cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
633
Views
0
Helpful
9
Replies

Unable to access ipv6 websites

iewhf02i
Beginner
Beginner

So this is what my network looks like,

ONR (huawei hg8240t5 router cannot be disabled) ->  c921-4p -> switches etc. etc.'

If I connect directly to my ONR and try to browse IPv6 websites it works fine, I can even see my ipv6 address.

My ONR is already doing routing, here are my ipv4 and 6 dhcp settings.

 

DHCP settings ipv4 settings:

LAN Host IP Address: 192.168.1.254
Subnet Mask: 255.255.255.0
Start IP Address: 192.168.1.1
End IP Address: 192.168.1.253

ipv6 settings:

IPv6 address: fe80::1

Method of Obtaining Prefixes: WAN Agent
Parent Prefix:
Child Prefix Mask: ::/64
MTU: 1472

DNS Source on the LAN Side: DNS Agent

Enable Route Advertisement: Yes
Enable DHCPv6 Server:  Yes
Resource Allocation Mode: Manual
Address/Prefix Assignment Mode: SLAAC
Other Information Assignment Mode: DHCPv6

ULA Mode: Disabled

 

Here are the settings for my c921-4p, I tried to do the ipv6, so port 4 is connected to my ONR and port 5 is connected to my pc for now. I get an Ipv6 address on my PC, but I am unable to access any ipv6 websites or see my global ipv6 address. Not sure what I am doing wrong here.

I also can't figure out where to add the quad9 dns servers. Any help here would be greatly appreciated! Thanks!!

 

ip dhcp pool DHCP-POOL
 network 10.0.0.0 255.255.255.0
 default-router 10.0.0.254
 dns-server 9.9.9.9 149.112.112.112
!
no ip domain lookup
ip domain name cisco.com
ip name-server 9.9.9.9
ip name-server 149.112.112.112
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
!
interface GigabitEthernet4
 description WAN
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 ipv6 address dhcp
 ipv6 enable
!
interface GigabitEthernet5
 description LAN
 ip address 10.0.0.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
 ipv6 address 2001:DB:AAAA:A::1/64
 ipv6 enable
!

 

9 Replies 9

Harold Ritter
Cisco Employee
Cisco Employee

Hi @iewhf02i ,

Here are a few questions from reviewing your configuration:

1. Is 2001:DB:AAAA:1::1/64 really the address you are using on the interface facing the PC or did you just modify it to obfuscate the real address?

2. Can you do a "show ipv6 route" to check whether you have a default route or not pointing at the ONR.

3. Does the ONR have a static route to the prefix configured on the PC facing interface?

4. You can configure stateless DHCPv6 if you want to host to get the IPv6 DNS address automatically. This is not mandatory if the PC gets an IPv4 DNS address, as the IPv4 DNS will serve both A and AAAA request coming from the PC.

Regards, 

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi @Harold Ritter 

1. I just picked a random address for that. I didn’t know what else to do.

2. #show ipv6 route
IPv6 Routing Table - default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2
IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
a - Application
S ::/0 [1/0]
via FE80::1, GigabitEthernet4
LC 2400:D803:2A3C:D307::2/128 [0/0]
via GigabitEthernet4, receive
L FF00::/8 [0/0]
via Null0, receive

3. The ONR can only set the default gateway and register some static ips using MAC addresses. All available ipv6 settings / options are pasted in the first part of my post above. Is there any way around this? Can I set the static route from the router to the ONR? 

4. how do I configure a stateless one? Can I just set the router as a dhcp server to server ipv4 and ipv6 addresses locally, but also so they have the ability to browse ipv6 websites?

Hi @iewhf02i ,

1. You need to use a global unicast address that is routed to you by your service provider. One way around that would be to use NAT66 or NPTv6, but they are not supported on that platform.

2. This part looks good. You do have an IPv6 default route installed in the routing table.

3. If the ONR doesn't allow you to configure a static route towards the Cisco device, then the only option would be for the Cisco device to use NAT66 and use the external interface IPv6 address you get from DHCP to nat the internal traffic received from the PC towards the Internet. But as I mentioned, NAT66 is not supported on that platform as far as I am aware.

4. As I mentioned in my first post, this part is optional. Given you do not have IPv6 connectivity from the PC, configuring the PC to acquire an IPv6 DNS address via DHCPv6 does not serve any purpose at this point.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

iewhf02i
Beginner
Beginner

@Harold Ritter So I checked there’s no nat6, so does this mean I won’t be able to get ipv6 local addresses or route ipv6? Locally or browse websites? I’m actually using a cbs350 switch below the router, can I somehow patch it together so I am able to?

Hi @iewhf02i ,

> Locally or browse websites?

Without Global Unicast Addresses (GUA) and without NAT66 you will definitely not be able to access the Internet. You might be able to access internal IPv6 websites, but this would still require the ONR to route to you locally assigned IPv6 prefix.

I’m actually using a cbs350 switch below the router, can I somehow patch it together so I am able to?

Adding the CBS350 to the equation does not solve the issues I mentioned.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

My isp provides me with an ipv6 address. When you say I need a global uni cast address is that what you mean?

Hi @iewhf02i , 

Do they provide you with an IPv6 address for the WAN interface or an IPv6 prefix that you can use locally?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

So I tried some commands, 

I did, ipv6 address autoconfig, followed by show ipv6 interface GigabitEthernet 4 (my wan port), this is the output

GigabitEthernet4 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::BA11:4BFF:FE47:9FB4 
  No Virtual link-local address(es):
  Description: WAN
  Stateless address autoconfig enabled
  Global unicast address(es):
    2400:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, subnet is 2400:xxxx:xxxx:xxxx::/64 [EUI/CAL/PRE]
    FD16:xxxx:xxxx:xxxx:xxxx: xxxx: xxxx: xxxx, subnet is xxxx: xxxx: xxxx: xxxx::/64 [EUI/CAL/DEP]
      valid lifetime 1298 preferred lifetime 0
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1: xxxx: xxxx
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification
  Output features: Common Flow Table Stile Classification
  ND DAD is enabled, number of DAD attempts: 1


The global unicast address is the ipv6 address given to me by my ISP on my ONR.

Hi @iewhf02i ,

This means you have IPv6 connectivity to the Internet from the c921. You would need some other prefix if you wanted to provide PCs connected to the c921 IPv6 connectivity to the Internet, as NAT66 is not supported on the c921.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers