Intra-site Automatic Tunneling Addressing Protocol is an automatic tunneling mechanism which builds a tunnel for carrying IPv6 traffic over IPv4 within an IPv4 network.Like 6to4 tunnels, ISATAP uses the underlying IPv4 network as an NBMA link layer for IPv6 and determines the destination on
a per packet basis i.e. point-to-multipoint.It allows individual IPv4 or IPv6 dual-stack hosts within a site to communicate with other such hosts on the same virtual link, basically creating an IPv6 network using the IPv4 infrastructure.
The main difference between automatic 6to4 tunnels and ISATAP tunnels is that the automatic 6to4 is Inter-site tunnel that allows IPv6 traffic between different sites where as ISATAP as the name specifies is for Intra-site which can be used for transporting IPv6 packets within a site, but not between sites.Another aspect is the address prefix used in sites, 6to4 sites uses addresses from 2002::/16 prefix where as ISATAP tunneling sites can
use any IPv6 unicast address.
This document provides sample configuration of IPv6 ISATAP Tunneling in Cisco IOS routers.
When configuring ISATAP tunneling, there are 2 modes involved.
ISATAP router (it can be a router or server like Windows Server ) which has the IPv6 capabilities enabled and it advertise the network which
nodes can use to configure the IPv6 address when connected to the Ethernet interface.
ISATAP Client establishes a static tunnel to the server and requests for IPv6 address.Usually end hosts will be ISATAP clients such as
Windows PC with IPv6 enabled initiates the tunnel with ISATAP router.
The ISATAP router/server uses unicast addresses that include a 64-bit IPv6 prefix and a 64-bit interface identifier. The interface identifier is created in modified EUI-64 format in which the first 32 bits contain the value 000:5EFE to indicate that the address is an IPv6 ISATAP address.
In this document, the routers R1, R2 and R3 forms underlying IPv4 network using RIPv2. The router R1 is configured as ISATAP router with IPv6 capabilities enabled. In order to configure ISATAP client, IPv6 unicast routing can be disabled on the client router, so that it will behave as a
true client and install a default IPv6 static route.Loopback addresses are configured on the routers in order to generate networks.
While configuring ISATAP Tunnel, the tunnel source should be an interface configured with IPv4 address. The tunnel source command used in the configuration of an ISATAP tunnel must point to an interface with an IPv4 address configured.
TheIPv6 tunnel interface must be configured with a modified EUI-64 address because the last 32 bits in the interface identifier are formed using the IPv4 tunnel source address.
Note: All configuration is tested on Cisco 7200 Series Router running on IOS Version 15.0(1)M Advance IP Services Image.
To display the detailed information of the tunnel interface, use this command .
In router R1
R1#show ipv6 interface tunnel 1 Tunnel1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::5EFE:101:101 No Virtual link-local address(es): Global unicast address(es): 2001:DB8:AA10:10:0:5EFE:101:101, subnet is 2001:DB8:AA10:10::/64 [EUI] Joined group address(es): FF02::1 FF02::2 FF02::1:FF01:101 MTU is 1480 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is not supported ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses.
In the above output you can see that the IPv6 address is formed using eui-64 mechanism but in a modified format.The eui-64 prefix 2001:DB8:AA10:10 is followed by 0000:5EFE indicating that the address is an ISATAP address and then the next 32 bits are taken from IPv4
address of the source interface i.e. in our case its loopback interface 0 which has IPv4 address 18.104.22.168------->Converted to HEX forms---->101:101.
In router R3
R3#show ipv6 interface tunnel 1 Tunnel1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::AC10:6402 No Virtual link-local address(es): Stateless address autoconfig enabled Global unicast address(es): 2001:DB8:AA10:10::AC10:6402, subnet is 2001:DB8:AA10:10::/64 [EUI/CAL/PRE] valid lifetime 2591892 preferred lifetime 604692 Joined group address(es): FF02::1 FF02::1:FF10:6402 MTU is 1480 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) Default router is FE80::5EFE:101:101 on Tunnel1
The above output shows that the ISATAP client has received its IPv6 prefix from the ISATAP router which is 2001:DB8:AA10:10 and appended
its IPv4 address of the source interface G1/0 address 172.16.100.2---->Converted to HEX---->AC10:6402.
Also note that the default router is given as ISATAP router R1 by appending the ISATAP address identifier 0:5EFE with source interface Lo 0 address 22.214.171.124--->converted to HEX--->101:101 forming the default router address as FE80::5EFE:101:101
Show ipv6 route
To display routing table information
R3#show ipv6 route IPv6 Routing Table - default - 4 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary D - EIGRP, EX - EIGRP external, ND - Neighbor Discovery O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 S ::/0 [2/0] via FE80::5EFE:101:101, Tunnel1 C 2001:DB8:AA10:10::/64 [0/0] via Tunnel1, directly connected L 2001:DB8:AA10:10::AC10:6402/128 [0/0] via Tunnel1, receive L FF00::/8 [0/0] via Null0, receive
Note that we have disabled the IPv6 unicast routing in client router, the router has installed a static route pointing to Tunnel 1 i.e. towards
Now the ISATAP router should be able to ping the client i.e. router R3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AA10:10::AC10:6402, timeout is 2 seconds: !!!!!
Hi Team,I have Configured NAT64 on an ASR. It appears everything is working as required until the outgoing DNS64 Addressed IPv6 packets 'hit the NAT64 server (ASR)' on Int GE0/0/0. Int GE0/0/3.31211 is connected to the IPv6 only host. Keen to hear what th...
For the corp network, we have a velocloud router as the edge device connects to a branch office's velocloud router. Velocloud devices are managed by a 3rd part company which provided our internet connectivity. They work with ATT or Spectrum to provide us ...
Hi everyone, I am very new to Cisco Routing, so please don't mind if this is a trivial question: On my router, the interface gig0/0/1 is the WAN interface and gets an IP address via DHCP from my ISP. I have created a DHCP pool (192.168.1.0/24 wi...
Hi all, I have a new Cisco FirePower 1010 that I have configured for a small remote office. I have most of what I need working including the S2S VPN Tunnel to an ASA 5515.Now, I'm trying to get Cisco APs to lite up over the tunnel and I need to configure ...
Working on setting up a pair of 9300s to be 1 of the egress points for the network w/ a backup site at another location. Currently i have the other location using the default-information originate command w/ a metric of 5 and that works w/o any issu...