某企业网络需要在网络内部署IPv6协议并实现ipv6的互联互通,需要对当前运行的网络设备进行配置。
二、eNSP实验视频:
三、配置思路
1. R2的两个接口均采用静态IPv6地址配置方法
2. R1的GigabitEthernet0/0/0接口采用无状态地址配置
3. R3的GigabitEthernet0/0/0接口采用DHCPv6的方式配置IPv6地址
四、配置步骤步骤 1 设备基础配置
# 设备命名
略。
步骤 2 配置设备及接口IPv6功能
# 全局使能设备IPv6功能
[R1]ipv6
ipv6命令用来使能设备转发IPv6单播报文,包括本地IPv6报文的发送与接收。
[R2]ipv6
[R3]ipv6
# 使能接口的IPv6功能
[R1]interface GigabitEthernet 0/0/0
ipv6 enable命令用来在接口上使能IPv6功能。
[R1-GigabitEthernet0/0/0]ipv6 enable
[R1-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ipv6 enable
[R2-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ipv6 enable
[R2-GigabitEthernet0/0/1]quit
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ipv6 enable
[R3-GigabitEthernet0/0/0]quit
步骤 3 配置接口的link-local地址,并测试
# 配置接口自动生成link-local地址
[R1]interface GigabitEthernet 0/0/0
ipv6 address auto link-local命令用来为接口配置自动生成的链路本地地址。
每个接口只能有一个链路本地地址,为了避免链路本地地址冲突,推荐使用链路本地地址的自动生成方式。当接口配置了IPv6全球单播地址后,同时会自动生成链路本地地址。
[R1-GigabitEthernet0/0/0]ipv6 address auto link-local
[R1-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ipv6 address auto link-local
[R2-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ipv6 address auto link-local
[R2-GigabitEthernet0/0/1]quit
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ipv6 address auto link-local
[R3-GigabitEthernet0/0/0]quit
# 查看接口的IPv6状态信息,并测试联通性
<R1>display ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 Protocol current state : UP //物理和协议状态均为UP。
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE4D:355 //接口的link-local地址已经生成。
No global unicast address configured
Joined group address(es):
FF02::1:FF4D:355
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
<R2>display ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE12:6486
No global unicast address configured
Joined group address(es):
FF02::1:FF12:6486
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
<R2>display ipv6 interface GigabitEthernet 0/0/1
GigabitEthernet0/0/1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE12:6487
No global unicast address configured
Joined group address(es):
FF02::1:FF12:6487
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
<R3>display ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE3C:5133
No global unicast address configured
Joined group address(es):
FF02::1:FF3C:5133
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
# 测试R1与R2联通性
<R1>ping ipv6 FE80::2E0:FCFF:FE12:6486 -i GigabitEthernet 0/0/0
PING FE80::2E0:FCFF:FE12:6486 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FE12:6486
bytes=56 Sequence=1 hop limit=64 time = 90 ms
Reply from FE80::2E0:FCFF:FE12:6486
bytes=56 Sequence=2 hop limit=64 time = 10 ms
Reply from FE80::2E0:FCFF:FE12:6486
bytes=56 Sequence=3 hop limit=64 time = 20 ms
Reply from FE80::2E0:FCFF:FE12:6486
bytes=56 Sequence=4 hop limit=64 time = 10 ms
Reply from FE80::2E0:FCFF:FE12:6486
bytes=56 Sequence=5 hop limit=64 time = 30 ms
--- FE80::2E0:FCFF:FE12:6486 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/32/90 ms
当ping测试的目的IPv6地址为link-local地址时,必须指定源接口或源IPv6地址。
步骤 4 配置R2的静态IPv6地址
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ipv6 address 2000:0012::2 64
[R2-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ipv6 address 2000:0023::2 64
[R2-GigabitEthernet0/0/1]quit
步骤 5 配置R2的DHCPv6 Server功能,配置R3通过DHCPv6获取IPv6地址
# DHCPv6 Server配置
[R2]dhcp enable
[R2]dhcpv6 pool pool1
创建名为“pool1”的地址池。
[R2-dhcpv6-pool-pool1]address prefix 2000:0023::/64
配置分配的IPv6地址前缀。
[R2-dhcpv6-pool-pool1]dns-server 2000:0023::2
配置DNS Server地址
[R2-dhcpv6-pool-pool1]quit
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]dhcpv6 server pool1
[R2-GigabitEthernet0/0/1]quit
# DHCPv6 Client配置
[R3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ipv6 address auto dhcp
[R3-GigabitEthernet0/0/0]quit
# 检查客户端地址和DNS服务器信息
[R3]display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface Physical Protocol
GigabitEthernet0/0/0 up up
[IPv6 Address] 2000:23::1
[R3]display dns server
Type:
D:Dynamic S:static
No configured ip dns servers.
No. Type IPv6 Address Interface Name
1 D 2000:23::2 -
此时R3的GigabitEthernet0/0/0接口已经获取到了IPv6全球单播地址。
如何配置DHCPv6 Server给客户端分配网关信息呢?
DHCPv6服务器不会为DHCPv6客户端分配IPv6网关地址。
当配置为DHCPv6有状态方式时,DHCPv6客户端通过ipv6 address auto global default命令学习到IPv6网关的缺省路由;当配置为DHCPv6无状态方式时,DHCPv6客户端通过该命令学习全球单播IPv6地址和IPv6网关的缺省路由。需确保与其相连的对端设备的接口已通过命令undo ipv6 nd ra halt,使能发布RA报文的功能
# 配置DHCPv6 Server给客户端分配网关地址
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]undo ipv6 nd ra halt
undo ipv6 nd ra halt命令用来使能系统发布RA报文功能,默认情况下路由器的接口不会发送RA报文。
[R2-GigabitEthernet0/0/1]ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig managed-address-flag命令用来设置RA报文中的有状态自动配置地址的标志位,默认情况下不设置该位。
• 如果设置了该标志位,则主机通过有状态自动配置获得IPv6地址。
• 如果清除了该标志位,则主机通过无状态自动配置获得IPv6地址,即通过RA报文向主机发布IPv6地址前缀信息自动生成IPv6地址。
[R2-GigabitEthernet0/0/1]ipv6 nd autoconfig other-flag
ipv6 nd autoconfig other-flag命令用来设置RA报文中的有状态自动配置其他信息的标志位,默认情况下不设置该位。
• 如果设置了该标志位,则主机可通过有状态自动配置获得除IPv6地址外的其他配置信息,包括路由器生存时间、邻居可达时间、邻居的重传时间、链路的MTU信息。
• 如果清除了该标志位,则主机进行无状态自动配置。即路由设备通过RA报文向主机发布除IPv6地址外的其他配置信息,包括路由器生存时间、邻居可达时间、邻居的重传时间、链路的MTU信息。
[R2-GigabitEthernet0/0/1]quit
# 配置客户端通过RA报文学习默认路由
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0] ipv6 address auto global default
# 查看R3的路由信息
[R3]display ipv6 routing-table
Routing Table : Public
Destinations : 4 Routes : 4
Destination : :: PrefixLength : 0
NextHop : FE80::A2F4:79FF:FE5A:CDAE Preference : 64
Cost : 0 Protocol : Unr
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet0/0/0 Flags : D
Destination : ::1 PrefixLength : 128
NextHop : ::1 Preference : 0
Cost : 0 Protocol : Direct
RelayNextHop : :: TunnelID : 0x0
Interface : InLoopBack0 Flags : D
Destination : 2000:23::1 PrefixLength : 128
NextHop : ::1 Preference : 0
Cost : 0 Protocol : Direct
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet0/0/0 Flags : D
Destination : FE80:: PrefixLength : 10
NextHop : :: Preference : 0
Cost : 0 Protocol : Direct
RelayNextHop : :: TunnelID : 0x0
Interface : NULL0 Flags : D
步骤 6 配置R1通过无状态方式配置IPv6地址
# 在R2的GigabitEthernet0/0/0接口使能RA报文
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]undo ipv6 nd ra halt
# 在R1的GigabitEthernet0/0/0接口使能无状态地址配置
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0] ipv6 address auto global
# 检查R1的地址配置情况
[R1]display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface Physical Protocol
GigabitEthernet0/0/0 up up
[IPv6 Address] 2000:12::2E0:FCFF:FE4D:355
此时R1的GigabitEthernet0/0/0根据R2的RA报文获取的IPv6地址前缀,加上本地生成的接口ID,生成了IPv6全球单播地址。
步骤 7 配置IPv6静态路由
# 为了实现R1的GigabitEthernet0/0/0和R3的GigabitEthernet0/0/0接口互访,需要在R1上配置静态路由
[R1]ipv6 route-static 2000:23:: 64 2000:12::2
Info: The destination address and mask of the configured static route mismatched, and the static route 2000:23::/64 was generated.
# 检测联通性
[R1]ping ipv6 2000:23::1
PING 2000:23::1 : 56 data bytes, press CTRL_C to break
Reply from 2000:23::1
bytes=56 Sequence=1 hop limit=63 time = 20 ms
Reply from 2000:23::1
bytes=56 Sequence=2 hop limit=63 time = 20 ms
Reply from 2000:23::1
bytes=56 Sequence=3 hop limit=63 time = 30 ms
Reply from 2000:23::1
bytes=56 Sequence=4 hop limit=63 time = 20 ms
Reply from 2000:23::1
bytes=56 Sequence=5 hop limit=63 time = 30 ms
--- 2000:23::1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
此时R1上存在到2000:23::/64网段的静态路由,R3通过DHCPv6获取了默认路由,故R1和R3的GigabitEthernet0/0/0接口之间可以互相访问。
# 查看IPv6邻居信息
[R1]display ipv6 neighbors
-----------------------------------------------------------------------------
IPv6 Address : 2000:12::2
Link-layer : 00e0-fc12-6486 State : STALE
Interface : GE0/0/0 Age : 8
VLAN : - CEVLAN : -
VPN name : Is Router : TRUE
Secure FLAG : UN-SECURE
IPv6 Address : FE80::2E0:FCFF:FE12:6486
Link-layer : 00e0-fc12-6486 State : STALE
Interface : GE0/0/0 Age : 8
VLAN : - CEVLAN : -
VPN name : Is Router : TRUE
Secure FLAG : UN-SECURE
-----------------------------------------------------------------------------
Total: 2 Dynamic: 2 Static: 0
六、配置参考R1的配置
#
sysname R1
#
ipv6
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ipv6 address auto global
#
ipv6 route-static 2000:23:: 64 2000:12::2
#
return
R2的配置
#
sysname R2
#
ipv6
#
dhcp enable
#
dhcpv6 pool pool1
address prefix 2000:23::/64
dns-server 2000:23::2
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address 2000:12::2/64
ipv6 address auto link-local
undo ipv6 nd ra halt
interface GigabitEthernet0/0/1
#
ipv6 enable
ipv6 address 2000:23::2/64
ipv6 address auto link-local
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
dhcpv6 server pool1
#
return
R3的配置
#
sysname R3
#
ipv6
#
dhcp enable
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ipv6 address auto global default
ipv6 address auto dhcp
#
return