Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1013
Views
0
Helpful
1
Replies

Cisco 2901 Router NBN (VDSL2) Ipv6

Shawn Munster
Level 1
Level 1

‎12-14-2016 04:38 PM - edited ‎03-05-2019 07:40 AM

Hi

Can I get some help here with IPv6 configuration its not binding at all.

Thanks,

Shawn.

S   ::/0 [1/0]
     via Ethernet0/0/0, directly connected
C   2001:8000:1A43:9800::/56 [0/0]
     via Ethernet0/0/0, directly connected
L   2001:8000:1A43:9800:BE16:65FF:FE05:C6F8/128 [0/0]
     via Ethernet0/0/0, receive
L   FF00::/8 [0/0]
     via Null0, receive


Building configuration...

Current configuration : 16673 bytes
!
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone PCTime 10 0
!
!
!
!
!
!
no ip source-route
!
!
!
!
!
!
!
!
!
!


ip port-map user-protocol--8 port udp 3394
ip port-map user-protocol--9 port tcp 3396
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 3478
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 5062
ip port-map user-protocol--7 port tcp 3394
ip port-map user-protocol--4 port udp 3478
ip port-map user-protocol--5 port tcp 5062
ip port-map user-protocol--12 port udp 7547
ip port-map user-protocol--11 port tcp 7547
ip port-map user-protocol--10 port udp 3396
!
ip dhcp excluded-address 192.168.1.1 192.168.1.49
!
ip dhcp pool DHCP_POOL
 import all
 network 192.168.1.0 255.255.255.0
 dns-server 139.130.4.4 203.50.2.71
 default-router 192.168.1.1
!
!
!
no ip bootp server
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip name-server 2001:8000:101::1
ip name-server 2001:8000:101::2
ip cef
ipv6 unicast-routing
ipv6 dhcp pool NODE-DHCPV6
 dns-server 2001:8000:101::1
 dns-server 2001:8000:101::2
!
ipv6 inspect name STD6 udp
ipv6 inspect name STD6 ftp
ipv6 inspect name STD6 icmp
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
crypto pki trustpoint TP-self-signed-1982477479
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1982477479
 revocation-check none
 rsakeypair TP-self-signed-1982477479
!
!
license udi pid CISCO2901/K9 sn
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
username name privilege 15 secret 5
!
redundancy
!
!
!
!
!
controller VDSL 0/0/0
 operating mode vdsl2
 firmware filename flash:VA_A_39t_B_35j_24m.bin
 sra
no cdp run
!
ip tcp synwait-time 10
!
class-map type inspect match-any SDM_BOOTPC
 match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-nat-user-protocol--7-1
 match access-group 103
 match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--4-2
 match access-group 105
 match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--6-1
 match access-group 102
 match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
 match access-group 102
 match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
 match access-group 102
 match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--7-2
 match access-group 104
 match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--3-1
 match access-group 102
 match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
 match access-group 101
 match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-1
 match access-group 101
 match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--3-2
 match access-group 105
 match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--8-2
 match access-group 104
 match protocol user-protocol--8
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--9-1
 match access-group 103
 match protocol user-protocol--9
class-map type inspect match-all sdm-nat-user-protocol--8-1
 match access-group 103
 match protocol user-protocol--8
class-map type inspect match-any sdm-cls-bootps
 match protocol bootps
class-map type inspect match-any ccp-h323nxg-inspect
 match protocol h323-nxg
class-map type inspect match-all sdm-nat-sip-tls-1
 match access-group 102
 match protocol sip-tls
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-nat-sip-tls-2
 match access-group 105
 match protocol sip-tls
class-map type inspect match-all sdm-nat-user-protocol--12-1
 match access-group 102
 match protocol user-protocol--12
class-map type inspect match-all sdm-nat-user-protocol--11-2
 match access-group 105
 match protocol user-protocol--11
class-map type inspect match-all sdm-nat-user-protocol--10-1
 match access-group 103
 match protocol user-protocol--10
class-map type inspect match-all sdm-nat-user-protocol--11-1
 match access-group 102
 match protocol user-protocol--11
class-map type inspect match-all sdm-nat-user-protocol--12-2
 match access-group 105
 match protocol user-protocol--12
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
 match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol pptp
 match protocol dns
 match protocol ftp
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all SDM_GRE
 match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect match-all sdm-nat-sip-2
 match access-group 105
 match protocol sip
class-map type inspect match-all sdm-nat-sip-1
 match access-group 102
 match protocol sip
class-map type inspect match-all ccp-protocol-http
 match protocol http
class-map type inspect match-any SDM_DHCP_CLIENT_PT
 match class-map SDM_BOOTPC
class-map type inspect match-any CCP_PPTP
 match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
!
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class type inspect ccp-sip-inspect
  inspect
 class type inspect ccp-h323-inspect
  inspect
 class type inspect ccp-h323annexe-inspect
  inspect
 class type inspect ccp-h225ras-inspect
  inspect
 class type inspect ccp-h323nxg-inspect
  inspect
 class type inspect ccp-skinny-inspect
  inspect
 class class-default
  drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class type inspect sdm-nat-user-protocol--2-1
  inspect
 class type inspect CCP_PPTP
  pass
 class type inspect sdm-nat-sip-1
  inspect
 class type inspect sdm-nat-user-protocol--3-1
  inspect
 class type inspect sdm-nat-user-protocol--4-1
  inspect
 class type inspect sdm-nat-sip-tls-1
  inspect
 class type inspect sdm-nat-user-protocol--5-1
  inspect
 class type inspect sdm-nat-user-protocol--6-1
  inspect
 class type inspect sdm-nat-user-protocol--7-1
  inspect
 class type inspect sdm-nat-user-protocol--8-1
  inspect
 class type inspect sdm-nat-user-protocol--7-2
  inspect
 class type inspect sdm-nat-user-protocol--8-2
  inspect
 class type inspect sdm-nat-user-protocol--9-1
  inspect
 class type inspect sdm-nat-user-protocol--10-1
  inspect
 class type inspect sdm-nat-user-protocol--11-1
  inspect
 class type inspect sdm-nat-user-protocol--12-1
  inspect
 class type inspect sdm-nat-sip-2
  inspect
 class type inspect sdm-nat-user-protocol--3-2
  inspect
 class type inspect sdm-nat-user-protocol--4-2
  inspect
 class type inspect sdm-nat-user-protocol--11-2
  inspect
 class type inspect sdm-nat-user-protocol--12-2
  inspect
 class type inspect sdm-nat-sip-tls-2
  inspect
 class class-default
  drop log
policy-map type inspect ccp-permit
 class type inspect SDM_DHCP_CLIENT_PT
  pass
 class class-default
  drop
policy-map type inspect ccp-permit-icmpreply
 class type inspect sdm-cls-bootps
  pass
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
!
!
!
!
!
!
!
!
!
!
interface Null0
 no ip unreachables
!
interface Embedded-Service-Engine0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 duplex auto
 speed auto
 ipv6 address NODE-PD ::1/64
 ipv6 enable
 ipv6 nd other-config-flag
 ipv6 dhcp server NODE-DHCPV6 rapid-commit
 ipv6 verify unicast reverse-path
 ipv6 inspect STD6 out
 ipv6 traffic-filter DENY-ACL6 out
 no mop enabled
!
interface GigabitEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface ATM0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0/0/0
 description $FW_OUTSIDE$$ETH-WAN$
 ip address dhcp client-id Ethernet0/0/0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 ipv6 address 2001:8000:1A43:9800::/56 eui-64
 ipv6 address NODE-PD ::FF:0:0:0:1/128
 ipv6 enable
 ipv6 dhcp client pd NODE-PD rapid-commit
 ipv6 verify unicast reverse-path
 ipv6 inspect STD6 out
 ipv6 traffic-filter INTERNET-IN-ACL6 in
 no mop enabled
!
interface GigabitEthernet0/3/0
 no ip address
!
interface GigabitEthernet0/3/1
 no ip address
!
interface GigabitEthernet0/3/2
 no ip address
!
interface GigabitEthernet0/3/3
 no ip address
!
interface GigabitEthernet0/3/4
 no ip address
!
interface GigabitEthernet0/3/5
 no ip address
!
interface GigabitEthernet0/3/6
 no ip address
!
interface GigabitEthernet0/3/7
 no ip address
!
interface Vlan1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
!
!
ip forward-protocol nd
!
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
!
no ip ftp passive
ip nat portmap VOICE
 cisco-rtp-sip-low
 cisco-rtp-skinny-low
ip nat inside source list 1 interface Ethernet0/0/0 overload
ip nat inside source static tcp 192.168.1.35 3391 interface Ethernet0/0/0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Ethernet0/0/0 3391
ip nat inside source static tcp 192.168.1.29 5060 interface Ethernet0/0/0 5060
ip nat inside source static udp 192.168.1.29 5060 interface Ethernet0/0/0 5060
ip nat inside source static tcp 192.168.1.29 3478 interface Ethernet0/0/0 3478
ip nat inside source static udp 192.168.1.29 3478 interface Ethernet0/0/0 3478
ip nat inside source list 110 interface Ethernet0/0/0 overload portmap VOICE
ip nat inside source static tcp 192.168.1.5 3394 interface Ethernet0/0/0 3394
ip nat inside source static udp 192.168.1.5 3394 interface Ethernet0/0/0 3394
ip nat inside source static tcp 192.168.1.10 3396 interface Ethernet0/0/0 3396
ip nat inside source static udp 192.168.1.10 3396 interface Ethernet0/0/0 3396
ip nat inside source static tcp 192.168.1.29 7547 interface Ethernet0/0/0 7547
ip nat inside source static udp 192.168.1.29 7547 interface Ethernet0/0/0 7547
ip nat inside source static tcp 192.168.1.29 5061 interface Ethernet0/0/0 5061
ip nat inside source static udp 192.168.1.29 5061 interface Ethernet0/0/0 5061
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended SDM_BOOTPC
 remark CCP_ACL Category=0
 permit udp any any eq bootpc
ip access-list extended SDM_GRE
 remark CCP_ACL Category=1
 permit gre any any
!
logging trap debugging
ipv6 route ::/0 Ethernet0/0/0
!
!
access-list 1 remark INSIDE_IF=lan
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny   any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any any
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.10
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.5
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip any host 192.168.1.29
access-list 110 permit udp any any range 16384 16482
access-list 110 permit tcp any any range 16384 16482
access-list 110 permit udp any any range 35000 45000
access-list 110 permit tcp any any range 35000 45000
access-list 111 permit tcp any any eq 7547
!
!
!
ipv6 access-list DENY-ACL6
 permit icmp any any
 permit tcp any any established
 deny ipv6 any any
!
ipv6 access-list INTERNET-IN-ACL6
 permit icmp any any
 permit tcp any any established
 permit udp any any eq 546
 deny ipv6 any any
!
control-plane
!
!
banner login ^CE-Rescue Systems^C
!
line con 0
 transport output telnet
line aux 0
 transport output telnet
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 20000 1000
event manager applet MONITOR-IPV6-DHCP-APP
 event syslog pattern "ETHERNET-BIND"
 action 1.0 cli command "enable"
 action 1.1 cli command "clear ipv6 dhcp client ethernet 0/0/0"
 action 2.0 syslog priority debugging msg "Refreshed IPv6 DHCP PD lease"
!
end

Labels:
0 Helpful
1 Reply 1

Glenn Martin
Cisco Employee
Cisco Employee

‎04-17-2017 04:14 PM

Moving this to the correct community: Network Infrastructure>WAN

0 Helpful
Customers Also Viewed These Support Documents