IPv6 cgsh_2024
一、CGSH ipv6
1.IPv6 CGSH
| 單位 | DNS AAAA | IPv6 prefix | Route D Point | School A Point |
| 中港高中 | 2001:288:5402::1 | 2001:288:5402/48 | 2001:288:54FF:02::1/64 | 2001:288:54FF:02::FF/64 |
2.介面IP設定
教育局(市網介面 IP6)
2001:288:54ff:2::1/64
學校A點(WAN IP6)
2001:288:54ff:2::ff/64
教網中心 IPv6 DNS
2001:288:5400::1/128
2001:288:5400::3/128
中港高中 IPv6 prefix
2001:288:5402::/483.IPv6的DNS
台中市教育局 DNS
2001:288:5400::1
2001:288:5400::3
Hinet DNS
2001:b000:168::1
2001:b000:168::2
google DNS
2001:4860:4860::8888
2001:4860:4860::88444.IPv6測試
https://test-ipv6.com/index.html.zh_TW
https://ipv6.tc.edu.tw/
5.Subnet masks (IPv4) and prefixes (IPv6)
IPv4(10進位)
0.0.0.0
255.255.255.255
0.0/16
255.255.255/24
255.255.255.255/32
IPv6(16進位)
0000:0000:0000:0000:0000:0000:0000:0000
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
ffff:ffff:ffff/48
ffff:ffff:ffff:ffff/64
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
中港高中 IPv6 prefix
2001:288:5402::/48
2001:288:5402::61/64
2001:288:5402:61::ffff/64
2001:288:5402:61::/64
二、2001:288:5402:61::/64
2001:288:5402:61:1::1 – 2001:288:5402:61:1::ffff
1.介面設定一
1-1.介面 Tanet-CGHS (port9) IPv6:「2001:288:5402::61/64」
1-2.靜態路由:
1-2-1.目的:「::/0」
1-2-2.閘道器位址: 「2001:288:5402::ffff」
1-2-3.介面: 「Tanet-CGHS (port9)」
2.介面設定二
2-1.介面 (port13) IPv6:「2001:288:5402:61::ffff/64」
2-2.DHCPv6 伺服器:「2001:288:5402:61:1::1 - 2001:288:5402:61:1::9fe」
2-3.DNS:
台中市教育局 DNS
2001:288:5400::1
2001:288:5400::3
Hinet DNS
2001:b000:168::1
2001:b000:168::2
google DNS
2001:4860:4860::8888
2001:4860:4860::8844
3.防火牆政策
3-1. WiFi to Tanet(服務 ALL、目的 all)
3-2.Tanet to WiFi(服務 icmp6、目的 2001:288:5402:61::)
3-3.回來的route(有去有回)
網路介面:
2001:288:5402:61:2::1/128
2001:288:5402:61:2::2/128
GateWay:
2001:288:5402:61::ffff/64
三、無狀態定址自動配置(Stateless Address Autoconfiguration , SLAAC)
IPv4 網路位址取得方式:
1.固定位址配置、2.動態位址配置兩種(Dynamic Host Configuration Protocol)。
IPv6網路,無狀態定址自動配置(Stateless Address Autoconfiguration , SLAAC),可直接由路由器直接核發Prefix給用戶端主機,不需要再透過DHCP伺服器,主機得到Prefix後將結合自動產生的Host ID而產生IPv6位址。
1.End-User Interface w/ DHCPv6
https://weberblog.net/basic-ipv6-configuration-on-a-fortigate-firewall/CGSH-Fortigate-200D (port2) # show
config system interface
edit "port2"
set vdom "CGSH"
set ip 192.168.1.254 255.255.255.0
set allowaccess ping https fgfm
set type physical
set alias "CGSH-Center "
set device-identification enable
set device-identification-active-scan enable
set role lan
set snmp-index 23
config ipv6
set ip6-address 2001:288:5402:1::ffff/64
set ip6-allowaccess ping
set ip6-send-adv enable
set ip6-other-flag enable
config ip6-prefix-list
edit 2001:288:5402:1::/64
set autonomous-flag enable
set onlink-flag enable
next
end
end
next
set ip6-allowaccess ping https ssh http fgfm capwap – 允許在此port的防火牆的協議。
set ip6-send-adv enable – 從這個Port發送的 IPv6 路由。
set ip6-other-flag enable – 我們使用 SLAAC 為內部設備分配 IP 地址。SLAAC 不配置諸如 DNS 設置之類的東西,所以這個選項告訴內部設備仍然從可用的 DHCP 獲取一些信息。
CGSH-Fortigate-200D (port2) # show
config system interface
edit "port2"
set vdom "CGSH"
set ip 192.168.1.254 255.255.255.0
set allowaccess ping https fgfm
set type physical
set alias "CGSH-Center "
set device-identification enable
set device-identification-active-scan enable
set role lan
set snmp-index 23
config ipv6
set ip6-address 2001:288:5402:1::ffff/64
set ip6-allowaccess ping
end
next
endCGSH-Fortigate-200D (CGSH) # config system dhcp6 server
CGSH-Fortigate-200D (server) # show
config system dhcp6 server
edit 1
set lease-time 86400
set subnet 2001:288:5402:1::/64
set interface "port2"
set dns-server1 2001:288:5400::1
set dns-server2 2001:b000:168::1
set dns-server3 2001:4860:4860::8888
next
end
CGSH-Fortigate-200D (server) #
edit Add/edit a table value.
delete Delete a table value.
purge Clear all table values.
rename Rename a table entry.
get Get dynamic and system information.
show Show configuration.
end End and save last config.
CGSH-Fortigate-200D (server) # delete 1
CGSH-Fortigate-200D (server) # show
config system dhcp6 server
end