HCIA-Datacom实验指导手册:7 构建简单 IPv6 网络
一、实验介绍:
IPv6(Internet Protocol Version 6)也被称为 IPng(IP Next Generation)。它是 Internet 工程任
务组 IETF(Internet Engineering Task Force)设计的一套规范,是 IPv4(Internet Protocol
Version 4)的下一代版本。
相比较于 IPv4,IPv6 具有如下优势:
• 近乎“无限”的地址空间
• 层次化的地址结构
• 即插即用
• 简化的报文头部
• 安全特性
• 移动性
• 增强的 QoS 特性等
本章将通过搭建一个 IPv6 网络,帮助学员了解 IPv6 的基本原理和地址配置。
二、实验拓扑:
三、实验目的:
掌握静态 IPv6 地址的配置方法
掌握 DHCPv6 服务的配置方法(DHCPv6服务器端将会记录该地址的分配情况(这也是为什么被称为有状态)。)
掌握无状态地址配置方法(无状态地址配置的关键在于路由器完全不关心主机的状态如何,是否在线等,所以称
为无状态。)
掌握 IPv6 静态路由的配置方法
掌握 IPv6 相关信息查看方法
四、配置步骤:
步骤 1 设备基础配置
设备命名
略。
步骤 2 配置设备及接口 IPv6 功能
[ar1]ipv6
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
[ar2]ipv6
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
interface GigabitEthernet0/0/1
ipv6 enable
ipv6 address auto link-local
[ar3]ipv6
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
步骤 3 配置接口的 link-local 地址,并测试
[ar1]display ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE96:296D
No global unicast address configured
Joined group address(es):
FF02::1:FF96:296D
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
[ar2]display ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE21:6193
No global unicast address configured
Joined group address(es):
FF02::1:FF21:6193
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
[ar2]display ipv6 interface GigabitEthernet 0/0/1
GigabitEthernet0/0/1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE21:6194
No global unicast address configured
Joined group address(es):
FF02::1:FF21:6194
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
<rar3>display ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FEDE:4E37
No global unicast address configured
Joined group address(es):
FF02::1:FFDE:4E37
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
测试 R1 与 R2 联通性
[ar1]ping ipv6 FE80::2E0:FCFF:FE21:6193 -i GigabitEthernet 0/0/0
PING FE80::2E0:FCFF:FE21:6193 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FE21:6193
bytes=56 Sequence=1 hop limit=64 time = 80 ms
Reply from FE80::2E0:FCFF:FE21:6193
bytes=56 Sequence=2 hop limit=64 time = 20 ms
Reply from FE80::2E0:FCFF:FE21:6193
bytes=56 Sequence=3 hop limit=64 time = 10 ms
Reply from FE80::2E0:FCFF:FE21:6193
bytes=56 Sequence=4 hop limit=64 time = 20 ms
Reply from FE80::2E0:FCFF:FE21:6193
bytes=56 Sequence=5 hop limit=64 time = 20 ms
--- FE80::2E0:FCFF:FE21:6193 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/30/80 ms
测试 R1 与 R3 联通性
[ar2]ping ipv6 FE80::2E0:FCFF:FEDE:4E37 -i GigabitEthernet 0/0/1
PING FE80::2E0:FCFF:FEDE:4E37 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FEDE:4E37
bytes=56 Sequence=1 hop limit=64 time = 20 ms
Reply from FE80::2E0:FCFF:FEDE:4E37
bytes=56 Sequence=2 hop limit=64 time = 20 ms
Reply from FE80::2E0:FCFF:FEDE:4E37
bytes=56 Sequence=3 hop limit=64 time = 20 ms
Reply from FE80::2E0:FCFF:FEDE:4E37
bytes=56 Sequence=4 hop limit=64 time = 30 ms
Reply from FE80::2E0:FCFF:FEDE:4E37
bytes=56 Sequence=5 hop limit=64 time = 10 ms
--- FE80::2E0:FCFF:FEDE:4E37 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/20/30 ms
当ping测试的目的IPv6地址为link-local地址时,必须指定源接口或源IPv6地址。
步骤 4 配置 R2 的静态 IPv6 地址
interface GigabitEthernet0/0/0
ipv6 address 2000:12::2/64
interface GigabitEthernet0/0/1
ipv6 address 2000:23::2/64
步骤 5 配置 R2 的 DHCPv6 Server 功能,配置 R3 通过 DHCPv6 获取 IPv6 地址(需要配置ipv6 nd autoconfig managed-address-flag、ipv6 nd autoconfig other-flag两条命令才能获取到默认网关地址)
[ar2-dhcpv6-pool-pool1]di th
[V200R003C00]
#
dhcpv6 pool pool1
address prefix 2000:23::/64
dns-server 2000:23::2
#
interface GigabitEthernet0/0/1
undo ipv6 nd ra halt #命令用来使能系统发布RA报文功能,默认情况下路由器的接口不会
发送RA报文
ipv6 nd autoconfig managed-address-flag #ipv6 nd autoconfig managed-address-flag命令用来设置RA报文中的有状态自动配置地
址的标志位,默认情况下不设置该位。
• 如果设置了该标志位,则主机通过有状态自动配置获得IPv6地址。
• 如果清除了该标志位,则主机通过无状态自动配置获得IPv6地址,即通过RA报文向主
机发布IPv6地址前缀信息自动生成IPv6地址。
ipv6 nd autoconfig other-flag #ipv6 nd autoconfig other-flag命令用来设置RA报文中的有状态自动配置其他信息的标志
位,默认情况下不设置该位。
• 如果设置了该标志位,则主机可通过有状态自动配置获得除IPv6地址外的其他配置信
息,包括路由器生存时间、邻居可达时间、邻居的重传时间、链路的MTU信息。
• 如果清除了该标志位,则主机进行无状态自动配置。即路由设备通过RA报文向主机发
布除IPv6地址外的其他配置信息,包括路由器生存时间、邻居可达时间、邻居的重传
时间、链路的MTU信息。
dhcpv6 server pool1
#
<rar3>display ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FEDE:4E37
Global unicast address(es):
2000:23::1, subnet is 2000:23::1/128
Joined group address(es):
FF02::1:FF00:1
FF02::2
FF02::1
FF02::1:FFDE:4E37
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
<rar3>
<rar3>display dns server
Type:
D:Dynamic S:Static
No configured ip dns servers.
No. Type IPv6 Address Interface Name
1 D 2000:23::2
<rar3>display ipv6 routing-table
Routing Table : Public
Destinations : 4 Routes : 4
Destination : :: PrefixLength : 0
NextHop : FE80::2E0:FCFF:FE21:6194 Preference : 64
Cost : 0 Protocol : Unr
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet0/0/0 Flags : D
步骤 6 配置 R1 通过无状态方式配置 IPv6 地址
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]undo ipv6 nd ra halt #无状态自动配置机制使用到了ICMPv6中的路由器请求报文(Router
Solicitation)及路由器通告报文(Router Advertisement)。
[ar1-GigabitEthernet0/0/0]di th
[V200R003C00]
#
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address auto link-local
ipv6 address auto global #关键命令
[ar1]display ipv6 interface brief
*down: administratively down
(l): loopback
(s): spoofing
Interface Physical Protocol
GigabitEthernet0/0/0 up up
[IPv6 Address] 2000:12::2E0:FCFF:FE96:296D
[ar1]
步骤 7 配置 IPv6 静态路由
ipv6 route-static 2000:23:: 64 GigabitEthernet0/0/0 #使用下一跳出口不行。因为没有指定下一跳地址,路由表中的到2000:23:: 64 的下一跳是自己的链路本地地址。因为不知道目的mac,所有要进行地址解析,但是根据ipv6的地址解析过程却得不到2000:23::/64对于的mac地址。所以不行。
ipv6 route-static 2000:23:: 64 2000:12::2 #要指定下一跳ip。
[R1]ping ipv6 2000:23::1
PING 2000:23::1 : 56 data bytes, press CTRL_C to break
Reply from 2000:23::1
bytes=56 Sequence=1 hop limit=63 time = 20 ms
Reply from 2000:23::1
bytes=56 Sequence=2 hop limit=63 time = 20 ms
Reply from 2000:23::1
bytes=56 Sequence=3 hop limit=63 time = 30 ms
Reply from 2000:23::1
bytes=56 Sequence=4 hop limit=63 time = 20 ms
Reply from 2000:23::1
bytes=56 Sequence=5 hop limit=63 time = 30 ms
五、结果验证
略
六、配置参考
略。
七、 思考题与附加内容
- 步骤三中检测 link-local 地址之间联通性以及步骤七中检测 GUA 地址之间的联通性时,为何步骤三中必须指定源接口?
答:
唯一性: link-local 地址仅在特定链路上是唯一的,因此如果要从一个链路上的设备 ping 另一个链路上的设备,则需要明确指定使用哪个链路上的地址作为源地址。
路由限制: link-local 地址通常仅适用于链路本地通信,无法通过路由器进行转发。因此,如果源地址不在同一链路上,则 ping 请求无法到达目标地址。
接口选择: 如果目标地址是 link-local 地址,则需要指定源接口,以确保 ping 请求从正确的网络接口发送出去。
解决冲突: 在某些情况下,可能存在多个接口使用相同的 link-local 地址的情况。在这种情况下,必须明确指定源接口或源 IPv6 地址,以避免混淆和冲突。
2.观察有状态地址配置和无状态地址配置获取到的 IPv6 地址区别,说明为什么会出现这种情况。
答: 无状态地址获取到的地址是通过UEI-64方式获取的。有状态地址是DHCP地址池分配的。
扫一扫
1268
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
