No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring LDRA to Detect Client Locations

Example for Configuring LDRA to Detect Client Locations

Networking Requirements

As shown in Figure 13-9, the R&D department and marketing department of a company connect to the Internet through the Router and obtain IPv6 addresses using DHCPv6. The company requires that the DHCPv6 server assigns different IP addresses, access control policies, and QoS policies to the clients in different departments.

Figure 13-9  Networking diagram for configuring LDRA

Configuration Roadmap

The configuration roadmap is as follows:
  1. Enable DHCP snooping.
  2. Enable LDRA. After LDRA is enabled on the Router, the Router can forward the client location information to the DHCPv6 server, and the DHCPv6 server can assign corresponding policies to the clients.

Procedure

  1. Create a VLAN and configure interfaces.

    # Create VLAN 10 on the Router.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] vlan batch 10
    

    # Add interfaces Eth2/0/0, Eth2/0/1, and Eth2/0/2 to VLAN 10.

    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] port link-type access
    [Router-Ethernet2/0/0] port default vlan 10
    [Router-Ethernet2/0/0] quit
    [Router] interface ethernet 2/0/1
    [Router-Ethernet2/0/1] port link-type access
    [Router-Ethernet2/0/1] port default vlan 10
    [Router-Ethernet2/0/1] quit
    [Router] interface ethernet 2/0/2
    [Router-Ethernet2/0/2] port link-type trunk
    [Router-Ethernet2/0/2] port trunk allow-pass vlan 10
    [Router-Ethernet2/0/2] quit

  2. Enable DHCP snooping.

    # Enable DHCP snooping globally.

    [Router] dhcp enable
    [Router] dhcp snooping enable

    # Enable DHCP snooping on the user-side interfaces.

    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] dhcp snooping enable
    [Router-Ethernet2/0/0] quit
    [Router] interface ethernet 2/0/1
    [Router-Ethernet2/0/1] dhcp snooping enable
    [Router-Ethernet2/0/1] quit

    # Set the status of the interface connecting to the DHCPv6 server to Trusted.

    [Router] interface ethernet 2/0/2
    [Router-Ethernet2/0/2] dhcp snooping trusted
    [Router-Ethernet2/0/2] quit

  3. Enable the LDRA.

    # Enable the LDRA in VLAN 10.

    [Router] vlan 10
    [Router-vlan10] dhcpv6 snooping relay-information enable

    # Disable the interfaces in VLAN 10 from generating DHCP snooping binding entries. After DHCP snooping is enabled, the interfaces will not restrict the number of online users.

    [Router-vlan10] dhcp snooping enable no-user-binding
    Warning: To execute no-user-binding will delete all dynamic binding table with the same vlan. Continue? [Y/N]y   
    [Router-vlan10] quit
    

  4. Verify the configuration.

    # Run the display dhcp snooping configuration command to verify the LDRA configuration.

    [Router] display dhcp snooping configuration
    #                                                                               
    dhcp snooping enable                                                            
    #                                                                               
    vlan 10                                                                         
     dhcp snooping enable no-user-binding
     dhcpv6 snooping relay-information enable
    #                                                                               
    interface Ethernet2/0/0                                                  
     dhcp snooping enable                                                           
    #                                                                               
    interface Ethernet2/0/1                                                  
     dhcp snooping enable                                                           
    #                                                                              
    interface Ethernet2/0/2                
     dhcp snooping trusted                                                          
    #   
    

Configuration Files

Router configuration file

#                                                                               
 sysname Router   
#
vlan batch 10
#                                                                               
dhcp enable                                                                     
#                                                                               
dhcp snooping enable                                                            
#
vlan 10
 dhcp snooping enable no-user-binding
 dhcpv6 snooping relay-information enable
#
interface Ethernet2/0/0
 port link-type access
 port default vlan 10
 dhcp snooping enable  
#
interface Ethernet2/0/1
 port link-type access
 port default vlan 10 
 dhcp snooping enable  
#
interface Ethernet2/0/2
 port link-type trunk                                                           
 port trunk allow-pass vlan 10  
 dhcp snooping trusted
#
return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 126443

Downloads: 231

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next