Juniper Netscreen 防火墙支持IPV6 配置

原文链接:Juniper Netscreen 防火墙支持IPV6 配置(http://devops.weiminginfo.com/network/1155.html)

版本升级

Juniper 官方建议升级至screenOS 6.3.0以后版本,升级步骤详见另一篇文章http://devops.weiminginfo.com/network/1148.html

配置步骤

1.开启ipv6的支持(enable ipv6)

CLI命令:

SSG520-1-> get envar
shdsl_pic_mode=0
last_reset=2019-06-17 14:33:56 by netscreen
patch=init
SSG520-1-> set envar ipv6=yes
SSG520-1->
SSG520-1-> get envar
shdsl_pic_mode=0
last_reset=2019-06-17 14:33:56 by netscreen
patch=init
ipv6=yes
SSG520-1-> save
SSG520-1-> reset
System reset, are you sure? y/[n] y
In reset ...

通过在envar中开启ipv6的支持

重启防火墙后登录查看已支持ipv6配置

WEBUI:network--interface--edit

在端口列表页已经有ipv6的配置选项

配置ipv6端口(host)

  • BIND THE INTERFACE TO A ZONE --将端口设置一个zone
  • ENABLE IPV6 HOST MODE INTERFACE IDENTIFIER --端口开启ipv6
  • CONFIGURE UNICAST ADDRESS --配置接口地址

setp 1 :BIND THE INTERFACE TO A ZONE

CLI set interface eth0/1 zone untrust
WEBUI Network>>Interface>>(List)>>Edit

setp 2 :ENABLE IPV6 HOST MODE INTERFACE & IDENTIFIER

CLI set interface eth0/1 ipv6 mode host
set interface eth0/1 ipv6 enable
WEB UI Network>>Interface>>(List)>>Edit>>IPv6

interface-id 会默认生成

setp 3 :CONFIGURE UNICAST ipv6 ADDRESS

CLI set interface eth0/1 ipv6 fe80::5e5e:abff:fe1c:d105
WEB UI Network>>Interface>>(List)>>Edit>>IPv6

setp 4 :CONFIGURE NEIGHBOR DISCOVERY

CLI set interface eth0/1 ipv6 ra accept
WEB UI Network>>Interface>>(List)>>Edit>>IPv6>>ND/RA Setting

配置ipv6端口(Router)

  • BIND THE INTERFACE TO A ZONE --将端口设置一个zone
  • ENABLE ROUTER MODE &INTERFACE IDENTIFIER --端口路由开启ipv6
  • SET IPV6 PREFIX
  • CONFIGURE ADDRESS AUTO CONFIGURATION

 

set interface eth0/1 ipv6  2409:8C20:0A11:0101::/64

SET IPV6 PREFIX

CONFIGURE ADDRESS AUTO CONFIGURATION

IPV6 Static Routes

CLI set route 2409:8C20:0A11:0101::/64 interface e0/1 gateway 2409:8C20:0A11:0101::1
WEB UI Network>>Routing >> Destination >> New

原文链接:加载失败,请重新获取