02-01-2012 07:55 PM - edited 03-01-2019 05:32 PM
I have my 1811 setup as a Tunnel broker to he.net but although the tunnel says it is up, I cant ping anything on IPv6.
Any suggestions on where my problem is ? My 1811 is connected directly to the cable modem.
The config I am using was pieced together from the examples I have found -
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F10:102::1/64
ipv6 enable
tunnel source Vlan1
tunnel destination 209.51.181.2
tunnel mode ipv6ip
!
interface FastEthernet1
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description LAN
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip virtual-reassembly
ipv6 address 2001:470:1F11:102::1/64
ipv6 enable
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1
ip nat inside source list 1 interface FastEthernet1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
ipv6 route ::/0 Tunnel0
!
Here is what the debug tunnel shows -
Feb 1 21:39:51: FIBtunnel: Tunnel0 physical idb changed from FastEthernet1 to FastEthernet1
Feb 1 21:39:51: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.1.11)
Feb 1 21:39:53: %LINK-3-UPDOWN: Interface Tunnel0, changed state to up
Feb 1 21:39:53: FIBtunnel: Tu0: stacking IPV6 :: to Default:209.51.181.2
Feb 1 21:39:53: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
Feb 1 21:39:53: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)
Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes
Feb 1 21:39:55: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)
Feb 1 21:39:55: Tunnel0 count tx, adding 20 encap bytes
Using c181x-advipservicesk9-mz.124-22.T.bin.
Any suggestions appreciated.
Ron
02-02-2012 02:07 AM
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F10:102::1/64
ipv6 enable
tunnel source Vlan1 !!! <- here is the mistake
tunnel destination 209.51.181.2
tunnel mode ipv6ip
Your tunnel source cannot be Vlan 1 as this has a private IP address which is not visible at the other end 209.51.181.2
Your tunnel source has to be a static IP address or DDNS and this is has to be public and visible from 209.51.181.2.
As I see the Fa1 is your WAN connections, so this should get the public IP address.
If this is dynamic DHCP you have to setup DDNS and set this in the configuration page of Tunnelbroker.
If this is static DHCP (you get the same IP address all the time) , then you only need to change the config to:
interface tun0
tunnel source Fa1
Btw, at tunnelbroker you have a sample configureation for Cisco IOS for your specific tunnel configuration (Example Configuration tab in the config page).
Here is a discussion about tunnelbroker and DDNS
https://www.tunnelbroker.net/forums/index.php?topic=2180.0
HTH,
Calin
02-02-2012 06:02 AM
Calin:
Thanks for the positng. Vlan1 was partof the problem. The other one is that I had the wrong IPv6 address on the tunnel0 interface (I was using .1 and should have been using .2). Once I changed both, I was able to start pinging IPv6 hosts as well as go to IPv6 only websites.
The only debug command that I found that gave me any info was debug tunnel. All I could see was traffic going out but no indication of what nothing was coming back. Will be digging more into that area. I am using this to help my learning so I can get more experience with IPv6 and do better when I start taking the CCNP R/S exams in a few weeks (already have CCNP Security).
Will Also take a look at the link you provided about DDNS. Want to look at that as well.
Ron
02-02-2012 06:10 AM
Hello Ron
Good that it's working now. The source as Vlan1 was visible to me, but the one with the IPv6 addressing not as I don't know what tunnelbroker assigned to you. Logical is that .1 is on the "provider side" and .2 on the "client side", but you never know.
Regards,
Calin
02-02-2012 01:27 PM
hi Ronald,
be also aware to allow protocol 41 when you bind access list to the interface you are using for the tunnel. happened to me lately
cheers
phil
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide