cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1287
Views
0
Helpful
5
Replies

Catalyst 3020 & IPv6 routing

SchinkelA
Level 1
Level 1

I have a cisco catalyst 3020, and am in the process of attempting to set up IPv6 stateless DHCP.

The 3020 is configured as follows:
sdm prefer dual-ipv4-and-ipv6 vlan

g0/19 : switchport access vlan 2

g0/17 : switchport access vlan 13

g0/11 : switchport mode trunk

The other router (which I cannot access / configure), f0/15 is (based on a network diagram), configured to vlan 2, no inbound acl, outbound acl 141, a xxxx:xxxx:x:x:: /64 prefix, and configured for IPv6Stateless DHCP.


Sadly beyond this I'm already getting lost:

The intent is to configure g0/11 to have IPv4 off vlan 13, and IPv6 off vlan 2, and to use those vlans in managing networks within vCenter4.
If this is not possible, I would greatly appreciate the heads up.

As an alternative, would I be able to pass the vlan 2 from g0/19 to g0/11, and then configure things within a vmware distributed switch / virtual network configuration where I have more control?

Thank you for any insight,


-Aaron

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Aaron,

>> The intent is to configure g0/11 to have IPv4 off vlan 13, and IPv6 off vlan 2, and to use those vlans in managing networks within vCenter4.
If this is not possible, I would greatly appreciate the heads up.

you cannot merge vlans

g0/11 can be:

a L2 trunk carrying the two vlans you need, no IPv6 issues here you use the blade as a Layer2 switch

or it can be:

a routed interface with an IPv4 address and an IPv6 address, IPv4 routing and IPv6 routing enabled to provide connectivity to the two vlans and respective IPv4, IPv6 subnets

Hope to help

Giuseppe

Giuseppe that does sound right on target for what I need,

Would it be too much to ask for a link to an article or otherwise a explanation of what commands are used so I can start testing out these solutions myself? (Your high level explanation went a bit over my head)

Thank you very much.

-----
I understand my current configuration of g0/11 is a L2 trunk ('switchport mode trunk'). How would I go about ensuring the vmware end of things is configured so that the vms can accesss the IPv6 stateless DHCP configuration?

Hello Aaron,

>> I understand my current configuration of g0/11 is a L2 trunk  ('switchport mode trunk'). How would I go about ensuring the vmware end  of things is configured so that the vms can accesss the IPv6 stateless  DHCP configuration?

I'm not an expert of vmware, I can tell you what I see in our network

the vmware has to be configured with vlan tags that match those permitted on the lan switch port that is acting as L2 trunk.

on switch side:

int  g0/11

switchport

! this may be not supported if the blade supports only 802.1Q

switchport trunk enc dot1q

! this allows to specify the list of permitted vlans

switchport trunk allowed vlan 2,X,Y

switchport mode trunk

default native vlan is 1 if you need to change it the command is

switchport trunk native vlan vlan#

So if it is vlan2 the one where IPv6 is enabled the vmware instance using IPv6 has to be the owner of the object (let's call it a virtual NIC adapter) that uses vlan tag=2.


This should be enough because in this way the 3020 blade switch has to act only as L2 switch and doesn't care of upper layer protocols.

the two sides, vmware server and switch port have to agree on native vlan and list of permitted vlans.

looking at Cisco 3020 last configuration guide we can see that the use of the L2 trunk is your only option with your current SDM template:

The dual IPv4 and IPv6 VLAN template supports  basic Layer 2, multicast, QoS, and ACLs for IPv4, and basic Layer 2 and  ACLs for IPv6 on the switch.

The switch does not support IPv6 routing and QoS.  This release does support IPv6 host and IPv6 Multicast Listener  Discovery (MLD) snooping.

The dual IPv4 and IPv6 routing template supports  Layer 2, multicast, routing (including policy-based routing), QoS, and  ACLs for IPv4; and Layer 2, routing, and ACLs for IPv6 on the switch.

Note: this other SDM template would support IPv6 routing but no support of QoS for IPv6 traffic.

However, support of IPv6 routing is limited so I would use the L2 trunk solution

see

http://www.cisco.com/en/US/partner/docs/switches/blades/3020/software/release/12.2_52_se/configuration/guide/swsdm.html#wp1140080

Hope to help

Giuseppe

Again many thanks Guiseppe and your patience is very much appreciated.

>>int  g0/11

>>switchport

>>! this may be not supported if the blade supports only 802.1Q

>>switchport trunk enc dot1q

>>! this allows to specify the list of permitted vlans

>>switchport trunk allowed vlan 2,X,Y

>>switchport mode trunk

I can configure the allowed list of vlans on the interface, and as above, set it to vlan 2.  Is it a problem if the trunk is set to 'allow all'?

>>So if it is vlan2 the one where IPv6 is enabled the vmware instance using IPv6 has to be the owner of the object (let's call it a virtual NIC adapter) that uses vlan tag=2.

>>This should be enough because in this way the 3020 blade switch has to act only as L2 switch and doesn't care of upper layer protocols.

>>the two sides, vmware server and switch port have to agree on native vlan and list of permitted vlans.

In VMware, currently it is set up with a single hardware server (ESX4 node), with 'configuration>networking>virtual switch' set up port group with vlan id 2.
Which as I understand what you're saying, should be enough.

My virtual machines connected to the vSwitch with vlan id 2, they are still configuring themselfs with 2001:410:5:: sort of addresses, but the stateless DHCP is configured with FD3B:1300:3:0:: /64.

Or is this wholely a misunderstanding and that 2001:410:5:: is a perfectly reasonable expectation of IPv6 assignment in this situation

Of other note, 'show IPv6 ______' shows no entries for any command.

Hello Aaron,

IPv6 allows and usually expects multiple IPv6 addresses to be associated to a single NIC without the fix of secondary ip addresses.

There are different types of unicast IP addresses with different scopes:

link local : used only on a single link, no IPv4 equivalent they help the neighbor discovert process, duplicated address detection and so on.

ex site local now unique local addresses: these are not public but their scope can be company wide similar to RFC 1918 private ip addresses.

unique local addressing (ULA) in RFC 4193 (FC00::/7)

Aggregatable Global unicast addresses: these are true public addresses

in your case:

2001:410:5:: this is a public address tha probably the vmware box has in its config in some way.

FD3B:1300:3:0:: /64

I would say this is a unique local FD matches FC with a mask of 7 bits.

see

http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1334130

The server needs to see router advertisements in order for stateless autoconfiguration to work

You need an IPv6 router connected to vlan2 and sending ICMPv6 router advertisements where prefix FD3B:1300:3:0:: /64 is advertised as a on wire prefix that can be used.

All the messages involved in the process are L2 multicast packets (using a  different range of multicast L2 MAC addresses not the ones used by IPv4 that are under IGMP snooping control)

I would do the following:

to another port of the blade switch placed in vlan2 I would connect a laptop with ethereal or wireshark running to see if Router advertisements are received on the port

Hope to help

Giuseppe

Review Cisco Networking for a $25 gift card