25.1. 自动配置接口IPv6 地址
提问 在接口启用IPv6,自动生成IPv6地址
回答
一种是使用autoconfig方式
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address autoconfig
Router1(config-if)#end
Router1#
一种是使用EUI-64方式 来生成IPv6 地址的主机部分,然后组合已定义的网络部分
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAAA::/64 eui-64
Router1(config-if)#end
Router1#
注释 ipv6 unicast-routing命令是用来启动路由协议,尽管不用该命令你一样可以配置v6地址,也可以使用v6的Ping等命令,甚至配置静态路由来联通网络,但是还是建议配置此命令。对于autoconfig方式一是会自动生成前缀为FE80::/10的linklocal地址另外会查询DHCP来获得地址。对于EUI方式会根据MAC地址来生成前缀为AAAA::/64Global Unicast地址
25.2. 手动配置接口IPv6 地址
提问 手动给接口配置IPv6地址
回答
配置Unicast地址:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAAA::1/64
Router1(config-if)#exit
Router1(config)#end
Router1#
配置Anycast地址
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAFF::1/64 anycast
Router1(config-if)#exit
Router1(config)#end
Router1#
配置 link-local地址
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address FE80::1 link-local
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 配置了unicast地址会自动根据EUI方式生成Linklocal地址。Anycast在root dns遭受攻击中发挥了很大作用,看一个命令输出
Router1#show ipv6 interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20E:84FF:FE24:4E70
Global unicast address(es):
AAAA::1, subnet is AAAA::/64
AAFF::1, subnet is AAFF::/64 [ANY]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF24:4E70
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
Router1#
25.3. 配置IPv6 DHCP服务
提问 在路由器上启用DHCP服务器特性来提供IPv6地址
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 dhcp database flash:/DHCPv6-db
Router1(config)#ipv6 local pool VLAN10-pool AAAA:1::/48 64
Router1(config)#ipv6 local pool VLAN11-pool AAAA:11::/48 64
Router1(config)#ipv6 dhcp pool DHCPv6POOL
Router1(config-dhcp)#prefix-delegation AAAA:1::23F6:33BA/64 00030001000E84244E70
Router1(config-dhcp)#prefix-delegation pool VLAN10-pool
Router1(config-dhcp)#dns-server AAAA:1::19
Router1(config-dhcp)#domain-name oreilly.com
Router1(config-dhcp)#exit
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAAA:1::1/64
Router1(config-if)#ipv6 address FE80::1 link-local
Router1(config-if)#ipv6 nd managed-config-flag
Router1(config-if)#ipv6 nd other-config-flag
Router1(config-if)#ipv6 dhcp server DHCPv6POOL rapid-commit preference 1 allow-hint
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 此特性仅限于高端路由器
Router1#show ipv6 dhcp pool DHCPv6POOL
DHCPv6 pool: DHCPv6POOL
Static bindings:
Binding for client 00030001000E84244E70
IA PD: IA ID not specified
Prefix: AAAA:1::23F6:33BA/64
preferred lifetime 604800, valid lifetime 2592000
Prefix pool: VLAN10-pool
preferred lifetime 604800, valid lifetime 2592000
DNS server: AAAA:1::19
Domain name: oreilly.com
Active clients: 0
Router1#
25.4. 配置RIP的IPv6版本
提问 配置支持IPv6路由的RIP
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#ipv6 router rip RIP_PROC
Router1(config-rtr)#exit
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAAA:5:1/64
Router1(config-if)#ipv6 rip RIP_PROC enable
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#ipv6 address AAAA:1:2/64
Router1(config-if)#ipv6 rip RIP_PROC enable
Router1(config-if)#frame-relay map ipv6 AAAA:1:3 206
broadcast
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 ipv6版本的RIP区别在于不需要配置network命令,在路由表中看到的下一跳地址都是linklocal地址:
Router1#show ipv6 route rip
IPv6 Routing Table - 9 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R AAAA:2::/64 [120/2]
via FE80::2E0:1EFF:FE7F:9E41, FastEthernet0/0
R AAAA:95::/64 [120/2]
via FE80::2E0:1EFF:FE7F:9E41, FastEthernet0/0
R AAAA:99::/64 [120/2]
via FE80::20E:D7FF:FED6:1060, FastEthernet0/0
Router1#
还有一个比较好用的命令
Router1#show ipv6 rip next-hops
RIP process "RIP_PROC", Next Hops
FE80::2E0:1EFF:FE7F:9E41/FastEthernet0/0 [2 paths]
FE80::20E:D7FF:FED6:1060/FastEthernet0/0 [7 paths]
FE80::200:CFF:FE75:C684/FastEthernet0/0 [2 paths]
FE80::2E0:1EFF:FE7F:9E41/Serial0/0 [2 paths]
Router1#
进入讨论组讨论。
25.5. 修改RIP的缺省参数
提问 修改诸如定时器,治理距离等RIP参数
回答
修改定时器
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#ipv6 router rip RIP_PROC
Router1(config-rtr)#timers 15 60 5 120
Router1(config-rtr)#exit
Router1(config)#end
Router1#
修改治理距离
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#ipv6 router rip RIP_PROC
Router1(config-rtr)#distance 100
Router1(config-rtr)#exit
Router1(config)#end
Router1#
关闭水平分割
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#ipv6 router rip RIP_PROC
Router1(config-rtr)#no split-horizon
Router1(config-rtr)#exit
Router1(config)#end
Router1#
注释 思科并没有给IPv6版本和v4版本一样的可修改参数
Router1#show ipv6 rip
RIP process "RIP_PROC", port 521, multicast-group FF02::9, pid 125
Administrative distance is 120. Maximum paths is 16
Updates every 15 seconds, eXPire after 60
Holddown lasts 5 seconds, garbage collect after 120
Split horizon is on; poison reverse is off
Default routes are not generated
Periodic updates 755, trigger updates 3
Interfaces:
FastEthernet0/0
Loopback0
Redistribution:
None
Router1#
25.6. RIP中IPv6路由的过滤和度量值的修改
提问 对RIP生成的路由表再加工
回答
地址汇总
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 rip RIP_PROC summary-address AAAA:99::8:0/109
Router1(config-if)#exit
Router1(config)#end
Router1#
宣告缺省路由
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 rip RIP_PROC default-information originate
Router1(config-if)#exit
Router1(config)#end
Router1#
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 rip RIP_PROC default-information only
Router1(config-if)#exit
Router1(config)#end
Router1#
路由过滤
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 prefix-list BLOCK_2E6 seq 5 deny AAAA:2E6::/64 le 128
Router1(config)#ipv6 prefix-list BLOCK_2E6 seq 10 permit ::/0 le 128
Router1(config)#ipv6 prefix-list ALLOW_2222 seq 5 permit AAAA:2222::/64 le 128
Router1(config)#ipv6 prefix-list ALLOW_2222 seq 10 deny ::/0 le 128
Router1(config)#ipv6 router rip RIP_PROC
Router1(config-rtr)#distribute-list prefix-list BLOCK_2E6 in FastEthernet0/0
Router1(config-rtr)#distribute-list prefix-list ALLOW_2222 out FastEthernet0/0
Router1(config-rtr)#exit
Router1(config)#end
Router1#
修改度量值
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0/0
Router1(config-if)#ipv6 rip RIP_PROC metric-offset 5
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 基本配置方法和IPv4相同,在路由过滤的Prefixlist中V6只能接受prefix list的配置,后面不能跟Accesslist作为参数
25.7. 配置OSPF的IPv6版本
提问 配置支持IPv6的OSPF v3
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip cef
Router1(config)#ipv6 cef
Router1(config)#ipv6 unicast-routing
Router1(config)#ipv6 router ospf 1
Router1(config-rtr)#router-id 1.0.0.1
Router1(config-rtr)#area 0 range AAAA:5::/64
Router1(config-rtr)#exit
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAAA:5::1/64
Router1(config-if)#ipv6 ospf 1 area 0
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 这里有个比较有意思的router id问题,在v4情况下会自动根据IP地址来选择,但是在纯v6环境下没有v4的地址,所以就必须配置router id,否则ospf不能正常运行
进入讨论组讨论。
25.8. OSPF中IPv6路由过滤和度量值修改
提问 对OSPF生成的路由表再加工
回答
修改默认代价值
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 router ospf 1
Router1(config-rtr)#auto-cost reference-bandwidth 1000
%OSPFv3: Reference bandwidth is change.
Please ensure reference bandwidth is consistent across all routers.
Router1(config-rtr)#exit
Router1(config)#end
Router1#
修改特定链路的代价值
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 ospf cost 500
Router1(config)#end
Router1#
路由过滤
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 prefix-list BLOCK_99_E seq 5 deny AAAA:99::E:0/112
Router1(config)#ipv6 prefix-list BLOCK_99_E seq 10 permit ::/0 le 128
Router1(config)#ipv6 router ospf 1
Router1(config-rtr)#distribute-list prefix-list BLOCK_99_E in
Router1(config-rtr)#exit
Router1(config)#end
Router1#
注释 类似于v4的配置
25.9. 路由重分布
提问 不同路由协议之间进行再分布
回答
再分布OSPF到RIP
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 router rip RIP_PROC
Router1(config-rtr)#redistribute ospf 1 metric 5
Router1(config-rtr)#exit
Router1(config)#end
Router1#
再分布RIP到OSPF
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 router ospf 1
Router1(config-rtr)#redistribute rip RIP_PROC
Router1(config-rtr)#exit
Router1(config)#end
Router1#
OSPF宣告缺省路由
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 router ospf 1
Router1(config-rtr)#default-information originate always
Router1(config-rtr)#exit
Router1(config)#end
Router1#
注释 也可以使用routemap等高级方法
25.10. 配置MBGP
提问 在不同的自治域系统使用MBGP来传递IPv6路由信息
回答
单v6环境
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65520
Router1(config-router)#no bgp default ipv4-unicast
Router1(config-router)#neighbor AAAA:5::2 remote-as 65522
Router1(config-router)#neighbor AAAA:5::AA9 remote-as 65521
Router1(config-router)#address-family ipv6
Router1(config-router-af)#neighbor AAAA:5::2 activate
Router1(config-router-af)#neighbor AAAA:5::AA9 activate
Router1(config-router-af)#network AAAA:2222::2/64
Router1(config-router-af)#no synchronization
Router1(config-router-af)#exit-address-family
Router1(config-router)#exit
Router1(config)#end
Router1#
V4和v6混和环境
Router9#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router9(config)#router bgp 65521
Router9(config-router)#no bgp default ipv4-unicast
Router9(config-router)#neighbor AAAA:5::1 remote-as 65520
Router9(config-router)#neighbor 192.168.1.103 remote-as 65525
Router9(config-router)#address-family ipv4
Router9(config-router-af)#redistribute connected
Router9(config-router-af)#neighbor 192.168.1.103 activate
Router9(config-router-af)#no auto-summary
Router9(config-router-af)#no synchronization
Router9(config-router-af)#exit-address-family
Router9(config-router)#address-family ipv6
Router9(config-router-af)#neighbor AAAA:5::1 activate
Router9(config-router-af)#network AAAA:FE::1/64
Router9(config-router-af)#network AAAA:BBBB::1/64
Router9(config-router-af)#no synchronization
Router9(config-router-af)#exit-address-family
Router9(config-router)#exit
Router9(config)#end
Router9#
注释 和V4配置最大的不同是增加了no bgp default ipv4-unicast命令,因为缺省情况BGP只会发布v4的前缀给邻居。查看邻居状态使用show bgp summary,而对于纯v4邻居使用的是show ip bgp summary命令
25.11. 在现有IPv4网络中传递IPv6数据
提问 通过现有的IPv4网络来互联两个IPv6网络
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Loopback1
Router1(config-if)#ip address 10.15.1.11 255.255.255.255
Router1(config-if)#exit
Router1(config)#interface Tunnel1
Router1(config-if)#ipv6 address BBBB:1::1/126
Router1(config-if)#ipv6 rip RIP_PROC enable
Router1(config-if)#tunnel source 10.15.1.11
Router1(config-if)#tunnel destination 172.16.11.9
Router1(config-if)#exit
Router1(config)#end
Router1#
Router9#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router9(config)#interface Loopback1
Router9(config-if)#ip address 172.16.11.9 255.255.255.255
Router9(config-if)#exit
Router9(config)#interface Tunnel1
Router9(config-if)#ipv6 address BBBB:1::2/126
Router9(config-if)#ipv6 rip RIP_PROC enable
Router9(config-if)#tunnel source 172.16.11.9
Router9(config-if)#tunnel destination 10.15.1.11
Router9(config-if)#exit
Router9(config)#end
Router9#
注释 这种GRE隧道的配置相比前面的例子要简单的多,问题也少很多,因为封装前后的协议类型是不同的
25.12. IPv6和IPv4之间转化
提问 配置路由器成为IPv4和IPv网络之间的网关
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 access-list ALLOWED-NAT-DEVS
Router1(config-ipv6-acl)# permit ipv6 any any
Router1(config-ipv6-acl)#exit
Router1(config)#ipv6 nat prefix ::FFFF:0.0.0.0/96 v4-mapped ALLOWED-NAT-DEVS
Router1(config)#ipv6 nat v6v4 source AAAA:5::AA9 192.168.56.100
Router1(config)#interface FastEthernet0/0
Router1(config-if)#no ip address
Router1(config-if)#ipv6 address AAAA:5::2012/64
Router1(config-if)#ipv6 nat
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#ip address 192.168.55.12 255.255.255.0
Router1(config-if)#ipv6 nat
Router1(config-if)#exit
Router1(config)#end
Router1#
注释 12.2(13)T后路由器可以作为v6和v4之间的协议转化器,对于v6访问v4地址,可以采用"IPv4-Mapped IPv6 Address" 把a.b.c.d翻译为::FFFF:A.B.C.D,而对于v4访问v6地址,只能采用静态映射的方式(ipv6 nat v6v4),这种地址翻译没有配置inside或者outside接口
进入讨论组讨论。
