446
To allow IPv4 hosts to access the IPv6 server in the IPv6 Internet, configure the following AFT
policies on the router:
•
Configure an IPv4-to-IPv6 source address dynamic translation policy.
•
Configure an IPv6-to-IPv4 source address static mapping for the IPv6 server.
Figure 163 Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Configure IPv4 ACL 2000 to permit IPv4 packets only from subnet 10.1.1.0/24 to pass through.
<Router> system-view
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255
[Router-acl-basic-2000] rule deny
[Router-acl-basic-2000] quit
# Configure NAT64 prefix
2012:: 96
.
[Router] aft prefix-nat64 2012:: 96
# Configure the router to use NAT64 prefix
2012:: 96
to translate source addresses of packets
permitted by IPv4 ACL 2000.
[Router] aft v4tov6 source acl number 2000 prefix-nat64 2012:: 96
# Map source IPv6 address
2013:0:ff14:0101:100::
to source IPv4 address
20.1.1.1
.
[Router] aft v6tov4 source 2013:0:ff14:0101:100:: 20.1.1.1
# Enable AFT on GigabitEthernet 2/0/1, which is connected to the IPv4 network.
[Router] interface gigabitethernet 2/0/1
[Router-GigabitEthernet2/0/1] aft enable
[Router-GigabitEthernet2/0/1] quit
# Enable AFT on GigabitEthernet 2/0/2, which is connected to the IPv6 Internet.
[Router] interface gigabitethernet 2/0/2
[Router-GigabitEthernet2/0/2] aft enable
[Router-GigabitEthernet2/0/2] quit
Verifying the configuration
# Verify the connectivity between the IPv4 hosts and the IPv6 server. This example uses the ping
utility on an IPv4 host.
D:\>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time=14ms TTL=63
Reply from 20.1.1.1: bytes=32 time=1ms TTL=63
Reply from 20.1.1.1: bytes=32 time=1ms TTL=63
Reply from 20.1.1.1: bytes=32 time=1ms TTL=63
# Display detailed information about IPv6 AFT sessions on the router.