06-24-2018 08:43 PM - edited 03-01-2019 05:55 PM
HI,
I am trying to get IPv6 to work across my VLAN's I have IPv4 working no problem but to be perfectly honest I'm a newbie to IPv6 and am very confused here as to what need sot take place.
Topology
Comcast Modem > Ubiquity EdgeMax Lite > Cisco 3560-X
VLAN 192 on the Cisco 3560 is the Internet uplink to the Ubiquity Edge Lite.
Cisco VLAN 192 Configuration
c3560x(config-if)#do sh run int vlan 192 Building configuration... Current configuration : 155 bytes ! interface Vlan192 description Internet VLAN ip address 192.168.1.2 255.255.255.0 ipv6 address autoconfig default ipv6 nd router-preference High end c3560x(config-if)#
The Ubiquity EdgeMax Configuration looks as follows
ubnt@gw01:~$ show configuration firewall { all-ping enable broadcast-ping disable group { network-group BOGONS { network 10.0.0.0/8 network 100.64.0.0/10 network 127.0.0.0/8 network 169.254.0.0/16 network 172.16.0.0/12 network 192.0.0.0/24 network 192.0.2.0/24 network 192.168.0.0/16 network 198.18.0.0/15 network 198.51.100.0/24 network 203.0.113.0/24 network 224.0.0.0/4 network 240.0.0.0/4 } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name LAN_IN { default-action accept description "drop invlaid state" rule 1 { action drop log disable state { invalid enable } } } name WAN_IN { default-action drop description WAN-To-LAN rule 10 { action accept description "Allow established/related" log disable state { established enable related enable } } rule 30 { action drop description "Drop invalid state" log disable state { invalid enable } } } name WAN_LOCAL { default-action drop description WAN-to-Router-Interface rule 10 { action accept description "Allow established/related" log disable state { established enable related enable } } rule 20 { action drop description "Drop invalid state" log disable state { invalid enable } } rule 30 { action accept description "allow icmp" log disable protocol icmp } rule 40 { action drop description "drop bogon source" disable log enable source { group { network-group BOGONS } } } rule 50 { action accept description "Allow external connections to OpenVPN" destination { port 1194 } log disable protocol udp } } name WAN_OUT { default-action accept description "BLOCK OutBound Traffic" rule 1 { action drop description "NTP BLOCK PORT 123" destination { port 123 } log enable protocol tcp_udp source { address 10.0.1.155 } state { established enable invalid enable new enable related enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address dhcp description Internet dhcpv6-pd { pd 0 { interface eth1 { host-address ::1 prefix-id :1 service slaac } interface eth2 { host-address ::1 prefix-id :2 service slaac } prefix-length 60 } rapid-commit enable } duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } out { name WAN_OUT } } speed auto } ethernet eth1 { address 192.168.1.1/24 description Local duplex auto firewall { in { name LAN_IN } } speed auto } ethernet eth2 { address 192.168.2.1/24 description "Local 2" disable duplex auto firewall { in { name LAN_IN } } speed auto } ubnt@gw01:~$
Any help would be greatly appreciated.
06-25-2018 01:49 PM
Hi,
I see 2 possibilities to solve the issue.
1. Leave the C3560 as a L3 device and get prefix delegation from the Ubiquity EdgeMax Lite if it is supported.
2. Use the C3560 as L2 devices with the L3 termination on the Ubiquity EdgeMax Lite.
Regards,
06-25-2018 05:11 PM
So my preference is option 1 because I don't see any reason for traffic to traverse the Ubiquity Internet Link that is not destined for the internet. This allows me to keep local traffic off the Internet uplink.
I'm sure the ubiquity supports this because I have seen all kinds of examples of the ubiquity being used in scenario 2 that you mentioned. Where it has virtual interfaces for each VLAN.
I"m getting confused on what is needed on the Cisco VLAN's to pick up the IPv6 addresses on the 192 VLAN?
As odd as it sounds I wish the Ubiquity was a Cisco device this would probably be easier for me to figure out :-) So on the assumption that VLAN 192 is getting IPv6 address's how do I tell the other VLAN's to get IPv6 addresses from the 192 VLAN
06-25-2018 05:57 PM
So looks like I am getting IPv6 on the VLAN192 interface as it has a global address but VLAN 150 only has a link-local address.
[code]
c3560x#sh ipv6 interface
Vlan150 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::206:F6FF:FEC5:1047
No Virtual link-local address(es):
Description: Data
Stateless address autoconfig enabled
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::1:FFC5:1047
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Output features: Check hwidb
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Vlan192 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::206:F6FF:FEC5:1048
No Virtual link-local address(es):
Description: Internet VLAN
Stateless address autoconfig enabled
Global unicast address(es):
2601:281:C700:6E21:206:F6FF:FEC5:1048, subnet is 2601:281:C700:6E21::/64 [EUI/CAL/PRE]
valid lifetime 85881 preferred lifetime 13881
Joined group address(es):
FF02::1
FF02::2
FF02::1:FFC5:1048
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Output features: Check hwidb
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is High
Hosts use stateless autoconfig for addresses.
[/code]
06-27-2018 10:13 PM
HI this is what I ended up doing its still not working quite yet but i believe i am closer. Any guidance?
c3560x#sh ipv6 dhcp pool ComcastPool DHCPv6 pool: ComcastPool Prefix pool: comcast-ipv6 preferred lifetime 604800, valid lifetime 2592000 Domain name: minion.lab Active clients: 0 c3560x#sh run ipv6 dhcp pool ComcastPool ! ipv6 dhcp pool ComcastPool prefix-delegation pool comcast-ipv6 domain-name minion.lab ! c3560x#sh run int vlan 192 Building configuration... Current configuration : 189 bytes ! interface Vlan192 description Internet VLAN ip address 192.168.1.2 255.255.255.0 ipv6 address dhcp ipv6 address autoconfig default ipv6 enable ipv6 dhcp client pd comcast-ipv6 end c3560x#sh run int vlan 150 Building configuration... Current configuration : 209 bytes ! interface Vlan150 description Data ip address 10.0.150.1 255.255.255.0 ipv6 address comcast-ipv6 ::1/64 ipv6 address autoconfig ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server ComcastPool end c3560x#
VLAN 150 is still not getting an IPv6 address nor are the clients on VLAN 150 any ideas?
06-28-2018 10:30 AM
You do not need the 3560 to be a DHCPv6 PD server, but rather just a client. This should work, as long as the Ubiquity Edge Lite supports the DHCPv6 PD server capability and that is it configured for it.
Regards,
06-28-2018 12:39 PM
07-02-2018 09:17 AM
In short, the Ubiquity would act as a DHCP PD client on the WAN side (towards ComcasT) and as a DHCP server on the LAN side (towards the C3560). The C3560 will act as a DHCP PD client, will receive the PD and will use it to configure the ipv6 prefix on its LAN side and use RA to advertise the ipv6 prefix to the hosts.
Regards,
Harold
07-26-2018 02:06 PM
In that Ubiquiti config, the Comcast delegated prefixes get assigned to the internal interfaces, and each interface speaks SLAAC, allowing an address on the managed prefix.
As long has vlan 192 is mapped to a switch port that connects to the Ubiquiti, this is just like any other SLAAC based address assignment; nothing special.
The trick is making sure the Ubiquiti is handing out SLAAC addresses at all.
07-26-2018 01:52 PM - edited 07-26-2018 01:53 PM
Is the Ubiquiti device getting the prefixes from Comcast? The Business Class lines use a /56 prefix delegation and if you set /60 it won't work.
Start by making sure the Ubiquiti has successfully received the prefixes by verifying that eth1 and eth2 each have IPv6 addresses on the specified prefix id.
If the prefixes have been successfully assigned the the Ubiquiti, the switch should just pick up an IPv6 address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide