Configuring 4to6 aft policies – H3C Technologies H3C SecPath F1000-E User Manual

Page 80

Advertising
background image

68

If the source IPv6 address matches the IPv6 ACL, the AFT translates the address into the IPv4

address of the specified interface. The port number is also translated.

Type 3—DNS64 prefix + address pool
If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, the source

address is translated into an IPv4 address in the specified address pool. If the no-pat keyword is
specified, only the IP address is translated. Otherwise, both the IP address and the port number are

translated to save the IPv4 addresses in the address pool.

Type 4—DNS64 prefix + interface address
If the prefix of the destination IPv6 address is the DNS64 prefix specified in the policy, AFT
translates the source address into the IPv4 address of the specified interface. The port number is

also translated.

To configure the 6to4 AFT policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure an AFT

IPv4 address pool.

aft address-group group-number start-ipv4-address
end-ipv4-address

Required for type 1

and type 3.
Ignored for type 2
and type 4.

3.

Configure the AFT

policy.

Configure the AFT policy (IPv6 ACL + address pool):

aft v6tov4 acl6 number acl6-number address-group

group-number [ no-pat ]

Configure the AFT policy (IPv6 ACL + interface

address):
aft v6tov4 acl6 number acl6-number interface

interface-type interface-number

Configure the AFT policy (DNS64 prefix + address
pool):

aft v6tov4 prefix-dns64 dns64-prefix prefix-length

address-group group-number [ no-pat ]

Configure the AFT policy (DNS64 prefix + interface

address):

aft v6tov4 prefix-dns64 dns64-prefix prefix-length
interface interface-type interface-number

Configure one of the
commands.

NOTE:

The AFT address pool contains a range of continuous IPv4 addresses. When the AFT policy is type 1 or
type 3, the AFT chooses an IPv4 address from the address pool as the translated IPv4 address.

The DNS64 prefix must be configured with the aft prefix-dns64 command.

For more information about ACL, see

Access Control Configuration Guide.

Configuring 4to6 AFT policies

When the communication is initiated by an IPv4 host, the source and destination IPv4 addresses are

translated into IPv6 addresses based on two 4to6 AFT policies.
One 4to6 AFT policy is used for source address translation, and the other is for destination address

translation.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals