InterVLAN Routing with IPv6 Help

jchiera93 · ‎08-20-2012

Hi everyone,

I have been asked to set up a pure IPv6 test lab environment to see how to configure IPv6 settings in our Layer 3 switches and Layer 2 switches. I have a Cisco catalyst 3750, 2960G, a Dell PowerEdge 1950 acting as my DHCPv6 server, and a Dell PowerEdge 1855 Chassis with a Dell PowerEdge 1955 blade in it acting as my DNS and Active Directory server and a laptop with Windows 7 on it. On the 3750 I have my SVI's created for my vlan 20 and vlan 100

vlan 20

Layer3SW#sh run int vlan 20

Building configuration...

Current configuration : 245 bytes

!

interface Vlan20

no ip address

ipv6 address 2620:xxxx:8000:2012::1/64

ipv6 enable

ipv6 nd prefix 2620:xxxx:8000:2012::/64 infinite infinite no-autoconfig

ipv6 nd managed-config-flag

ipv6 dhcp relay destination 2620:xxxx:8000:5000:1:1:1:1

end

vlan 100

Layer3SW#sh run int vlan 100

Building configuration...

Current configuration : 183 bytes

!

interface Vlan100

no ip address

ipv6 address 2620:xxxx:8000:5000::1/64

ipv6 enable

ipv6 nd prefix 2620:xxxx:8000:5000::/64 infinite infinite no-autoconfig

ipv6 nd ra suppress

end

My vlan 20 is where my hosts that will be using stateful DHCP will be, and 2620:xxxx:8000:5000:1:1:1:1 is the address of my dhcp server. Everything seems to be working just fine for the DHCP vlan because the host running W7 is getting an address, the default gateway is being sent,the DNS server adress is being sent, and the domain suffix is being sent as well. The default gateway of hosts in vlan 20 is the link-local address of the SVI on the 3750, which seems to be normal and I can ping out of my subnet to other subnets; my two servers in the 5000 subnet.

When I go to try to ping my laptop from my two servers I get the Request timed out message. Nslookup is running fine and when I type in the host name of my laptop it resolves the hostname to the correct IPv6 address. I have staticly assigned IPv6 addresses to my servers and I gave them both the IPv6 address of my SVI (2620:xxxx:8000:5000::1) and I have tried putting in the link-local address as well, with no luck. I can ping the SVI and the two servers just fine, but I cannot ping outside the 5000 subnet. This seems like I might need a static route somewhere. I have checked my routing tables for both vlans and everything looks the same to me

vlan 100 routing table

Layer3SW#sh ipv6 route int vlan 100

IPv6 Routing Table - Default - 9 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

B - BGP, R - RIP, D - EIGRP, EX - EIGRP external

ND - Neighbor Discovery

O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

C 2620:xxxx:8000:5000::/64 [0/0]

via Vlan100, directly connected

L 2620:xxxx:8000:5000::1/128 [0/0]

via Vlan100, receive

Vlan 20 routing table

Layer3SW#sh ipv6 route int vlan 20

IPv6 Routing Table - Default - 9 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

B - BGP, R - RIP, D - EIGRP, EX - EIGRP external

ND - Neighbor Discovery

O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

C 2620:xxxx:8000:2012::/64 [0/0]

via Vlan20, directly connected

L 2620:xxxx:8000:2012::1/128 [0/0]

via Vlan20, receive

I know this is long so I included a summary.

TL;DR

I have a vlan 20 (2620:xxxx:8000:2012::/64)where all hosts that use DHCP are. I can ping hosts outside my 2012 subnet just fine. I cannot ping hosts outside my 5000 subnet which is where I have my staticaly assigned servers (vlan 100). I'm not sure if I am using the correct default gateway or if I use the link-local of te SVI. I think I need a static route somewhere.

If you need anymore information, I have it.

-Thank you,

Jeremy

P.S. Here's the vlan interface outputs, I forgot to post it earlier.

Vlan 20

Layer3SW#sh ipv6 int vlan 20

Vlan20 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::20F:F7FF:FEE2:F342

No Virtual link-local address(es):

Global unicast address(es):

2620:43:8000:2012::1, subnet is 2620:43:8000:2012::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:2

FF02::1:FF00:1

FF02::1:FFE2:F342

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

Output features: Check hwidb

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND advertised reachable time is 0 (unspecified)

ND advertised retransmit interval is 0 (unspecified)

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use DHCP to obtain routable addresses.

Vlan 100

Layer3SW#sh ipv6 int vlan 100

Vlan100 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::20F:F7FF:FEE2:F343

No Virtual link-local address(es):

Global unicast address(es):

2620:43:8000:5000::1, subnet is 2620:43:8000:5000::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FFE2:F343

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

Output features: Check hwidb

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

Hosts use stateless autoconfig for addresses.

jchiera93 · ‎08-21-2012

All this trouble and it turned out to be one little stupid rule in the Windows firewall... It's all working now. I can ping between VLANs and subnets and I can ping my hosts from my switch. At first I thought maybe the DHCP clients didn't know a route back to the static hosts, but it was a firewall rule. Now I just need to figure out if it's outbound or inbound and how to properly allow ICMPv6 traffic.