公司搬家,从原有的思科设备换成华为AR路由器,有空研究了下华为AR路由器通过PPPoE拨号获取v6地址,且通过DHCPv6-PD给内网客户端分配地址。
全局开启IPv6
ipv6
基本PPPoE配置
interface Dialer1
link-protocol ppp
ppp chap user 011111063930
ppp chap password cipher %^%#owP[R9/aFQA\~=4_*D+&N-ZU~$x&J$YIpz8<]3'G%^%#
mtu 1492
ipv6 enable
tcp adjust-mss 1452
ip address ppp-negotiate
dialer user 011111063930
dialer bundle 1
ipv6 address auto link-local #自动配置链路本地地址
ipv6 address auto global default #自动获取IPV6地址并添加默认路由
nat outbound 3000
dhcpv6 client pd IPV6 #通过dhcpv6获取运营商前缀,前缀名称叫IPV6
interface GigabitEthernet0/0/2
pppoe-client dial-bundle-number 1
description To:ISP
undo lldp enable
acl number 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
配置IPV6的DHCP服务器给客户端下发DNS服务器地址
dhcpv6 pool IPV6
dns-server 240E:5A::6666
dns-server 240E:5B::6666
dns-domain-name iteachs.com
配置路由器接口
interface GigabitEthernet0/0/1
description To:Inside-IPV6
#
interface GigabitEthernet0/0/1.186 #这边配置采用子接口的方式和客户端互联
dot1q termination vid 186
ipv6 enable
ipv6 address IPv6 ::1:0:0:0:1/64 #前缀拿到的地址可能是/60的,这里分配/64的网段从1开始
ipv6 address auto link-local
undo ipv6 nd ra halt #开启RA功能,使客户端可以无状态获取地址
ipv6 nd autoconfig managed-address-flag #如果使用无状态获取地址可以不配置
ipv6 nd autoconfig other-flag #配置允许下发DNS地址
ipv6 nd ns multicast-enable #开启允许NS的组播功能,此功能不开启,无法解析下挂路由器的邻居,导致直连不通
dhcpv6 server IPV6 #绑定dhcpv6的服务
#
interface GigabitEthernet0/0/1.188
dot1q termination vid 188
ipv6 enable
ip address 192.168.188.252 255.255.255.0
ipv6 address IPv6 ::3:0:0:0:1/64
ipv6 address auto link-local
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
ipv6 nd ns multicast-enable
dhcpv6 server IPV6
#
interface GigabitEthernet0/0/1.189
dot1q termination vid 189
ipv6 enable
ipv6 address IPv6 ::4:0:0:0:1/64
ipv6 address auto link-local
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
ipv6 nd ns multicast-enable
dhcpv6 server IPV6
#
至此配置完成。
查看IPv6地址
<XXX-IPV6-R1>dis ipv inter brief
*down: administratively down
(l): loopback
(s): spoofing
Interface Physical Protocol
Dialer1 up up(s)
[IPv6 Address] 240E:3A0:611:A77:5EE7:47D5:74DB:3F99
GigabitEthernet0/0/1.186 up up
[IPv6 Address] 240E:3A2:610:4291::1
GigabitEthernet0/0/1.188 up up
[IPv6 Address] 240E:3A2:610:4293::1
GigabitEthernet0/0/1.189 up up
[IPv6 Address] 240E:3A2:610:4294::1
查看运营商获取的前缀
<XXXX-IPV6-R1>dis dhcpv6 client prefix
Prefix name : IPV6
Prefix : 240E:3A2:610:4290::/60
Life time(sec): valid 7200 preferred 3600
查看NDP邻居
<XXXX-IPV6-R1>dis ipv6 neighbors GigabitEthernet 0/0/1.188
-----------------------------------------------------------------------------
IPv6 Address : 240E:3A2:610:4293:20C:29FF:FE98:DCDA
Link-layer : 000c-2998-dcda State : STALE
Interface : GE0/0/1.188 Age : 00h08m10s
VLAN : 188 CEVLAN: -
VPN name : Is Router: FALSE
Secure FLAG : UN-SECURE
IPv6 Address : 240E:3A2:610:4293:250:56FF:FE93:7BD9
Link-layer : 0050-5693-7bd9 State : STALE
Interface : GE0/0/1.188 Age : 00h19m03s
VLAN : 188 CEVLAN: -
VPN name : Is Router: TRUE
Secure FLAG : UN-SECURE
IPv6 Address : 240E:3A2:610:4293:250:56FF:FE93:A987
Link-layer : 0050-5693-a987 State : STALE
Interface : GE0/0/1.188 Age : 00h17m47s
VLAN : 188 CEVLAN: -
VPN name : Is Router: FALSE
Secure FLAG : UN-SECURE
IPv6 Address : 240E:3A2:610:4293:812:E449:C386:B09D
Link-layer : 0050-5693-a002 State : STALE
Interface : GE0/0/1.188 Age : 00h02m09s
VLAN : 188 CEVLAN: -
VPN name : Is Router: FALSE
Secure FLAG : UN-SECURE
IPv6 Address : 240E:3A2:610:4293:1018:3A44:747:460
Link-layer : 0050-5693-a002 State : STALE
Interface : GE0/0/1.188 Age : 00h02m19s
VLAN : 188 CEVLAN: -
VPN name : Is Router: FALSE
Secure FLAG : UN-SECURE
IPv6 Address : 240E:3A2:610:4293:498A:4483:85C7:931
Link-layer : 0050-5693-a002 State : STALE
Interface : GE0/0/1.188 Age : 00h02m19s
VLAN : 188 CEVLAN: -
VPN name : Is Router: FALSE
Secure FLAG : UN-SECURE
使用了一段时间没发现问题,从IPv6的流量上看,目前V6的流量是高于V4的。