我有一台 Cisco ASA 5510,9.1(7)16在 IPv6 LAN 上运行 ASA 软件版本。
我想启用 SSH 访问,但遇到以下警告:
ciscoasa(config)# show ipv6 interface management
IPv6 is enabled, link-local address is fe80::21d:a2ff:fe59:4b97
No global unicast address is configured
Joined group address(es):
ff02::2
ff02::1
ff02::1:ff59:4b97
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
ciscoasa(config)# ssh fe80::/64 management
WARNING! This command will not take effect until interface 'management' has been initialized with at least one global IPv6 address
ciscoasa(config)#
(与该地址的 SSH 连接失败,尽管当我配置并测试 IPv4 地址时,它能够连接)
所以,我的问题是:我需要做什么才能允许 SSH 连接到我的 ASA 5510 的链路本地 IPv6 地址?
我不在乎是否必须在“仅文档”IPv6 范围内设置一个虚拟地址以使其启动 SSH IPv6 堆栈,或者静态分配链路本地地址,或者其他什么:我只需要能够在与此环境中的其他设备相同的子网上访问它。
答案1
希望很明显,接口需要启用 IPv6
ipv6 enable需要在接口上配置静态 IPv6 地址,此静态地址可以是文档(rfc3849)地址,也可以是静态分配的链路本地地址,也可以是公共地址(即使不是公共可路由的
ipv6 address 2001:db8::/32