Thursday, November 22, 2012

Implementasi IPv6 di Cisco Router sebagai DHCP Server IPv6

Implementasi IPv6 di Cisco Router sebagai DHCP Server IPv6

http://www.ip-stories.com/?p=786

During ID-IPv6 Task Force Event 30 October 2008 which is ?Sosialisasi IPv6 & Hands On Traingin Dasar IPv6?, users able to have dual stack on their laptops. The DHCP server ran by Cisco Router 3725 with 12.3(4) T IOS version platform.

Trainer Today Cisco : Ade Yudha G (Cisco System), Christian (D-Net), Rahman Isnaini (Netsoft/IndoInternet).

Trainer Today Mikrotik : Niko (UfoAkses), Ervin A Taufik (IndoInternet).

Running Cisco as DHCP server for both IPv6 & IPv4 with NAT, configuration as below :

IPV6-GW#sh run
!
hostname IPV6-GW
!
ip subnet-zero
ip cef
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 172.16.255.1
ip dhcp excluded-address 172.16.255.100
!
ip dhcp pool ipv4-postel
network 172.16.255.0 255.255.255.0
dns-server 202.159.32.2
domain-name ipv4.postel.go.id
netbios-node-type h-node
default-router 172.16.255.1
!
!
ip name-server 202.159.32.2
ip name-server 202.159.33.2
ip ips po max-events 100
ipv6 unicast-routing
ipv6 dhcp pool ipv6-postel
prefix-delegation 2404:170EADEAD::/64 0005000400F1A4D07003
prefix-delegation pool prefix-pool lifetime 1800 60
dns-server 2404:170:32::2
domain-name ipv6.postel.go.id
!
interface FastEthernet0/0
description IPV6-BACKBONE
ip address 202.53.252.50 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ipv6 address 2404:170:251::AA/125
ipv6 enable
!
interface Serial0/0
no ip address
shutdown
clockrate 2000000
!
interface FastEthernet0/1
description DHCP-HOTSPOT-LAN
ip address 172.16.255.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ipv6 address 2404:170EADEAD::1/64
ipv6 enable
ipv6 traffic-filter DHCP-OUT out
ipv6 nd other-config-flag
ipv6 dhcp server ipv6-postel
!
interface Serial0/1
ip address 10.10.10.10 255.255.255.252
ipv6 address 2008::1/64
ipv6 enable
clockrate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.53.252.49
!
no ip http server
no ip http secure-server
ip nat inside source list 50 interface FastEthernet0/0 overload
!
!
access-list 50 permit 172.16.255.0 0.0.0.255
ipv6 route ::/0 2404:170:251::A9
!
ipv6 access-list DHCP-OUT
remark FILTER-SECURE-POSTEL-IPV6-HOSTPOT
sequence 150 deny tcp any any range ftp-data telnet
sequence 151 deny tcp any any range 135 139
sequence 152 deny tcp any any range 161 162
sequence 153 deny tcp any any eq 6029
sequence 154 deny tcp any any range 67 68
sequence 155 deny tcp any any eq gopher
sequence 156 deny tcp any any eq finger
sequence 157 deny tcp any any eq www log
sequence 158 deny tcp any any eq 87
sequence 159 deny tcp any any eq sunrpc
sequence 160 deny tcp any any eq irc
sequence 161 deny tcp any any eq 372
sequence 162 deny tcp any any eq exec
sequence 163 deny tcp any any range login klogin
sequence 164 deny tcp any any eq cmd
sequence 165 deny tcp any any eq nntp
sequence 166 deny tcp any any eq uucp
sequence 167 deny tcp any any eq lpd
sequence 168 deny tcp any any eq 37
sequence 169 deny tcp any any eq 445
sequence 170 deny tcp any eq 445 any
sequence 171 deny tcp any any eq 450
sequence 172 deny tcp any any eq 1434
sequence 173 deny tcp any eq 1434 any
sequence 174 deny tcp any any eq 1524
sequence 175 deny tcp any any eq 2000
sequence 176 deny tcp any any range 2041 2049
sequence 177 deny udp any any range 135 netbios-ss
sequence 178 deny udp any any range snmp snmptrap
sequence 179 permit udp any any eq tftp
sequence 180 deny udp any any eq 1434
sequence 181 deny udp any eq 1434 any
sequence 182 deny udp any any eq time
sequence 183 deny udp any any eq tacacs
sequence 184 deny udp any any eq bootps
sequence 185 deny udp any any eq bootpc
sequence 186 deny udp any any eq sunrpc
sequence 187 deny udp any any eq 144
sequence 188 deny udp any any eq who
sequence 189 deny udp any any eq 515
sequence 190 deny udp any any eq rip
sequence 191 deny udp any any eq 27444
sequence 192 deny udp any any eq 31335
sequence 199 permit ipv6 any 2404:170EAD::/48
sequence 500 deny ipv6 any any log
!
end

0 comments:

Post a Comment

 
Design by Free WordPress Themes