cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26404
Views
0
Helpful
9
Replies

Advertised IPv6 default gateway

PrimergyQA
Level 1
Level 1

Hi there,

we have a running IPv6 environment in our lab but there is one strange behavior I would like understand respectively solve if possible.

In fact the connected clients do not show the configured IPv6 global unicast gateway address of their VLAN but they all show the same link local address as their gateway. Why is that? Any help on this is highly appreciated.

Here are the details:

The router  is a Catylst 6506-E running (s72033_rp-ADVENTERPRISE_WAN-M), Version 12.2(33)SXI3.

The configuration for 2 VLANs:

interface Vlan501

ip address 172.17.160.1 255.255.255.128

ip helper-address 172.17.128.131

ip helper-address 172.17.128.144

ipv6 address FDB8:2976:8500:501::1/64

ipv6 enable

ipv6 nd prefix FDB8:2976:8500:501::/64

ipv6 nd other-config-flag

ipv6 dhcp relay destination FDB8:2976:8500:302::2

interface Vlan502

ip address 172.17.160.129 255.255.255.128

ip helper-address 172.17.128.131

ip helper-address 172.17.128.144

ipv6 address FDB8:2976:8500:502::1/64

ipv6 enable

ipv6 nd prefix FDB8:2976:8500:502::/64

ipv6 nd other-config-flag

ipv6 dhcp relay destination FDB8:2976:8500:302::2

The IPv6 interface output for these VLANs:

Vlan501 is up, line protocol is up

  IPv6 is enabled, link-local address is FE80::217:DFFF:FE07:3580

  No Virtual link-local address(es):

  Global unicast address(es):

   FDB8:2976:8500:501::1, subnet is FDB8:2976:8500:501::/64

  Joined group address(es):

    FF02::1

    FF02::2

    FF02::1:2

    FF02::1:FF00:1

    FF02::1:FF07:3580

  MTU is 1500 bytes

  ICMP error messages limited to one every 100 milliseconds

  ICMP redirects are enabled

  ICMP unreachables are sent

  Output features: HW Shortcut Installation

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds

  ND advertised reachable time is 0 milliseconds

  ND advertised retransmit interval is 0 milliseconds

  ND router advertisements are sent every 200 seconds

  ND router advertisements live for 1800 seconds

  ND advertised default router preference is Medium

  Hosts use stateless autoconfig for addresses.

  Hosts use DHCP to obtain other configuration.

Vlan502 is up, line protocol is up

  IPv6 is enabled, link-local address is FE80::217:DFFF:FE07:3580

  No Virtual link-local address(es):

  Global unicast address(es):

    FDB8:2976:8500:502::1, subnet is FDB8:2976:8500:502::/64

  Joined group address(es):

    FF02::1

    FF02::2

    FF02::1:2

    FF02::1:FF00:1

    FF02::1:FF07:3580

  MTU is 1500 bytes

  ICMP error messages limited to one every 100 milliseconds

  ICMP redirects are enabled

  ICMP unreachables are sent

  Output features: HW Shortcut Installation

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds

  ND advertised reachable time is 0 milliseconds

  ND advertised retransmit interval is 0 milliseconds

  ND router advertisements are sent every 200 seconds

  ND router advertisements live for 1800 seconds

  ND advertised default router preference is Medium

  Hosts use stateless autoconfig for addresses.

  Hosts use DHCP to obtain other configuration.

Now this is what my Windows client sees (btw same with Linux):

Connection-specific DNS Suffix  . : vlan502.qalab

Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Backplane Connection #3

Physical Address. . . . . . . . . : 00-23-8B-42-46-A6

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : fdb8:2976:8500:502:d8f9:a141:c6eb:fead(Preferred)

Link-local IPv6 Address . . . . . : fe80::d8f9:a141:c6eb:fead%10(Preferred)

IPv4 Address. . . . . . . . . . . : 172.17.160.187(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.128

Lease Obtained. . . . . . . . . . : Montag, 9. Mai 2011 15:12:50

Lease Expires . . . . . . . . . . : Donnerstag, 12. Mai 2011 15:12:50

Default Gateway . . . . . . . . . : fe80::217:dfff:fe07:3580%10

                                    172.17.160.129

DHCP Server . . . . . . . . . . . : 172.17.128.131

DHCPv6 IAID . . . . . . . . . . . : 318776203

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CC-8B-FD-00-23-8B-42-46-A8

DNS Servers . . . . . . . . . . . : fdb8:2976:8500:300::3

                                    fdb8:2976:8500:300::5

                                    172.17.128.3

                                    172.17.128.5

NetBIOS over Tcpip. . . . . . . . : Enabled

Connection-specific DNS Suffix Search List :

                                    vlan502.qalab

As I already said above, I would expect  FDB8:2976:8500:502::1 as default gateway address on my client for VLAN 502.

Please help!

Thx in advance!

9 Replies 9

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

It's the expected behavior so no worries here

Thanks,

Laurent.

Laurent,

thank you for answering my question.

So it is definitely no misconfiguration but do you know if it would be possible to advertise the dedicated gateway address per VLAN.

That would be more convenient for our test crew.

Thanks again!

Hi,

The router use the EUI-64 scheme for stateless configuration. As the 6500 uses the same MAC address for each L3 interface, it will ends with the same link local address for every VLANs.

Please try the following command to manually set the link local address for each VLAN interface:

router(config-if)#ipv6 address link-local

HTH

Laurent.

Hi Laurent,

thanks a lot works perfectly fine.

I think I've got a lot to learn about IPv6.

Because my current understanding was that the global unicast address is used for the routing but in fact it is the link-local address.

What is the logic for requiring a dedicated link local address for each VLAN?  One of the advantages of IPv6 is the fact that every link has a link local addresses that are significant only for that link, in addition to having at least one global address.  The fact that the same link-local address can appear on multiple different links should be embraced as a benefit.

The ability to have many different addresses on an interface is one of the useful traits of IPv6 that can provide an advantage over IPv4 :-).

teru-lei
Level 1
Level 1

Although as my understanding it's the expected behavior, I still have a question. If a hacker put a rough ipv6 router in the network and advertise itself as a valid ipv6 router, is there any way I can limit the dhcpv6 client to choose their default way so that the traffic won't go to a rough router?

That's the information I need. Thanks a lot!

Review Cisco Networking for a $25 gift card