HP J9726A, J9729A, J9727A, J9728A Multicast and Routing Guide for WB.15.16

Page 1

HP Switch Software

Multicast and Routing Guide for WB.15.16

Abstract

This switch software guide is intended for network administrators and support personnel, and applies to the switch models listed on this page unless otherwise noted. This guide does not provide information about upgrading or replacing switch hardware. The information in this guide is subject to change without notice.

Applicable Products

HP Switch 2920-series:

J9726A J9727A J9728A J9729A

HP Part Number: 5998-6867 Published: October 2014 Edition: 1

Page 2

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Acknowledgments

Microsoft®, Windows®, Windows® XP, and Windows NT® are U.S. registered trademarks of Microsoft Corporation.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Java and Oracle are registered trademarks of Oracle and/or its affiliates.

Warranty

For the software end user license agreement and the hardware limited warranty information for HP Networking products, visit www.hp.com/

networking.

Page 3

1 Multimedia Traffic Control with IP Multicast (IGMP).........................................7

Overview................................................................................................................................7

IGMP general operation and features..........................................................................................7

IGMP operating features.......................................................................................................7

Basic operation...............................................................................................................7

Enhancements.....................................................................................................................7

Number of IP multicast addresses allowed...............................................................................8

Configuring and displaying IGMP (CLI).......................................................................................8

Viewing IGMP configuration for VLANs..................................................................................8

Viewing the current IGMP configuration..................................................................................9

Viewing IGMP high level statistics for all VLANs on the switch..................................................10

Viewing IGMP historical counters for a VLAN........................................................................11

Viewing IGMP group address information.............................................................................11

Viewing IGMP group information for a VLAN with a filtered address........................................12

Enabling or disabling IGMP on a VLAN...............................................................................12

Configuring per-port IGMP traffic filters.................................................................................13

Configuring the querier function...........................................................................................13

Configuring static multicast groups.......................................................................................14

How IGMP operates...............................................................................................................14

Operation with or without IP addressing................................................................................15

Automatic fast-leave IGMP..................................................................................................15

Default (enabled) IGMP operation solves the "delayed leave" problem.................................17

Configuring fast-leave IGMP...........................................................................................17

Forced fast-leave IGMP.......................................................................................................17

Configuring forced fast-leave IGMP.................................................................................18

Configuring fast learn.........................................................................................................18

Configuring delayed group flush..........................................................................................18

IGMP proxy forwarding...........................................................................................................19

How IGMP proxy forwarding works.....................................................................................19

Configuring IGMP proxy (CLI)..............................................................................................20

Adding or leaving a multicast domain..............................................................................20

VLAN context command.....................................................................................................21

IGMP proxy show command...............................................................................................21

Operating notes for IGMP proxy forwarding.....................................................................22

Using the switch as querier......................................................................................................23

Well-known or reserved multicast addresses excluded from IP multicast filtering...............................24

IP multicast filters....................................................................................................................24

Reserved addresses excluded from IP multicast filtering............................................................25

2 Multimedia Traffic Control with IP Multicast (IGMP) v2 NG............................26

IGMP V2 NG Overview..........................................................................................................26

Features overview..............................................................................................................26

IGMP Context Commands...................................................................................................26

Enabling delayed flush on IGMP.....................................................................................26

Configuring Fast-Learn IGMP..........................................................................................27

VLAN Context Commands..................................................................................................27

Enabling or Disabling IGMP on a VLAN..........................................................................27

Configuring the Querier Function.....................................................................................27

Configuring the IGMP Query Interval...............................................................................27

Configuring Per-Port IGMP Traffic Filters............................................................................27

Configuring Fast-Leave IGMP..........................................................................................28

Configuring Forced Fast-Leave IGMP................................................................................28

Contents 3

Page 4

Configuring Static Multicast Groups.................................................................................28

Show Commands...............................................................................................................28

Viewing the current IGMP configuration and status............................................................28

Statistics and State commands.............................................................................................31

Help function commands.........................................................................................................32

3 IP Routing Features...................................................................................36

Overview..............................................................................................................................36

IP interfaces......................................................................................................................36

IP tables and caches..........................................................................................................36

ARP cache table...........................................................................................................36

ARP cache...............................................................................................................37

IP route table................................................................................................................37

Routing paths...........................................................................................................37

Administrative distance.............................................................................................37

IP forwarding cache......................................................................................................37

IP route exchange protocols.................................................................................................38

IP global parameters for routing switches..............................................................................38

ARP age timer...................................................................................................................40

IP interface parameters for routing switches...........................................................................41

Configuring IP parameters for routing switches............................................................................42

Configuring ARP parameters...............................................................................................42

How ARP works............................................................................................................42

Configuring forwarding parameters......................................................................................43

Enabling forwarding of directed broadcasts......................................................................43

Enabling forwarding of IP directed broadcasts (CLI)......................................................44

Configuring ICMP...................................................................................................................44

Disabling ICMP messages...................................................................................................44

Disabling replies to broadcast ping requests..........................................................................44

Disabling ICMP destination unreachable messages................................................................45

Disabling all ICMP unreachable messages.......................................................................45

Disabling ICMP redirects.....................................................................................................45

Configuring static IP routes.......................................................................................................45

Static route types...............................................................................................................46

Other sources of routes in the routing table............................................................................46

Static IP route parameters....................................................................................................46

Static route states follow VLAN states....................................................................................46

Configuring a static IP route................................................................................................47

Viewing static route information...........................................................................................48

Configuring the default route...............................................................................................48

Configuring ECMP routing for static IP routes..............................................................................49

Viewing the current IP load-sharing configuration........................................................................49

Configuring RIP......................................................................................................................50

Overview of RIP.................................................................................................................50

RIP parameters and defaults................................................................................................51

RIP global parameters....................................................................................................51

RIP interface parameters.................................................................................................51

Configuring RIP parameters.................................................................................................52

Enabling RIP.................................................................................................................52

Enabling RIP on the routing switch and entering the RIP router context..............................52

Enabling IP RIP on a VLAN.............................................................................................53

Changing the RIP type on a VLAN interface.....................................................................54

Changing the cost of routes learned on a VLAN interface...................................................54

Configuring RIP redistribution...............................................................................................54

4 Contents

Page 5

Defining RIP redistribution filters......................................................................................54

Configuring for redistribution......................................................................................55

Modifying default metric for redistribution.........................................................................55

Enabling RIP route redistribution......................................................................................55

Changing the route loop prevention method..........................................................................56

Viewing RIP information......................................................................................................56

Viewing general RIP information......................................................................................56

Viewing RIP interface information....................................................................................58

Viewing RIP peer information..........................................................................................59

Viewing RIP redistribution information..............................................................................60

Viewing RIP redistribution filter (restrict) information............................................................60

Configuring IRDP....................................................................................................................60

Enabling IRDP globally.......................................................................................................61

Enabling IRDP on an individual VLAN interface.....................................................................61

Viewing IRDP information....................................................................................................62

Configuring DHCP relay..........................................................................................................63

Overview..........................................................................................................................63

DHCP packet forwarding....................................................................................................63

Unicast forwarding........................................................................................................63

Broadcast forwarding....................................................................................................63

Prerequisites for DHCP relay operation.................................................................................64

Enabling DHCP relay.........................................................................................................64

Configuring an IP helper address.........................................................................................64

Operating notes............................................................................................................64

Verifying the DHCP relay configuration.................................................................................64

Viewing the DHCP relay setting.......................................................................................64

Viewing DHCP helper addresses.....................................................................................65

DHCP Option 82...............................................................................................................65

Option 82 server support...............................................................................................66

General DHCP Option 82 requirements and operation......................................................67

Requirements...........................................................................................................67

General DHCP-relay operation with Option 82.............................................................67

Option 82 field content..................................................................................................68

Remote ID...............................................................................................................68

Circuit ID.................................................................................................................69

Forwarding policies.......................................................................................................70

Configuration options for managing DHCP client request packets........................................70

Multiple Option 82 relay agents in a client request path.....................................................71

Validation of server response packets...............................................................................71

Multinetted VLANs........................................................................................................72

Configuring Option 82..................................................................................................73

Example of Option 82 configuration...........................................................................74

Operating notes............................................................................................................75

UDP broadcast forwarding......................................................................................................76

Overview..........................................................................................................................76

Subnet masking for UDP forwarding addresses......................................................................77

Configuring and enabling UDP broadcast forwarding.............................................................77

Globally enabling UDP broadcast forwarding...................................................................77

Configuring UDP broadcast forwarding on individual VLANs..............................................77

Viewing the current IP forward-protocol configuration.........................................................78

Operating notes for UDP broadcast forwarding.................................................................79

Maximum number of entries.......................................................................................79

TCP/UDP port number ranges....................................................................................79

Contents 5

Page 6

Messages related to UDP broadcast forwarding................................................................80

Index.........................................................................................................81

6 Contents

Page 7

1 Multimedia Traffic Control with IP Multicast (IGMP)

Overview

This chapter describes multimedia traffic control with IP multicast-Internet Group Management Protocol (IGMP) controls to reduce unnecessary bandwidth usage on a per-port basis, and how to configure it with the switch's built-in interfaces. For general information about IGMP, see “IGMP

general operation and features” (page 7).

NOTE: The use of static multicast filters is described in the chapter titled "Traffic/Security Filters"

in the Access Security Guide for your HP switch.

IGMP general operation and features

In a network where IP multicast traffic is transmitted for various multimedia applications, you can use the switch to reduce unnecessary bandwidth usage on a per-port basis by configuring IGMP. In the factory default state (IGMP disabled), the switch simply floods all IP multicast traffic it receives on a given VLAN through all ports on that VLAN (except the port on which it received the traffic.) This can result in significant and unnecessary bandwidth usage in networks where IP multicast traffic is a factor. Enabling IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch.

IGMP is useful in multimedia applications such as LAN TV, desktop conferencing, and collaborative computing, where there is multipoint communication, that is, communication from one to many hosts, or communication originating from many hosts and destined for many other hosts. In such multipoint applications, IGMP is configured on the hosts, and multicast traffic is generated by one or more servers (inside or outside of the local network.) Switches in the network (that support IGMP) can then be configured to direct the multicast traffic to only the ports where needed. If multiple VLANs are configured, you can configure IGMP on a per-VLAN basis.

Enabling IGMP allows detection of IGMP queries and report packets used to manage IP multicast traffic through the switch. If no other querier is detected, the switch then also functions as the querier. If you need to disable the querier feature, do so through the IGMP configuration MIB, see

“Configuring the querier function” (page 13).

NOTE: IGMP configuration on the switches operates at the VLAN context level. If you are not

using VLANs, configure IGMP in VLAN 1 (the default VLAN) context.

IGMP operating features

Basic operation

In the factory default configuration, IGMP is disabled. To enable IGMP

• If multiple VLANs are not configured:

Configure IGMP on the default VLAN (DEFAULT_VLAN; VID=1.)

• If multiple VLANs are configured:

Configure IGMP on a per-VLAN basis for every VLAN where this feature is to be used.

Enhancements

With the CLI, you can configure these additional options:

You can use the console to configure individual ports to any of the following states:Auto/blocked/forward Auto (Default) Causes the switch to interpret IGMP packets and to filter IP multicast

traffic based on the IGMP packet information for ports belonging to a multicast

Overview 7

Page 8

group. This means that IGMP traffic will be forwarded on a specific port only if an IGMP host or multicast router is connected to the port.

Blocked Causes the switch to drop all IGMP transmissions received from a specific

port. Outgoing queries are not blocked on the port.

Forward Causes the switch to forward all IGMP and IP multicast transmissions through

the port.

Operation with or without IP addressing

Querier capability

This feature helps to conserve IP addresses by enabling IGMP to run on VLANs that do not have an IP address. See “Operation with or without IP addressing” (page 15).

The switch performs this function for IGMP on VLANs having an IP address when there is no other device in the VLAN acting as querier. See “Using the switch as querier” (page 23).

To configure high priority settings for traffic, see “Quality of Service: managing bandwidth more effectively” in the Advanced Traffic Management Guide.

NOTE: Whenever IGMP is enabled, the switch generates an Event Log message indicating

whether querier functionality is enabled. IP multicast traffic groups are identified by IP addresses in the range of 224.0.0.0 to

239.255.255.255. Also, incoming IGMP packets intended for reserved, or "well-known" multicast addresses, automatically flood through all ports (except the port on which the packets entered the switch.) For more on this topic, see “Well-known or reserved multicast addresses excluded from IP

multicast filtering” (page 24).

For more information about IGMP, see “How IGMP operates” (page 14).

Number of IP multicast addresses allowed

The number of IGMP filters (addresses) and static multicast filters available is 2,038. Additionally, 16 static multicast filters are allowed, If multiple VLANs are configured, then each filter is counted once per VLAN in which it is used.

Configuring and displaying IGMP (CLI)

Viewing IGMP configuration for VLANs

Syntax:

show ip igmp [vlan <vid>] Displays IGMP configuration for a specified VLAN or for all VLANs on the switch.

8 Multimedia Traffic Control with IP Multicast (IGMP)

Page 9

Example 1 Displaying IGMP status for a VLAN

HP Switch(config)# show ip igmp vlan 1

IGMP Service Protocol Info

Total VLANs with IGMP enabled : 30 Current count of multicast groups joined : 20 VLAN ID : 2 VLAN Name : VLAN2 IGMP version : 2 Querier Address : 10.255.128.2 Querier Port : 1 Querier UpTime : 1h 51m 59s Querier Expiration Time : 2min 5sec Ports with multicast routers: 1, 5-6

Active Group Addresses Type Expires Ports Reports Queries

---------------------- --------- ----------- ------ ------- -------

226.0.6.7 Filter 2min 5sec 1 10 10

226.0.6.8 Standard 3min 20sec 2 20 20

Viewing the current IGMP configuration

Syntax:

show ip igmp config

Displays IGMP configuration for all VLANs on the switch.

Syntax:

show ip igmp vlan <vid> config

Displays IGMP configuration for a specific VLAN on the switch, including per-port data.

For IGMP operating status, see the section "Internet Group Management Protocol (IGMP) status" in the chapter "Monitoring and Analyzing Switch Operation" of the Management and Configuration Guide for your switch.

Example:

Suppose you have the following VLAN and IGMP configurations on the switch:

QuerierIGMP enabledVLAN nameVLAN ID

NoYesDEFAULT_VLAN1

YesYesVLAN-222

YesNoVLAN-333

You could use the CLI to display this data as follows:

Configuring and displaying IGMP (CLI) 9

Page 10

Example 2 Listing of IGMP configuration for all VLANs in the switch

HP Switch(config)# show ip igmp config

IGMP Service Config

Control unknown multicast [Yes] : Yes Forced fast leave timeout [0] : 4 Delayed flush timeout [0] : 0

VLAN ID VLAN Name IGMP Enabled Querier Allowed Querier Interval

------- ------------ ------------ --------------- --------------- 1 DEFAULT_VLAN Yes No 125 22 VLAN-2 Yes Yes 125 33 VLAN-3 No Yes 125

The following version of the show ip igmp command includes the VLAN ID (vid) designation, and combines the above data with the IGMP per-port configuration:

Example 3 Listing of IGMP configuration for a specific VLAN

HP Switch(config)# show ip igmp vlan 2 config

IGMP Service VLAN Config

VLAN ID : 22 VLAN Name : VLAN-2 IGMP Enabled [No] : Yes Querier Allowed [Yes] : Yes

Port Type | Port Mode Forced Fast Leave Fast Leave

IGMP configuration for the selected VLAN.

IGMP configuration on the individual ports in the VLAN.

Viewing IGMP high level statistics for all VLANs on the switch

Syntax:

show ip igmp statistics

10 Multimedia Traffic Control with IP Multicast (IGMP)

Page 11

Example 4 Displaying statistics for IGMP joined groups

HP Switch(config)# show ip igmp statistics

IGMP Service Statistics

Total VLAN's with IGMP enabled: 33 Current count of multicast groups joined: 21

IGMP Joined Group Statistics

VLAN ID VLAN Name Total Filtered Standard Static

------- ------------------------ ------ -------- -------- ----- 1 DEFAULT_VLAN 52 50 0 2 22 VLAN-2 80 75 5 0 33 VLAN-3 1100 1000 99 1

Viewing IGMP historical counters for a VLAN

Syntax:

show ip igmp vlan <vid> counters

Example 5 Display of IGMP historical counters for a VLAN

HP Switch(config)# show ip igmp vlan 1 counters

IGMP service Vlan counters

VLAN ID : 1 VLAN Name : DEFAULT_VLAN

General Query Rx : 58 General Query Tx : 58 Group Specific Query Rx : 3 Group Specific Query Tx : 3 V1 Member Report Rx : 0 V2 Member Report Rx : 2 V3 Member Report Rx : 0 Leave Rx : 0 Unknown IGMP Type Rx : 0 Unknown Pkt Rx : 0 Forward to Routers Tx Counter : 0 Forward to Vlan Tx Counter : 0 Port Fast Leave Counter : 0 Port Forced Fast Leave Counter : 0 Port Membership Timeout Counter : 0

Viewing IGMP group address information

Syntax:

show ip igmp groups

Configuring and displaying IGMP (CLI) 11

Page 12

Example 6 Displaying IGMP groups address information

HP Switch(vlan-2)# show ip igmp groups

IGMP Group Address Information

VLAN ID Group Address Expires UpTime Last Reporter | Type

------- ------------- --------- ---------- ------------- + -----22 239.20.255.7 1h 2m 5s 1h 14m 5s 192.168.0.2 | Filter 22 239.20.255.8 1h 2m 5s 1h 14m 5s 192.168.0.2 | Standard 22 239.20.255.9 1h 2m 5s 1h 14m 5s 192.168.0.2 | Static

Viewing IGMP group information for a VLAN with a filtered address

Syntax:

show ip igmp vlan <vid> group <ip-addr>

Example 7 Group information for a VLAN with a filtered address group

HP Switch(config)# show ip igmp vlan 22 group 239.20.255.7

IGMP Service Protocol Group Info

VLAN ID: 22 VLAN NAME: VLAN-2

Filtered Group Address: 239.20.255.7 Last Reporter: 192.168.0.2 Up Time: 1 hr 14 min 5 sec

Port| Port Type | Port Mode | Expires | Access

----+---------------+ ----------+------------------------------- A1 | 100/1000T | Auto | 1hr 2min 5sec | Host

Enabling or disabling IGMP on a VLAN

You can enable IGMP on a VLAN, along with the last-saved or default IGMP configuration (whichever was most recently set), or you can disable IGMP on a selected VLAN.

Syntax:

[no] ip igmp Enables IGMP on a VLAN. This command must be executed in a VLAN context.

Example 8 Enabling IGMP on VLAN 1

HP Switch(vlan-1)# vlan 1 ip igmp

– or –

HP Switch(vlan-1)# ip igmp

Example 9 Disabling IGMP on VLAN 1

HP Switch(config)# no vlan 1 ip igmp

NOTE: If you disable IGMP on a VLAN and then later re-enable IGMP on that VLAN, the switch

restores the last-saved IGMP configuration for that VLAN. For more information on how switch memory operates, see the chapter "Switch Memory and Configuration" in the Management and Configuration Guide for your switch.

12 Multimedia Traffic Control with IP Multicast (IGMP)

Page 13

You can also combine the ip igmp command with other IGMP-related commands, as described in the following sections.

Configuring per-port IGMP traffic filters

Syntax:

vlan <vid> ip igmp [ auto <port-list> | blocked <port-list> | forward <port-list> ]

Used in the VLAN context, specifies how each port should handle IGMP traffic. Default: auto.

NOTE: Where a static multicast filter is configured on a port, and an IGMP filter

created by this command applies to the same port, the IGMP filter overrides the static multicast filter for any inbound multicast traffic carrying the same multicast address as is configured in the static filter. See section "Filter Types and Operation" in the "Port Traffic Controls" chapter of the Management and Configuration Guide for your switch.

Example:

Suppose you want to configure IGMP as follows for VLAN 1 on the 100/1000T ports on a module in slot 1:

autoPorts 1-2

For a description of the default behavior of data-driven switches, see “Automatic

fast-leave IGMP” (page 15).

