IPV6大型网络配置实战-阿里云开发者社区

IPV6大型网络配置实战

2021-12-06 216

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： IPV6大型网络配置实战

IPV6网络配置

🍭问题描述

目前属于IPV6过渡阶段，NAT64是一种实现IPV4和IPV6之间网络互访的技术。NAT64可以用于IPV4主动访问IPV6，也可以用于IPV6主动访问IPV4。

🍭实验环境

本次集训营实验拓扑一共有三部分组成，其中总部的内网是双层架构，边界设备是一台防火墙；分支的内部架构相对而言简单一点，边界和总部一样，布置一台防火墙。不管是总部还是分部，内网都使用IPv6，第三个部分是运营商部分，因为一些原因运营商网络没有迁移到IPv6，内网全部都是IPv4。

🍭实验需求

1️⃣要求总部、分部的IPv6主机可以访问运营商的IPv4服务器。

2️⃣要求总部内部的IPv6主机和分支内部的IPv6主机通过整个公网来互相访问。

🍭具体配置

一、总部

📝LSW1

vlan batch 14 15 100
int g0/0/3
port link-type access
port default vlan 100
stp edged-port enable
quit
int g0/0/1
port link-type access
port default vlan 14
quit
int g0/0/2
port link-type access
port default vlan 15
quit
ipv6
int vlan 100
ipv6 enable
ipv6 address 2001:0:0:100::1 64
quit
int vlan 14
ipv6 enable
ipv6 address 2001:0:0:14::1 64
quit
int vlan 15
ipv6 enable
ipv6 address 2001:0:0:15::1 64
quit
undo stp enable

📝LSW2

vlan batch 24 25 200
int g0/0/3
port link-type access
port default vlan 200
stp edged-port enable
quit
int g0/0/1
port link-type access
port default vlan 24
quit
int g0/0/2
port link-type access
port default vlan 25
quit
ipv6
int vlan 200
ipv6 enable
ipv6 address 2001:0:0:200::2 64
quit
int vlan 24
ipv6 enable
ipv6 address 2001:0:0:24::2 64
quit
int vlan 25
ipv6 enable
ipv6 address 2001:0:0:25::2 64
quit
undo stp enable

📝LSW3

vlan batch 34 35 300
int g0/0/3
port link-type access
port default vlan 300
stp edged-port enable
quit
int g0/0/1
port link-type access
port default vlan 34
quit
int g0/0/2
port link-type access
port default vlan 35
quit
ipv6
int vlan 300
ipv6 enable
ipv6 address 2001:0:0:300::3 64
quit
int vlan 34
ipv6 enable
ipv6 address 2001:0:0:34::3 64
quit
int vlan 35
ipv6 enable
ipv6 address 2001:0:0:35::3 64
quit
undo stp enable

📝LSW4

vlan batch 14 24 34 41 45
ipv6
int g0/0/3
port link-type access
port default vlan 34
quit
int g0/0/1
port link-type access
port default vlan 14
quit
int g0/0/2
port link-type access
port default vlan 24
quit
int g0/0/4
port link-type access
port default vlan 41
quit
int g0/0/24
port link-type access
port default vlan 45
quit
int vlan 14
ipv6 enable
ipv6 address 2001:0:0:14::4 64
quit
int vlan 24
ipv6 enable
ipv6 address 2001:0:0:24::4 64
quit
int vlan 34
ipv6 enable
ipv6 address 2001:0:0:34::4 64
quit
int vlan 41
ipv6 enable
ipv6 address 2001:0:0:41::4 64
quit
int vlan 45
ipv6 enable
ipv6 address 2001:0:0:45::4 64
quit
undo stp enable

📝LSW5

vlan batch 15 25 35 45 51
ipv6
int g0/0/3
port link-type access
port default vlan 35
quit
int g0/0/1
port link-type access
port default vlan 15
quit
int g0/0/2
port link-type access
port default vlan 25
quit
int g0/0/24
port link-type access
port default vlan 45
quit
int g0/0/5
port link-type access
port default vlan 51
quit
int vlan 15
ipv6 enable
ipv6 address 2001:0:0:15::5 64
quit
int vlan 25
ipv6 enable
ipv6 address 2001:0:0:25::5 64
quit
int vlan 35
ipv6 enable
ipv6 address 2001:0:0:35::5 64
quit
int vlan 45
ipv6 enable
ipv6 address 2001:0:0:45::5 64
quit
int vlan 51
ipv6 enable
ipv6 address 2001:0:0:51::5 64
quit
undo stp enable

接下来我们做一下防火墙的配置

📝FW1:(默认用户名:admin 密码: Admin123)

ipv6
int g1/0/0
ipv6 enable
ipv6 add 2001:0:0:41::1 64
quit
int g1/0/1
ipv6 enable
ipv6 add 2001:0:0:51::1 64
quit
int g1/0/2
ip add 100.1.11.1 24
quit
int g1/0/3
ip add 100.1.12.1 24
quit
firewall zone trust
add interface g1/0/0
add interface g1/0/1
quit
firewall zone untrust
add interface g1/0/2
add interface g1/0/3
quit
security-policy
default action permit
Warning:Setting the default packet filtering to permit poses security risks. You are advised to configure the security policy based on the actual data flows. Are you sure you want to continue?[Y/N]  y      //这里为警告提示我们输入y(yes)即可.                    
quit
int g1/0/0
service-manage ping permit
quit
int g1/0/1
service-manage ping permit
quit
int g1/0/2
service-manage ping permit
quit
int g1/0/3
service-manage ping permit
quit
ospfv3 10
router-id 100.100.100.100
quit
int g1/0/0
ospfv3 10 area 0
int g1/0/1
ospfv3 10 area 0
quit
ospfv3 10
default-route-advertise always

下一步我们来运行ospf

📝LSW1

ospfv3 10
router-id 1.1.1.1
quit
int vlan 100
ospfv3 10 area 0
int vlan 14
ospfv3 10 area 0
int vlan 15
ospfv3 10 area 0
quit

📝LSW2

ospfv3 10
router-id 2.2.2.2
quit
int vlan 200
ospfv3 10 area 0
int vlan 24
ospfv3 10 area 0
int vlan 25
ospfv3 10 area 0

📝LSW3

ospfv3 10
router-id 3.3.3.3
quit
int vlan 300
ospfv3 10 area 0
int vlan 34
ospfv3 10 area 0
int vlan 35
ospfv3 10 area 0
quit

📝LSW4

ospfv3 10
router-id 4.4.4.4
quit
int vlan 14
ospfv3 10 area 0
int vlan 24
ospfv3 10 area 0
int vlan 34
ospfv3 10 area 0
int vlan 45
ospfv3 10 area 0
int vlan 41
ospfv3 10 area 0
quit

📝LSW5

ospfv3 10
router-id 5.5.5.5
quit
int vlan 15
ospfv3 10 area 0
int vlan 25
ospfv3 10 area 0
int vlan 35
ospfv3 10 area 0
int vlan 45
ospfv3 10 area 0
int vlan 51
ospfv3 10 area 0
quit

二、运营商

📝ISP1

int g0/0/0
ip add 100.1.11.2 24
quit
int g0/0/1
ip add 100.1.100.1 24
quit
ospf 10 router-id 1.1.1.1
area 0
net 100.1.11.2 0.0.0.0
net 100.1.100.1 0.0.0.0
quit
silent-interface g0/0/0
quit

📝ISP2

int g0/0/0
ip add 100.1.12.2 24
quit
int g0/0/1
ip add 100.1.100.2 24
quit
ospf 10 router-id 2.2.2.2
area 0
net 100.1.12.2 0.0.0.0
net 100.1.100.2 0.0.0.0
quit
silent-interface g0/0/0
quit

📝ISP3

int g0/0/0
ip add 100.1.100.3 24
quit
int g0/0/1
ip add 100.1.23.3 24
quit
ospf 10 router-id 3.3.3.3
area 0
net 100.1.23.3 0.0.0.0
net 100.1.100.3 0.0.0.0
quit
silent-interface g0/0/1
quit

📝ISP4

int g0/0/0
ip add 100.1.100.4 24
quit
int g0/0/1
ip add 100.1.200.4 24
quit
ospf 10 router-id 4.4.4.4
area 0
net 100.1.200.4 0.0.0.0
net 100.1.100.4 0.0.0.0
quit
silent-interface g0/0/1
quit

📝FW1

nat64 enable
nat64 prefix 3001:0:0:100:: 96
nat address-group 1
mode pat
section 1 100.1.11.100 100.1.11.110
nat address-group 2
mode pat
section 1 100.1.12.100 100.1.12.110
quit
nat-policy
rule name Nat64-1
source-zone trust
egress-interface g1/0/2
nat-type nat64
action source-nat address-group 1
quit
rule name Nat64-2
source-zone trust
egress-interface g1/0/3
nat-type nat64
action source-nat address-group 2
quit
quit
ip route-static  0.0.0.0 0 g1/0/2 100.1.11.2
ip route-static  0.0.0.0 0 g1/0/3 100.1.12.2
int g1/0/0
nat64 enable
int g1/0/1
nat64 enable

分部

📝FW2

ipv6
int g1/0/0
ip add 100.1.23.2 24
service-manage ping permit
quit
int g1/0/1
ipv6 enable
ipv6 address 2001:0:0:500::2 64
service-manage ping permit
quit
firewall zone trust
add interface g1/0/1
firewall zone trust
add interface g1/0/1
firewall  zone untrust
add interface g1/0/0
quit
security-policy
default action permit
quit
ip route-static  0.0.0.0 0 g1/0/0 100.1.23.3

📝SW6

undo stp enable
vlan 500
int g0/0/1
port link-type access
port default vlan 500
quit
int g0/0/2
port link-type access
port default vlan 500
quit

📝SW7

undo stp enable
int g0/0/1
port link-type access
port default vlan 500
quit
int g0/0/2
port link-type access
port default vlan 500

📝SW9

vlan 500
int g0/0/1
port link-type access
port default vlan 500
quit
int g0/0/2
port link-type access
port default vlan 500
quit
int g0/0/3
port link-type access
port default vlan 500
quit
undo stp enable

最后我们来做一下V4V6的隧道

📝FW1

interface Tunnel 0
ipv6 enable
tunnel-protocol ipv6-ipv4
source g1/0/2
destination 100.1.23.2
ipv6 address 2001:0:0:1000::1 64
service-manage ping permit
ospfv3 10 area 0
quit
firewall zone trust
add int Tunnel 0
quit

📝FW2

interface Tunnel 0
ipv6 enable
tunnel-protocol ipv6-ipv4
source g1/0/0
destination 100.1.11.1
ipv6 address 2001:0:0:1000::2 64
service-manage ping permit
quit
firewall zone trust
add int Tunnel 0
quit
ospfv3 10
router-id 200.200.200.200
int g1/0/1
ospfv3 10 area 0
quit
int Tunnel 0
ospfv3 10 area 0

查看隧道建立的情况:display ipv6 interface brief

查看ospfv3的邻居:display ospfv3 peer

IPV6大型网络配置实战

IPV6网络配置

🍭问题描述

🍭实验环境

🍭实验需求

🍭具体配置

热门文章

最新文章

相关课程

相关电子书

相关实验场景

热门

活动广场

任务中心

开发者评测

高校计划

乘风者计划

训练营

阿里云MVP

话题

直播

下载

镜像站

技术资料

插件

IPV6大型网络配置实战

IPV6网络配置

🍭问题描述

🍭实验环境

🍭实验需求

🍭具体配置

热门文章

最新文章

相关课程

相关电子书

相关实验场景