UBNT ER-X 开启IPV6方法

发布于 2018-12-20  41 次阅读


上个星期终于把 垂涎已久的ubnt erx 和uap-ac-lite购入,erx的配置对于新手比较难入手的,当时为了ipv6 折腾了好几天一直没有成功,想着放弃的等官方出把ui完善的时候,看到了一篇文章,一下就搞定了,于是分享一下

ssh登录erx,erx默认开放ssh的,直接用用户名密码登录即可,如果没改动的话就用户名密码就是unbt

首先要说明一下,确保自己的宽带已经支持pppoe 直接可以获取ipv6 ,本方法也是通过pppoe获取ipv6

我是 eth0 接的是猫其余都是lan,没有开vlan

命令一条一条输入就可以了,嫌麻烦也是一下都复制 直接全部黏贴进去 会自动换行的  Xshell

configure
#Configure the PPPoE for IPv6(eth0):
set interfaces ethernet eth0 pppoe 0 ipv6 enable
set interfaces ethernet eth0 pppoe 0 ipv6 address autoconf
set interfaces ethernet eth0 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 prefix-length /60
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd prefix-only

#Enable IPv6 SLAAC on the LAN(switch0):
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 host-address ::1
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 prefix-id :0
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 service slaac

#Enable IPv6 on switch0:
set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 ipv6 router-advert link-mtu 0
set interfaces switch switch0 ipv6 router-advert managed-flag false
set interfaces switch switch0 ipv6 router-advert max-interval 600
set interfaces switch switch0 ipv6 router-advert other-config-flag false
set interfaces switch switch0 ipv6 router-advert prefix '::/64' autonomous-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' on-link-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' valid-lifetime 2592000
set interfaces switch switch0 ipv6 router-advert reachable-time 0
set interfaces switch switch0 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 ipv6 router-advert send-advert true

#create a policy for WAN->LAN Clients:
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'IPv6 packets from the internet to LAN and WAN'
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related packets'
set firewall ipv6-name WANv6_IN rule 10 protocol all
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid packets'
set firewall ipv6-name WANv6_IN rule 20 protocol all
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_IN rule 30 action accept
set firewall ipv6-name WANv6_IN rule 30 description 'Allow ICMPv6 packets'
set firewall ipv6-name WANv6_IN rule 30 protocol icmpv6

#create a policy for WAN->Router:
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'IPv6 packets from the internet to the router'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related packets'
set firewall ipv6-name WANv6_LOCAL rule 10 protocol all
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action accept
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Allow ICMPv6 packets'
set firewall ipv6-name WANv6_LOCAL rule 20 protocol icmpv6
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow DHCPv6 client/server'
set firewall ipv6-name WANv6_LOCAL rule 30 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 30 source port 547
set firewall ipv6-name WANv6_LOCAL rule 30 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 action drop
set firewall ipv6-name WANv6_LOCAL rule 40 description 'Drop invalid packets'
set firewall ipv6-name WANv6_LOCAL rule 40 protocol all
set firewall ipv6-name WANv6_LOCAL rule 40 state invalid enable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set interfaces ethernet eth0 pppoe 0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 pppoe 0 firewall local ipv6-name WANv6_LOCAL

commit
save
exit
reboot
y

最后要是还有命令再输入的状态就直接回车

现在已经开启了ipv6 ,应该下面设备可以获取到了ipv6地址了

可能你会发现ipv6的dns获取不到,不要紧张这时候你只要登陆你的erx管理界面,再配置数的选项卡里面

interfaces / ethernet / eth0 / pppoe / 0 / dhcpv6-pd / pd / 0 / interface / switch0 中 关闭 no-dns就可以了,就是点击加号,变成减号出现红色删除线,保存就可以了,重新断开设备连接一下 就完美支持ipv6啦

 

后面有时间写一下 关于树莓派安装unifi控制器


因为喜欢所以折腾。。。