Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 1921 IPv6 wrong RA, using link-local address

Posted on 2014-04-07
4
Medium Priority
?
444 Views
Last Modified: 2014-05-23
We have a Cisco 1921 that is giving out its link-local address in it's router advertisements, rather than the global uni-cast address assigned to its internal interface.  DHCP config on the router works fine, and is handing out the proper subnet and dns information, but hosts are configuring their gateways to the link-local fe80:: address given in the router's RA.  How can I change this?

Thanks,
Robert
0
Comment
Question by:Robert Davis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 10

Expert Comment

by:Rafael
ID: 39984613
I don't know how your config looks so this is off the hip. You may have to configure two VLANs. One for inside and one for outside.

First configure the outside interface using the public address as well as the link local address and use the ipv6 nd suppress-ra command.

Second do the same thing for your other  VLAN and use the ipv6 nd prefix command. This will generate the advertisements.

Fro more details go to this site on cisco.

http://www.cisco.com/c/en/us/td/docs/ios/ipv6/command/reference/ipv6_book/ipv6_07.html#wp2359793
0
 
LVL 1

Author Comment

by:Robert Davis
ID: 39984655
Sorry, here's the config, any thoughts after taking a look?

ip cef
!
ipv6 unicast-routing
ipv6 dhcp pool v6-pool
 address prefix 2001:omitted:1001::/64
 dns-server 2001:4860:4860::8888
!
ipv6 inspect name ipv6-firewall icmp
ipv6 inspect name ipv6-firewall udp
ipv6 inspect name ipv6-firewall ftp
ipv6 cef
!
!
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:1F04:omitted::2/64
 ipv6 enable
 ipv6 inspect ipv6-firewall out
 ipv6 traffic-filter outside-in6 in
 tunnel source publicv4address
 tunnel mode ipv6ip
 tunnel destination he.ipv4.address
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$FW_OUTSIDE$
 ip address public.v4. address
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description $ETH-LAN$
 encapsulation dot1Q 1 native
 ip address ipv4.internal.address
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 ipv6 address 2001:omitted:1001::1/64
 ipv6 enable
 ipv6 nd prefix 2001:omitted:1001::/64
 ipv6 nd managed-config-flag
 ipv6 nd other-config-flag
 ipv6 nd router-preference High
 ipv6 dhcp server v6-pool
!
ip forward-protocol nd
!
ipv6 route 2001:omitted:1001::/64 GigabitEthernet0/1.1
ipv6 route ::/0 Tunnel0
!
!
!
ipv6 access-list outside-in6
 permit tcp any any established
 permit icmp any any

Open in new window


Host is also on 2001:omitted:1001::/64 and can ping6 other hosts on the same network.  Router can ping out to the Internet on v6.
0
 
LVL 17

Accepted Solution

by:
TimotiSt earned 2000 total points
ID: 39996134
As weird as it is, I think that's the way IPv6 was designed to work.

The use of link-local addresses to uniquely identify routers (for
      Router Advertisement and Redirect messages) makes it possible for
      hosts to maintain the router associations in the event of the site
      renumbering to use new global prefixes.
https://tools.ietf.org/html/rfc4861
0
 
LVL 1

Author Closing Comment

by:Robert Davis
ID: 40087522
Additionally the firewall had to be completely disabled.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question