cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2199
Views
0
Helpful
2
Replies

Hurricane Electric and DHCPd vlans

NathanLKoch
Level 1
Level 1

I am having trouble setting up ipv6 with HE Tunnels on Cisco IOS. I have the tunnel setup on the device. I can ping ipv6 from it.

Lets say HE gives me 2001:470:1f19:43::/64 for my routed 64. I have a switch I need to ipv6 to my router. and several vlans I need to configure with dhcp.

 

Vlan1 Switch to router. Static no dhcp.

int 1 router to int 1 switch

2001:470:1f19:43::3 - 2001:470:1f19:43::4

 

Vlan 20 interface g0/1.20

2001:470:1f19:43:20::1

Vlan 30 interface g0/1.30

2001:470:1f19:43:30::1

Vlan 40 g0/1.30

2001:470:1f19:43:40::1

etc etc.

 

I am getting errors like this %GigabitEthernet0/1.20: Error: 2001:470:1F19:43::/64 is overlapping with 2001:470:1F19:43::/64 on GigabitEthernet0/1.1.

My dhcp servers look like this

!
ipv6 dhcp pool vlan20
 address prefix 2001:470:1F19:43:20::/48
 dns-server 2620:119:35::35
 dns-server 2620:119:53::53
!
ipv6 cef
!

I am confused and could use some assistance please.

---------------------
"Fortune favors the brave."
▊▊▊
2 Replies 2

NathanLKoch
Level 1
Level 1

It was a matter of not knowing how IPV6 subnets work. I used https://subnettingpractice.com.

 

What is the best way to configure DHCPv6 on Cisco IOS.
I need help setting up DHCP pools
DHCP and router broadcasting on an interface
and specifying how it is to route.

I believe I have my zone-security configured properly. I just need help figuring out how to configure it all properly.

 

interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
zone-member security OUTSIDE
ipv6 address 2001:470:XXX8:AB::2/64
ipv6 enable
tunnel source GigabitEthernet0/0
tunnel mode ipv6ip
tunnel destination 66.XXX.XXX.XXX
!

 

interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security vlan20
no cdp enable
ipv6 address 2001:470:XXX9:AB:2000::1/68
ipv6 enable
ipv6 nd prefix 2001:470:XXX9:AB:2000::/68 14400 14400 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server vlan20
!

 

ipv6 dhcp pool vlan20
address prefix 2001:470:XXX9:AB:2000::/68
dns-server 2620:119:35::35
dns-server 2620:119:53::53
!

 

ipv6 access-list ip620-TO-OUTSIDE
permit ipv6 2001:470:XXX9:AB:2000::/68 any
control-plane host
!

 

ipv6 route ::/0 Tunnel0

 

I can ping ipv6 and traceroute ipv6 from the router. I get ipv6 addresses on my hosts and my hosts can ping eachother. but no route to the internet.
Help?

---------------------
"Fortune favors the brave."
▊▊▊

/68 IPv6 prefix?  It won't work....

All your client networks need to be /64.  With what HE have given you you will only be able to have IPv6 on one VLAN unless you are hard-coding the IPv6 addresses on each device which will let you use longer prefixes (I think?).

I have a /48 prefix assigned to me as part of my HE tunnel so I have several /64 networks.  I use stateless address assignment on the VLAN SVI interfaces with DHCPv6 providing the IPv6 DNS server addresses via some Windows 2012R2 servers.

 

ipv6 general-prefix Home-HE-48 0000:0000:0000::/48
ipv6 unicast-routing

ipv6 dhcp-relay source-interface Loopback0

!

interface Vlan10
 ip address 192.168.0.30 255.255.255.224
 ip helper-address 192.168.10.25
 ip helper-address 192.168.11.25
 no ip redirects
 no ip proxy-arp
 ipv6 address Home-HE-48 ::5000:0:0:0:FE/64
 ipv6 enable
 ipv6 nd other-config-flag
 no ipv6 redirects
 ipv6 dhcp relay destination 0000:0000:0000:64FE:192:168:10:25
 ipv6 dhcp relay destination 0000:0000:0000:661E:192:168:11:25

!

I've obviously changed the IPv4 & IPv6 addressing...

 

Andy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: