPv6 Neighb...

Страница 91: ...v6 Configure RouterB Huawei system view Huawei sysname RouterB RouterB ipv6 Step 2 Configure the link local unicast address Configure RouterA RouterA interface ethernet 1 0 0 RouterA Ethernet1 0 0 ipv6 enable RouterA Ethernet1 0 0 ipv6 address auto link local Configure RouterB RouterB interface ethernet 1 0 0 RouterB Ethernet1 0 0 ipv6 enable RouterB Ethernet1 0 0 ipv6 address auto link local Step...

Страница 92: ...about GE 1 0 0 on RouterB RouterB Ethernet1 0 0 display this ipv6 interface Ethernet1 0 0 current state UP IPv6 protocol current state UP IPv6 is enabled link local address is FE80 A19 A6FF FE9B 6D3B No global unicast address configured Joined group address es FF02 1 FF9B 6D3B FF02 2 FF02 1 MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 milliseconds ND retr...

Страница 93: ...erA sysname RouterA ipv6 interface Ethernet1 0 0 ipv6 enable ipv6 address auto link local undo ipv6 nd ra halt return l Configuration file of RouterB sysname RouterB ipv6 interface Ethernet1 0 0 ipv6 enable ipv6 address auto link local undo ipv6 nd ra halt return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 3 Basic IPv6 Configuration Issue 02 2012 03 30 Huawei Propriet...

Страница 94: ...4 Configuring DNS Proxy or Relay This section describes how to configure DNS proxy or relay 4 5 Configuring a DDNS Client The AR150 200 can function as the DDNS client to dynamically obtain latest mappings between domain names of web sites and IP addresses on the DNS server This allows your organization to use domain names to access web sites 4 6 Maintaining DNS This section describes how to maint...

Страница 95: ...base If no matching entry is found it sends a query message to an upper level DNS server This process continues until the DNS server finds the corresponding IP address or detecting that the domain name does not exist The DNS server then sends a response to the DNS client AR150 200 Functioning as a DNS Proxy Relay The AR150 200 supports the DNS Proxy Relay function If no DNS server is deployed on a...

Страница 96: ...must know mappings between domain names and IP addresses When mappings between domain names and IP addresses change you must manually modify DNS entries If your organization uses domain names to access many devices and DNS servers are available you can configure dynamic DNS entries Pre configuration Tasks Before configuring a DNS client complete the following tasks l Connecting interfaces and sett...

Страница 97: ...r and configure a source IP address for the local routing device and a domain name suffix If the local routing device uses an IP address allocated by the DHCP server and the information delivered by the DHCP server to the local routing device contains the DNS server address and the domain name suffix list you only need to enable dynamic DNS resolution Procedure Step 1 Run system view The system vi...

Страница 98: ... check the DNS server configuration l Run the display dns domain command to check the domain name suffix configuration l Run the display dns dynamic host command to check dynamic DNS entries End Example Run the display ip host command to view static DNS entries Huawei display ip host Host Age Flags Address www 3322 org 0 static 10 138 90 34 members 3322 org 0 static 10 138 90 51 checkip dyndns com...

Страница 99: ...ith DNS proxy or relay After the external DNS server translates the domain name of the DNS client to an IP address the DNS client can access the Internet DNS proxy or relay reduces network management costs Changing the IP address of the DNS server requires that you change only the configuration on the DNS proxy or relay Pre configuration Tasks Before configuring DNS proxy or relay complete the fol...

Страница 100: ... DNS clients If DNS spoofing is enabled the AR150 200 uses the configured IP address to respond to all DNS query messages In addition to enabling DNS proxy or relay one of the following conditions must be met to make DNS spoofing take effect l No DNS server is configured l A DNS server is configured but dynamic DNS resolution is disabled l There is no route to the DNS server l There is no source I...

Страница 101: ...lay is attacked the DNS table becomes full As a result the DNS proxy or relay cannot resolve new domain names into IP addresses To solve the problem you can set the aging time of DNS entries so that the local routing device can delete expired DNS entries Procedure Step 1 Run system view The system view is displayed Step 2 Run dns proxy enable DNS proxy is enabled Or run dns relay enable DNS relay ...

Страница 102: ...ites 4 5 1 Establishing the Configuration Task Before configuring a DDNS client familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment DNS can resolve domain names into IP addresses so that you can use domain names to...

Страница 103: ... local routing device and the DDNS server Data Preparation No Data 1 URL in the DDNS server 2 Optional Interval for sending DDNS update requests 3 Number of the interface bound to a DDNS policy 4 5 2 Creating a DDNS Policy Before using DDNS functions you must create a DDNS policy in the system view Procedure Step 1 Run system view The system view is displayed Step 2 Run ddns policy policy name A D...

Страница 104: ...DNS update request is oray username password phddnsdev oray net Step 4 Run interval interval time The interval for sending DDNS update requests is set After the interval for sending DDNS update requests is set in the configured DDNS policy the AR150 200 sends DDNS update requests at intervals By default the interval for sending DDNS update requests is 3600s End 4 5 4 Binding a DDNS Policy to an In...

Страница 105: ...ind count 1 interface Ethernet1 0 0 Statuses START Refresh enable Run the display ddns interface command to view the DDNS policy information on VLANIF 100 Huawei display ddns interface Vlanif 100 Policy JackPolicy URL oray Jack Jack2010 phddnsdev oray net Statuses START Refresh enable 4 6 Maintaining DNS This section describes how to maintain DNS 4 6 1 Deleting Dynamic DNS Entries of DNS Clients T...

Страница 106: ...s and host names in the DDNS policy are updated End 4 7 Configuration Examples This section provides DNS configuration examples 4 7 1 Example for Configuring a DNS Client Networking Requirements As shown in Figure 4 1 RouterA functions as a DNS client and cooperates with the DNS server RouterA can access the host at 2 1 1 3 16 by domain name huawei com The domain name suffixes are configured as co...

Страница 107: ... the following data l Number and IP address of the interface connecting RouterA and RouterB l Domain names of RouterB and RouterC l IP address of the DNS server l Domain name suffix Procedure Step 1 Configure RouterA Configure an IP address for Eth1 0 0 Huawei system view Huawei sysname RouterA RouterA interface Ethernet 1 0 0 RouterA Ethernet1 0 0 ip address 1 1 1 2 255 255 0 0 RouterA Ethernet1 ...

Страница 108: ...s CTRL_C to break Reply from 2 1 1 3 bytes 56 Sequence 1 ttl 126 time 6 ms Reply from 2 1 1 3 bytes 56 Sequence 2 ttl 126 time 4 ms Reply from 2 1 1 3 bytes 56 Sequence 3 ttl 126 time 4 ms Reply from 2 1 1 3 bytes 56 Sequence 4 ttl 126 time 4 ms Reply from 2 1 1 3 bytes 56 Sequence 5 ttl 126 time 4 ms huawei com ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip...

Страница 109: ...ck0 ip address 4 1 1 1 255 255 255 255 interface Ethernet 1 0 0 ip address 1 1 1 1 255 255 0 0 interface Ethernet 2 0 0 ip address 2 1 1 1 255 255 0 0 ospf 1 area 0 0 0 0 network 1 1 0 0 0 0 255 255 network 2 1 0 0 0 0 255 255 network 4 1 1 1 0 0 0 0 return Configuration file of RouterC sysname RouterC interface LoopBack0 ip address 4 1 1 2 255 255 255 255 interface Ethernet 1 0 0 ip address 3 1 1...

Страница 110: ... DNS proxy RouterA DNS Server DNS Proxy 2 1 1 1 16 RouterB 1 1 1 1 16 Eth1 0 0 1 1 1 2 16 Eth2 0 0 2 1 1 2 16 Eth1 0 0 NetworkA Configuration Roadmap The configuration roadmap is as follows 1 Configure a DNS server 2 Configure DNS spoofing Data Preparation To complete the configuration you need the following data l IP address of the DNS server l Aging time of DNS entries l IP address configured by...

Страница 111: ...it NOTE You must configure OSPF on RouterB so that a route between RouterA and the DNS server can be generated For details about OSPF configurations on RouterB see the configuration file Step 5 Verify the configuration Run the display current configuration command on RouterA to view the DNS proxy configuration RouterA display current configuration include dns dns resolve dns server 2 1 1 1 dns pro...

Страница 112: ...etween the domain name and the IP address The DDNS service provider www oray com is used as the DDNS server RouterA functions as the DDNS client to send a request to the DDNS server when the IP address of RouterA changes Then the DDNS server instructs the DNS server to reconfigure the mapping between the domain name and the IP address NOTE AR150 200 is RouterA Figure 4 3 Network diagram Loopback0 ...

Страница 113: ... ddns policy mypolicy interval 3600 RouterA ddns policy mypolicy quit Enable DNS resolution RouterA dns resolve Configure an IP address for the DNS server RouterA dns server 3 1 1 2 Bind the DDNS policy to Eth1 0 0 RouterA interface ethernet 1 0 0 RouterA Ethernet1 0 0 ip address 1 1 1 2 255 255 0 0 RouterA Ethernet1 0 0 ddns apply policy mypolicy fqdn www abc com RouterA Ethernet1 0 0 quit After ...

Страница 114: ...TABLISH Refresh enable Run the display ddns interface ethernet 1 0 0 command on RouterA and you can view information about the DDNS policy on Eth1 0 0 RouterA display ddns interface ethernet 1 0 0 Policy mypolicy URL oray steven nevets phddnsdev oray net Statuses ESTABLISH Refresh enable End Configuration Files Configuration file of RouterA sysname RouterA ddns policy mypolicy url oray steven neve...

Страница 115: ...C interface LoopBack0 ip address 4 1 1 2 255 255 255 255 interface Ethernet1 0 0 ip address 3 1 1 1 255 255 0 0 interface Ethernet2 0 0 ip address 2 1 1 2 255 255 0 0 ospf 1 area 0 0 0 0 network 2 1 0 0 0 0 255 255 network 3 1 0 0 0 0 255 255 network 4 1 1 2 0 0 0 0 return Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 4 DNS Configuration Issue 02 2012 03 30 Huawei Propr...

Страница 116: ... NAT port address translation PAT internal server NAT Application Level Gateway ALG NAT filtering NAT mapping Easy IP twice NAT and NAT multi instance 5 3 Configuring NAT To implement communication between the private network and the public network through NAT use Easy IP for a single user and an address pool for multiple users 5 4 Configuration Examples This section provides several configuration...

Страница 117: ...her networks Principle of NAT As shown in Figure 5 1 the private address must be translated when a host on a private network accesses the Internet or interworks with the hosts on a public network Figure 5 1 Networking of NAT PC WWWclient PC 10 1 1 10 10 1 1 48 Internalnetwork Externalnetwork 203 196 3 23 WWW Server 202 18 245 251 Router The private network uses network segment 10 0 0 0 and its pub...

Страница 118: ...the private address PAT Port address translation PAT which is also called network address port translation NAPT maps a public address to multiple private addresses Therefore public addresses are saved PAT translates source IP addresses of packets from hosts that reside on the private network to a public address The translated port numbers of these packets are different and the private addresses ca...

Страница 119: ... Web servers for example can be provided for external user You can configure an internal server and map the public address and port to the internal server In this way hosts on the public network can access the internal server NAT Mapping The NAT function saves IPv4 addresses and improves network security NAT implementation of different vendors may be different therefore the applications using the ...

Страница 120: ...nation addresses The twice NAT technology applies to the scenario where IP addresses of hosts on private and public networks overlap As shown in Figure 5 3 the IP address of PC1 on the private network is the same as the IP address of PC3 on the public network If PC2 on the private network sends a packet to PC3 the packet will be forwarded to PC1 Twice NAT translates the overlapping IP address into...

Страница 121: ...lapping address 10 0 0 1 3 The AR150 200 sends the packet to the WAN side outbound interface The packet is then forwarded to PC3 hop by hop 4 When the packet sent from PC3 to PC2 reaches the AR150 200 the AR150 200 checks the source address 10 0 0 1 which is the overlapping address it is in the overlapping address pool The AR150 200 translates the source address to the temporary address 3 0 0 1 an...

Страница 122: ...mber private address the VPN instance may be included optional private port number and subnet mask 5 Index of the overlapping address pool and temporary address pool start IP address address pool length and optional VPN instance 6 Domain name public address and public port number 5 3 2 Configuring an Address Pool Configure a NAT address pool when multiple users on the private network need to acces...

Страница 123: ...tes source addresses of data packets matching the ACL to an IP address in the address pool Different IP address translation entries can be configured on an interface In the command no pat indicates one to one NAT that is only the IP address is translated and the port number is not translated End 5 3 4 Configuring Easy IP Easy IP uses an interface IP address as the source address of data packets ma...

Страница 124: ...tcp udp global global address inside host address vpn instance vpn instance name acl acl number description description An internal server is configured Users on the public network can access the configured internal server When a host on the public network sends a connection request to the public address global address of the internal server NAT translates the destination address of the request to...

Страница 125: ...End 5 3 7 Enabling NAT ALG Errors may occur when NAT translates protocol packets encapsulated in IP data packets The NAT ALG function ensures that the protocol packets are translated successfully Procedure Step 1 Run system view The system view is displayed Step 2 Run nat alg all dns ftp rtsp sip enable The NAT ALG function is enabled After the NAT ALG function is enabled for an application protoc...

Страница 126: ...erse the NAT server Context The NAT function saves IPv4 addresses and improves network security NAT mapping has the following modes l Endpoint independent mapping reuses the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port l Address dependent mapping reuses the port mapping for subsequent packets sent from the same internal IP ...

Страница 127: ... on the AR150 200 Step 3 Run nat alg all dns ftp rtsp sip enable The NAT ALG function is enabled for DNS CAUTION The NAT ALG function allows hosts on a private network to access servers on the private network through the external DNS server End 5 3 11 Configuring Twice NAT Twice NAT translates both the source and destination IP addresses of a data packet It applies to the situation where IP addres...

Страница 128: ...of the NAT address pool l Run the display nat dns map domain name command to check information about DNS mapping l Run the display nat outbound acl acl number address group group index interface Ethernet interface number subnumber command to check information about outbound NAT l Run the display nat overlap address map index all inside vpn instance inside vpn instance name command to check informa...

Страница 129: ...s 202 169 10 33 24 and the interface address of the AR150 200 connected to the carrier device is 202 169 10 2 24 Figure 5 4 Network diagram for configuring the NAT server Eth2 0 0 Router FTP Server 10 0 0 3 24 WWW Server 192 168 20 2 8080 Eth0 0 0 Eth0 0 1 Host Configuration Roadmap The configuration roadmap is as follows 1 Configure IP addresses for interfaces and configure the NAT servers on the...

Страница 130: ...l tcp global 202 169 10 33 ftp inside 10 0 0 3 ftp Huawei Ethernet2 0 0 quit Step 2 On the AR150 200 configure a static route with the next hop address 202 169 10 2 Huawei ip route static 0 0 0 0 0 0 0 0 202 169 10 2 Step 3 Enable the NAT ALG function for FTP packets on the AR150 200 Huawei nat alg ftp enable Step 4 Verify the configuration Run the display nat server command on the AR150 200 to vi...

Страница 131: ... enabled on the AR150 200 To ensure the security of company A s intranet you need to use the IP addresses in the public address pool 202 169 10 100 202 169 10 200 to replace the host addresses of area A on the network segment 192 168 20 0 24 The hosts of area A then can access servers on the WAN The intranet of area B is also connected to the WAN through the AR150 200 Only a few public IP addresse...

Страница 132: ...0 ip address 192 168 20 1 24 Huawei Vlanif100 quit Huawei interface Ethernet 0 0 0 Huawei Ethernet0 0 0 port link type access Huawei Ethernet0 0 0 port default vlan 100 Huawei Ethernet0 0 0 quit Huawei vlan 200 Huawei vlan200 quit Huawei interface vlanif 200 Huawei Vlanif200 ip address 10 0 0 1 24 Huawei Vlanif200 quit Huawei interface Ethernet 0 0 1 Huawei Ethernet0 0 1 port link type access Huaw...

Страница 133: ... 1 202 169 10 2 PING 202 169 10 2 56 data bytes press CTRL_C to break Reply from 202 169 10 2 bytes 56 Sequence 1 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 2 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 3 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 4 ttl 255 time 1 ms Reply from 202 169 10 2 bytes 56 Sequence 5 ttl 255 time 1 ms Huawei ping a 10 0 0...

Страница 134: ...host A on the public network When PC2 sends a packet to host A the packet may be forwarded to PC1 In addition to the network address translation function twice NAT of the AR150 200 specifies the mapping between the overlapping address pool and the temporary address pool The overlapping IP address is translated to a unique temporary address so that packets can be forwarded correctly Figure 5 6 Netw...

Страница 135: ...ei Ethernet2 0 0 quit Step 2 Configure DNS mappings on the AR150 200 Huawei nat alg dns enable Huawei nat dns map www Server com 192 168 20 2 80 tcp Step 3 Configure the mapping between the overlapping address pool and the temporary address pool on the AR150 200 Huawei nat overlap address 0 192 168 20 2 202 169 100 2 pool length 254 Step 4 Configure a static route on theAR150 200 from the temporar...

Страница 136: ... 5 permit ip source 192 168 20 0 0 0 0 255 nat alg dns enable nat address group 1 160 160 0 2 160 160 0 254 nat dns map www server com 192 168 20 2 80 tcp nat overlap address 0 192 168 20 2 202 169 100 2 pool length 254 ip route static 202 169 100 2 255 255 255 255 Ethernet2 0 0 202 169 10 2 interface Vlanif100 ip address 192 168 20 1 255 255 255 0 interface Vlanif200 ip address 10 0 0 1 255 255 2...

Страница 137: ...om the address pool 6 5 Configuring a DHCP Relay Agent This section describes how a DHCP client communicates with a DHCP server on another network segment by using a DHCP relay agent to obtain an IP address and other configurations 6 6 Configuring a DHCP BOOTP Client After a Layer 3 interface of the AR150 200 is specified to function as a DHCP BOOTP client the interface can dynamically obtain an I...

Страница 138: ...ation examples provide networking requirements networking diagram precautions configuration roadmaps and configuration procedures Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 6 DHCP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 126 ...

Страница 139: ...IP address a subnet mask and a default gateway the server responds with a packet carrying the requested configurations according to a certain policy Both the request packet and the response packet are encapsulated as UDP packets When the AR150 200 functions as a server create an address pool on the AR150 200 to provide IP addresses to DHCP clients The address pool can be a global address pool or a...

Страница 140: ...uired for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment When the AR150 200 functions as a DHCP server you can configure a global address pool on the AR150 200 The AR150 200 then allocates IP addresses and configuration parameters to clients from the global address pool The global address pool applies to the following scenarios DH...

Страница 141: ...ptions on the DHCP server Data Preparation To configure the DHCP server based on a global address pool you need the following data No Data 1 Name of a global address pool IP address range and lease optional range of IP addresses that cannot be assigned dynamically and optional IP and MAC address entries that need to be statically bound 2 Egress gateway of a DHCP client 3 Optional IP address of the...

Страница 142: ...e same network segment as the interface to users who get online from the interface If no IP address is configured for the interface or there is no address pool having the same network segment as the interface users cannot get online l If a DHCP client and the AR150 200 functioning as a DHCP server are on different network segments and a DHCP relay agent is deployed between them the AR150 200 parse...

Страница 143: ...nal Run lease day day hour hour minute minute unlimited An IP address lease is configured By default the IP address lease is one day The DHCP server can specify different IP address leases for different address pools All IP addresses in an address pool must have the same lease Step 5 Optional Run excluded ip address start ip address end ip address The range of the IP addresses that cannot be dynam...

Страница 144: ...nd ip address IP addresses that cannot be released from the IP address pool are recycled End 6 3 4 Optional Configuring the DNS Service and NetBIOS Service Dynamically on the DHCP Client When functioning as the DHCP server the AR150 200 is configured to dynamically allocate carrier provided DNS and NetBIOS configurations to the DHCP clients Context The DNS and NetBIOS configurations have been spec...

Страница 145: ... is displayed Step 3 Run domain name domain name The DNS domain name that is assigned to the DHCP client is configured On the DHCP server you can specify a DNS domain name used by the client for each address pool Step 4 Run dns list ip address 1 8 The IP address of the DNS server connected to the DHCP client is configured To perform load balancing on traffic and improve network reliability you can...

Страница 146: ...n ip pool ip pool name The IP address pool view is displayed Step 3 Run nbns list ip address 1 8 The IP address of the NetBIOS server connected to the DHCP client is configured An address pool can be configured with a maximum of eight NetBIOS server addresses Step 4 Run netbios type b node h node m node p node A NetBIOS node type is specified for the DHCP client By default the client is not specif...

Страница 147: ...of options before running the option command For descriptions of common DHCP options see RFC 2132 End 6 3 8 Optional Configuring the Function That Prevents Identical IP Addresses Before assigning an IP address to a client the AR150 200 functioning as a DHCP server must ping the IP address to prevent address conflicts Context You can use the dhcp server ping command to check whether a response to t...

Страница 148: ...tics command to check the statistics on the DHCP server l Run the display ip pool name ip pool name low ip address high ip address all expired conflict used command to check information about the configured global address pool End Example Run the display dhcp server statistics command to view statistics on the DHCP server Huawei display dhcp server statistics DHCP Server Statistics Client Request ...

Страница 149: ...n interface address pool familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment On the AR150 200 functioning as a DHCP server you can configure an interface address pool As shown in Figure 6 3 interface address pools ...

Страница 150: ...de of a user defined DHCP option and ASCII string hexadecimal number or IP address of the option 6 4 2 Configuring Interface Address Pool Attributes This section describes how to configure the attributes for an interface address pool including IP address lease IP addresses that cannot be assigned dynamically and IP addresses that are bound manually IP addresses in the interface address pool can be...

Страница 151: ...luded ip address command multiple times specifies multiple IP addresses that cannot be dynamically assigned Step 8 Optional Run dhcp server static bind ip address ip address mac address mac address An IP address in the interface address pool is bound to a MAC address manually If a user requires a fixed IP address you can bind an unused IP address in the interface address pool to the MAC address of...

Страница 152: ...guring the Static DNS Service on a DHCP Client This section describes how to specify the DNS domain name used by the DHCP client on the network and the IP address of the DNS server Context When a host accesses the Internet through the domain name the domain name needs to be resolved to the IP address This is implemented by the DNS To ensure that a DHCP client can successfully connect to the Intern...

Страница 153: ...s between the host names and IP addresses need to be established The DHCP client can be specified as one of the following NetBIOS nodes based on mappings between host names and IP addresses l B node b indicates broadcast B nodes obtain mappings between host names and IP addresses in broadcast mode l P node p indicates peer to peer P nodes obtain mappings between host names and IP addresses from th...

Страница 154: ...red by using commands If these commands are not supported by the device you can run the option command to configure values for the options corresponding to the DNS service NetBIOS service and IP address lease The related commands are as follows l DNS service dhcp server domain name and dhcp server dns list l NetBIOS service dhcp server nbns list and dhcp server netbios type l IP address lease dhcp...

Страница 155: ...does not receive a response packet the IP address is not used on the local network segment This ensures that the IP address to be assigned is unique Procedure Step 1 Run system view The system view is displayed Step 2 Run dhcp server ping packet number The maximum number of ping packets that the AR150 200 can send to the same destination is configured The default value is 0 The AR150 200 sends no ...

Страница 156: ...lanif10 Pool No 2 Lease 1 Days 0 Hours 0 Minutes Domain name DNS server0 NBNS server0 Netbios type Position Interface Status Unlocked Gateway 0 192 168 10 2 Mask 255 255 255 0 VPN instance Start End Total Used Idle Expired Conflict Disable 192 168 10 1 192 168 10 254 253 0 253 0 0 0 6 5 Configuring a DHCP Relay Agent This section describes how a DHCP client communicates with a DHCP server on anoth...

Страница 157: ... Relay Internet DHCP Server NOTE AR150 200WAN side Ethernet interfaces do not support DHCP relay Pre configuration Tasks Before configuring a DHCP relay agent complete the following tasks l Configuring a DHCP server l Configuring a route destined to the DHCP server on the AR150 200 Data Preparation To configure a DHCP relay agent you need the following data No Data 1 Name of a DHCP server group 2 ...

Страница 158: ...ace or its sub interface a Layer 3 Eth trunk interface or its sub interface or a VLANIF interface can be configured to function as a DHCP relay agent Step 4 Run ip address ip address mask mask length An IP address is configured for the interface NOTE The IP address of the egress gateway that is configured in the IP address pool of the server must be consistent with the IP address of the DHCP relay...

Страница 159: ...roup comprises a maximum of eight DHCP servers If no indexes are specified for the DHCP group servers the system automatically assigns idle indexes to them End 6 5 4 Binding a DHCP Server Group to a DHCP Relay Interface This section describes how to bind a DHCP server group to an interface enabled with the DHCP relay function After this configuration DHCP clients can access the DHCP server in the ...

Страница 160: ... its sub interface a Layer 3 Eth trunk interface or its sub interface or a VLANIF interface can be configured to function as a DHCP relay agent Step 3 Run dhcp relay release client ip address mac address server ip address A request packet is sent to the DHCP server to instruct the server to reclaim the IP address that is obtained by a DHCP client End 6 5 6 Checking the Configuration This section d...

Страница 161: ...om servers 0 DHCP OFFER packets received 0 DHCP ACK packets received 0 DHCP NAK packets received 0 DHCP packets sent to servers 0 DHCP Bad packets received 0 Run the display dhcp server group group name command to view the configurations of DHCP server group 1 Huawei display dhcp server group group1 Group name group1 Group type 0 Server IP 100 10 10 1 1 Server IP 100 10 10 2 Gateway VPN instance 1...

Страница 162: ...r the DHCP server on the AR150 200 Data Preparation To configure a DHCP BOOTP client you need the following data No Data 1 Name of a DHCP server group 2 IP addresses of DHCP servers in the DHCP server group 3 Number and IP address of the interface on which the DHCP relay function is enabled 6 6 2 Optional Configuring the DHCP BOOTP Client Attributes The DHCP BOOTP client attributes can be used to ...

Страница 163: ... 2 Run dhcp enable The DHCP service is enabled 3 Run interface interface type interface number The interface view is displayed On the AR150 200 a Layer 3 Ethernet interface or its sub interface a Layer 3 Eth trunk interface or its sub interface or a VE interface can be configured to function as a BOOTP client 4 Run ip address bootp client hostname hostname A host name is configured for the BOOTP c...

Страница 164: ...w is displayed On the AR150 200 a Layer 3 Ethernet interface or its sub interface a Layer 3 Eth trunk interface or its sub interface or a VE interface can be configured to function as a BOOTP client 4 Run ip address bootp alloc The BOOTP client function is enabled on the AR150 200 End 6 6 4 Checking the Configuration This section describes how to check the configurations of the DHCP BOOTP client P...

Страница 165: ...rror 0 6 7 Configuring the DHCP Rate Limit Function You can configure the highest rate at which DHCP packets are sent to the protocol stack in the system view VLAN view or interface view If different rates are configured in these views the rate configured in the interface view takes effect If this rate does not take effect the rate configured in the VLAN view takes effect If the rate configured in...

Страница 166: ...d threshold The alarm threshold for the DHCP message checking is configured By default the threshold is 100 If the number of packets that are discarded because their sending rates exceed the upper limit is larger than the threshold an alarm is generated l Configure the highest rate at which DHCP packets are sent to the protocol stack in the VLAN view 1 Run system view The system view is displayed ...

Страница 167: ...enable The DHCP message checking alarm on an interface is enabled By default this function is disabled 6 Optional Run dhcp alarm dhcp rate threshold threshold The alarm threshold for the DHCP message checking on an interface is configured By default the threshold is 100 When the number of packets that are discarded because their sending rates exceed the upper limit is larger than the threshold an ...

Страница 168: ...er view to clear the statistics on a DHCP relay agent End 6 8 2 Monitoring the Operating Status of DHCP This section describes how to check the operating status of DHCP in any view for routine maintenance Procedure l Run the display dhcp relay all interface interface type interface number command to check the DHCP server group that is bound to the relay interface and information about the group se...

Страница 169: ...uter that functions as a DHCP server Office 1 belongs to the network segment 10 1 1 0 25 and all hosts in Office 1 are added to VLAN 10 These hosts use the DNS service but not the NetBIOS service Office 2 belongs to the network segment 10 1 1 128 25 and all hosts in Office 2 are added to VLAN 20 These hosts use both DNS and NetBIOS services A global address pool needs to be configured on the Route...

Страница 170: ...ANIF 20 10 1 1 1 and 10 1 1 129 respectively Procedure Step 1 Enable the DHCP function Huawei system view Huawei sysname Router Router dhcp enable Step 2 Create IP address pools and configure related attributes Create pool1 and configure attributes for pool1 including address range DNS server address egress gateway and IP address lease Router ip pool pool1 Router ip pool pool1 network 10 1 1 0 mas...

Страница 171: ...ected to VLANIF 20 to obtain IP addresses from the global address pool Router interface vlanif 20 Router Vlanif20 ip address 10 1 1 129 255 255 255 128 Router Vlanif20 dhcp select global Router Vlanif20 quit Step 4 Verify the configuration Run the display ip pool command on the Router You can view the configurations of the IP address pool Router display ip pool Pool name pool1 Pool No 0 Position L...

Страница 172: ...on describes how to configure a DHCP server based on an interface address pool After the configuration is complete the clients can obtain IP address from the server that is on the network of the DHCP client Networking Requirements As shown in Figure 6 6 the two offices of a company are deployed on the same network To save resources all hosts in the two offices are assigned IP addresses by the Rout...

Страница 173: ...nable the interface address pool 4 Configure address pool attributes for the clients including the DNS server address NetBOIS server address and IP address leases Data Preparation To complete the configuration you need the following data 1 IP addresses of VLANIF 10 and VLANIF 20 10 1 1 1 and 10 1 2 1 respectively 2 IP address leases for Office 1 and Office 2 30 days and 20 days respectively 3 IP a...

Страница 174: ...nterface address pool Configure the DNS and NetBOIS services for VLANIF 10 address pool Router interface vlanif 10 Router Vlanif10 dhcp server domain name huawei com Router Vlanif10 dhcp server dns list 10 1 1 2 Router Vlanif10 dhcp server nbns list 10 1 1 3 Router Vlanif10 dhcp server excluded ip address 10 1 1 2 Router Vlanif10 dhcp server excluded ip address 10 1 1 3 Router Vlanif10 dhcp server...

