Skip to main content
Skip to breadcrumbs
Skip to search
Skip to úpravu nadpisu
Propojené aplikace
HKfree
hkfree Confluence
hkfree Confluence
Více
Prostory
Kalendáře
Analytics
Vytvořit
Pro vyhledávání stiskněte Enter
Nápověda
Nápověda online
Klávesové zkratky
Vytvořit RSS kanál
Co je nového
O Confluence
0
Osobní prostor
Nedávno zobrazeno
Nedávno proběhla práce
Profil
Úkoly
Uloženo na později
Sledované
Koncepty
Síť
Nastavení
Atlassian Marketplace
Motiv
Gliffy Diagram
Odhlásit se
Vzorové nastavení Mikrotik routeru (verze 6)
search
recentlyviewed
attachments
weblink
advanced
image-attributes
image-effects
Odstavec
Odstavec
Nadpis 1
Nadpis 2
Nadpis 3
Nadpis 4
Nadpis 5
Nadpis 6
Předformátováno
Citace
Tučné
Kurzíva
Podtržený
Výběr barvy
Více barev
Formátovaní
Přeškrtnuté
Dolní index
Horní index
Neproporcionální
Vymazat formátování
Seznam s odrážkami
Číslovaný seznam
Seznam úloh
Zmenšit odsazení
Zvětšit odsazení
Zarovnat vlevo
Zarovnat na střed
Zarovnat vpravo
Rozvržení stránky
Odkaz
Tabulka
Vložit
Vložte obsah
Soubory a obrázky
Odkaz
Značka
Horizontální linka
Seznam úloh
Datum
Symbol
Vložit makro
Zmínit uživatele
Požadavek/Filtr Jira
Informace
draw.io Diagram
Embed draw.io Diagram
draw.io Board Diagram
Gliffy Diagram
Stav
Galerie
Obsah
Týmový kalendář
Ostatní makra
Rozvržení stránky
Žádné rozložení
Dva sloupce (jednoduché)
Dva sloupce (jednoduché, levý postranní panel)
Dva sloupce (jednoduchý, pravý postranní panel)
Tři sloupce (jednoduché)
Dva sloupce
Dva sloupce (levý postranní panel)
Dva sloupce (pravý postranní panel)
Tři sloupce
Tři sloupce (levá a pravá postranní lišta)
Zpět
Opakovat
Najít/Nahradit
Klávesové zkratky – Nápověda
IPv6
Dashboard
IPv6
Vzorové nastavení Mikrotik routeru (verze 6)
<p><span style="color: rgb(29,28,29);">Zkusím sepsat postup nastavení na Mikrotiku vč. klienta (co routuje). Zkusím začít něco jako obecný návod.</span></p><p>Budu jako příklad uvádět svou oblast LiSt.</p><p><span class="c-mrkdwn__highlight" style="color: rgb(29,28,29);">List</span><span style="color: rgb(29,28,29);"> má IP rozsah dle návodu na </span><a class="confluence-link" href="/pages/viewpage.action?pageId=76548445" data-linked-resource-id="76548445" data-linked-resource-version="29" data-linked-resource-type="page" data-linked-resource-default-alias="IPv6 adresn&iacute; pl&aacute;n" data-base-url="https://confluence.hkfree.org">IPv6 adresní plán</a><span style="color: rgb(29,28,29);"> jako </span><strong>2a01:168:4900::/40</strong></p><ul><li><span style="color: rgb(29,28,29);">nastavil jsem si první <strong>adresu na interface, kde jsou klienti</strong> (u mě "bridge-sektory")</span><br /><em>/ipv6 address</em><br /><em>add address=2a01:168:4900::1/64 advertise=yes disabled=no eui-64=no from-pool="" interface=Bridge-sektory no-dad=no</em><br /><br /><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-34-26.png?version=1&modificationDate=1588505665536&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-34-26.png?version=1&modificationDate=1588505665536&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892889" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-34-26.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-34-26.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-34-26.png" data-image-height="243" data-image-width="452"><br /><br /></li><li><span style="color: rgb(29,28,29);">jal jsem se nastavovat <strong>OSPF</strong></span><br /><em><code class="c-mrkdwn__code">/routing ospf-v3 interface</code></em><br /><em><code class="c-mrkdwn__code">add area=backbone cost=20 dead-interval=40s disabled=no hello-interval=10s instance-id=0 interface=bridge-lhota network-type=default passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no</code></em><br /><span style="color: rgb(29,28,29);">důležitý, aby to běželo na interface, kde je linka (u mě "bridge-lhota", "birdge-krasnice"), nikoliv klientský interface<br /></span><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-38-0.png?version=1&modificationDate=1588505879283&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-38-0.png?version=1&modificationDate=1588505879283&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892890" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-38-0.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-38-0.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-38-0.png" data-image-height="408" data-image-width="488"><br /><br /></li><li><span style="color: rgb(29,28,29);">dalším bylo nastavení <strong>instances</strong></span><br /><em><code class="c-mrkdwn__code">/routing ospf-v3 instance</code></em><br /><em><span style="color: rgb(29,28,29);"> </span><code class="c-mrkdwn__code">set [ find default=yes ] disabled=no distribute-default=never metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=20 name=default redistribute-bgp=no redistribute-connected=as-type-1 redistribute-other-ospf=no redistribute-rip=no redistribute-static=as-type-1 router-id=10.107.73.1</code></em><br /><span style="color: rgb(29,28,29);">Důležitý, nastavit tam '</span><code class="c-mrkdwn__code">redistribute static routes'</code><span style="color: rgb(29,28,29);"> na hodnotu '</span><code class="c-mrkdwn__code">as type 1'<br /><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-39-37.png?version=1&modificationDate=1588505976668&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-39-37.png?version=1&modificationDate=1588505976668&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892891" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-39-37.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-39-37.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-39-37.png" data-image-height="318" data-image-width="487"><br /></code><span style="color: rgb(29,28,29);">a pokud protistrana vysílá IPv6, tak by se měly natáhnout routy.</span><br /><br /></li><li><span style="color: rgb(29,28,29);">Protože budeme dále delegovat každému členovi jeho vlastní rozsah a ten by lezl do OSPF, tak uděláme <strong>statickou routu</strong> v </span><code class="c-mrkdwn__code">/ipv6 route</code><span style="color: rgb(29,28,29);"> <strong>na celý /40 rozsah</strong>, a ty drobný klientský pak odfiltrujem.</span><br /><em><code class="c-mrkdwn__code">/ipv6 route<br />add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref !bgp-med !bgp-origin !bgp-prepend !check-gateway comment="souhrnna \"agregovana\" routa; viz tez routing/filters" disabled=no distance=1 dst-address=2a01:168:4900::/40 !route-tag type=unreachable<br /><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-42-53.png?version=1&modificationDate=1588506172224&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-42-53.png?version=1&modificationDate=1588506172224&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892892" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-42-53.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-42-53.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-42-53.png" data-image-height="391" data-image-width="419"><br /><br /></code></em></li><li><span style="color: rgb(29,28,29);">a <strong>odfiltrujeme</strong> ty drobný rozsahy klientů</span><br /><code class="c-mrkdwn__code">/routing filter</code><span style="color: rgb(29,28,29);"> přidáme pravidlo co odfiltruje délku prefixu 49-128 a ty nepustí do OSPF<br /><em>/routing filter</em></span><br /><em><code class="c-mrkdwn__code">add action=discard !address-family !append-bgp-communities !append-route-targets !bgp-as-path !bgp-as-path-length !bgp-atomic-aggregate !bgp-communities !bgp-local-pref !bgp-med !bgp-origin !bgp-weight chain=ospf-out disabled=no !distance invert-match=no !locally-originated-bgp !match-chain !ospf-type !pref-src !prefix prefix-length=49-128 !protocol !route-comment !route-tag !route-targets !routing-mark !scope !set-bgp-communities !set-bgp-local-pref !set-bgp-med !set-bgp-prepend set-bgp-prepend-path="" !set-bgp-weight !set-check-gateway !set-disabled !set-distance !set-in-nexthop !set-in-nexthop-direct !set-in-nexthop-ipv6 !set-in-nexthop-linklocal !set-out-nexthop !set-out-nexthop-ipv6 !set-out-nexthop-linklocal !set-pref-src !set-route-comment !set-route-tag !set-route-targets !set-routing-mark !set-scope !set-site-of-origin !set-target-scope !set-type !set-use-te-nexthop !site-of-origin !target-scope</code></em><br /><em><code class="c-mrkdwn__code"><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-44-35.png?version=1&modificationDate=1588506274601&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-44-35.png?version=1&modificationDate=1588506274601&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892893" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-44-35.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-44-35.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-44-35.png" data-image-height="542" data-image-width="400"><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-44-51.png?version=1&modificationDate=1588506290155&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-44-51.png?version=1&modificationDate=1588506290155&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892894" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-44-51.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-44-51.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-44-51.png" data-image-height="542" data-image-width="403"><br /><br /></code></em></li><li><span style="color: rgb(29,28,29);">a pustíme se do <strong>delegování subnetů pro klienty/členy</strong>. Nastavíme si </span><code class="c-mrkdwn__code">/ipv6 pool</code><span style="color: rgb(29,28,29);"> jak velké subnety budeme členům delegovat (opět podle návrhu číslovacího plánu)</span><br /><em><code class="c-mrkdwn__code">/ipv6 pool<br />add name=pool1 prefix=2a01:168:4901::/48 prefix-length=56</code></em><span style="color: rgb(29,28,29);"> <br />takže jim z /48 rozsahu budu delegovat prefixy /56<br /></span><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-48-1.png?version=1&modificationDate=1588506480606&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-48-1.png?version=1&modificationDate=1588506480606&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892895" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-48-1.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-48-1.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-48-1.png" data-image-height="176" data-image-width="427"><br /><br /></li><li><span style="color: rgb(29,28,29);">a pustíme <strong>DHCP server pro delegaci prefixů</strong></span><br /><code class="c-mrkdwn__code">/ipv6 dhcp-server</code><span style="color: rgb(29,28,29);"> kde nastavíme poslouchací inteface od klientů (u mě "bridge-sektory")<br /><em>/ipv6 dhcp-server</em></span><br /><em><code class="c-mrkdwn__code">add address-pool=pool1 dhcp-option="" disabled=no interface=Bridge-sektory lease-time=1h name=server1 preference=255 rapid-commit=yes route-distance=1 use-radius=no<br /></code></em><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-49-15.png?version=1&modificationDate=1588506554020&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-49-15.png?version=1&modificationDate=1588506554020&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892896" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-49-15.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-49-15.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-49-15.png" data-image-height="247" data-image-width="432"><br /><br /></li><li><span style="color: rgb(29,28,29);">v<strong> Neighbor discovery </strong></span><em><code class="c-mrkdwn__code">/ipv6 nd</code></em><span style="color: rgb(29,28,29);"> je ?nutné? vypnout "advertise DNS", bo to zlobí. Já ho ale nechal zapnutý. A přepnout interface z "all" na "bridge-sektory", tj. tam, kde jsou klienti</span><br /><em><code class="c-mrkdwn__code"><code class="c-mrkdwn__code">/ipv6 nd</code><br />add advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=64 interface=Bridge-sektory managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m reachable-time=unspecified retransmit-interval=unspecified<br /></code></em><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-51-52.png?version=1&modificationDate=1588506711707&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-51-52.png?version=1&modificationDate=1588506711707&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892897" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-51-52.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-51-52.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-51-52.png" data-image-height="340" data-image-width="442"><br /><br /></li><li>Aby to advertise DNS fungovalo dobře, přidal jsem do DNS konfigurace záznam o DNS serveru pro IPv6<br /><em>/ip dns</em><br /><em>set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=512 query-server-timeout=2s query-total-timeout=10s servers=10.107.4.100,10.107.4.129,<strong>2a01:168:0:10::f</strong></em><br /><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_14-10-6.png?version=1&modificationDate=1588507805632&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_14-10-6.png?version=1&modificationDate=1588507805632&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892913" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_14-10-6.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_14-10-6.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_14-10-6.png" data-image-height="374" data-image-width="466"><br /><br /></li><li><span style="color: rgb(29,28,29);">No a nakonec se hodí to <strong>zabezpečit lehkým firewallem</strong> <br /></span><em><code class="c-mrkdwn__code">/ipv6 firewall filter</code></em><br /><em><code class="c-mrkdwn__code">add action=accept chain=input comment="link-local traffic OK" src-address=fe80::/10 add action=reject chain=input comment="No new ex-hkfree incoming connections on IPv6 (this router)" connection-state=new protocol=!icmpv6 reject-with=icmp-admin-prohibited src-address=!2a01:168::/29<br /></code></em><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-54-26.png?version=1&modificationDate=1588506865662&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-54-26.png?version=1&modificationDate=1588506865662&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892898" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-54-26.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-54-26.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-54-26.png" data-image-height="543" data-image-width="658"><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-54-44.png?version=1&modificationDate=1588506883770&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-54-44.png?version=1&modificationDate=1588506883770&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892899" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-54-44.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-54-44.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-54-44.png" data-image-height="544" data-image-width="657"><br /><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-55-14.png?version=1&modificationDate=1588506913416&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-55-14.png?version=1&modificationDate=1588506913416&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892900" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-55-14.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-55-14.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-55-14.png" data-image-height="541" data-image-width="676"><img class="confluence-embedded-image" draggable="false" src="/download/attachments/100892887/image2020-5-3_13-55-31.png?version=1&modificationDate=1588506930922&api=v2" data-image-src="/download/attachments/100892887/image2020-5-3_13-55-31.png?version=1&modificationDate=1588506930922&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="100892901" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="image2020-5-3_13-55-31.png" data-base-url="https://confluence.hkfree.org" data-linked-resource-content-type="image/png" data-linked-resource-container-id="100892887" data-linked-resource-container-version="4" title="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-55-31.png" data-location="IPv6 > Vzorové nastavení Mikrotik routeru (verze 6) > image2020-5-3_13-55-31.png" data-image-height="541" data-image-width="677"><br /><br /></li><li><strong><span style="color: rgb(29,28,29);">a teď by to mělo být připravené, aby to routovalo a poskytovalo členům prefixy.</span></strong></li></ul>
Co jste změnili?
Zaslat oznámení všem sledujícím
Upravit
Náhled
Uložit
Zavřít
{"serverDuration": 287, "requestCorrelationId": "22ffef430c9bd689"}
Loading...
No suggestions
...
Surround with