Solved: Re: IPV6 addresses on Dynamic Interfaces

wherewolf · ‎01-23-2020

Cisco 5520 / 8.5.140

Starting to roll out IPV6 testing on the WLC and I'm running in to trouble adding vlans with IPV6 interfaces to the controller.

I've added 1 dynamic interface (vlan 120) with a ipv6 address / 64 / and the link-local address of a router/DHCPv6/RA handling IPV6. This all works like it's supposed to. (xxxx:13e:xxxx:201::a /64)

Problem comes when trying to add a second dynamic interface for a different VLAN / additional /64 segment.

The IPv6 gateway cannot be the same, even though its the same router (trunked with multiple vlans) handling that VLAN / additional /64 segment of the network. (xxxx:13e:xxxx:501::a /64) The IPv6 gateway field will ONLY accept a link-local address, and it cannot be the same as another VLAN. No matter how many virtual interfaces, the link local address of the router is the same.

I'm an ipv6 noob, but what am I missing here?

wherewolf · ‎01-24-2020

Not using HSRP - but Thank you for responding to my posts!

I am using a (gasp!) pfsense router just inside the internet edge to keep the existing campus network configured the way it is, and offload/isolate public and guest wireless via IPV6. If this all works the way it's expected to, then we will eventually move other parts of our network over to using v6 and build out the core.

So nothing on the network core other than creating the public and guest vlans and allowing those vlans on the trunks for the WLC and isolated pfsense router. No ipv6 addressing on the core at all, except one private address on the WLC AP management VLAN and SVI. Since the IPV6 traffic is all tagged with the two respective IPV6 vlans (which have WLANS associated) , pfsense does the RA and DHCPv6, along with DNS resolution (using google's public DNS64) - handing off to NAT64 on the edge ASR if needed or straight out to the IPV6 internet.

Good News!

I found there is a way for the WLC to see an additional link-local addresses for the pfsense router. You just define it as an IP alias on the vlan interface of the router, and give it a link-local format. Looks so simple once you figure out that you can do it! Funny how there is very little info regarding it, or a use case example for the need.

Going through this endeavor has made me realize that IPV6 documentation (especially realworld examples) is really lacking. It been quite a journey so far...

View solution in original post

patoberli · ‎01-24-2020

Don't you have a different link local address per VLAN interface on your gateway? Not sure about that, as I haven't yet IPv6 enabled here.

wherewolf · ‎01-24-2020

They are different in the extent that they exist on the ipv6 router with interface id, which is trunked with vlan120 and vlan160

inet6 2720:14e:9001:200::3/64 LL fe80::230:48ff:fe8c:a0bb%em1.120 (vlan120)

inet6 2720:14e:9001:500::3/64 LL fe80::230:48ff:fe8c:a0bb%em1.160 (vlan160)

but the WLC only allows the address prior to % sign - it won't accept the full address - says improper format for link local if you try to include the interface designation.

patoberli · ‎01-24-2020

Do you happen to use HSRP on the router?
I think you need to manually define the link-local address on the router vlan interfaces.
See here for more information about how to manually set one
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/xe-3s/ip6b-xe-3s-book/ip6-add-basic-conn-xe.html#GUID-A4643120-626D-415C-958F-2DA89105FDA9

wherewolf · ‎01-24-2020

Not using HSRP - but Thank you for responding to my posts!

I am using a (gasp!) pfsense router just inside the internet edge to keep the existing campus network configured the way it is, and offload/isolate public and guest wireless via IPV6. If this all works the way it's expected to, then we will eventually move other parts of our network over to using v6 and build out the core.

So nothing on the network core other than creating the public and guest vlans and allowing those vlans on the trunks for the WLC and isolated pfsense router. No ipv6 addressing on the core at all, except one private address on the WLC AP management VLAN and SVI. Since the IPV6 traffic is all tagged with the two respective IPV6 vlans (which have WLANS associated) , pfsense does the RA and DHCPv6, along with DNS resolution (using google's public DNS64) - handing off to NAT64 on the edge ASR if needed or straight out to the IPV6 internet.

Good News!

I found there is a way for the WLC to see an additional link-local addresses for the pfsense router. You just define it as an IP alias on the vlan interface of the router, and give it a link-local format. Looks so simple once you figure out that you can do it! Funny how there is very little info regarding it, or a use case example for the need.

Going through this endeavor has made me realize that IPV6 documentation (especially realworld examples) is really lacking. It been quite a journey so far...

patoberli · ‎01-24-2020

Ah great that you found a solution.
Btw. you might want to upgrade the wlc to more recent firmware. To 8.5.160.0 if you don't use Flexconnect or 8.5.151.0 if you use flex.