Configuration Guide - IP Service
S2720, S5700, and S6720 V200R013C00
This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.
Note: The dhcp enable command is the prerequisite for configuring DHCP-related functions, including DHCP relay, DHCP snooping, and DHCP server. These functions take effect only after the dhcp enable command is run. After the undo dhcp enable command is run, all DHCP-related configurations of the device are deleted. After DHCP is enabled again using the dhcp enable command, all DHCP-related configurations of the device are restored to the default configurations. After DHCP is enabled, if STP is also enabled, address allocation may slow down. By default, STP is enabled. To disable STP, run the undo stp enable command.
Procedure
1. Enter the system view.
system-view
2. Enable DHCP.
dhcp enable
By default, DHCP is disabled.
3. (Optional) Enable dynamic route limiting on DHCP messages.
dhcp speed-limit auto
By default, dynamic rate limiting is disabled on DHCP messages.
4. (Optional) Enable the DHCP broadcast suppression function.
dhcp broadcast suppress enable
By default, the DHCP broadcast suppression function is disabled.
Enabling the DHCP Relay Function
Context: Enable the DHCP relay function on an interface so that the interface functions as a DHCP relay agent.
Procedure
1. Enter the system view.
system-view
2. Enter the interface view or sub-interface view.
interface interface-type interface-number [.subinterface-number ]
Note: Only the S5720EI, S5720HI, S5730HI, S6720HI, S6720EI, and S6720S-EI support sub-interfaces.
3. (Optional) On an Ethernet interface, run undo portswitch The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
Note: Only the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI support switching between Layer 2 and Layer 3 modes.
4. Configure an IP address for the interface or configure the interface to borrow an IP address from another interface
ip address ip-address { mask | mask-length } or ip address unnumbered interface interface-type interface-number
Note: The DHCP relay function is configured on the user-side gateway interface typically. The IP address of the gateway interface must be on the same network segment as the address pool configured on the DHCP server; otherwise, DHCP clients cannot obtain IP addresses.
You can configure an interface to borrow an IP address from another interface in the scenario where clients and the DHCP relay agent are on different network segments, for example, CPEs function as DHCP clients and need to obtain public IP addresses, but no public IP address is configured on the DHCP relay agent to save IP address resources. To configure an interface to borrow an IP address from another interface, you must enable DHCP snooping on the interface or VLAN connecting to users. After DHCP snooping is enabled, the DHCP relay agent adds user network routes (UNRs) to clients when adding DHCP snooping binding entries and deletes UNRs to clients when deleting DHCP snooping binding entries. The number of clients cannot exceed the maximum number of DHCP snooping binding entries that can be learned. You can run the dhcp snooping max-user-number command to configure the maximum number of DHCP snooping binding entries that can be learned.
5. Enable the DHCP relay function on the interface.
dhcp select relay
By default, the DHCP relay function is disabled on an interface.
Note: When enabling the DHCP relay function on a sub-interface, run the arp broadcast enable command on the sub- interface to enable ARP broadcast. By default, ARP broadcast is not enabled on a VLAN tag termination sub- interface.
Specifying the DHCP Server IP Address
Context: You must specify the IP address of the DHCP server so that the DHCP relay agent can forward DHCP messages between the server and clients. Two methods are available for you to specify the DHCP server IP address: in the interface view and in the DHCP server group view. The former method is recommended if you configure the DHCP relay function on individual interfaces connected to DHCP servers that have different IP addresses. The latter method is recommended if you configure the DHCP relay function on multiple interfaces that connect to one DHCP server.
Note: A maximum of 16 DHCP relay agents are allowed between a DHCP server and a DHCP client. If there are more than 16 DHCP relay agents, DHCP messages are discarded.
Procedure
* Specify the DHCP server IP address in the interface view. Enter the system view.
system-view
(Optional) Configure the DHCP server polling function on the DHCP relay agent.
ip relay address cycle
By default, DHCP server polling is disabled on a DHCP relay agent.
(Optional) Set the TTL value for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.
dhcp set ttl { unvaried | ttl-value }
By default, the TTL value of DHCP Discovery messages decreases by 1 after they are forwarded by the DHCP relay agent at Layer 3.
Note: If the DHCP relay agent connects to a special client whose TTL value of DHCP Discovery messages is 1, and if there are routing devices between the DHCP relay agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed TTL value (16 is recommended) for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.
Enter the interface or sub-interface view.
interface interface-type interface-number[.subinterface-number ] Note: Only the S5720EI, S5720HI, S5730HI, S6720HI, S6720EI, and S6720S-EI support sub-interfaces.
(Optional) On an Ethernet interface, run undo portswitch The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
Note: Only the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI support switching between Layer 2 and Layer 3 modes.
Specify the IP address of a DHCP server.
dhcp relay server-ip ip-address
By default, no DHCP server IP address is specified.
You can specify up to 20 DHCP server IP addresses for each interface.
(Optional) Enable DHCP relay gateway switching.
dhcp relay gateway-switch enable
By default, DHCP relay gateway switching is disabled.
After primary and secondary IP addresses are configured on an interface, the primary IP address functions as the gateway address in most cases. If clients cannot use the primary IP address to apply for IP addresses, configure DHCP relay gateway switching to allow the clients to use secondary IP addresses to apply for IP addresses. After DHCP relay gateway switching is enabled, configure address pools on the same network segment as the secondary IP addresses on the connected DHCP server.
- The gateway address switches from the primary IP address to a secondary IP address only when a user fails at least three times to obtain an IP address using the primary IP address and the interval between the last failure and first failure exceeds 24 seconds.
- If a primary IP address and multiple secondary IP addresses are configured on an interface, the system tries the secondary IP addresses one by one based on the IP address configuration sequence until users successfully obtain IP addresses.
* Specify the DHCP server IP address in the DHCP server group view.
Enter the system view.
system-view
(Optional) Configure the DHCP server polling function on the DHCP relay agent.
ip relay address cycle
By default, DHCP server polling is disabled on a DHCP relay agent.
(Optional) Set the TTL value for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.
dhcp set ttl { unvaried | ttl-value }
By default, the TTL value of DHCP Discovery messages decreases by 1 after they are forwarded by the DHCP relay agent at Layer 3.
Note: If the DHCP relay agent connects to a special client whose TTL value of DHCP Discovery messages is 1, and if there are routing devices between the DHCP relay agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed TTL value (16 is recommended) for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.
Create a DHCP server group and enter its view.
dhcp server group group-name
By default, no DHCP server group is configured.
A maximum of 32 DHCP server groups can be configured on a device.
Configure the DHCP server members in the DHCP server group.
dhcp-server ip-address [ ip-address-index ]
By default, no DHCP server member is configured in a DHCP server group.
A maximum of 20 DHCP servers can be added to a DHCP server group.
(Optional) Specify the gateway address for clients.
gateway ip-address
A gateway address is specified for clients.
Skip this step if the interface connecting the DHCP relay agent to clients functions as the gateway.
The gateway address specified in this step must be the same as the egress gateway address of clients specified on the DHCP server. If the device functions as the DHCP server, refer to (Optional) Configuring a Gateway Address for Clients for details about how to specify the egress gateway address for clients.
(Optional) Bind the DHCP server group to a VPN instance.
vpn-instance vpn-instance-name
By default, the DHCP server group is not bound to a VPN instance.
To ensure clients can obtain IP parameters if the DHCP relay agent is deployed on a VPN network, bind the DHCP server group to a VPN instance that is also bound to the address pool of the DHCP server.
Return to the system view.
quit
Enter the interface or sub-interface view.
interface interface-type interface-number[.subinterface-number ] Note: Only the S5720EI, S5720HI, S5730HI, S6720HI, S6720EI, and S6720S-EI support sub-interfaces.
(Optional) On an Ethernet interface, run undo portswitch The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
Note: Only the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI support switching between Layer 2 and Layer 3 modes.
Create a DHCP server group.
dhcp relay server-select group-name
(Optional) Enable DHCP relay gateway switching.
dhcp relay gateway-switch enable
By default, DHCP relay gateway switching is disabled.
After primary and secondary IP addresses are configured on an interface, the primary IP address functions as the gateway address in most cases. If clients cannot use the primary IP address to apply for IP addresses, configure DHCP relay gateway switching to allow the clients to use secondary IP addresses to apply for IP addresses. After DHCP relay gateway switching is enabled, configure address pools on the same network segment as the secondary IP addresses on the connected DHCP server.
- The gateway address switches from the primary IP address to a secondary IP address only when a user fails at least three times to obtain an IP address using the primary IP address and the interval between the last failure and first failure exceeds 24 seconds. - If a primary IP address and multiple secondary IP addresses are configured on an interface, the system tries the secondary IP addresses one by one based on the IP address configuration sequence until users successfully obtain IP addresses.
(Optional) Configuring Strategies for Processing Option 82 Information on a DHCP Relay Agent
Context To enable a DHCP relay agent to accept, process, and forward DHCP messages that carry Option 82 information, you must configure the DHCP relay agent to trust and process this option.
You are advised to perform the configuration on a user-side device. If the DHCP relay agent connects to a DHCP snooping-enabled device, configure the strategies for processing Option 82 information on the DHCP snooping device. When a device functions as the DHCP snooping device, for details on how to perform the configuration, see Inserting the Option 82 Field in a DHCP Message in “DHCP Snooping Configuration” in the S2720, S5700, and S6720 V200R013C00 Configuration Guide - Security.
Note: If the device functions as the first-hop DHCP relay agent, it can process Option 82 information. If the device functions as the second-hop or subsequent DHCP relay agent, it cannot process Option 82 information.
Procedure 1. Enter the system view.
system-view
2. Enable the DHCP relay agent to trust Option 82.
dhcp relay trust option82
By default, a DHCP relay agent does not trust Option 82.
When this function is enabled, the DHCP relay agent can receive and forward DHCP messages that carry Option 82. If the DHCP relay agent is disabled from trusting Option 82 using the undo dhcp relay trust option82 command, the device discards the DHCP messages carrying Option 82.
3. Configure strategies for processing Option 82 information on the DHCP relay agent. - Configure the DHCP relay agent to insert the Option 82 field to DHCP messages in a VLAN view. This configuration takes effect on all DHCP messages from this VLAN received on the interfaces of the DHCP relay agent.
a. Enter the VLAN view.
vlan vlan-id
b. Enable the DHCP relay agent to insert the Option 82 field to received DHCP messages.
dhcp option82 { insert | rebuild } enable interface interface-type interface-number1 [ to interface-number2 ]
By default, a DHCP relay agent is disabled from inserting the Option 82 field to received DHCP messages.
c. Return to the system view.
quit
- Configure the DHCP relay agent to insert the Option 82 field to DHCP messages in an interface view. This configuration takes effect on DHCP messages received on the specified interface.
Use the following methods to configure strategies for processing Option 82 information. If both methods are used, method 2 takes effect.
+ Method 1:
1. Enter the interface view.
interface interface-type interface-number
2. Enable the DHCP relay agent to insert the Option 82 field to received DHCP messages.
dhcp option82 { insert | rebuild } enable
By default, a DHCP relay agent is disabled from inserting the Option 82 field to received DHCP messages.
DHCP messages received on the DHCP relay agent may carry the Option 82 field. Select a strategy based on network requirements.
When insert is configured: If a DHCP message does not carry the Option 82 field, the DHCP relay agent inserts the Option 82 field. If a DHCP message carries the Option 82 field, the DHCP relay agent checks the Option 82 field. If the field contains remote-id, the Option 82 field remains unchanged. Otherwise, the DHCP relay agent inserts remote-id.
When rebuild is configured: If a DHCP message does not carry the Option 82 field, the DHCP relay agent inserts the Option 82 field. If a DHCP message carries the Option 82 field, the DHCP relay agent deletes the original Option 82 field and inserts the locally configured Option 82 field.
3. Return to the system view.
quit
+ Method 2:
1. Enter the interface view or sub-interface view.
interface interface-type interface-number [.subinterface-number ] Note: Only the S5720EI, S5720HI, S5730HI, S6720HI, S6720EI, and S6720S-EI support sub-interfaces.
