cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3581
Views
0
Helpful
2
Replies

IPv6 on a Cisco 800 - am I doing it correctly?

jimwillsher
Level 1
Level 1

Hello

Sorry for the long post, but I've hopefully presented all pertinent information.



I have a Cisco 800 (877) with an ADSL connection (interface Dialer0). All my LAN devices are on a single interface, Vlan1. I have recently been added to an IPv6 trial by my ISP, Zen Internet (UK-based). I'm running OIS 12.4(24).T4.

I have a *reasonable* understanding of IPv4, but IPv6 is all very new to me.


This is the exact wording in the email from my ISP:

====================

Thank you for your email. Your subscriber account has now been enabled for IPv6. Your IPv6 address details are:

ND Prefix: 2a02:8011:d000:21::/64

PD Prefix: 2a02:8010:6036::/48

The two prefixes are described below, along with some further information on the Zen IPv6 service:

/64 Neighbour Discovery (ND) Prefix. This is used to automatically address the WAN interface of your Router, or if you are directly connected without a router, the WAN interface of that device.

/48 Delegation Prefix. This is usually provided over DHCPv6, and requires that your router acts as a requesting router for the purpose of IPv6 delegation RFC3633 - (https://tools.ietf.org/html/rfc3633). Subnets of this prefix are used by the CPE to address devices on the LAN. If prefix delegation is not supported on the router, a suggested interface ID and static route is available, which should allow routing to take place.

We also have an IPv6 enabled DNS Resolver (2a02:8010:1::212:23:3:100) , the IPv6 Address of this will be automatically advertised to supporting routers RFC3646 (https://tools.ietf.org/html/rfc3646). It can also be configured manually if required.

====================


I have configured IPv6 on my router as follows:

ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool NODE-DHCPV6
 dns-server 2A02:8010:6036:0:4CCB:4CB:E7AF:4D34                < What I believe to be the correct IP for my Windows server on the LAN
 domain-name HOME.local

interface Vlan1
 ipv6 address NODE-PD ::/64 eui-64
 ipv6 address autoconfig
 ipv6 enable
 ipv6 nd other-config-flag
 ipv6 dhcp server NODE-DHCPV6

interface Dialer0
 ipv6 address FE80::1 link-local
 ipv6 address NODE-PD ::FF:0:0:0:1/128
 ipv6 address autoconfig
 ipv6 enable
 ipv6 dhcp client pd NODE-PD rapid-commit

dialer-list 1 protocol ipv6 permit
ipv6 route ::/0 Dialer0


Note that the above was gleaned mostly from two googled pages, namely:

http://www.internode.on.net/support/guides/internet_access/ipv6/cisco_routers/
https://supportforums.cisco.com/document/54871/ipv6-cisco-877

In other words, I've followed the above guides blindly, and I'm not necessarily doing the right thing :-)


Everything *seems* to be working correctly. I can ping internal and external IPv6 addresses, I can get results back from a ping -6 www.google.co.uk (on Windows), and I get 19/20 from http://ipv6-test.com/ (the missing one being a rDNS entry, which I will contact my ISP about).


Here is my doubt/concern. I have some VMs in the house, hosting some websites, antivirus server, mail server etc. I want to guarantee that the IPv6 addresses assigned to these hosts will never change, so that I can add AAAA DNS entries. To ensure that addresses don't change, for IPv4 I would normally use DHCP on my Windows server for this, but I understand that a local DHCP server for IPv6 should rarely be required.


As I understand it, using the eui-64 method of address generation should assign an IPv6 address based on the MAC, but that doesn't seem to be happening. As such, I'm worried that the address might change in the future, for whatever reason.

Here's an example IPCONFIG output:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : HOME.local
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-LM
   Physical Address. . . . . . . . . : F8-CA-B8-32-5C-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2a02:8010:6036:0:e1da:6637:a4dd:fa48(Preferred)
   Temporary IPv6 Address. . . . . . : 2a02:8010:6036:0:d5a5:93d7:988d:1462(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e1da:6637:a4dd:fa48%22(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.214(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 07 February 2016 15:29:43
   Lease Expires . . . . . . . . . . : 12 February 2016 15:29:44
   Default Gateway . . . . . . . . . : fe80::221:a0ff:fee9:55b8%22
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.12
   DHCPv6 IAID . . . . . . . . . . . : 66636472
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-1E-E8-D5-F8-CA-B8-32-5C-6B
   DNS Servers . . . . . . . . . . . : 2a02:8010:6036:0:4ccb:4cb:e7af:4d34
                                       192.168.1.11
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       HOME.local


As I see it, there's no correlation between the MAC (F8-CA-B8-32-5C-6B) and the IPv6 address (2a02:8010:6036:0:e1da:6637:a4dd:fa48).

Am I worrying unnecessarily? Am I doing things right, or wrong, or have I got some Frankenstein hybrid configuration that's doomed to fail?

As I say, things *seem* to be working....but I want to get this right.


For the avoidance of doubt, I do have an IPv4 DHCP server configured,but not IPv6.

Many thanks to whomever is able to assist.

2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

The address you are seeing on the Windows host you included in your post is the result of privacy extensions (https://tools.ietf.org/html/rfc4941) although they are permanent.

You can disable privacy extensions to create an EUI-64 address:

netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent

...or if you could statically configure the interface, eg:

2a02:8010:6036:0::80a /64  

...if it were for a webserver.

cheers,

Seb.

Perfect, thank you :-)

Review Cisco Networking for a $25 gift card