Robert Davis
asked on
Cisco 1921 IPv6 wrong RA, using link-local address
We have a Cisco 1921 that is giving out its link-local address in it's router advertisements, rather than the global uni-cast address assigned to its internal interface. DHCP config on the router works fine, and is handing out the proper subnet and dns information, but hosts are configuring their gateways to the link-local fe80:: address given in the router's RA. How can I change this?
Thanks,
Robert
Thanks,
Robert
ASKER
Sorry, here's the config, any thoughts after taking a look?
Host is also on 2001:omitted:1001::/64 and can ping6 other hosts on the same network. Router can ping out to the Internet on v6.
ip cef
!
ipv6 unicast-routing
ipv6 dhcp pool v6-pool
address prefix 2001:omitted:1001::/64
dns-server 2001:4860:4860::8888
!
ipv6 inspect name ipv6-firewall icmp
ipv6 inspect name ipv6-firewall udp
ipv6 inspect name ipv6-firewall ftp
ipv6 cef
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F04:omitted::2/64
ipv6 enable
ipv6 inspect ipv6-firewall out
ipv6 traffic-filter outside-in6 in
tunnel source publicv4address
tunnel mode ipv6ip
tunnel destination he.ipv4.address
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$FW_OUTSIDE$
ip address public.v4. address
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description $ETH-LAN$
encapsulation dot1Q 1 native
ip address ipv4.internal.address
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ipv6 address 2001:omitted:1001::1/64
ipv6 enable
ipv6 nd prefix 2001:omitted:1001::/64
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd router-preference High
ipv6 dhcp server v6-pool
!
ip forward-protocol nd
!
ipv6 route 2001:omitted:1001::/64 GigabitEthernet0/1.1
ipv6 route ::/0 Tunnel0
!
!
!
ipv6 access-list outside-in6
permit tcp any any established
permit icmp any any
Host is also on 2001:omitted:1001::/64 and can ping6 other hosts on the same network. Router can ping out to the Internet on v6.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Additionally the firewall had to be completely disabled.
First configure the outside interface using the public address as well as the link local address and use the ipv6 nd suppress-ra command.
Second do the same thing for your other VLAN and use the ipv6 nd prefix command. This will generate the advertisements.
Fro more details go to this site on cisco.
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/command/reference/ipv6_book/ipv6_07.html#wp2359793