Conf IPV6
Configurações dos roteadores CISCO e JUNIPER do IPV6 - Curso Básico
config cisco 53
router-R53#show running-config
Building configuration...
Current configuration : 9516 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router-R53
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$Me3.$tSesOweBZbYx/phht3tuz.
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip vrf MNG
!
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
username cisco privilege 15 secret 5 $1$hc0i$3q9ku5rIHLztj8i9NmF9R0
archive
log config
hidekeys
!
!
!
!
!
ip tftp source-interface FastEthernet0/1.50
!
!
!
interface Loopback10
description R53 Router ID
ip address 172.25.15.253 255.255.255.255
ipv6 address 2001:DB8:25:FFFF::253/128
!
interface Loopback20
description iBGP
ip address 172.25.15.252 255.255.255.255
ipv6 address 2001:DB8:25:FFFF::252/128
!
interface Loopback30
description eBGP R03
ip address 172.25.15.251 255.255.255.255
ipv6 address 2001:DB8:25:FFFF::251/128
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description gerencia
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
description laboratorio
no ip address
no ip redirects
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
!
interface FastEthernet0/1.50
encapsulation dot1Q 50
ip vrf forwarding MNG
ip address 192.168.50.5 255.255.255.0
!
interface FastEthernet0/1.2501
description Conexao-R51
encapsulation dot1Q 2501
ip address 172.25.1.2 255.255.255.252
no ip redirects
no ip proxy-arp
ip flow ingress
ipv6 address 2001:DB8:25:CAFE::2/64
ipv6 nd ra suppress
ipv6 ospf 200 area 0
!
interface FastEthernet0/1.2503
description Conexao-R52
encapsulation dot1Q 2503
ip address 172.25.3.2 255.255.255.252
no ip redirects
no ip proxy-arp
ip flow ingress
ipv6 address 2001:DB8:25:DAD0::2/64
ipv6 nd ra suppress
ipv6 ospf 200 area 0
!
interface FastEthernet0/1.2506
description Conexao-R03
encapsulation dot1Q 2506
ip address 10.2.5.2 255.255.255.252
no ip redirects
no ip proxy-arp
ip flow ingress
ipv6 address 2001:DB8:200:5::2/112
ipv6 nd ra suppress
!
interface FastEthernet0/1.2507
description Conexao-S52
encapsulation dot1Q 2507
ip address 172.25.10.1 255.255.255.240
no ip redirects
no ip proxy-arp
ip flow ingress
ipv6 address 2001:DB8:25:10::1/112
ipv6 nd ra suppress
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 172.25.1.0 0.0.0.3 area 0
network 172.25.3.0 0.0.0.3 area 0
!
router bgp 64505
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.2.255.255 remote-as 64512
neighbor 10.2.255.255 description R03
neighbor 10.2.255.255 ebgp-multihop 2
neighbor 10.2.255.255 update-source Loopback30
neighbor 10.2.255.255 version 4
neighbor 2001:DB8:25:FFFF::254 remote-as 64505
neighbor 2001:DB8:25:FFFF::254 description R52
neighbor 2001:DB8:25:FFFF::254 update-source Loopback20
neighbor 2001:DB8:25:FFFF::254 version 4
neighbor 2001:DB8:25:FFFF::255 remote-as 64505
neighbor 2001:DB8:25:FFFF::255 description R51
neighbor 2001:DB8:25:FFFF::255 update-source Loopback20
neighbor 2001:DB8:25:FFFF::255 version 4
neighbor 2001:DB8:200:FFFF::255 remote-as 64512
neighbor 2001:DB8:200:FFFF::255 description R03
neighbor 2001:DB8:200:FFFF::255 ebgp-multihop 2
neighbor 2001:DB8:200:FFFF::255 update-source Loopback30
neighbor 2001:DB8:200:FFFF::255 version 4
neighbor 172.25.15.254 remote-as 64505
neighbor 172.25.15.254 description R52
neighbor 172.25.15.254 update-source Loopback20
neighbor 172.25.15.254 version 4
neighbor 172.25.15.255 remote-as 64505
neighbor 172.25.15.255 description R51
neighbor 172.25.15.255 update-source Loopback20
neighbor 172.25.15.255 version 4
!
address-family ipv4
neighbor 10.2.255.255 activate
neighbor 10.2.255.255 soft-reconfiguration inbound
neighbor 10.2.255.255 route-map BGPin-IPv4-AS64512 in
neighbor 10.2.255.255 route-map BGPout-IPv4-AS64512 out
neighbor 172.25.15.254 activate
neighbor 172.25.15.254 next-hop-self
neighbor 172.25.15.254 soft-reconfiguration inbound
neighbor 172.25.15.255 activate
neighbor 172.25.15.255 next-hop-self
neighbor 172.25.15.255 soft-reconfiguration inbound
no auto-summary
no synchronization
network 172.25.0.0 mask 255.255.240.0
network 172.25.8.0 mask 255.255.248.0
exit-address-family
!
address-family ipv6
neighbor 2001:DB8:25:FFFF::254 activate
neighbor 2001:DB8:25:FFFF::254 soft-reconfiguration inbound
neighbor 2001:DB8:25:FFFF::255 activate
neighbor 2001:DB8:25:FFFF::255 soft-reconfiguration inbound
neighbor 2001:DB8:200:FFFF::255 activate
neighbor 2001:DB8:200:FFFF::255 soft-reconfiguration inbound
network 2001:DB8:25::/48
network 2001:DB8:25::/49
exit-address-family
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Null0
ip route 10.2.255.255 255.255.255.255 10.2.5.1 name R03
ip route 172.25.0.0 255.255.240.0 Null0 name BGP
ip route 172.25.8.0 255.255.248.0 Null0 name BGP
no ip http server
no ip http secure-server
!
ip bgp-community new-format
ip community-list standard 64505:65501 permit 64505:65501
ip as-path access-list 32 permit .*
ip as-path access-list 69 deny .*
ip as-path access-list 300 permit (_64513)+$
!
!
ip access-list standard telnet-ipv4-in
permit 172.25.10.2
permit 192.168.50.150
!
!
ip prefix-list BGPin-IPv4-AS64513 description Prefixos Preferidos do AS64513
ip prefix-list BGPin-IPv4-AS64513 seq 10 permit 10.3.0.0/17
!
ip prefix-list BGPout-IPv4-AS64512 description Prefixos para AS64512
ip prefix-list BGPout-IPv4-AS64512 seq 10 permit 172.25.0.0/20
ip prefix-list BGPout-IPv4-AS64512 seq 20 permit 172.25.8.0/21
!
ip prefix-list IPv4-AS64505-all description Todos Blocos IPv4
ip prefix-list IPv4-AS64505-all seq 10 permit 172.25.0.0/20 le 32
!
ip prefix-list IPv4-block-deny description Prefixos Gerais Bloquados
ip prefix-list IPv4-block-deny seq 10 permit 0.0.0.0/0
ip prefix-list IPv4-block-deny seq 20 permit 0.0.0.0/8
ip prefix-list IPv4-block-deny seq 30 permit 127.0.0.0/8
ip prefix-list IPv4-block-deny seq 40 permit 169.254.0.0/16
ip prefix-list IPv4-block-deny seq 50 permit 192.0.2.0/24
ip prefix-list IPv4-block-deny seq 60 permit 192.168.0.0/16
ipv6 route 2001:DB8:25::/49 Null0
ipv6 route 2001:DB8:25::/48 Null0
ipv6 route 2001:DB8:200:FFFF::255/128 2001:DB8:200:5::1
ipv6 route ::/0 Null0
ipv6 router ospf 200
log-adjacency-changes
redistribute connected
redistribute static
!
!
!
ipv6 prefix-list BGPin-IPv6-AS64513 description Prefixos Preferidos do AS64513
ipv6 prefix-list BGPin-IPv6-AS64513 seq 10 permit 2001:DB8:300:8000::/49
!
ipv6 prefix-list BGPout-IPv6-AS64512 description Prefixos para AS64512
ipv6 prefix-list BGPout-IPv6-AS64512 seq 10 permit 2001:DB8:21::/48
ipv6 prefix-list BGPout-IPv6-AS64512 seq 20 permit 2001:DB8:21:8000::/49
!
ipv6 prefix-list IPv6-IPv6-AS64501-all description Todos Blocos IPv6
ipv6 prefix-list IPv6-IPv6-AS64501-all seq 10 permit 2001:DB8:21::/48 le 128
!
ipv6 prefix-list IPv6-block-deny description Prefixos Gerais Bloqueados
ipv6 prefix-list IPv6-block-deny seq 10 permit ::/0
ipv6 prefix-list IPv6-block-deny seq 20 permit ::/8 le 128
ipv6 prefix-list IPv6-block-deny seq 30 permit 3FFE::/16 le 128
ipv6 prefix-list IPv6-block-deny seq 40 permit 2001:DB8::/32 le 128
ipv6 prefix-list IPv6-block-deny seq 50 permit 2001::/33 le 128
ipv6 prefix-list IPv6-block-deny seq 60 permit 2002::/17 le 128
ipv6 prefix-list IPv6-block-deny seq 70 permit FE00::/9 le 128
ipv6 prefix-list IPv6-block-deny seq 80 permit FF00::/8 le 128
!
ipv6 prefix-list IPv6-block-permit description Prefixos Gerais Permitidos
ipv6 prefix-list IPv6-block-permit seq 10 permit 2000::/3 le 48
!
!
!
route-map BGPin-IPv6-AS64512 deny 10
match ipv6 address prefix-list IPv6-AS64501-all
!
route-map BGPin-IPv6-AS64512 deny 20
match ipv6 address prefix-list IPv6-block-deny
!
route-map BGPin-IPv6-AS64512 permit 30
match as-path 300
match ipv6 address prefix-list BGPin-IPv6-AS64513
set local-preference 150
!
route-map BGPin-IPv6-AS64512 permit 40
match ipv6 address prefix-list IPv6-block-permit
!
route-map BGPin-IPv4-AS64512 deny 10
match ip address prefix-list IPv4-AS64505-all
!
route-map BGPin-IPv4-AS64512 deny 20
match ip address prefix-list IPv4-block-deny
!
route-map BGPin-IPv4-AS64512 permit 30
match ip address prefix-list BGPin-IPv4-AS64513
match as-path 300
set local-preference 150
!
route-map BGPin-IPv4-AS64512 permit 40
match as-path 32
!
route-map BGPout-IPv6-AS64512 permit 10
match ipv6 address prefix-list BGPout-IPv6-AS64512
!
route-map BGPout-IPv4-AS64512 permit 10
match ip address prefix-list BGPout-IPv4-AS64512
set community none
!
route-map BGPout-IPv4-AS64512 permit 20
match community 64505:65501
set community none
!
route-map BGPout-IPv4-AS64512 deny 100
match as-path 32
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
login local
line aux 0
line vty 0 2
access-class telnet-ipv4-in in vrf-also
exec-timeout 0 0
privilege level 15
ipv6 access-class telnet-ipv6-in in
login local
transport input telnet ssh
line vty 3 4
access-class telnet-ipv4-in in vrf-also
privilege level 15
ipv6 access-class telnet-ipv6-in in
login local
transport input telnet ssh
line vty 5 15
access-class telnet-ipv4-in in vrf-also
privilege level 15
ipv6 access-class telnet-ipv6-in in
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
router-R53#
Juniper 5
juniper@R51> show configuration
- Last commit: 2010-12-09 04:28:22 UTC by juniper
version 10.0R2.10;
system {
host-name R51;
root-authentication {
encrypted-password "$1$URrs8gjW$058hxV7kFEeBH/gnrWfq/."; ## SECRET-DATA
}
login {
user juniper {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$thBtVoMR$TzD6xcpX28TCBk8MFlNA91"; ## SECRET-DATA
}
}
}
services {
ssh;
telnet;
web-management {
http {
interface [ ge-0/0/0.0 ge-0/0/0.50 ];
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
per-unit-scheduler;
vlan-tagging;
unit 0 {
vlan-id 1;
family inet;
}
unit 50 {
vlan-id 50;
family inet {
address 192.168.50.205/24;
}
}
unit 2501 {
vlan-id 2501;
family inet {
filter {
input LiberaTudo;
}
address 172.25.1.1/30;
}
family inet6 {
address 2001:db8:25:cafe::1/64;
}
}
unit 2502 {
vlan-id 2502;
family inet {
filter {
input LiberaTudo;
}
address 172.25.2.1/30;
}
family inet6 {
address 2001:db8:25:faca::1/64;
}
}
unit 2505 {
vlan-id 2505;
family inet {
filter {
input LiberaTudo;
}
address 10.1.5.2/30;
}
family inet6 {
address 2001:db8:100:5::2/112;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
lo0 {
unit 0 {
family inet {
address 172.25.15.255/32;
}
family inet6 {
address 2001:db8:25:ffff::255/128;
}
}
}
}
routing-options {
rib inet6.0 {
static {
route ::/0 discard;
route 2001:db8:25:8000::/49 discard;
route 2001:db8:25::/48 discard;
}
}
static {
route 172.25.0.0/20 discard;
route 172.25.0.0/21 discard;
route 0.0.0.0/0 discard;
}
router-id 172.25.15.255;
autonomous-system 64505;
}
protocols {
bgp {
group iBGP {
type internal;
local-address 172.25.15.255;
export next-hop-self;
neighbor 172.25.15.252;
neighbor 172.25.15.254;
}
group eBGP-AS64511 {
type external;
neighbor 10.1.5.1 {
import nh-BGPin-IPv4-AS64511;
export nh-BGPout-IPv4-AS64511;
peer-as 64511;
}
}
group iBGPv6 {
type internal;
local-address 2001:db8:25:ffff::255;
export next-hop-self;
neighbor 2001:db8:25:ffff::252;
neighbor 2001:db8:25:ffff::254;
}
group eBGP-AS64511v6 {
type external;
neighbor 2001:db8:100:5::1 {
import nh-BGPin-IPv6-AS64511;
export nh-BGPout-IPv6-AS64511;
peer-as 64511;
}
}
}
ospf {
export ospf-redistributes;
area 0.0.0.0 {
interface ge-0/0/0.2501;
interface ge-0/0/0.2502;
}
}
ospf3 {
export ospf-redistributes;
area 0.0.0.0 {
interface ge-0/0/0.2501;
interface ge-0/0/0.2502;
}
}
}
policy-options {
policy-statement BGPin-IPv4-AS64513 {
term term-1 {
from {
route-filter 10.3.128.0/17 exact;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement BGPin-IPv6-AS64513 {
term term-1 {
from {
route-filter 2001:db8:300::/48 exact;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement BGPout-IPv4-AS64511 {
term term-1 {
from {
route-filter 172.25.0.0/20 exact;
route-filter 172.25.0.0/21 exact;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement BGPout-IPv6-AS64511 {
term term-1 {
from {
route-filter 2001:db8:25::/48 exact;
route-filter 2001:db8:25:8000::/49 exact;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement IPv4-AS64505-all {
term term-1 {
from {
route-filter 172.25.0.0/20 orlonger;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement IPv4-block-deny {
term term-1 {
from {
route-filter 0.0.0.0/0 exact;
route-filter 0.0.0.0/8 exact;
route-filter 127.0.0.0/8 exact;
route-filter 169.254.0.0/16 exact;
route-filter 192.0.2.0/24 exact;
route-filter 192.168.0.0/16 exact;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement IPv6-AS64505-all {
term term-1 {
from {
route-filter 2001:db8:28::/48 orlonger;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement IPv6-block-deny {
term term-1 {
from {
route-filter ::/0 exact;
route-filter ::/8 orlonger;
route-filter 3ffe::/16 orlonger;
route-filter 2001:db8::/32 orlonger;
route-filter 2001::/32 longer;
route-filter 2002::/16 longer;
route-filter fe00::/9 orlonger;
route-filter ff00::/8 orlonger;
}
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement next-hop-self {
term all {
from {
external;
}
then {
next-hop self;
}
}
}
policy-statement nh-BGPin-IPv4-AS64511 {
term term-1 {
from policy IPv4-AS64505-all;
then reject;
}
term term-2 {
from policy IPv4-block-deny;
then reject;
}
term term-3 {
from {
as-path AS64513;
policy BGPin-IPv4-AS64513;
}
then {
local-preference 150;
next term;
}
}
term accept {
then accept;
}
}
policy-statement nh-BGPin-IPv6-AS64511 {
term term-1 {
from policy IPv6-AS64505-all;
then reject;
}
term term-2 {
from policy IPv6-block-deny;
then reject;
}
term term-3 {
from {
as-path AS64513;
policy BGPin-IPv6-AS64513;
}
then {
local-preference 150;
next term;
}
}
term accept {
then accept;
}
}
policy-statement nh-BGPout-IPv4-AS64511 {
term term-1 {
from policy BGPout-IPv4-AS64511;
then accept;
}
term term-2 {
from community 64505:65501;
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement nh-BGPout-IPv6-AS64511 {
term term-1 {
from policy BGPout-IPv6-AS64511;
then accept;
}
term term-2 {
from community 64505:65501;
then accept;
}
term implicit-deny {
then reject;
}
}
policy-statement ospf-redistributes {
term direct {
from protocol direct;
then accept;
}
term static {
from protocol static;
then accept;
}
}
community 64505:65501 members 64505:65501;
as-path ALL .*;
as-path AS64513 ".*( 64513)+$";
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/0.2501;
ge-0/0/0.2502;
ge-0/0/0.2505;
ge-0/0/1.0;
lo0.0;
}
}
security-zone untrust {
screen untrust-screen;
}
security-zone MNG {
interfaces {
ge-0/0/0.50 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
policies {
traceoptions {
flag all;
flag rules;
}
from-zone trust to-zone trust {
policy EncaminhaTudo {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
}
}
flow {
tcp-session {
no-syn-check;
no-sequence-check;
}
}
}
firewall {
family inet {
filter LiberaTudo {
term TrafegoLocal {
from {
destination-address {
172.25.1.1/32;
172.25.2.1/32;
10.1.5.2/32;
172.25.15.255/32;
}
}
then accept;
}
term TrafegoEncaminhado {
then {
packet-mode;
accept;
}
}
}
}
}
routing-instances {
MNG {
interface ge-0/0/0.50;
}
}
juniper@R51>
