Capricorn

"Life is choices, and his choice is bad and good"

Implementasi NAT-PT for IPv6

leave a comment »

Configuring Basic IPv6 to IPv4 Connectivity for NAT-PT for IPv6

Perform this task to configure basic IPv6 to IPv4 connectivity for NAT-PT, which consists of configuring the NAT-PT prefix globally, and enable NAT-PT on an interface. For NAT-PT to be operational, NAT-PT must be enabled on both the incoming and outgoing interfaces.

An IPv6 prefix with a prefix length of 96 must be specified for NAT-PT to use. The IPv6 prefix can be a unique local unicast prefix, a subnet of your allocated IPv6 prefix, or even an extra prefix obtained from your Internet service provider (ISP). The NAT-PT prefix is used to match a destination address of an IPv6 packet. If the match is successful, NAT-PT will use the configured address mapping rules to translate the IPv6 packet to an IPv4 packet. The NAT-PT prefix can be configured globally or with different IPv6 prefixes on individual interfaces. Using a different NAT-PT prefix on several interfaces allows the NAT-PT router to support an IPv6 network with multiple exit points to IPv4 networks.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 nat prefix ipv6-prefix/prefix-length

4. interface type number

5. ipv6 address ipv6-prefix {/prefix-length | link-local}

6. ipv6 nat

7. exit

8. interface type number

9. ip address ip-address mask [secondary]

10. ipv6 nat

DETAILED STEPS

 
 

Command or Action

Purpose
Step 1 enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 configure terminal

Example:

Router# configure terminal

Enters global configuration mode.
Step 3 ipv6 nat prefix ipv6-prefix/prefix-length

Example:

Router# ipv6 nat prefix 2001:DB8::/96

Assigns an IPv6 prefix as a global NAT-PT prefix.

Matching destination prefixes in IPv6 packets are translated by NAT-PT.

The only prefix length supported is 96.

Step 4 interface type number

Example:

Router(config)# interface ethernet 3/1

Specifies an interface type and number, and places the router in interface configuration mode.
Step 5 ipv6 address ipv6-address{/prefix-length | link-local}

Example:

Router(config-if)# ipv6 address 2001:DB8:yyyy:1::9/64

Specifies an IPv6 address assigned to the interface and enables IPv6 processing on the interface.
Step 6 ipv6 nat

Example:

Router(config-if)# ipv6 nat

Enables NAT-PT on the interface.
Step 7 exit

Example:

Router(config-if)# exit

Exits interface configuration mode, and returns the router to global configuration mode.
Step 8 interface type number

Example:

Router(config)# interface ethernet 3/3

Specifies an interface type and number, and places the router in interface configuration mode.
Step 9 ip address ip-address mask[secondary]

Example:

Router(config-if)# ip address 192.168.30.9 255.255.255.0

Specifies an IP address and mask assigned to the interface and enables IP processing on the interface.
Step 10 ipv6 nat

Example:

Router(config-if)# ipv6 nat

Enables NAT-PT on the interface.

 

Configuring IPv4-Mapped NAT-PT

Perform this task to enable customers to send traffic from their IPv6 network to an IPv4 network without configuring IPv6 destination address mapping. This task shows the ipv6 nat prefix v4-mapped command configured on a specified interface, but the command could alternatively be configured globally:

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ipv6 nat prefix ipv6-prefix v4-mapped {access-list-name | ipv6-prefix}

DETAILED STEPS

 
 

Command or Action

Purpose
Step 1 enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 configure terminal

Example:

Router# configure terminal

Enters global configuration mode.
Step 3 interface type number

Example:

Router(config)# interface ethernet 3/1

Specifies an interface type and number, and places the router in interface configuration mode.
Step 4 ipv6 nat prefix ipv6-prefix v4-mapped {access-list-name | ipv6-prefix}

Example:

Router(config-if)# ipv6 nat prefix 2001::/96 v4-mapped v4mapacl

Enables customers to send traffic from their IPv6 network to an IPv4 network without configuring IPv6 destination address mapping.

 

Configuring Mappings for IPv6 Hosts Accessing IPv4 Hosts

Perform this task to configure static or dynamic IPv6 to IPv4 address mappings. The dynamic address mappings include assigning a pool of IPv4 addresses and using an access list, prefix list, or route map to define which packets are to be translated.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 nat v6v4 source ipv6-address ipv4-address
or
ipv6 nat v6v4 source {list access-list-name | route-map map-namepool name

4. ipv6 nat v6v4 pool name start-ipv4 end-ipv4 prefix-length prefix-length

5. ipv6 nat translation [max-entries number] {timeout | udp-timeout | dns-timeout tcp-timeout finrst-timeout icmp-timeout} {seconds never}

6. ipv6 access-list access-list-name

7. permit protocol {source-ipv6-prefix/prefix-length any host source-ipv6-address} [operator [port-number]] {destination-ipv6-prefix/prefix-length any hostdestination-ipv6-address}

8. exit

9. show ipv6 nat translations [icmp tcp udp] [verbose]

10. show ipv6 nat statistics

DETAILED STEPS

 
 

Command or Action

Purpose
Step 1 enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 configure terminal

Example:

Router# configure terminal

Enters global configuration mode.
Step 3 ipv6 nat v6v4 source ipv6-address ipv4-address

or

ipv6 nat v6v4 source {list access-list-name | route-map map-name}pool name

Example:

Router(config)# ipv6 nat v6v4 source 2001:DB8:yyyy:1::1 10.21.8.10

or

Example:

Router(config)# ipv6 nat v6v4 source list pt-list1 pool v4pool

Enables a static IPv6 to IPv4 address mapping using NAT-PT.

or

Enables a dynamic IPv6 to IPv4 address mapping using NAT-PT.

Use the list or route-map keyword to specify a prefix list, access list, or a route map to define which packets are translated.

Use the pool keyword to specify the name of a pool of addresses, created by the ipv6 nat v6v4 pool command, to be used in dynamic NAT-PT address mapping.

Step 4 ipv6 nat v6v4 pool name start-ipv4 end-ipv4 prefix-length prefix-length

Example:

Router(config)# ipv6 nat v6v4 pool v4pool 10.21.8.1 10.21.8.10 prefix-length 24

Specifies a pool of IPv4 addresses to be used by NAT-PT for dynamic address mapping.
Step 5 ipv6 nat translation [max-entriesnumber] {timeout | udp-timeout |dns-timeout tcp-timeout |finrst-timeout icmp-timeout} {seconds never}

Example:

Router(config)# ipv6 nat translation udp-timeout 600

(Optional) Specifies the time after which NAT-PT translations time out.
Step 6 ipv6 access-list access-list-name

Example:

Router(config)# ipv6 access-list pt-list1

(Optional) Defines an IPv6 access list and enters IPv6 access list configuration mode. The router prompt changes to Router(config-ipv6-acl)#.

The access-list name argument specifies the name of the IPv6 access control list (ACL). IPv6 ACL names cannot contain a space or quotation mark, or begin with a numeral.

Step 7 permit protocol {source-ipv6-prefix/prefix-length any hostsource-ipv6-address} [operator[port-number]] {destination-ipv6-prefix/prefix-length any hostdestination-ipv6-address}

Example:

Router(config-ipv6-acl)# permit ipv6 2001:DB8:bbbb:1::/64 any

(Optional) Specifies permit conditions for an IPv6 ACL.

The protocol argument specifies the name or number of an Internet protocol. It can be one of the keywords ahpesp,icmpipv6pcpsctptcp, or udp, or an integer in the range from 0 to 255 representing an IPv6 protocol number.

The source-ipv6-prefix/prefix-length and destination-ipv6-prefix/prefix-length arguments specify the source and destination IPv6 network or class of networks about which to set permit conditions. These arguments must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

The any keyword is an abbreviation for the IPv6 prefix ::/0.

The host source-ipv6-address keyword and argument combination specifies the source IPv6 host address about which to set permit conditions. The source-ipv6-addressargument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

Only the arguments and keywords relevant to this task are specified here. Refer to the permit command in the IPv6 for Cisco IOS Command Reference document for information on supported arguments and keywords.

Step 8 exit

Example:

Router(config-if)# exit

Exits access list configuration mode, and returns the router to global configuration mode. Enter the exit command twice to return to privileged EXEC mode.
Step 9 show ipv6 nat translations [icmp |tcp udp] [verbose]

Example:

Router# show ipv6 nat translations verbose

(Optional) Displays active NAT-PT translations.

Use the optional icmptcp, and udp keywords to display detailed information about the NAT-PT translation events for the specified protocol.

Use the optional verbose keyword to display more detailed information about the active translations.

Step 10 show ipv6 nat statistics

Example:

Router# show ipv6 nat statistics

(Optional) Displays NAT-PT statistics.

 

What to Do Next

If you do not require any IPv4 to IPv6 mappings, proceed to the “Verifying NAT-PT Configuration and Operation” task.

Configuring Mappings for IPv4 Hosts Accessing IPv6 Hosts

Perform this optional task to configure static or dynamic IPv4 to IPv6 address mappings. The dynamic address mappings include assigning a pool of IPv6 addresses and using an access list, prefix list, or route map to define which packets are to be translated.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 nat v4v6 source ipv4-address ipv6-address
or
ipv6 nat v4v6 source list {access-list-number namepool name

4. ipv6 nat v4v6 pool name start-ipv6 end-ipv6 prefix-length prefix-length

5. access-list {access-list-name number} {deny | permit} [source source-wildcard] [log]

DETAILED STEPS

 
 

Command or Action

Purpose
Step 1 enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 configure terminal

Example:

Router# configure terminal

Enters global configuration mode.
Step 3 ipv6 nat v4v6 source ipv6-address ipv4-address

or

ipv6 nat v4v6 source list {access-list-number | namepool name

Example:

Router(config)# ipv6 nat v4v6 source 10.21.8.11 2001:DB8:yyyy::2

or

Router(config)# ipv6 nat v4v6 source list 1 pool v6pool

Enables a static IPv4 to IPv6 address mapping using NAT-PT.

or

Enables a dynamic IPv4 to IPv6 address mapping using NAT-PT.

Use the list keyword to specify an access list to define which packets are translated.

Use the pool keyword to specify the name of a pool of addresses, created by the ipv6 nat v4v6 pool command, to be used in dynamic NAT-PT address mapping.

Step 4 ipv6 nat v4v6 pool name start-ipv6 end-ipv6 prefix-length prefix-length

Example:

Router(config)# ipv6 nat v4v6 pool v6pool 2001:DB8:yyyy::1 2001:DB8:yyyy::2 prefix-length 128

Specifies a pool of IPv6 addresses to be used by NAT-PT for dynamic address mapping.
Step 5 access-list {access-list-name |number} {deny permit} [source source-wildcard] [log]

Example:

Router(config)# access-list 1 permit 192.168.30.0 0.0.0.255

Specifies an entry in a standard IPv4 access list.

 

Configuring PAT for IPv6 to IPv4 Address Mappings

Perform this task to configure PAT for IPv6 to IPv4 address mappings. Multiple IPv6 addresses are mapped to a single IPv4 address or to a pool of IPv4 addresses and using an access list, prefix list, or route map to define which packets are to be translated.

 

Sumber : http://www.cisco.com

Written by 3firdhaus

Maret 18, 2013 pada 5:03 pm

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: