版本升级
Juniper 官方建议升级至screenOS 6.3.0以后版本,升级步骤详见另一篇文章http://devops.weiminginfo.com/network/1148.html
配置步骤
1.开启ipv6的支持(enable ipv6)
CLI命令:
SSG520-1-> get envar
shdsl_pic_mode=0
last_reset=2019-06-17 14:33:56 by netscreen
patch=init
SSG520-1-> set envar ipv6=yes
SSG520-1->
SSG520-1-> get envar
shdsl_pic_mode=0
last_reset=2019-06-17 14:33:56 by netscreen
patch=init
ipv6=yes
SSG520-1-> save
SSG520-1-> reset
System reset, are you sure? y/[n] y
In reset ...通过在envar中开启ipv6的支持
重启防火墙后登录查看已支持ipv6配置
WEBUI:network--interface--edit
在端口列表页已经有ipv6的配置选项
配置ipv6端口(host)
- BIND THE INTERFACE TO A ZONE --将端口设置一个zone
- ENABLE IPV6 HOST MODE INTERFACE IDENTIFIER --端口开启ipv6
- CONFIGURE UNICAST ADDRESS --配置接口地址
setp 1 :BIND THE INTERFACE TO A ZONE
| CLI | set interface eth0/1 zone untrust |
| WEBUI | Network>>Interface>>(List)>>Edit |
setp 2 :ENABLE IPV6 HOST MODE INTERFACE & IDENTIFIER
| CLI | set interface eth0/1 ipv6 mode host set interface eth0/1 ipv6 enable |
| WEB UI | Network>>Interface>>(List)>>Edit>>IPv6 |
interface-id 会默认生成
setp 3 :CONFIGURE UNICAST ipv6 ADDRESS
| CLI | set interface eth0/1 ipv6 fe80::5e5e:abff:fe1c:d105 |
| WEB UI | Network>>Interface>>(List)>>Edit>>IPv6 |
setp 4 :CONFIGURE NEIGHBOR DISCOVERY
| CLI | set interface eth0/1 ipv6 ra accept |
| WEB UI | Network>>Interface>>(List)>>Edit>>IPv6>>ND/RA Setting |
配置ipv6端口(Router)
- BIND THE INTERFACE TO A ZONE --将端口设置一个zone
- ENABLE ROUTER MODE &INTERFACE IDENTIFIER --端口路由开启ipv6
- SET IPV6 PREFIX
- CONFIGURE ADDRESS AUTO CONFIGURATION
set interface eth0/1 ipv6 2409:8C20:0A11:0101::/64
SET IPV6 PREFIX
CONFIGURE ADDRESS AUTO CONFIGURATION
IPV6 Static Routes
| CLI | set route 2409:8C20:0A11:0101::/64 interface e0/1 gateway 2409:8C20:0A11:0101::1 |
| WEB UI | Network>>Routing >> Destination >> New |
原文链接:Juniper Netscreen 防火墙支持IPV6 配置,转载请注明来源!