Hurricane Electric and DHCPd vlans

NathanLKoch · ‎01-17-2020

I am having trouble setting up ipv6 with HE Tunnels on Cisco IOS. I have the tunnel setup on the device. I can ping ipv6 from it.

Lets say HE gives me 2001:470:1f19:43::/64 for my routed 64. I have a switch I need to ipv6 to my router. and several vlans I need to configure with dhcp.

Vlan1 Switch to router. Static no dhcp.

int 1 router to int 1 switch

2001:470:1f19:43::3 - 2001:470:1f19:43::4

Vlan 20 interface g0/1.20

2001:470:1f19:43:20::1

Vlan 30 interface g0/1.30

2001:470:1f19:43:30::1

Vlan 40 g0/1.30

2001:470:1f19:43:40::1

etc etc.

I am getting errors like this %GigabitEthernet0/1.20: Error: 2001:470:1F19:43::/64 is overlapping with 2001:470:1F19:43::/64 on GigabitEthernet0/1.1.

My dhcp servers look like this

!
ipv6 dhcp pool vlan20
 address prefix 2001:470:1F19:43:20::/48
 dns-server 2620:119:35::35
 dns-server 2620:119:53::53
!
ipv6 cef
!

I am confused and could use some assistance please.

---------------------
"Fortune favors the brave."
▊▊▊

NathanLKoch · ‎01-18-2020

It was a matter of not knowing how IPV6 subnets work. I used https://subnettingpractice.com.

What is the best way to configure DHCPv6 on Cisco IOS.
I need help setting up DHCP pools
DHCP and router broadcasting on an interface
and specifying how it is to route.

I believe I have my zone-security configured properly. I just need help figuring out how to configure it all properly.

interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
zone-member security OUTSIDE
ipv6 address 2001:470:XXX8:AB::2/64
ipv6 enable
tunnel source GigabitEthernet0/0
tunnel mode ipv6ip
tunnel destination 66.XXX.XXX.XXX
!

interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security vlan20
no cdp enable
ipv6 address 2001:470:XXX9:AB:2000::1/68
ipv6 enable
ipv6 nd prefix 2001:470:XXX9:AB:2000::/68 14400 14400 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server vlan20
!

ipv6 dhcp pool vlan20
address prefix 2001:470:XXX9:AB:2000::/68
dns-server 2620:119:35::35
dns-server 2620:119:53::53
!

ipv6 access-list ip620-TO-OUTSIDE
permit ipv6 2001:470:XXX9:AB:2000::/68 any
control-plane host
!

ipv6 route ::/0 Tunnel0

I can ping ipv6 and traceroute ipv6 from the router. I get ipv6 addresses on my hosts and my hosts can ping eachother. but no route to the internet.
Help?

---------------------
"Fortune favors the brave."
▊▊▊

andrew.butterworth · ‎01-21-2020

/68 IPv6 prefix? It won't work....

All your client networks need to be /64. With what HE have given you you will only be able to have IPv6 on one VLAN unless you are hard-coding the IPv6 addresses on each device which will let you use longer prefixes (I think?).

I have a /48 prefix assigned to me as part of my HE tunnel so I have several /64 networks. I use stateless address assignment on the VLAN SVI interfaces with DHCPv6 providing the IPv6 DNS server addresses via some Windows 2012R2 servers.

ipv6 general-prefix Home-HE-48 0000:0000:0000::/48
ipv6 unicast-routing

ipv6 dhcp-relay source-interface Loopback0

!

interface Vlan10
ip address 192.168.0.30 255.255.255.224
ip helper-address 192.168.10.25
ip helper-address 192.168.11.25
no ip redirects
no ip proxy-arp
ipv6 address Home-HE-48 ::5000:0:0:0:FE/64
ipv6 enable
ipv6 nd other-config-flag
no ipv6 redirects
ipv6 dhcp relay destination 0000:0000:0000:64FE:192:168:10:25
ipv6 dhcp relay destination 0000:0000:0000:661E:192:168:11:25

!

I've obviously changed the IPv4 & IPv6 addressing...

Andy