No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - IP Services 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - IP Services
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a DHCP Server

Configuring a DHCP Server

A DHCP server selects available IP addresses from the global address pool and assigns these IP addresses to DHCP clients.

Usage Scenario

A DHCP server that uses a global address pool is configured to dynamically assign IP addresses to computers that are indirectly connected to the DHCP server, as shown in Figure 4-3.

Figure 4-3 IP address assignment based on an address pool

Pre-configuration Tasks

Before configuring the DHCP server, complete the following tasks:

  • Implement the connectivity between the DHCP client and server.

  • (Optional) Configure a DNS server.

  • (Optional) Configure a network basic input/output system (NetBIOS) server.

  • (Optional) Configure routes between the DNS server and NetBIOS server.

  • (Optional) Configure the DHCP global address pool option.

Configuration Procedure

Figure 4-4 DHCP server configuration procedure

Configuring IP Address Assignment

IP address assignment includes specifying such basic information as a gateway address and address segments, as well as configuring static binding.

Context

After an address pool is created on the DHCP server, a gateway address and an address segment need to be specified, with the IP addresses in the address segment belonging to the gateway address segment. By default, all IP addresses in the address segment can be assigned to DHCP clients. If the NetBiOS server and DNS server reside in the address segment, fixed IP addresses need to be bound to the servers. Before such binding, the two IP addresses need to be removed from the address segment so that they will not be dynamically assigned to other DHCP clients.

Procedure

  1. Configure the basic functions of IP address assignment.
    1. Run system-view

      The system view is displayed.

    2. Run ip pool ip-pool-name [ server ]

      An address pool is created, and the address pool view is displayed.

      NOTE:

      During first-time address pool creation, the server parameter must be specified. In the address pool view that is displayed after an address pool is created, the server parameter does not need to be specified.

    3. Run gateway ip-address { mask | mask-length }

      The gateway IP address and subnet mask of the address pool are configured.

      If a DHCP client requests an IP address from the DHCP server, the DHCP server notifies the DHCP client of the gateway address and subnet mask using Option 3 and Option 1.

    4. Run section section-index start-ip-address [ end-ip-address ]

      An address segment is configured for the address pool.

    5. (Optional) Run option router disable

      The function of sending the gateway address to DHCP clients is disabled.

      When a carrier has high requirements on network security and does not want carriers to get aware of the gateway address, this command can be used to prohibit the DHCP server from sending DHCP clients Option 3 that contains the gateway address.

      NOTE:

      After the DHCP is disabled from sending the gateway address, run the option33 route command to allow DHCP clients to obtain the target route using Option 33.

    6. (Optional) Run option force-reply { option-code }&<1-16>

      The DHCP option forcibly replied to a DHCP client by a DHCP server is configured.

      The DHCP server does not respond if the DHCP packets received from a DHCP client do not contain some DHCP option information. However, if such option information as option 6 (carrying the DNS server address) is not contained in DHCP packets, the DHCP client fails to be connected. To address the problem, such DHCP options need to be forcibly replied to a client by a DHCP server.

      NOTE:

      If the option router disable command is used to disable the sending of Option 3 (gateway address) in addition to the option force-reply, the configuration of the option router disable command takes effect preferentially due to a higher priority.

  2. (Optional) Configure the static address assignment function.
    1. Run excluded-ip-address start-ip-address [ end-ip-address ]

      The range of IP addresses that cannot be dynamically assigned in an address pool is specified.

      In network planning, some IP addresses need to be assigned to specified hosts, such as the DNS and WWW servers, for long-term use. In this case, you can run this command to configure the range of IP addresses that do not participate in automatic IP address assignment. Repeat this command as needed to specify multiple ranges of IP addresses.

    2. Run static-bind ip-address ip-address mac-address mac-address

      The static address assignment function is configured.

      Fixed IP addresses need to be assigned to specified clients, such as the WWW server. In this case, you can bind an available IP addresses in an address pool with the MAC address of a client.

  3. (Optional) Configure IP address assignment based on Option 60.
    1. Run quit

      The system view is displayed.

    2. Run dhcp server base-option60 enable

      The DHCP server is enabled to assign IP addresses based on Option 60.

      When no relay exists between the DHCP server and DHCP clients, run the client-option60 command to configure the DHCP server to assign IP addresses to DHCP clients in different network segments or VPNs based on the Option 60 information carried in packets sent by the DHCP clients.

    3. Run ip pool ip-pool-name [ server ]

      The address pool view is displayed.

    4. Run client-option60 option60-text

      The Option 60 information is configured in the server address pool.

      If the option60-text parameter configured for a server address pool matches the Option 60 information carried in the packets sent by DHCP clients, the DHCP server assigns IP addresses from the address pool. Otherwise, the DHCP server assigns IP addresses based on the gateway address.

  4. (Optional) Run dhcp reply { unicast-always | broadcast-always }

    The type of the packets sent by the DHCP server as a reply is specified.

  5. (Optional) Run vpn-instance vpn-instance-name

    A VPN instance is configured for the address pool.

    If a VPN has the DHCP service, the address pool created on the DHCP server needs to be bound to a VPN instance.

  6. (Optional) Run quit

    The system view is displayed.

  7. (Optional) Run dhcp server identifier dest-ip

    The DHCP server is enabled to use the destination IP address in the packet forwarded by the DHCP relay as the server identifier.

    This command is used when a DHCP client is connected to a DHCP relay (first PE) over a VPN and the DHCP relay sends a DHCP request to the DHCP server (second PE). The DHCP server assigns an IP address to the DHCP client over the VPN. The server IP address specified by the DHCP server is generally the IP address of a non-public interface on the DHCP server, but the DHCP request is received by a public interface on the DHCP server. By default, the DHCP server uses the inbound interface IP address in the DHCP request (public interface IP address) as the server identifier. As a result, the DHCP client fails to extend the lease. To address this problem, run the dhcp server identifier dest-ip command to enable the DHCP server to use the destination IP address in the packet forwarded by the DHCP relay as the server identifier.

  8. (Optional) Run dhcp server ping { packets packet-number | timeout timeout-interval }

    The maximum number of ping packets that a DHCP server sends and the maximum timeout period of each ping reply are set.

    Before assigning an IP address to a DHCP client, the DHCP server must ping the IP address to check whether this IP address is being used. This prevents address conflicts.

  9. Run commit

    The configuration is committed.

(Optional) Configuring IP Address Management

IP address management includes backing up and restoring data in an address pool, configuring alarm thresholds, and reclaiming IP addresses.

Procedure

  1. Run system-view

    The system view is displayed.

  2. The DHCP server is enabled to save and restore DHCP data.
    1. Run dhcp server database enable

      The DHCP server is enabled to save IP addresses assigned from a DHCP global address pool to a compact flash (CF) card.

      The DHCP server generates the lease.txt and conflict.txt files in the DHCP folder on a CF card. The lease.txt file stores lease information, and the conflict.txt file stores conflicting addresses.

    2. Run dhcp server database write-delay interval

      The interval at which DHCP global address pool data is automatically saved is set.

    3. Run dhcp server database recover

      The DHCP server is enabled to restore DHCP global address pool data from the CF card.

      After this function is enabled, the DHCP server restores DHCP global address pool data from the CF card after system restart.

  3. Configure the address resource alarm function.
    1. Run ip pool ip-pool-name [ server ]

      The address pool view is displayed.

    2. Run warning-threshold threshold-value

      The alarm threshold for the address usage of the address pool is specified.

      If the address usage exceeds a specified threshold, an alarm will be generated. If the address usage falls below 90% of the alarm threshold, this alarm will be cleared.

    3. Run warning-exhaust

      The address exhaustion alarm function is enabled for the address pool.

      When the address pool is exhausted, an alarm will be generated. When the address usage of the address pool falls below 90% of the threshold, this alarm will be cleared.

  4. Configure the IP address reclaiming function.
    1. Run recycle start-ip-address [ end-ip-address ]

      The IP address status is configured as idle.

      When an IP address is being used by an offline client, the IP address can be reclaimed, preventing IP address waste.

    2. Run conflict auto-recycle interval interval-time

      The interval at which conflicting addresses are automatically reclaimed is set.

      If conflicting addresses exist in an address pool, the DHCP server supports automatic IP address reclaiming by default. You can configure an IP address reclaiming interval as follows:
      • If the interval-time value is not 0 and the usage of IP addresses in the address pool exceeds the alarm threshold specified in the warning-threshold command, the server automatically reclaims some conflicting IP addresses and re-assigns them to users when the address conflict time exceeds the interval-time value.
      • If the interval-time value is set to 0, the automatic address reclaim function is disabled, and conflicting addresses will not be assigned to users. In this case, you need to run the reset conflict-ip-address command to reclaim conflicting addresses.

  5. Run lock

    The address pool is locked.

    If you want to delete an address pool that is currently in use, you can run this command to lock the address pool and then delete the address pool after all the users using this address pool go offline.

  6. Run commit

    The configuration is committed.

(Optional) Configuring Address Pool Attributes

Configuring address pool attributes includes specifying an IP address lease, configuring the application server address and customized items. The address pool attributes are contained in option information that is sent by the DHCP server to clients.

Procedure

  • Configure an address lease.
    1. Run system-view

      The system view is displayed.

    2. Run ip pool ip-pool-name

      The address pool view is displayed.

    3. Run lease days [ hours [ minutes ] ]

      An address lease is configured.

      A DHCP server can assign a specific lease to IP addresses in each address pool. All addresses in the same address pool must have the same lease.

    4. Run renewal-time days [ hours [ minutes ] ]

      The renewal time of IP addresses is specified.

    5. Run rebinding-time days [ hours [ minutes ] ]

      The rebinding time of IP addresses is specified.

    6. Run commit

      The configuration is committed.

  • Configure well-known options.
    1. Run sip-server { { ip-address ip-address } &<1-2> | { list server-name } &<1-2> }

      The IP address or name of the SIP server is configured.

      The establishment of multimedia sessions between DHCP clients requires a SIP server to complete user locating, authentication, and authorization.

      The DHCP server notifies DHCP clients of the SIP server address through Option 120.

    2. Run netbios-name-server ip-address &<1-8>

      The NetBIOS server address is configured.

      For Microsoft DHCP clients, the NetBIOS server needs to be used to resolve a domain name to an IP address.

      The DHCP server notifies DHCP clients of the NetBIOS server address through Option 44.

    3. Run netbios-type { b-node | h-node | m-node | p-node }

      The NetBIOS node type is specified.

    4. Run dns-server ip-address &<1-8>

      A DNS server address is specified.

      Before a host accesses the Internet, the DNS server needs to be used to resolve a domain name to an IP address.

      The DHCP server notifies DHCP clients of the DNS server address through Option 6.

    5. Run dns-suffix suffix-name

      A DNS suffix is specified.

      A DHCP client adds a DNS suffix to the domain name and sends it to the DNS server for domain name resolution.

      The DHCP server sends DHCP clients the domain name suffix through Option 15.

    6. Run domain-search-list domain-name

      A search domain name is specified.

      When the first-time domain name resolution for a DHCP client fails, the search domain name needs to be added for another resolution.

      The DHCP server sends DHCP clients the search domain name through Option 119.

    7. Run option33 route dest-ip gateway

      A user route is configured.

      After the option router disable command is executed to disable the DHCP server from sending the gateway address, a user route can be configured to allow DHCP clients to obtain routes towards the target network.

    8. Run option121 ip-address { ip-address mask-length gateway-address } &<1-8>

      A classless static route that a DHCP server assigns to a DHCP client is specified.

    9. Run dhcp option125 [ enterprise-code enterprise-code ] option125-string

      The enterprise code and string of Option 125 are specified.

    10. Run commit

      The configuration is committed.

  • Configure private options.
    1. Run option code { ip { ip-address } &<1-2> | string ascii-string | hex hex-string | cipher cipher-text }

      DHCP sub-options are configured.

      This command can define well-known options except for options 3, 6, 15, 44, 46, 50-55, 57-59, 61, 82, and 119. For configuration details, refer to standard protocols.

      NOTE:
      Customizing the following well-known options is not recommended:
      • If both this command and the dhcp option125 command customize Option 125, the configuration of the latter command takes effect.

      • If both this command and the option33 route command customize Option 33, the configuration of the latter command takes effect.

      • If both this command and the option121 command customize Option 121, the configuration of the latter command takes effect.

    2. Run dhcp client-option client-code client-string reply-option reply-code { suboption reply-sub-code { ip ip-address | string ascii-string | hex hex-string } } &<1-16>

      An option that will be sent as a reply to a user request is specified.

      Currently, an option will be sent as a reply only to a user request that contains Option 60.

    3. Run commit

      The configuration is committed.

(Optional) Configuring DHCP Server Dual-Device Hot Backup

Dual-device hot backup of a DHCP server can be enabled to achieve backup of user session information between devices. When a network node or link experiences an abnormality, fast user service switching is triggered, which enhances service reliability.

Prerequisites

Before configuring DHCP server dual-device hot backup, ensure that the same DHCP server configuration has been performed on the master and slave devices. Otherwise, a master/slave switchover may lead to an abnormality in new user access and user renewal.

Background

As shown in Figure 4-5, the DHCP client is connected to DeviceA and DeviceB over a switch. A VRRP backup group is configured between DeviceA and DeviceB to establish the master/backup relationship, with DeviceA as the master device and DeviceB as the backup device. Both DeviceA and DeviceB serve as a DHCP server to assign IP addresses to DHCP clients.

