组网说明:
本案例采用H3C HCL模拟器的F1060防火墙来模拟IPV6之OSPFV3的典型组网配置,全网均采用IPV6子网,要求通过OSPFV3技术实现全网互通。
1、按照网络拓扑图正确配置IPV6地址。
2、全网运行OSPFV3路由协议
FW1:
<FW1>sys
System View: return to User View with Ctrl+Z.
[FW1]acl ipv6 basic 2001
[FW1-acl-ipv6-basic-2001]rule 0 permit source any
[FW1-acl-ipv6-basic-2001]quit
[FW1]
[FW1]zone-pair security source trust destination untrust
[FW1-zone-pair-security-Trust-Untrust]packet-filter ipv6 2001
[FW1-zone-pair-security-Trust-Untrust]quit
[FW1]
[FW1]zone-pair security source untrust destination trust
[FW1-zone-pair-security-Untrust-Trust]packet-filter ipv6 2001
[FW1-zone-pair-security-Untrust-Trust]quit
[FW1]
[FW1]zone-pair security source trust destination local
[FW1-zone-pair-security-Trust-Local]packet-filter ipv6 2001
[FW1-zone-pair-security-Trust-Local]quit
[FW1]
[FW1]zone-pair security source local destination trust
[FW1-zone-pair-security-Local-Trust]packet-filter ipv6 2001
[FW1-zone-pair-security-Local-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination local
[FW1-zone-pair-security-Untrust-Local]packet-filter ipv6 2001
[FW1-zone-pair-security-Untrust-Local]quit
[FW1]
[FW1]zone-pair security source local destination untrust
[FW1-zone-pair-security-Local-Untrust]packet-filter ipv6 2001
[FW1-zone-pair-security-Local-Untrust]quit
[FW1]
[FW1]zone-pair security source trust destination trust
[FW1-zone-pair-security-Trust-Trust]packet-filter ipv6 2001
[FW1-zone-pair-security-Trust-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination untrust
[FW1-zone-pair-security-Untrust-Untrust]packet-filter ipv6 2001
[FW1-zone-pair-security-Untrust-Untrust]quit
[FW1]ospfv3 1
[FW1-ospfv3-1]router-id 1.1.1.1
[FW1-ospfv3-1]import-route direct
[FW1-ospfv3-1]quit
[FW1]int loopback 0
[FW1-LoopBack0]ip address 1.1.1.1 32
[FW1-LoopBack0]quit
[FW1]int loopback 1
[FW1-LoopBack1]ipv6 address 3::1 63
[FW1-LoopBack1]ospfv3 1 area 0
[FW1-LoopBack1]quit
[FW1]int gi 1/0/3
[FW1-GigabitEthernet1/0/3]ipv6 address 1::1 64
[FW1-GigabitEthernet1/0/3]ospfv3 1 area 0
[FW1-GigabitEthernet1/0/3]quit
[FW1]int gi 1/0/2
[FW1-GigabitEthernet1/0/2]des <connect to FW2>
[FW1-GigabitEthernet1/0/2]ipv6 address 2::1 64
[FW1-GigabitEthernet1/0/2]ospfv3 1 area 0
[FW1-GigabitEthernet1/0/2]quit
[FW1]security-zone name Trust
[FW1-security-zone-Trust]import interface GigabitEthernet 1/0/3
[FW1-security-zone-Trust]quit
[FW1]security-zone name Untrust
[FW1-security-zone-Untrust]import interface LoopBack 0
[FW1-security-zone-Untrust]import interface LoopBack 1
[FW1-security-zone-Untrust]import interface GigabitEthernet 1/0/2
[FW1-security-zone-Untrust]quit
FW2:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname FW2
[FW2]acl ipv6 basic 2001
[FW2-acl-ipv6-basic-2001]rule 0 permit source any
[FW2-acl-ipv6-basic-2001]quit
[FW2]
[FW2]zone-pair security source trust destination untrust
[FW2-zone-pair-security-Trust-Untrust]packet-filter ipv6 2001
[FW2-zone-pair-security-Trust-Untrust]quit
[FW2]
[FW2]zone-pair security source untrust destination trust
[FW2-zone-pair-security-Untrust-Trust]packet-filter ipv6 2001
[FW2-zone-pair-security-Untrust-Trust]quit
[FW2]
[FW2]zone-pair security source trust destination local
[FW2-zone-pair-security-Trust-Local]packet-filter ipv6 2001
[FW2-zone-pair-security-Trust-Local]quit
[FW2]
[FW2]zone-pair security source local destination trust
[FW2-zone-pair-security-Local-Trust]packet-filter ipv6 2001
[FW2-zone-pair-security-Local-Trust]quit
[FW2]
[FW2]zone-pair security source untrust destination local
[FW2-zone-pair-security-Untrust-Local]packet-filter ipv6 2001
[FW2-zone-pair-security-Untrust-Local]quit
[FW2]
[FW2]zone-pair security source local destination untrust
[FW2-zone-pair-security-Local-Untrust]packet-filter ipv6 2001
[FW2-zone-pair-security-Local-Untrust]quit
[FW2]
[FW2]zone-pair security source trust destination trust
[FW2-zone-pair-security-Trust-Trust]packet-filter ipv6 2001
[FW2-zone-pair-security-Trust-Trust]quit
[FW2]
[FW2]zone-pair security source untrust destination untrust
[FW2-zone-pair-security-Untrust-Untrust]packet-filter ipv6 2001
[FW2-zone-pair-security-Untrust-Untrust]quit
[FW2]ospfv3 1
[FW2-ospfv3-1]router-id 2.2.2.2
[FW2-ospfv3-1]import-route direct
[FW2-ospfv3-1]quit
[FW2]int loopback 0
[FW2-LoopBack0]ip address 2.2.2.2 32
[FW2-LoopBack0]quit
[FW2]int loopback 1
[FW2-LoopBack1]ipv6 address 4::1 64
[FW2-LoopBack1]ospfv3 1 area 0
[FW2-LoopBack1]quit
[FW2]int gi 1/0/2
[FW2-GigabitEthernet1/0/2]des <connect to FW1>
[FW2-GigabitEthernet1/0/2]ipv6 address 2::2 64
[FW2-GigabitEthernet1/0/2]ospfv3 1 area 0
[FW2-GigabitEthernet1/0/2]quit
[FW2]security-zone name Untrust
[FW2-security-zone-Untrust]import interface LoopBack 0
[FW2-security-zone-Untrust]import interface LoopBack 1
[FW2-security-zone-Untrust]import interface GigabitEthernet 1/0/2
[FW2-security-zone-Untrust]quit
PC填写IPV6地址:
PC可以PING通FW1、FW2的loopback 1:
FW1可以PING通PC及FW2的loopback1:
FW2可以PING通PC及FW1的loopback1:
分别查看FW1、FW2的OSPFv3邻居信息:
分别查看FW1、FW2的IPV6路由表:
[FW1]dis ipv6 routing-table
Destinations : 11 Routes : 11
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/3 Cost : 0
Destination: 1::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 2::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/2 Cost : 0
Destination: 2::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 3::/63 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop1 Cost : 0
Destination: 3::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 4::/64 Protocol : O_ASE2
NextHop : FE80::28D6:6FF:FE21:207 Preference: 150
Interface : GE1/0/2 Cost : 1
Destination: 4::1/128 Protocol : O_INTRA
NextHop : FE80::28D6:6FF:FE21:207 Preference: 10
Interface : GE1/0/2 Cost : 1
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[FW1]
[FW2]dis ipv6 routing-table
Destinations : 10 Routes : 10
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : O_INTRA
NextHop : FE80::28D6:FF:FE91:107 Preference: 10
Interface : GE1/0/2 Cost : 2
Destination: 2::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/2 Cost : 0
Destination: 2::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 3::/63 Protocol : O_ASE2
NextHop : FE80::28D6:FF:FE91:107 Preference: 150
Interface : GE1/0/2 Cost : 1
Destination: 3::1/128 Protocol : O_INTRA
NextHop : FE80::28D6:FF:FE91:107 Preference: 10
Interface : GE1/0/2 Cost : 1
Destination: 4::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop1 Cost : 0
Destination: 4::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[FW2]
至此,F1060 IPV6之OSPFV3典型组网配置案例已完成!
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作