Страница 175: ...r vlan batch 10 to 20 dhcp enable interface Vlanif10 ip address 10 1 1 1 255 255 255 0 dhcp select interface dhcp server dns list 10 1 1 2 dhcp server netbios type b node dhcp server nbns list 10 1 1 3 dhcp server excluded ip address 10 1 1 2 10 1 1 3 dhcp server lease day 30 hour 0 minute 0 dhcp server domain name huawei com interface Vlanif20 ip address 10 1 2 1 255 255 255 0 dhcp select interfa...

Страница 176: ...ured to function as a DHCP relay agent to forward DHCP packets so that the DHCP clients can obtain IP addresses and other configurations from the DHCP server On RouterA the public address of Ethernet0 0 8 is 100 10 20 1 24 and the interface address of RouterA connected to the carrier device is 100 10 20 2 24 On RouterB the public address of Ethernet3 0 0 is 100 10 10 1 24 and the interface address...

Страница 177: ...r to the group Create a DHCP server group Huawei system view Huawei sysname RouterA RouterA dhcp server group dhcpgroup1 Add a DHCP server to the DHCP server group RouterA dhcp server group dhcpgroup1 dhcp server 100 10 10 1 RouterA dhcp server group dhcpgroup1 quit 2 Enable the DHCP relay function on VLANIF 100 Create a VLAN and add Ethernet 2 0 0 to the VLAN RouterA vlan batch 100 RouterA interf...

Страница 178: ...A This ensures that the route from the DHCP server to the network segment 20 20 20 0 24 is reachable The configuration details are not provided here l Configure a default route on RouterB RouterA ip route static 0 0 0 0 0 0 0 0 100 10 10 2 l Verify the configuration Run the display dhcp relay command on RouterA You can view the DHCP relay configurations on VLANIF 100 RouterA display dhcp relay int...

Страница 179: ... 0 0 0 100 10 10 2 return 6 9 4 Example for Configuring the DHCP and BOOTP Clients This section describes how to configure the DHCP and BOOTP clients Networking Requirements As shown in Figure 6 8 Router A functions as a DHCP client Router B functions as a BOOTP client Router C functions as a DHCP server Router A dynamically obtains an IP address a DNS server address and a gateway address from Rou...

Страница 180: ...address of Eth1 0 0 on Router C 10 1 1 1 3 IP address of the egress gateway configured for the DHCP client 10 1 1 126 4 IP address of the DNS server connected to the DHCP client 10 1 1 2 Procedure l Configure the DHCP client function on Router A Enable the DHCP service Huawei system view Huawei sysname RouterA RouterA dhcp enable Enable the DHCP client function on Eth 1 0 0 RouterA interface ether...

Страница 181: ...You can view the configurations of the DHCP client function RouterA display current configuration interface Ethernet1 0 0 ip address dhcp alloc Run the display interface command on Router A after the interface obtains an IP address You can view the IP address of the interface RouterA display interface ethernet 1 0 0 Ethernet1 0 0 current state DOWN Line protocol current state DOWN Description HUAW...

Страница 182: ...Interface Route Port The Maximum Transmit Unit is 1500 Internet Address is allocated by DHCP 10 1 1 22 24 IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc11 000a Last physical up time 2007 12 01 10 48 50 Last physical down time 2007 12 01 10 52 56 Current system time 2007 12 01 16 52 01 Port Mode COMMON COPPER Speed 100 Loopback NONE Duplex FULL Negotiation ENABLE Mdi AUTO La...

Страница 183: ...t 1 0 0 ip address dhcp alloc return Configuration file of Router B sysname RouterB dhcp enable interface Ethernet 1 0 0 ip address bootp alloc return Configuration file of Router C sysname RouterC dhcp enable ip pool pool1 network 10 1 1 0 mask 24 gateway list 10 1 1 126 static bind ip address 10 1 1 3 mac address a234 e211 a256 dns list 10 1 1 2 interface Ethernet 1 0 0 ip address 10 1 1 1 24 dh...

Страница 184: ... which DHCP packets are sent to Router A This allows Router A to effectively defend against DHCP attack packets and to process requests of authorized users in time Figure 6 9 Networking diagram for configuring the DHCP relay DHCP Server Internet DHCP Client DHCP Client Attacker DHCP Relay RouterB RouterA Configuration Roadmap The configuration roadmap is as follows l Configure the highest rate at ...

Страница 185: ...nt configuration include dhcp command on Router A You can view the DHCP function and DHCP rate limit have been enabled in the global view RouterB display current configuration include dhcp It will take a long time if the content you search is too much or the string you input is too long you can press CTRL_C to break dhcp enable dhcp check dhcp rate enable dhcp check dhcp rate 90 dhcp check dhcp ra...

Страница 186: ...iguring Load Balancing for IP Packet Forwarding Unequal Cost Multiple Path UCMP improves packet forwarding performance on a network 7 5 Configuring TCP Attributes You can configure TCP attributes to improve network performance 7 6 Maintaining IP Performance You can maintain IP performance by clearing IP performance statistics and monitoring the IP running status 7 7 Configuration Examples This sec...

Страница 187: ...ing Time of the PMTU l Setting the MSS of TCP Packets on an Interface 7 3 Optimizing IP Performance You can set parameters for IP packets to optimize network performance 7 3 1 Establishing the Configuration Task Before optimizing IP performance familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help...

Страница 188: ...mproves network security Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run ip verify source address The interface is enabled to check validity of source IP addresses of received packets By default an interface does not check validity of source IP addresses of received packets The AR150 200 o...

Страница 189: ...erface interface type interface number The interface view is displayed Step 3 Run ip forward broadcast acl acl number The interface is configured to forward broadcast packets By default an interface does not forward broadcast packets End 7 3 5 Configuring an Outbound Interface to Fragment IP Packets You can configure an outbound interface to fragment IP packets Procedure Step 1 Run system view The...

Страница 190: ...d to send ICMP redirection packets CAUTION If an interface is not enabled to send ICMP redirection packets the router does not send ICMP redirection packets Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run icmp redirect send The interface is enabled to send ICMP redirection packets End 7 3 ...

Страница 191: ...ace brief interface type interface number command to check information about the interface l Run the display ip statistics command to check the IP traffic statistics l Run the display icmp statistics command to check the ICMP traffic statistics l Run the display ip socket monitor task id task id socket id socket id socket type socket type command to check the IP socket information End Example Run ...

Страница 192: ...mation reply 0 Netmask request 0 Netmask reply 0 Unknown type 0 Run the display ip statistics command and you can view the IP traffic statistics Huawei display ip statistics Input sum 31786 local 31786 bad protocol 0 bad format 0 bad checksum 0 bad options discard srr 0 TTL exceeded 0 Output forwarding 0 local 41289 dropped 0 no route 1 Fragment input 0 output 0 dropped 0 fragmented 0 couldn t fra...

Страница 193: ...ode congestion may occur on low speed links and bandwidth of high speed links cannot be used efficiently ECMP evenly load balances traffic over multiple equal cost links regardless of the bandwidth Consequently traffic congestion may occur on low speed links and bandwidth of high speed links cannot be used efficiently To load balance traffic on the equal cost links based on bandwidth configure UCM...

Страница 194: ...ased on the configured bandwidth l The outbound interface of the equal cost route is a logical interface Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed NOTE To configure UCMP on a logical interface you must perform step 3 Step 3 Optional Run load balance bandwidth bandwidth The bandwidth is manually...

Страница 195: ...on addresses in the range of destination address1 destination mask1 to destination address2 destination mask2 l Run the display fib ip prefix prefix name verbose command to check FIB entries matching the specified IP prefix list l Run the display fib interface interface type interface number command to check FIB entries matching a specified interface l Run the display fib next hop ip address comma...

Страница 196: ...l parameters for interfaces to ensure that the routing protocol status on the interfaces is Up Data Preparation To configure TCP attributes you need the following data No Data 1 Values of the SYN Wait timer and FIN Wait timer and packet receive or transmit buffer size of a connection oriented socket 7 5 2 Setting Values of TCP Timers You can set values of the SYN Wait timer and FIN Wait timer to c...

Страница 197: ...multiple networks it is important to determine the minimum MTU on the network path because the MTUs of the link layers on different networks are different The minimum MTU on the network path is called the PMTU Procedure Step 1 Run system view The system view is displayed Step 2 Run tcp timer pathmtu age age time The aging time of the PMTU is set The aging time of an IPv4 PMTU is an integer ranging...

Страница 198: ...ep 3 Run tcp adjust mss value The MSS of TCP packets is set on the interface The MSS of TCP packets on an interface is an integer that ranges from 128 to 2048 in bytes End 7 5 6 Checking the Configuration After configuring TCP attributes you can view the configuration Procedure l Run the display tcp status task id task id socket id socket id local ip ipv4 address local port local port number remot...

Страница 199: ...ndow update packets 0 data packets 5364 126736 bytes data packets retransmitted 0 0 byte s ACK only packets 657 626 delayed Other information Retransmitted timeout 0 connections dropped in retransmitted timeout 0 Keep alive timeout 29072 keep alive probe 29072 Keep alive timeout so connections disconnected 0 Initiated connections 0 accepted connections 16 established connecti ons 16 Closed connect...

Страница 200: ... l Run the display tcp statistics command in any view to check the TCP traffic statistics l Run the display udp statistics command in any view to check the UDP traffic statistics l Run the display ip interface interface type interface number command in any view to check information about an interface l Run the display ip statistics command in any view to check the IP traffic statistics l Run the d...

Страница 201: ... id socket id socket id sock type socket type command in any view to check the IP socket information End 7 7 Configuration Examples This section provides IP performance configuration examples 7 7 1 Example for Disabling the Sending of ICMP Redirection Packets Networking Requirements As shown in Figure 7 1 to limit the sending of ICMP redirection packets RouterA RouterB and RouterC are required to ...

Страница 202: ... 1 0 0 RouterB Ethernet1 0 0 ip address 1 1 1 2 24 RouterB Ethernet1 0 0 quit Configure RouterC Huawei system view Huawei sysname RouterC RouterC interface ethernet 1 0 0 RouterC Ethernet1 0 0 ip address 2 2 2 2 24 RouterC Ethernet1 0 0 quit Step 2 Configure static routes Configure RouterA RouterA ip route static 2 2 2 0 255 255 255 0 1 1 1 2 Configure RouterB RouterB ip route static 2 2 2 0 255 2...

Страница 203: ...ransmitted 5 packet s received 0 00 packet loss round trip min avg max 3 3 3 ms End Configuration Files l Configuration file of RouterA sysname RouterA interface Ethernet1 0 0 ip address 1 1 1 1 255 255 255 0 ip route static 2 2 2 0 255 255 255 0 1 1 1 2 return l Configuration file of RouterB sysname RouterB interface Ethernet1 0 0 ip address 1 1 1 2 255 255 255 0 undo icmp redirect send ip route ...

Страница 204: ...y based Routing By configuring IP unicast PBR you can ensure that a certain packet is forwarded through a specified outbound interface 8 4 Configuration Examples This section includes the networking requirements precautions for configuration and configuration roadmap Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 8 IP Unicast PBR Configuration Issue 02 2012 03 30 Huawei ...

Страница 205: ...l Security inspection redirects certain packets to the firewall For details about the redirection configuration see Configuring Redirection in the Huawei AR150 200 Series Enterprise Routers Configuration Guide QoS 8 3 Configuring IP Policy based Routing By configuring IP unicast PBR you can ensure that a certain packet is forwarded through a specified outbound interface 8 3 1 Establishing the Conf...

Страница 206: ...e number of the packet in the specified policy 7 VPN instance name to which the packet in the specified policy belongs 8 3 2 Defining the Matching Rule of PBR By defining the matching rule of PBR you can determine the type of packets to which PBR is applied Procedure Step 1 Run system view The system view is displayed Step 2 Run policy based route policy name deny permit node node id A policy or a...

Страница 207: ...y a node id The smaller the node id is the higher the preference of the policy node is The policy of a higher preference is first executed 8 3 3 Defining Actions of PBR This part describes how to define actions of PBR including setting the outbound interface and nexthop for a packet Procedure Step 1 Run system view The system view is displayed Step 2 Run policy based route policy name deny permit ...

Страница 208: ... The apply ip precedence command is used to set the precedence of the packet The value of precedence ranges from 0 to 7 In addition some key words can be used as the value of precedence Table 8 1 shows the relationship between key words and precedence Table 8 1 Relationship between keywords and precedence Precedence Key Word 0 Routine 1 Priority 2 Immediate 3 Flash 4 Flash override 5 Critical 6 In...

Страница 209: ...BR applies to only the local packets You can configure only one local policy End 8 3 5 Checking the Configuration You can view the configuration of IP unicast PBR Prerequisites The configurations of the IP Policy based Routing function are complete Procedure l Run the display ip policy based route command to check the enabled PBR l Run the display ip policy based route setup local command to check...

Страница 210: ...oadmap 8 4 1 Example for Configuring IP Unicast PBR This section provides an example for configuring IP unicast PBR Networking Requirements As shown in Figure 8 1 IP unicast PBR is applied to RouterA l The next hop address 150 1 1 2 is set for packets with 64 to 1400 bytes l The next hop address 151 1 1 2 is set for packets with 1401 to 1500 bytes l Packets with other lengths are routed based on d...

Страница 211: ...dress 151 1 1 2 255 255 255 0 RouterB Ethernet2 0 0 quit Step 2 Configure static routes Configure a static route on RouterA RouterA ip route static 10 1 2 0 24 150 1 1 2 RouterA ip route static 10 1 2 0 24 151 1 1 2 Configure a static route on RouterB RouterB ip route static 10 1 1 0 24 150 1 1 1 RouterB ip route static 10 1 1 0 24 151 1 1 1 Step 3 Configure a PBR route Configure a PBR route lab1 ...

Страница 212: ...IP Policy routing success next hop 150 1 1 2 RouterA forwards the received packets from Ethernet1 0 0 because the next hop address in the PBR route is 150 1 1 2 On RouterA ping the IP address of Loopback0 interface on RouterB and set the packet length to 1401 bytes RouterA ping s 1401 10 1 2 1 PING 100 1 2 1 1401 data bytes press CTRL_C to break Mar 9 2011 15 41 26 350 2 RouterA PBR 7 POLICY ROUTI...

Страница 213: ...t node 10 if match packet length 64 1400 apply ip address next hop 150 1 1 2 policy based route lab1 permit node 20 if match packet length 1401 1500 apply ip address next hop 151 1 1 2 ip local policy based route lab1 Configuration file of RouterB sysname RouterB interface Ethernet1 0 0 ip address 150 1 1 2 255 255 255 0 interface Ethernet2 0 0 ip address 151 1 1 2 255 255 255 0 ip route static 10...

Страница 214: ...res supported by the AR150 200 9 3 Configuring UDP Helper This section describes how to configure UDP helper to relay broadcast packets with a specified UDP port 9 4 Maintaining UDP Helper This section describes how to maintain UDP helper 9 5 Configuration Examples This section provides a UDP helper configuration example Huawei AR150 200 Series Enterprise Routers Configuration Guide IP Service 9 U...

Страница 215: ...R150 200 After UDP helper is enabled on the AR150 200 the AR150 200 relays broadcast packets with the default UDP ports to corresponding destination servers Table 9 1 lists the default UDP ports Other UDP ports must be configured manually after UDP helper is enabled Table 9 1 List of default UDP ports Protocol UDP Port Number Trivial File Transfer Protocol TFTP 69 Domain Name System DNS 53 Time Se...

Страница 216: ...ing broadcast packets into unicast packets and sending the unicast packets to the specified destination server Pre configuration Tasks Before configuring UDP helper complete the following task l Configuring a reachable route from the AR150 200 to the destination server Data Preparation To configure UDP helper you need the following data No Data 1 Optional UDP ports of packets need to be relayed 2 ...

Страница 217: ...st packets with UDP ports 37 49 53 69 137 and 138 by default If the port number that needs to be configured is in the range of default UDP port numbers you can skip this configuration procedure The AR150 200 does not relay DHCP messages with UDP ports 67 or 68 Perform the following operations on the AR150 200 Procedure Step 1 Run system view The system view is displayed Step 2 Run udp helper port ...

Страница 218: ... number of forwarded UDP packets l Run the display udp helper port command to check the UDP port numbers of the packets that need to be relayed End Example Run the display udp helper server command to view UDP helper information Huawei display udp helper server Server interface Server Ip packet num Vlanif20 1 1 1 2 0 Ethernet1 0 0 1 192 168 1 200 0 Run the display udp helper port command to view t...

Страница 219: ...the IP address of the NetBIOS NS name server is 10 2 1 1 16 The Router and the NetBIOS NS name server are in different network segments and there is a reachable route between the Router and the NetBIOS NS name server The Router is configured to forward broadcast packets with destination UDP port number 137 and destination IP addresses 255 255 255 255 and 10 110 255 255 to the NetBIOS NS name serve...

Страница 220: ...destination UDP port 137 by default The UDP port number therefore does not need to be configured here Data Preparation To complete the configuration you need the following data l VLANIF interface from which UDP packets will be relayed l IP address of the destination server Procedure Step 1 Enable UDP helper Huawei system view Huawei sysname Router Router udp helper enable Step 2 Add Ethernet0 0 0 ...

Страница 221: ...server Router display udp helper server Server interface Server Ip packet num Vlanif100 10 2 1 1 0 End Configuration Files Configuration file of the Router sysname Router udp helper enable vlan batch 100 interface Ethernet0 0 0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 interface Vlanif100 ip address 10 110 1 1 255 255 0 0 udp helper server 10 2 1 1 return Huawei AR150 200 Series Ente...

Отзывы:

Нет отзывов

Похожие инструкции для AR150 series

Verizon DSL-2750B

Бренд: D-Link Страницы: 2

Бренд: D-Link Страницы: 4

Бренд: H3C Страницы: 6

OfficeConnect 3CP4144

Бренд: 3Com Страницы: 4

OfficeConnect 3CP4144

Бренд: 3Com Страницы: 2

Бренд: H3C Страницы: 60

Бренд: H3C Страницы: 149

Бренд: 3Com Страницы: 27

OfficeConnect 3C19500

Бренд: 3Com Страницы: 52

Бренд: XAVI Technologies Corp. Страницы: 71

TotalStorage SAN16M-R SAN

Бренд: IBM Страницы: 116

Бренд: Supero Страницы: 112

Бренд: Teknim Страницы: 10

Бренд: Idis Страницы: 20

UniFi LED ULED-AT

Бренд: Ubiquiti Страницы: 16

Бренд: Top Страницы: 21

Бренд: Ubiquiti Страницы: 13

VIGI NVR1004H-4P

Бренд: TP-Link Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды