Transcript IPV6 Lab
李煒 [email protected] IPV6 Lab IPV6 Lab 2001:288:2200/39新北市教網 2001:288:school code:vlan tag::/64 Geteway 2001:288:school code:vlan tag::ff/64 IP網段說明 未來IP網段配置 Vlan VID 網段 IPV6 用途 Mgt 1 2001:288:22XX:1::ff/64 網管用 Wan 2 163.20.203.89/29 2001:288:22XX:2::xx/124 對外連結網段 Lan 3 163.20.172.254/24 2001:288:22XX:3::ff/64 行政用 dsa_wan 8 10.253.76.254/24 2001:288:22XX:8::ff/64 DSA-WAN IP (10.253.76.1) Intra-1 10 10.231.76.254/24 2001:288:22XX:10::ff/64 電腦教室 Intra-2 20 10.241.76.254/24 2001:288:22XX:20::ff/64 教學教室 Voice 25 10.243.76.0/24 2001:288:22XX:25::ff/64 VoIP Wlan 30 10.251.76.254/24 2001:288:22XX:30::ff/64 無線網路 (IP移至 DSA-3600使用) WPA2 35 10.245.76.0/24 2001:288:22XX:35::ff/64 無線WAP2用 MAC 36 10.247.76.0/24 2001:288:22XX:36::ff/64 無線Mobile用 10.226.76.254 IPv6 address 分配原則 2001:288:2200:vlan tag::/64 each vlan in core 2001:288:2201::/48 NS5200 and school L3 2001:288:2202/48 - 2001:288:232E/48 301 schools → 2001:288:school code:vlan tag::/64 Cisco ipv6指令 > # (config) # (config-if)# En Config t Ipv6 unicast-routing Interface vlan XX Ipv6 enable Ipv6 address 2001:288:22xx:vid::ff/64 Exit IPV4 vs IPV6 IP Ipv6 Gateway Gateway Mask \64 \48 Vlan Vlan Route Ipv6 unicast-routing Ping Ping tracert tracert ipv6 FE80::/10 Link Local Address 2XXX: Global Unicast 3XXX: Global Unicast FFXX:Multicast 2001:288:2200/39新北市教網 When we config ipv6 address, it’s also enables ipv6 for now. Router 指令參考 Service timestamps debug uptime Debug ipv6 nd (Neighbor Discovery) INCMP imcomplete NS Neighbor Solicitation NA Neighbor Advertisment LLA:Link Layer Address(MAC) INCMP() ->REACH()->STALE(30’s not flesh anymore) 業務宣導 無線網路現況 Ntpc Dlink dsa3600->後端認證系統進行驗證 Operator Ntpc-Mobile L3->Winoc認證系統進行驗證 Ntpc-WPA2 Ap->Winoc->後端認證系統進行驗證 L3 Switch & L2 Switch 報修處理說明 未來學校網路架構 學校架構示意圖 TANET DGS-3627 DSA-3600 10G堆疊 DGS-3100-24P DGS-3100-48P DPH-150SE 無線網路 行政電腦 電腦教室 行政電腦 無線網路 DAP-2590 教學教室 教學教室 架構應用說明—話機 PoE Switch LAN port Voice vlan (vid 25) PC port Intra-2 vlan (vid 20) Voice vlan Intra-2 vlan DPH-150SE LAN port負責傳送兩個vlan的流量至PoE Switch DPH-150SE PC port接取PC 架構應用說明—無線AP PoE Switch TPC-WPA2 TPC TPC (vid30) TPC-WPA2(vid35) TPC-Mobile(vid36) TPC-Mobile 每台DAP-2590提供三組SSID, TPC提供web認證功能 TPC-WPA2提供WPA2認證功能 TPC-Mobile提供行動裝置MAC認證功能 Mgmt (vid1) 無線AP認證機制說明 DGS-3627 DSA-3600 PoE Switch TPC-WPA2 TPC TPC-Mobile SSID TPC認證透過DSA-3600與後端系統進行驗證 SSID TPC-WAP2則透過DAP-2590與後端認證系統進行驗證 SSID TCP-Mobile則透過DGS-3627與後端系統進行驗證