cisco IPv6

啟用ipv6 routing功能
(config)#ipv6 unicast-routing

需啟用該功能才可轉送ipv6封包

啟用介面的ipv6 
(config-if)# ipv6 enable
啟用後link local unicast會自動被產生 

設定ipv6位址
(config-if)# ipv6 address < < address> [eui-64]|autoconfig|dhcp>

address 指定128bit位置
eui-64 後半部64bit位置使用eui-64格式
autoconfig 使用Stateless Auto-configuration
dhcp 使用Stateful Auto-configuration
ps:
設定後link-local unicast會自動被產生

手動指定link local位址
(config-if)# ipv6 address < address> link-local   


設定ipv6 anycast位址
(config-if)# ipv6 address < address> anycast

使用與指定介面相同的unicast address
(config-if)# ipv6 unnumbered < int>

 

ps
舊版設定
進行stateless auto-configuration
(config-if)#ipv6 nd prefix < ipv6 address>
關閉stateless auto-configuration
(config-if)#ipv6 nd suppress-ra

 

靜態路由
(config)#ipv6 route < dst> < outgoing-int |next-hop-ip> [ ad] [ tag < value>] 

ps:
使用local link做為路由需指定outgoing int和link-local位址 
ps:
outgoing int會使用NDP探索到達鄰居的IPV6路徑 

...................................................

# show running-config
interface FastEthernet0/0
 ipv6 address 2000:0:0:4::/64 eui-64 //使用eui-64位址
!
interface FastEthernet0/1
 ipv6 address 2000:0:0:2::2/64
 

# show ipv6 interface brief
FastEthernet0/0 [up/up]
 FE80::213:19FF:FE7B:5004     //link local位址
 2000::4:213:19FF:FE7B:5004
FastEthernet0/1 [up/up]
 FE80::213:19FF:FE7B:5005     //link local位址
 2000:0:0:2::2
Serial0/0/0 [administratively down/down]
 unassigned
 

# show ipv6 interface f0/0
FastEthernet0/0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::213:19FF:FE7B:5004 //link local位址
 No Virtual link-local address(es):
 Global unicast address(es):
  2000::4:213:19FF:FE7B:5004, subnet is 2000:0:0:4::/64 [EUI] //global unicast位址
 Joined group address(es): //multicast 位址
  FF02::1          //相同鏈路上的所有ipv6 client節點
  FF02::2 //相同鏈路上的所有ipv6 router節點
  FF02::1:FF7B:5004 //solicitation node multicast位址
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 22807)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.

 

# show ipv6 route
IPv6 Routing Table - Default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
[omit]
C 2000:0:0:2::/64 [0/0] //直連路徑,連接子網路2000:0:0:2::/64
 via FastEthernet0/1, directly connected
L 2000:0:0:2::2/128 [0/0]         //local route,屬於route的unicast address之主機路徑
 via FastEthernet0/1, receive
C 2000:0:0:4::/64 [0/0]         //直連路徑,連接子網路2000:0:0:4::/64
 via FastEthernet0/0, directly connected
L 2000::4:213:19FF:FE7B:5004/128 [0/0]  //local route,屬於route的unicast address之主機路徑
 via FastEthernet0/0, receive
L FF00::/8 [0/0]
 via Null0, receive

# show ipv6 route 2000::/64
Routing entry for 2000::/64
Known via "static", distance 1, metric 0   //此為static route,管理距離為1
Backup from "ospf 1 [110]"           //備援路徑
Route count is 1/1, share count 0
Routing paths:
 FE80::213:19FF:FE7B:5005, FastEthernet0/0
  Last updated 00:11:50 ago 


# show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
2000:0:0:2::3 0 0013.197b.6588 REACH Fa0/1
FE80::213:19FF:FE7B:6588 0 0013.197b.6588 REACH Fa0/1
state:REACH表示neighbor可到達,STALE(default)表示neighbor在最後30分鐘內無法到達


# show ipv6 router
Router FE80::213:19FF:FE7B:6588 on FastEthernet0/1, last update 0 min
 Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
 HomeAgentFlag=0, Preference=Medium
 Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
 Prefix 2000:0:0:2::/64 onlink autoconfig  //使用Stateless Auto-configuration
  Valid lifetime 2592000, preferred lifetime 604800


啟用ipv6 debug neighbor discovery功能
# debug ipv6 nd
ps:
關閉debug功能 #undebug all

若成功ping 2000:0:0:2::3
則debug訊息如下
*Sep 2 17:07:25.807: ICMPv6-ND: DELETE -> INCMP: 2000:0:0:2::3
*Sep 2 17:07:25.807: ICMPv6-ND: Sending NS for 2000:0:0:2::3 on FastEthernet0/1  //傳送ns訊息
*Sep 2 17:07:25.807: ICMPv6-ND: Resolving next hop 2000:0:0:2::3 on interface FastEthernet0/1
*Sep 2 17:07:25.811: ICMPv6-ND: Received NA for 2000:0:0:2::3 on FastEthernet0/1 from 2000:0:0:2::3 //接受ns訊息
*Sep 2 17:07:25.811: ICMPv6-ND: Neighbour 2000:0:0:2::3 on FastEthernet0/1 : LLA 0013.197b.6588 //取得目地mac

............................................

建立點對點通道
1建立介面
r1(#config)# interface loopback < loopback-number>
r1(#config-if)# ip address < r1-ip> < mask>
2設定通道介面
r1(#config-if)# interface tunnel < tunnel-number>
r1(#config-if)# tunnel source loopback < loopback-number>
r1(#config-if)# tunnel destination < r2-ip>
r1(#config-if)# tunnel mode < ipv6ip|gre ip>
trunnel mode預設使用gre ip
ps:tunnel介面上要有ipv6位址
ps:ipv6ip的mode也被稱為MCT(manually configure tunnel)

ex:
使用IPv6IP通道
r1上的設定
R1(config)# interface loopback 1
R1(config-if)# ip address 10.1.1.1 255.255.255.255
R1(config-if)# interface tunnel 1
R1(config-if)# tunnel source loopback 1
R1(config-if)# tunnel destination 10.1.1.2
R1(config-if)# tunnel mode ipv6ip
R1(config-if)# ipv6 address 2013::1/64
r2上的設定
R2(config)# interface loopback 2
R2(config-if)# ip address 10.1.1.2 255.255.255.255
R2(config-if)# interface tunnel 2
R2(config-if)# tunnel source loopback 2
R2(config-if)# tunnel destination 10.1.1.1
R2(config-if)# tunnel mode ipv6ip
R1(config-if)# ipv6 address 2013::2/64

# show interfaces tunnel0
Tunnel0 is up, line protocol is up //ipv4連線存在通道兩端,通道建立成功
 Hardware is Tunnel
  MTU 17920 bytes, BW 100 Kbit/sec, DLY 50000 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 10.1.1.1 (Loopback1), destination 10.1.1.2 
  Tunnel protocol/transport IPv6/IP //指定tunnel mode ipv6ip
  Tunnel TTL 255
  Tunnel transport MTU 1480 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)

# show ipv6 interface brief
FastEthernet0/0 [up/up]
 FE80::213:19FF:FE7B:5026
 2111::1
Loopback1 [up/up]
 unassigned
Tunnel0 [up/up]
 FE80::A09:901          //後32bit為0A09:0901,十進位=10.9.9.1
 2013::1

# show ipv6 interface tunnel0
Tunnel0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::A09:901 //link-local為FE80::A09:901
 No Virtual link-local address(es):
 Global unicast address(es):   
  2013::1, subnet is 2013::/64
 Joined group address(es):   //multicast位址
  FF02::1
  FF02::2
  FF02::A
  FF02::1:FF00:1
  FF02::1:FF09:901 
 MTU is 1480 bytes
 ICMP error messages limited to one every 100 milliseconds
 ICMP redirects are enabled
 ICMP unreachables are sent
 ND DAD is enabled, number of DAD attempts: 1
 ND reachable time is 30000 milliseconds (using 42194)
 Hosts use stateless autoconfig for addresses.

...  


建立6to4自動通道
1
建立介面
r1(#config)# interface loopback < loopback-number>
r1(#config-if)# ip address < r1-ip> < mask>

2.1
設定tunnel interface 
r1(#config-if)# interface tunnel < tunnel-number>
r1(#config-if)# tunnel source loopback < loopback-number>

r1(#config-if)# tunnel mode ipv6ip 6to4
2.2
啟用tunnel interface上的IPv6 
r1(#config-if)# ipv6 address < 6to4 ipv6>
6to4 ipv6=2002:[ipv4 32bit][subnet 16bit]::/64
ipv4表示該介面代表的ipv4位址
3
設定路由,將封包往tunnel送出以觸發封裝程序
r1(#config)# ipv6 route 2002::/16 tunnel < tunnel-number>
ps:
需設定設備r1上其他IPv6的介面,這樣IPv6介面所連接的網段才可路由到tunnel interface  
ps:
需啟用ipv6 unicast-routing
ps:
若要成為通道之成員,僅需更改loopback的ipv4及tunnel的ipv6及可

ex:
1
r1(#config)# interface loopback 1
r1(#config-if)# ip address 10.1.1.1 255.255.255.0
2
r1(#config-if)# interface tunnel 0
r1(#config-if)# tunnel source loopback 1
r1(#config-if)# tunnel mode ipv6ip 6to4
r1(#config-if)# ipv6 address 2002:a01:101::/128
3
r1(#config)# ipv6 route 2002::/16 tunnel 0


 


建立isatap ipv6通道
1
建立介面
r1(#config)# interface loopback < loopback-number>
r1(#config-if)# ip address < r1-ip> < mask>
2.1
設定通道介面
r1(#config-if)# interface tunnel < tunnel-number>
r1(#config-if)# tunnel source loopback < loopback-number>
r1(#config-if)# tunnel mode ipv6ip isatap
2.2
通道介面使用global unicast位址
r1(#config-if)# ipv6 address < global unicast> eui-64
系統會使用經修改的eui64規則建立,程序如下
 1.路由器會將0000:5efe加入global unicast的第5,6欄
 2.ipv4位址會被加入global unicast的第7,8欄
該介面之link local位址也會透過經修改的eui64建立
3
依目地數量設定路由
r1(#config)# ipv6 route < dest1> < nexthop1>
r1(#config)# ipv6 route < dest2> < nexthop2>
[omit]
ps:
需啟用ipv6 unicast-routing
ps:
若要成為通道之設備,僅需更改loopback的ipv4及tunnel的ipv6及可
除此之外route部份需依現況進行配置,如步驟4

ex:
假設組織使用2000:0:1:9::/64做為isatap通道
且r1連接2個點,ipv4分別為10.9.9.3和10.9.9.4
10.9.9.3的設備直連2002:0:1:3::/64
10.9.9.4的設備直連2002:0:1:4::/64
1
r1(#config)# interface loopback 1
r1(#config-if)# ip address 10.9.9.1 255.255.255.0
2
r1(#config-if)# interface tunnel 0
r1(#config-if)# tunnel source loopback 1
r1(#config-if)# tunnel mode ipv6ip isatap
3
r1(#config-if)# ipv6 address 2000:0:1:9::/64 eui-64
4
r1(#config)# ipv6 route 2002:0:1:3::/64 2000:0:1:9:0:5efe:a09:903
r1(#config)# ipv6 route 2002:0:1:4::/64 2000:0:1:9:0:5efe:a09:904
ps:
該tunnel的link local位址為FE80::5EFE:A09:901

2012-08-24 23:38:18發表 0000-00-00 00:00:00修改   

數據分析
程式開發
計算機組織與結構
資料結構與演算法
Database and MySql
manage tool
windows
unix-like
linux service
network
network layer3
network layer2
network WAN
network service
作業系統
數位鑑識
資訊安全解決方案
資訊安全威脅
Cisco security
Cisco network
Cisco layer3

Cisco layer2



  登入      [牛的大腦] | [單字我朋友] Powered by systw.net