12-01-2016 01:19 AM - edited 03-08-2019 08:23 AM
Hi,
THIS IS PART 2, Because the olds too long
this is my running-config ....
but theres one problem:
by adding on GigabitEthernet0/1
ipv6 traffic-filter WAN_OUTSIDE_INv6 in
----------------------------
i wont get any DHCP Adresses on my lan Interfaces on the mac clients....
but when typing manuell those adresses to the clients....all seems working fine...
what i made wrong?But i also geht on cisco and on mac clients ipv6 addresses
This is my running_config:
Cisco1921#show running-config
Building configuration...
Current configuration : 7746 bytes
!
! Last configuration change at 09:58:05 CET Thu Dec 1 2016 by user4754
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco1921
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 10
enable secret 5 XXXXX
!
no aaa new-model
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 192.168.50.170 192.168.50.254
ip dhcp excluded-address 192.168.50.1 192.168.50.153
!
ip dhcp pool Internal Network
network 192.168.50.0 255.255.255.0
domain-name soho.intern
default-router 192.168.50.2
dns-server 192.168.50.2
!
!
!
ip domain name soho.intern
ip name-server 212.18.0.5
ip name-server 212.18.3.5
ip name-server 2001:A60::53:1
ip name-server 2001:A60::53:2
ip inspect name Firewall udp
ip inspect name Firewall sip
ip inspect name Firewall rtsp
ip inspect name Firewall ftp
ip inspect name Firewall icmp
ip inspect name Firewall pptp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall pop3s
ip inspect name Firewall smtp
ip inspect name Firewall imaps
ip cef
ipv6 general-prefix MyLocals FD00:1234:5678::/48
ipv6 general-prefix MyLocals FD00:8765:4321::/48
ipv6 unicast-routing
ipv6 dhcp pool NODE-DHCPV6
prefix-delegation pool NODE-PD lifetime 1800 60
dns-server 2001:A60::53:1
dns-server 2001:A60::53:2
domain-name soho.intern
!
ipv6 inspect name inspectv6 udp
ipv6 inspect name inspectv6 ftp
ipv6 inspect name inspectv6 icmp
ipv6 inspect name inspectv6 tcp
ipv6 multicast-routing
ipv6 cef
ipv6 cef accounting per-prefix
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-XXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXX
revocation-check none
rsakeypair TP-self-signed-XXX
!
!
crypto pki certificate chain TP-self-signed-XXXX
certificate self-signed 01
XXXXXXX
quit
license udi pid CISCO1921/K9 sn FXXXX
!
!
username user4754 password 7 XXXXX
!
redundancy
!
!
!
!
!
controller VDSL 0/1/0
firmware filename flash:VA_A_39m_B_38u_24h.bin
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
description NETWORK INTERN
ip address 192.168.50.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
ipv6 address MyLocals ::1/64
ipv6 address NODE-PD ::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server NODE-DHCPV6
ipv6 inspect inspectv6 out
ipv6 traffic-filter WAN_OUTSIDE_INv6 in
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
pvc 1/32
bridge-dot1q encap 40
pppoe-client dial-pool-number 1
!
!
interface Ethernet0/1/0
no ip address
no ip route-cache
!
interface Ethernet0/1/0.40
encapsulation dot1Q 40
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/0
description NETWORK VOIP
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
interface Dialer0
description VDSL Einwahl Interface to ISP MNET
mtu 1492
ip address negotiated
ip access-group 111 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect Firewall out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 1800 inbound
dialer-group 1
ipv6 address FE80::179:1 link-local
ipv6 address NODE-PD ::FF:0:0:0:1/128
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1492
no ipv6 redirects
no ipv6 unreachables
ipv6 dhcp client pd NODE-PD rapid-commit
ipv6 verify unicast reverse-path
ipv6 inspect inspectv6 out
ipv6 traffic-filter WAN_OUTSIDE_INv6 in
ipv6 traffic-filter WAN_INSIDE_OUTv6 out
ipv6 virtual-reassembly in
no keepalive
ppp authentication pap chap callin
ppp chap hostname XXXXXX@mdsl.mnet-online.de
ppp chap password 7 XXXXX
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!
dialer-list 1 protocol ipv6 permit
ipv6 route ::/0 Dialer0
!
