- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
05-H3C S12500 IPv6 over IPv4隧道典型配置举例
本章节下载: 05-H3C S12500 IPv6 over IPv4隧道典型配置举例 (271.2 KB)
H3C S12500 IPv6 over IPv4隧道配置举例
|
Copyright © 2013 杭州华三通信技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
|
目 录
本文档介绍了IPv6 over IPv4隧道配置举例。
IPv6 over IPv4隧道是在IPv6数据报文前封装上IPv4的报文头,通过隧道(Tunnel)使IPv6报文穿越IPv4网络,实现隔离的IPv6网络的互通。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
如图1所示,两台具有双协议栈的Switch A和Switch B通过IPv4网络连接,且路由可达。
要求通过在两台双栈设备(Switch A、Switch B)之间建立IPv4兼容IPv6自动隧道,实现IPv6 Group1和IPv6 Group2互通。
图1 IPv4兼容IPv6自动隧道配置组网图
本举例是S12500-CMW520-R1825P01版本上进行配置和验证的。
· 建立隧道的交换机上必须使能IPv6报文转发功能(缺省情况为关闭),以实现IPv6报文的正常转发。
· 隧道两端必须配置相同的隧道模式。
· IPv4兼容IPv6自动隧道地址格式为::IPv4-source-address/96。
# 使能IPv6报文转发功能。
[SwitchA] ipv6
# 创建VLAN12及其接口地址,并将端口GE3/0/1加入VLAN12。
<SwitchA> system-view
[SwitchA] vlan 12
[SwitchA-vlan12] port GigabitEthernet 3/0/1
[SwitchA-vlan12] quit
[SwitchA] interface Vlan-interface 12
[SwitchA-Vlan-interface12] ip address 2.1.1.1 8
[SwitchA-Vlan-interface12] undo shutdown
[SwitchA-Vlan-interface12] quit
[SwitchA] interface GigabitEthernet 3/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
# 配置隧道接口及其IPv6地址。
[SwitchA] interface Tunnel 0
[SwitchA-Tunnel0] ipv6 address ::2.1.1.1 96
# 配置隧道类型以及隧道的源端。
[SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4 auto-tunnel
[SwitchA-Tunnel0] source Vlan-interface 12
[SwitchA-Tunnel0] quit
# 使能IPv6报文转发功能。
[SwitchB] ipv6
# 创建VLAN12及其接口地址,并将端口GE3/0/1加入VLAN12。
<SwitchB> system-view
[SwitchB] vlan 12
[SwitchB-vlan12] port GigabitEthernet 3/0/1
[SwitchB-vlan12] quit
[SwitchB] interface Vlan-interface 12
[SwitchB-Vlan-interface12] ip address 2.1.1.2 8
[SwitchB-Vlan-interface12] undo shutdown
[SwitchB-Vlan-interface12] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
# 配置隧道接口及其IPv6地址。
[SwitchB] interface Tunnel 0
[SwitchB-Tunnel0] ipv6 address ::2.1.1.1 96
# 配置隧道类型以及隧道的源端。
[SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4 auto-tunnel
[SwitchB-Tunnel0] source Vlan-interface 12
[SwitchB-Tunnel0] quit
Switch A和Switch B可以互相Ping通对端接口的IPv6地址。
# 在Switch A上Ping Switch B对端接口的IPv6地址。
<SwitchA> ping ipv6 -a ::2.1.1.1 ::2.1.1.2
PING :: 2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from :: 2.1.1.2
bytes=56 Sequence=1 hop limit=64 time = 2 ms
Reply from :: 2.1.1.2
bytes=56 Sequence=2 hop limit=64 time = 4 ms
Reply from :: 2.1.1.2
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from :: 2.1.1.2
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from :: 2.1.1.2
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- :: 2.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/4 ms
# 在Switch B上Ping Switch A对端接口的IPv6地址。
<SwitchB> ping ipv6 -a ::2.1.1.2 ::2.1.1.1
PING :: 2.1.1.1 : 56 data bytes, press CTRL_C to break
Reply from :: 2.1.1.1
bytes=56 Sequence=1 hop limit=64 time = 2 ms
Reply from :: 2.1.1.1
bytes=56 Sequence=2 hop limit=64 time = 4 ms
Reply from :: 2.1.1.1
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from :: 2.1.1.1
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from :: 2.1.1.1
bytes=56 Sequence=5 hop limit=64 time = 3 ms
--- :: 2.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/4 ms
· Switch A
#
ipv6
#
vlan 12
#
interface Vlan-interface12
ip address 2.1.1.1 255.0.0.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 12
#
interface Tunnel0
ipv6 address ::2.1.1.1/96
tunnel-protocol ipv6-ipv4 auto-tunnel
source Vlan-interface12
#
· Switch B
#
ipv6
#
vlan 12
#
interface Vlan-interface12
ip address 2.1.1.2 255.0.0.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 12
#
interface Tunnel0
ipv6 address ::2.1.1.2/96
tunnel-protocol ipv6-ipv4 auto-tunnel
source Vlan-interface12
#
如图2所示,Switch A、Switch B、Switch C之间运行IPv4协议,两个6to4网络通过网络边缘6to4 switch(Switch A和Switch B)与IPv4网络相连。
要求通过在交换机Swtich A和Switch B之间建立6to4隧道,实现6to4网络中的主机PC1和PC2互通。
图2 IPv6 over IPv4 6to4自动隧道配置组网图
· 为了使PC1发往PC2的报文经由6to4隧道进行转发,需要在边界交换机Switch A上建立Tunnel转发的路由表项(用户只能通过静态路由配置,不支持动态路由):指定到达目的IPv6地址(即PC2的IPv6地址)的路由出接口为本端(Switch A)Tunnel0接口或下一跳为对端(Swtich B)Tunnel0接口地址。同理,Switch B上也需进行相应配置。
· 对于6to4隧道,必须确保隧道源端和目的端之间路由可达,因此需要在Switch A和Switch B上分别配置一条到对端的静态路由(下一跳是Switch C)。
本举例是在S12500-CMW520-R1825P01版本上进行配置和验证的。
· 建立隧道的交换机上必须使能IPv6报文转发功能(缺省情况为关闭),以实现IPv6报文的正常转发。
· 隧道两端必须配置相同的隧道模式。
· 6to4隧道地址格式为2002:IPv4-source-address::/48。
· 6to4隧道IPv6地址的内嵌IPv4地址不允许使用私网地址。
# 使能IPv6报文转发功能。
[SwitchA] ipv6
# 创建VLAN100及其接口地址,并将端口GE3/0/3加入VLAN100。
<SwitchA> system-view
[SwitchA] vlan 100
[SwitchA-vlan100] port GigabitEthernet 3/0/3
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 2.1.1.1 255.255.255.0
[SwitchA-Vlan-interface100] undo shutdown
[SwitchA-Vlan-interface100] quit
[SwitchA] interface GigabitEthernet 3/0/3
[SwitchA-GigabitEthernet3/0/3] undo shutdown
[SwitchA-GigabitEthernet3/0/3] quit
# 配置隧道接口及其IPv6地址。接口Vlan-int100的IPv4地址为2.1.1.1/24,转换成IPv6地址后使用6to4前缀2002:0201:0101::/48。对此前缀进行子网划分,Tunnel0使用2002:0201:0101::/64子网。
[SwitchA] interface Tunnel 0
[SwitchA-Tunnel0] ipv6 address 2002:0201:0101::1 64
# 配置隧道类型以及隧道的源端。
[SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4 6to4
[SwitchA-Tunnel0] source Vlan-interface 100
# 配置VLAN101及其接口地址,并将端口GE3/0/1加入VLAN101。接口Vlan-int100的IPv4地址为2.1.1.1/24,转换成IPv6地址后使用6to4前缀2002:0201:0101::/48。对此前缀进行子网划分, Vlan-int101使用2002:0201:0101:1::/64子网。
[SwitchA] vlan 101
[SwitchA-vlan101] port GigabitEthernet 3/0/1
[SwitchA-vlan101] quit
[SwitchA] interface Vlan-interface 101
[SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1 64
[SwitchA-Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] quit
[SwitchA] interface GigabitEthernet 3/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
# 配置到目的地址2002::/16,下一跳为Tunnel0接口的静态路由。
[SwitchA] ipv6 route-static 2002:: 16 tunnel 0
# 配置从SwitchA到达隧道目的端的静态路由。
[SwitchA] ip route-static 5.1.1.0 255.255.255.0 2.1.1.2
# 使能IPv6报文转发功能。
[SwitchB] ipv6
# 创建VLAN200及其接口地址,并将端口GE3/0/3加入VLAN200。
<SwitchB> system-view
[SwitchB] vlan 200
[SwitchB-vlan200] port GigabitEthernet 3/0/3
[SwitchB-vlan200] quit
[SwitchB] interface Vlan-interface 200
[SwitchB-Vlan-interface200] ip address 5.1.1.1 255.255.255.0
[SwitchB-Vlan-interface200] undo shutdown
[SwitchB-Vlan-interface200] quit
[SwitchB] interface GigabitEthernet 3/0/3
[SwitchB-GigabitEthernet3/0/3] undo shutdown
[SwitchB-GigabitEthernet3/0/3] quit
# 配置隧道接口及其IPv6地址。接口Vlan-int200的IPv4地址为5.1.1.1/24,转换成IPv6地址后使用6to4前缀2002:0501:0101::/48。对此前缀进行子网划分,Tunnel0使用2002:0501:0101::/64子网。
[SwitchB] interface Tunnel 0
[SwitchB-Tunnel0] ipv6 address 2002:0501:0101::1 64
# 配置隧道类型以及隧道的源端。
[SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4 6to4
[SwitchB-Tunnel0] source Vlan-interface 200
[SwitchB-Tunnel0] quit
# 配置VLAN201及其接口地址,并将端口GE3/0/1加入VLAN201。接口Vlan-int200的IPv4地址为5.1.1.1/24,转换成IPv6地址后使用6to4前缀2002:0501:0101::/48。对此前缀进行子网划分, Vlan-int201使用2002:0501:0101:1::/64子网。
[SwitchB] vlan 201
[SwitchB-vlan201] port GigabitEthernet 3/0/1
[SwitchB-vlan201] quit
[SwitchB] interface Vlan-interface 201
[SwitchB-Vlan-interface201] ipv6 address 2002:0501:0101:1::1 64
[SwitchB-Vlan-interface201] undo shutdown
[SwitchB-Vlan-interface201] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
# 配置到目的地址2002::/16,下一跳为Tunnel0接口的静态路由。
[SwitchB] ipv6 route-static 2002:: 16 tunnel 0
# 配置从SwitchB到达隧道目的端的静态路由。
[SwitchB] ip route-static 2.1.1.0 255.255.255.0 5.1.1.2
# 创建VLAN100及其接口地址,并将端口GE2/0/1加入VLAN100。
<SwitchC> system-view
[SwitchC] vlan 100
[SwitchC-vlan100] port GigabitEthernet 2/0/1
[SwitchC-vlan100] quit
[SwitchC] interface Vlan-interface 100
[SwitchC-Vlan-interface100] ip address 2.1.1.2 24
[SwitchC-Vlan-interface100] undo shutdown
[SwitchC-Vlan-interface100] quit
[SwitchC] interface GigabitEthernet 2/0/1
[SwitchC-GigabitEthernet2/0/1] undo shutdown
[SwitchC-GigabitEthernet2/0/1] quit
# 创建VLAN200及其接口地址,并将端口GE2/0/2加入VLAN200。
[SwitchC] vlan 200
[SwitchC-vlan200] port GigabitEthernet 2/0/2
[SwitchC-vlan200] quit
[SwitchC] interface Vlan-interface 200
[SwitchC-Vlan-interface200] ip address 5.1.1.2 24
[SwitchC-Vlan-interface200] undo shutdown
[SwitchC-Vlan-interface200] quit
[SwitchC] interface GigabitEthernet 2/0/2
[SwitchC-GigabitEthernet2/0/2] undo shutdown
[SwitchC-GigabitEthernet2/0/2] quit
以Windows XP操作系统为例。
# 在PC1上安装IPv6协议。
C:\>ipv6 install
# 查看PC1的IPv6接口配置,获得接口索引。
C:\>ipv6 if
# 配置接口的IPv6地址(通常接口索引为5)。
C:\>ipv6 adu 5/2002:201:101:1::2
# 配置IPv6默认路由。
C:\>ipv6 rtu ::/0 5/2002:201:101:1::1
以Windows XP操作系统为例。
# 在PC2上安装IPv6协议。
C:\>ipv6 install
# 查看PC2的IPv6接口配置,获得接口索引。
C:\>ipv6 if
# 配置接口的IPv6地址(通常接口索引为5)。
C:\>ipv6 adu 5/2002:501:101:1::2
# 配置IPv6默认路由。
C:\>ipv6 rtu ::/0 5/2002:501:101:1::1
PC1和PC2可以互相Ping通。
# 在PC1上Ping PC2。
C:\>ping6 -s 2002:201:101:1::2 2002:501:101:1::2
Pinging 2002:501:101:1::2
from 2002:201:101:1::2 with 32 bytes of data:
Reply from 2002:501:101:1::2: bytes=32 time<1ms
Reply from 2002:501:101:1::2: bytes=32 time<1ms
Reply from 2002:501:101:1::2: bytes=32 time<1ms
Reply from 2002:501:101:1::2: bytes=32 time<1ms
Ping statistics for 2002:501:101:1::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 在PC2上Ping PC1。
C:\>ping6 -s 2002:501:101:1::2 2002:201:101:1::2
Pinging 2002:201:101:1::2
from 2002:501:101:1::2 with 32 bytes of data:
Reply from 2002:201:101:1::2: bytes=32 time<1ms
Reply from 2002:201:101:1::2: bytes=32 time<1ms
Reply from 2002:201:101:1::2: bytes=32 time<1ms
Reply from 2002:201:101:1::2: bytes=32 time<1ms
Ping statistics for 2002:201:101:1::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
· Switch A
#
ipv6
#
vlan 100 to 101
#
interface Vlan-interface100
ip address 2.1.1.1 255.0.0.0
#
interface Vlan-interface101
ipv6 address 2002:201:101:1::1/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 100
#
interface Tunnel0
ipv6 address 2002:201:101::1/64
tunnel-protocol ipv6-ipv4 6to4
source Vlan-interface100
#
ip route-static 5.1.1.0 255.255.255.0 2.1.1.2
#
ipv6 route-static 2002:: 16 Tunnel0
#
· Switch B
#
ipv6
#
vlan 200 to 201
#
interface Vlan-interface200
ip address 5.1.1.1 255.0.0.0
#
interface Vlan-interface201
ipv6 address 2002:501:101:1::1/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 201
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 200
#
interface Tunnel0
ipv6 address 2002:501:101::1/64
tunnel-protocol ipv6-ipv4 6to4
source Vlan-interface200
#
ip route-static 2.1.1.0 255.255.255.0 5.1.1.2
#
ipv6 route-static 2002:: 16 Tunnel0
#
· Switch C
#
vlan 100
#
vlan 200
#
interface Vlan-interface100
ip address 2.1.1.2 255.255.255.0
#
interface Vlan-interface200
ip address 5.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 200
#
如图3所示,IPv6网络和IPv4网络通过ISATAP(Intra-Site Automatic Tunnel Addressing Protocol,站点内自动隧道寻址协议)交换机相连,在IPv4网络侧分布着一些ISATAP主机。
要求通过在ISATAP交换机和ISATAP主机之间建立ISATAP隧道,实现IPv4网络中的ISATAP主机与IPv6网络中的IPv6 Host通信。
图3 IPv6 over IPv4 ISATAP自动隧道配置组网图
· 隧道两端(ISATAP主机和ISATAP交换机的Tunnel0)的IPv6地址必须在同一网段,为了使ISATAP主机可以通过ISATAP交换机发布的RA消息获取地址前缀,自动生成IPv6全球单播地址,需要在ISATAP交换机与ISATAP主机相连的接口Tunnel0上取消对RA消息发布的抑制(缺省情况下,抑制发布RA消息)。
· 为了使IPv6 Host发往ISATAP主机的报文经由ISATAP隧道进行转发,需要在ISATAP交换机上建立Tunnel转发的路由表项(用户只能通过静态路由配置,不支持动态路由):指定到达目的IPv6地址(即ISATAP主机的IPv6地址)的路由出接口为本端(ISATAP交换机)Tunnel0接口或下一跳为对端(ISATAP主机)的IPv6地址。同理,ISATAP主机上也需进行相应配置。
本举例是在S12500-CMW520-R1825P01版本上进行配置和验证的。
· 建立隧道的交换机上必须使能IPv6报文转发功能(缺省情况为关闭),以实现IPv6报文的正常转发。
· 隧道两端必须配置相同的隧道模式。
· ISATAP隧道地址格式为Prefix:0:5EFE:IPv4-source-address/64。
# 使能IPv6报文转发功能。
[Switch] ipv6
# 创建VLAN11及其接口地址,并将端口GE3/0/1加入VLAN11。
<Switch> system-view
[Switch] vlan 11
[Switch-vlan11] port GigabitEthernet 3/0/1
[Switch-vlan11] quit
[Switch] interface Vlan-interface 11
[Switch-Vlan-interface11] ip address 2.1.1.1 255.255.255.0
[Switch-Vlan-interface11] undo shutdown
[Switch-Vlan-interface11] quit
[Switch] interface GigabitEthernet 3/0/1
[Switch-GigabitEthernet3/0/1] undo shutdown
[Switch-GigabitEthernet3/0/1] quit# 配置隧道接口及其IPv6地址。
[Switch] interface Tunnel 0
[Switch-Tunnel0] ipv6 address 2001::5efe:0201:0101 64
# 配置隧道类型以及隧道的源端。
[Switch-Tunnel0] tunnel-protocol ipv6-ipv4 isatap
[Switch-Tunnel0] source Vlan-interface 11
# 隧道接口取消RA抑制,使ISATAP主机可以ISATAP通过交换机发布的RA消息获取地址前缀等信息。
[Switch-Tunnel0] undo ipv6 nd ra halt
# 创建VLAN10及其接口地址,并将端口GE3/0/3加入VLAN10。
[Switch] vlan 10
[Switch-vlan10] port GigabitEthernet 3/0/3
[Switch-vlan10] quit
[Switch] interface Vlan-interface 10
[Switch-Vlan-interface10] ipv6 address 3000::1 64
[Switch-Vlan-interface10] undo shutdown
[Switch-Vlan-interface10] quit
[Switch] interface GigabitEthernet 3/0/3
[Switch-GigabitEthernet3/0/3] undo shutdown
[Switch-GigabitEthernet3/0/3] quit
# 配置从ISATAP经过Tunnel0接口到ISATAP主机的静态路由。
[Switch] ipv6 route-static 2001:: 16 tunnel 0
以Windows XP操作系统为例。
# 在主机上安装IPv6协议。
C:\>ipv6 install
# 查看PC上IPv6接口信息,获取ISATAP隧道接口的接口索引。
C:\>ipv6 if
# 配置ISATAP隧道的目的IPv4地址(通常接口索引为2)。
C:\>ipv6 rlu 2 2.1.1.1
# 配置静态路由。
C:\>ipv6 rtu 3000::/64 2/2001::5efe:2.1.1.1
# 查看ISATAP接口的信息。
C:\>ipv6 if 2
Interface 2: Automatic Tunneling Pseudo-Interface
Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}
does not use Neighbor Discovery
uses Router Discovery
routing preference 1
EUI-64 embedded IPv4 address: 2.1.1.2
router link-layer address: 2.1.1.1
preferred global 2001::5efe:2.1.1.2, life 29d23h59m46s/6d23h59m46s (public)
preferred link-local fe80::5efe:2.1.1.2, life infinite
link MTU 1500 (true link MTU 65515)
current hop limit 255
reachable time 42500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
default site prefix length 48
以Windows XP操作系统为例。
# 在主机上安装IPv6协议。
C:\>ipv6 install
# 查看IPv6 Host上IPv6接口信息,获取接口索引。
C:\>ipv6 if
# 配置接口的IPv6地址(通常接口索引为4)。
C:\>ipv6 adu 4/3000::2
# 配置IPv6默认路由。
C:\>ipv6 rtu ::/0 5/3000::1
IPv6 Host和ISATAP Host可以互相Ping通。
# 在IPv6 Host上Ping ISATAP Host。
C:\>ping6 -s 3000::2 2001::5efe:0201:0102
Pinging 2001::5efe:0201:0102
from 3000::2 with 32 bytes of data:
Reply from 2001::5efe:0201:0102: bytes=32 time<1ms
Reply from 2001::5efe:0201:0102: bytes=32 time<1ms
Reply from 2001::5efe:0201:0102: bytes=32 time<1ms
Reply from 2001::5efe:0201:0102: bytes=32 time<1ms
Ping statistics for 2001::5efe:0201:0102:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 在ISATAP Host上Ping IPv6 Host。
C:\>ping6 -s 2001::5efe:0201:0102 3000::2
Pinging 3000::2
from 2001::5efe:0201:0102 with 32 bytes of data:
Reply from 3000::2: bytes=32 time<1ms
Reply from 3000::2: bytes=32 time<1ms
Reply from 3000::2: bytes=32 time<1ms
Reply from 3000::2: bytes=32 time<1ms
Ping statistics for 3000::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
#
ipv6
#
vlan 10 to 11
#
interface Vlan-interface10
ipv6 address 3000::1/64
#
interface Vlan-interface11
ip address 2.1.1.1 255.255.255.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 10
#
interface Tunnel0
ipv6 address 2001::5EFE:201:101/64
undo ipv6 nd ra halt
tunnel-protocol ipv6-ipv4 isatap
source Vlan-interface11
#
如图4所示,两个IPv6网络分别通过Switch A和Switch B与IPv4网络连接。
要求通过在Switch A和Switch B之间建立IPv6 over IPv4手动隧道,实现两个IPv6网络中的主机PC1和PC2互通。
图4 IPv6 over IPv4手动隧道配置组网图
· 为了使PC1发往PC2的报文经由手动隧道进行转发,需要在边界交换机Switch A上建立Tunnel转发的路由表项:用户可以配置静态路由,指定到达目的IPv6地址(即PC2的IPv6地址)的路由出接口为本端(Switch A)Tunnel接口或下一跳为对端(Switch B)Tunnel接口地址;也可以配置动态路由,在Tunnel接口上和与IPv6 network相连的交换机VLAN接口上分别使能动态路由协议。本例中选择配置静态路由(因为配置简单)。同理,Switch B上也需进行相应配置。
· 对于手动隧道,必须确保隧道源端和目的端之间路由可达,因此需要在Switch A和Switch B上分别配置一条到对端的静态路由(下一跳是Switch C)。
本举例是在S12500-CMW520-R1825P01版本上进行配置和验证的。
· 建立隧道的交换机上必须使能IPv6报文转发功能(缺省情况为关闭),以实现IPv6报文的正常转发。
· 隧道两端必须配置相同的隧道模式。
# 使能IPv6报文转发功能。
[SwitchA] ipv6
# 创建VLAN101及其接口地址,并将端口GE3/0/3加入VLAN101。
<SwitchA> system-view
[SwitchA] vlan 101
[SwitchA-vlan101] port GigabitEthernet 3/0/3
[SwitchA-vlan101] quit
[SwitchA] interface Vlan-interface 101
[SwitchA-Vlan-interface101] ip address 192.13.2.2 24
[SwitchA-Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] quit
[SwitchA] interface GigabitEthernet 3/0/3
[SwitchA-GigabitEthernet3/0/3] undo shutdown
[SwitchA-GigabitEthernet3/0/3] quit
