So this is what my network looks like,
ONR (huawei hg8240t5 router cannot be disabled) -> c921-4p -> switches etc. etc.'
If I connect directly to my ONR and try to browse IPv6 websites it works fine, I can even see my ipv6 address.
My ONR is already doing routing, here are my ipv4 and 6 dhcp settings.
DHCP settings ipv4 settings: LAN Host IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 Start IP Address: 192.168.1.1 End IP Address: 192.168.1.253 ipv6 settings: IPv6 address: fe80::1 Method of Obtaining Prefixes: WAN Agent Parent Prefix: Child Prefix Mask: ::/64 MTU: 1472 DNS Source on the LAN Side: DNS Agent Enable Route Advertisement: Yes Enable DHCPv6 Server: Yes Resource Allocation Mode: Manual Address/Prefix Assignment Mode: SLAAC Other Information Assignment Mode: DHCPv6 ULA Mode: Disabled
Here are the settings for my c921-4p, I tried to do the ipv6, so port 4 is connected to my ONR and port 5 is connected to my pc for now. I get an Ipv6 address on my PC, but I am unable to access any ipv6 websites or see my global ipv6 address. Not sure what I am doing wrong here.
I also can't figure out where to add the quad9 dns servers. Any help here would be greatly appreciated! Thanks!!
ip dhcp pool DHCP-POOL network 10.0.0.0 255.255.255.0 default-router 10.0.0.254 dns-server 126.96.36.199 188.8.131.52 ! no ip domain lookup ip domain name cisco.com ip name-server 184.108.40.206 ip name-server 220.127.116.11 ip cef ipv6 unicast-routing ipv6 cef multilink bundle-name authenticated ! interface GigabitEthernet4 description WAN ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto ipv6 address dhcp ipv6 enable ! interface GigabitEthernet5 description LAN ip address 10.0.0.254 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ipv6 address 2001:DB:AAAA:A::1/64 ipv6 enable !
Hi @iewhf02i ,
Here are a few questions from reviewing your configuration:
1. Is 2001:DB:AAAA:1::1/64 really the address you are using on the interface facing the PC or did you just modify it to obfuscate the real address?
2. Can you do a "show ipv6 route" to check whether you have a default route or not pointing at the ONR.
3. Does the ONR have a static route to the prefix configured on the PC facing interface?
4. You can configure stateless DHCPv6 if you want to host to get the IPv6 DNS address automatically. This is not mandatory if the PC gets an IPv4 DNS address, as the IPv4 DNS will serve both A and AAAA request coming from the PC.
1. I just picked a random address for that. I didn’t know what else to do.
2. #show ipv6 route
IPv6 Routing Table - default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2
IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
a - Application
S ::/0 [1/0]
via FE80::1, GigabitEthernet4
LC 2400:D803:2A3C:D307::2/128 [0/0]
via GigabitEthernet4, receive
L FF00::/8 [0/0]
via Null0, receive
3. The ONR can only set the default gateway and register some static ips using MAC addresses. All available ipv6 settings / options are pasted in the first part of my post above. Is there any way around this? Can I set the static route from the router to the ONR?
4. how do I configure a stateless one? Can I just set the router as a dhcp server to server ipv4 and ipv6 addresses locally, but also so they have the ability to browse ipv6 websites?
Hi @iewhf02i ,
1. You need to use a global unicast address that is routed to you by your service provider. One way around that would be to use NAT66 or NPTv6, but they are not supported on that platform.
2. This part looks good. You do have an IPv6 default route installed in the routing table.
3. If the ONR doesn't allow you to configure a static route towards the Cisco device, then the only option would be for the Cisco device to use NAT66 and use the external interface IPv6 address you get from DHCP to nat the internal traffic received from the PC towards the Internet. But as I mentioned, NAT66 is not supported on that platform as far as I am aware.
4. As I mentioned in my first post, this part is optional. Given you do not have IPv6 connectivity from the PC, configuring the PC to acquire an IPv6 DNS address via DHCPv6 does not serve any purpose at this point.
Hi @iewhf02i ,
> Locally or browse websites?
Without Global Unicast Addresses (GUA) and without NAT66 you will definitely not be able to access the Internet. You might be able to access internal IPv6 websites, but this would still require the ONR to route to you locally assigned IPv6 prefix.
> I’m actually using a cbs350 switch below the router, can I somehow patch it together so I am able to?
Adding the CBS350 to the equation does not solve the issues I mentioned.
Hi @iewhf02i ,
Do they provide you with an IPv6 address for the WAN interface or an IPv6 prefix that you can use locally?
So I tried some commands,
I did, ipv6 address autoconfig, followed by show ipv6 interface GigabitEthernet 4 (my wan port), this is the output
GigabitEthernet4 is up, line protocol is up IPv6 is enabled, link-local address is FE80::BA11:4BFF:FE47:9FB4 No Virtual link-local address(es): Description: WAN Stateless address autoconfig enabled Global unicast address(es): 2400:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, subnet is 2400:xxxx:xxxx:xxxx::/64 [EUI/CAL/PRE] FD16:xxxx:xxxx:xxxx:xxxx: xxxx: xxxx: xxxx, subnet is xxxx: xxxx: xxxx: xxxx::/64 [EUI/CAL/DEP] valid lifetime 1298 preferred lifetime 0 Joined group address(es): FF02::1 FF02::2 FF02::1: xxxx: xxxx MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent Input features: Common Flow Table Stile classification Output features: Common Flow Table Stile Classification ND DAD is enabled, number of DAD attempts: 1
The global unicast address is the ipv6 address given to me by my ISP on my ONR.
Hi @iewhf02i ,
This means you have IPv6 connectivity to the Internet from the c921. You would need some other prefix if you wanted to provide PCs connected to the c921 IPv6 connectivity to the Internet, as NAT66 is not supported on the c921.