Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
1
Replies

SG-300 as Layer 2 - can it distribute delegated /64 IPv6 addresses as a DHCPv6 server from Comcast?

chase.turner
Level 1
Level 1

‎07-28-2014 07:46 AM

#Objective

Configure SG-300 to dole out IPv6 addresses from a delegated /64 dynamic IPv6 address space.  Or to dole out delegated /64 IPv6 address spaces after acquiring a delegated /60 IPv6 space.

 

#CONCEPTUAL QUESTIONS 

- Can the SG-300 be configured as the DHCPv6 server to dole out /64 dynamic IPv6 addresses?  

- How do I interrogate the Comcast network to get the necessary configuration parameters (e.g., where the SG-300 is to go to request the delegated /64 dynamic IPv6 address space ?

 

#DETAIL

I have a small business account with Comcast that gives me 5 routable IPv4 addresses, and what looks to be a single IPv6 with a delegated /64 prefix.  All routable IPv4 and IPv6 addresses are dynamic, not static from Comcast .  The routable /64 IPv6 delegated address space from Comcast is currently 2601:2:5a80:2a3::

 

What follows is the topology to make clear the SG-300 is the gateway for each of the three attached firewalls (named by manufacturer) which are NATing all IPv4 devices connected behind them:

 

WAN <——> SB6120 <— Cisco SG-300 Layer2 Switch <—|—> company1.org 

                                                |-> company2.com

                                                |-> company3.com  

 

The SG-300 is configured for Layer 2 with a single VLAN.  Each of the physically connected firewalls are isolated via the "Protected" port setting on the SG-300.

 

At present, the IPv6 address is flowing through by default, but the first firewall to acquire the delegated /64 address space holds it -- to the exclusion of the other connected devices.  Thus, my goal is to move the request for the delegated /64 IPv6 address space back to the SG-300 and have it dole out the IPv6 assignments.  OR, to ask Comcast for a /60 delegated IPv6 address space by the SG-300 and thence, the SG-300 re-delegates individual /64 IPv6 address to the firewalls.

Labels:
0 Helpful
1 Reply 1

DJX995
Level 3
Level 3

‎07-30-2014 01:52 PM

You need a layer 3 device to delegate the prefix.

This is how I do it from Time Warner:

 

SonicWALL NSA - Perimeter Firewall/Router

WAN Interface: DHCPv6

 - At this point, my WAN interface is assigned a transient IPv6 address but I still want a block to assign as I choose so I continue on to PD.

WAN Interface: Prefix Delegation: Request "::/56" PD.

 - I am assigned a /56 prefix from their DHCPv6 server.

 - You may not be able to get a /56 but you can try different values here to see what your ISP will allow you.

 - /56 is the max Time Warner will allow me.

 - At this point I subnet the /56 PD into a bunch of /64 prefixes and create a map of what addresses I want on each VLAN.

 

LAN Interface: Add IPv6 address - Prefix Delegation pass through from WAN interface

LAN Interface: Request "::1:0:0:0:1/64" address (this is what I wanted my firewall to have)

 - You start with "::" so that it automatically takes the WAN PD and you just specify the local subnet bits.

 

Cisco 3750X - Core Switch

Create VLANs with addresses I determined earlier.

Create DHCPv6 scopes and assign them to the VLAN interfaces.

 

This is a very brief overview but I hope it gives you some ideas.

0 Helpful
Customers Also Viewed These Support Documents