Depending on the privilege level, you could use one of the following commands to configure IGMP on VLAN 1 with the above settings:

HP Switch(config)# vlan 1 ip igmp auto 1,2 forward 3,4 blocked 5,6

HP Switch(vlan-1)# ip igmp auto 1,2 forward 3,4 blocked 5,6

The following command displays the VLAN and per-port configuration resulting from the above commands.

HP Switch> show igmp vlan 1 config

Configuring the querier function

Filter multicast traffic. Forward IGMP traffic to hosts on these ports that belong to the multicast group for which the traffic is intended. (Also forward any multicast traffic through any of these ports that is connected to a multicast router.)

Forward all multicast traffic through this port.forwardPorts 3-4

Drop all multicast traffic received from devices on these ports.blockedPorts 5-6

Syntax:

[no] vlan <vid> ip igmp querier This command disables or re-enables the ability for the switch to become querier

if necessary. The no version of the command disables the querier function on the switch. The

show ip igmp config command displays the current querier command. Default querier capability: Enabled

Configuring and displaying IGMP (CLI) 13

Page 14

Configuring static multicast groups

Use this command to configure a group on the switch so that multicast traffic for that group can be forwarded with a receiver host. Traffic will be flooded for this group.

Syntax:

[no] ip igmp static-group <group-address>

NOTE: This command must be issued in a VLAN context.

Creates the IGMP static group with the specified <group address> on the selected VLAN. The no form of the command deletes the static group on the selected VLAN.

How IGMP operates

IGMP is an internal protocol of the IP suite. IP manages multicast traffic by using switches, multicast routers, and hosts that support IGMP. A multicastrouter is not necessary as long as a switch is configured to support IGMP with the querier feature enabled. A set of hosts, routers, and/or switches that send or receive multicast data streams to or from the same sources is called a multicast group, and all devices in the group use the same multicast group address. The multicast group running version 2 of IGMP uses three fundamental types of messages to communicate:

Query

Report (Join)

Leave group

A message sent from the querier (multicast router or switch) asking for a response from each host belonging to the multicast group. If a multicast router supporting IGMP is not present, the switch must assume this function to elicit group membership information from the hosts on the network. If you need to disable the querier feature, do so through the CLI using the IGMP configuration MIB, see “Configuring the querier function” (page 13).

A message sent by a host to the querier to indicate that the host wants to be or is a member of a given group indicated in the report message.

A message sent by a host to the querier to indicate that the host has ceased to be a member of a specific multicast group.

NOTE:

IGMP version 3 support: When an IGMPv3 Join is received by the switch, it accepts the host request

and begins to forward the IGMP traffic. This means that ports that have not joined the group and are not connected to routers or the IGMP Querier will not receive the group's multicast traffic.

The switch does not support the IGMPv3 "Exclude Source" or "Include Source" options in the Join Reports. Rather, the group is simply joined from all sources.

The switch does not support becoming a version 3 Querier. It becomes a version 2 Querier in the absence of any other Querier on the network.

An IP multicast packet includes the multicast group (address) to which the packet belongs. When an IGMP client connected to a switch port needs to receive multicast traffic from a specific group, it joins the group by sending an IGMP report (join request) to the network. (The multicast group specified in the join request is determined by the requesting application running on the IGMP client.) When a networking device with IGMP enabled receives the join request for a specific group, it forwards any IP multicast traffic it receives for that group through the port on which the join request was received. When the client is ready to leave the multicast group, it sends a Leave Group message to the network and ceases to be a group member. When the leave request is detected, the appropriate IGMP device ceases transmitting traffic for the designated multicast group through the port on which the leave request was received (as long as there are no other current members of that group on the affected port.)

Thus, IGMP identifies members of a multicast group (within a subnet) and allows IGMP-configured hosts (and routers) to join or leave multicast groups.

14 Multimedia Traffic Control with IP Multicast (IGMP)

Page 15

To display IGMP data showing active group addresses, reports, queries, querier access port, and active group address data (port, type, and access), see section "Internet Group Management Protocol (IGMP) Status" in appendix B, "Monitoring and Analyzing Switch Operation" of the Management and Configuration Guide for your switch.

Operation with or without IP addressing

You can configure IGMP on VLANs that do not have IP addressing. The benefit of IGMP without IP addressing is a reduction in the number of IP addresses you have to use and configure. This can be significant in a network with a large number of VLANs. The limitation on IGMP without IP addressing is that the switch cannot become Querier on any VLANs for which it has no IP address—so the network administrator must ensure that another IGMP device will act as Querier. It is also advisable to have an additional IGMP device available as a backup Querier. See Table 1.

Table 1 Comparison of IGMP operation with and without IP addressing

IGMP function available with IP addressing configured on the VLAN

the VLAN that has received a join request for that multicast group.

(the default)/Blocked, or Forward.

or high-priority forwarding.

IGMP client on a port in the VLAN leaves the group. This can be a multicast router or another switch

Fast-Leave IGMP (below.)

without

addressing?

YesAge-out IGMP group addresses when the last

YesSupport Fast-Leave IGMP and Forced

Operating differences without an IP addressAvailable

NoneYesForward multicast group traffic to any port on

NoneYesForward join requests (reports) to the Querier.

NoneYesConfigure individual ports in the VLAN to Auto

NoneYesConfigure IGMP traffic forwarding to normal

Requires that another IGMP device in the VLAN has an IP address and can operate as Querier.

configured for IGMP operation. (HP recommends that the VLAN also include a device operating as a backup Querier in case the device operating as the primary Querier fails for any reason.)

Querier operation not available.NoSupport automatic Querier election.

Querier operation not available.NoOperate as the Querier.

Querier operation not available.NoAvailable as a backup Querier.

Automatic fast-leave IGMP

Depending on the switch model, fast-leave is enabled or disabled in the default configuration.

Switch model or series

Switch 6600 Switch 6400cl

Data-driven IGMP included?

setting

Always EnabledYesSwitch 8200zl

Default IGMP behaviorIGMP fast-leave

Drops unjoined mulitcast traffic except for always-fowarded traffic toward the Querier or multicast routers and out of IGMP-forward ports. Selectively forwards joined multicast

How IGMP operates 15

Page 16

Switch model or series

Data-driven IGMP included?

Default IGMP behaviorIGMP fast-leave

setting

Switch 6200yl Switch 5400zl Switch 5300xl Switch 4200vl Switch 3500 Switch 3500yl Switch 3400cl Switch 2910 Switch 2900 Switch 2610 Switch 2510 Switch 2500

Switch 2600-PWR Switch 4100gl Switch 6108

NoSwitch 2600

Disabled in the default configuration

traffic, except on IGMP-forward ports, which forward all multicast traffic.

IGMP fast-leave disabled in the default configuration. Floods unjoined multicast traffic to all ports. Selectively forwards joined multicast traffic, except on IGMP-forward ports, which forward all multicast traffic.

On switches that do not support data-driven IGMP, unregistered multicast groups are flooded to the VLAN rather than pruned. In this scenario, fast-leave IGMP can actually increase the problem of multicast flooding by removing the IGMP group filter before the Querier has recognized the IGMP leave. The Querier will continue to transmit the multicast group during this short time, and because the group is no longer registered, the switch will then flood the multicast group to all ports.

On HP switches that do support data-driven IGMP ("Smart" IGMP), when unregistered multicasts are received the switch automatically filters (drops) them. Thus, the sooner the IGMP leave is processed, the sooner this multicast traffic stops flowing.

Because of the multicast flooding problem mentioned above, the IGMP fast-leave feature is disabled by default on all HP switches that do not support data-driven IGMP (see the table above.) The feature can be enabled on these switches via an SNMP set of this object:

hpSwitchIgmpPortForceLeaveState.<vid>.<port number>

However, HP does not recommend this because it will increase the amount of multicast flooding during the period between the client's IGMP leave and the Querier's processing of that leave. For more information on this topic, see “Forced fast-leave IGMP” (page 17).

If a switch port has the following characteristics, the fast-leave operation will apply:

• Connected to only one end node.

• The end node currently belongs to a multicast group, that is, is an IGMP client.

• The end node subsequently leaves the multicast group.

Then the switch does not need to wait for the Querier status update interval, but instead immediately removes the IGMP client from its IGMP table and ceases transmitting IGMP traffic to the client. (If the switch detects multiple end nodes on the port, automatic fast-leave does not activate—regardless of whether one or more of these end nodes are IGMP clients.)

In Figure 1, automatic fast-leave operates on the switch ports for IGMP clients "3A" and "5A," but not on the switch port for IGMP clients "7A" and "7B," server "7C," and printer "7D."

16 Multimedia Traffic Control with IP Multicast (IGMP)

Page 17

Figure 1 Example of automatic fast-leave IGMP criteria

When client "3A" running IGMP is ready to leave the multicast group, it transmits a Leave Group message. Because the switch knows that there is only one end node on port A3, it removes the client from its IGMP table and halts multicast traffic (for that group) to port A3. If the switch is not the Querier, it does not wait for the actual Querier to verify that there are no other group members on port A3. If the switch itself is the Querier, it does not query port A3 for the presence of other group members.

Fast-leave operation does not distinguish between end nodes on the same port that belong to different VLANs. Thus, for example, even if all of the devices on port A6 in Figure 1 belong to different VLANs, fast-leave does not operate on port A6.

Default (enabled) IGMP operation solves the "delayed leave" problem

Fast-leave IGMP is enabled by default. When fast-leave is disabled and multiple IGMP clients are connected to the same port on an IGMP device (switch or router), if only one IGMP client joins a given multicast group, then later sends a Leave Group message and ceases to belong to that group, the switch automatically retains that IGMP client in its IGMP table and continues forwarding IGMP traffic to the IGMP client until the Querier triggers confirmation that no other group members exist on the same port. This delayed leave operation means that the switch continues to transmit unnecessary multicast traffic through the port until the Querier renews multicast group status.

Configuring fast-leave IGMP

For information about fast-leave IGMP, see “Automatic fast-leave IGMP” (page 15).

Syntax:

[no] ip igmp fastleave <port-list> Enables IGMP fast-leaves on the specified ports in the selected VLAN. The no form of the command disables IGMP fast-leave on the specified ports in the

selected VLAN. Use show running to display the ports per-VLAN on which fast-leave is disabled. Default: Enabled

Forced fast-leave IGMP

When enabled, forced fast-leave IGMP speeds up the process of blocking unnecessary IGMP traffic to a switch port that is connect ed to multiple end nodes. (This feature does not activate on ports where the switch detects only one end node.) For example, in Figure 1 (page 17), even if you configured forced fast-leave on all ports in the switch, the feature would activate only on port A6 (which has multiple end nodes) when a Leave Group request arrived on that port.

When a port having multiple end nodes receives a Leave Group request from one end node for a given multicast group "X," forced fast-leave activates and waits a small amount of time to receive a join request from any other group "X" member on that port. If the port does not receive a join request for that group within the forced-leave interval, the switch then blocks any further group "X" traffic to the port.

How IGMP operates 17

Page 18

Configuring forced fast-leave IGMP

For information about forced fast-leave, see “Forced fast-leave IGMP” (page 17).

Syntax:

[no] vlan <vid> ip igmp forcedfastleave <port-list> Enables IGMP forced fast-leave on the specified ports in the selected VLAN, even

if they are cascaded. The no form of the command disables forced fast-leave on the specified ports in

the selected VLAN. Use show running to display the ports per-VLAN on which forced fast-leave is

enabled. Default: Disabled

show running-config

Configuring fast learn

The fast learn option allows fast convergence of multicast traffic after a topology change. This command is executed in the global config context.

Syntax:

[no] igmp fastlearn <port-list> This command enabled fast learn on the specified ports. The no form of the command

disables the fast learn function on the specified ports. Default: Disabled

Example:

To enable fastlearn on ports 5 and 6:

HP Switch(config)# igmp fastlearn 5-6

Configuring delayed group flush

Displays a non-default IGMP forced fast-leave configuration on a VLAN. The show running-config output does not include forced fast-leave if it is set to the default of 0.

Can be used when there are multiple devices attached to a port.forcedfastleave

When enabled, this feature continues to filter IGMP groups for a specified additional period of time after IGMP leaves have been sent. The delay in flushing the group filter prevents unregistered traffic from being forwarded by the server during the delay period. In practice, this is rarely necessary on the switches, which support data-driven IGMP. (Data-driven IGMP, which is enabled by default, prunes off any unregistered IGMP streams detected on the switch.)

Syntax:

igmp delayed-flush <0-255>

Where leaves have been sent for IGMP groups, enables the switch to continue to flush the groups for a specified period of time. This command is applied globally to all IGMP-configured VLANs on the switch.

Range: 0 - 255; Default: Disabled (0)

Syntax:

show igmp delayed-flush

Displays the current igmp delayed-flush setting.

18 Multimedia Traffic Control with IP Multicast (IGMP)

Page 19

IGMP proxy forwarding

When a network has a border router connecting a PIM-SM domain to a PIM-DM domain, the routers that are completely within the PIM-DM domain have no way to discover multicast flows in the PIM-SM domain. When an IGMP join occurs on a router entirely within the PIM-DM domain for a flow that originates within the PIM-SM domain, it is never forwarded to the PIM-SM domain.

The IGMP proxy is a way to propagate IGMP joins across router boundaries. The proxy triggers the boundary router connected to a PIM-SM domain to query for multicast flows and forward them to the PIM-DM domain. IGMP needs to be configured on all VLAN interfaces on which the proxy is to be forwarded or received, and PIM-DM must be running for the traffic to be forwarded.

You can configure an IGMP proxy on a selected VLAN that will forward IP joins (reports) and IGMP leaves to the upstream border router between the two multicast domains. You must specify the VLANs on which the proxy is enabled as well as the address of the border router to which the joins are forwarded.

How IGMP proxy forwarding works

The following steps illustrate how to flood a flow from the PIM-SM domain into the PIM-DM domain when an IGMP join for that flow occurs in the PIM-DM domain. See Figure 2.

1. Configure Routing Switch 1 with the IGMP proxy forwarding function to forward joins toward Border Router 1; in addition, configure Routing Switch 1 to forward joins from VLAN 1 toward Border Router 2, as is VLAN 4 on Routing Switch 3.

2. Configure VLAN 2 on Routing Switch 2 to forward joins toward Border Router 1.

3. When the host connected in VLAN 1 issues an IGMP join for multicast address 235.1.1.1, the join is proxied by Routing Switch 1 onto VLAN 2 and onto VLAN 4. The routing information table in Routing Switch 1 indicates that the packet to Border Router 1 and Border Router 2 is on VLAN 2 and VLAN 4, respectively.

Figure 2 IGMP proxy example

4. Routing Switch 2 then proxies the IGMP join into VLAN 3, which is connected to Border Router

IGMP proxy forwarding 19

Page 20

5. Border Router 1 uses PIM-SM to find and connect to the multicast traffic for the requested traffic. The traffic is flooded into the PIM-DM network where it is routed to the original joining host.

6. Additionally, the join was proxied from Routing Switch 3 to Border Router 2. At first, both border routers will flood the traffic into the PIM-DM domain. However, PIM-DM only forwards multicasts based on the shortest reverse path back to the source of the traffic as determined by the unicast routing tables (routing FIB.) Only one multicast stream is sent to the joining host. This configuration provides a redundant in case the first fails.

Configuring IGMP proxy (CLI)

For more information on IGMP proxy, see “IGMP general operation and features” (page 7).

Adding or leaving a multicast domain

Syntax:

[no] igmp-proxy-domain <domain-name> [ <border-router-ip-address> | <mcast-range | all> ]

The no form of the command is used to remove a multicast domain. All VLANs associated with the domain must first be removed for this command to

work. See the no form of igmp-proxy in the VLAN context command.

<domain-name>

<border-router-ip-addr>

[ <low-bound-ip-address | all> ]

<high-bound-ip-address>

User-defined name to associate with the PIM border router and multicast range that is being sent toward the border router.

The IP address of the border router toward which IGMP proxy packets are sent. Not required for the no form of the command.

NOTE: The current routing FIB determines the

best path toward the border router and therefore the VLAN that a proxy is sent out on

The low boundary (inclusive) of the multicast address range to associate with this domain (for example, 234.0.0.1.)

If all is selected, the multicast addresses in the range of 224.0.1.0 to 239.255.255.255 are included in this domain.

NOTE: Addresses 224.0.0.0 to 224.0.0.255

are never used, because these addresses are reserved for protocols.

The high boundary (inclusive) of the multicast address range to associate with this domain (for example, 236.1.1.1.)

Example 10 shows the IGMP proxy border IP addrses (111.11.111.111) being configured.

Example 10 IGMP proxy border IP address command

HP Switch(config)# igmp-proxy-domain Bob 111.11.111.111

Example 11 shows the lower and upper boundaries of the multicast address range associated with

the domain named Bob.

20 Multimedia Traffic Control with IP Multicast (IGMP)

Page 21

Example 11 Setting the lower and upper bounds for multicasting

HP Switch(config)# igmp-proxy-domain Bob 111.11.111.111 234.0.0.1 HP Switch(config)# igmp-proxy-domain Bob 111.11.111.111 236.1.1.1

VLAN context command

This command is performed when in VLAN context mode. When a query occurs on the upstream interface, an IGMP join is sent for all multicast addresses that are currently joined on the downstream interface.

Syntax:

[no] igmp-proxy <domain-name> Tells the VLAN which IGMP proxy domains to use with joins on the VLAN. The no version of the command with no domain name specified removes all domains

associated with this VLAN. Note that multiple different domains may be configured in the same VLAN context

where the VLAN is considered the downstream interface. The domain name must exist prior to using this command to add the domain.

NOTE: If the unicast routing path to the specified IP address was through the

specified VLAN, no proxy IGMP would occur, that is, a proxy is not sent back out on the VLAN that the IGMP join came in on.

If no unicast route exists to the border router, no proxy IGMP packets are sent.

IGMP proxy show command

Syntax:

show igmp-proxy <entries | domains | vlans>

Shows the currently active IGMP proxy entries, domains, or VLANs.

IGMP proxy forwarding 21

Page 22

Example 12 Showing active IGMP proxy entries

HP Switch(config)# show igmp-proxy entries

Total number of multicast routes: 2

Multicast Address Border Address VID Multicast Domain

----------------- -------------- ----- ------

234.43.209.12 192.168.1.1 1 George

235.22.22.12 15.43.209.1 1 SAM

226.44.3.3 192.168.1.1 2 George

Example 13 Showing IGMP proxy domains

HP Switch(config)# show igmp-proxy domains

Total number of multicast domains: 5

Multicast Domain Multicast Range Border Address Active entries

---------------- ----------------------- -------------- --------------

George 225.1.1.1/234.43.209.12 192.168.1.1 2 SAM 235.0.0.0/239.1.1.1 15.43.209.1 1 Jane 236.234.1.1/236.235.1.1 192.160.1.2 0 Bill ALL 15.43.209.1 0

Example 14 Showing active IGMP proxy VLANs

HP Switch(config)# show igmp-proxy vlans

IGMP PROXY VLANs

VID Multicast Domain Active entries

------ ---------------- --------------

1 George 1 1 Sam 1 1 Jane 0 2 George 1 4 George 0 4 Bill 0

Operating notes for IGMP proxy forwarding

• You can configure up to 12 multicast domains, which indicate a range of multicast addresses

and the IP address of the PIM-SM/PIM-DM border router.

• You must give each domain a unique name, up to 20 characters.

• The domains may have overlapping multicast ranges.

• The IP address of the border router may be the same or different in each configured domain.

• Duplicate IGMP joins are automatically prevented, or leaves that would remove a flow currently

joined by multiple hosts.

• Range overlap allows for redundant connectivity and the ability for multicasts to arrive from

different border routers based on the shortest path back to the source of the traffic.

• The configured domain names must be associated with one or more VLANs for which the

proxy joins are to be done.

• All routers in the path between the edge router receiving the initial IGMP packets and the

border router have to be configured to forward IGMP using IGMP proxy.

• All upstream and downstream interfaces using IGMP proxy forwarding require IGMP and PIM

to be enabled.

22 Multimedia Traffic Control with IP Multicast (IGMP)

Page 23

• You must remove all VLAN associations with the domain name before that domain name can

be removed.

• The appropriate border routers must be used for each VLAN, or PIM-DM will not forward the

traffic. This could occur when multiple border routers exist. It may be necessary to configure multiple overlapping domains if the multicast source address can generate the same multicast address and have different best paths to the PIM-DM domain.

CAUTION: Be careful to avoid configuring a IGMP forward loop, because this would leave the

VLANs in a joined state forever once an initial join is sent from a host. For example, a join is issued from the host in VLAN 2 and Routing Switch 2 will proxy the join onto VLAN 1. Routing Switch 3 will then proxy the join back onto VLAN 2 and increment its internal count of the number of joins on VLAN 2. Even after the host on VLAN 2 issues a leave, the proxy join will continue to remain and refresh itself each time a query occurs on VLAN 2. This type of loop could be created with multiple routers if an IGMP proxy is allowed to get back to the VLAN of the router that initially received the IGMP join from a host; see Figure 3.

Figure 3 Proxy loop scenario

Using the switch as querier

The function of the IGMP Querier is to poll other IGMP-enabled devices in an IGMP-enabled VLAN to elicit group membership information. The switch performs this function if there is no other device in the VLAN, such as a multicastrouter, to act as Querier. Although the switch automatically ceases Querier operation in an IGMP-enabled VLAN if it detects another Querier on the VLAN, you can also use the switch's CLI to disable the Querier capability for that VLAN.

NOTE: A Querier is required for proper IGMP operation. For this reason, if you disable the

Querier function on a switch, ensure that there is an IGMP Querier (and, preferably, a backup Querier) available on the same VLAN.

Using the switch as querier 23

Page 24

If the switch becomes the Querier for a particular VLAN (for example, the DEFAULT_VLAN), then subsequently detects queries transmitted from another device on the same VLAN, the switch ceases to operate as the Querier for that VLAN. If this occurs, the switch Event Log lists a pair of messages similar to these:

I 01/15/12 09:01:13 igmp: DEFAULT_VLAN: Other Querier detected I 01/15/12 09:01:13 igmp: DEFAULT_VLAN: This switch is no longer Querier

In the above scenario, if the other device ceases to operate as a Querier on the default VLAN, the switch detects this change and can become the Querier as long as it is not pre-empted by some other IGMP Querier on the VLAN. In this case, the switch Event Log lists messages similar to the following to indicate that the switch has become the Querier on the VLAN:

I 01/15/12 09:21:55 igmp: DEFAULT_VLAN: Querier Election in process I 01/15/12 09:22:00 igmp: DEFAULT_VLAN: This switch has been elected as Querier

Well-known or reserved multicast addresses excluded from IP multicast filtering

Each multicast host group is identified by a single IP address in the range of 224.0.0.0 through

239.255.255.255. Specific groups of consecutive addresses in this range are termed "well-known"

addresses and are reserved for predefined host groups. IGMP does not filter these addresses, so any packets the switch receives for such addresses are flooded out all ports assigned to the VLAN on which they were received (except the port on which the packets entered the VLAN.)

Table 2 lists the 32 well-known address groups (8192 total addresses) that IGMP does not filter

on.

Table 2 IP multicast address groups excluded from IGMP filtering

Groups of consecutive addresses in the range of

224.0.0.X to 239.0.0.X

X is any value from 0 to 255.

IP multicast filters

NOTE: This operation applies to the HP Series 5400zl switches, the Series 3500yl switches, the

switch 6200yl, the switch 8212zl, the Series 5300xl switches, as well as the 1600M, 2400M, 2424M, 4000M, and 8000M, but not to the Series 2500, 2650, Series 4100gl, Series 4200vl, or 6108 switches (which do not have static traffic/security filters.)

Groups of consecutive addresses in the range of 224.128.0.X

to 239.128.0.X

232.128.0.x224.128.0.x232.0.0.x224.0.0.x

233.128.0.x225.128.0.x233.0.0.x225.0.0.x

234.128.0.x226.128.0.x234.0.0.x226.0.0.x

235.128.0.x227.128.0.x235.0.0.x227.0.0.x

236.128.0.x228.128.0.x236.0.0.x228.0.0.x

237.128.0.x229.128.0.x237.0.0.x229.0.0.x

238.128.0.x230.128.0.x238.0.0.x230.0.0.x

239.128.0.x231.128.0.x239.0.0.x231.0.0.x

IP multicast addresses occur in the range from 224.0.0.0 through 239.255.255.255 (which corresponds to the ethernet multicast address range of 01005e-000000 through 01005e-7fffff.) Where a switch has a static traffic/security filter configured with a "multicast" filter type and a

24 Multimedia Traffic Control with IP Multicast (IGMP)

Page 25

"multicast address" in this range, the switch will use the static filter unless IGMP learns of a multicast group destination in this range. In this case, IGMP dynamically takes over the filtering function for the multicast destination addresses for as long as the IGMP group is active. If the IGMP group subsequently deactivates, the switch returns filtering control to the static filter.

Reserved addresses excluded from IP multicast filtering

Traffic to IP multicast groups in the IP address range of 224.0.0.0 to 224.0.0.255 will always be flooded because addresses in this range are "well known" or "reserved" addresses. Thus, if IP multicast is enabled, and there is an IP multicast group within the reserved address range, traffic to that group will be flooded instead of filtered by the switch.

IP multicast filters 25

Page 26

2 Multimedia Traffic Control with IP Multicast (IGMP) v2

IGMP V2 NG Overview

IGMP, after being re-architected, is referred to as IGMP v2 NG, the next generation of IGMP version 2. IGMP v2 NG is based on the existing working Multicast Listener Discovery (MLD) code base and an event-driven architecture which enable easy enhancement and maintenance of the code. IGMP v2 NG uses Multicast Traffic Manager (MTM) to program hardware filters and MAC address.

The syslog hostname configuration is system-wide, not per syslog server.

Features overview

IGMP V2 NG supports both existing features in legacy IGMP and new features in IGMP v2 NG:

• Existing features in legacy IGMP:

◦ IGMP version 1 support

◦ IGMP version 2 support

◦ IGMP proxy

◦ IGMP flooding

◦ IGMP Delayed Flush

◦ Snooping functionality

◦ PIM Interactions

• New features in IGMP v2 NG:

◦ Static multicast group support (user configurable flood groups)

◦ IGMP v2 standard MIB

◦ Decoupling of IGMP proxy

◦ IGMP topology change handling

◦ Improved show commands

◦ Fast data structures

◦ MTM for Hardware interaction

◦ Packet throttling

IGMP Context Commands

These CLI commands allow the user to configure IGMP.

Enabling delayed flush on IGMP

Enables and configures delayed flush timeout value (in secs) for the igmp for all VLANs. To disable delayed flush on all VLANs, set this value to 0. (Default: 0).

26 Multimedia Traffic Control with IP Multicast (IGMP) v2 NG

Page 27

Syntax:

igmp delayed-flush <0-255>

Configuring Fast-Learn IGMP

Enables the fast learn feature globally. The no form of the command disables the fast learn feature. This command is independent of interface context fast-learn command and only one command will be exposed to the user. By default, this feature is disabled on all ports. hpicfIgmpMcastPortFastLearn is the Mib variable defined for this command.

Syntax:

[no] igmp fastlearn <port-list>

VLAN Context Commands

Any of the VLAN context commands implicitly adds a row to IgmpInterfaceTable for this VLAN if this row is missing in the table (with createAndGo for ip igmp, and createAndWait for all other commands).

Enabling or Disabling IGMP on a VLAN

Enables IGMP on a VLAN. This command must be executed in a VLAN context.

Syntax:

[no] vlan <vid> ip igmp

Configuring the Querier Function

Disables or re-enables the ability for the switch to become a querier if necessary. When changing to querier, a time delay of up to 32 seconds may occur. When no IP is assigned, the IP source address of 0.0.0.0 is used for both static (self-joined) groups and proxy queries. The no form of the command disables the querier function on the switch. The show ip igmp config command displays the current querier command. (Default Querier Capability: Enabled.)

Syntax:

[no] vlan <vid> ip igmp

Configuring the IGMP Query Interval

Configures the query interval. Time range is 5 to 300 seconds, the default value is 125 seconds.

Syntax:

vlan <vid> ip igmp query interval <Query-interval time>

Configuring Per-Port IGMP Traffic Filters

Used in the VLAN context, this command specifies how each port should handle IGMP traffic. (Default: auto.)

NOTE: All incoming and outgoing multicast data traffic is blocked on these blocked ports including

the incoming query and reports, however, the outgoing General queries are not blocked on these ports.

Syntax:

vlan <vid> ip igmp [auto <port-list> | blocked <port-list> | forward <port-list>]

IGMP V2 NG Overview 27

Page 28

Configuring Fast-Leave IGMP

Enables igmp fast-leaves on the specified ports in the selected VLAN. The no form of the command disables igmp fast-leave on the specified ports in the selected VLAN. (Default: Enabled.)

Syntax:

[no] vlan <vid> ip igmp fastleave <port-list>

Configuring Forced Fast-Leave IGMP

Enables IGMP Forced Fast-Leave on the specified ports in the selected VLAN, even if they are cascaded. (Default: Disabled.) The no form of the command disables Forced Fast-Leave on the specified ports in the selected VLAN.

Syntax:

[no] vlan <vid> ip igmp forcedfastleave <port-list>

Configuring Static Multicast Groups

Creates the IGMP static group <group-address> on the selected VLAN. The no form of the command deletes the static group from the selected VLAN.

Syntax:

[no] vlan <vid> ip igmp static-group <group-address>

Show Commands

These CLI commands allow the user to configure IGMP.

Viewing the current IGMP configuration and status

Syntax:

show ip igmp [vlan <vid>]

Displays IGMP status for all VLANs with IGMP enabled on the switch unless a specified VLAN has been given.

Example: show ip igmp

IGMP Service Protocol Info Total VLAN’s with IGMP enabled: 33 Current count of Multicast groups joined: 21 VLAN ID: 1 VLAN Name: DEFAULT_VLAN IGMP Version: 2 Querier Address [this switch]: 10.0.102.221 Querier Up Time: 1hr 53min 2sec Querier Expiry Time: 2min 1sec Ports with multicast routers: A1, A3-A5 Active Group Addresses |Type| Expires | Ports | Reports | queries |

--------------------------------+----+--------------------------------

xxx.xxx.xxx.xxx |filt| 1min 2sec | A1 | 20 | 20 | xxx.xxx.xxx.xxx |std | 3min 2sec | all xxx.xxx.xxx.xxx |filt| 23min 3sec | A1-B3, C4 | 20 | 20 | xxx.xxx.xxx.xxx |filt| 23min 10sec| A1,B2,C5 | 20 | 20 | xxx.xxx.xxx.xxx |filt| 2min 5sec | F22 | 20 | 20 | xxx.xxx.xxx.xxx |stat| 0min 0sec | all | 20 | 20 |

Active Group Addresses |Type| Expires | Ports

----------------------------+----+--------------------------------

xxx.xxx.xxx.xxx |filt| 1min 2sec | A1

28 Multimedia Traffic Control with IP Multicast (IGMP) v2 NG

Page 29

VLAN ID: 200 VLAN Name: client vlan IGMP Version: 2 Querier Address: 10.0.102.204 Querier Port: 4 <only displayed when not querier> Querier Up Time: 1hr 53min 2sec Querier Expiry Time: 2min 1sec Ports with multicast routers: A1, A3-A5

Active Group Addresses |Type| Expires | Ports

show ip igmp vlan 200

IGMP Service Protocol Info Total VLAN’s with IGMP enabled: 33 Current count of Multicast groups joined: 21 VLAN ID: 200 VLAN Name: client vlan IGMP Version: 2 Querier Address: 10.0.102.204 Querier Port: 4 <only displayed when not querier> Querier Up Time: 1hr 53min 2sec Querier Expiry Time: 2min 1sec Ports with multicast routers: A1, A3-A5 Active Group Addresses |Type| Expires | Ports

Syntax:

show ip igmp config

Global command listing IGMP status for all VLANs configured in the switch.

-------+--------------------------------+-----------+---------------------1 |DEFAULT_VLAN |No |Yes | 125 | 200 |client vlan |Yes |No | 125 | 300 |Data Centre |Yes |Yes | 125 |

Syntax:

show ip igmp vlan <vlan> config

IGMP V2 NG Overview 29

Page 30

Displays IGMP configuration for a specific VLAN on the switch, including per-port data.

IGMP Service Vlan Config VLAN ID: 300 VLAN NAME: VLAN300 IGMP Enabled [No]: Yes Querier Allowed [Yes]: Yes Port| Type | Port Mode | Forced Fast Leave | Fast Leave----+---------------+

----------+-------------------+-----------------

5 |100/1000T | Auto | No | Yes 6 |100/1000T | Forward | No | Yes 8 |100/1000T | Blocked | Yes | No (all ports on vlan shown)

Syntax:

show ip igmp vlan <vid> group [<ip-addr>]

Lists the ports currently joined for a specified group, with port type, port mode, Age Timer data and Leave Timer data. If the group is not specified, all groups are shown.

Example: Filtered group

IGMP Service Protocol Group Info VLAN ID: 300 VLAN NAME: VLAN300 Filtered Group Address: xxx.xxx.xxx.xxx Last Reporter: xxx.xxx.xxx.xxx Up Time: 4 hr 4 min 2 sec Port| Port Type | Port Mode | Expires | Access

----+---------------+ ----------+-------------------------------------------

----+---------------+ ----------+------------------------------------------------------------

Example: Standard group

IGMP Service Protocol Group Info Standard Group Address: xxx.xxx.xxx.xxx Last Reporter: xxx.xxx.xxx.xxx Expiry Time: 2min 10 sec Up Time: 4 hr 4 min 2 sec

Example: Static group

IGMP Service Protocol Group Info Static Group Address: xxx.xxx.xxx.xxx Last Reporter: xxx.xxx.xxx.xxx /*<if joined groups are there else null>*/ Expiry Time: 0min 0sec Up Time: 4 hr 0 min 0 sec

Syntax:

show ip igmp groups

Displays IGMP group address information.

VLAN ID Group Address Expires UpTime Last Reporter | Type

30 Multimedia Traffic Control with IP Multicast (IGMP) v2 NG

Page 31

------- ------------- --------------- --------------- --------------- + -----2 226.0.6.7 0h 2m 58s 1h 13m 4s 192.168.0.2 | Filter 2 226.0.6.8 0h 2m 58s 1h 13m 4s 192.168.0.2 | Standard 2 226.0.6.9 0h 2m 58s 1h 13m 4s 192.168.0.2 | Static

Statistics and State commands

Syntax:

show ip igmp statistics

Displays IGMP high level statistics for all VLANs on the switch.

-------+----------------+------+----------+----------+--------+ 1 |DEFAULT_VLAN | 52 | 50 | 0 | 2 | 300 |Office Client | 80 | 75 | 5 | 0 | 300 |Data Center | 1100 | 1000 | 99 | 1 |

Syntax:

show ip igmp vlan <vid> statistics

Displays IGMP high level statistics for < vid > VLAN on the switch.

VLAN ID : 2 VLAN NAME : VLAN2 Number of Filtered Groups : 20 Number of Standard Groups : 0 Number of Static Groups : ……2 Total Multicast Groups Joined : 22

Syntax:

show ip igmp vlan <vid> counters

Displays IGMP historical counters for <vid> VLAN on the switch.

IGMP Service Vlan Counters VLAN ID: 300 VLAN NAME : VLAN300

General Query Recd : 0 General Query Tx : 0 Group Specific Query Recd : 0 Group Specific Query Tx : 0 V1 Member Report Recd : 0 V2 Member Report Recd : 0 V3 Member Report Recd : 0 Leave Recd : 0 Unknown IGMP Type Recd : 0 Unknown Pkt Recd : 0 Forward to Routers TX Counter : 0 Forward to Vlan TX Counter : 0 Port Fast Leave Counter : 0 Port Forced Fast Leave Counter : 0 Port Membership Timeout Counter : 0

IGMP V2 NG Overview 31

Page 32

Help function commands

Syntax:

show igmp delayed-flush

Shows switch-wide IGMP delayed flush value.

Output:

IGMP Delayed Group Flush Timer: Disabled

Syntax:

show igmp filter-unknown-mcast

Shows switch-wide IGMP filter unknown multicast value.

Output:

IGMP Filter Unknown Multicast: Disabled IGMP Filter Unknown Multicast Status: Disabled

Syntax:

show ip igmp

Usage:

show ip igmp [config|group IP-ADDR|groups vlan <VLAN-ID>|statistics|VLAN-

Invoked without any parameters, shows per-VLAN IGMP status, or, if VLANs are disabled displays the global IGMP status.

When followed by the config keyword, shows IGMP global configuration information.

When followed by statistics keyword shows igmp statistical information. VLAN-ID can be used to get operational, statistical, and configuration information

for a particular VLAN (if VLAN support is enabled). The group keyword can be used to show a list of ports where a particular multicast

group is registered. The group keyword can be used to show VLAN-ID, group address, uptime,

expiration time, last reporter and hardware filter type information for each group. When followed by VLAN keyword and VLAN-ID, it displays the VLAN group

address, uptime, expiration time, last reporter and multicast filter type for groups that belong to that VLAN-ID.

Output:

IGMP Service Protocol Info

Total VLANs with IGMP enabled : 0 Current count of multicast groups joined : 0

IGMP Filter Unknown Multicast: Disabled IGMP Filter Unknown Multicast Status: Disabled

VLAN ID : 1 VLAN Name : DEFAULT_VLAN IGMP version : 2 IGMP is not enabled

32 Multimedia Traffic Control with IP Multicast (IGMP) v2 NG

Page 33

Syntax:

show ip igmp groups

Shows VLAN-ID, uptime, expiration time, multicast filter type.

Output:

IGMP Group Address Information

VLAN ID Group Address Expires UpTime Last Reporter | Type

------- ------------- --------- -------- --------------- + -----

Syntax:

show ip igmp config

Shows IGMP configuration information.

Output:

IGMP Service Config

Control unknown multicast [Yes] : Yes Forced fast leave timeout [0] : 4 Delayed flush timeout [0] : 0

VLAN ID VLAN Name IGMP Enabled Querier Allowed Querier Interval

------- ------------ ------------ --------------- ---------------1 DEFAULT_VLAN No Yes 125

Syntax:

show ip igmp statistics

Shows IGMP statistical information.

Output:

Total VLANs with IGMP enabled : 0 Current count of multicast groups joined : 0

IGMP Joined Groups Statistics

VLAN ID VLAN Name Total Filtered Standard Static

------- -------------------------------- ------ -------- -------- ----- 1 DEFAULT_VLAN 0 0 0 0

Syntax:

show ip igmp vlan <ID>

Usage:

show ip igmp [config|group IP-ADDR|groups vlan <VLAN-ID>|statistics|VLAN-

Invoked without any parameters, shows per-VLAN IGMP status, or, if VLANs are disabled displays the global IGMP status.

When followed by the config keyword, shows IGMP global configuration information.

When followed by statistics keyword shows igmp statistical information. VLAN-ID can be used to get operational, statistical, and configuration information

for a particular VLAN (if VLAN support is enabled).

Help function commands 33

Page 34

The group keyword can be used to show a list of ports where a particular multicast group is registered.

The group keyword can be used to show VLAN-ID, group address, uptime, expiration time, last reporter and hardware filter type information for each group.

When followed by VLAN keyword and VLAN-ID, it displays the VLAN group address, uptime, expiration time, last reporter and multicast filter type for groups that belong to that VLAN-ID.

Output:

IGMP Service Protocol Info

Total VLANs with IGMP enabled : 0 Current count of multicast groups joined : 0

IGMP Filter Unknown Multicast: Disabled IGMP Filter Unknown Multicast Status: Disabled

VLAN ID : 1 VLAN Name : DEFAULT_VLAN IGMP version : 2 IGMP is not enabled

Syntax:

show ip igmp vlan <ID> group <group-address>

Shows IGMP group information for the specified VLAN.

Output:

IGMP ports and group information for group 239.0.2.1

VLAN ID: 2 Uptime: 0h 0m 47s Last Reporter: 10.20.30.255 Type: Filter

Port Port Type Port Mode Expires Access

------ --------- --------- ------- ---------

A2 1000T Auto 214 host

Syntax:

show ip igmp vlan <ID> config

Shows IGMP configuration information for the specified VLAN.

Output:

IGMP Service VLAN Config

VLAN ID : 1 VLAN Name : DEFAULT_VLAN IGMP Enabled [No] : No

Querier Allowed [Yes] : Yes Querier Interval [125] : 125

Syntax:

show ip igmp vlan <ID> counters

Shows information about IGMP counters for the specified VLAN.

34 Multimedia Traffic Control with IP Multicast (IGMP) v2 NG

Page 35

Output:

IGMP service Vlan counters

VLAN ID : 5 VLAN Name : VLAN5

General Query Rx : 0 General Query Tx : 115 Group Specific Query Rx : 0 Group Specific Query Tx : 0 V1 Member Report Rx : 0 V2 Member Report Rx : 108 V3 Member Report Rx : 0 Leave Rx : 2 Unknown IGMP Type Rx : 0 Unknown Pkt Rx : 0 Forward to Routers Tx Counter : 110 Forward to Vlan Tx Counter : 115 Port Fast Leave Counter : 2 Port Forced Fast Leave Counter : 0 Port Membership Timeout Counter : 0 Leave Forward to Router Tx : 0 Join For Reserved Group Rx : 0 Forward to ISC Port Tx Counter : 0 Leave Without Join Rx : 0 FFL Query Sent Tx Counter : 0 Group Filter To Static Counter : 0 Group Static To Filter Counter : 0 Group Filter To Standard Counter : 0 Group Standard To Filter Counter : 0 Group Standard To Static Counter : 0 Honored Leave V1 Group Counter : 0 Group Notified to PIM Counter : 0 Relinquished Querier Role : 0 Join onRouter Port Counter : 0 Igmp V1 Rx Dropped : 0 Igmp V2 Rx Dropped : 0

Syntax:

show ip igmp vlan <ID> statistics

Shows IGMP statistics information for the specified VLAN.

Output:

IGMP Statistics

VLAN ID : 1 VLAN Name : DEFAULT_VLAN

Number of Filtered Groups : 0 Number of Standard Groups : 0 Number of Static Groups : 0 Total Multicast Groups Joined : 0

Help function commands 35

Page 36

3 IP Routing Features

Overview

The switch offers the following IP routing features:

Up to 256 static routesIP Static routes

RIP (Router Information Protocol)

IRDP (ICMP Router Discovery Protocol)

DHCP Relay

Throughout this chapter, the switches are referred to as "routing switches." When IP routing is enabled on your switch, it behaves just like any other IP router.

Basic IP routing configuration consists of adding IP addresses, enabling IP routing, and enabling a route exchange protocol, such as RIP.

For configuring the IP addresses, see the chapter "Configuring IP Addresses" in the Management and Configuration Guide for your switch. Use the information in this chapter if you need to change some of the IP parameters from their default values or if you want to view configuration information or statistics.

IP interfaces

On the routing switches, IP addresses are associated with individual VLANs. By default, there is a single VLAN (Default_VLAN) on the routing switch. In that configuration, a single IP address serves as the management access address for the entire device. If routing is enabled on the routing switch, the IP address on the single VLAN also acts as the routing interface.

Supports RIP Version 1, Version 1 compatible with Version 2 (default), and Version 2

Advertises the IP addresses of the routing interfaces on this switch to directly attached host systems

Allows you to extend the service range of your DHCP server beyond its single local network segment

Each IP address on a routing switch must be in a different subnet. You can have only one VLAN interface in a given subnet. For example, you can configure IP addresses 192.168.1.1/24 and

192.168.2.1/24 on the same routing switch, but you cannot configure 192.168.1.1/24 and

192.168.1.2/24 on the same routing switch.

You can configure multiple IP addresses on the same VLAN. The number of IP addresses you can configure on an individual VLAN interface is 32. You can use any of the IP addresses you configure on the routing switch for Telnet, Web

management, or SNMP access, as well as for routing.

NOTE: All HP devices support configuration and display of IP address in classical subnet format

(example: 192.168.1.1 255.255.255.0) and Classless Interdomain Routing (CIDR) format (example:

192.168.1.1/24.) You can use either format when configuring IP address information. IP addresses

are displayed in classical subnet format only.

IP tables and caches

ARP cache table

The ARP cache contains entries that map IP addresses to MAC addresses. Generally, the entries are for devices that are directly attached to the routing switch.

An exception is an ARP entry for an interface-based static route that goes to a destination that is one or more router hops away. For this type of entry, the MAC address is either the destination

36 IP Routing Features

Page 37

device's MAC address or the MAC address of the router interface that answered an ARP request on behalf of the device, using proxy ARP.

ARP cache

The ARP cache contains dynamic (learned) entries. The software places a dynamic entry in the ARP cache when the routing switch learns a device's MAC address from an ARP request or ARP reply from the device.

The software can learn an entry when the switch or routing switch receives an ARP request from another IP forwarding device or an ARP reply. Here is an example of a dynamic entry:

Example 15 ARP cache dynamic entry

IP Address MAC Address Type Port 1 207.95.6.102 0800.5afc.ea21 Dynamic 6

Each entry contains the destination device's IP address and MAC address.

To configure other ARP parameters, see “Configuring ARP parameters” (page 42).

IP route table

The IP route table contains routing paths to IP destinations.

NOTE: The default gateway, which you specify when you configure the basic IP information on

the switch, is used only when routing is not enabled on the switch.

Routing paths

The IP route table can receive the routing paths from the following sources:

• Directly-connected destination, which means there are no router hops to the destination

• Static IP route, which is a user-configured route

• Route learned through RIP

Administrative distance

The IP route table contains the best path to a destination. When the software receives paths from more than one of the sources listed above, the software compares the administrative distance of each path and selects the path with the lowest administrative distance. The administrative distance is a protocol-independent value from 1 to 255.

The IP route table is displayed by entering the show ip route command from any context level in the console CLI. Here is an example of an entry in the IP route table:

Example 16 IP route table entry

Destination Gateway VLAN Type Sub-Type Metric Dist.

-------------- ----------- ----- --------- ---------- -------- ----

10.10.10.1/32 10.10.12.1 connected 1 0

Each IP route table entry contains the destination's IP address and subnet mask and the IP address of the next-hop router interface to the destination. Each entry also indicates route type, and for OSPF routes, the subtype, and the route's IP metric (cost.) The type indicates how the IP route table received the route.

To configure a static IP route, see “Configuring a static IP route” (page 47).

IP forwarding cache

The IP forwarding cache provides a fast-path mechanism for forwarding IP packets. The cache contains entries for IP destinations. When an HP routing switch has completed processing and

Overview 37

Page 38

addressing for a packet and is ready to forward the packet, the device checks the IP forwarding cache for an entry to the packet's destination.

• If the cache contains an entry with the destination IP address, the device uses the information

in the entry to forward the packet out the ports listed in the entry. The destination IP address is the address of the packet's final destination. The port numbers are the ports through which the destination can be reached.

• If the cache does not contain an entry, the software can create an entry in the forwarding

cache.

Each entry in the IP forwarding cache has an age timer. The age interval depends on the number of entries in the table. The age timer ranges from 12 seconds (full table) to 36 seconds (empty table.) Entries are aged only if they are not being used by traffic. If you have an entry that is always being used in hardware, it will never age. If there is no traffic, it will age in 12 to 36 seconds. The age timer is not configurable.

NOTE: You cannot add static entries to the IP forwarding cache.

IP route exchange protocols

The switch supports the RIP IP route exchange protocol. This protocol provides routes to the IP route table and is disabled by default. For configuration

information, see “Configuring RIP parameters” (page 52).

IP global parameters for routing switches

Table 3 lists the IP global parameters and the page where you can find more information about

each parameter.

Table 3 IP global parameters for routing switches

Address Resolution Protocol (ARP)

ARP age

that routers use to learn the MAC address of a device on the network. The router sends the IP address of a device in the ARP request and receives the device's MAC address in an ARP reply.

device keeps a MAC address learned through ARP in the device's ARP cache. The device resets the timer to zero each time the ARP entry is refreshed and removes the entry if the timer reaches the ARP age. (Can be set using the menu interface to be as long as 1440 minutes. Go to Menu

> Switch Configuration > IP Config.)

See “ARP age timer”

(page 40).

See pageDefaultDescriptionParameter

42EnabledA standard IP mechanism

N/AFive minutesThe amount of time the

Time to Live (TTL)

38 IP Routing Features

routers (hops) through which

64 hopsThe maximum number of

See the chapter "Configuring IP Addressing"

Page 39

Table 3 IP global parameters for routing switches (continued)

See pageDefaultDescriptionParameter

Directed broadcast forwarding

ICMP Router Discovery Protocol (IRDP)

a packet can pass before being discarded. Each router decreases a packet's TTL by 1 before forwarding the packet. If decreasing the TTL causes the TTL to be 0, the router drops the packet instead of forwarding it.

packet containing all ones (or in some cases, all zeros) in the host portion of the destination IP address. When a router forwards such a broadcast, it sends a copy of the packet out each of its enabled IP interfaces.

NOTE: You also can

enable or disable this parameter on an individual interface basis. See Table 4

(page 41).

can use to advertise the IP addresses of its router interfaces to directly attached hosts. You can enable or disable the protocol at the Global CLI Config level.

You also can enable or disable IRDP and configure the following protocol parameters on an individual VLAN interface basis at the VLAN Interface CLI Config level.

• Forwarding method

(broadcast or multicast)

• Hold time

• Maximum advertisement

interval

• Minimum advertisement

interval

• Router preference level

in the Management and Configuration Guide.

43DisabledA directed broadcast is a

60DisabledAn IP protocol that a router 61

Static route

Default network route

46No entriesAn IP route you place in the

IP route table.

48None configuredThe router uses the default

network route if the IP route table does not contain a route to the destination. Enter an explicit default route (0.0.0.0 0.0.0.0 or

0.0.0.0/0) as a static route in the IP route table.

Overview 39

Page 40

ARP age timer

The ARP age is the amount of time the switch keeps a MAC address learned through ARP in the ARP cache. The switch resets the timer to zero each time the ARP entry is refreshed and removes the entry if the timer reaches the ARP age. For more information on ARP, see “IP tables and caches”

(page 36).

You can increase the ARP age timeout maximum to 24 hours or more with this command:

Syntax:

Example 17 Setting the ARP age timeout to 1000 minutes

HP Switch(config)# ip arp-age 1000

[no] ip arp-age <[1...1440]|infinite> Allows the ARP age to be set from 1 to 1440 minutes (24 hours.) If the option infinite is configured, the internal ARP age timeout is set to

99,999,999 seconds (approximately 3.2 years.) An arp-age value of 0 (zero) is stored in the configuration file to indicate that infinite has been configured. This value also displays with the show commands and in the menu display (Menu > Switch Configuration > IP Config.)

Default: 20 minutes

To view the value of ARP age timer, enter the show ip command. The Arp Age time value is shown in bold in Example 18.

Example 18 The show ip command displaying ARP age

HP Switch(config)# show ip

Internet (IP) Service

IP Routing : Disabled

Default Gateway : 15.255.120.1 Default TTL : 64

Arp Age : 1000

Domain Suffix : DNS server :

VLAN | IP Config IP Address Subnet Mask Proxy ARP

-------------------- + ---------- --------------- --------------- -------- DEFAULT_VLAN | Manual 15.255.111.13 255.255.248.0 No

You can also view the value of the ARP age timer in the configuration file. The ip arp-age 1000 value is shown in bold in Example 19.

40 IP Routing Features

Page 41

Example 19 The ip arp-age value in the running config file

HP Switch(config)# show running-config

Running configuration:

; J9627A Configuration Editor; Created on release #XX.15.XX ; Ver #01:01:00

hostname "Switch" savepower led mirror-port 7 stack commander "TEST_STACK" stack member 1 mac-address 0024A8D13A40

ip arp-age 100

vlan 1 name "DEFAULT_VLAN" untagged 1-28 ip address dhcp-bootp exit vlan 222 name "VLAN222" no ip address exit snmp-server community "public" unrestricted snmp-server host 16.181.51.82 community "public"

You can set or display the arp-age value using the menu interface (Menu > Switch Configuration > IP Config).

Example 20 The Menu interface displaying the ARP Age value

===========================- TELNET - MANAGER MODE ====================== Switch Configuration - Internet (IP) Service

IP Routing : Disabled

Default Gateway : 15.255.120.1 Default TTL : 64

Arp Age : 1000

IP Config [Manual] : Manual

IP Address : 15.255.111.11 Subnet Mask : 255.255.248.0

Actions-> Cancel Edit Save Help

IP interface parameters for routing switches

Table 4 lists the interface-level IP parameters for routing switches.

Table 4 IP interface parameters — routing switches

IP address

Metric

address; separate IP addresses on individual VLAN interfaces.

adds to RIP routes learned on the interface. This

See pageDefaultDescriptionParameter

None configuredA Layer 3 network interface

521 (one)A numeric cost the router

Overview 41

Page 42

Table 4 IP interface parameters — routing switches (continued)

parameter applies only to RIP routes.

See pageDefaultDescriptionParameter

ICMP Router Discovery Protocol (IRDP)

IP helper address

See the chapter "Configuring IP Addressing" in the Management and Configuration Guide for your switch.

IRDP settings. See Table 3

(page 38) for global IRDP

information.

application server (such as a BootP or DHCP server) or a directed broadcast address. IP helper addresses allow the routing switch to forward requests for certain UDP applications from a client on one subnet to a server on another subnet.

Configuring IP parameters for routing switches

The following sections describe how to configure IP parameters. Some parameters can be configured globally while others can be configured on individual VLAN interfaces. Some parameters can be configured globally and overridden for individual VLAN interfaces.

NOTE: For IP configuration information when routing is not enabled, see the chapter "Configuring

IP Addressing" in the Management and Configuration Guide for your routing switch.

61DisabledLocally overrides the global

64None configuredThe IP address of a UDP

Configuring ARP parameters

ARP is a standard IP protocol that enables an IP routing switch to obtain the MAC address of another device's interface when the routing switch knows the IP address of the interface. ARP is enabled by default and cannot be disabled.

How ARP works

A routing switch needs to know a destination's MAC address when forwarding traffic, because the routing switch encapsulates the IP packet in a Layer 2 packet (MAC layer packet) and sends the Layer 2 packet to a MAC interface on a device directly attached to the routing switch. The device can be the packet's final destination or the next-hop router toward the destination.

The routing switch encapsulates IP packets in Layer 2 packets regardless of whether the ultimate destination is locally attached or is multiple router hops away. Since the routing switch's IP route table and IP forwarding cache contain IP address information but not MAC address information, the routing switch cannot forward IP packets based solely on the information in the route table or forwarding cache. The routing switch needs to know the MAC address that corresponds with the IP address of either the packet's locally attached destination or the next-hop router that leads to the destination.

For example, to forward a packet whose destination is multiple router hops away, the routing switch must send the packet to the next-hop router toward its destination, or to a default route or default network route if the IP route table does not contain a route to the packet's destination. In each case, the routing switch must encapsulate the packet and address it to the MAC address of a locally attached device, the next-hop router toward the IP packet's destination.

42 IP Routing Features

Page 43

To obtain the MAC address required for forwarding a datagram, the routing switch does the following:

• First, the routing switch looks in the ARP cache (not the static ARP table) for an entry that lists

the MAC address for the IP address. The ARP cache maps IP addresses to MAC addresses. The cache also lists the port attached to the device and, if the entry is dynamic, the age of the entry. A dynamic ARP entry enters the cache when the routing switch receives an ARP reply or receives an ARP request (which contains the sender's IP address and MAC address.) A static entry enters the ARP cache from the static ARP table (which is a separate table) when the interface for the entry comes up.

To ensure the accuracy of the ARP cache, each dynamic entry has its own age timer. The timer is reset to zero each time the routing switch receives an ARP reply or ARP request containing the IP address and MAC address of the entry. If a dynamic entry reaches its maximum allowable age, the entry times out and the software removes the entry from the table. Static entries do not age-out and can be removed only by you.

• If the ARP cache does not contain an entry for the destination IP address, the routing switch

broadcasts an ARP request out all of its IP interfaces. The ARP request contains the IP address of the destination. If the device with the IP address is directly attached to the routing switch, the device sends an ARP response containing its MAC address. The response is a unicast packet addressed directly to the routing switch. The routing switch places the information from the ARP response into the ARP cache.

ARP requests contain the IP address and MAC address of the sender, so all devices that receive the request learn the MAC address and IP address of the sender and can update their own ARP caches accordingly.

Note that the ARP request broadcast is a MAC broadcast, which means the broadcast goes only to devices that are directly attached to the routing switch. A MAC broadcast is not routed to other networks. However, some routers, including HP routing switches, can be configured to reply to ARP requests from one network on behalf of devices on another network.

NOTE: If the routing switch receives an ARP request packet that it is unable to deliver to the final

destination because of the ARP time-out, and no ARP response is received (the routing switch knows of no route to the destination address), the routing switch sends an ICMP Host Unreachable message to the source.

Configuring forwarding parameters

The following configurable parameters control the forwarding behavior of HP routing switches:

• Time-To-Live (TTL) threshold

The configuration of this parameter is covered in the chapter "Configuring IP Addressing" in the Management and Configuration Guide for your routing switch.

• Forwarding of directed broadcasts

All these parameters are global and thus affect all IP interfaces configured on the routing switch. To configure these parameters, use the procedures in the following sections.

Enabling forwarding of directed broadcasts

A directed broadcast is an IP broadcast to all devices within a single directly-attached network or subnet. A net-directed broadcast goes to all devices on a given network. A subnet-directed broadcast goes to all devices within a given subnet.

NOTE: A less common type, the all-subnets broadcast, goes to all directly-attached subnets.

Forwarding for this broadcast type also is supported, but most networks use IP multicasting instead of all-subnet broadcasting.

Configuring IP parameters for routing switches 43

Page 44

Forwarding for all types of IP directed broadcasts is disabled by default. You can enable forwarding for all types if needed. You cannot enable forwarding for specific broadcast types.

Enabling forwarding of IP directed broadcasts (CLI)

To enable forwarding of IP directed broadcasts, enter the following CLI command:

HP Switch(config)# ip directed-broadcast

Syntax:

[no] ip directed-broadcast HP software makes the forwarding decision based on the routing switch's knowledge

of the destination network prefix. Routers cannot determine that a message is unicast or directed broadcast apart from the destination network prefix. The decision to forward or not forward the message is by definition only possible in the last-hop router.

Disabling the directed broadcasts

To disable the directed broadcasts, enter the following CLI command:

HP Switch(config)# no ip directed-broadcast

Configuring ICMP

You can configure the following ICMP limits:

The maximum number of ICMP replies to send per second.Burst-normal

You can enable or disable ICMP reply rate limiting.Reply limit

Disabling ICMP messages

HP devices are enabled to reply to ICMP echo messages and send ICMP Destination Unreachable messages by default.

You can selectively disable the following types of Internet Control Message Protocol (ICMP) messages:

The routing switch replies to IP pings from other IP devices.Echo messages (ping

messages)

Destination unreachable messages

If the routing switch receives an IP packet that it cannot deliver to its destination, the routing switch discards the packet and sends a message back to the device that sent the packet to the routing switch. The message informs the device that the destination cannot be reached by the routing switch.

You can enable or disable ICMP address mask replies.Address mask replies

Disabling replies to broadcast ping requests

By default, HP devices are enabled to respond to broadcast ICMP echo packets, which are ping requests (for more information, see “Disabling ICMP messages” (page 44)).

To disable response to broadcast ICMP echo packets (ping requests), enter the following command:

HP Switch(config)# no ip icmp echo broadcast-request

Syntax:

[no] ip icmp echo broadcast-request

If you need to re-enable response to ping requests, enter the following command:

HP Switch(config)# ip icmp echo broadcast-request

44 IP Routing Features

Page 45

Disabling ICMP destination unreachable messages

By default, when a HP device receives an IP packet that the device cannot deliver, the device sends an ICMP unreachable message back to the host that sent the packet. The following types of ICMP unreachable messages are generated:

The packet was dropped by the HP device due to a filter or ACL configured on the device.Administration

Fragmentation-needed

Host

Port

Protocol

Source-route-failure

The packet has the "Don't Fragment" bit set in the IP Flag field, but the HP device cannot forward the packet without fragmenting it.

The destination network or subnet of the packet is directly connected to the HP device, but the host specified in the destination IP address of the packet is not on the network.

The HP device cannot reach the network specified in the destination IP address of the packet.Network

The destination host does not have the destination TCP or UDP port specified in the packet. In this case, the host sends the ICMP Port Unreachable message to the HP device, which in turn sends the message to the host that sent the packet.

The TCP or UDP protocol on the destination host is not running. This message is different from the Port Unreachable message, which indicates that the protocol is running on the host but the requested protocol port is unavailable.

The device received a source-routed packet but cannot locate the next-hop IP address indicated in the packet's Source-Route option.

NOTE: Disabling an ICMP Unreachable message type does not change the HP device's ability

to forward packets. Disabling ICMP Unreachable messages prevents the device from generating or forwarding the Unreachable messages.

Disabling all ICMP unreachable messages

To disable all ICMP Unreachable messages, enter the following command:

HP Switch(config)# no ip icmp unreachable

Syntax:

[no] ip icmp unreachable

For more information, see “Disabling ICMP destination unreachable messages” (page 45).

Disabling ICMP redirects

You can disable ICMP redirects on the HP routing switch only on a global basis, for all the routing-switch interfaces.

To disable ICMP redirects globally, enter the following command at the global CONFIG level of the CLI:

HP Switch(config)# no ip icmp redirects

Syntax:

[no] ip icmp redirects

Configuring static IP routes

This feature enables you to create static routes (and null routes) by adding such routes directly to the route table. This section describes how to add static and null routes to the IP route table.

Configuring static IP routes 45

Page 46

Static route types

You can configure the following types of static IP routes:

Standard

Null (discard)

The static route consists of a destination network address or host, a corresponding network mask, and the IP address of the next-hop IP address.

The null route consists of the destination network address or host, a corresponding network mask, and either the reject or blackhole keyword. Typically, the null route is configured as a backup route for discarding traffic if the primary route is unavailable. By default, when IP routing is enabled, a route for the 127.0.0.0/8 network is created to the null interface. Traffic to this interface is rejected (dropped).

This route is for all traffic to the "loopback" network, with the single exception of traffic to the host address of the switch's loopback interface (127.0.0.1/32.) “Displaying the currently configured

static routes” (page 48) shows the default null route entry in the switch's routing table.

NOTE: On a single routing switch you can create one null route to a given destination. Multiple

null routes to the same destination are not supported.

Other sources of routes in the routing table

The IP route table can also receive routes from the following sources:

• Directly connected networks: One route is created per IP interface. When you add an IP

interface, the routing switch automatically creates a route for the network the interface is in.

• RIP: If RIP is enabled, the routing switch can learn about routes from the advertisements other

RIP routers send to the routing switch. If the RIP route has a lower administrative distance than any other routes from different sources to the same destination, the routing switch places the route in the IP route table. See “Administrative distance” (page 37).

• Default route: This is a specific static route that the routing switch uses if other routes to the

destination are not available. See “Configuring the default route” (page 48).

Static IP route parameters

When you configure a static IP route, you must specify the following parameters:

• The IP address and network mask for the route's destination network or host.

• The route's path, which can be one of the following:

IP address of a next-hop router.•

• "Null" interface; the routing switch drops traffic forwarded to the null interface.

The routing switch also applies default values for the route's administrative distance (“Administrative

distance” (page 37)). In the case of static routes, this is the value the routing switch uses to compare

a static route to routes from other route sources to the same destination before placing a route in the IP route table.

The default administrative distance for static IP routes is 1, but can be configured to any value from 1 to 255.

The fixed administrative distance values ensure that the routing switch always prefers static IP routes over routes from other sources to the same destination.

Static route states follow VLAN states

IP static routes remain in the IP route table only so long as the IP interface to the next-hop router is up. If the next-hop interface goes down, the software removes the static route from the IP route table. If the next-hop interface comes up again, the software adds the route back to the route table.

This feature allows the routing switch to adjust to changes in network topology.

46 IP Routing Features

Page 47

The routing switch does not continue trying to use routes on unreachable paths, but instead uses routes only when their paths are reachable.

For example, the following command configures a static route to 207.95.7.0 (with a network mask of 255.255.255.0), using 207.95.6.157 as the next-hop router's IP address:

HP Switch(config)# ip route 207.95.7.0/24 207.95.6.15

A static IP route specifies the route's destination address and the next-hop router's IP address or routing switch interface through which the routing switch can reach the destination. (The route is added to the routing switch's IP route table.)

In the above example, routing switch "A" knows that 207.95.6.157 is reachable through port A2, and assumes that local interfaces within that subnet are on the same port. Routing switch "A" deduces that IP interface 207.95.7.188 is also on port A2. The software automatically removes a static route from the route table if the next-hop VLAN used by that route becomes unavailable. When the VLAN becomes available again, the software automatically re-adds the route to the route table.

Configuring a static IP route

Configure a static route to a specific network or host addressStatic route

Configure a "null" route to discard IP traffic to a specific network or host address:Null route

• Discard traffic for the destination, with ICMP notification to sender

• Discard traffic for the destination, without ICMP notification to sender

Syntax:

[no]ip route <dest-ip-addr>/<mask-length>

<next-hop-ip-addr|vlan <vlan-id>|reject|blackhole> [metric <metric>] [distance <1-255>] [tag-value <tagval>]

Allows the addition and deletion of static routing table entries. A route entry is identified by a destination (IP address/mask length) and next-hop pair. The next-hop can be either a gateway IP address, a VLAN, or the keyword "reject" or "blackhole".

A gateway IP address does not have to be directly reachable on one of the local subnets. If the gateway address is not directly reachable, the route is added to the routing table as soon as a route to the gateway address is learned.

<dest-ip-addr>/<mask-bits>

next-hop-ip-addr

The route destination and network mask length for the destination IP address. Alternatively, you can enter the mask itself.

For example, you can enter either 10.0.0.0/24 or 10.0.0.0

255.255.255.0 for a route destination of 10.0.0.0

255.255.255.0.

This IP address is the gateway for reaching the destination. The next-hop IP address is not required to be directly reachable on a local subnet. (If the next-hop IP address is not directly reachable, the route will be added to the routing table as soon as a route to this address is learned.)

reject

blackhole

Specifies a null route where IP traffic for the specified destination is discarded and an ICMP error notification is returned to the sender.

Specifies a null route where IP traffic for the specified destination is discarded and no ICMP error notification is returned to the sender.

Configuring static IP routes 47

Page 48

metric

Specifies an integer value that is associated with the route. It is used to compare a static route to routes in the IP route table from other sources to the same destination.

distance

tag

Specifies the administrative distance to associate with a static route. If not specified, this value is set to a default of 1. (Range: 1 to 255)

Specifies a unique integer value for a given ECMP set (destination, metric, distance.)

The no form of the command deletes the specified route for the specified destination next-hop pair.

The following example configures two static routes for traffic delivery and identifies two other null routes for which traffic should be discarded instead of forwarded.

Example 21 Configuring static routes

HP Switch(config)# ip route 10.10.40.0/24 10.10.10.1

HP Switch(config)# ip route 10.10.50.128/27 10.10.10.1

HP Switch(config)# ip route 10.10.20.177/32 reject

HP Switch(config)# ip route 10.10.30.0/24 blackhole

Configures static routes to two different network destinations using the same nexthop router IP address.

Configures a null route to drop traffic for the device at

10.50.10.177 and return an ICMP notification to the sender.

321

Configures a null route to drop traffic for the

10.50.10.0 network without any ICMP notification to the sender.

Viewing static route information

The show ip route command displays the current static route configuration on the routing switch. Figure 4 shows the configuration resulting from the static routes configured in the previous examples.

Figure 4 Displaying the currently configured static routes

Configuring the default route

You can also assign the default route and enter it in the routing table. The default route is used for all traffic that has a destination network not reachable through any other IP routing table entry. For example, if 208.45.228.35 is the IP address of your ISP router, all non-local traffic could be directed to the ISP by entering this command:

48 IP Routing Features

Page 49

HP Switch(config)# ip route 0.0.0.0/0 208.45.228.35

Configuring ECMP routing for static IP routes

IMPORTANT: This section applies to the HP Switch 2615-series (J9565A) and the HP Switch

2915-series (J9562A) only.

ECMP routing allows multiple entries for routes to the same destination. Each path has the same cost as the other paths, but a different next-hop router. The ip load-sharing command specifies the maximum number of equal paths that can be configured. Values range from 2 to 4.

Example 22 shows configuration of an ECMP set with two different gateways to the same destination

address but through different next-hop routers.

Example 22 An ECMP set with the same destination but different next-hop routers

HP Switch(config)# ip route 127.10.144.21/24 10.10.10.2 metric 12 distance 10 HP Switch(config)# ip route 127.10.144.21/24 10.10.10.3 metric 12 distance 10

Configures an ECMP set with 2 different gateways to the same destination address.

Configuring ECMP routing for static IP routes

IMPORTANT: This section applies to the HP Switch 2910al-series and the HP Switch 2920-series

only.

Syntax:

[no] ip load-sharing <2-4> When OSPF is enabled and multiple, equal-cost, next-hop routes are available for

traffic destinations on different subnets, this feature, by default, enables load-sharing among up to four nexthop routes. The no form of the command disables this loadsharing so that only one route in a group of multiple, equalcost, next-hop routes is used for traffic that could otherwise be load-shared across multiple routes.

(Default: Enabled with four equal-cost, next-hop routes allowed) Notes: This command enables or disables load-sharing for both IPv4 (OSPFv2) and

IPv6 (OSPFv3) operation. For more information on load-sharing in the latest IPv6 Configuration Guide for your routing switch.

In the default configuration, IP load-sharing is enabled by default. However, it has no effect unless IP routing and OSPF are enabled.

<2-4>

Specifies the maximum number of equal-cost next hop paths the router allows. (Range: 2 - 4; Default: 4)

Viewing the current IP load-sharing configuration

IMPORTANT: This section applies to the HP Switch 2910al-series and the HP Switch 2920-series

only.

Configuring ECMP routing for static IP routes 49

Page 50

Use the show running command to view the currently active IP load-sharing configuration, and show config to view the IP load-sharing configuration in the startup-config file. (While in its default configuration, IP load-sharing does not appear in the command output.) If IP load sharing is configured with nondefault settings (disabled or configured for either two or three equal-cost nexthop paths), then the current settings are displayed in the command output.

Example 23 Viewing a non-default IP load-sharing configuration

HP Switch(config)# show running

Running configuration: ; J8697A Configuration Editor; Created on release #XX.15.00

hostname "HP Switch" module 1 type J8702A snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1-A24 ip address dhcp-bootp exit

ip load-sharing 3*

access-controller vlan-base 2000

* Indicates a non-default IP load-sharing configuration allowing three equal-cost next-hop paths for routed traffic with different subnet destinations. If the routing switch is configured with the default IP load-sharing configuration, IP load-sharing does not appear in the show config or show running command output.

Example 24 “An ECMP set with the same destination but different next-hop routers” shows

configuration of an ECMP set with routes to the same destination but through different next-hop routers.

Example 24 An ECMP set with the same destination but different next-hop routers

HP Switch(config)# ip route 127.10.144.21/24 10.10.10.2 metric 12 distance 10 HP Switch(config)# ip route 127.10.144.21/24 10.10.10.3 metric 12 distance 10

Configures an ECMP set with 2 different gateways to the same destination address.

Configuring RIP

This section describes how to configure RIP using the CLI interface. To display RIP configuration information and statistics, see “Overview of RIP” (page 50). For more

information on configuring RIP, see “Viewing RIP information” (page 56).

Overview of RIP

Routing Information Protocol (RIP) is an IP route exchange protocol that uses a distance vector (a number representing distance) to measure the cost of a given route. The cost is a distance vector because the cost often is equivalent to the number of router hops between the HP routing switch and the destination network.

An HP routing switch can receive multiple paths to a destination. The software evaluates the paths, selects the best path, and saves the path in the IP route table as the route to the destination. Typically, the best path is the path with the fewest hops. A hop is another router through which packets must travel to reach the destination. If the HP routing switch receives an RIP update from another router

50 IP Routing Features

Page 51

that contains a path with fewer hops than the path stored in the HP routing switch's route table, the routing switch replaces the older route with the newer one. The routing switch then includes the new path in the updates it sends to other RIP routers, including HP routing switches.

RIP routers, including HP routing switches, also can modify a route's cost, generally by adding to it, to bias the selection of a route for a given destination. In this case, the actual number of router hops may be the same, but the route has an administratively higher cost and is thus less likely to be used than other, lower-cost routes. A RIP route can have a maximum cost of 15. Any destination with a higher cost is considered unreachable. Although limiting to larger networks, the low maximum hop count prevents endless loops in the network.

The switches support the following RIP types:

• Version 1

• V1 compatible with V2

• Version 2 (the default)

NOTE: If the routing switch receives an ARP request packet that it is unable to deliver to the final

destination because of the ARP timeout and no ARP response is received (the routing switch knows of no route to the destination address), the routing switch sends an ICMP Host Unreachable message to the source.

RIP parameters and defaults

The following tables list the RIP parameters, their default values, and where to find configuration information.

RIP global parameters

Table 5 lists the global RIP parameters and their default values.

Table 5 RIP global parameters

redistribution

RIP interface parameters

Table 6 lists the VLAN interface RIP parameters and their default values.

Table 6 RIP interface parameters

RIP version

DefaultDescriptionParameter

DisabledRouting Information Protocol V2-only.RIP state

EnabledEnable/disable advertisement of summarized routes.auto-summary

1Default metric for imported routes.metric

DisabledRIP can redistribute static, and connected routes. (RIP redistributes connected routes by default, when RIP is enabled.)

DefaultDescriptionParameter

V2-onlyThe version of the protocol that is supported on the interface. The version can be one of the following:

• Version 1 only

• Version 2 only

• Version 1 or version 2

metric

1A numeric cost the routing switch adds to RIP routes learned on the interface.

Configuring RIP 51

Page 52

Table 6 RIP interface parameters (continued)

This parameter applies only to RIP routes.

DefaultDescriptionParameter

IP address

loop prevention

receive

send

The routes that a routing switch learns or advertises can be controlled.

prevent routing loops caused by advertising a route on the same interface as the one on which the routing switch learned the route:

• Split horizon — The routing switch

does not advertise a route on the same interface as the one on which the routing switch learned the route.

• Poison reverse — The routing

switch assigns a cost of 16 "infinite" or "unreachable") to a route before advertising it on the same interface as the one on which the routing switch learned the route.

packets

The routing switch learns and advertises all RIP routes on all RIP interfaces

Poison reverseThe method the routing switch uses to

V2-onlyDefine the RIP version for incoming

V2-onlyDefine the RIP version for outgoing

Configuring RIP parameters

Use the following procedures to configure RIP parameters on a system-wide and individual VLAN interface basis.

Enabling RIP

RIP is disabled by default. To enable it, use one of the following methods. When you enable RIP, the default RIP version is RIPv2-only. You can change the RIP version on an individual interface basis to RIPv1 or RIPv1-or-v2, if needed.

To enable RIP on a routing switch, enter the following commands:

HP Switch(config)# ip routing

HP Switch(config)# router rip

HP Switch(rip)# exit

HP Switch(config)# write memory

NOTE: IP routing must be enabled prior to enabling RIP. The first command in the preceding

sequence enables IP routing.

Enabling RIP on the routing switch and entering the RIP router context

Syntax:

[no] router rip [[enable] | [disable]] [auto-summary] Executed at the global configuration level to enable RIP on the routing switch and

to enter the RIP router context. This enables you to proceed with assigning RIP areas

52 IP Routing Features

Page 53

and to modify RIP global parameter settings as needed. Global IP routing must be enabled before the RIP protocol can be enabled.

Default: Disabled

The no form of the command deletes all protocol-specific information from the global context and interface context. All protocol parameters are set to default values.

NOTE: If you disable RIP, the switch retains all the configuration information for

the disabled protocol in flash memory. If you subsequently restart RIP, the existing configuration will be applied.

The auto-summary form of the command enables advertisement of the summarized routes. When used with the no form of the command, auto-summary disables the advertisement of the summarized routes.

Example 25 Enter RIP router context

HP Switch(config)# router rip HP Switch(rip)#

Enables RIP routing.enable

Disables RIP routing.disable

Example 26 Enable RIP routing

HP Switch(config)# router rip enable HP Switch(rip)#

Example 27 Disable RIP routing

HP Switch(config)# router rip disable HP Switch(rip)#

Example 28 Delete all protocol-specific information from the global and interface context

HP Switch(config)# no router rip HP Switch(rip)#

NOTE: Deleting all protocol-specific information from the global and interface context sets all

protocol parameters to default values.

NOTE: IP routing must be enabled prior to enabling RIP. The first command in the preceding

sequence enables IP routing.

Enabling IP RIP on a VLAN

To enable RIP on all IP addresses in a VLAN, use ip rip in the VLAN context. When the command is entered without specifying any IP address, it is enabled in all configured IP addresses of the VLAN.

To enable RIP on a specific IP address in a VLAN, use ip rip [<ip-addr>|all] in the VLAN context and enter a specific IP address. If you want RIP enabled on all IP addresses, you can specify all in the command instead of a specific IP address.

Configuring RIP 53

Page 54

Changing the RIP type on a VLAN interface

When you enable RIP on a VLAN interface, RIPv2-only is enabled by default. You can change the RIP type to one of the following on an individual VLAN interface basis:

• Version 1 only

• Version 2 only (the default)

• Version 1 - or - version 2

To change the RIP type supported on a VLAN interface, enter commands such as the following:

HP Switch(config)# vlan 1

HP Switch(vlan-1)# ip rip v1-only

HP Switch(vlan-1)# exit

HP Switch(config)# write memory

Syntax:

[no] ip rip <v1-only | v1-or-v2 | v2-only>

Changing the cost of routes learned on a VLAN interface

By default, the switch interface increases the cost of an RIP route that is learned on the interface. The switch increases the cost by adding one to the route's metric before storing the route.

You can change the amount that an individual VLAN interface adds to the metric of RIP routes learned on the interface.

NOTE: RIP considers a route with a metric of 16 to be unreachable. Use this metric only if you

do not want the route to be used. In fact, you can prevent the switch from using a specific interface for routes learned though that interface by setting its metric to 16.

To increase the cost a VLAN interface adds to RIP routes learned on that interface, enter commands such as the following:

HP Switch(config)# vlan 1

HP Switch(vlan-1)# ip rip metric 5

These commands configure vlan-1 to add 5 to the cost of each route learned on the interface.

Syntax:

ip rip metric <1-16>

Configuring RIP redistribution

You can configure the routing switch to redistribute connected, static, and OSPF routes into RIP. When you redistribute a route into RIP, the routing switch can use RIP to advertise the route to its RIP neighbors.

To configure redistribution, perform the following tasks:

1. Configure redistribution filters to permit or deny redistribution for a route based on the destination network address or interface. (optional)

2. Enable redistribution.

Defining RIP redistribution filters

Route redistribution imports and translates different protocol routes into a specified protocol type. On the switches covered in this guide, redistribution is supported for static and directly connected routes. Redistribution of any other routing protocol into RIP is not currently supported. When you configure redistribution for RIP, you can specify that static or connected routes are imported into RIP routes.

54 IP Routing Features

Page 55

Configuring for redistribution

To configure for redistribution, define the redistribution tables with "restrict" redistribution filters. In the CLI, use the restrict command for RIP at the RIP router level.

NOTE: Do not enable redistribution until you have configured the redistribution filters. Otherwise,

the network might become overloaded with routes that you did not intend to redistribute.

Example:

To configure the switch to filter out redistribution of static or connected routes on network 10.0.0.0, enter the following commands:

HP Switch(config)# router rip

HP Switch(rip)# restrict 10.0.0.0 255.0.0.0

HP Switch(rip)# write memory

The default configuration permits redistribution for all default connected routes only.

Syntax:

restrict <ip-addr> <ip-mask> | <ip-addr/<prefix length>

This command prevents any routes with a destination address that is included in the range specified by the address/mask pair from being redistributed by RIP.

Modifying default metric for redistribution

The default metric is a global parameter that specifies the cost applied to all RIP routes by default. The default value is 1. You can assign a cost from 1 to 15.

Example:

To assign a default metric of 4 to all routes imported into RIP, enter the following commands:

HP Switch(config)# router rip

HP Switch(rip)# default-metric 4

Syntax:

default-metric <value>

The <value> can be from 1 to 15. The default is 1.

Enabling RIP route redistribution

The basic form of the redistribute command redistributes all routes of the selected type. For finer control over route selection and modification of route properties, you can specify the route-map parameter and the name of a route map.

NOTE: Do not enable redistribution until you have configured the redistribution filters. Otherwise,

the network might become overloaded with routes that you did not intend to redistribute.

Syntax:

[no] router rip redistribute <connected | static> [route-map <name>]

Enables redistribution of the specified route type to the RIP domain.

Redistribute from manually configured routes.static

Redistribute from locally connected networks.connected

Optionally specify the name of a route-map to apply during redistribution.route-map <name>

Configuring RIP 55

Page 56

The no form of the command disables redistribution for the specified route type.

Example:

To enable redistribution of all connected, static, and OSPF routes into RIP, enter the following commands.

HP Switch(config)# router rip

HP Switch(rip)# redistribute connected

HP Switch(rip)# redistribute static

HP Switch(rip)# write memory

Changing the route loop prevention method

Syntax:

[no] ip rip poison-reverse

Entering the command without the no option will re-enable Poison reverse. RIP can use the following methods to prevent routing loops:

• Split horizon - the routing switch does not advertise a route on the same interface as the one

on which the routing switch learned the route.

• Poison reverse - the routing switch assigns a cost of 16 (“infinity” or “unreachable”) to a route

before advertising it on the same interface as the one on which the routing switch learned the route. This is the default.

These loop prevention methods are configurable on an individual VLAN interface basis.

NOTE: These methods are in addition to RIP's maximum valid route cost of 15.

Poison reverse is enabled by default. Disabling Poison reverse causes the routing switch to revert to Split horizon. (Poison reverse is an extension of Split horizon.) To disable Poison reverse on an interface, and thereby enable Split horizon, enter the following:

HP Switch(config)# vlan 1

HP Switch(vlan-1)# no ip rip poison-reverse

Viewing RIP information

All RIP configuration and status information is shown by the CLI command show ip rip and options off that command.

Viewing general RIP information

Syntax:

show ip rip

To display general RIP information, enter show ip rip at any context level. The resulting display will appear similar to the following:

56 IP Routing Features

Page 57

Example 29 General RIP information listing

HP Switch(config)# show ip rip

RIP global parameters

RIP protocol : enabled Auto-summary : enabled Default Metric : 1 Distance : 120 Route changes : 0 Queries : 0

RIP interface information

IP Address Status Send mode Recv mode Metric Auth

----------- -------- --------- ---------- ------- ----

100.1.0.1 enabled V2-only V2-only 5 none

100.2.0.1 enabled V2-only V2-only 5 none

100.3.0.1 enabled V2-only V2-only 5 none

100.4.0.1 enabled V2-only V2-only 5 none

100.10.0.1 enabled V2-only V2-only 5 none

100.11.0.1 enabled V2-only V2-only 5 none

RIP peer information

IP Address Bad routes Last update timeticks

--------------- ----------- ---------------------

The display is a summary of global RIP information, information about interfaces with RIP enabled, and information about RIP peers. The following fields are displayed:

RIP protocol

Auto-summary

Default metric

Status of the RIP protocol on the router. RIP must be enabled here and on the VLAN interface for RIP to be active.

The default is disabled.

Status of auto-summary for all interfaces running RIP. If auto-summary is enabled, subnets will be summarized to a class network when advertising outside of the given network.

Sets the default metric for imported routes. This is the metric that will be advertised with the imported route to other RIP peers. A RIP metric is a measurement used to determine the "best" path to network: 1 is the best, 15 is the worst, 16 is unreachable.

The number of times RIP has modified the routing switch’s routing table.Route changes

The number of RIP queries that have been received by the routing switch.Queries

RIP information on the VLAN interfaces on which RIP is enabled:RIP interface information IP address IP address of the VLAN interface running RIP.

Status Status of RIP on the VLAN interface. Send mode Format of the RIP updates: RIP 1, RIP 2, or RIP 2 version 1

compatible.

Recv mode The switch can process RIP 1, RIP 2, or RIP 2 version 1

compatible update messages.

Metric Path "cost", a measurement used to determine the "best" RIP

route path: 1 is the best, 15 is the worst, 16 is unreachable.

Auth RIP messages can be required to include an authentication

key if enabled on the interface.

RIP peer information

RIP peers are neighboring routers from which the routing switch has received RIP updates:

Configuring RIP 57

Page 58

Viewing RIP interface information

To display RIP interface information, enter the show ip rip interface command at any context level.

Syntax:

show ip rip interface [ ip-addr | vlan <vlan-id> ] The resulting display will appear similar to the following:

Example 30 Output for the show IP RIP interface command

HP Switch(config)# show ip rip interface

RIP interface information

IP Address Status Send mode Recv mode Metric Auth

----------- -------- ---------- ---------- ------- ----

100.1.0.1 enabled V2-only V2-only 1 none

100.2.0.1 enabled V2-only V2-only 1 none

100.3.0.1 enabled V2-only V2-only 1 none

100.4.0.1 enabled V2-only V2-only 1 none

IP address IP address of the RIP neighbor. Bad routes Number of route entries which were not

processed for any reason.

Last update timeticks Number of seconds that have passed since

we received an update from this neighbor.

You can also display the information for a single RIP VLAN interface, by specifying the VLAN ID for the interface, or by specifying the IP address for the interface.

To show the RIP interface information for VLAN 1000, use the show ip rip interface vlan <vid> command.

Example 31 RIP interface output by VLAN

HP Switch# show ip rip interface vlan 4

RIP configuration and statistics for VLAN 4

RIP interface information for 100.4.0.1

IP Address : 100.4.0.1 Status : enabled

Send Mode : V2-only Recv mode : V2-only Metric : 1 Auth : none

Bad packets received : 0 Bad routes received : 0 Sent updates : 0

For definitions of the fields in Example 31, see “Viewing general RIP information” (page 56).

58 IP Routing Features

Page 59

The RIP interface information also includes the following fields:

Bad packets received

Bad routes received

Number of packets that were received on this interface and were not processed for any reason.

Number of route entries that were received on this interface and were not processed for any reason.

Number of RIP routing updates that have been sent on this interface.Sent updates

To show the RIP interface information for the interface with IP address 100.2.0.1, enter the show ip rip interface command:

Example 32 The show IP rip interface output by IP address

HP Switch# show ip rip interface 100.2.0.1

RIP interface information for 100.2.0.1

IP Address : 100.2.0.1 Status : enabled

Send Mode : V2-only Recv mode : V2-only Metric : 1 Auth : none

Bad packets received : 0 Bad routes received : 0 Sent updates : 0

Viewing RIP peer information

To display RIP peer information, enter the show ip rip peer command at any context level. The resulting display will appear similar to the following:

Example 33 Output for the show IP rip peer command

HP Switch# show ip rip peer

RIP peer information

IP Address Bad routes Last update timeticks

--------------- ----------- ---------------------

100.1.0.100 0 1

100.2.0.100 0 0

100.3.0.100 0 2

100.10.0.100 0 1

This display lists all neighboring routers from which the routing switch has received RIP updates. The following fields are displayed:

Last update timeticks

IP address of the RIP peer neighbor.IP address

The number of route entries that were not processed for any reason.Bad routes

How many seconds have passed since the routing switch received an update from this peer neighbor.

To show the RIP peer information for a specific peer with IP address 100.1.0.100, enter show ip rip peer 100.1.0.100.

Configuring RIP 59

Page 60

Example 34 Output for the show IP rip peer <

HP Switch# show ip rip peer 100.0.1.100

RIP peer information for 100.0.1.100

IP Address : 100.1.0.100 Bad routes : 0 Last update timeticks : 2

This display lists information in the fields described above (IP address, Bad routes, Last update timeticks.)

Viewing RIP redistribution information

To display RIP redistribution information, enter the show ip rip redistribute command at any context level:

Example 35 Output for the show IP rip redistribute command

HP Switch# show ip rip redistribute

RIP redistributing

Route type Status

---------- ------

connected enabled static disabled

ip-addr

> command

RIP automatically redistributes connected routes that are configured on interfaces that are running RIP and all routes that are learned via RIP. The router rip redistribute command, described in “Configuring for redistribution” (page 55), configures the routing switch to cause RIP to advertise connected routes that are not running RIP or static routes. The display shows whether RIP redistribution is enabled or disabled for connected or static routes.

Viewing RIP redistribution filter (restrict) information

To display RIP restrict filter information, enter the show ip rip restrict command at any context level:

Example 36 Output for the show IP rip restrict command

HP Switch# show ip rip restrict

RIP restrict list

IP Address Mask

--------------- ------------

The display shows if any routes identified by the IP Address and Mask fields are being restricted from redistribution. The restrict filters are configured by the router rip restrict command (see “Configuring for redistribution” (page 55)).

Configuring IRDP

The ICMP Router Discovery Protocol (IRDP) is used by HP routing switches to advertise the IP addresses of their router interfaces to directly attached hosts. IRDP is disabled by default. You can enable the feature on a global basis or on an individual VLAN interface basis.

When IRDP is enabled, the routing switch periodically sends Router Advertisement messages out the IP interfaces on which the feature is enabled. The messages advertise the routing switch's IP

60 IP Routing Features

Page 61

addresses to directly attached hosts who listen for the messages. In addition, hosts can be configured to query the routing switch for the information by sending Router Solicitation messages.

Some types of hosts use the Router Solicitation messages to discover their default gateway. When IRDP is enabled on the HP routing switch, the routing switch responds to the Router Solicitation messages. Some clients interpret this response to mean that the routing switch is the default gateway. If another router is actually the default gateway for these clients, leave IRDP disabled on the HP routing switch.

IRDP uses the following parameters. If you enable IRDP on individual VLAN interfaces, you can configure these parameters on an individual VLAN interface basis.

Packet type

Hold time

Maximum message interval and minimum message interval is random for each message and is not affected by traffic loads or other network factors.

Preference

Enabling IRDP globally

The routing switch can send Router Advertisement messages as IP broadcasts or as IP multicasts addressed to IP multicast group 224.0.0.1. The default packet type is IP broadcast.

Each Router Advertisement message contains a hold time value. This value specifies the maximum amount of time the host should consider an advertisement to be valid until a newer advertisement arrives. When a new advertisement arrives, the hold time is reset. The hold time is always longer than the maximum advertisement interval. Therefore, if the hold time for an advertisement expires, the host can reasonably conclude that the router interface that sent the advertisement is no longer available. The default hold time is three times the maximum message interval.

When IRDP is enabled, the routing switch sends the Router Advertisement messages every 450-600 seconds by default. The time within this interval that the routing switch selects

The random interval minimizes the probability that a host will receive Router Advertisement messages from other routers at the same time. The interval on each IRDP-enabled routing switch interface is independent of the interval on other IRDP-enabled interfaces. The default maximum message interval is 600 seconds. The default minimum message interval is 450 seconds.

If a host receives multiple Router Advertisement messages from different routers, the host selects the router that send the message with the highest preference as the default gateway. The preference can be a number from -4294967296 to 4294967295. The default is

Enter the following command:

HP Switch(config)# ip irdp

This command enables IRDP on the IP interfaces on all ports. Each port uses the default values for the IRDP parameters.

Enabling IRDP on an individual VLAN interface

To enable IRDP on an individual VLAN interface and configure IRDP parameters, enter commands such as the following:

HP Switch(config)# vlan 1

HP Switch(vlan-1)# ip irdp maxadvertinterval 400

This example shows how to enable IRDP on a specific interface (VLAN 1) and change the maximum advertisement interval for Router Advertisement messages to 400 seconds.

Configuring IRDP 61

Page 62

Syntax:

[no] ip irdp [ broadcast | multicast ] [holdtime <seconds>] [maxadvertinterval <seconds>] [minadvertinterval <seconds>] [preference <number>]

[broadcast | multicast]

holdtime <seconds>

maxadvertinterval

Specifies the packet type the routing switch uses to send the Router Advertisement:

broadcast The routing switch sends Router Advertisements

as IP broadcasts.

multicast The routing switch sends Router Advertisements

as multicast packets addressed to IP multicast group 224.0.0.1. This is the default.

Specifies how long a host that receives a Router Advertisement from the routing switch should consider the advertisement to be valid.

When a host receives a new Router Advertisement message from the routing switch, the host resets the hold time for the routing switch to the hold time specified in the new advertisement. If the hold time of an advertisement expires, the host discards the advertisement, concluding that the router interface that sent the advertisement is no longer available. The value must be greater than the value of the maxadvertinterval parameter and cannot be greater than 9000.

The default is three times the value of the maxadvertinterval parameter.

Specifies the maximum amount of time the routing switch waits between sending Router Advertisements. You can specify a value from 1 to the current value of the holdtime parameter.

The default is 600 seconds.

minadvertinterval

preference <number>

Viewing IRDP information

To display IRDP information, enter show ip irdp from any CLI level.

Specifies the minimum amount of time the routing switch can wait between sending Router Advertisements. The default is three-fourths (0.75) the value of the maxadvertinterval parameter.

If you change the maxadvertinterval parameter, the software automatically adjusts the minadvertinterval parameter to be three-fourths the new value of the maxadvertinterval parameter. If you want to override the automatically configured value, you can specify an interval from 1 to the current value of the maxadvertinterval parameter.

Specifies the IRDP preference level of this routing switch. If a host receives Router Advertisements from multiple routers, the host selects the router interface that sent the message with the highest preference as the host's default gateway.

The valid range is -4294967296 to 4294967295. The default is 0.

62 IP Routing Features

Page 63

Example 37 Output for show ip irdp

HP Switch# show ip irdp

Status and Counters - ICMP Router Discovery Protocol

Global Status : Disabled

VLAN Name Status Advertising Min int Max int Holdtime Preference Address (sec) (sec) (sec)

------------- -------- ----------- ------- ------- -------- --------- DEFAULT_VLAN Enabled multicast 450 600 1800 0 VLAN20 Enabled multicast 450 600 1800 0 VLAN30 Enabled multicast 450 600 1800 0

Configuring DHCP relay

Overview

The Dynamic Host Configuration Protocol (DHCP) is used for configuring hosts with IP address and other configuration parameters without user intervention. The protocol is composed of three components:

• DHCP client

• DHCP server

• DHCP relay agent

The DHCP client sends broadcast request packets to the network; the DHCP servers respond with broadcast packets that offer IP parameters, such as an IP address for the client. After the client chooses the IP parameters, communication between the client and server is by unicast packets.

HP routing switches provide the DHCP relay agent to enable communication from a DHCP server to DHCP clients on subnets other than the one the server resides on. The DHCP relay agent transfers DHCP messages from DHCP clients located on a subnet without a DHCP server to other subnets. It also relays answers from DHCP servers to DHCP clients.

The DHCP relay agent is transparent to both the client and the server. Neither side is aware of the communications that pass through the DHCP relay agent. As DHCP clients broadcast requests, the DHCP relay agent receives the packets and forwards them to the DHCP server. During this process, the DHCP relay agent increases the hop count by one before forwarding the DHCP message to the server. A DHCP server includes the hop count from the DHCP request that it receives in the response that it returns to the client.

DHCP packet forwarding

The DHCP relay agent on the routing switch forwards DHCP client packets to all DHCP servers that are configured in the table administrated for each VLAN.

Unicast forwarding

The packets are forwarded using unicast forwarding if the IP address of the DHCP server is a specific host address. The DHCP relay agent sets the destination IP address of the packet to the IP address of the DHCP server and forwards the message.

Broadcast forwarding

The packets are forwarded using broadcast forwarding if the IP address of the DHCP server is a subnet address or IP broadcast address (255.255.255.255.) The DHCP relay agent sets the DHCP server IP address to broadcast IP address and is forwarded to all VLANs with configured IP interfaces (except the source VLAN.)

Configuring DHCP relay 63

Page 64

Prerequisites for DHCP relay operation

For the DHCP relay agent to work on the switch, you must complete the following steps:

1. Enable DHCP relay on the routing switch (the default setting.)

2. Ensure that a DHCP server is servicing the routing switch.

3. Enable IP routing on the routing switch.

4. Ensure that there is a route from the DHCP server to the routing switch and back.

5. Configure one or more IP helper addresses for specified VLANs to forward DHCP requests to DHCP servers on other subnets.

Enabling DHCP relay

The DHCP relay function is enabled by default on an HP routing switch. However, if DHCP has been disabled, you can re-enable it by entering the following command at the global configuration level:

HP Switch(config)# dhcp-relay

To disable the DHCP relay function, enter the no form of the command:

HP Switch(config)# no dhcp-relay

Configuring an IP helper address

To add the IP address of a DHCP server for a specified VLAN on a routing switch, enter the ip

helper-address command at the VLAN configuration level as in the following example:

HP Switch(config)# vlan 1

HP Switch(vlan-1)# ip helper-address <ip-addr>

To remove the DHCP server helper address, enter the no form of the command:

HP Switch(vlan-1)# no ip helper-address <ip-addr>

Operating notes

• You can configure up to 4000 IP helper addresses on a routing switch. The helper addresses

are shared between the DHCP relay agent and UDP forwarder feature.

• A maximum of sixteen IP helper addresses is supported in each VLAN.

Verifying the DHCP relay configuration

Viewing the DHCP relay setting

Use the show config command (or show running for the running-config file) to display the current DHCP relay setting.

NOTE: The DHCP relay and hop count increment settings appear in the show config command

output only if the non-default values are configured.

64 IP Routing Features

Page 65

Example 38 Displaying startup configuration with DHCP relay disabled

HP Switch# show config Startup configuration: ; J9726A Configuration Editor; Created on release #xx.15.xx hostname “HP Switch” cdp run module 1 type J9726A ip default-gateway 18.30.240.1 snmp-server community “public” Unrestricted vlan 1 name “DEFAULT_VLAN” untagged A1 ip address 18.30.240.180 255.255.248.0 no untagged A2-A24 exit no dhcp-relay

Non-Default DHCP Relay

setting

Viewing DHCP helper addresses

To display the list of currently configured IP Helper addresses for a specified VLAN on the switch, enter the show ip helper-address vlan command.

Syntax:

show ip helper-address [vlan <vlan-id>] Displays the IP helper addresses of DHCP servers configured for all static VLANS

in the switch or on a specified VLAN, regardless of whether the DHCP relay feature is enabled. The vlan <vlan-id> parameter specifies a VLAN ID number.

The following command lists the currently configured IP Helper addresses for VLAN 1.

Example 39 Displaying IP helper addresses

HP Switch(config)# show ip helper-address vlan 1

IP Helper Addresses

IP Helper Address

-----------------

10.28.227.97

10.29.227.53

DHCP Option 82

Option 82 is called the relay agent information option and is inserted by the DHCP relay agent when forwarding client-originated DHCP packets to a DHCP server. Servers recognizing the relay agent information option may use the information to implement IP address or other parameter assignment policies. The DHCP server echoes the option back verbatim to the relay agent in server-to-client replies, and the relay agent strips the option before forwarding the reply to the client.

The relay agent information option is organized as a single DHCP option that contains one or more suboptions that convey information known by the relay agent. The initial suboptions are defined for a relay agent that is co-located in a public circuit access unit. These include a circuit ID for the incoming circuit and a remote ID that provides a trusted identifier for the remote high-speed modem.

Configuring DHCP relay 65

Page 66

The routing switch can operate as a DHCP relay agent to enable communication between a client and a DHCP server on a different subnet. Without Option 82, DHCP operation modifies client IP address request packets to the extent needed to forward the packets to a DHCP server. Option 82 enhances this operation by enabling the routing switch to append an Option 82 field to such client requests. This field includes two suboptions for identifying the routing switch (by MAC address or IP address) and the routing switch port the client is using to access the network. A DHCP server with Option 82 capability can read the appended field and use this data as criteria for selecting the IP addressing it will return to the client through the usual DHCP server response packet. This operation provides several advantages over DHCP without Option 82:

• An Option 82 DHCP server can use a relay agent's identity and client source port information

to administer IP addressing policies based on client and relay agent location within the network, regardless of whether the relay agent is the client's primary relay agent or a secondary agent.

• A routing switch operating as a primary Option 82 relay agent for DHCP clients requesting

an IP address can enhance network access protection by blocking attempts to use an invalid Option 82 field to imitate an authorized client, or by blocking attempts to use response packets with missing or invalid Option 82 suboptions to imitate valid response packets from an authorized DHCP server.

• An Option 82 relay agent can also eliminate unnecessary broadcast traffic by forwarding an

Option 82 DHCP server response only to the port on which the requesting client is connected, instead of broadcasting the DHCP response to all ports on the VLAN.

NOTE: The routing switch's DHCP relay information (Option 82) feature can be used in networks

where the DHCP servers are compliant with RFC 3046 Option 82 operation. DHCP servers that are not compliant with Option 82 operation ignore Option 82 fields. For information on configuring an Option 82 DHCP server, see the documentation provided with the server application.

Some client applications can append an Option 82 field to their DHCP requests; see the documentation provided for your client application.

It is not necessary for all relay agents on the path between a DHCP client and the server to support Option 82, and a relay agent without Option 82 should forward DHCP packets regardless of whether they include Option 82 fields. However, Option 82 relay agents should be positioned at the DHCP policy boundaries in a network to provide maximum support and security for the IP addressing policies configured in the server.

Option 82 server support

To apply DHCP Option 82, the routing switch must operate in conjunction with a server that supports Option 82. (DHCP servers that do not support Option 82 typically ignore Option 82 fields.) Also, the routing switch applies Option 82 functionality only to client request packets being routed to a DHCP server. DHCP relay with Option 82 does not apply to switched (non-routed) client requests.

For information on configuring policies on a server running DHCP Option 82, see the documentation provided for that application.

66 IP Routing Features

Page 67

Figure 5 Example of a DHCP Option 82 application

General DHCP Option 82 requirements and operation

Requirements

DHCP Option 82 operation is configured at the global config level and requires the following:

• IP routing enabled on the switch

• DHCP-relay option 82 enabled (global command level)

• Routing switch access to an Option 82 DHCP server on a different subnet than the clients

requesting DHCP Option 82 support

• One IP helper address configured on each VLAN supporting DHCP clients

General DHCP-relay operation with Option 82

Typically, the first (primary) Option 82 relay agent to receive a client's DHCP request packet appends an Option 82 field to the packet and forwards it toward the DHCP server identified by the IP helper address configured on the VLAN in which the client packet was received. Other, upstream relay agents used to forward the packet may append their own Option 82 fields, replace the Option 82 fields they find in the packet, forward the packet without adding another field, or drop the packet. (Intermediate next-hop routing switches without Option 82 capability can be used to forward—route—client request packets with Option 82 fields.) Response packets from an Option 82 server are routed back to the primary relay agent (routing switch) and include an IP addressing assignment for the requesting client and an exact copy of the Option 82 data the server received with the client request. The relay agent strips off the Option 82 data and forwards the response packet out the port indicated in the response as the Circuit ID (client access port.) Under certain validation conditions described later in this section, a relay agent detecting invalid Option 82 data in a response packet may drop the packet.

Configuring DHCP relay 67

Page 68

Figure 6 Example of DHCP Option 82 operation in a network with a non-compliant relay agent

Option 82 field content

The remote ID and circuit ID subfields comprise the Option 82 field a relay agent appends to client requests. A DHCP server configured to apply a different IP addressing policy to different areas of a network uses the values in these subfields to determine which DHCP policy to apply to a given client request.

Remote ID

Remote ID is a configurable subfield that identifies a policy area that comprises either the routing switch as a whole (by using the routing switch MAC address) or an individual VLAN configured on the routing switch (by using the IP address of the VLAN receiving the client request.)

• Use the IP address option if the server will apply different IP addressing policies to DHCP client

requests from ports in different VLANs on the same routing switch.

• Use the Management VLAN option if a management VLAN is configured and you want all

DHCP clients on the routing switch to use the same IP address. (This is useful if you are applying the same IP addressing policy to DHCP client requests from ports in different VLANs on the same routing switch.) Configuring this option means the management VLAN's IP address appears in the remote ID subfield of all DHCP requests originating with clients connected to the routing switch, regardless of the VLAN on which the requests originate.

• Use the MAC address option if, on a given routing switch, it does not matter to the DHCP

server which VLAN is the source of a client request (that is, use the MAC address option if the IP addressing policies supported by the target DHCP server do not distinguish between client requests from ports in different VLANs in the same routing switch.)

To view the MAC address for a given routing switch, execute the show system-information command in the CLI.

68 IP Routing Features

Page 69

Example 40 Using the CLI to view the switch MAC address

HP Switch(config)# show system information

Status and Counters - General System Information

System Name : HP Switch System Contact : System Location :

MAC Age Time (sec) : 300

Time Zone : 0 Daylight Time Rule : None

Software revision : xx.15.xx Base MAC Addr : 0026f1-152e10 ROM Version : xx.15.xx Serial Number : CN9458Q011 Allow V1 Modules : Yes

Up Time : 68 mins Memory - Total : 58,720,256 CPU Util (%) : 5 Free : 39,500,456

IP Mgmt - Pkts Rx : 28,959 Packet - Total : 3022 Pkts Tx : 1340 Buffers Free : 2902 Lowest : 2742 Missed : 0

Circuit ID

Circuit ID is a nonconfigurable subfield that identifies the port number of the physical port through which the routing switch received a given DHCP client request and is necessary to identify if you want to configure an Option 82 DHCP server to use the Circuit ID to select a DHCP policy to assign to clients connected to the port. This number is the identity of the inbound port. On HP fixed-port switches, the port number used for the circuit ID is always the same as the physical port number shown on the front of the switch. On HP chassis switches, where a dedicated, sequential block of internal port numbers are reserved for each slot, regardless of whether a slot is occupied, the circuit ID for a given port is the sequential index number for that port position in the slot. (To view the index number assignments for ports in the routing switch, use the walkmib ifname command.)

For example, the Circuit ID for port 11 on an HP switch is “11”.

Example 41 Using walkmib to determine the Circuit ID for a port on an HP chassis

HP Switch(config)# walkmib ifname ifName.1 = 1 ifName.2 = 2 ifName.3 = 3 ifName.4 = 4 ifName.5 = 5 ifName.6 = 6 ifName.7 = 7 ifName.8 = 8 ifName.9 = 9 ifName.10 = 10

ifName.11 = 11

ifName.12 = 12

For example, suppose you want port 10 on a given relay agent to support no more than five DHCP clients simultaneously. You can configure the server to allow only five IP addressing assignments at any one time for the circuit ID (port) and remote ID (MAC address) corresponding to port 10 on the selected relay agent.

Configuring DHCP relay 69

Page 70

Similarly, if you want to define specific ranges of addresses for clients on different ports in the same VLAN, you can configure the server with the range of IP addresses allowed for each circuit ID (port) associated with the remote ID (IP address) for the selected VLAN.

Forwarding policies

DHCP Option 82 on HP switches offers four forwarding policies, with an optional validation of server responses for three of the policy types (append, replace, or drop.)

Configuration options for managing DHCP client request packets

DHCP client request packet inbound to the routing switchOption 82

configuration

Option 82 field

Packet includes an Option 82 fieldPacket has no

Append

Keep

Replace

Append an

Option 82

field

Append an

Option 82

field

Append an

Option 82

field

Append allows the most detail in defining DHCP policy boundaries. For example, where the path from a client to the DHCP Option 82 server includes multiple relay agents with Option 82 capability, each relay agent can define a DHCP policy boundary and append its own Option 82 field to the client request packet. The server can then determine in detail the agent hops the packet took, and can be configured with a policy appropriate for any policy boundary on the path. Note:

NOTE: In networks with multiple relay agents between a client and an Option

82 server, append can be used only if the server supports multiple Option 82 fields in a client request. If the server supports only one Option 82 field in a request, consider using the keep option.

If the relay agent receives a client request that already has one or more Option 82 fields, keep causes the relay agent to retain such fields and forward the request without adding another Option 82 field. But if the incoming client request does not already have any Option 82 fields, the relay agent appends an Option 82 field before forwarding the request. Some applications for keep include:

• The DHCP server does not support multiple Option 82 packets in a client request,

and there are multiple Option 82 relay agents in the path to the server.

• The unusual case where DHCP clients in the network add their own Option 82

fields to their request packets, and you do not want any additional fields added by relay agents.

This policy does not include the validate option (described in the next section) and allows forwarding of all server response packets arriving inbound on the routing switch (except those without a primary relay agent identifier.)

Replace replaces any existing Option 82 fields from downstream relay agents (and/or the originating client) with an Option 82 field for the current relay agent. Some applications for replace include:

• The relay agent is located at a point in the network that is a DHCP policy

boundary, and you want to replace any Option 82 fields appended by down-stream devices with an Option 82 field from the relay agent at the boundary. (This eliminates downstream Option 82 fields you do not want the server to use when determining which IP addressing policy to apply to a client request.)

• In applications where the routing switch is the primary relay agent for clients

that may append their own Option 82 field, you can use replace to delete these fields if you do not want them included in client requests reaching the server.

Drop

70 IP Routing Features

Append an

Option 82

field

Drop causes the routing switch to drop an inbound client request with an Option 82 field already appended. If no Option 82 fields are present, drop causes the routing switch to add an Option 82 field and forward the request. As a general guideline, configure drop on relay agents at the edge of a network, where an inbound client request with an appended Option 82 field may be unauthorized, a security risk, or for some other reason, should not be allowed.

Page 71

Multiple Option 82 relay agents in a client request path

Where the client is one router hop away from the DHCP server, only the Option 82 field from the first (and only) relay agent is used to determine the policy boundary for the server response. Where there are multiple Option 82 router hops between the client and the server, you can use different configuration options on different relay agents to achieve the results you want. This includes configuring the relay agents so that the client request arrives at the server with either one Option 82 field or multiple fields. (Using multiple Option 82 fields assumes that the server supports multiple fields and is configured to assign IP addressing policies based on the content of multiple fields.)

Figure 7 Example configured to allow only the primary relay agent to contribute an Option 82 field

The above combination allows for detection and dropping of client requests with spurious Option 82 fields. If none are found, the drop policy on the first relay agent adds an Option 82 field, which is then kept unchanged over the next two relay agent hops ("B" and "C".) The server can then enforce an IP addressing policy based on the Option 82 field generated by the edge relay agent ("A".) In this example, the DHCP policy boundary is at relay agent 1.

Figure 8 Example configured to allow multiple relay agents to contribute an Option 82 field

This is an enhancement of the previous example. In this case, each hop for an accepted client request adds a new Option 82 field to the request. A DHCP server capable of using multiple Option 82 fields can be configured to use this approach to keep a more detailed control over leased IP addresses. In this example, the primary DHCP policy boundary is at relay agent "A," but more global policy boundaries can exist at relay agents "B" and "C."

Figure 9 Example allowing only an upstream relay agent to contribute an Option 82 field

Like the first example, above, this configuration drops client requests with spurious Option 82 fields from clients on the edge relay agent. However, in this case, only the Option 82 field from the last relay agent is retained for use by the DHCP server. In this case the DHCP policy boundary is at relay agent "C." In the previous two examples the boundary was with relay "A."

Validation of server response packets

A valid Option 82 server response to a client request packet includes a copy of the Option 82 fields the server received with the request. With validation disabled, most variations of Option 82 information are allowed, and the corresponding server response packets are forwarded.

Configuring DHCP relay 71

Page 72

Server response validation is an option you can specify when configuring Option 82 DHCP for append, replace, or drop operation. See “Forwarding policies” (page 70). Enabling validation on the routing switch can enhance protection against DHCP server responses that are either from untrusted sources or are carrying invalid Option 82 information.

With validation enabled, the relay agent applies stricter rules to variations in the Option 82 fields of incoming server responses to determine whether to forward the response to a downstream device or to drop the response due to invalid (or missing) Option 82 information. Table 7 describes relay agent management of DHCP server responses with optional validation enabled and disabled.

Table 7 Relay agent management of DHCP server response packets

Valid DHCP server response packet without an Option 82 field.

carries data indicating a given routing switch is the primary relay agent for the original client request, but the associated Option 82 field in the response contains a remote ID and circuit ID combination that did not originate with the given relay agent.

carries data indicating a given routing switch is the primary relay agent for the original client request, but the associated Option 82 field in the response contains a Remote ID that did not originate with the relay agent.

Option 82 configurationResponse packet content

append, replace, or

drop

keep

appendThe server response packet

replace or drop

keep

appendThe server response packet

replace or drop

keep

Validation enabled on the

relay agent

Drop the server response packet.

Forward server response packet to a downstream device.

Drop the server response packet.

Forward server response packet to a downstream device.

Drop the server response packet.

Forward server response packet to a downstream device.

Validation disabled (the

default)

Forward server response packet to a downstream device.

Drop the server response packet.

Forward server response packet to a downstream device.

Drop the server response packet.

Forward server response packet to a downstream device.

All other server response

packets

Drop is the recommended choice because it protects against an unauthorized client inserting its own Option 82 field for an incoming request.

A routing switch with DHCP Option 82 enabled with the keep option forwards all DHCP server response packets except those that are not valid for either Option 82 DHCP operation (compliant with RFC 3046) or DHCP operation without Option 82 support (compliant with RFC 2131.)

A routing switch with DHCP Option 82 enabled drops an inbound server response packet if the packet does not have any device identified as the primary relay agent (giaddr=null; see RFC 2131.)

Multinetted VLANs

On a multinetted VLAN, each interface can form an Option 82 policy boundary within that VLAN if the routing switch is configured to use IP for the remote ID suboption. That is, if the routing switch is configured with IP as the remote ID option and a DHCP client request packet is received on a multinetted VLAN, the IP address used in the Option 82 field will identify the subnet on which the packet was received instead of the IP address for the VLAN. This enables an Option 82 DHCP

72 IP Routing Features

append, keep2, replace, or drop

Forward server response packet to a downstream device.

Page 73

server to support more narrowly defined DHCP policy boundaries instead of defining the boundaries at the VLAN or whole routing switch levels. If the MAC address option (the default) is configured instead, the routing switch MAC address will be used regardless of which subnet was the source of the client request. (The MAC address is the same for all VLANs configured on the routing switch.)

All request packets from DHCP clients in the different subnets in the VLAN must be able to reach any DHCP server identified by the IP helper addresses configured on that VLAN.

Configuring Option 82

For information on Option 82, see the sections beginning with “DHCP Option 82” (page 65). To configure DHCP Option 82 on a routing switch, enter the dhcp-relay option 82 command.

Syntax:

append

replace

drop

Configures the switch to append an Option 82 field to the client DHCP packet. If the client packet has existing Option 82 field(s) assigned by another device, the new field is appended to the existing field(s).

The appended Option 82 field includes the switch Circuit ID (inbound port number*) associated with the client DHCP packet, and the switch Remote ID. The default switch remote ID is the MAC address of the switch on which the packet was received from the client. To use the incoming VLAN’s IP address or the Management VLAN IP address (if configured) for the remote ID instead of the switch MAC address, use the ip or mgmt-vlan option (below).

Configures the switch to replace existing Option 82 fields in an inbound client DHCP packet with an Option 82 field for the switch.

The replacement Option 82 field includes the switch circuit ID (inbound port number*) associated with the client DHCP packet and the switch remote ID. The default switch remote ID is the MAC address of the switch on which the packet was received from the client.

To use the incoming VLAN's IP address or the Management VLAN IP address (if configured) for the remote ID instead of the switch MAC address, use the ip or mgmt-vlan option (below).

Configures the routing switch to unconditionally drop any client DHCP packet received with existing Option 82 fields. This means that such packets will not be forwarded. Use this option where access to the routing switch by untrusted clients is possible.

If the routing switch receives a client DHCP packet without an Option 82 field, it adds an Option 82 field to the client and forwards the packet. The added Option 82 field includes the switch circuit ID (inbound port number*) associated with the client DHCP packet and the switch remote ID. The default switch remote ID is the MAC address of the switch on which the packet was received from the client.

To use the incoming VLAN's IP address or the Management VLAN IP address (if configured) for the remote ID instead of the switch MAC address, use the

ip or mgmt-vlan option (below).

keep

[validate]

For any client DHCP packet received with existing Option 82 fields, configures the routing switch to forward the packet as-is, without replacing or adding to the existing Option 82 fields.

Operates when the routing switch is configured with append, replace, or drop as a forwarding policy. With validate enabled, the routing switch applies stricter rules to an incoming Option 82 server response to determine whether

Configuring DHCP relay 73

Page 74

to forward or drop the response. For more information, see “Validation of

server response packets” (page 71).

[ ip | mac | mgmt-vlan ]

Specifies the remote ID suboption that the switch uses in Option 82 fields added or appended to DHCP client packets. The type of remote ID defines DHCP policy areas in the client requests sent to the DHCP server. If a remote ID suboption is not configured, the routing switch defaults to the mac option. See “Option 82 field content” (page 68).

• ip: Specifies the IP address of the VLAN on which the client DHCP packet

enters the switch.

• mac: Specifies the routing switch's MAC address. (The MAC address used

is the same MAC address that is assigned to all VLANs configured on the routing switch.) This is the default setting.

• mgmt-vlan:Specifies the IP address of the (optional) management VLAN

configured on the routing switch. Requires that a management VLAN is already configured on the switch. If the management VLAN is multinetted, the primary IP address configured for the management VLAN is used for the remote ID.

If you enter the dhcp-relay option 82 command without specifying either ip or mac, the MAC address of the switch on which the packet was received from the client is configured as the remote ID. For information about the remote ID values used in the Option 82 field appended to client requests, see “Option

82 field content” (page 68).

Example of Option 82 configuration

In the routing switch shown below, option 82 has been configured with mgmt-vlan for the remote ID.

HP Switch(config)# dhcp-relay option 82 append mgmt-vlan

The resulting effect on DHCP operation for clients X, Y, and Z is shown in Table 8.

Figure 10 DHCP Option 82 when using the management VLAN as the remote ID sub-option

74 IP Routing Features

Page 75

Table 8 DHCP operation for the topology in Figure 10

Remote IDClient

DHCP servergiaddr

The IP address of the primary DHCP relay agent receiving a client request packet is automatically added to the packet, and is identified as the giaddr (gateway interface address.) This is the IP address of the VLAN on which the request packet was received from the client. For more information, see RFC 2131 and RFC 3046.

Operating notes

• This implementation of DHCP relay with Option 82 complies with the following RFCs:

• RFC 3046

• Moving a client to a different port allows the client to continue operating as long as the port

is a member of the same VLAN as the port through which the client received its IP address. However, rebooting the client after it moves to a different port can alter the IP addressing policy the client receives if the DHCP server is configured to provide different policies to clients accessing the network through different ports.

• The IP address of the primary DHCP relay agent receiving a client request packet is

automatically added to the packet, and is identified as the giaddr (gateway interface address.) (That is, the giaddr is the IP address of the VLAN on which the request packet was received from the client.) For more information, see RFC 2131 and RFC 3046.

