03-28-2013 03:36 AM - edited 03-01-2019 05:39 PM
Hello,
I'm an IT Student and I'm doing a final-study project about IPv6. In this projet I must configure 3 vlans and an internet Connection on a Cisco 3750G-PS-E switch. All intern VLAN must be connected to Internet and all VLAN can communicate together. I've also got a DHCPv6 server who works great.
Here's my configuration :
VLAN 30 is server vlan, VLAN 40 is users vlan and VLAN 176 is my Internet vlan.
Cisco 3750G-24-PS-E
interface Vlan30
no ip address
ipv6 address FDAB:CDEF:1936:30::254/64
ipv6 nd managed-config-flag
ipv6 dhcp relay destination FDAB:CDEF:1936:30::100 Vlan30
interface Vlan40
no ip address
ipv6 address FDAB:CDEF:1936:40::254/64
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 dhcp relay destination FDAB:CDEF:1936:30::100 Vlan30
interface Vlan176
no ip address
ipv6 address 2A02:26A0:0:F009::254/64
ipv6 route ::/0 vlan 176
My ISP installed an IPv6 test connection on a cisco 3560 configured as a L2 switch with this configuration :
interface FastEthernet0/8
description TMP-IPv6-simnet
switchport access vlan 176
switchport mode access
interface GigabitEthernet0/1
description toBackbone
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 174-176,1111,1143
switchport mode trunk
media-type sfp
duplex full
service-policy input VF-netspeed-wan2
And here's the configuration of the switch who must route internet for me from my ISP, it's a cisco 4507
interface Vlan176
no ip address
ipv6 address 2A02:26A0:0:F009::1/64
ipv6 ospf 1 area 0
So my L3 switch (3750G) is connected on the interface 24 to the interface 8 of the cisco 3560 L2 of my ISP. The 3560 is connected to the 4507 of my ISPs.
If i put a client computer on the vlan 40, i can ping all the interface of the 3750 switch and ping a host connected in the vlan 176 but not 2a02:26a0:0:f009::/64
I'm sur it's a routing problem, my 3750 switch don't do any routing, i only can access my directly connected subnet...
Thanks for helping me.
Solved! Go to Solution.
03-28-2013 11:53 AM
Hello Christophe,
I was curiuos about output from #show ipv6 route but never mind, now it is clear that problem is in routing of your ISP.
In first post you said, that host in Vlan40 is able to ping all interfaces on 3750 -> it means that host is able to ping to another network so there is no problem.
You have internet access from your 3750 switch, so internet link is OK.
It means that your ISP has not configured routes for your Vlan networks. He needs to do this to routing work properly.
- ISP has to configure static routes for both Vlan networks
- or ISP has to allow you to run OSPFv3 with him
You need to communicate these facts with ISP, there is nothing else you can do [except configure NAT for IPv6 which is little bit insane :D]
Best Regards
Please rate all helpful posts and close solved questions
04-05-2013 08:33 PM
Christophe,
The IPv6 prefixes used on Vlan30 and Vlan40 are unique local address (ULA) scope and are therefore not globally routable. You need to use prefixes from global unicast addresses (GUA) scope if you want users on Vlan30 and Vlan40 to have Internet connectivity. Have you been assigned GUA prefixes by your ISP?
Regards
03-28-2013 07:18 AM
Hello Christophe,
Can you post configuration of interface 24 on 3750 (yout WAN interface).
Do you have configured ipv6 unicast-routing on 3750?
Best Regards
Please rate all helpful posts and close solved questions
03-28-2013 07:22 AM
Thanks for helping
Yes I have enable the ipv6 unicast-routing ^^
On my 3750G the interface 24 has this configuration :
Cisco-3750PS-TPI#show run interface gigabitEthernet 1/0/24
Building configuration...
Current configuration : 91 bytes
!
interface GigabitEthernet1/0/24
switchport access vlan 176
switchport mode access
end
03-28-2013 07:28 AM
Hello,
Change configuration of interface GigabitEthernet1/0/24 and static route:
interface GigabitEthernet1/0/24
no switchport access vlan 176
no switchport mode access
no switchport
ipv6 address 2A02:26A0:0:F009::2/64
!
no ipv6 route ::/0 vlan 176
ipv6 route ::/0 2A02:26A0:0:F009::1
Best Regards
Please rate all helpful posts and close solved questions
03-28-2013 07:41 AM
thanks one more time but this changes don't make any difference, from a host in a vlan(30 or 40) i can't ping the 2a02:26a0:0:f009::1 and when i make a tracert,
it just goes on and on and never pass trough my switch default gateway...
need to find the solution before tomorrow ...
I hope you can find the answer
Thanks a lot
03-28-2013 08:14 AM
Hello Christophe,
I think problem will be in ISP's routing. Do not change configuration an routing which I gave you and check with your ISP if he has configured static routes for your LAN networks toward your 3750 switch like this:
ipv6 route FDAB:CDEF:1936:30::254/64 2A02:26A0:0:F009::2
ipv6 route FDAB:CDEF:1936:40::254/64 2A02:26A0:0:F009::2
Or just enable OSPFv3 on interface GigabitEthernet1/0/24 with ipv6 ospf 1 area 0. Also do not forget to include Vlan30 and Vlan40 networks in OSPFv3 and also configure OSPFv3 RID in format of IPv4 address to work properly.
I think that problem is that ICMP ping will reach ISP's 4907, but this switch has no routes for returning traffic, so it is dropped.
Best Regards
Please rate all helpful posts and close solved questions
03-28-2013 08:30 AM
I think i'm going to try OSPF, my ISP is actually closed... can you help me with de OSPF version, I never used this dynamic routage protocol, i've only used rip on another configuration.
I've configuraed my interface 1/0/24 with this :
ipv6 ospf 1 area 0
and my interface vlan 30 :
ipv6 osfp 1 area 0
What's the next ? Hos must i configure my OSPF ??
Regards,
03-28-2013 08:40 AM
Add these commands:
ipv6 router ospf 1
router-id 1.1.1.1
interface Vlan40
ipv6 ospf 1 area 0
After few seconds OSPF neighborship should come UP. Check with these:
#show ipv6 ospf neighbor
#show ipv6 route
Best Regards
Please rate all helpful posts and close solved questions
03-28-2013 09:05 AM
I've configured the ospf like you recommandate me, but when I do the commande show ipv6 ospf neighbor,
nothing appears.
03-28-2013 09:15 AM
That can be caused be configuration applied by your ISP, for security reasons int Vlan 176 on 4507 can be passive so you are not able to establish neighborship.
Try this last test -> ping some internet address from your 3750, if it fails, ping address of 4507 switch.
Also can you again post configuration of Gi1/0/24 and ipv6 routing table?
Best Regards
Please rate all helpful posts and close solved questions
03-28-2013 09:26 AM
So the internet ping from my 3750 work.
Here's the configuration of my switch.
#show ipv6 route table
IPv6 Routing - 11 tables
1 tables of global scope, 10 tables of link-local scope
Table id Scope Name
12000410 link-local GigabitEthernet1/0/24
120007F0 link-local Null0
120008C4 link-local Vlan176
12000832 link-local Vlan30
1200083C link-local Vlan40
0 global default
What does mean the "link-local" in scope ? does it mean that it use IPv6 link-local adresse for routing ? I hope no ...
show run int g 1/0/24
Building configuration...
Current configuration : 126 bytes
!
interface GigabitEthernet1/0/24
no switchport
no ip address
ipv6 address 2A02:26A0:0:F009::2/64
ipv6 ospf 1 area 0
end
03-28-2013 11:53 AM
Hello Christophe,
I was curiuos about output from #show ipv6 route but never mind, now it is clear that problem is in routing of your ISP.
In first post you said, that host in Vlan40 is able to ping all interfaces on 3750 -> it means that host is able to ping to another network so there is no problem.
You have internet access from your 3750 switch, so internet link is OK.
It means that your ISP has not configured routes for your Vlan networks. He needs to do this to routing work properly.
- ISP has to configure static routes for both Vlan networks
- or ISP has to allow you to run OSPFv3 with him
You need to communicate these facts with ISP, there is nothing else you can do [except configure NAT for IPv6 which is little bit insane :D]
Best Regards
Please rate all helpful posts and close solved questions
04-05-2013 08:33 PM
Christophe,
The IPv6 prefixes used on Vlan30 and Vlan40 are unique local address (ULA) scope and are therefore not globally routable. You need to use prefixes from global unicast addresses (GUA) scope if you want users on Vlan30 and Vlan40 to have Internet connectivity. Have you been assigned GUA prefixes by your ISP?
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide