Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
861862863864865866867868869870
847
Configuration procedure
1. Configure Firewall:
# Configure ACL 3001 to match TCP packets.
<Firewall> system-view
[Firewall] ipv6
[Firewall] acl ipv6 number 3001
[Firewall-acl6-adv-3001] rule permit tcp
[Firewall-acl6-adv-3001] quit
# Configure Node 5 of policy aaa, so that TCP packets are forwarded via GigabitEthernet 0/1.
[Firewall] ipv6 policy-based-route aaa permit node 5
[Firewall-pbr6-aaa-5] if-match acl6 3001
[Firewall-pbr6-aaa-5] apply ipv6-address next-hop 1::2
[Firewall-pbr6-aaa-5] quit
# Configure IPv6 local PBR by applying policy aaa on Firewall.
[Firewall] ipv6 local policy-based-route aaa
# Configure the IPv6 addresses for the GigabitEthernet interfaces.
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ipv6 address 1::1 64
[Firewall-GigabitEthernet0/1] quit
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet 0/2] ipv6 address 2::1 64
2. Configure IPv6 address for the GigabitEthernet interface of Router A.
<RouterA> system-view
[RouterA] ipv6
[RouterA] interface gigabitethernet 0/1
[RouterB-GigabitEthernet0/1] ipv6 address 1::2 64
3. Configure IPv6 address for the GigabitEthernet interface of Router B.
<RouterC> system-view
[RouterB] ipv6
[RouterB] interface gigabitethernet 0/2
[RouterB-GigabitEthernet0/2] ipv6 address 2::2 64
4. Verify the configuration:
# Telnet to Router A (1::2/64) from Firewall. The operation succeeds.
# Telnet to Router B (2::2/64) from Firewall. The operation fails.
# Ping Router B (2::2/64) from Firewall. The operation succeeds.
Telnet uses TCP, and ping uses ICMP. The preceding results indicate that all TCP packets of
Firewall are forwarded to the next hop 1::2, and other packets are forwarded via GigabitEthernet
0/2. The IPv6 local PBR configuration is effective.
Configuring IPv6 interface PBR based on packet type
Network requirements
As shown in Figure 404, configure IPv6 interface PBR on Firewall to forward all TCP packets received on
GigabitEthernet 0/3 via GigabitEthernet 0/1. Router A forwards other IPv6 packets according to the
routing table.