A only10.39.10.110.38.10.1X

B or C10.29.10.110.38.10.1Y

B or C10.15.10.110.38.10.1Z

If a DHCP client is in the management VLAN, its DHCP requests can go only to a DHCP server that is also in the management VLAN. Routing to other VLANs is not allowed.

Clients outside of the management VLAN can send DHCP requests only to DHCP servers outside of the management VLAN. Routing to the management VLAN is not allowed.

RFC 2131•

• DHCP request packets from multiple DHCP clients on the same relay agent port will be routed

to the same DHCP servers. When using 802.1X on a switch, a port's VLAN membership may be changed by a RADIUS server responding to a client authentication request. In this case the DHCP servers accessible from the port may change if the VLAN assigned by the RADIUS server has different DHCP helper addresses than the VLAN used by unauthenticated clients.

• Where multiple DHCP servers are assigned to a VLAN, a DHCP client request cannot be

directed to a specific server. Thus, where a given VLAN is configured for multiple DHCP servers, all of these servers should be configured with the same IP addressing policy.

• Where routing switch "A" is configured to insert its MAC address as the remote ID in the

Option 82 fields appended to DHCP client requests, and upstream DHCP servers use that MAC address as a policy boundary for assigning an IP addressing policy, then replacing switch "A" makes it necessary to reconfigure the upstream DHCP servers to recognize the MAC address of the replacement switch. This does not apply in the case where an upstream relay agent "A" is configured with option 82 replace, which removes the Option 82 field originally inserted by switch "A."

• Relay agents without Option 82 can exist in the path between Option 82 relay agents and

an Option 82 server. The agents without Option 82 forward client requests and server responses without any effect on Option 82 fields in the packets.

• If the routing switch cannot add an Option 82 field to a client's DHCP request because the

message size exceeds the MTU size, the request is forwarded to the DHCP server without Option 82 data and an error message is logged in the switch's Event Log.

• Because routing is not allowed between the Management VLAN and other VLANs, a DHCP

server must be available in the management VLAN if clients in the management VLAN require a DHCP server.

Configuring DHCP relay 75

Page 76

• If the Management VLAN IP address configuration changes after mgmt-vlan has been

configured as the remote ID suboption, the routing switch dynamically adjusts to the new IP addressing for all future DHCP requests.

• The Management VLAN and all other VLANs on the routing switch use the same MAC address.

UDP broadcast forwarding

Overview

Some applications rely on client requests sent as limited IP broadcasts addressed to a UDP application port. If a server for the application receives such a broadcast, the server can reply to the client. Since typical router behavior, by default, does not allow broadcast forwarding, a client's UDP broadcast requests cannot reach a target server on a different subnet unless the router is configured to forward client UDP broadcasts to that server.

A switch with routing enabled includes optional per-VLAN UDP broadcast forwarding that allows up to 256 server and/or subnet entries on the switch (16 entries per-VLAN.) If an entry for a particular UDP port number is configured on a VLAN, and an inbound UDP broadcast packet with that port number is received on the VLAN, the switch routes the packet to the appropriate subnet. (Each entry can designate either a single device or a single subnet. The switch ignores any entry that designates multiple subnets.)

NOTE: The number of UDP broadcast forwarding entries supported is affected by the number of

IP helper addresses configured to support DHCP relay. See “Operating notes for UDP broadcast

forwarding” (page 79).

A UDP forwarding entry includes the desired UDP port number and can be either an IP unicast address or an IP subnet broadcast address for the subnet the server is in. Thus, an incoming UDP packet carrying the configured port number will be:

• Forwarded to a specific host if a unicast server address is configured for that port number.

• Broadcast on the appropriate destination subnet if a subnet address is configured for that port

number.

A UDP forwarding entry for a particular UDP port number is always configured in a specific VLAN and applies only to client UDP broadcast requests received inbound on that VLAN. If the VLAN includes multiple subnets, the entry applies to client broadcasts with that port number from any subnet in the VLAN.

For example, VLAN 1 (15.75.10.1) is configured to forward inbound UDP packets as shown in

Table 9.

Table 9 Example of a UDP packet-forwarding environment

Subnet maskIP addressInterface

Forwarding address

port

118815.75.11.43255.255.255.015.75.10.1VLAN 1

181215.75.11.255

NotesUDP

Unicast address for forwarding inbound UDP packets with UDP port 1188 to a specific device on VLAN 2.

Broadcast address for forwarding inbound UDP packets with UDP port 1812 to any device in the

15.75.11.0 network.

76 IP Routing Features

181315.75.12.255

N/ANone255.255.255.015.75.11.1VLAN 2

Broadcast address for forwarding inbound UDP packets with UDP port 1813 to any device in the

15.75.12.0 network.

Destination VLAN for UDP 1188 broadcasts from clients on VLAN 1. The device identified in the

Page 77

Table 9 Example of a UDP packet-forwarding environment (continued)

Subnet maskIP addressInterface

Forwarding address

port

N/ANone255.255.255.015.75.12.1VLAN 3

NOTE: If an IP server or subnet entry is invalid, a switch will not try to forward UDP packets to

the configured device or subnet address.

Subnet masking for UDP forwarding addresses

The subnet mask for a UDP forwarding address is the same as the mask applied to the subnet on which the inbound UDP broadcast packet is received. To forward inbound UDP broadcast packets as limited broadcasts to other subnets, use the broadcast address that covers the subnet you want to reach. For example, if VLAN 1 has an IP address of 15.75.10.1/24 (15.75.10.1

255.255.255.0), you can configure the following unicast and limited broadcast addresses for UDP packet forwarding to subnet 15.75.11.0:

NotesUDP

unicast forwarding address configured in VLAN 1 must be on this VLAN.

Also the destination VLAN for UDP 1812 from clients on VLAN 1.

Destination VLAN for UDP 1813 broadcasts from clients on VLAN 1.

IP addressForwarding destination type

Configuring and enabling UDP broadcast forwarding

To configure and enable UDP broadcast forwarding on the switch:

1. Enable routing.

2. Globally enable UDP broadcast forwarding.

3. On a per-VLAN basis, configure a forwarding address and UDP port type for each type of incoming UDP broadcast you want routed to other VLANs.

Globally enabling UDP broadcast forwarding

Syntax:

[no] ip udp-bcast-forward Enables or disables UDP broadcast forwarding on the routing switch. Routing must

be enabled before executing this command. Using the no form of this command disables any ip forward protocol udp

commands configured in VLANs on the switch. Default: Disabled

15.75.11.XUDP unicast to a single device in the 15.75.11.0 subnet

15.75.11.255UDP broadcast to subnet 15.75.11.0

Configuring UDP broadcast forwarding on individual VLANs

This command routes an inbound UDP broadcast packet received from a client on the VLAN to the unicast or broadcast address configured for the UDP port type.

Syntax:

[no] ip forward-protocol udp <ip-address> <port-number |

port-name>

UDP broadcast forwarding 77

Page 78

Used in a VLAN context to configure or remove a server or broadcast address and its associated UDP port number. You can configure a maximum of 16 forward-protocol udp assignments in a given VLAN. The switch allows a total of 256 forward-protocol udp assignments across all VLANs.

You can configure UDP broadcast forwarding addresses regardless of whether UDP broadcast forwarding is globally enabled on the switch. However, the feature does not operate unless globally enabled.

This can be either of the following:<ip-address>

• The unicast address of a destination server on another subnet. For example:

15.75.10.43.

• The broadcast address of the subnet on which a destination server operates.

For example, the following address directs broadcasts to All hosts in the

15.75.11.0 subnet: 15.75.11.255.

NOTE: The subnet mask for a forwarded UDP packet is the same as the subnet

mask for the VLAN (or subnet on a multinetted VLAN) on which the UDP broadcast packet was received from a client.

<udp-port-#>

<port-name>

Any UDP port number corresponding to a UDP application supported on a device at the specified unicast address or in the subnet at the specified broadcast address. For more information on UDP port numbers, see “TCP/UDP port number

ranges” (page 79).

Allows use of common names for certain well-known UDP port numbers. You can type in the specific name instead of having to recall the corresponding number:

dns Domain name service (53) netbios-ns NetBIOS name service (137) netbios-dgm NetBIOS datagram service (138) radius Remote authentication dial-in user service (1812) radius-old Remote authentication dial-in user service (1645) rip Routing information protocol (520) snmp Simple network management protocol (161) snmp-trap Simple network management protocol (162) tftp Trivial file transfer protocol (69) timep Time protocol (37)

Example:

The following command configures the routing switch to forward UDP broadcasts from a client on VLAN 1 for a time protocol server:

HP Switch(vlan-1)# ip forward-protocol udp 15.75.11.155 timep

Viewing the current IP forward-protocol configuration

Syntax:

show ip forward-protocol [vlan <vid>] Displays the current status of UDP broadcast forwarding and lists the UDP forwarding

addresses configured on all static VLANS in the switch or on a specific VLAN.

Example 42 shows the global display showing UDP broadcast forwarding status and configured

forwarding addresses for inbound UDP broadcast traffic for all VLANs configured on the routing switch.

78 IP Routing Features

Page 79

Example 42 Displaying global IP forward-protocol status and configuration

HP Switch(config)# show ip forward-protocol

IP Forwarder Addresses

UDP Broadcast Forwarding: Disabled

VLAN: 1 IP Forward Addresses UDP Port

-------------------- --------

15.75.11.43 37

15.75.11.255 53

15.75.12.255 1813

VLAN: 2 IP Forward Addresses UDP Port

-------------------- --------

15.75.12.255 1812

Example 43 shows the display of UDP broadcast forwarding status and the configured forwarding

addresses for inbound UDP broadcast traffic on VLAN 1.

Example 43 Displaying IP forward-protocol status and per-VLAN configuration

HP Switch(config)# show ip forward-protocol vlan 1

IP Forwarder Addresses

UDP Broadcast Forwarding: Disabled

IP Forward Addresses UDP Port

-------------------- --------

15.75.11.43 37

15.75.11.255 53

15.75.12.255 1813

Operating notes for UDP broadcast forwarding

Maximum number of entries

The number of UDP broadcast entries and IP helper addresses combined can be up to 16 per VLAN, with an overall maximum of 2048 on the switch. (IP helper addresses are used with the switch's DHCP relay operation.)

For example, if VLAN 1 has 2 IP helper addresses configured, you can add up to 14 UDP forwarding entries in the same VLAN.

TCP/UDP port number ranges

There are three ranges:

• Well-known ports: 0 to 1023

• Registered ports: 1024 to 49151

• Dynamic and/or private ports: 49152 to 65535

For more information, including a listing of UDP/TCP port numbers, go to the Internet Assigned Numbers Authority (IANA) website at: www.iana.org.

Click on:

Protocol Number Assignment Services P (Under "Directory of General Assigned Numbers" heading)

UDP broadcast forwarding 79

Page 80

Port Numbers

Messages related to UDP broadcast forwarding

MeaningMessage

udp-bcast-forward: IP Routing support must be enabled first.

UDP broadcast forwarder feature enabled

UDP broadcast forwarder feature disabled

UDP broadcast forwarder must be disabled first.

Appears in the CLI if an attempt to enable UDP broadcast forwarding has been made without IP routing being enabled first. Enable IP routing, then enable UDP broadcast forwarding.

UDP broadcast forwarding has been globally enabled on the router. Appears in the Event Log and, if configured, in SNMP traps.

UDP broadcast forwarding has been globally disabled on the routing switch. This action does not prevent you from configuring UDP broadcast forwarding addresses, but does prevent UDP broadcast forwarding operation. Appears in the Event Log and, if configured, in SNMP traps.

Appears in the CLI if you attempt to disable routing while UDP forwarding is enabled on the switch.

80 IP Routing Features

Page 81

Index

ARP

cache table, 36 configuring parameters, 42 how it works, 42

auto port setting, 7

blocked port

from IGMP operation, 7 broadcast forwarding, 63 broadcast traffic

enabling forwarding of directed, 43

caches

IP forwarding, 37 circuit ID, 69 Command syntax

default-metric, 55

dhcp-relay

option 82, 73

igmp

delayed-flush, 18 igmp fastlearn, 18, 27 igmp-proxy, 21 igmp-proxy-domain, 20 ip

arp-age, 40

directed-broadcast, 44

forward-protocol udp, 77

icmp echo broadcast-request, 44

icmp redirects, 45

icmp unreachable, 45

igmp, 12

igmp fastleave, 17

igmp static-group, 14

irdp, 62

load-sharing, 49

rip, 54

rip metric, 54

rip poison-reverse, 56

udp-bcast-forward, 77 ip route, 47 restrict , 55 router

rip, 52

rip redistribute, 55 show

igmp delayed-flush, 18

igmp-proxy, 21

ip forward-protocol, 78

ip helper-address, 65

ip igmp, 8, 9

ip igmp groups, 11

ip igmp statistics, 10 ip igmp vlan, 9, 11, 12 ip rip, 56

ip rip interface, 58 show igmp delayed-flush, 32 show igmp filter-unknown-mcast, 32 show ip igmp, 32 show ip igmp config, 29, 33 show ip igmp groups, 30, 33 show ip igmp statistics, 31, 33 show ip igmp vlan, 28, 33 show ip igmp vlan config, 29, 34 show ip igmp vlan counters, 31, 34 show ip igmp vlan group, 30 show ip igmp vlan statistics, 31, 35 vlan

ip igmp, 13

ip igmp forcedfastleave, 18 vlan ip igmp, 27 vlan ip igmp fastleave, 28 vlan ip igmp forcedfastleave, 28 vlan ip igmp querier, 13 vlan ip igmp query interval, 27 vlan ip igmp static-group, 28

configuration

ARP parameters, 42 default route, 48 RIP, 52

enabling RIP globally, 52 static IP routes, 47

default route, 48 DHCP Relay, 63

broadcast

forwarding, 63 enabling, 64 helper address, 64 minimum requirements, 64 Option 82

circuit ID, 69 packet forwarding, 63 verifying configuration, 64

directed broadcasts, 43

filters

effect of IGMP, 24 maximum allowed, 8

forwarding

directed broadcasts, 43 parameters, IP routing

configuring, 43

forwarding port, IGMP, 7

Page 82

helper address for DHCP Relay, 64

IANA, 79 ICMP

configuring, 44 disabling messages, 44

IGMP

benefits, 7 effect on filters, 24 Exclude Source, 14 Fast Leave, 15 Include Source, 14 IP multicast address range, 24 leave group, 14 maximum address count, 8 multicast group, 14 multimedia, 7 operation, 14 port states, 7 proxy

forwarding, 19 proxy: forward loop, 23 proxy: forwarding commands, 20 proxy: show command, 21 proxy: vlan context command, 21 query, 14 report, 14 status, 15 Version 3, 14

IGMP control, 7 IP forwarding cache, 37 IP interface parameters, 41 IP route exchange protocols, 38 IP route table;tables

IP route, 37

IP routing

ARP cache table, 36 changing ARP parameters, 42 default route, 48 directed broadcasts, 43 forwarding cache, 37 forwarding parameters, 43 helper address, 64 helper address, UDP, 42 interface parameters, 41 IP static routes

blackhole, 46

configuration, 47

default route, 39, 46

default route, configuring, 48

display, 48

maximum, 36

null interface, 46

null route, 47

VLAN state, 46 overview, 36

parameter configuring;configuration:IP routing

parameters, 42 route exchange protocols, 38 routing table, 37 static route configuration, 47 static route parameters, 46 static route types, 46 static routes

discard traffic, 47

discard, ICMP notification, 47 tables and caches, 36 VLAN interface

description, 36

IRDP

displaying information, 62 enabling globally, 61 enabling on VLAN interface;, 61

management VLAN, 73 multinetted VLANS and Option 82, 72 multiple relay agents, 71

Option 82, 65

circuit ID, 69 compliance, 66 configuring operation, 73 field content, 68 forwarding policy, 70 management VLAN, 68, 73 multinetted VLANS, 72 multiple relay agents, 71 operation, 67 Option 82 field, 66 overview, 65 Relay Agent Information, 65 remote ID, 68 requirements, 67 server support, 66 validating server response packets, 71

parameters

IP interface, 41

peers, RIP

displaying information, 59

port

auto, IGMP, 7 blocked, IGMP, 7 forwarding, IGMP, 7 state, 7

protocols

IP route exchange, 38

proxy forwarding, IGMP, 19

redistribution, 55 RIP

82 Index

Page 83

changing cost of RIP routes, 54 changing RIP type, 54 changing the RIP metric, 54 configuring, 52 displaying configuration and status, 56 displaying general information, 56 displaying information, 56 displaying interface information, 58 displaying peer information, 59 displaying redistribution information, 60 displaying restrict information, 60 enabling globally, 52 enabling on a VLAN, 53 enabling on the routing switch, 52 enabling route redistribution, 55 entering RIP router context, 52 general information, 56 global parameters, 51 interface information, 58 interface parameters, 51 parameters and defaults, 51 peer information, 59 redistribution, 55

and route policy, 55 displaying, 60 enabling, 55

redistribution filters

displaying, 60 redistribution into RIP, 54 redistribution, configuring, 54 restrict filter information, 60 restrict redistribution, 60

router, multicast, with IGMP, 14

VLAN, subnetted, 76

VLAN

IGMP configuration;IGMP:configure per VLAN, 7

VLAN interface

IP routing parameters, 41

static IP routes, 46

configuring, 47 route types, 46

subnet, 14

tables

ARP cache, 36 IP, 36

UDP broadcast forwarding

address types, 76 application, 76 configure, 77 global enable, 77 invalid entry, 77 IP helper address, effect, 76 maximum entries, 76 port-number ranges, 79 subnet address, 76 subnet masking, 77 UDP/TCP port number listing, 79 unicast address, 76

HP J9726A, J9729A, J9727A, J9728A Multicast and Routing Guide for WB.15.16

Specifications and Main Features

Frequently Asked Questions

User Manual

HP Switch Software

Contents

1 Multimedia Traffic Control with IP Multicast (IGMP)

Overview

IGMP general operation and features

IGMP operating features

Basic operation

Enhancements

Number of IP multicast addresses allowed

Configuring and displaying IGMP (CLI)

Viewing IGMP configuration for VLANs

Viewing the current IGMP configuration

Viewing IGMP high level statistics for all VLANs on the switch

Viewing IGMP historical counters for a VLAN

Viewing IGMP group address information

Viewing IGMP group information for a VLAN with a filtered address

Enabling or disabling IGMP on a VLAN

Configuring per-port IGMP traffic filters

Configuring the querier function

Configuring static multicast groups

How IGMP operates

Operation with or without IP addressing

Automatic fast-leave IGMP

Default (enabled) IGMP operation solves the "delayed leave" problem

Configuring fast-leave IGMP

Forced fast-leave IGMP

Configuring forced fast-leave IGMP

Configuring fast learn

Configuring delayed group flush

IGMP proxy forwarding

How IGMP proxy forwarding works

Configuring IGMP proxy (CLI)

Adding or leaving a multicast domain

VLAN context command

IGMP proxy show command

Operating notes for IGMP proxy forwarding

Using the switch as querier

Well-known or reserved multicast addresses excluded from IP multicast filtering

IP multicast filters

Reserved addresses excluded from IP multicast filtering

IGMP V2 NG Overview

Features overview

IGMP Context Commands

Enabling delayed flush on IGMP

26 Multimedia Traffic Control with IP Multicast (IGMP) v2 NG

Configuring Fast-Learn IGMP

VLAN Context Commands

Enabling or Disabling IGMP on a VLAN

Configuring the Querier Function

Configuring the IGMP Query Interval

Configuring Per-Port IGMP Traffic Filters

Configuring Fast-Leave IGMP

Configuring Forced Fast-Leave IGMP

Configuring Static Multicast Groups

Show Commands

Viewing the current IGMP configuration and status

Statistics and State commands

Help function commands

3 IP Routing Features

Overview

IP interfaces

IP tables and caches

ARP cache table

ARP cache

IP route table

Routing paths

Administrative distance

IP forwarding cache

IP route exchange protocols

IP global parameters for routing switches

ARP age timer

IP interface parameters for routing switches

Configuring IP parameters for routing switches

Configuring ARP parameters

How ARP works

Configuring forwarding parameters