cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1108
Views
0
Helpful
7
Replies

IPv6 ND Issues?

jim_r
Level 1
Level 1

Greetings.

I have a simple set up consisting of a Cisco 4321 router, 2960 switch, and a Windows 11 host.

The router is running IOS XE 16.6.4 and the switch is IOS 15.5(2).

The router and switch are configured for IPv6, and the host (eventually) gets an IPv6 GUA, but can never ever ping the router's GUA or the switches GUA.

The router is configured for ipv6 unicast-routing. Here is the router configuration for the relevant interfaces:

 

 

 

!
interface GigabitEthernet0/0/0.224
 description HOST_SUPPORT
 encapsulation dot1Q 224
 ip address 180.11.3.129 255.255.255.128
 ipv6 address FE80::1 link-local
 ipv6 address 2001:1824:11:224::1/64
!
interface GigabitEthernet0/0/0.226
 description MGMT_NETWORK
 encapsulation dot1Q 226
 ip address 180.11.4.1 255.255.255.192
 ipv6 address FE80::1 link-local
 ipv6 address 2001:1824:11:226::1/64
end

 

 

 

and here is the config on the switch (SDM is set to dual default):

 

 

 

interface Vlan226
 ip address 180.11.4.2 255.255.255.192
 ipv6 address FE80::2 link-local
 ipv6 address 2001:1824:11:226::2/64
end

 

 

 

Obviously the intent is to use SLAAC. The host receives the RA and builds both a permanent and a temporary GUA. The host is never able to ping the GUA or LLA of the router or the GUA of switch. Attempts to ping the router at 2001:1824:11:224::1 receive Destination Host Unreachable. Pings to fe80::1 receive Request Timed Out. Pings to the GUA of the switch (2001:1824:11:226::2) receive Request Timed Out.

The switch can ping the router (226::1 and 224::1), but cannot ping the host (permanent or temporary IPv6 GUA).

What's odd is the router is not keeping the host in it's ND cache. The RS/RA process works, since the host is creating an address from the correct prefix, but then the host's entry in the neighbor table just.. goes away. Here is the output of debug ipv6 nd and show ipv6 neighbors after I issue the ipconfig /renew6 command on the host:

 

 

 

r11#
r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         3 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     3 3473.2d25.6e41  STALE Gi0/0/0.226

r11#debug ipv6 nd
  ICMP Neighbor Discovery events debugging is on
  ICMP ND HA events debugging is ON
r11#
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Received RS
*Feb 17 22:44:05.329: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Glean
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) LLA cc96.e51b.ac2a
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) INCMP -> STALE
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224) Sending solicited RA
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224) The interface media type supports ND resolution.
r11#
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) send RA to FF02::1
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:44:05.330: ICMPv6-ND:   MTU = 1500
*Feb 17 22:44:05.330: ICMPv6-ND:   prefix 2001:1824:11:224::/64 [LA] 2592000/604800
*Feb 17 22:44:05.856: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Received NS from FE80::5BD5:A9B8:693D:348C
*Feb 17 22:44:05.856: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:44:05.856: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending NA to FE80::5BD5:A9B8:693D:348C
r11#
*Feb 17 22:44:05.857: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) STALE -> DELAY
r11#show ipv6 nei
*Feb 17 22:44:10.917: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) DELAY -> PROBE
*Feb 17 22:44:10.917: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#show ipv6 nei
*Feb 17 22:44:11.943: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#show ipv6 nei
*Feb 17 22:44:12.969: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#debug ipv6 nd
*Feb 17 22:44:13.994: ICMPv6-ND: PROBE deleted: FE80::5BD5:A9B8:693D:348C
*Feb 17 22:44:13.994: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) PROBE -> DELETE
*Feb 17 22:44:13.996: ICMPv6-ND:  Remove ND cache entry
r11#             
r11#
r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         3 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     3 3473.2d25.6e41  STALE Gi0/0/0.226

r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         3 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     3 3473.2d25.6e41  STALE Gi0/0/0.226

r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         3 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     3 3473.2d25.6e41  STALE Gi0/0/0.226

r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         3 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     3 3473.2d25.6e41  STALE Gi0/0/0.226

r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         3 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     4 3473.2d25.6e41  STALE Gi0/0/0.226

r11#
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Received NS from FE80::5BD5:A9B8:693D:348C
*Feb 17 22:45:05.840: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Glean
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) LLA cc96.e51b.ac2a
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) INCMP -> STALE
*Feb 17 22:45:05.841: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending NA to FE80::5BD5:A9B8:693D:348C
r11#
*Feb 17 22:45:05.841: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) STALE -> DELAY
r11#
*Feb 17 22:45:10.902: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) DELAY -> PROBE
*Feb 17 22:45:10.903: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:45:11.992: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:45:13.082: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         4 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     4 3473.2d25.6e41  STALE Gi0/0/0.226

r11#
*Feb 17 22:45:14.171: ICMPv6-ND: PROBE deleted: FE80::5BD5:A9B8:693D:348C
*Feb 17 22:45:14.171: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) PROBE -> DELETE
*Feb 17 22:45:14.172: ICMPv6-ND:  Remove ND cache entry
r11#
r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         4 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     4 3473.2d25.6e41  STALE Gi0/0/0.226

