Solved

Autoconfiguring hosts for IPv6 via Cisco router

Posted on 2009-04-05
22
468 Views
Last Modified: 2012-06-27
I've successfully setup a tunnel with my Cisco router with a little help from the guys over that the Tunnel Broker Forum. http://www.tunnelbroker.net/forums/index.php?topic=242.0

I'm now trying to allow my Vista and XP clients on the network to auto configure their interfaces for IPv6. http://www.tunnelbroker.net/forums/index.php?topic=254.0

I'm not sure what I need to enable on the Cisco routers local interface to allow my clients to auto configure and obtain a v6 IP?
0
Comment
Question by:adamshields
  • 11
  • 11
22 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 24073104
0
 
LVL 3

Author Comment

by:adamshields
ID: 24073448
I don't think it's necessarily DHCP...

Anyhow when applying the IP I get an error.

#ipv6 address 2001:470:XXXX:XXX::/64
% 2001:470:XXXX:XXX::/64 should not be configured on FastEthernet0/1.2, a subnet router anycast
0
 
LVL 13

Expert Comment

by:Quori
ID: 24073458
Put eui-64 at the end of the ipv6 address statement:

ipv6 address 2001:470:XXXX:XXX::/64 eui-64
0
 
LVL 3

Author Comment

by:adamshields
ID: 24073789
@Quori, what's the difference between anycast and eui-64 in laments terms?

#ipv6 address 2001:470:xxxx:xxx::/64 ?
  anycast  Configure as an anycast
  eui-64   Use eui-64 interface identifier
  <cr>
0
 
LVL 3

Author Comment

by:adamshields
ID: 24074115
My Vista box is still not picking up a IPv6
interface FastEthernet0/1.2

 description $FW_INSIDE$

 encapsulation dot1Q 2

 ip address 172.16.2.1 255.255.255.0

 ip access-group 101 in

 no ip unreachables

 ip nat inside

 ip virtual-reassembly

 ipv6 address 2001:470:880D::/64 eui-64

 ipv6 enable

Open in new window

0
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 24082755
EUI-64 adds the padding to the specified IPv6 address. Because stateless configuration (aka autoconfiguration) uses the MAC address to generate an IPv6 address, the router needs extra details - Why? a MAC address is only 48 bits long, and the interface portion of an IPv6 address is 64bits long, it needs the extra 16 bits - so its padded with FFFE in the middle.

EG:
Take a MAC address of 0060.d673.1987 after padding it would look like this 0260.d6ff.fe73.1987
0
 
LVL 3

Author Comment

by:adamshields
ID: 24082914
@Quori, okay I understand that.

I've tried the three following combination's with no luck:


interface FastEthernet0/1.2

 description $FW_INSIDE$

 encapsulation dot1Q 2

 ip address 172.16.2.1 255.255.255.0

 ip access-group 101 in

 no ip unreachables

 ip nat inside

 ip virtual-reassembly

 ipv6 address 2001:470:880D::1/64

 ipv6 address 2001:470:880D::/64 eui-64

 ipv6 enable

 ipv6 nd prefix 2001:470:880D::/64 infinite infinite

Open in new window

0
 
LVL 13

Expert Comment

by:Quori
ID: 24082985
Never tried it on Vista (I loathe Vista). Will let you know what I dig up on it.
0
 
LVL 3

Author Comment

by:adamshields
ID: 24083061
lol, well I just fired up a XP and Ubuntu box and got similar results.
Ethernet adapter Local Area Connection 4:
 

        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 172.16.2.10

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IP Address. . . . . . . . . . . . : fe80::20c:29ff:fe70:78c2%4

        Default Gateway . . . . . . . . . : 172.16.2.1
 

$ ifconfig

eth1      Link encap:Ethernet  HWaddr 00:0c:29:89:f9:3a

          inet addr:172.16.2.4  Bcast:172.16.2.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe89:f93a/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:44 errors:0 dropped:0 overruns:0 frame:0

          TX packets:90 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:5615 (5.6 KB)  TX bytes:13293 (13.2 KB)

Open in new window

0
 
LVL 13

Expert Comment

by:Quori
ID: 24083085
Try removing the ACL from your router interface and let me know how you go.
0
 
LVL 3

Author Comment

by:adamshields
ID: 24083133
Hmm didn't make a difference when I removed the ACL 101 on that interface. From what I understood IPv6 would be pretty much independent from IPv4.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 13

Expert Comment

by:Quori
ID: 24083202
It is, just ensuring you had nothing in there that could possibly be causing an issue (since you didn't provide a full config.

Let me lab it up and I'll get back to you.
Have only just started major IPv6 stuff myself.
0
 
LVL 3

Author Comment

by:adamshields
ID: 24083231
config attached...
3725router-confg.txt
0
 
LVL 3

Author Comment

by:adamshields
ID: 24083442
I didn't have:

#ipv6 unicast-routing

so now it works with just the IP set. With that said what are the benefits to each of the following?

I've been told three different methods and since I'm also new to this I'm just trying to figure out the benefits to each one. Basically I'm asking why bother with the latter two if the first one works?

ipv6 address 2001:470:880D::1/64

ipv6 nd prefix 2001:470:1F07:3B6::/64 infinite infinite

ipv6 address 2001:470:880D::/64 eui-64
0
 
LVL 13

Assisted Solution

by:Quori
Quori earned 500 total points
ID: 24083461
You don't have ipv6 unicast-routing enabled in your config
0
 
LVL 13

Expert Comment

by:Quori
ID: 24083462
Damn it lol
0
 
LVL 3

Author Comment

by:adamshields
ID: 24083471
don't worry you're getting the points but do you know why someone would bother with the last two commands. You explained the third one but I don't really see the point if it seems to automagically work by just specifying the IP...

pv6 address 2001:470:880D::1/64

ipv6 nd prefix 2001:470:1F07:3B6::/64 infinite infinite

ipv6 address 2001:470:880D::/64 eui-64
0
 
LVL 13

Expert Comment

by:Quori
ID: 24083506
Auto configuration doesn't occur without the EUI-64.
0
 
LVL 3

Author Comment

by:adamshields
ID: 24083532
That's strange b/c I have:

ipv6 address 2001:470:880D:0::1/64
and
pv6 address 2001:470:880D:1::1/64

on two separate interfaces and the machines on both networks are grabbing v6 IP's..
0
 
LVL 13

Expert Comment

by:Quori
ID: 24083545
Shut down the interfaces then bring them back up and see if they get it again.

Have a read over:

http://wiki.nil.com/IPv6_EUI-64_interface_addressing
0
 
LVL 3

Author Comment

by:adamshields
ID: 24083684
Okay thanks. It appears I can autoconfigure with eui-64 or specify the IP

ipv6 address 2001:470:xxxx::/64 eui-64

or

ipv6 address 2001:470:xxxx:0::1/64
ipv6 address 2001:470:xxxx:1::1/64
.
etc...

They both work for me :-).

Auto generate based on mac address works but for router interfaces I would assume it would be beneficial to use a static based scheme....
0
 
LVL 13

Expert Comment

by:Quori
ID: 24083691
Yeah.

You can use EUI-64 and autogenerate the IP of the router, which will also provide support for autoconfig of any hosts behind the router.
Or you can use a manual address method and specify the ipv6 nd parameter for handling any stateless config without eui-64
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now