Configuration procedure, Configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 123

Advertising
background image

111

Configuring a destination address on the AFTR is unnecessary. When receiving a packet from the

tunnel, the AFTR records the source IPv6 address of the packet and uses it as the IPv6 address of the
tunnel destination (address of the CPE).

You must enable NAT on the AFTR's interface which is connected to the Internet. AFTR does not
support static NAT mappings or VPN instance matching. If an ACL rule includes a VPN instance,

the rule does not take effect.

A CPE tunnel interface can establish tunnel with only one AFTR tunnel interface, but an AFTR tunnel
interface can establish tunnels with multiple CPE tunnel interfaces.

Configuration procedure

To configure the AFTR of a DS-Lite tunnel:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable IPv6.

ipv6

By default, the IPv6 packet
forwarding function is disabled.

3.

Enter tunnel interface view. interface tunnel number N/A

4.

Configure an IPv4 address
for the tunnel interface.

ip address ip-address { mask |
mask-length } [ sub ]

By default, no IPv4 address is
configured for the tunnel interface.

5.

Specify the DS-Lite AFTR

tunnel mode.

tunnel-protocol ipv4-ipv6 dslite-aftr

By default, the tunnel mode is GRE
over IPv4.
The tunnel mode at the other end of
the tunnel should be DS-Lite CPE.

Otherwise, packet delivery will fail.

6.

Configure the source
address or interface for the

tunnel interface.

source { ipv6-address |
interface-type interface-number }

By default, no source address or
interface is configured for the tunnel.

Configuration example

Network requirements

As shown in

Figure 78

, a private IPv4 network and a public IPv4 network are separated by an IPv6

network.
Build a DS-Lite tunnel between CPE (SecPath A) and AFTR (SecPath B) and configure NAT on AFTR's

interface connecting to the public IPv4 network, so that hosts in the private IPv4 network can access the

public IPv4 network and hosts from different private IPv4 networks can use the same IPv4 addresses.
In the IPv6 network, deploy a DHCPv6 server (SecPath C) for CPE to obtain AFTR's IPv6 address.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals