< Home

Example for Configuring Stateless Address Autoconfiguration

Networking Requirements

FW_A and FW_B are connected on the network shown in Figure 1. GigabitEthernet 0/0/1 on FW_A automatically obtains an IPv6 address to communicate with FW_B.

Figure 1 Networking diagram for configuring stateless address autoconfiguration

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable stateless address autoconfiguration on FW_A to enable GigabitEthernet 0/0/1 to automatically obtain an IPv6 address.

  2. Configure a global unicast address on FW_B and enable RA advertisement to use an RA message to advertise an IPv6 prefix to FW_A.

Procedure

  • Configure FW_A.
    1. Set an IP address for each interface and assign the interfaces to security zones.

      1. Choose Network > Interface.

      2. Click of GE0/0/1> and set the following parameters.

      3. Click OK.

    2. Configure security policies.

      1. Choose Policy > Security Policy > Security Policy.

      2. Click Add and set the parameters of the security policy for the Trust->Untrust interzone as follows.

      3. Click OK.

  • Configure FW_B.
    1. Set an IP address for each interface and assign the interfaces to security zones.

      1. Choose Network > Interface.

      2. Click of GE0/0/1> and set the following parameters.

      3. Click OK.

    2. Configure security policies.

      1. Choose Policy > Security Policy > Security Policy.

      2. Click Add and set the parameters of the security policy for the Trust->Untrust interzone as follows.

      3. Click OK.

Configuration Scripts

Configuration script for FW_A:

#
 sysname FW_A
#
ipv6
#
interface GigabitEthernet0/0/1
 ipv6 enable
 ipv6 address auto link-local
 ipv6 address auto global
#                                                                               
firewall zone trust                                                             
 set priority 85                                                                
 add interface GigabitEthernet0/0/1              
#                                                                               
security-policy                                                                 
  rule name policy_sec_1                                                        
    source-zone local                                                           
    source-zone trust                                                           
    destination-zone local                                                      
    destination-zone trust                                                      
    action permit                                                               
# 
return

Configuration script for FW_B:

#
 sysname FW_B
#
ipv6
#
interface GigabitEthernet0/0/1
 ipv6 enable
 ipv6 address 3001::1/64
 undo ipv6 nd ra halt
#                                                                               
firewall zone trust                                                             
 set priority 85                                                                
 add interface GigabitEthernet0/0/1              
#                                                                               
security-policy                                                                 
  rule name policy_sec_1                                                        
    source-zone local                                                           
    source-zone trust                                                           
    destination-zone local                                                      
    destination-zone trust                                                      
    action permit                                                               
# 
return
Parent Topic: Configuration Examples for IPv6 Neighbor Discovery
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic