Print

F1060 gre ipv6隧道典型组网配置案例

组网及说明



组网说明:

本案例采用H3C HCL模拟器的F1060来模拟gre ipv6隧道的典型组网配置。IPV6子网在网络拓扑图已经有了明确的标识。为了避免IPV6子网1IPV6子网2在整个IPV6子网中泄露并实现通信,因此在FW1FW2之间建立gre ipv6的隧道。



配置步骤

1、按照网络拓扑图正确配置IP地址

2、FW1FW2建立gre ipv6隧道

配置关键点

ISP

<H3C>sys

System View: return to User View with Ctrl+Z.

[H3C]sysname ISP

[ISP]int gi 0/0

[ISP-GigabitEthernet0/0]des <connect to FW1>

[ISP-GigabitEthernet0/0]ipv6 address 3::2 64

[ISP-GigabitEthernet0/0]quit

[ISP]int gi 0/1

[ISP-GigabitEthernet0/1]des <connect to FW2>

[ISP-GigabitEthernet0/1]ipv6 address 4::2 64

[ISP-GigabitEthernet0/1]quit

 

 

SW1

<H3C>sys

System View: return to User View with Ctrl+Z.

[H3C]sysname SW1

[SW1]int gi 1/0/1

[SW1-GigabitEthernet1/0/1]port link-mode route

[SW1-GigabitEthernet1/0/1]des <connect to FW2>

[SW1-GigabitEthernet1/0/1]ipv6 address 2::2 64

[SW1-GigabitEthernet1/0/1]quit

[SW1]ipv6 route-static :: 0 2::1

 

 

FW1

<H3C>sys

System View: return to User View with Ctrl+Z.

[H3C]sysname FW1

[FW1]acl ipv6 basic 2001

[FW1-acl-ipv6-basic-2001]rule 0 permit source any

[FW1-acl-ipv6-basic-2001]quit

[FW1]

[FW1]zone-pair security source trust destination untrust

[FW1-zone-pair-security-Trust-Untrust]packet-filter ipv6 2001

[FW1-zone-pair-security-Trust-Untrust]quit

[FW1]

[FW1]zone-pair security source untrust destination trust

[FW1-zone-pair-security-Untrust-Trust]packet-filter ipv6 2001

[FW1-zone-pair-security-Untrust-Trust]quit

[FW1]

[FW1]zone-pair security source trust destination local

[FW1-zone-pair-security-Trust-Local]packet-filter ipv6 2001

[FW1-zone-pair-security-Trust-Local]quit

[FW1]

[FW1]zone-pair security source local destination trust

[FW1-zone-pair-security-Local-Trust]packet-filter ipv6 2001

[FW1-zone-pair-security-Local-Trust]quit

[FW1]

[FW1]zone-pair security source untrust destination local

[FW1-zone-pair-security-Untrust-Local]packet-filter ipv6 2001

[FW1-zone-pair-security-Untrust-Local]quit

[FW1]

[FW1]zone-pair security source local destination untrust

[FW1-zone-pair-security-Local-Untrust]packet-filter ipv6 2001

[FW1-zone-pair-security-Local-Untrust]quit

[FW1]

[FW1]zone-pair security source trust destination trust

[FW1-zone-pair-security-Trust-Trust]packet-filter ipv6 2001

[FW1-zone-pair-security-Trust-Trust]quit

[FW1]

[FW1]zone-pair security source untrust destination untrust

[FW1-zone-pair-security-Untrust-Untrust]packet-filter ipv6 2001

[FW1-zone-pair-security-Untrust-Untrust]quit

[FW1]int gi 1/0/3

[FW1-GigabitEthernet1/0/3]ipv6 address 1::1 64

[FW1-GigabitEthernet1/0/3]quit

[FW1]int gi 1/0/2

[FW1-GigabitEthernet1/0/2]des <connect to ISP>

[FW1-GigabitEthernet1/0/2]ipv6 address 3::1 64

[FW1-GigabitEthernet1/0/2]quit

[FW1]ipv6 route-static :: 0 3::2

[FW1]security-zone name Trust

[FW1-security-zone-Trust]import interface GigabitEthernet 1/0/3

[FW1-security-zone-Trust]quit

[FW1]security-zone name Untrust

[FW1-security-zone-Untrust]import interface GigabitEthernet 1/0/2

[FW1-security-zone-Untrust]quit

 

FW1 ipv6 over ipv6隧道配置关键点:

[FW1]int Tunnel 0 mode gre ipv6

[FW1-Tunnel0]ipv6 address 5::1 64

[FW1-Tunnel0]source 3::1

[FW1-Tunnel0]destination 4::1

[FW1-Tunnel0]quit

[FW1]ipv6 route 2:: 64 Tunnel 0

[FW1]security-zone name Untrust

[FW1-security-zone-Untrust]import interface Tunnel 0

[FW1-security-zone-Untrust]quit

 

FW2

<H3C>sys

System View: return to User View with Ctrl+Z.

[H3C]sysname FW2

[FW2]acl ipv6 basic 2001

[FW2-acl-ipv6-basic-2001]rule 0 permit source any

[FW2-acl-ipv6-basic-2001]quit

[FW2]

[FW2]zone-pair security source trust destination untrust

[FW2-zone-pair-security-Trust-Untrust]packet-filter ipv6 2001

[FW2-zone-pair-security-Trust-Untrust]quit

[FW2]

[FW2]zone-pair security source untrust destination trust

[FW2-zone-pair-security-Untrust-Trust]packet-filter ipv6 2001

[FW2-zone-pair-security-Untrust-Trust]quit

[FW2]

[FW2]zone-pair security source trust destination local

[FW2-zone-pair-security-Trust-Local]packet-filter ipv6 2001

[FW2-zone-pair-security-Trust-Local]quit

[FW2]

[FW2]zone-pair security source local destination trust

[FW2-zone-pair-security-Local-Trust]packet-filter ipv6 2001

[FW2-zone-pair-security-Local-Trust]quit

[FW2]

[FW2]zone-pair security source untrust destination local

[FW2-zone-pair-security-Untrust-Local]packet-filter ipv6 2001

[FW2-zone-pair-security-Untrust-Local]quit

[FW2]

[FW2]zone-pair security source local destination untrust

[FW2-zone-pair-security-Local-Untrust]packet-filter ipv6 2001

[FW2-zone-pair-security-Local-Untrust]quit

[FW2]

[FW2]zone-pair security source trust destination trust

[FW2-zone-pair-security-Trust-Trust]packet-filter ipv6 2001

[FW2-zone-pair-security-Trust-Trust]quit

[FW2]

[FW2]zone-pair security source untrust destination untrust

[FW2-zone-pair-security-Untrust-Untrust]packet-filter ipv6 2001

[FW2-zone-pair-security-Untrust-Untrust]quit

[FW2]int gi 1/0/3

[FW2-GigabitEthernet1/0/3]ipv6 address 2::1 64

[FW2-GigabitEthernet1/0/3]quit

[FW2]int gi 1/0/2

[FW2-GigabitEthernet1/0/2]des <connect to ISP>

[FW2-GigabitEthernet1/0/2]ipv6 address 4::1 64

[FW2-GigabitEthernet1/0/2]quit

[FW2]ipv6 route-static :: 0 4::2

[FW2]security-zone name Trust

[FW2-security-zone-Trust]import interface GigabitEthernet 1/0/3

[FW2-security-zone-Trust]quit

[FW2]security-zone name Untrust

[FW2-security-zone-Untrust]import interface GigabitEthernet 1/0/2

[FW2-security-zone-Untrust]quit

 

FW2 ipv6 over ipv6隧道配置关键点:

[FW2]int Tunnel 0 mode gre ipv6

[FW2-Tunnel0]ipv6 address 5::2 64

[FW2-Tunnel0]source 4::1

[FW2-Tunnel0]destination 3::1

[FW2-Tunnel0]quit

[FW2]ipv6 route 1:: 64 Tunnel 0

[FW2]security-zone name Untrust

[FW2-security-zone-Untrust]import interface Tunnel 0

[FW2-security-zone-Untrust]quit

 

IPV6子网1PC填写IPV6地址:



IPV6子网1PC可以PINGIPV6子网2SW1PING不通ISPIPV6地址:



IPV6子网2SW1可以PINGIPV6子网1PCPING不通ISPIPV6地址:



根据测试结果得知,IPV6子网1IPV6子网2已经在ISP中成功隐藏,并实现互通。

 

分别查看FW1FW2的隧道状态:





分别查看FW1FW2IPV6路由表,均可看到隧道的路由:

[FW1]dis ipv6 routing-table

 

Destinations : 11       Routes : 11

 

Destination: ::/0                                        Protocol  : Static

NextHop    : 3::2                                        Preference: 60

Interface  : GE1/0/2                                     Cost      : 0

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : GE1/0/3                                     Cost      : 0

 

Destination: 1::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 2::/64                                      Protocol  : Static

NextHop    : ::                                          Preference: 60

Interface  : Tun0                                        Cost      : 0

 

Destination: 3::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : GE1/0/2                                     Cost      : 0

 

Destination: 3::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 5::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Tun0                                        Cost      : 0

 

Destination: 5::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FF00::/8                                    Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0                                       Cost      : 0

[FW1]

 

[FW2]dis ipv6 routing-table

 

Destinations : 11       Routes : 11

 

Destination: ::/0                                        Protocol  : Static

NextHop    : 4::2                                        Preference: 60

Interface  : GE1/0/2                                     Cost      : 0

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : Static

NextHop    : ::                                          Preference: 60

Interface  : Tun0                                        Cost      : 0

 

Destination: 2::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : GE1/0/3                                     Cost      : 0

 

Destination: 2::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 4::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : GE1/0/2                                     Cost      : 0

 

Destination: 4::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 5::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Tun0                                        Cost      : 0

 

Destination: 5::2/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FF00::/8                                    Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0                                       Cost      : 0

[FW2]

 

至此,F1060 GRE IPV6典型组网配置案例已完成!