Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 641 to Favourites
    image text
    Enable zoom 
    							 159 
    SOLICIT                   :  0 
    REQUEST                   :  0 
    CONFIRM                   :  0 
    RENEW                     :  0 
    REBIND                    :  0 
    RELEASE                   :  0 
    DECLINE                   :  0 
    INFORMATION-REQUEST       :  7 
    RELAY-FORWARD             :  0 
    RELAY-REPLY               :  7 
Packets sent                  :  14 
    ADVERTISE                 :  0 
    RECONFIGURE               :  0 
    REPLY                     :  7 
    RELAY-FORWARD             :  7 
    RELAY-REPLY               :  0
    Add page 642 to Favourites
    image text
    Enable zoom 
    							 160 
Configuring DHCPv6 client 
Overview 
Serving as a DHCPv6 client, the device only supports stateless DHCPv6 configuration, that is, the device 
can only obtain other network configuration parameters, except the IPv6 address and prefix from the 
DHCPv6 server. 
With an IPv6 address obtained through stateless address autoconfiguration, the device automatically 
enables the stateless DHCPv6 function after it receives an RA message with the M flag set to 0 and the 
O flag set to 1. 
Configuring the DHCPv6 client 
Configuration prerequisites 
To make the DHCPv6 client successfully obtain configuration parameters through stateless DHCPv6 
configuration, make sure that the DHCPv6 server is available. 
Configuration guidelines 
•  For more information about the  ipv6 address auto command, see the  Layer 3—IP Services 
Command Reference . 
•   HP does not recommend enabling the DHCPv6 clie nt and DHCPv6 server, or the DHCPv6 client 
and DHCPv6 relay agent on the same interface at the same time. 
Configuration procedure 
To configure the DHCPv6 client:  
Step Command 
1.   Enter system view. 
system-view 
2.  Enable the IPv6 packet forwarding function. 
ipv6 
3.  Enter interface view. 
interface interface-type interface-number  
4.  Enable IPv6 stateless address autoconfiguration. 
ipv6 address auto 
 
Setting the DSCP value for DHCPv6 packets 
 
Step Command Remarks 
1.  Enter system view. 
system-view N/A
    Add page 643 to Favourites
    image text
    Enable zoom 
    							 161 
Step Command Remarks 
2.  Set the DSCP value for the DHCPv6 
packets sent by the DHCPv6 client.  ipv6 dhcp client dscp 
dscp-value
  Optional. 
By default, the DSCP value in 
DHCPv6 packets is 56. 
 
Displaying and maintaining the DHCPv6 client 
 
Task Command Remarks 
Display DHCPv6 client 
information. 
display ipv6 dhcp client 
[ interface  interface-type 
interface-number  ] [ | { begin  | exclude | include } 
regular-expression  ]  Available in any view 
Display DHCPv6 client 
statistics. display ipv6 dhcp client statistics 
[ interface 
interface-type interface-number  ] [ |  { begin | 
exclude  | include  } regular-expression ]  Available in any view 
Display the DUID of the local 
device. display ipv6 dhcp duid
 [ | { begin  | exclude  | 
include  } regular-expression ]  Available in any view 
Clear DHCPv6 client statistics. reset ipv6 dhcp client statistics
 [ interface 
interface-type interface-number  ]  Available in user view 
 
Stateless DHCPv6 configuration example 
Network requirements 
As shown in Figure 70
, through stateless DHCPv6, Switch A obtains the DNS server address, domain 
name, and other information from the server. 
Switch B acts as the gateway to send RA messages periodically. 
Figure 70  Network diagram 
 
 
Configuration procedure 
1. Configure Switch B: 
# Enable the IPv6 packet forwarding function. 
 system-view 
[SwitchB] ipv6 
# Configure the IPv6 address of VLAN-interface 2.
    Add page 644 to Favourites
    image text
    Enable zoom 
    							 162 
[SwitchB] interface vlan-interface 2 
[SwitchB-Vlan-interface2] ipv6 address 1::1 64 
# Set the O flag in the RA messages to 1. 
[SwitchB-Vlan-interface2] ipv6 nd autoconfig other-flag 
# Enable Switch B to send RA messages. 
[SwitchB-Vlan-interface2] undo ipv6 nd ra halt 
2. Configure Switch A: 
# Enable the IPv6 packet forwarding function. 
 system-view 
[SwitchA] ipv6 
# Enable stateless IPv6 address autoconfiguration on VLAN-interface 2. 
[SwitchA] interface vlan-interface 2 
[SwitchA-Vlan-interface2] ipv6 address auto 
With this command executed, if VLAN-interface  2 has no IPv6 address configured, Switch A will 
automatically generate a link-local address, an d send an RS message, requesting the gateway 
(Switch B) to reply with an  RA message immediately. 
Verifying the configuration 
After receiving an RA message with the M flag set to 0 and the O flag set to 1, Switch A automatically 
enables the stateless DHCPv6 function. 
# Use the display ipv6 dhcp client  command to view the current client configuration information. If the 
client successfully obtains configuration information from the server, the following information will be 
displayed. 
[SwitchA-Vlan-interface2] display ipv6 dhcp client interface vlan-interf\
ace 2 
Vlan-interface2 is in stateless DHCPv6 client mode 
State is OPEN 
Preferred Server: 
    Reachable via address     :  FE80::213:7FFF:FEF6:C818 
    DUID                      :  0003000100137ff6c818 
    DNS servers               :  1:2:3::5 
                                 1:2:4::7 
    Domain names              :  abc.com 
                                 Sysname.com 
# Use the  display ipv6 dhcp client statistics  command to view the current client statistics. 
[SwitchA-Vlan-interface2] display ipv6 dhcp client statistics 
Interface                     :  Vlan-interface2 
Packets Received              :  1 
        Reply                 :  1 
        Advertise             :  0 
        Reconfigure           :  0 
        Invalid               :  0 
Packets Sent                  :  5 
        Solicit               :  0 
        Request               :  0 
        Confirm               :  0 
        Renew                 :  0
    Add page 645 to Favourites
    image text
    Enable zoom 
    							 163 
        Rebind                :  0 
        Information-request   :  5 
        Release               :  0 
        Decline               :  0
    Add page 646 to Favourites
    image text
    Enable zoom 
    							 164 
Configuring DHCPv6 snooping 
A  D H C P v 6  s n o o p i n g  d evic e  d o e s  n o t  wo rk  i f  i t  i s  between a DHCPv6 relay agent and a DHCPv6 server. 
The DHCPv6 snooping device works when it is between a DHCPv6 client and a DHCPv6 relay agent or 
between a DHCPv6 client and a DHCPv6 server. 
You can configure only Layer 2 Ethernet ports or  Layer 2 aggregate interfaces as DHCPv6 snooping 
trusted ports. For more informatio n about aggregate interfaces, see  Layer 2—LAN Switching 
Configuration Guide . 
Overview 
DHCPv6 snooping is security feature with the following functions: 
•  Ensure that DHCPv6 clients obtain IPv6 addresses from authorized DHCPv6 servers. 
•   Record IP-to-MAC mappings of DHCPv6 clients. 
Ensuring that DHCPv6 clients obtain IPv6 addresses from 
authorized DHCPv6 servers 
If DHCPv6 clients obtain invalid IPv6 addresses and network configuration parameters from an 
unauthorized DHCP server, they will be unable to communicate normally with other network devices. 
With DHCPv6 snooping, the ports of a device can be configured as trusted or untrusted to make sure that 
the clients obtain IPv6 addresses only from authorized DHCPv6 servers. 
•  Trusted —A trusted port forwards DHCPv6 messages normally. 
•   Untrusted —An untrusted port discards reply messages from any DHCPv6 server. 
Figure 71  Trusted and untrusted ports 
 
 
A DHCPv6 snooping device’s port that is connected to an authorized DHCPv6 server, DHCPv6 relay 
agent, or another DHCPv6 snooping  device should be configured as a trusted port. The trusted port 
forwards reply messages from the authorized DHCPv6  server. Other ports are configured as untrusted so 
Trusted
DHCPv6 server
DHCPv6 snooping
Untrusted Untrusted
Unauthorized 
DHCPv6 server
DHCPv6 client
DHCPv6 reply messages
    Add page 647 to Favourites
    image text
    Enable zoom 
    							 165 
that they do not forward reply messages from any DHCPv6 servers. This ensures that the DHCPv6 client 
can obtain an IPv6 address from the authorized DHCPv6 server only.  
As shown in Figure 71, c
onfigure the port that connects to the DHCPv6 server as a trusted port, and other 
ports as untrusted.  
Recording IP-to-MAC mappings of DHCPv6 clients 
DHCPv6 snooping reads DHCPv6 messages to create and update DHCPv6 snoopi ng entries, including 
MAC addresses of clients, IPv6 addresses obtained by the clients, ports that connect to DHCPv6 clients, 
and VLANs to which the ports belong. You can use the  display ipv6 dhcp snooping user-binding 
c o m m a n d  t o  vi ew  t h e  I P v 6  a d d re s s  o b t a i n e d  by  e a ch  cl ie n t,  s o  yo u  c a n  m a n a g e  a n d  m o n i t o r  t h e  cl ie n t s   
IPv6 addresses. 
Enabling DHCPv6 snooping 
To allow clients to obtain IPv6 addresses from an  authorized DHCPv6 server, enable DHCPv6 snooping 
globally and configure trusted and untrusted ports properly. To record DHCPv6 snooping entries for a 
VLAN, enable DHCPv6 snooping for the VLAN.  
To enable DHCPv6 snooping: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Enable DHCPv6 snooping 
globally.  ipv6 dhcp snooping enable 
Disabled by default. 
3.  Enter VLAN view. 
vlan vlan-id   N/A 
4.  Enable DHCPv6 snooping for the 
VLAN.  ipv6 dhcp snooping vlan enable  Optional. 
Disabled by default. 
 
Configuring a DHCPv6 snooping trusted port 
After enabling DHCPv6 snooping globally, you can specify trusted and untrusted ports for a VLAN as 
needed. A DHCPv6 snooping trusted port normally forwards received DHCPv6 packets. A DHCPv6 
snooping untrusted port discards any DHCPv6 reply message received from a DHCPv6 server. Upon 
receiving a DHCPv6 request from a client in the VLAN, the DHCPv6 snooping device forwards the 
packet through trusted ports rather than any untrusted port in the VLAN, reducing network traffic. 
Yo u  m u s t  s p e ci f y  a  p o r t  c o n n e c t e d  t o  a n  a u t h o rize d  D H C P v 6  s e r ve r  a s  t r u s t e d  t o  m a ke  s u re  t h a t  D H C P v 6  
clients can obtain valid IPv6 addresses. The trusted port and the ports connected to the DHCPv6 clients 
must be in the same VLAN. 
If a Layer 2 Ethernet port is added to an aggregation group, the DHCPv6 snooping configuration of the 
interface will not take effect until the interface quits from the aggregation group. 
To configure a DHCPv6 snooping trusted port: 
 
Step Command Remarks 
1.
  Enter system view. 
system-view  N/A
    Add page 648 to Favourites
    image text
    Enable zoom 
    							 166 
Step Command Remarks 
2.  Enter interface view.  interface 
interface-type 
interface-number   N/A 
3.
  Configure the port as trusted. 
ipv6 dhcp snooping trust  By default, all ports of the device 
with DHCPv6 snooping globally 
enabled are untrusted. 
 
Configuring the maximum number of DHCPv6 
snooping entries an interface can learn 
Perform this optional task to prevent an interface 
from learning too many DHCPv6 snooping entries and 
to save system resources. 
To configure the maximum number of DHCPv6 snooping entries an interface can learn: 
 
Step Command Remarks 
1.   Enter system view. 
system-view N/A 
2.  Enter interface view.  interface 
interface-type 
interface-number   N/A 
3.
  Configure the maximum number 
of DHCPv6 snooping entries 
that the interface can learn.  ipv6 dhcp snooping 
max-learning-num
 number  Optional. 
By default, the number of DHCPv6 
snooping entries learned by an 
interface is not limited. 
 
Displaying and maintaining DHCPv6 snooping 
 
Task Command Remarks 
Display DHCPv6 snooping 
trusted ports. 
display ipv6 dhcp snooping trust
 [ | { begin | 
exclude  | include  } regular-expression ]  Available in any view 
Display DHCPv6 snooping 
entries. display ipv6 dhcp snooping user-binding
 
{  ipv6-address  | dynamic } [ | { begin |  exclude | 
include  } regular-expression ]  Available in any view 
Clear DHCPv6 snooping 
entries. reset ipv6 dhcp snooping user-binding
 
{  ipv6-address |  dynamic }  Available in user view 
 
DHCPv6 snooping configuration example 
Network requirements 
As shown in Figure 72
, Switch is connected to a DHCPv6 server through GigabitEthernet 1/0/1, and is 
connected to DHCPv6 clients through GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. These three 
interfaces belong to VLAN 2. Configure Switch  to forward DHCPv6 reply messages received on 
GigabitEthernet 1/0/1 only and record the IP-to-MAC mappings for DHCPv6 clients.
    Add page 649 to Favourites
    image text
    Enable zoom 
    							 167 
Figure 72 Network diagram 
 
 
Configuration procedure 
# Enable DHCPv6 snooping globally. 
 system-view 
[Switch] ipv6 dhcp snooping enable 
# Add GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to VLAN 2. 
[Switch] vlan 2 
[Switch-vlan2] port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 GigabitE\
thernet 1/0/3 
# Enable DHCPv6 snooping for VLAN 2. 
[Switch-vlan2] ipv6 dhcp snooping vlan enable 
[Switch] quit 
# Configure GigabitEthernet 1/0/1 as a DHCPv6 snooping trusted port. 
[Switch] interface GigabitEthernet 1/0/1 
[Switch-GigabitEthernet1/0/1] ipv6 dhcp snooping trust 
Verifying the configuration 
Connect GigabitEthernet 1/0/2 to a DHCPv6 client, GigabitEthernet 1/0/1 to a DHCPv6 server, and 
GigabitEthernet 1/0/3 to an unauthorized DHCPv6  server. The DHCPv6 client obtains an IPv6 address 
from DHCPv6 server, but cannot obtain any IPv6 address from the unauthorized DHCPv6 server. You can 
use the  display ipv6 dhcp snooping user-binding  command to view the DHCPv6 snooping entries on 
Switch.
    Add page 650 to Favourites
    image text
    Enable zoom 
    							 168 
Configuring IPv6 DNS 
Overview 
IPv6 Domain Name System (DNS) is responsible for translating domain names into IPv6 addresses. Like 
I P v 4  D NS,  I P v 6  D NS  i ncl u de s  s ta t ic  d o m ai n  n a m e   resolution and dynamic domain name resolution. The 
functions and implementations of the two types of doma in name resolution are the same as those of IPv4 
DNS. For more information, see Configuring IPv4 DNS. 
Configuring the IPv6 DNS client 
Configuring static domain name resolution 
Configuring static domain name resolution refers to specifying the mappings between host names and 
IPv6 addresses. Static domain name resolution allows  applications such as Telnet to contact hosts by 
using host names instead of IPv6 addresses. 
Follow these guidelines when you config ure static domain name resolution: 
•   A host name can be mapped to one IPv6 address on ly. If you map a host name to different IPv6 
addresses, the last configuration takes effect. 
•   You can configure up to 50 mappings between  domain name and IPv6 address on the switch. 
To configure static domain name resolution: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Configure a mapping 
between a host name and 
an IPv6 address.  ipv6 host
 hostname ipv6-address   Not configured by default 
 
Configuring dynamic domain name resolution 
To send DNS queries to a correct server for resolu tion, dynamic domain name resolution needs to be 
enabled and a DNS server needs to be configured. 
In addition, you can configure a DNS suffix that the system automatically adds to the provided domain 
name for resolution. 
Follow these guidelines when you configure dynamic domain name resolution: 
•   You can configure up to six DNS servers, including those with IPv4 addresses on the switch. 
•   You can specify up to ten DNS suffixes on the switch. 
To configure dynamic domain name resolution:
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide