***本文于2019年1月成文,在2020年3月进行了修订,更正了部分配置命令的使用。
本地联通运营商已经开通了家用宽带的IPv6,通过单独电脑PPPoE拨号证实可用。
但是,显然现在几乎没有人用电脑直接拨号了。那么,如何能在不改变现有网络拓扑的情况下,让内网的客户机也用上IPv6呢?
答案很简单,就是在路由器上设置PD(Prefix Delegation,前缀委派)。
研究了一下,配置方法如下:
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool STATELESS //仅用于为内网“无状态自动配置”的IPv6客户端指派DNS,所以没有地址信息。
dns-server 2408:8000:6001:7000::8888 //DNS改成你所在运营商的
interface Vlan1 //内网(LAN)接口配置
ip address 172.16.0.1 255.255.255.0 //原有IPv4配置
ip nat inside //原有IPv4配置
ipv6 address isp ::1/64 //此处的“isp”是自定义的前缀名称。此处使用/64长度的前缀
ipv6 enable
ipv6 nd other-config-flag //使用DHCPv6为内网客户端分配DNS
ipv6 dhcp server STATELESS //指定DHCPv6地址池
ipv6 mtu 1280 //在内网接口设置IPv6的mtu,1280是最小值,视情况调整。
interface Dialer0 //外网(PPPoE)接口配置
ip address negotiated //原有IPv4配置
ip mtu 1492 //原有IPv4配置
ip nat outside //原有IPv4配置
encapsulation ppp
ip tcp adjust-mss 1452 //原有IPv4配置
dialer pool 1
ipv6 address autoconfig default //目前本地联通的IPv6地址为无状态自动配置
ipv6 enable
ipv6 mtu 1280 //最小为1280,依实际情况调整
ipv6 tcp adjust-mss 1000 //作用同IPv4下相同的命令。(需要IOS 15.3版本才支持)
ipv6 dhcp client pd isp rapid-commit //启用PD功能,“isp”是自定义的前缀名称
ppp authentication pap callin
ppp pap sent-username usr password 0 pwd
interface FastEthernet0 //拨号用物理接口配置
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
ipv6 route ::/0 Dialer0 //IPv6的默认路由
验证配置:
CORE01#show ipv6 interface brief
Dialer0 [up/up]
FE80::21B:AAAA:BBBB:CCCE
2408:3333:6666:9999:21B:AAAA:BBBB:CCCE //出于隐私考虑,地址已做修改……
Vlan1 [up/up]
FE80::21B:AAAA:BBBB:CCCC //请注意:此处的link-local地址与Dialer0的不同
2408:3333:6688:7777::1
目前看来,2408开头是联通的IPv6,2409开头是移动LTE的IPv6。
CORE01#show ipv6 dhcp interface dialer 0
Dialer0 is in client mode //表示此接口当前工作在客户端模式
Prefix State is OPEN (0) //当前接口的DHCPv6客户端状态。OPEN表示已收到配置信息
Information refresh timer expires in 22:35:58
Renew will be sent in 22:35:58
Address State is IDLE
List of known servers: //列出了此接口上的服务器
Reachable via address: FE80::A6DC:BEFF:FEF7:CD8C //DHCP服务器的地址
DUID: 0001000600AB8758A4DCBEF7CD8C //DHCP服务器的DUID(DHCP Unique Identifier)
Preference: 255
Configuration parameters:
IA PD: IA ID 0x00140001, T1 86400, T2 138240
Prefix: 2408:3333:6688:7777::/60 //联通给分配的前缀为/60
preferred lifetime 172800, valid lifetime 259200
expires at Jan 12 2019 02:45 PM (254159 seconds)
DNS server: 2408:8000:6001:7000::8888 //联通给分配的DNS服务器
DNS server: 2408:8000:6001:7000::9999
Information refresh time: 0
Prefix name: isp //前缀池的名称
Prefix Rapid-Commit: disabled
Address Rapid-Commit: disabled
CORE01#show ipv6 dhcp interface vlan 1
Vlan1 is in server mode //该接口工作于DHCPv6服务器模式
Using pool: STATELESS //使用的DHCPv6池
Preference value: 0
Hint from client: ignored
Rapid-Commit: disabled
CORE01#show ipv int dialer 0
Dialer0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::21B:AAAA:BBBB:CCCE
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2408:3333:6666:9999:21B:AAAA:BBBB:CCCE, subnet is 2408:3333:6666:9999::/64 [EUI/CAL/PRE]
valid lifetime 258820 preferred lifetime 172420
Joined group address(es):
FF02::1
FF02::2
FF02::1:BCBB:CCCE
MTU is 1280 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses. //表示当前接口使用“无状态自动配置”分配IPv6地址
CORE01#show ipv int vlan 1
Vlan1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::21B:AAAA:BBBB:CCCC
No Virtual link-local address(es):
General-prefix in use for addressing
Global unicast address(es):
2408:3333:6688:7777::1, subnet is 2408:3333:6688:7777::/64 [CAL/PRE]
valid lifetime 252857 preferred lifetime 166457
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FF00:1
FF02::1:BCBB:CCCC
FF05::1:3
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: QoS classify QoS actions
Service-policy input: PRE-CLASSIFY
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses. //此接口上(的内网电脑)使用无状态自动配置获取IPv6地址
Hosts use DHCP to obtain other configuration. //此接口上(的内网电脑)使用DHCPv6获取其他配置(如DNS服务器)
最后在电脑上用ipconfig /all看一下,是否正确获取了IPv6地址和DNS?
访问http://test-ipv6.com/,测试是否正常。
====================sp1==================
尽管IPv6有MTU自动发现的能力,但在公网环境中并不是那么好用,经常会出现因MTU过大导致的丢包,最终引起页面加载慢、打不开等等问题。
笔者做测试的Cisco路由器因为平台太老(1800平台),不支持ipv6 tcp adjust-mss命令。
从ISR G2(1900/2900/3900)平台开始,最新版的IOS都可以支持ipv6 tcp adjust-mss命令,使用原则如ipv4下的类似命令。