Juniper Netscreen 防火墙支持IPV6 配置

原文链接：Juniper Netscreen 防火墙支持IPV6 配置(http://devops.weiminginfo.com/network/1155.html)

版本升级

Juniper 官方建议升级至screenOS 6.3.0以后版本，升级步骤详见另一篇文章http://devops.weiminginfo.com/network/1148.html

配置步骤

1.开启ipv6的支持（enable ipv6）

CLI命令：

SSG520-1-> get envar
shdsl_pic_mode=0
last_reset=2019-06-17 14:33:56 by netscreen
patch=init
SSG520-1-> set envar ipv6=yes
SSG520-1->
SSG520-1-> get envar
shdsl_pic_mode=0
last_reset=2019-06-17 14:33:56 by netscreen
patch=init
ipv6=yes
SSG520-1-> save
SSG520-1-> reset
System reset, are you sure? y/[n] y
In reset ...

通过在envar中开启ipv6的支持

重启防火墙后登录查看已支持ipv6配置

WEBUI：network--interface--edit

在端口列表页已经有ipv6的配置选项

配置ipv6端口(host)

• BIND THE INTERFACE TO A ZONE --将端口设置一个zone
• ENABLE IPV6 HOST MODE INTERFACE IDENTIFIER --端口开启ipv6
• CONFIGURE UNICAST ADDRESS --配置接口地址

setp 1 ：BIND THE INTERFACE TO A ZONE

CLI	set interface eth0/1 zone untrust
WEBUI	Network>>Interface>>(List)>>Edit

setp 2 ：ENABLE IPV6 HOST MODE INTERFACE & IDENTIFIER

CLI	set interface eth0/1 ipv6 mode host set interface eth0/1 ipv6 enable
WEB UI	Network>>Interface>>(List)>>Edit>>IPv6

interface-id 会默认生成

setp 3 ：CONFIGURE UNICAST ipv6 ADDRESS

CLI	set interface eth0/1 ipv6 fe80::5e5e:abff:fe1c:d105
WEB UI	Network>>Interface>>(List)>>Edit>>IPv6

setp 4 ：CONFIGURE NEIGHBOR DISCOVERY

CLI	set interface eth0/1 ipv6 ra accept
WEB UI	Network>>Interface>>(List)>>Edit>>IPv6>>ND/RA Setting

配置ipv6端口(Router)

• BIND THE INTERFACE TO A ZONE --将端口设置一个zone
• ENABLE ROUTER MODE &INTERFACE IDENTIFIER --端口路由开启ipv6
• SET IPV6 PREFIX
• CONFIGURE ADDRESS AUTO CONFIGURATION

 

set interface eth0/1 ipv6  2409:8C20:0A11:0101::/64

SET IPV6 PREFIX

CONFIGURE ADDRESS AUTO CONFIGURATION

IPV6 Static Routes

CLI	set route 2409:8C20:0A11:0101::/64 interface e0/1 gateway 2409:8C20:0A11:0101::1
WEB UI	Network>>Routing >> Destination >> New