cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4801
Views
15
Helpful
3
Replies

Ipv6 managed-config-flag with Windows dhcpv6 server

JESSICA Walsh
Level 1
Level 1

We wish to do stateful v6 addressing for tracking purposes, so we have a Windows v6 DHCP server set up. the router SVI for the subnet is configured like this:

ipv6 unicast-routing
ipv6 multicast-routing

 

 ipv6 nd prefix X:64 0 0 no-autoconfig
 ipv6 nd managed-config-flag
 ipv6 dhcp relay destination  MYIPV6IP-ADDRESS

 

I haven't configured an ra guard policy on the router or switches yet.

 

The issue is this-our hosts are getting DHCP just fine, but there are no neighbors on the host, there is no ipv6 dns setting on the host and the default gateway is set to an fe80 address. Our hosts are actually sending same-subnet traffic to the MAC address of the router and hitting ACLs, which is not the behavior we want. The DHCP server doesn't have a setting for default gateway settings, so how do I set things up so that addresses  and gateway are retrieved via DHCP? Or maybe the question is how do I set it up so that my hosts are using DHCP, but get the correct default gateway and the ipv6 neighbors work? We don't want hosts to self-assign IP's. We will have a few hosts that might be static, but those seem to be working just fine.

2 Accepted Solutions

Accepted Solutions

Harold Ritter
Cisco Employee
Cisco Employee

Hi Jessica,

 

1. You should add the "ipv6 nd other-config-flag" in order for the host to obtain the additional DHCP parameters (domain name, dns server address, etc) via DHCPv6.

 

2. Unlike DHCPv4, DHCPv6 does not provide a default gateway to the hosts. This is done by the router advertisement.

 

3. The reason the traffic between hosts on the same subnet goes to the router is that the on-link information provided by the router advertisement is not used by the hosts due to the valid lifetime being set to 0, as per the following command:

 

 ipv6 nd prefix X:64 0 0 no-autoconfig

 

Here's what RFC5942 says about this:

 

The reception of a Prefix Information Option (PIO) with the L-bit set
   [RFC4861] and a non-zero valid lifetime creates (or updates) an entry
   in the Prefix List.  All prefixes on a host's Prefix List (i.e.,
   those prefixes that have not yet timed out) are considered to be
   on-link by that host.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Hi Jessica,

 

Glad to know I could help. As far as prefix timers are concerned, I think it would be safe to go with the default values:

 

valid lifetime of 2,592,000 seconds (30 days)

preferred lifetime of 604,800 seconds (7 days)

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-i3.html#wp1103499300

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

3 Replies 3

Harold Ritter
Cisco Employee
Cisco Employee

Hi Jessica,

 

1. You should add the "ipv6 nd other-config-flag" in order for the host to obtain the additional DHCP parameters (domain name, dns server address, etc) via DHCPv6.

 

2. Unlike DHCPv4, DHCPv6 does not provide a default gateway to the hosts. This is done by the router advertisement.

 

3. The reason the traffic between hosts on the same subnet goes to the router is that the on-link information provided by the router advertisement is not used by the hosts due to the valid lifetime being set to 0, as per the following command:

 

 ipv6 nd prefix X:64 0 0 no-autoconfig

 

Here's what RFC5942 says about this:

 

The reception of a Prefix Information Option (PIO) with the L-bit set
   [RFC4861] and a non-zero valid lifetime creates (or updates) an entry
   in the Prefix List.  All prefixes on a host's Prefix List (i.e.,
   those prefixes that have not yet timed out) are considered to be
   on-link by that host.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thank you! This has helped immensely and fixed the same-subnet ACL issue! Do you know of any best practice settings for the prefix timers? Is infinite safe to use? Again, thank you. You have fixed weeks of fiddling and Googling.

Hi Jessica,

 

Glad to know I could help. As far as prefix timers are concerned, I think it would be safe to go with the default values:

 

valid lifetime of 2,592,000 seconds (30 days)

preferred lifetime of 604,800 seconds (7 days)

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-i3.html#wp1103499300

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: