Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2331
Views
0
Helpful
1
Replies

Help Routing IPv6

johnlutheran
Level 1
Level 1

‎08-20-2018 06:45 AM - edited ‎03-01-2019 05:55 PM

Have Comcast Business - static IPv4 & IPv6. I am using a PFSense firewall connected to the modem and a 3560g with ip services connected to everything else. The IPv4 config is PFsense: <static public IP> to 172.16.0.254/30 to 172.16.0.253/30 on the 3560g. The PFsense box is not aware of any VLANS, etc, it just is the last hop to the internet. This has been working great for IPv4, now on to IPv6.

 

Comcast delivers a static /56. The WAN port on my firewall get's an address via DHCP6, I can assign the /56 as needed. I burned a /64 between the firewall and my 3560, because...why not? I'll never need 256 of them anyway. so the config so far is: Comcast to Firewall xxxx:xxxx:xx:c000:21b:21ff:fe74:6ba4 (DHCP),  LAN port on firewall set to xxxx:xxxx:xx:c0ff::254/64, 3560g routed port set to xxxx:xxxx:xx:c0ff::253/64. I have assigned my VLANS xxxx:xxxx:xx:c001::254/64...and so on.

 

I can ping6 from the firewall to the world. I can ping ipv6 xxxx:xxxx:xx:c0ff::254 from the switch. I cannot ping out to the world with any other device, including the switch. I have turned the RA on the PFsense box on and off, I have tried to set static routes on the switch. I'm stumped. Here's the config from the 3560, if anyone sees anything obvious, please let me know. I'm pulling my hair out.

 

Current configuration : 6724 bytes
!
! Last configuration change at 07:32:42 CDT Mon Aug 20 2018
! NVRAM config last updated at 06:55:51 CDT Mon Aug 20 2018
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname 3560g
!
boot-start-marker
boot-end-marker
!
!
enable secret
!
no aaa new-model
clock timezone MST -7 0
clock summer-time CDT recurring
system mtu routing 1500
vtp interface vlan11
ip routing
ip domain-name cedarbrook.local
ip name-server 10.200.0.1
!
!
!
ipv6 unicast-routing
!
password encryption aes
!

!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
description ESXi3 Management POrt (O/S)
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/3
description Master Bedroom TV
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/4
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/5
description Living Room TV
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/8
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/9
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/10
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/11
description Wireless AP
switchport trunk encapsulation dot1q
switchport trunk native vlan 50
switchport mode trunk
!
interface GigabitEthernet0/12
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/13
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/14
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/15
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/16
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/17
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/18
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/19
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/20
switchport access vlan 11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/21
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/22
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/23
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/24
description To Router
no switchport
ip address 172.16.0.253 255.255.255.0
ipv6 address xxxx:xxxx:xx::C0FF::253/64
ipv6 enable
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan6
ip address 172.16.6.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C001::254/64
ipv6 enable
!
interface Vlan10
ip address 172.16.10.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C002::254/64
ipv6 enable
!
interface Vlan11
ip address 10.200.0.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C003::254/64
ipv6 enable
!
interface Vlan20
ip address 172.16.20.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C004::254/64
ipv6 enable
!
interface Vlan30
ip address 172.16.30.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C005::254/64
ipv6 enable
!
interface Vlan40
ip address 172.16.40.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C006::254/64
ipv6 enable
!
interface Vlan50
ip address 172.16.50.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C007::254/64
ipv6 enable
!
interface Vlan60
ip address 172.16.60.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C008::254/64
ipv6 enable
!
interface Vlan70
ip address 172.16.70.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C009::254/64
ipv6 enable
!
interface Vlan80
ip address 172.16.80.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C00A::254/64
ipv6 enable
!
interface Vlan90
ip address 172.16.90.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C00B::254/64
ipv6 enable
!
interface Vlan100
ip address 172.16.100.254 255.255.255.0
ipv6 address xxxx:xxxx:xx::C00C::254/64
ipv6 enable
!
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 172.16.0.254
ip route 10.1.10.0 255.255.255.0 172.16.0.254
!
logging host 10.200.0.50
!
!
snmp-server community public RO
snmp-server enable traps vtp
snmp-server host 172.16.10.252 version 2c public
!
vstack
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
ntp master 1
ntp server 172.16.0.254
end

 

Labels:
Preview file
63 KB
0 Helpful
1 Reply 1

Harold Ritter
Spotlight
Spotlight

‎08-20-2018 08:59 AM - edited ‎08-20-2018 09:20 AM

Hi,

 

You do not have a default route configured for IPv6. Try adding the following route on the 3560.

 

ipv6 route ::/0 xxxx:xxxx:xx::C0FF::254

 

You also have to add a static route on your FW to direct traffic for the /56 subnet to xxxx:xxxx:xx::C0FF::253 (3560).

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful
Customers Also Viewed These Support Documents