Configuring a dns64 prefix, Configuring an ivi prefix, Configuring a 6to4 aft policy – H3C Technologies H3C SecPath F1000-E User Manual

Page 79

Advertising
background image

67

NOTE:

The aft enable command enables both AFT and NAT-PT. For more information about NAT-PT, see

NAT

Configuration Guide.

Avoid configuring AFT and NAT-PT on the same device.

Configuring a DNS64 prefix

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure a DNS64 prefix.

aft prefix-dns64 dns64-prefix
prefix-length

No DNS64 prefix is configured by
default.

NOTE:

The DNS64 prefix cannot be in the same network segment as the connected IPv6 network.

The DNS64 prefix cannot be the same as the IVI prefix.

Configuring an IVI prefix

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure an IVI prefix.

aft prefix-ivi ivi-prefix

No IVI prefix is configured by default.

NOTE:

The DNS64 prefix cannot be the same as the IVI prefix.

Configuring a 6to4 AFT policy

When the communication is initiated by an IPv6 host and the address of the IPv6 host is not an IVI

address, the AFT translates the IPv6 address into an IPv4 address based on the 6to4 ATF policy. The
detailed process is described as follows:
If the source IPv6 address of the packet matches the specified IPv6 ACL or the destination IPv6 address

prefix is the same as the specified DNS64 prefix, the AFT translates the source IPv6 address into an IPv4

address in the IPv4 address pool or the IPv4 address of an interface.
The AFT supports the following types of 6to4 AFT policy:

Type 1—IPv6 ACL + address pool
If the source IPv6 address matches the IPv6 ACL, the address is translated into an IPv4 address in
the specified address pool. If the no-pat keyword is specified, only the IP address is translated. If

not, both the IP address and the port number are translated to save the IPv4 addresses in the

address pool.

Type 2— IPv6 ACL + interface address

Advertising