Solved: DHCPv6 static binding

erben · ‎11-13-2023

Hi all,

I'm currently trying to get DHCPv6 to work. We need to assign static IPv6 Adresses to our clients for firewall rules.
Currently I have a LAB Setup with two routers directly connected to each other via gig2.

Interface config on Router1 (dhcp server):

interface GigabitEthernet2
 description testlink
 no ip address
 negotiation auto
 ipv6 address ABCD::1/64
 ipv6 enable
 ipv6 nd prefix default no-advertise
 ipv6 nd managed-config-flag
 ipv6 dhcp server test
end

DHCP Config on Router1:

ipv6 dhcp pool test
 prefix-delegation ABCD::BEEF/64 00030001001EBD4C620000060001
 address prefix ABCD::/64

The second Router is a DHCP Client, Interface config:

interface GigabitEthernet2
 no ip address
 negotiation auto
 ipv6 address dhcp
 ipv6 enable
end

What I'm trying to achieve is that R2 gets ABCD::BEEF/64 assigned from the DHCP Server. But instead it gets assigned a random IPv6 Adress.
Debug log output:

*Nov 13 08:56:12.110: IPv6 DHCP: Received SOLICIT from FE80::5054:FF:FE0C:A0B6 on GigabitEthernet2
*Nov 13 08:56:12.110: IPv6 DHCP: Option USER-CLASS(15) is not processed
*Nov 13 08:56:12.110: IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
*Nov 13 08:56:12.110: IPv6 DHCP: Option VENDOR-OPTS(17) is not processed
*Nov 13 08:56:12.110: IPv6 DHCP: Using interface pool test
*Nov 13 08:56:12.110: IPv6 DHCP: Creating binding for FE80::5054:FF:FE0C:A0B6 in pool test
*Nov 13 08:56:12.110: IPv6 DHCP: Binding for IA_NA 00060001 not found
*Nov 13 08:56:12.110: IPv6 DHCP: Allocating IA_NA 00060001 in binding for FE80::5054:FF:FE0C:A0B6
*Nov 13 08:56:12.110: IPv6 DHCP: Looking up pool ABCD::/64 entry with username '00030001001EBD4C620000060001'
*Nov 13 08:56:12.110: IPv6 DHCP: Poolentry for user not found
*Nov 13 08:56:12.110: IPv6 DHCP: Allocated new address ABCD::34EA:9FB7:C776:537B
*Nov 13 08:56:12.111: IPv6 DHCP: Allocating address ABCD::34EA:9FB7:C776:537B in binding for FE80::5054:FF:FE0C:A0B6, IAID 00060001
*Nov 13 08:56:12.111: IPv6 DHCP: Updating binding address entry for address ABCD::34EA:9FB7:C776:537B
*Nov 13 08:56:12.111: IPv6 DHCP: Setting timer on ABCD::34EA:9FB7:C776:537B for 60 seconds
*Nov 13 08:56:12.111: IPv6 DHCP_AAA: Retrieved subblock; It has AAA DNS_SERVERS=0
*Nov 13 08:56:12.111: IPv6 DHCP: SAS retured Null falling to link local
*Nov 13 08:56:12.111: IPv6 DHCP: Returning Link local address FE80::5054:FF:FE17:C813
*Nov 13 08:56:12.111: IPv6 DHCP: Sending ADVERTISE to FE80::5054:FF:FE0C:A0B6 src FE80::5054:FF:FE17:C813 on GigabitEthernet2
*Nov 13 08:56:13.285: IPv6 DHCP: Received REQUEST from FE80::5054:FF:FE0C:A0B6 on GigabitEthernet2
*Nov 13 08:56:13.285: IPv6 DHCP: Option USER-CLASS(15) is not processed
*Nov 13 08:56:13.285: IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
*Nov 13 08:56:13.285: IPv6 DHCP: Option VENDOR-OPTS(17) is not processed
*Nov 13 08:56:13.285: IPv6 DHCP: Using interface pool test
*Nov 13 08:56:13.285: IPv6 DHCP: Looking up pool ABCD::/64 entry with username '00030001001EBD4C620000060001'
*Nov 13 08:56:13.285: IPv6 DHCP: Poolentry for user found
*Nov 13 08:56:13.285: IPv6 DHCP: Found address ABCD::34EA:9FB7:C776:537B in binding for FE80::5054:FF:FE0C:A0B6, IAID 00060001
*Nov 13 08:56:13.285: IPv6 DHCP: Updating binding address entry for address ABCD::34EA:9FB7:C776:537B
*Nov 13 08:56:13.285: IPv6 DHCP: Setting timer on ABCD::34EA:9FB7:C776:537B for 172800 seconds
*Nov 13 08:56:13.285: IPv6 DHCP_AAA: Retrieved subblock; It has AAA DNS_SERVERS=0
*Nov 13 08:56:13.285: IPv6 DHCP: SAS retured Null falling to link local
*Nov 13 08:56:13.285: IPv6 DHCP: Returning Link local address FE80::5054:FF:FE17:C813
*Nov 13 08:56:13.285: IPv6 DHCP: Sending REPLY to FE80::5054:FF:FE0C:A0B6 src FE80::5054:FF:FE17:C813 on GigabitEthernet2

DUID seems correct but still I'm getting a random IP.
Anything I'm doing wrong here?

Many thanks!

Harold Ritter · ‎11-14-2023

Hi @erben ,

The command you configured is for prefix delegation, which allow a dhcpv6 enabled client to request an IPv6 prefix (IA_PD)(not only an address (IA_NA)). This command allows you to allocate a static prefix to a specific client.

prefix-delegation ABCD::BEEF/64 00030001001EBD4C620000060001

As far as I know, it is not possible to statically map a single IPv6 address (IA_NA) to a specific client with IOS XE. You might need to use a different DHCPv6 server to do that.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

balaji.bandi · ‎11-13-2023

i tested in Lab works as expected, what routers and IOS code running (is this Lab physical or virtuals ?)

some reference :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2s/ipv6-15-2s-book/ip6-dhcp.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

erben · ‎11-13-2023

I'm running: Cisco IOS XE Software, Version 17.12.01a
On a virtual lab in Cisco Modeling Labs. But also on real hardware I can't seem to get it to work. Clients always get random IPs in the pool, not the one assigned to the DUID.

MHM Cisco World · ‎11-13-2023

FE80::5054:FF:FE0C:A0B6

Use this as client ID in your test dhcp pool.

erben · ‎11-13-2023

Thanks! Still no difference:

CML-R1(config)#ipv6 dhcp pool test
CML-R1(config-dhcpv6)#no prefix-delegation ABCD::BEEF/64 00030001001EBD4C620000060001
CML-R1(config-dhcpv6)#prefix-delegation ABCD::BEEF/64 FE805054FFFE0CA0B6             
CML-R1(config-dhcpv6)#end
CML-R1#wr
Building configuration...
[OK]

CML-R1#
CML-R1#term mon
CML-R1#debug ipv6 dhcp 
   IPv6 DHCP debugging is on
CML-R1#


*Nov 13 11:03:32.313: IPv6 DHCP: Received SOLICIT from FE80::5054:FF:FE0C:A0B6 on GigabitEthernet2
*Nov 13 11:03:32.313: IPv6 DHCP: Option USER-CLASS(15) is not processed
*Nov 13 11:03:32.313: IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
*Nov 13 11:03:32.313: IPv6 DHCP: Option VENDOR-OPTS(17) is not processed
*Nov 13 11:03:32.313: IPv6 DHCP: Using interface pool test
*Nov 13 11:03:32.313: IPv6 DHCP: Creating binding for FE80::5054:FF:FE0C:A0B6 in pool test
*Nov 13 11:03:32.313: IPv6 DHCP: Binding for IA_NA 00060001 not found
*Nov 13 11:03:32.313: IPv6 DHCP: Allocating IA_NA 00060001 in binding for FE80::5054:FF:FE0C:A0B6
*Nov 13 11:03:32.313: IPv6 DHCP: Looking up pool ABCD::/64 entry with username '00030001001EBD4C620000060001'
*Nov 13 11:03:32.313: IPv6 DHCP: Poolentry for user not found
*Nov 13 11:03:32.313: IPv6 DHCP: Allocated new address ABCD::61AF:F358:DCE0:5F0B
*Nov 13 11:03:32.313: IPv6 DHCP: Allocating address ABCD::61AF:F358:DCE0:5F0B in binding for FE80::5054:FF:FE0C:A0B6, IAID 00060001
*Nov 13 11:03:32.313: IPv6 DHCP: Updating binding address entry for address ABCD::61AF:F358:DCE0:5F0B
*Nov 13 11:03:32.313: IPv6 DHCP: Setting timer on ABCD::61AF:F358:DCE0:5F0B for 60 seconds
*Nov 13 11:03:32.313: IPv6 DHCP_AAA: Retrieved subblock; It has AAA DNS_SERVERS=0
*Nov 13 11:03:32.313: IPv6 DHCP: SAS retured Null falling to link local
*Nov 13 11:03:32.313: IPv6 DHCP: Returning Link local address FE80::5054:FF:FE17:C813
*Nov 13 11:03:32.313: IPv6 DHCP: Sending ADVERTISE to FE80::5054:FF:FE0C:A0B6 src FE80::5054:FF:FE17:C813 on GigabitEthernet2
*Nov 13 11:03:33.487: IPv6 DHCP: Received REQUEST from FE80::5054:FF:FE0C:A0B6 on GigabitEthernet2
*Nov 13 11:03:33.488: IPv6 DHCP: Option USER-CLASS(15) is not processed
*Nov 13 11:03:33.488: IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
*Nov 13 11:03:33.488: IPv6 DHCP: Option VENDOR-OPTS(17) is not processed
*Nov 13 11:03:33.488: IPv6 DHCP: Using interface pool test
*Nov 13 11:03:33.488: IPv6 DHCP: Looking up pool ABCD::/64 entry with username '00030001001EBD4C620000060001'
*Nov 13 11:03:33.488: IPv6 DHCP: Poolentry for user found
*Nov 13 11:03:33.488: IPv6 DHCP: Found address ABCD::61AF:F358:DCE0:5F0B in binding for FE80::5054:FF:FE0C:A0B6, IAID 00060001
*Nov 13 11:03:33.488: IPv6 DHCP: Updating binding address entry for address ABCD::61AF:F358:DCE0:5F0B
*Nov 13 11:03:33.488: IPv6 DHCP: Setting timer on ABCD::61AF:F358:DCE0:5F0B for 172800 seconds
*Nov 13 11:03:33.488: IPv6 DHCP_AAA: Retrieved subblock; It has AAA DNS_SERVERS=0
*Nov 13 11:03:33.488: IPv6 DHCP: SAS retured Null falling to link local
*Nov 13 11:03:33.488: IPv6 DHCP: Returning Link local address FE80::5054:FF:FE17:C813
*Nov 13 11:03:33.488: IPv6 DHCP: Sending REPLY to FE80::5054:FF:FE0C:A0B6 src FE80::5054:FF:FE17:C813 on GigabitEthernet2

MHM Cisco World · ‎11-13-2023

Router1(config)#ipv6 dhcp database flash:/DHCPv6-db Router1(config)#ipv6 local pool VLAN10-pool AAAA:1::/48 64 Router1(config)#ipv6 local pool VLAN11-pool AAAA:11::/48 64 Router1(config)#ipv6 dhcp pool DHCPv6POOL Router1(config-dhcp)#prefix-delegation AAAA:1::23F6:33BA/64 00030001000E84244E70 Router1(config-dhcp)#prefix-delegation pool VLAN10-pool Router1(config-dhcp)#dns-server AAAA:1::19 Router1(config-dhcp)#domain-name oreilly.com Router1(config-dhcp)#exit

Try this way.

Thanks A Lot
MHM

erben · ‎11-13-2023

Hi,

current config:

ipv6 unicast-routing
ipv6 dhcp pool test
 prefix-delegation ABCD::BEEF/64 00030001001EBD4C6200
 prefix-delegation pool testpool
 dns-server AAAA:1::19
 domain-name bla.test
ipv6 local pool testpool ABCD::/48 64

But now I don't get any IP at all:

*Nov 13 14:03:39.686: IPv6 DHCP: Received SOLICIT from FE80::5054:FF:FE0C:A0B6 on GigabitEthernet2
*Nov 13 14:03:39.686: IPv6 DHCP: Option USER-CLASS(15) is not processed
*Nov 13 14:03:39.686: IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
*Nov 13 14:03:39.686: IPv6 DHCP: Option VENDOR-OPTS(17) is not processed
*Nov 13 14:03:39.686: IPv6 DHCP: Using interface pool test
*Nov 13 14:03:39.686: IPv6 DHCP: Creating binding for FE80::5054:FF:FE0C:A0B6 in pool test
*Nov 13 14:03:39.686: IPv6 DHCP: Binding for IA_NA 00060001 not found
*Nov 13 14:03:39.686: IPv6 DHCP: Allocating IA_NA 00060001 in binding for FE80::5054:FF:FE0C:A0B6
*Nov 13 14:03:39.686: IPv6 DHCP: Freeing IA_NA 00060001 from binding for FE80::5054:FF:FE0C:A0B6
*Nov 13 14:03:39.686: IPv6 DHCP: Freeing binding for FE80::5054:FF:FE0C:A0B6 from pool test
*Nov 13 14:03:39.686: IPv6 DHCP: SAS retured Null falling to link local
*Nov 13 14:03:39.686: IPv6 DHCP: Returning Link local address FE80::5054:FF:FE17:C813
*Nov 13 14:03:39.686: IPv6 DHCP: Sending ADVERTISE to FE80::5054:FF:FE0C:A0B6 src FE80::5054:FF:FE17:C813 on GigabitEthernet2

Thanks!

MHM Cisco World · ‎11-13-2023

00030001001EBD4C6200

instead you must use

FE80::5054:FF:FE0C:A0B6

erben · ‎11-13-2023

I have to use a hex string:

CML-R1(config-dhcpv6)#prefix-delegation ABCD::BEEF/64 ?
  Hex-string  DHCPv6 unique identifier(DUID)

If I use the fe80 link local it still doesn't work:

ipv6 unicast-routing
ipv6 dhcp pool test
 prefix-delegation ABCD::BEEF/64 FE805054FFFE0CA0B6
 prefix-delegation pool testpool
 dns-server AAAA:1::19
 domain-name bla.test

*Nov 13 14:11:06.624: IPv6 DHCP: Received SOLICIT from FE80::5054:FF:FE0C:A0B6 on GigabitEthernet2
*Nov 13 14:11:06.625: IPv6 DHCP: Option USER-CLASS(15) is not processed
*Nov 13 14:11:06.625: IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
*Nov 13 14:11:06.625: IPv6 DHCP: Option VENDOR-OPTS(17) is not processed
*Nov 13 14:11:06.625: IPv6 DHCP: Using interface pool test
*Nov 13 14:11:06.625: IPv6 DHCP: Creating binding for FE80::5054:FF:FE0C:A0B6 in pool test
*Nov 13 14:11:06.625: IPv6 DHCP: Binding for IA_NA 00060001 not found
*Nov 13 14:11:06.625: IPv6 DHCP: Allocating IA_NA 00060001 in binding for FE80::5054:FF:FE0C:A0B6
*Nov 13 14:11:06.625: IPv6 DHCP: Freeing IA_NA 00060001 from binding for FE80::5054:FF:FE0C:A0B6
*Nov 13 14:11:06.625: IPv6 DHCP: Freeing binding for FE80::5054:FF:FE0C:A0B6 from pool test
*Nov 13 14:11:06.625: IPv6 DHCP: SAS retured Null falling to link local
*Nov 13 14:11:06.625: IPv6 DHCP: Returning Link local address FE80::5054:FF:FE17:C813
*Nov 13 14:11:06.625: IPv6 DHCP: Sending ADVERTISE to FE80::5054:FF:FE0C:A0B6 src FE80::5054:FF:FE17:C813 on GigabitEthernet2

Harold Ritter · ‎11-14-2023

Hi @erben ,

The command you configured is for prefix delegation, which allow a dhcpv6 enabled client to request an IPv6 prefix (IA_PD)(not only an address (IA_NA)). This command allows you to allocate a static prefix to a specific client.

prefix-delegation ABCD::BEEF/64 00030001001EBD4C620000060001

As far as I know, it is not possible to statically map a single IPv6 address (IA_NA) to a specific client with IOS XE. You might need to use a different DHCPv6 server to do that.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

erben · ‎11-15-2023

Thanks! We will consider a different DHCPv6 server!