Configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

116

Step Command

Remarks

3.

Enter tunnel interface
view.

Interface tunnel number N/A

4.

Configure an IPv6
address for the tunnel

interface.

•

Configure an IPv6 global unicast

address or site-local address:

{

ipv6 address { ipv6-address

prefix-length |
ipv6-address/prefix-length }

{

ipv6 address
ipv6-address/prefix-length

eui-64

•

Configure an IPv6 link-local

address:

{

ipv6 address auto link-local

{

ipv6 address ipv6-address

link-local

Use one of the commands.
By default, no IPv6 address is

configured for the tunnel interface.

5.

Specify the IPv6 over
IPv6 tunnel mode.

tunnel-protocol ipv6-ipv6

Optional.
By default, the tunnel mode is GRE over
IPv4.
The same tunnel mode should be

configured at both ends of the tunnel.

Otherwise, packet delivery will fail.

6.

Configure a source
address or interface for

the tunnel interface.

source { ipv6-address |
interface-type interface-number }

By default, no source address or
interface is configured for the tunnel.

7.

Configure the
destination address for

the tunnel interface.

destination ipv6-address

By default, no destination address is
configured for the tunnel.

8.

Configure the maximum
number of nested

encapsulations of a
packet.

encapsulation-limit [ number ]

Optional.
4 by default.

9.

Return to system view.

quit

N/A

10.

Enable dropping of IPv6
packets using

IPv4-compatible IPv6
addresses.

tunnel discard
ipv4-compatible-packet

Optional.
Disabled by default.

Configuration example

NOTE:

In this configuration example, either Router A or Router B is the SecPath firewall.

Network requirements

As shown in

Figure 79

, the two subnets Group 1 and Group 2 running IPv6 are connected over an IPv6

network. Configure an IPv6 over IPv6 tunnel between Router A and Router B to make the two subnets
reachable to each other without disclosing their IPv6 addresses to the IPv6 network.