2016年8月6日

IPv6 LAB 進階實作

Mikrotik_RouterOS設定
[admin@Mikrotik_RouterOS] > /export 
/interface ethernet
set [ find default-name=ether1 ] name=ether1_MGMT speed=1Gbps
set [ find default-name=ether2 ] name=ether2_WAN
set [ find default-name=ether3 ] name=ether3_LAN
/ip address
add address=192.168.88.30/24 interface=ether1_MGMT network=192.168.88.0
add address=192.168.98.254/24 interface=ether3_LAN network=192.168.98.0
/ipv6 address
add address=2001:b034:700:480::254/80 advertise=no interface=ether3_LAN
add address=2001:b034:700:400::1:1/112 advertise=no interface=ether2_WAN
/ipv6 route
add check-gateway=ping distance=1 dst-address=2001:b034:700:480::/64 gateway=2001:b034:700:480::253
/system identity
set name=Mikrotik_RouterOS
Juniper_FW
set version 12.1X47-D10.4
set system host-name Juniper_FW
set system services ssh
set system services web-management http interface ge-0/0/0.0
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces ge-0/0/0 unit 0 family inet address 192.168.88.20/24
set interfaces ge-0/0/1 unit 0 family inet address 192.168.98.253/24
set interfaces ge-0/0/1 unit 0 family inet6 address 2001:b034:700:480::253/80
set interfaces ge-0/0/2 unit 0 family inet6 address 2001:b034:700:480:1::91/80
set routing-options rib inet6.0 static route ::/0 next-hop 2001:b034:700:480::254
set routing-options rib inet6.0 static route 2001:b034:0700:0480:0000:0000:0000:0000/64 next-hop 2001:b034:700:480:1::94
set security forwarding-options family inet6 mode flow-based
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood queue-size 2000
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone untrust to-zone trust policy 001 match source-address any-ipv6
set security policies from-zone untrust to-zone trust policy 001 match destination-address any-ipv6
set security policies from-zone untrust to-zone trust policy 001 match application junos-icmp-all
set security policies from-zone untrust to-zone trust policy 001 match application junos-icmp6-all
set security policies from-zone untrust to-zone trust policy 001 then permit
set security policies from-zone untrust to-zone trust policy 002 match source-address any-ipv6
set security policies from-zone untrust to-zone trust policy 002 match destination-address any-ipv6
set security policies from-zone untrust to-zone trust policy 002 match application any
set security policies from-zone untrust to-zone trust policy 002 then permit
deactivate security policies from-zone untrust to-zone trust policy 002
set security policies from-zone untrust to-zone trust policy 003 match source-address 2001:b034:0700:0400:0000:0000:1:2/112
set security policies from-zone untrust to-zone trust policy 003 match destination-address any-ipv6
set security policies from-zone untrust to-zone trust policy 003 match application any
set security policies from-zone untrust to-zone trust policy 003 then permit
set security zones security-zone trust tcp-rst
set security zones security-zone trust host-inbound-traffic system-services ping
set security zones security-zone trust host-inbound-traffic system-services http
set security zones security-zone trust host-inbound-traffic system-services https
set security zones security-zone trust host-inbound-traffic system-services ssh
set security zones security-zone trust host-inbound-traffic system-services telnet
set security zones security-zone trust host-inbound-traffic system-services traceroute
set security zones security-zone trust interfaces ge-0/0/2.0 host-inbound-traffic system-services ping
set security zones security-zone trust interfaces ge-0/0/2.0 host-inbound-traffic system-services traceroute
set security zones security-zone trust interfaces ge-0/0/2.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/2.0 host-inbound-traffic system-services http
set security zones security-zone trust interfaces ge-0/0/2.0 host-inbound-traffic system-services https
set security zones security-zone untrust address-book address 2001:b034:0700:0400:0000:0000:1:2/112 2001:b034:0700:0400:0000:0000:1:2/112
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services traceroute
set security zones security-zone untrust host-inbound-traffic system-services ping
set security zones security-zone untrust host-inbound-traffic system-services ssh
set security zones security-zone untrust host-inbound-traffic system-services telnet
set security zones security-zone untrust host-inbound-traffic system-services http
set security zones security-zone untrust host-inbound-traffic system-services https
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services traceroute
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services http
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services https
set security zones security-zone mgmt interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone mgmt interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone mgmt interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
set security zones security-zone mgmt interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone mgmt interfaces ge-0/0/0.0 host-inbound-traffic system-services https
Radware SLB
script start "Alteon Application Switch VA" 4  /**** DO NOT EDIT THIS LINE!
/* Configuration dump taken 10:01:30 Sat Aug  6, 2016
/* Configuration last applied at 08:55:23 Sat Aug  6, 2016
/* Configuration last save at 08:55:24 Sat Aug  6, 2016
/* Version 30.1.0.0,  Mgmt MAC address 00:0c:29:9d:7a:b0
/c/sys/mmgmt
dhcp disabled
addr 192.168.88.40
mask 255.255.255.0
broad 192.168.88.255
gw 192.168.88.1
ena
/c/l2/vlan 1
learn ena
lla ena
def 1
/c/l2/vlan 1/ip6nd
rtradv enabled
/c/l2/vlan 2
learn ena
lla ena
def 2
/c/l2/vlan 2/ip6nd
rtradv enabled
/c/sys/access/sshd/sshv1 dis
/c/sys/access/sshd/on
/c/l3/if 10
ena
ipver v6
addr 2001:b034:700:480:1:0:0:94
mask 80
/c/l3/if 20
ena
ipver v6
addr 2001:b034:700:480:3:0:0:254
mask 80
vlan 2
/c/l3/gw 10
ena
ipver v6
addr 2001:b034:700:480:1:0:0:91
vlan 1
/c/l3/route/ip6
add 2000:0:0:0:0:0:0:0 3 2001:b034:700:480:1:0:0:91 1
/c/slb/accel/compress
on
/c/slb/ssl/certs/key WebManagementCert
/c/slb/ssl/certs/request WebManagementCert
/c/slb/ssl/certs/import request "WebManagementCert" text
/c/slb/ssl/certs/srvrcert WebManagementCert
/c/slb/ssl/certs/import srvrcert "WebManagementCert" text
/c/slb/ssl
on
/c/slb/accel/caching
on
/c/slb
on
/c/slb/adv
direct ena
vstat ena
submac "ena"
/c/slb/real 100
ena
ipver v6
rip 2001:b034:700:480:3:0:0:100
/c/slb/group 100
ipver v6
add 100
/c/slb/port "1"
client ena
server ena
proxy ena
/c/slb/port "2"
client ena
server ena
proxy ena
/c/slb/virt 100
ena
ipver v6
vip 2001:b034:700:480:3:0:0:911
/c/slb/virt 100/service 80 http
group 100
rport 80
/c/slb/gslb
off
hostlk ena
/c/sys/access/https/cert WebManagementCert
/c/sys/access/https/https e
/
script end  /**** DO NOT EDIT THIS LINE!

連線測試圖









沒有留言:

張貼留言