# 配置隧道接口及其IPv6地址。
[SwitchA] interface Tunnel 0
[SwitchA-Tunnel0] ipv6 address 3000::1 64
# 配置隧道类型以及隧道的源端和目的端。
[SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4
[SwitchA-Tunnel0] source vlan-interface 101
[SwitchA-Tunnel0] destination 131.108.5.2
[SwitchA-Tunnel0] quit
# 创建VLAN100及其接口地址,并将端口GE3/0/1加入VLAN100。
[SwitchA] vlan 100
[SwitchA-vlan100] port GigabitEthernet 3/0/1
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ipv6 address 1000::1 64
[SwitchA-Vlan-interface100] undo shutdown
[SwitchA-Vlan-interface100] quit
[SwitchA] interface GigabitEthernet 3/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
# 配置从SwitchA经过Tunnel0接口到PC2的静态路由。
[SwitchA] ipv6 route-static 2000:: 64 Tunnel 0
# 配置从SwitchA到达隧道目的端的静态路由。
[SwitchA] ip route-static 131.108.5.2 255.255.255.255 192.13.2.1
# 使能IPv6报文转发功能。
[SwitchB] ipv6
# 创建VLAN200及其接口地址,并将端口GE3/0/3加入VLAN200。
<SwitchB> system-view
[SwitchB] vlan 200
[SwitchB-vlan200] port GigabitEthernet 3/0/3
[SwitchB-vlan200] quit
[SwitchB] interface Vlan-interface 200
[SwitchB-Vlan-interface200] ip address 131.108.5.2 24
[SwitchB-Vlan-interface200] undo shutdown
[SwitchB-Vlan-interface200] quit
[SwitchB] interface GigabitEthernet 3/0/3
[SwitchB-GigabitEthernet3/0/3] undo shutdown
[SwitchB-GigabitEthernet3/0/3] quit
# 配置隧道接口及其IPv6地址。
[SwitchB] interface Tunnel 0
[SwitchB-Tunnel0] ipv6 address 3000::2 64
# 配置隧道类型以及隧道的源端和目的端。
[SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4
[SwitchB-Tunnel0] source vlan-interface 200
[SwitchB-Tunnel0] destination 192.13.2.2
# 配置VLAN201及其接口地址,并将端口GE3/0/1加入VLAN201。
[SwitchB] vlan 201
[SwitchB-vlan201] port GigabitEthernet 3/0/1
[SwitchB-vlan201] quit
[SwitchB] interface Vlan-interface 201
[SwitchB-Vlan-interface201] ipv6 address 2000::1 64
[SwitchB-Vlan-interface201] undo shutdown
[SwitchB-Vlan-interface201] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
# 配置从SwitchB经过Tunnel0接口到PC1的静态路由。
[SwitchB] ipv6 route-static 1000:: 64 Tunnel0
# 配置SwitchB到达隧道目的端的静态路由。
[SwitchB] ip route-static 192.13.2.2 255.255.255.255 131.108.5.1
# 创建VLAN101及其接口地址,并将端口GE2/0/1加入VLAN101。
<SwitchC> system-view
[SwitchC] vlan 101
[SwitchC-vlan101] port GigabitEthernet 2/0/1
[SwitchC-vlan101] quit
[SwitchC] interface Vlan-interface 101
[SwitchC-Vlan-interface101] ip address 192.13.2.1 24
[SwitchC-Vlan-interface101] undo shutdown
[SwitchC-Vlan-interface101] quit
[SwitchC] interface GigabitEthernet 2/0/1
[SwitchC-GigabitEthernet2/0/1] undo shutdown
[SwitchC-GigabitEthernet2/0/1] quit
# 创建VLAN200及其接口地址,并将端口GE2/0/2加入VLAN200。
[SwitchC] vlan 200
[SwitchC-vlan200] port GigabitEthernet 2/0/2
[SwitchC-vlan200] quit
[SwitchC] interface Vlan-interface 200
[SwitchC-Vlan-interface200] ip address 131.108.5.1 24
[SwitchC-Vlan-interface200] undo shutdown
[SwitchC-Vlan-interface200] quit
[SwitchC] interface GigabitEthernet 2/0/2
[SwitchC-GigabitEthernet2/0/2] undo shutdown
[SwitchC-GigabitEthernet2/0/2] quit
以Windows XP操作系统为例。
# 在PC1上安装IPv6协议。
C:\>ipv6 install
# 查看PC1的IPv6接口配置,获得接口索引。
C:\>ipv6 if
# 配置接口的IPv6地址(通常接口索引为5)。
C:\>ipv6 adu 5/1000::2
# 配置IPv6默认路由。
C:\>ipv6 rtu ::/0 5/1000::1
以Windows XP操作系统为例。
# 在PC2上安装IPv6协议。
C:\>ipv6 install
# 查看PC2的IPv6接口配置,获得接口索引。
C:\>ipv6 if
# 配置接口的IPv6地址(通常接口索引为5)。
C:\>ipv6 adu 5/2000::2
# 配置IPv6默认路由。
C:\>ipv6 rtu ::/0 5/2000::1
PC 1和PC 2可以互通。
# 在PC1上Ping PC2。
C:\>ping6 -s 1000::2 2000::2
Pinging 2000::2
from 1000::2 with 32 bytes of data:
Reply from 2000::2: bytes=32 time<1ms
Reply from 2000::2: bytes=32 time<1ms
Reply from 2000::2: bytes=32 time<1ms
Reply from 2000::2: bytes=32 time<1ms
Ping statistics for 2000::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 在PC1上Ping PC2。
C:\>ping6 -s 2000::2 1000::2
Pinging 1000::2
from 2000::2 with 32 bytes of data:
Reply from 1000::2: bytes=32 time<1ms
Reply from 1000::2: bytes=32 time<1ms
Reply from 1000::2: bytes=32 time<1ms
Reply from 1000::2: bytes=32 time<1ms
Ping statistics for 1000::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
· Switch A
#
ipv6
#
vlan 100 to 101
#
interface Vlan-interface100
ipv6 address 1000::1/64
#
interface Vlan-interface101
ip address 192.13.2.2 255.255.255.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 101
#
interface Tunnel0
ipv6 address 3000::1/64
tunnel-protocol ipv6-ipv4
source Vlan-interface101
destination 131.108.5.2
#
ip route-static 131.108.5.2 255.255.255.255 192.13.2.1
#
ipv6 route-static 2000:: 64 Tunnel0
#
· Switch B
#
ipv6
#
vlan 200 to 201
#
interface Vlan-interface200
ip address 131.108.5.2 255.255.255.0
#
interface Vlan-interface201
ipv6 address 2000::1/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 201
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 200
#
interface Tunnel0
ipv6 address 3000::2/64
tunnel-protocol ipv6-ipv4
source Vlan-interface200
destination 192.13.2.2
#
ip route-static 192.13.2.2 255.255.255.255 131.108.5.1
#
ipv6 route-static 2000:: 64 Tunnel0
#
· Switch C
#
vlan 101
#
vlan 200
#
interface Vlan-interface101
ip address 192.13.2.1 255.255.255.0
#
interface Vlan-interface200
ip address 131.108.5.1 255.255.255.0
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 200
#
· 《H3C S12500系列路由交换机 三层技术-IP业务配置指导》中的“隧道”
· 《H3C S12500系列路由交换机 三层技术-IP业务命令参考》中的“隧道”
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
