02-19-2024 08:54 AM
Greetings.
I have a simple set up consisting of a Cisco 4321 router, 2960 switch, and a Windows 11 host.
The router is running IOS XE 16.6.4 and the switch is IOS 15.5(2).
The router and switch are configured for IPv6, and the host (eventually) gets an IPv6 GUA, but can never ever ping the router's GUA or the switches GUA.
The router is configured for ipv6 unicast-routing. Here is the router configuration for the relevant interfaces:
!
interface GigabitEthernet0/0/0.224
description HOST_SUPPORT
encapsulation dot1Q 224
ip address 180.11.3.129 255.255.255.128
ipv6 address FE80::1 link-local
ipv6 address 2001:1824:11:224::1/64
!
interface GigabitEthernet0/0/0.226
description MGMT_NETWORK
encapsulation dot1Q 226
ip address 180.11.4.1 255.255.255.192
ipv6 address FE80::1 link-local
ipv6 address 2001:1824:11:226::1/64
end
and here is the config on the switch (SDM is set to dual default):
interface Vlan226
ip address 180.11.4.2 255.255.255.192
ipv6 address FE80::2 link-local
ipv6 address 2001:1824:11:226::2/64
end
Obviously the intent is to use SLAAC. The host receives the RA and builds both a permanent and a temporary GUA. The host is never able to ping the GUA or LLA of the router or the GUA of switch. Attempts to ping the router at 2001:1824:11:224::1 receive Destination Host Unreachable. Pings to fe80::1 receive Request Timed Out. Pings to the GUA of the switch (2001:1824:11:226::2) receive Request Timed Out.
The switch can ping the router (226::1 and 224::1), but cannot ping the host (permanent or temporary IPv6 GUA).
What's odd is the router is not keeping the host in it's ND cache. The RS/RA process works, since the host is creating an address from the correct prefix, but then the host's entry in the neighbor table just.. goes away. Here is the output of debug ipv6 nd and show ipv6 neighbors after I issue the ipconfig /renew6 command on the host:
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
r11#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
ICMP ND HA events debugging is ON
r11#
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Received RS
*Feb 17 22:44:05.329: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Glean
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) LLA cc96.e51b.ac2a
*Feb 17 22:44:05.329: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) INCMP -> STALE
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224) Sending solicited RA
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224) The interface media type supports ND resolution.
r11#
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) send RA to FF02::1
*Feb 17 22:44:05.330: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:44:05.330: ICMPv6-ND: MTU = 1500
*Feb 17 22:44:05.330: ICMPv6-ND: prefix 2001:1824:11:224::/64 [LA] 2592000/604800
*Feb 17 22:44:05.856: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Received NS from FE80::5BD5:A9B8:693D:348C
*Feb 17 22:44:05.856: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:44:05.856: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending NA to FE80::5BD5:A9B8:693D:348C
r11#
*Feb 17 22:44:05.857: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) STALE -> DELAY
r11#show ipv6 nei
*Feb 17 22:44:10.917: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) DELAY -> PROBE
*Feb 17 22:44:10.917: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#show ipv6 nei
*Feb 17 22:44:11.943: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#show ipv6 nei
*Feb 17 22:44:12.969: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#debug ipv6 nd
*Feb 17 22:44:13.994: ICMPv6-ND: PROBE deleted: FE80::5BD5:A9B8:693D:348C
*Feb 17 22:44:13.994: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) PROBE -> DELETE
*Feb 17 22:44:13.996: ICMPv6-ND: Remove ND cache entry
r11#
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 3 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 4 3473.2d25.6e41 STALE Gi0/0/0.226
r11#
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Received NS from FE80::5BD5:A9B8:693D:348C
*Feb 17 22:45:05.840: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Glean
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) LLA cc96.e51b.ac2a
*Feb 17 22:45:05.840: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) INCMP -> STALE
*Feb 17 22:45:05.841: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending NA to FE80::5BD5:A9B8:693D:348C
r11#
*Feb 17 22:45:05.841: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) STALE -> DELAY
r11#
*Feb 17 22:45:10.902: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) DELAY -> PROBE
*Feb 17 22:45:10.903: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:45:11.992: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:45:13.082: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 4 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 4 3473.2d25.6e41 STALE Gi0/0/0.226
r11#
*Feb 17 22:45:14.171: ICMPv6-ND: PROBE deleted: FE80::5BD5:A9B8:693D:348C
*Feb 17 22:45:14.171: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) PROBE -> DELETE
*Feb 17 22:45:14.172: ICMPv6-ND: Remove ND cache entry
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 4 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 4 3473.2d25.6e41 STALE Gi0/0/0.226
r11#
r11#
*Feb 17 22:45:48.711: ICMPv6-ND: (GigabitEthernet0/0/0.101,FE80::1) send RA to FF02::1
*Feb 17 22:45:48.711: ICMPv6-ND: (GigabitEthernet0/0/0.101,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:45:48.711: ICMPv6-ND: MTU = 1500
*Feb 17 22:45:48.711: ICMPv6-ND: prefix 2001:1824:11:101::/64 [LA] 2592000/604800
r11#
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 5 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 5 3473.2d25.6e41 STALE Gi0/0/0.226
r11#
*Feb 17 22:46:05.057: ICMPv6-ND: (GigabitEthernet0/0/0.30,FE80::1) send RA to FF02::1
*Feb 17 22:46:05.058: ICMPv6-ND: (GigabitEthernet0/0/0.30,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:46:05.058: ICMPv6-ND: MTU = 1500
*Feb 17 22:46:05.058: ICMPv6-ND: prefix 2001:1824:11:30::/64 [LA] 2592000/604800
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Received NS from FE80::5BD5:A9B8:693D:348C
*Feb 17 22:46:05.874: ICMPv6-ND: Validating ND packet options: valid
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Glean
r11#
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) LLA cc96.e51b.ac2a
*Feb 17 22:46:05.874: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) INCMP -> STALE
*Feb 17 22:46:05.875: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::1) Sending NA to FE80::5BD5:A9B8:693D:348C
*Feb 17 22:46:05.877: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) STALE -> DELAY
r11#
*Feb 17 22:46:10.937: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) DELAY -> PROBE
*Feb 17 22:46:10.937: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:46:12.030: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
*Feb 17 22:46:13.119: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) Sending NS
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 5 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 5 3473.2d25.6e41 STALE Gi0/0/0.226
r11#
*Feb 17 22:46:14.211: ICMPv6-ND: PROBE deleted: FE80::5BD5:A9B8:693D:348C
*Feb 17 22:46:14.211: ICMPv6-ND: (GigabitEthernet0/0/0.224,FE80::5BD5:A9B8:693D:348C) PROBE -> DELETE
*Feb 17 22:46:14.211: ICMPv6-ND: Remove ND cache entry
r11#
*Feb 17 22:46:15.236: ICMPv6-ND: (GigabitEthernet0/0/0.201,FE80::1) send RA to FF02::1
*Feb 17 22:46:15.237: ICMPv6-ND: (GigabitEthernet0/0/0.201,FE80::1) Sending RA (1800) to FF02::1
*Feb 17 22:46:15.237: ICMPv6-ND: MTU = 1500
*Feb 17 22:46:15.237: ICMPv6-ND: prefix 2001:1824:11:201::/64 [LA] 2592000/604800
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 5 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 5 3473.2d25.6e41 STALE Gi0/0/0.226
r11#show clock
*22:46:22.979 UTC Sat Feb 17 2024
r11#! the host just now shows a GUA
r11#
r11#show ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001:1824:11:226::2 5 3473.2d25.6e41 STALE Gi0/0/0.226
FE80::2 6 3473.2d25.6e41 STALE Gi0/0/0.226
r11#
Any suggestions would be greatly appreciated!
02-19-2024 09:12 AM
Hi @jim_r ,
What OS does the host run?
Is it on VLAN 224 or 226?
Can you provide the ifconfig/ipconfig from the host?
Regards,
02-19-2024 10:14 AM - edited 02-19-2024 10:14 AM
Harold,
The PC is on VLAN 224. It is a Windows 11 physical machine. I've moved on to a different lab and cannot copy/paste the ipconfig output... but it was normal. It showed an IPv6 address and Temporary IPv6 address in the correct GUA range, a self-generated LLA, and the IPv4 addressing.
Thanks!
02-19-2024 02:05 PM
Hi @jim_r ,
The router sends many NS without receiving any NA. Can you please provide a "show runn int <interface name>" from the switch for the interfaces connected to the router and to the host.
Can you also provide a "show runn | i ipv6" from the switch.
Regards,
02-19-2024 03:34 PM - edited 02-19-2024 03:40 PM
Harold,
I had to change systems so the addresses are slightly different, but same results. Here are the outputs you asked for from the switch:
interface FastEthernet0/1
description connected to router
switchport trunk native vlan 237
switchport trunk allowed vlan 30,101,201,224,226,237
switchport mode trunk
switchport nonegotiate
end
interface FastEthernet0/6
description Connected to Host
switchport access vlan 224
switchport mode access
switchport nonegotiate
end
s15#show run | i ipv6
ipv6 address FE80::2 link-local
ipv6 address 2001:1824:15:226::2/64
s15#
Thanks again
(edited to add the native VLAN to the allowed VLANs... that did not fix it)
Jim
02-19-2024 05:19 PM
Hi @jim_r ,
Thanks for the additional information.
Could you please disable the host based FW on the host and see if it fixes the issue.
Regards,
02-20-2024 12:09 PM
Harold - I cannot do this, as it is managed by Group Policy somewhere in the ether. I am going to test this again tonight but using a Windows 10 system (still GP managed, unfortunately) to see if there is a difference. I will post the results.
Thanks again
Jim
02-19-2024 06:51 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide