配置IOS 12.4(25f)以支持IPv6的必要步骤是什么?Comcast是ISP,我将使用Server 2012盒作为内部DHCPv6。
我需要从Comcast获取DHCPv6地址作为外部接口。
到目前为止,在我的外部接口上,我有:
ipv6 address autoconfig default
ipv6 enable
ipv6 traffic-filter al in
ipv6 verify unicast reverse-path
ipv6 dhcp client pd comcast-ipv6
对于“ al”访问列表,我有:
permit udp any any eq 546
Answers:
首先,您需要在路由器上全局启用
ipv6 unicast-routing
ipv6 cef
我相信您的WAN接口上还应该包含以下内容:
ipv6 address dhcp
ipv6 enable
ipv6 nd autoconfig default-route
ipv6 dhcp client pd comcast-ipv6-prefix
刚入门时,请不要使用任何访问列表或流量过滤器(ipv6 CBAC),直到连接正常。否则,您最终将自己摔在脚上。当然,除非您已完成一百万次,并且您确切知道每次都有效。
要完成此操作,这是我对运行12.4(24)T8的1841所具有的功能,它具有通过IPv6进行HTTP检查的错误,因此提供了一种可解决的ACL。
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool ComcastPool
prefix-delegation pool comcast-ipv6
dns-server <IPv6-IP>
domain-name internal.domain
ipv6 inspect name traffic ftp
ipv6 inspect name traffic udp
ipv6 inspect name traffic icmp
interface FastEthernet0/0
ipv6 address dhcp
ipv6 address autoconfig default
ipv6 enable
ipv6 traffic-filter wan-in in
ipv6 traffic-filter wan-out out
ipv6 verify unicast reverse-path
ipv6 dhcp client pd comcast-ipv6
ipv6 inspect traffic out
interface FastEthernet0/1
ipv6 address comcast-ipv6 ::1/64
ipv6 address autoconfig
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server ComcastPool
ipv6 access-list wan-in
permit icmp any any
permit udp any any eq 546
permit tcp any any established
sequence 100 deny ipv6 any any
ipv6 access-list wan-out
permit icmp any any
permit tcp any any
permit udp any any
sequence 100 deny ipv6 any any