In normal cases, DeviceA implements new user access and online user renewal. When DeviceA or the link between DeviceA and the switch becomes faulty, a master/backup VRRP switchover is implemented and DeviceB takes over to become the master device. DeviceB can properly perform address assignment for new users and renewal requests for online users only when user session information has been synchronized from DeviceA to DeviceB.

To prevent abnormalities of new user access and online user renewal after a master/backup switchover due to a failure to synchronize user session information from DeviceA to DeviceB, deploy DHCPv4 server dual-device hot backup on DeviceA and DeviceB.

Figure 4-5 DHCPv4 server dual-device hot backup

Perform the following operations on the DHCP servers that back up each other:

Procedure

  1. Configure basic functions of a VRRP backup group.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number [.subinterface-number ]

      The interface view for a VRRP backup group is displayed.

    3. Run vrrp vrid virtual-router-id virtual-ip virtual-address

      A VRRP backup group is created and a virtual IP address is configured.

    4. Run vrrp vrid virtual-router-id preempt-mode timer delay delay-time

      The preemption delay for devices in the VRRP backup group is configured.

      Set the preemption delay value to 0 on the backup device to allow it to become a master device immediately after its priority changes; set the preemption delay to a non-0 value on the master device so that it can preempt the Master state after a specified delay if a master/backup VRRP switchover is performed.

      In DHCP server dual-device hot backup scenarios, to ensure that the master device can completely back up user session information to the backup device, set a preemption delay to over 600s for the master device. Configure the preemption delay to an even larger value when the address pool contains a large number of IP addresses.

    5. Run vrrp vrid virtual-router-id priority priority-value

      A priority is configured for the VRRP backup group.

    6. (Optional) Run vrrp vrid virtual-router-id timer advertise advertise-interval

      The interval for sending VRRP Advertisement packets is configured.

      NOTE:

      The interval for sending VRRP Advertisement packets cannot be less than the time required for master/slave switching. Otherwise, VRRP intermittently goes Down. You are advised to set the interval for sending VRRP Advertisement packets to more than 1 second.

    7. Run commit

      The configuration is committed.

    8. Run quit

      Exit from the interface view.

  2. Configure an RBS.
    1. Run remote-backup-service service-name

      An RBS is created, and the RBS view is displayed.

    2. (Optional) Run bind ssl-policy ssl-policy-name

      An SSL policy is bound to the TCP connection.

    3. Run peer peer-ip-address source source-ip-address port port-id

      TCP connection parameters are configured for the RBS.

      The peer-ip-address parameter specifies the IP address of the peer device that backs up the local device, and the source-ip-address parameter specifies the IP address of the local device that backs up the peer device. The IP address of the peer device must be configured on a main interface, a sub-interface, or a logical interface (loopback interface) on the peer device. The IP address of the local device must be configured on a main interface, a sub-interface, or a logical interface (loopback interface) on the local device. The two IP addresses must be able to ping each other.

      The port-id parameter specifies a listening port number. The TCP port numbers configured on the master and backup devices must be the same.

    4. (Optional) Run batch-backup service-type dhcp-server now

      The user service configured for the RBS is backed up instantly.

    5. Run commit

      The configuration is committed.

    6. Run quit

      The RBS view is exited.

  3. Configure an RBP.
    1. Run remote-backup-profile profile-name

      An RBP is created, and the RBP view is displayed.

    2. Run peer-backup hot

      A backup mode is configured for user information backup between devices.

    3. Run vrrp-id vrid interface interface-type interface-number

      The RBP is bound to the VRRP backup group.

      The vrid parameter specifies the ID of a VRRP backup group. The ID must be the same as the VRRP backup group's ID that was configured using the vrrp vrid virtual-router-id [ virtual-ip virtual-address ] command in the interface view.

    4. Run backup-id backup-id remote-backup-service service-name

      The RBP is associated with the RBS, and the user backup ID for the RBP is set.

      The backup-id parameter specifies a backup ID for the RBP. You can use a backup ID and an RBS to determine an RBP. The backup IDs configured for the same RBP must be the same on the master and backup devices and can no longer be configured for other RBPs.

    5. Run commit

      The configuration is committed.

    6. Run quit

      Exit from the RBP view.

  4. Enable remote backup for the DHCP server.
    1. Run remote-backup-profile profile-name

      The RBP view is displayed.

    2. Run service-type dhcp-server

      Remote backup is enabled for the DHCP server.

      NOTE:

      This command is supported only on the Admin-VS.

    3. Run commit

      The configuration is committed.

    4. Run quit

      Exit from the RBP view.

    5. Run ip pool ip-pool-name [ server ]

      The view of the address pool bound to the RBP is displayed.

      NOTE:

      The server parameter is mandatory when an address pool is created for the first time. After the address pool is created, the address pool view is displayed. The server parameter is optional.

    6. Run remote-backup-profile profile-name

      The RBP is bound to the current address pool.

    7. Run server identifier ip ip-address

      An identifier is configured for the DHCP server.

      If an IP address has been specified as the DHCP server identifier, ensure that routes from the DHCP client to the IP address are reachable so that packets can be properly sent to the DHCP server.

      In case of DHCP server dual-device hot backup:
      • Configure the virtual IP address of the VRRP backup group on the inbound interfaces of the master and slave DHCP servers as the DHCP server identifier.
      • If an IP address has been specified to be included in the current address pool using the server identifier ip command, the IP address cannot be assigned to users.

    8. Run commit

      The configuration is committed.

Verifying the Configuration of a DHCP Server

After configuring the DHCP server, verify the configuration.

Prerequisites

The DHCP server has been configured.

Procedure

  • Run display ip pool

    The address pool configurations and address statistics are displayed.

  • Run display ip pool pool-usage

    The address usage of the address pool is displayed.

  • Run display ip pool max-usage

    The maximum address usage of the address pool is displayed.

  • Run display client-option pool-usage

    The option that will be sent as a reply to a user request is displayed.

  • Run display dhcp server database

    The saved DHCP server data is displayed.

  • Run display remote-backup-profile [ profile-name ]

    Information about the configured RBP is displayed.

  • Run display remote-backup-service [ service-name [ verbose ] ]

    Information about the configured RBS is displayed.

Example

Run the display ip pool name pool-name command to view information about an address pool named huawei.

<HUAWEI> display ip pool name huawei
  Pool-Name      : huawei
  Pool-No        : 1
  Pool-constant-index: -
  Lease          : 3 Days 0 Hours 0 Minutes
  NetBios Type   : N-Node
  Auto recycle   : 30
  Option 3       : Enable
  DNS-Suffix     : --
  Dom-Search-List0: -
  Dom-Search-List1: - 
  Dom-Search-List2: -
  Dom-Search-List3: -
  Option-Code 125 : enterprise-code : 2011, string: -
  Position       : Server          Status           : Unlocked        
  RUI-Flag       : -
  Attribute      : Private         
  Gateway        : 3.3.3.3         Mask             : 255.255.255.0   
  Vpn instance   : --              Unnumbered gateway: -               
  Profile-Name   : -               Server-Name     : -               
  Total Idle     : 97              Have Dhcp IP     : 1
  Timeouts       : 0
  Timeout Count  : 0               Sub Option Count : 0               
  Option Count   : 0               Force-reply Count: 0               
  Codes: CFLCT(conflicted)
  ---------------------------------------------------------------------------------------
  ID           start             end total  used  idle CFLCT disable reserved static-bind
  ---------------------------------------------------------------------------------------
   2         3.3.3.3       3.3.3.100    98     0    97     0       0        0           0
  ---------------------------------------------------------------------------------------

Run the display dhcp server database command to view the data storage and file information about the DHCP server.

<HUAWEI> display dhcp server database
 Status: enable
 Recover from files after reboot: disable
 File saving lease items: cfcard:/dhcp/lease.txt
 File saving conflict items: cfcard:/dhcp/conflict.txt
 Save interval: 300 (seconds)
Run the display remote-backup-profile command to view information about the specified RBP.
<HUAWEI> display remote-backup-profile service1
 -----------------------------------------------
 Profile-Index        : 0x1000
 Profile-Name         : service1
 Service              : dhcp-server 
 Remote-backup-service: service1
 Backup-ID            : 1
 track protocol       : VRRP
 VRRP-ID              : 1
 VRRP-Interface       : Vlanif100
 Access-Control       : --
 State                : Master
 Peer State           : --
 Interface            :
 Backup mode          : hot
 Slot-Number          : --
 Card-Number          : --
 Port-Number          : --
Run the display remote-backup-service command to view information about the specified RBS as well as the TCP connection status.
<HUAWEI> display remote-backup-profile service1
----------------------------------------------------------
 Service-Index    : 1
 Service-Name     : service1
 TCP-State        : Connected
 Peer-ip          : 10.10.10.2
 Source-ip        : 10.10.10.1
 TCP-Port         : 10000
 Track-BFD        : --
 SSL-Policy-Name  : --
 SSL-State        : --
----------------------------------------------------------
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055376

Views: 15739

Downloads: 33

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next