r11#
r11#
*Feb 17 22:45:48.711: ICMPv6-ND: (GigabitEthernet0/0/0.101,FE80::1) send RA to FF02::1
*Feb 17 22:45:48.711: ICMPv6-ND: (GigabitEthernet0/0/0.101,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:45:48.711: ICMPv6-ND:   MTU = 1500
*Feb 17 22:45:48.711: ICMPv6-ND:   prefix 2001:1824:11:101::/64 [LA] 2592000/604800
r11#
r11#
r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         5 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     5 3473.2d25.6e41  STALE Gi0/0/0.226

r11#
*Feb 17 22:46:05.057: ICMPv6-ND: (GigabitEthernet0/0/0.30,FE80::1) send RA to FF02::1
*Feb 17 22:46:05.058: ICMPv6-ND: (GigabitEthernet0/0/0.30,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:46:05.058: ICMPv6-ND:   MTU = 1500
*Feb 17 22:46:05.058: ICMPv6-ND:   prefix 2001:1824:11:30::/64 [LA] 2592000/604800
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Received NS from FE80::5BD5:A9B8:693D:348C
*Feb 17 22:46:05.874: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Glean
r11#
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) LLA cc96.e51b.ac2a
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) INCMP -> STALE
*Feb 17 22:46:05.875: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending NA to FE80::5BD5:A9B8:693D:348C
*Feb 17 22:46:05.877: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) STALE -> DELAY
r11#
*Feb 17 22:46:10.937: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) DELAY -> PROBE
*Feb 17 22:46:10.937: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:46:12.030: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:46:13.119: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         5 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     5 3473.2d25.6e41  STALE Gi0/0/0.226

r11#
*Feb 17 22:46:14.211: ICMPv6-ND: PROBE deleted: FE80::5BD5:A9B8:693D:348C
*Feb 17 22:46:14.211: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) PROBE -> DELETE
*Feb 17 22:46:14.211: ICMPv6-ND:  Remove ND cache entry
r11#
*Feb 17 22:46:15.236: ICMPv6-ND: (GigabitEthernet0/0/0.201,FE80::1) send RA to FF02::1
*Feb 17 22:46:15.237: ICMPv6-ND: (GigabitEthernet0/0/0.201,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:46:15.237: ICMPv6-ND:   MTU = 1500
*Feb 17 22:46:15.237: ICMPv6-ND:   prefix 2001:1824:11:201::/64 [LA] 2592000/604800
r11#
r11#show ipv6 nei
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         5 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     5 3473.2d25.6e41  STALE Gi0/0/0.226

r11#show clock
*22:46:22.979 UTC Sat Feb 17 2024
r11#! the host just now shows a GUA 
r11#
r11#show ipv6 nei                  
IPv6 Address                              Age Link-layer Addr State Interface
2001:1824:11:226::2                         5 3473.2d25.6e41  STALE Gi0/0/0.226
FE80::2                                     6 3473.2d25.6e41  STALE Gi0/0/0.226

r11#

 

 

 

Any suggestions would be greatly appreciated!

7 Replies 7

Harold Ritter
Spotlight
Spotlight

Hi @jim_r ,

What OS does the host run?

Is it on VLAN 224 or 226?

Can you provide the ifconfig/ipconfig from the host?

Regards,

Harold,

The PC is on VLAN 224. It is a Windows 11 physical machine. I've moved on to a different lab and cannot copy/paste the ipconfig output... but it was normal. It showed an IPv6 address and Temporary IPv6 address in the correct GUA range, a self-generated LLA, and the IPv4 addressing.

Thanks!

Hi @jim_r ,

The router sends many NS without receiving any NA. Can you please provide a "show runn int <interface name>" from the switch for the interfaces connected to the router and to the host.

Can you also provide a "show runn | i ipv6" from the switch.

Regards,

Harold,

I had to change systems so the addresses are slightly different, but same results. Here are the outputs you asked for from the switch:

 

interface FastEthernet0/1
 description connected to router
 switchport trunk native vlan 237
 switchport trunk allowed vlan 30,101,201,224,226,237
 switchport mode trunk
 switchport nonegotiate
end

interface FastEthernet0/6
 description Connected to Host
 switchport access vlan 224
 switchport mode access
 switchport nonegotiate
end

s15#show run | i ipv6
 ipv6 address FE80::2 link-local
 ipv6 address 2001:1824:15:226::2/64
s15#

 

 Thanks again

(edited to add the native VLAN to the allowed VLANs... that did not fix it)

Jim

Hi @jim_r ,

Thanks for the additional information. 

Could you please disable the host based FW on the host and see if it fixes the issue.

Regards,

Harold - I cannot do this, as it is managed by Group Policy somewhere in the ether. I am going to test this again tonight but using a Windows 10 system (still GP managed, unfortunately) to see if there is a difference.  I will post the results.

Thanks again

Jim

Submit and support for access me.Thank you.
Syaifulnizam

Review Cisco Networking for a $25 gift card