cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2292
Views
0
Helpful
5
Replies

IPv6 Prefix-Delegation split amongst 802.1q VLAN's on a port-channel

Jordan Dalley
Level 1
Level 1

Hi Propellerheads,

I have a site where we're trialling IPv6 for the first time. I've read a fair amount of documentation around and have managed to get it to work, with one exception.

The onsite router has GigabitEthernet0/0 as its ISP facing interface. I receive an IPv4 address and a /56 IPV6 prefix assigning from my ISP over Ethernet.

 

GigabitEthernet0/1 and GigabitEthernet0/2 are bonded as a Port-channel1. Port-channel1.2, Port-channel1.3 and Port-channel1.4 all have dot1q on them frame tagging them to the various VLAN's at the site.

Config looks like this:

interface GigabitEthernet0/0
 description ISP Interface
 ip address dhcp
 ip nat outside
 duplex auto
 speed auto
 ipv6 address FE80::1111 link-local
 ipv6 enable
 ipv6 dhcp client pd IPV6-PD

 

interface Port-channel1.2
 description VLAN 2
 encapsulation dot1Q 2
 ip address 10.x.x.1 255.255.x.x
 ip nat inside
 no ip virtual-reassembly in
 ipv6 address FE80::2222 link-local
 ipv6 address IPV6-PD ::2:0:0:0:1/64
 ipv6 enable

 

This works great, so long as you are on VLAN 2.

However, if I'm a client on VLAN 3 or 4, I get an ipv6 address for VLAN2, even if I leave Port-channel1.3 and 1.4 unconfigured. If I configure for example, Port-channel1.3 with a different Prefix, like this:

interface Port-channel1.3
 description VLAN 3
 encapsulation dot1Q 3
 ip address 10.x.x.1 255.255.x.x
 ip nat inside
 no ip virtual-reassembly in
 ipv6 address FE80::3333 link-local
 ipv6 address IPV6-PD ::3:0:0:0:1/64
 ipv6 enable

 

.. I get both IP's on both VLAN's... so odd.. wondering if anyone could shed some light on this one for me...

It's basically like it's ignoring the various VLAN's...

Cheers,
Jordan,

5 Replies 5

Jordan Dalley
Level 1
Level 1

Bump?

Well, for those who want to know, the issue I experienced was limited only to Windows hosts. It's an issue with how Windows processes ICMPv6 in it's NDIS drivers. In Windows apparently it has a tendency to strip the frame tag off and process it anyway, so the client tries to communicate through a tagged network its not connected to.

My workaround for this was to give the same link-local address to each 802.1q tagged port-channel and disable IPv6 DAD with command: ipv6 nd dad time 1

Hope this helps any others out there that encounter this issue.

 

 

The typo in the config results in multiple L3 interfaces connected to VLAN2:

interface Port-channel1.3
 description VLAN 3
 encapsulation dot1Q 2

Blue numbers are not relevant, the red id determines the 802.1Q tag. If both Po1.2 and Po1.3 were connected into VLAN2 then hosts could have obtained addresses from both pools.

 

Hosts are connected to access ports and don't get any 802.1Q tagged packets.

 

You may want to revise if your explanation was correct, do some testing again and re-enable DAD which is a useful feature.

Hi there,

You are correct. That was a typo on the post, the actual implementation was dot1q 3 for vlan 3.

There's heaps of posts around regarding this stupid Microsoft issue with autoconfig..

Here's one of them: http://www.educause.edu/discuss/networking-and-emerging-technologies/network-management-constituent-group/ipv6-vlan-tagging-windows

Turning off DAD and giving each VLAN the same Link-Local address was my only resolution to this..

I've edited my original post :)

Cheers,

Jordan.

I see.

 

You didn't mention the PC is behind an IP phone.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco