刪除電腦上fe80的ipv6 default route
在命令提示字元中,netsh > int > ipv6 >
delete route interface=15 ::/0 fe80::215:17ff:xxxx:xxxx
2016年12月28日 星期三
停用ASA 介面上IPv6 RA功能
在單位內部因本來由ASA防火牆提供IPv6環境,因為VPN需求,又在單位位內部放了一台ASA5580 設備做為VPN伺服器,導致在單位內的電腦會收到2筆fe80的default IPv6 Route, 其中一筆是由ASA 5580發出的.
解決方式:
在介面上加入 ipv6 nd suppress-ra
interface GigabitEthernet3/0
nameif Outside
security-level 0
ip address 1x0.1xx.3.200 255.255.255.0
ipv6 address 2001:288:xx01:x::200/64
ipv6 enable
ra-interval Set IPv6 Router Advertisement Interval
ra-lifetime Set IPv6 Router Advertisement Lifetime
reachable-time Set advertised reachability time
suppress-ra Suppress IPv6 Router Advertisements
參考http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/command/ref/refgd/i3.html
解決方式:
在介面上加入 ipv6 nd suppress-ra
interface GigabitEthernet3/0
nameif Outside
security-level 0
ip address 1x0.1xx.3.200 255.255.255.0
ipv6 address 2001:288:xx01:x::200/64
ipv6 enable
ra-interval Set IPv6 Router Advertisement Interval
ra-lifetime Set IPv6 Router Advertisement Lifetime
reachable-time Set advertised reachability time
suppress-ra Suppress IPv6 Router Advertisements
參考http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/command/ref/refgd/i3.html
訂閱:
文章 (Atom)