3. Enable the DHCP relay agent to support Option 82.
dhcp relay information enable
By default, a DHCP relay agent does not support Option 82.
4. Configure a strategy for processing Option 82 information on the DHCP relay agent.
dhcp relay information strategy { drop | keep | replace }
The default strategy is replace.
DHCP messages received on the DHCP relay agent may carry the Option 82 field. Select a strategy based on network requirements.
When replace is configured: If a DHCP message does not carry the Option 82 field, the DHCP relay agent inserts the Option 82 field. If a DHCP message carries the Option 82 field, the DHCP relay agent deletes the original Option 82 field and inserts the locally configured Option 82 field.
When drop is configured: If a DHCP message does not carry the Option 82 field, the DHCP relay agent forwards the message directly without processing it. If a DHCP message carries the Option 82 field, the DHCP relay agent discards the Option 82 field and forwards the message.
When keep is configured: If a DHCP message does not carry the Option 82 field, the DHCP relay agent forwards the message directly without processing it. If a DHCP message carries the Option 82 field, the DHCP relay agent retains the Option 82 field and forwards the message.
4. Return to the system view.
quit
4. (Optional) Set the format of the Option 82 field. Configure the format of the Option 82 field in the system or interface view. If the configuration is performed in the system view, it takes effect on all interfaces of the device. If the configuration is performed in an interface view, it takes effect only on the specified interface.
If the strategy for processing Option 82 information is drop or keep on the DHCP relay agent, skip this step.
Notice: + All Option82 fields configured in the system view or in the same interface view share a length of 1-255 bytes. If their total length exceeds 255 bytes, some Option82 information will be lost. + There is no limit on the number of Option 82 fields configured on the device. However, a large number of Option 82 fields will occupy a lot of memory and prolong the device processing time. To ensure device performance, you are advised to configure Option 82 fields based on the service requirements and device memory size.
- In the system view:
Configure the format of the Option 82 field.
dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default | common |
extend | user-defined text }
By default, the Option 82 field is in the default format.
- In the interface view:
a. Enter the interface view.
interface interface-type interface-number
b. Configure the format of the Option 82 field.
dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default | common |
extend | user-defined text }
By default, the Option 82 field is in the default format.
c. Return to the system view.
quit
(Optional) Configuring a Distributed VXLAN Gateway as a DHCP Relay Agent
Context In a distributed VXLAN gateway scenario, the DHCP relay function is configured on VBDIF interfaces of distributed gateways. The value of the GIADDR field carried in a request packet sent from a DHCP relay agent to the DHCP server is the IP address of the VBDIF interface. When returning a response packet, the DHCP server figures out the network segment on which the DHCP client resides based on information of this field. However, the response packet from the DHCP server may be forwarded to other distributed gateways (rather than the device that sends the request packet) because IP addresses of VBDIF interfaces on distributed gateways are the same. As a result, the user cannot obtain an IP address.
Two methods are available to resolve this issue:
Method 1: Configure the re-routing function on the distributed gateway.
After this function is enabled, the IP address of the VBDIF interface is still used for communication between the DHCP relay agent and DHCP server. When the DHCP relay agent sends a Request message, the VTEP IP address of the local device is carried in the Option 82 field to function as the return IP address; when the DHCP server sends a response message, this information is also carried in the message. When processing a response message from the DHCP server, the DHCP relay agent figures out whether the response message corresponds to the Request message sent from the distributed gateway based on the return IP address carried in the message. If so, the DHCP relay agent forwards the message to the client. If not, the DHCP relay agent performs re-routing based on the return IP address to forward the response message to the corresponding distributed gateway through a VXLAN tunnel.
Method 2: Configure the source interface of DHCP relayed messages and configure the function of inserting the Link-selection suboption of the Option 82 field into messages.
After the preceding configurations, the DHCP relay agent enters the primary IP address of the source interface into the giaddr field for communication with the DHCP server. The IP address of the source interface and the DHCP server can communicate with each other, and the IP address is unique among all distributed gateways. Therefore, the response message from the DHCP server can accurately return to the corresponding distributed gateway.
When the DHCP relay agent forwards a DHCP Request message, the Link-selection suboption of the Option 82 field is inserted in the message. The value of this suboption is the interface IP address of the DHCP relay agent. The DHCP server selects an address pool for the client based on the suboption to ensure that an IP address on the correct network segment can be allocated to the client.
The following table lists comparisons between the two methods.
Note: Only the S5720HI, S5730HI, S6720HI, S6720S-EI, and S6720EI support this function.
Prerequisites for Method 1
Because the return IP address is carried in the Option82 field, you need to perform the following operations: 1. Run the dhcp option82 vendor-specific format vendor-sub-option 2 ip-address ip-address command in the system view to use the Sub Option2 field that is customized by the vendor in the Option82 field to carry the VTEP IP address of the local device. 2. Run the dhcp option82 encapsulation vendor-specific-id command in the BD view to insert the sub-option customized by the vendor into the Option82 field. 3. Run the dhcp option82 { insert | rebuild } enable command in the BD view to configure the Option82 field to be inserted into DHCP packets. 4. Run the dhcp relay information enable command in the VBDIF interface view to enable the Option 82 function for the DHCP relay agent.
Procedure
1. Enter the system view.
system-view
2. Create a VBDIF interface and enter the VBDIF interface view.
interface vbdif bd-id Note: The number of a VBDIF interface must match an existing BD ID.
3. Select one configuration method. + Method 1: When the DHCP server is not capable of parsing the Link-selection suboption:
Configure the re-routing function for the DHCP relay agent on a distributed gateway.
dhcp relay anycast gateway re-route enable
By default, the re-routing function for the DHCP relay agent on a distributed gateway is disabled.
+ Method 2: When the DHCP server is capable of parsing the Link-selection suboption:
a. Configure the source interface of DHCP relayed messages and enters the primary IP address of the interface into the giaddr field.
dhcp relay giaddr source-interface interface-type interface-number
By default, the source interface of DHCP relayed messages is not configured and the IP address of the DHCP relay agent is entered into the giaddr field.
Note: Ensure that the IP address of the source interface and the DHCP server can communicate with each other.
b. Configure the function of inserting the Link-selection suboption of the Option 82 field into DHCP messages.
dhcp relay information link-selection insert enable
By default, the Link-selection suboption of the Option 82 field is not inserted into DHCP messages.
Verifying the Configuration
Run the **display dhcp relay** command to check configuration information about the DHCP relay agent.
(Optional) Configuring the Processing Methods of DHCP Ack and DHCP Request Messages
Context
If multiple DHCP servers are deployed on the network, the design of a server does not comply with standards, and a DHCP client requests for an IP address, the server does not provide an IP address for the DHCP client but still replies with a DHCP Ack message. Alternatively, when the server sends a DHCP Offer message, the DHCP server identifier (Option 54) carried in the message is not that of the server. As a result, the Option 54 is incorrect in the DHCP Request message. The preceding issues affect the methods in which a DHCP relay agent processes DHCP Ack and DHCP Request messages, so that the DHCP client fails to obtain an IP address. You can perform the following steps to change the methods in which a DHCP relay agent processes DHCP Ack and DHCP Request messages to ensure that DHCP clients can obtain IP addresses.
Procedure 1. Enter the system view
system-view
2. Configure the DHCP relay agent not to check the DHCP server identifier (Option 54) in a DHCP Request message to be forwarded.
undo dhcp relay request server-match enable
By default, a DHCP relay agent checks the DHCP server identifier (Option 54) in a DHCP Request message to be forwarded.
3. Configure the DHCP relay agent to forward all DHCP Ack messages.
dhcp relay reply forward all enable
By default, a DHCP relay agent forwards only the first received DHCP Ack message.
Verifying the DHCP Relay Agent Configuration
Procedure
- Run the display dhcp relay { all | interface interface-type interface-number } command to view information about the DHCP server or DHCP server group on the interface functioning as a DHCP relay agent.
- Run the display dhcp server group [ group-name ] command to view the configuration of the DHCP server group.