Solved: IPv6 interVLAN routing

chrnorsimnet · ‎03-28-2013

Hello,

I'm an IT Student and I'm doing a final-study project about IPv6. In this projet I must configure 3 vlans and an internet Connection on a Cisco 3750G-PS-E switch. All intern VLAN must be connected to Internet and all VLAN can communicate together. I've also got a DHCPv6 server who works great.

Here's my configuration :

VLAN 30 is server vlan, VLAN 40 is users vlan and VLAN 176 is my Internet vlan.

Cisco 3750G-24-PS-E

interface Vlan30

no ip address

ipv6 address FDAB:CDEF:1936:30::254/64

ipv6 nd managed-config-flag

ipv6 dhcp relay destination FDAB:CDEF:1936:30::100 Vlan30

interface Vlan40

no ip address

ipv6 address FDAB:CDEF:1936:40::254/64

ipv6 nd managed-config-flag

ipv6 nd other-config-flag

ipv6 dhcp relay destination FDAB:CDEF:1936:30::100 Vlan30

interface Vlan176

no ip address

ipv6 address 2A02:26A0:0:F009::254/64

ipv6 route ::/0 vlan 176

My ISP installed an IPv6 test connection on a cisco 3560 configured as a L2 switch with this configuration :

interface FastEthernet0/8

description TMP-IPv6-simnet

switchport access vlan 176

switchport mode access

interface GigabitEthernet0/1

description toBackbone

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 174-176,1111,1143

switchport mode trunk

media-type sfp

duplex full

service-policy input VF-netspeed-wan2

And here's the configuration of the switch who must route internet for me from my ISP, it's a cisco 4507

interface Vlan176

no ip address

ipv6 address 2A02:26A0:0:F009::1/64

ipv6 ospf 1 area 0

So my L3 switch (3750G) is connected on the interface 24 to the interface 8 of the cisco 3560 L2 of my ISP. The 3560 is connected to the 4507 of my ISPs.

If i put a client computer on the vlan 40, i can ping all the interface of the 3750 switch and ping a host connected in the vlan 176 but not 2a02:26a0:0:f009::/64

I'm sur it's a routing problem, my 3750 switch don't do any routing, i only can access my directly connected subnet...

Thanks for helping me.

blau grana · ‎03-28-2013

Hello Christophe,

I was curiuos about output from #show ipv6 route but never mind, now it is clear that problem is in routing of your ISP.

In first post you said, that host in Vlan40 is able to ping all interfaces on 3750 -> it means that host is able to ping to another network so there is no problem.

You have internet access from your 3750 switch, so internet link is OK.

It means that your ISP has not configured routes for your Vlan networks. He needs to do this to routing work properly.

- ISP has to configure static routes for both Vlan networks

- or ISP has to allow you to run OSPFv3 with him

You need to communicate these facts with ISP, there is nothing else you can do [except configure NAT for IPv6 which is little bit insane :D]

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

Harold Ritter · ‎04-05-2013

Christophe,

The IPv6 prefixes used on Vlan30 and Vlan40 are unique local address (ULA) scope and are therefore not globally routable. You need to use prefixes from global unicast addresses (GUA) scope if you want users on Vlan30 and Vlan40 to have Internet connectivity. Have you been assigned GUA prefixes by your ISP?

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

blau grana · ‎03-28-2013

Hello Christophe,

Can you post configuration of interface 24 on 3750 (yout WAN interface).

Do you have configured ipv6 unicast-routing on 3750?

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

chrnorsimnet · ‎03-28-2013

Thanks for helping

Yes I have enable the ipv6 unicast-routing ^^

On my 3750G the interface 24 has this configuration :

Cisco-3750PS-TPI#show run interface gigabitEthernet 1/0/24
Building configuration...

Current configuration : 91 bytes
!
interface GigabitEthernet1/0/24
switchport access vlan 176
switchport mode access
end

blau grana · ‎03-28-2013

Hello,

Change configuration of interface GigabitEthernet1/0/24 and static route:

interface GigabitEthernet1/0/24

no switchport access vlan 176

no switchport mode access

no switchport

ipv6 address 2A02:26A0:0:F009::2/64

!

no ipv6 route ::/0 vlan 176

ipv6 route ::/0 2A02:26A0:0:F009::1

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

chrnorsimnet · ‎03-28-2013

thanks one more time but this changes don't make any difference, from a host in a vlan(30 or 40) i can't ping the 2a02:26a0:0:f009::1 and when i make a tracert,

it just goes on and on and never pass trough my switch default gateway...

need to find the solution before tomorrow ...

I hope you can find the answer

Thanks a lot

blau grana · ‎03-28-2013

Hello Christophe,

I think problem will be in ISP's routing. Do not change configuration an routing which I gave you and check with your ISP if he has configured static routes for your LAN networks toward your 3750 switch like this:

ipv6 route FDAB:CDEF:1936:30::254/64 2A02:26A0:0:F009::2

ipv6 route FDAB:CDEF:1936:40::254/64 2A02:26A0:0:F009::2

Or just enable OSPFv3 on interface GigabitEthernet1/0/24 with ipv6 ospf 1 area 0. Also do not forget to include Vlan30 and Vlan40 networks in OSPFv3 and also configure OSPFv3 RID in format of IPv4 address to work properly.

I think that problem is that ICMP ping will reach ISP's 4907, but this switch has no routes for returning traffic, so it is dropped.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

chrnorsimnet · ‎03-28-2013

I think i'm going to try OSPF, my ISP is actually closed... can you help me with de OSPF version, I never used this dynamic routage protocol, i've only used rip on another configuration.

I've configuraed my interface 1/0/24 with this :

ipv6 ospf 1 area 0

and my interface vlan 30 :

ipv6 osfp 1 area 0

What's the next ? Hos must i configure my OSPF ??

Regards,

blau grana · ‎03-28-2013

Add these commands:

ipv6 router ospf 1

router-id 1.1.1.1

interface Vlan40

ipv6 ospf 1 area 0

After few seconds OSPF neighborship should come UP. Check with these:

#show ipv6 ospf neighbor

#show ipv6 route

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

chrnorsimnet · ‎03-28-2013

I've configured the ospf like you recommandate me, but when I do the commande show ipv6 ospf neighbor,

nothing appears.

blau grana · ‎03-28-2013

That can be caused be configuration applied by your ISP, for security reasons int Vlan 176 on 4507 can be passive so you are not able to establish neighborship.

Try this last test -> ping some internet address from your 3750, if it fails, ping address of 4507 switch.

Also can you again post configuration of Gi1/0/24 and ipv6 routing table?

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

chrnorsimnet · ‎03-28-2013

So the internet ping from my 3750 work.

Here's the configuration of my switch.

#show ipv6 route table
IPv6 Routing - 11 tables
1 tables of global scope, 10 tables of link-local scope

Table id   Scope          Name
12000410   link-local     GigabitEthernet1/0/24
120007F0   link-local     Null0
120008C4   link-local     Vlan176
12000832   link-local     Vlan30
1200083C   link-local     Vlan40
0          global         default

What does mean the "link-local" in scope ? does it mean that it use IPv6 link-local adresse for routing ? I hope no ...

show run int g 1/0/24
Building configuration...

Current configuration : 126 bytes
!
interface GigabitEthernet1/0/24
no switchport
no ip address
ipv6 address 2A02:26A0:0:F009::2/64
ipv6 ospf 1 area 0
end

blau grana · ‎03-28-2013

Hello Christophe,

I was curiuos about output from #show ipv6 route but never mind, now it is clear that problem is in routing of your ISP.

In first post you said, that host in Vlan40 is able to ping all interfaces on 3750 -> it means that host is able to ping to another network so there is no problem.

You have internet access from your 3750 switch, so internet link is OK.

It means that your ISP has not configured routes for your Vlan networks. He needs to do this to routing work properly.

- ISP has to configure static routes for both Vlan networks

- or ISP has to allow you to run OSPFv3 with him

You need to communicate these facts with ISP, there is nothing else you can do [except configure NAT for IPv6 which is little bit insane :D]

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Harold Ritter · ‎04-05-2013

Christophe,

The IPv6 prefixes used on Vlan30 and Vlan40 are unique local address (ULA) scope and are therefore not globally routable. You need to use prefixes from global unicast addresses (GUA) scope if you want users on Vlan30 and Vlan40 to have Internet connectivity. Have you been assigned GUA prefixes by your ISP?

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México