05-25-2023 12:20 PM - edited 05-25-2023 01:08 PM
So this is what my network looks like,
ONR (huawei hg8240t5 router cannot be disabled) -> c921-4p -> switches etc. etc.'
If I connect directly to my ONR and try to browse IPv6 websites it works fine, I can even see my ipv6 address.
My ONR is already doing routing, here are my ipv4 and 6 dhcp settings.
DHCP settings ipv4 settings:
LAN Host IP Address: 192.168.1.254
Subnet Mask: 255.255.255.0
Start IP Address: 192.168.1.1
End IP Address: 192.168.1.253
ipv6 settings:
IPv6 address: fe80::1
Method of Obtaining Prefixes: WAN Agent
Parent Prefix:
Child Prefix Mask: ::/64
MTU: 1472
DNS Source on the LAN Side: DNS Agent
Enable Route Advertisement: Yes
Enable DHCPv6 Server: Yes
Resource Allocation Mode: Manual
Address/Prefix Assignment Mode: SLAAC
Other Information Assignment Mode: DHCPv6
ULA Mode: Disabled
Here are the settings for my c921-4p, I tried to do the ipv6, so port 4 is connected to my ONR and port 5 is connected to my pc for now. I get an Ipv6 address on my PC, but I am unable to access any ipv6 websites or see my global ipv6 address. Not sure what I am doing wrong here.
I also can't figure out where to add the quad9 dns servers. Any help here would be greatly appreciated! Thanks!!
ip dhcp pool DHCP-POOL
network 10.0.0.0 255.255.255.0
default-router 10.0.0.254
dns-server 9.9.9.9 149.112.112.112
!
no ip domain lookup
ip domain name cisco.com
ip name-server 9.9.9.9
ip name-server 149.112.112.112
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
!
interface GigabitEthernet4
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address dhcp
ipv6 enable
!
interface GigabitEthernet5
description LAN
ip address 10.0.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address 2001:DB:AAAA:A::1/64
ipv6 enable
!
05-25-2023 07:05 PM - edited 05-25-2023 07:05 PM
Hi @iewhf02i ,
Here are a few questions from reviewing your configuration:
1. Is 2001:DB:AAAA:1::1/64 really the address you are using on the interface facing the PC or did you just modify it to obfuscate the real address?
2. Can you do a "show ipv6 route" to check whether you have a default route or not pointing at the ONR.
3. Does the ONR have a static route to the prefix configured on the PC facing interface?
4. You can configure stateless DHCPv6 if you want to host to get the IPv6 DNS address automatically. This is not mandatory if the PC gets an IPv4 DNS address, as the IPv4 DNS will serve both A and AAAA request coming from the PC.
Regards,
05-26-2023 12:52 AM
1. I just picked a random address for that. I didn’t know what else to do.
2. #show ipv6 route
IPv6 Routing Table - default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2
IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
a - Application
S ::/0 [1/0]
via FE80::1, GigabitEthernet4
LC 2400:D803:2A3C:D307::2/128 [0/0]
via GigabitEthernet4, receive
L FF00::/8 [0/0]
via Null0, receive
3. The ONR can only set the default gateway and register some static ips using MAC addresses. All available ipv6 settings / options are pasted in the first part of my post above. Is there any way around this? Can I set the static route from the router to the ONR?
4. how do I configure a stateless one? Can I just set the router as a dhcp server to server ipv4 and ipv6 addresses locally, but also so they have the ability to browse ipv6 websites?
05-26-2023 05:39 AM
Hi @iewhf02i ,
1. You need to use a global unicast address that is routed to you by your service provider. One way around that would be to use NAT66 or NPTv6, but they are not supported on that platform.
2. This part looks good. You do have an IPv6 default route installed in the routing table.
3. If the ONR doesn't allow you to configure a static route towards the Cisco device, then the only option would be for the Cisco device to use NAT66 and use the external interface IPv6 address you get from DHCP to nat the internal traffic received from the PC towards the Internet. But as I mentioned, NAT66 is not supported on that platform as far as I am aware.
4. As I mentioned in my first post, this part is optional. Given you do not have IPv6 connectivity from the PC, configuring the PC to acquire an IPv6 DNS address via DHCPv6 does not serve any purpose at this point.
Regards,
05-26-2023 08:52 AM
@Harold Ritter So I checked there’s no nat6, so does this mean I won’t be able to get ipv6 local addresses or route ipv6? Locally or browse websites? I’m actually using a cbs350 switch below the router, can I somehow patch it together so I am able to?
05-26-2023 10:34 AM
Hi @iewhf02i ,
> Locally or browse websites?
Without Global Unicast Addresses (GUA) and without NAT66 you will definitely not be able to access the Internet. You might be able to access internal IPv6 websites, but this would still require the ONR to route to you locally assigned IPv6 prefix.
> I’m actually using a cbs350 switch below the router, can I somehow patch it together so I am able to?
Adding the CBS350 to the equation does not solve the issues I mentioned.
Regards,
05-26-2023 11:14 AM
My isp provides me with an ipv6 address. When you say I need a global uni cast address is that what you mean?
05-28-2023 02:32 PM
Hi @iewhf02i ,
Do they provide you with an IPv6 address for the WAN interface or an IPv6 prefix that you can use locally?
Regards,
05-28-2023 12:46 PM
So I tried some commands,
I did, ipv6 address autoconfig, followed by show ipv6 interface GigabitEthernet 4 (my wan port), this is the output
GigabitEthernet4 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::BA11:4BFF:FE47:9FB4
No Virtual link-local address(es):
Description: WAN
Stateless address autoconfig enabled
Global unicast address(es):
2400:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, subnet is 2400:xxxx:xxxx:xxxx::/64 [EUI/CAL/PRE]
FD16:xxxx:xxxx:xxxx:xxxx: xxxx: xxxx: xxxx, subnet is xxxx: xxxx: xxxx: xxxx::/64 [EUI/CAL/DEP]
valid lifetime 1298 preferred lifetime 0
Joined group address(es):
FF02::1
FF02::2
FF02::1: xxxx: xxxx
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: Common Flow Table Stile classification
Output features: Common Flow Table Stile Classification
ND DAD is enabled, number of DAD attempts: 1
The global unicast address is the ipv6 address given to me by my ISP on my ONR.
05-28-2023 02:35 PM
Hi @iewhf02i ,
This means you have IPv6 connectivity to the Internet from the c921. You would need some other prefix if you wanted to provide PCs connected to the c921 IPv6 connectivity to the Internet, as NAT66 is not supported on the c921.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide