Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring Transparent Mode for IPv6 Flows on Security Devices

 

This example shows how to configure VLANs, a Layer 2 interface, and an IRB interface that supports both IPv4 and IPv6 addresses. This example also shows how to configure the device to use only ARP requests to learn the outgoing interfaces for unknown destination MAC addresses.

Requirements

The device must be enabled for IPv6 flow processing. See Flow-Based Processing for IPv6 Traffic on Security Devices.

Overview

This example creates the configuration described in Table 1.

Table 1: IPv6 Transparent Mode Configuration for IPv6 Flows

Feature

Name

Configuration Parameters

VLANs

vlan-a

VLAN 2

vlan-b

VLAN 10

Logical interface

ge-0/0/0.0

Trunk port for packets tagged with VLAN IDs 1 through 10

Physical interface

ge-0/0/0

VLAN ID 30 assigned to untagged packets

IRB interface

irb.0

Addresses:

  • IPv4 address 10.1.1.1/24

  • IPv6 address 2001:0db8:2::1/64

Referenced in vlan-b VLAN

Learn the outgoing interfaces for unknown destination MAC addresses

Use only ARP queries without traceroute requests

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure transparent mode for IPv6 flows:

  1. Configure VLANs.
  2. Configure the Layer 2 interface.
  3. Configure the IRB interface.
  4. Configure the IRB interface for the VLAN.
  5. Configure learning for unknown destination MAC addresses.

Results

From configuration mode, confirm your configuration by entering the show vlans, show interfaces, and show security flow ethernet-switching commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying IPv6 Sessions

Purpose

Verify IPv6 sessions on the device.

Action

From operational mode, enter the show security flow session family inet6 command.

Verifying IPv6 Gates

Purpose

Verify IPv6 gates on the device.

Action

From operational mode, enter the show security flow gate family inet6 command.

Verifying IPv6 IP-action Settings

Purpose

Verify IPv6 IP-action settings on the device.

Action

From operational mode, enter the show security flow ip-action family inet6 command.