Example for Configuring a DDNS Client (Using the Update Mode Implemented Through the Siemens DDNS Server)
Networking Requirements
In Figure 4-11, Router can function as a web server to provide web services for network users and users can access the web server by sending DNS requests. The domain name of the web server is www.abc.com, corresponding to the IP address of GE1/0/0 on Router.
The IP address of GE1/0/0 on Router may change. As a result, if the mapping relationship between the web server's domain name and the IP address is not updated in time on the DNS server, a user access error may occur. To solve this problem, the administrator configures the DDNS client function and uses the Siemens DDNS server, ensuring that the web server's domain name on the DNS server corresponds to the latest IP address.
There are reachable routes among Router, the DNS server, and the DDNS server and the administrator has implemented user registration on the DDNS server.
Configuration Roadmap
Create a DDNS policy on Router and bind the policy to Router, so that Router can send a request for dynamically updating DNS entries if the IP address of GE1/0/0 on Router changes.
Procedure
- Configure Router.
# Configure a client SSL policy siemens. Assume that the SSL policy uses the default protocol version and cipher suite
<Huawei> system-view [Huawei] sysname Router [Router] pki entity siemens [Router-pki-entity-siemens] common-name hello [Router-pki-entity-siemens] country cn [Router-pki-entity-siemens] state jiangsu [Router-pki-entity-siemens] organization huawei [Router-pki-entity-siemens] organization-unit info [Router-pki-entity-siemens] quit [Router] pki realm siemens [Router-pki-realm-siemens] entity siemens [Router-pki-realm-siemens] ca id ca_root [Router-pki-realm-siemens] enrollment-url http://10.137.145.158:8080/certsrv/mscep/mscep.dll ra [Router-pki-realm-siemens] fingerprint sha1 7bb05ada0482273388ed4ec228d79f77309ea3f4 [Router-pki-realm-siemens] auto-enroll regenerate [Router-pki-realm-siemens] quit [Router] ssl policy siemens type client [Router-ssl-policy-siemens] server-verify enable [Router-ssl-policy-siemens] pki-realm siemens [Router-ssl-policy-siemens] quit
# Create and configure a DDNS policy.
<Huawei> system-view [Huawei] sysname Router [Router] ddns policy mypolicy [Router-ddns-policy-mypolicy] method vendor-specific [Router-ddns-policy-mypolicy] url https://10.2.1.3/nic/update?group=med&user=<username>&password=<password>&myip=<a> username huawei_test password YsHsjx_202206 [Router-ddns-policy-mypolicy] ssl-policy siemens [Router-ddns-policy-mypolicy] quit
- During the configuration, replace 10.2.1.3 with the DDNS server IP address of Siemens.
- By default, the update mode of the DDNS client is vendor-specific. If the default update mode of the device is not modified using the method command, you do not need to run the method vendor-specific command.
# Bind the DDNS policy to GE1/0/0.[Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ddns apply policy mypolicy fqdn www.abc.com [Router-GigabitEthernet1/0/0] quit
When the configuration is complete and the IP address of GE1/0/0 changes, Router notifies the DNS server to update the mapping relationship between the domain name www.abc.com and the IP address, ensuring that users can obtain the latest IP address by parsing the domain name www.abc.com.
- Verify the configuration.
# Run the display ddns policy mypolicy command on Router to check information about the DDNS policy named mypolicy.
<Router> display ddns policy mypolicy Policy name : mypolicy Server : https://10.2.1.3/nic/update?group=med&user=<username>&password=<password>&myip=<a> User name : huawei_test Password : ****** SSL policy : siemens Update method : vendor-specific Update interval : 3600 seconds
# Run the display ddns interface gigabitethernet 1/0/0 command on Router to check information about the DDNS policy of GigabitEthernet1/0/0.
<Router> display ddns interface gigabitethernet 1/0/0 Policies applied on interface GigabitEthernet1/0/0 : ------------------------------------------------------------------------------ Policy name : mypolicy Server : https://10.2.1.3/nic/update?group=med&user=<username>&password=<password>&myip=<a> User name : huawei_test Password : ****** SSL policy : siemens Update method : vendor-specific Update interval : 3600 seconds Current status : ESTABLISH Client FQDN : www.abc.com Client IP : 192.168.10.1 Server IP : - Last update time : 2015-07-23 07:28:53 Last update result : Success
Configuration File
Configuration file of Router
# sysname Router # pki entity siemens country CN state jiangsu organization huawei organization-unit info common-name hello # pki realm siemens ca id ca_root enrollment-url http://10.137.145.158:8080/certsrv/mscep/mscep.dll ra entity siemens auto-enroll regenerate fingerprint sha1 7bb05ada0482273388ed4ec228d79f77309ea3f4 # ssl policy siemens type client pki-realm siemens server-verify enable # ddns policy mypolicy url https://10.2.1.3/nic/update?group=med&user=<username>&password=<password>&myip=<a> username huawei_test password %^%#o:2u<@1H~VkNyxJdJ.B=I\(V@2D=}Ht`G'0]mlAL%^%# ssl-policy siemens # interface GigabitEthernet1/0/0 ddns apply policy mypolicy fqdn www.abc.com # return