!
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny ip any any log
!
ipv6 access-list BLOCKv6
deny ipv6 any any log-input
!
ipv6 access-list WAN_INSIDE_OUTv6
sequence 5 permit ipv6 host 2001:A60::53:1 any
sequence 6 permit ipv6 host 2001:A60::53:2 any
sequence 10 permit icmp any any
permit tcp any any
permit udp any any
sequence 100 deny ipv6 any any log-input
!
ipv6 access-list WAN_OUTSIDE_INv6
sequence 5 permit ipv6 host 2001:A60::53:1 any
sequence 6 permit ipv6 host 2001:A60::53:2 any
sequence 10 permit icmp any any nd-na
sequence 11 permit icmp any any nd-ns
sequence 12 permit udp any any eq 546
sequence 20 permit icmp any any
sequence 40 permit tcp any any established
sequence 100 deny ipv6 any any log-input
!
control-plane
!
!
!
line con 0
logging synchronous
login local
transport preferred none
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 XXXXXX
ipv6 access-class BLOCKv6 in
login local
transport preferred none
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Cisco1921#
And this is my LOG:
And this is my Log:
Cisco1921#ena6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50260) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D6B8(80), 4 packets
*Dec 1 10:06:47: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56237) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:06:48: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50261) (Gigab
Cisco1921#enaitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D6B9(80), 4 packets
*Dec 1 10:06:48: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(58969) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:06:48: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50262) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D7B9(80), 4 packets
*Dec 1 10:06:48: %IPV6_ACL-6-AC
Cisco1921#enaCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(64617) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50263) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D6BB(80), 4 packets
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54898) (GigabitEthernet
Cisco1921#ena0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50264) (GigabitEthernet0/1 a820.6652.4e84) -> 2400:CB00:2048:1::C629:D7B8(80), 4 packets
*Dec 1 10:06:50: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56237) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
Cisco1921#ena
*Dec 1 10:06:53: %SEC-6-IPACCESSLOGP: list 111 denied tcp 79.115.63.130(11820) -> 188.174.64.53(23), 1 packet
Cisco1921#ena
*Dec 1 10:07:30: %SEC-6-IPACCESSLOGP: list 111 denied tcp 222.102.242.30(51452) -> 188.174.64.53(23), 1 packet
Cisco1921#ena
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54299) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(52718) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(625
Cisco1921#ena49) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(55158) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50910) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN
Cisco1921#ena_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57859) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56658) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:51: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57465) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60:
Cisco1921#ena:53:1(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54299) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(52718) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A
Cisco1921#ena:909A:4044:64A9(62549) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(55158) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50910) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-A
Cisco1921#enaCCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57859) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(56658) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(64010) (GigabitEthernet0/1 a820.6652
Cisco1921#ena.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(58969) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(63260) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001
Cisco1921#ena:A61:3135:D500:DD3A:909A:4044:64A9(64617) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:07:54: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(57465) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:2(53), 1 packet
*Dec 1 10:07:57: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied udp 2001:A61:3135:D500:DD3A:909A:4044:64A9(54898) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:A60::53:1(53), 1 packet
*Dec 1 10:0
Cisco1921#ena7:57: %IPV6_ACL-6-ACCESSLOGP: list WAN_OUTSIDE_INv6/100 denied tcp 2001:A61:3135:D500:DD3A:909A:4044:64A9(50287) (GigabitEthernet0/1 a820.6652.4e84) -> 2001:1BC0:AF::A1(80), 1 packet
12-01-2016 01:24 AM
Am i also get a IPV6 address on the clients but i dont get ipv6 addresses for DNS , thats missing with DHCP..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide