cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3801
Views
0
Helpful
66
Replies

Cisco 1921 Router, Internet client acces works only with ipv4

macgyver1988
Level 1
Level 1

Hi,

theres an Cisco 1921er Router within an SEC Lic. My Provider does DUALSTACK on WAN (ipv4 and ipv6).

My Problem: Clients on GigabitEthernet0/1 can only via ipv4 on the Internet,by enable IPV6 it will not works

when disable ipv4 and actiate ipv6 on the client( e.g. like an MAC OS X PC) , then only google.de works....

maybe i may something wrong? Can someone help me please?


<code>

Cisco1921#show running-config
Building configuration...

Current configuration : 6950 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco1921
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 10
enable secret 5 $1$LhN7$kX2KVBkrnJKrKopjJiE/o/
!
no aaa new-model
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
!
!
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 192.168.50.170 192.168.50.254
ip dhcp excluded-address 192.168.50.1 192.168.50.153
!
ip dhcp pool Internal Network
 network 192.168.50.0 255.255.255.0
 domain-name soho.intern
 default-router 192.168.50.2
 dns-server 192.168.50.2
!
!
!
ip domain name soho.intern
ip name-server 212.18.0.5
ip name-server 212.18.3.5
ip name-server 2001:A60::53:1
ip name-server 2001:A60::53:2
ip inspect name Firewall udp
ip inspect name Firewall sip
ip inspect name Firewall rtsp
ip inspect name Firewall ftp
ip inspect name Firewall icmp
ip inspect name Firewall pptp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall pop3s
ip inspect name Firewall smtp
ip inspect name Firewall imaps
ip cef    
ipv6 unicast-routing
ipv6 dhcp pool NODE-DHCPV6
 dns-server 2001:A60::53:1
 dns-server 2001:A60::53:2
 domain-name soho.intern
!         
ipv6 inspect name inspectv6 tcp
ipv6 inspect name inspectv6 udp
ipv6 inspect name inspectv6 icmp
ipv6 inspect name inspectv6 ftp
ipv6 cef  
!         
multilink bundle-name authenticated
!         
cts logging verbose
!         
crypto pki trustpoint TP-self-signed-3541750139
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3541750139
 revocation-check none
 rsakeypair TP-self-signed-3541750139
!         
!         
crypto pki certificate chain TP-self-signed-3541750139
 certificate self-signed 01
  XXXXXXX
  6BCD837F 3B77ED7C E35EB8E4 506E08
        quit
license udi pid CISCO1921/K9 sn FXXXXX
!         
!         
username user4754 password 7 XXXXXXXXXX
!         
redundancy
!         
!         
!         
!         
!         
controller VDSL 0/1/0
 firmware filename flash:VA_A_39m_B_38u_24h.bin
!         
ip tcp synwait-time 5
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!         
interface GigabitEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!         
interface GigabitEthernet0/1
 description NETWORK INTERN
 ip address 192.168.50.2 255.255.255.0
 ip access-group 111 out
 ip accounting output-packets
 ip accounting access-violations
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 ipv6 address NODE-PD ::1:0:0:0:1/64
 ipv6 enable
 ipv6 nd other-config-flag
 ipv6 dhcp server NODE-DHCPV6 rapid-commit preference 1 allow-hint
 ipv6 verify unicast reverse-path
 ipv6 inspect inspectv6 out
 no mop enabled
!         
interface ATM0/1/0
 no ip address
 no atm ilmi-keepalive
!         
interface ATM0/1/0.1 point-to-point
 pvc 1/32
  bridge-dot1q encap 40
  pppoe-client dial-pool-number 1
 !        
!         
interface Ethernet0/1/0
 no ip address
 no ip route-cache
!         
interface Ethernet0/1/0.40
 encapsulation dot1Q 40
 no ip route-cache
 pppoe enable group global
 pppoe-client dial-pool-number 1
!         
interface GigabitEthernet0/0/0
 description NETWORK VOIP
 no ip address
!         
interface GigabitEthernet0/0/1
 no ip address
!         
interface GigabitEthernet0/0/2
 no ip address
!         
interface GigabitEthernet0/0/3
 no ip address
!         
interface Vlan1
 no ip address
!         
interface Dialer0
 description VDSL Einwahl Interface to ISP MNET
 mtu 1492
 ip address negotiated
 ip access-group 111 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 1800 inbound
 dialer-group 1
 ipv6 address NODE-PD ::FF:0:0:0:1/128
 ipv6 enable
 ipv6 mtu 1492
 ipv6 dhcp client pd NODE-PD rapid-commit
 ipv6 verify unicast reverse-path
 ipv6 inspect inspectv6 out
 ipv6 traffic-filter native-ipv6-Firewall in
 no keepalive
 ppp authentication pap chap callin
 ppp chap hostname XXXXXXXXX@mdsl.mnet-online.de
 ppp chap password 7 XXXXXXX
 ppp ipcp dns request
 ppp ipcp mask request
 ppp ipcp route default
 no cdp enable
!         
ip forward-protocol nd
!         
ip http server
ip http secure-server
!         
ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!         
dialer-list 1 protocol ip list 101
ipv6 route ::/0 Dialer0
!         
!         
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny   ip any any log
!         
ipv6 access-list native-ipv6-Firewall
 permit icmp any any
 permit udp 2001::/56 eq 547 2001::/56
 permit udp FE80::/10 eq 547 FE80::/10
 permit tcp 2001::/56 eq 547 2001::/56
 permit tcp any any established
 permit udp any any eq 546
 deny ipv6 any any
!         
control-plane
!         
!         
!         
line con 0
 logging synchronous
 login local
 transport preferred none
line aux 0
line 2    
 no activation-character
 no exec  
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password 7 XXXXXXXX
 login local
 transport preferred none
 transport input telnet ssh
!         
scheduler allocate 20000 1000
!         
end       

</code>

Annother Commands , maybe helpful?

<code>
Cisco1921#sh ipv6 int brief
Em0/0                  [administratively down/down]
    unassigned
GigabitEthernet0/0     [administratively down/down]
    unassigned
GigabitEthernet0/1     [up/up]
    FE80::669E:F3FF:FE57:B41
    2001:A61:20F8:C401::1
ATM0/1/0               [up/up]
    unassigned
ATM0/1/0.1             [up/up]
    unassigned
Ethernet0/1/0          [down/down]
    unassigned
Ethernet0/1/0.40       [down/down]
    unassigned
GigabitEthernet0/0/0   [down/down]
    unassigned
GigabitEthernet0/0/1   [down/down]
    unassigned
GigabitEthernet0/0/2   [down/down]
    unassigned
GigabitEthernet0/0/3   [down/down]
    unassigned
Dialer0                [up/up]
    FE80::669E:F3FF:FE57:B40
    2001:A61:20F8:C4FF::1
NVI0                   [up/up]
    unassigned
Virtual-Access1        [up/up]
    unassigned
Virtual-Access2        [up/up]
    FE80::669E:F3FF:FE57:B40
Vlan1                  [down/down]
    unassigned
</code>

This are my IPs from the DHCP on Cisco .....


IPV6:Addresse: 2001:a61:20f8:c401:aa20:66ff:fe52:4e84 Prefix 64
IPV6:Addresse: 2001:a61:20f8:78bd:3de2:4de2:aed5:1c82 Prefix 64
Router IPV6___:fe80::669e:f3ff:fe57:b41
DNS :dns-server 2001:A60::53:1 (from ISP)
DNS:dns-server dns-server 2001:A60::53:2 (from ISP)

by checking ipv6 on Clientbrowser like Firefox (howismyipv6.com),, i also may get the following ipv6:
2001:A61:20F8:C401:34DF:A000:EFF4:2015

some more Commands....


<code>
Cisco1921#show ipv6 int      
GigabitEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B41
  No Virtual link-local address(es):
  Description: NETWORK INTERN
  General-prefix in use for addressing
  Global unicast address(es):
    2001:A61:20F8:C401::1, subnet is 2001:A61:20F8:C401::/64 [CAL/PRE]
      valid lifetime 5731 preferred lifetime 2131
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:2
    FF02::1:FF00:1
    FF02::1:FF57:B41
    FF05::1:3
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification Common pak subblock Verify Unicast Reverse-Path
  Output features: Common Flow Table Stile Classification Firewall Inspection
 IPv6 verify source reachable-via rx, allow default
   17 verification drop(s) (process), 0 (CEF)
   0 suppressed verification drop(s) (process), 0 (CEF)
  Outbound Inspection Rule inspectv6
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.
  Hosts use DHCP to obtain other configuration.
Dialer0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B40
  No Virtual link-local address(es):
  Description: VDSL Einwahl Interface to ISP MNET
  General-prefix in use for addressing
  Global unicast address(es):
    2001:A61:20F8:C4FF::1, subnet is 2001:A61:20F8:C4FF::1/128 [CAL/PRE]
      valid lifetime 5731 preferred lifetime 2131
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:1
    FF02::1:FF57:B40
  MTU is 1492 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification Dialer i/f override Common pak subblock Access List Verify Unicast Reverse-Path
  Output features: Common Flow Table Stile Classification Firewall Inspection
  Inbound access list native-ipv6-Firewall
 IPv6 verify source reachable-via rx, allow default
   130 verification drop(s) (process), 0 (CEF)
   0 suppressed verification drop(s) (process), 0 (CEF)
  Outbound Inspection Rule inspectv6
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.
Virtual-Access2 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B40
  No Virtual link-local address(es):
  Description: VDSL Einwahl Interface to ISP MNET
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF57:B40
  MTU is 1492 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Dialer i/f override Common pak subblock
  Output features: Firewall Inspection Dialer idle reset
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.
</code>



<code>
Cisco1921#show ipv6 dhcp pool  
DHCPv6 pool: NODE-DHCPV6
  DNS server: 2001:A60::53:1
  DNS server: 2001:A60::53:2
  Domain name: soho.intern
  Active clients: 0
</code>

Hmm why is Active Clients:0??? theres only a Cisco connected to the WAN PORT (EHWIC.VA-DSL-B, and GigabitEthernet0/1 ) connected with my MACOSX....., so one Client..

should there also being one? but why ZERO=?????
NACHTRAG:
Some LOGS from Console.....

<code>
*Oct  3 09:53:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct  3 09:54:00: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct  3 09:54:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct  3 09:54:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z
*Oct  3 09:54:50: %IPV6_ROUTING-3-RIB: ipv6_is_addr_ours called for link-local address with wrong tableid -Process= "DNS Server", ipl= 0, pid= 433
-Traceback= 22B31DC4z 22B321B8z 22B35E70z 22B35FF8z 210329D0z 210329B4z

</code>




<code>
Cisco1921#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       a - Application
S   ::/0 [1/0]
     via Dialer0, directly connected
S   2001:A61:20F8:C400::/56 [1/0]
     via Null0, directly connected
C   2001:A61:20F8:C401::/64 [0/0]
     via GigabitEthernet0/1, directly connected
L   2001:A61:20F8:C401::1/128 [0/0]
     via GigabitEthernet0/1, receive
LC  2001:A61:20F8:C4FF::1/128 [0/0]
     via Dialer0, receive
L   FF00::/8 [0/0]
     via Null0, receive

</code>

Thanks

Regards brooks

66 Replies 66

macgyver1988
Level 1
Level 1

Hugh?

In a Cisco Forum and noone can Help ?????

Hello,

try the following command on the interface:

interface GigabitEthernet0/1

--> ipv6 address dhcp rapid-commit

Hi,

on your Command:

my interface show:

interface GigabitEthernet0/1
 description NETWORK INTERN
 ip address 192.168.50.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 ipv6 address dhcp rapid-commit
 ipv6 address MyLocals ::1/64
 ipv6 enable
 ipv6 nd other-config-flag
 ipv6 nd ra interval 30
 ipv6 nd ra dns server FD00:1234:5678::1
 ipv6 mld query-interval 60
 ipv6 verify unicast reverse-path
 ipv6 inspect inspectv6 out
 no mop enabled

with your command i wont also get an ipv6 address: (i also get my prefix from provider....)

Cisco1921#show ipv6 interface GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B41
  No Virtual link-local address(es):
  Description: NETWORK INTERN
  General-prefix in use for addressing
  Global unicast address(es):
    FD00:1234:5678::1, subnet is FD00:1234:5678::/64
    FD00:8765:4321::1, subnet is FD00:8765:4321::/64
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::D
    FF02::16
    FF02::1:FF00:1
    FF02::1:FF57:B41
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification Common pak subblock Verify Unicast Reverse-Path
  Output features: Common Flow Table Stile Classification Firewall Inspection MFIB Adjacency
 IPv6 verify source reachable-via rx, allow default
   39 verification drop(s) (process), 1236 (CEF)
   0 suppressed verification drop(s) (process), 0 (CEF)
  Outbound Inspection Rule inspectv6
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 30 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.
  Hosts use DHCP to obtain other configuration.

Any Idea?

i changed back to ipv6 address NODE-PD 0:0:0:1::/64 eui-64  , but with no ipv6dhcp server, interface is also in client mode.....

<code>
Cisco1921#traceroute
Protocol [ip]: trace
% Unknown protocol - "trace", type "trace ?" for help
Cisco1921#trace
Protocol [ip]: ipv6
Target IPv6 address: 2001:1BC0:AF::A1
Source address: 2001:A61:20CA:9001:669E:F3FF:FE57:B41
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Type escape sequence to abort.
Tracing the route to egun.de (2001:1BC0:AF::A1)

  1 2001:A60::89:703:1 40 msec 40 msec 36 msec
  2 2001:A60::69:0:2:2 32 msec 32 msec 32 msec
  3 decix1.eurotransit.net (2001:7F8::73F6:0:1) 32 msec 32 msec 32 msec
  4 egun.de (2001:1BC0:AF::A1) 32 msec 36 msec 32 msec

</code>

Traceroute on the MAC:
<code>
user4754s-iMac:~ user4754$ traceroute6 2001:1BC0:AF::A1
traceroute6 to 2001:1BC0:AF::A1 (2001:1bc0:af::a1) from 2001:a61:20ca:9001:75cc:ce8e:626c:6be8, 64 hops max, 12 byte packets
 1  2001:a61:20ca:9001:669e:f3ff:fe57:b41  0.567 ms  0.564 ms  0.380 ms
 2  2001:a60::89:703:1  38.675 ms  38.309 ms  37.633 ms
 3  2001:a60::69:0:2:2  32.745 ms  33.230 ms  32.949 ms
 4  decix1.eurotransit.net  33.260 ms  33.505 ms  32.706 ms
 5  egun.de  34.241 ms  33.892 ms  33.224 ms
</code>

another traceroute on the MAC:

<code>
user4754s-iMac:~ user4754$ traceroute6 wieistmeineip.de
traceroute6 to wieistmeineip.de (2a02:2e0:3fd::76) from 2001:a61:20ca:9001:75cc:ce8e:626c:6be8, 64 hops max, 12 byte packets
 1  2001:a61:20ca:9001:669e:f3ff:fe57:b41  0.604 ms  0.384 ms  0.396 ms
 2  2001:a60::89:703:1  58.118 ms  37.951 ms  40.609 ms
 3  2001:a60::69:0:2:2  33.466 ms  34.287 ms  33.216 ms
 4  * * *
 5  te1-3.c102.f.de.plusline.net  34.519 ms
    te7-2.c101.f.de.plusline.net  33.153 ms
    te1-3.c102.f.de.plusline.net  34.083 ms
 6  te6-1.c13.f.de.plusline.net  34.415 ms
    te6-2.c13.f.de.plusline.net  34.206 ms
    te6-1.c13.f.de.plusline.net  34.080 ms
 7  wieistmeineip.de  32.829 ms  33.790 ms  33.974 ms
</code>

one more test:
<code>
user4754s-iMac:~ user4754$ traceroute6 ipv6-test.com
traceroute6 to ipv6-test.com (2001:41d0:8:e8ad::1) from 2001:a61:20ca:9001:75cc:ce8e:626c:6be8, 64 hops max, 12 byte packets
 1  2001:a61:20ca:9001:669e:f3ff:fe57:b41  0.547 ms  0.385 ms  0.359 ms
 2  2001:a60::89:703:1  38.383 ms  36.922 ms  37.471 ms
 3  2001:a60::69:0:2:2  33.674 ms  33.756 ms  32.751 ms
 4  * * *
 5  * * *
 6  vl20.rbx-g1-a75.fr.eu  42.441 ms  41.522 ms  41.834 ms
 7  * * *
 8  ipv6-test.com  41.902 ms  41.127 ms  41.327 ms
</code>

there are some sides which are start beginning to load and after a few seconds there loading ...and loading....

another side:maybe egun.de will loaded successfully but when klick to symbol german...it wont start ....and no side at egun.de/market/index.php

Hello,

stupid question maybe, but the only setup I know of is to have two different routers as DHCP server and DHCP client for IPv6.

Can you try and configure your GigabitEthernet 0/1 with just these IPv6 commands:

interface GigabitEthernet0/1

 ipv6 address autoconfig

 ipv6 enable

Hello,

in addition to my previous post, check out these documents for different examples of IPv6 client configs:

http://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113141-DHCPv6-00.html

https://supportforums.cisco.com/document/116221/part-1-implementing-dhcpv6-stateful-dhcpv6

I Addition , i deleted some Commands....

Cisco1921#show ipv6 dhcp interface
Dialer0 is in client mode
  Prefix State is OPEN
  Renew will be sent in 00:07:41
  Address State is IDLE
  List of known servers:
    Reachable via address: FE80::12F3:11FF:FEA3:1F00
    DUID: 0003000110F311A31F00
    Preference: 0
    Configuration parameters:
      IA PD: IA ID 0x00130001, T1 1800, T2 2880
        Prefix: 2001:A61:20BE:8600::/56
                preferred lifetime 3600, valid lifetime 7200
                expires at Oct 08 2016 11:35 PM (5862 seconds)
      DNS server: 2001:A60::53:1
      DNS server: 2001:A60::53:2
      Information refresh time: 0
  Prefix name: NODE-PD
  Prefix Rapid-Commit: disabled
  Address Rapid-Commit: disabled
Cisco1921#show ipv6 interface GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B41
  No Virtual link-local address(es):
  Description: NETWORK INTERN
  General-prefix in use for addressing
  Global unicast address(es):
    2001:A61:20BE:8601::1, subnet is 2001:A61:20BE:8601::/64 [CAL/PRE]
      valid lifetime 5836 preferred lifetime 2236
    FD00:1234:5678::1, subnet is FD00:1234:5678::/64
    FD00:8765:4321::1, subnet is FD00:8765:4321::/64
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::D
    FF02::16
    FF02::1:FF00:1
    FF02::1:FF57:B41
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification Common pak subblock
  Output features: Common Flow Table Stile Classification Firewall Inspection MFIB Adjacency
  Outbound Inspection Rule inspectv6
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.
Cisco1921#

my running config so far now:

Cisco1921#show running-config
Building configuration...

Current configuration : 7097 bytes
!
! Last configuration change at 21:54:37 CEST Sat Oct 8 2016 by user4754
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco1921
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 10
enable secret 5 $1$LhN7$kX2KVBkrnJKrKopjJiE/o/
!
no aaa new-model
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 192.168.50.170 192.168.50.254
ip dhcp excluded-address 192.168.50.1 192.168.50.153
!
ip dhcp pool Internal Network
 network 192.168.50.0 255.255.255.0
 domain-name soho.intern
 default-router 192.168.50.2
 dns-server 192.168.50.2
!
!
!
ip domain name soho.intern
ip name-server 212.18.0.5
ip name-server 212.18.3.5
ip name-server 2001:A60::53:1
ip name-server 2001:A60::53:2
ip inspect name Firewall udp
ip inspect name Firewall sip
ip inspect name Firewall rtsp
ip inspect name Firewall ftp
ip inspect name Firewall icmp
ip inspect name Firewall pptp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall pop3s
ip inspect name Firewall smtp
ip inspect name Firewall imaps
ip cef    
ipv6 general-prefix MyLocals FD00:1234:5678::/48
ipv6 general-prefix MyLocals FD00:8765:4321::/48
ipv6 unicast-routing
ipv6 inspect name inspectv6 tcp
ipv6 inspect name inspectv6 udp
ipv6 inspect name inspectv6 icmp
ipv6 inspect name inspectv6 ftp
ipv6 multicast-routing
ipv6 cef  
ipv6 cef accounting prefix-length
!         
multilink bundle-name authenticated
!         
cts logging verbose
!         
crypto pki trustpoint TP-self-signed-3541750139
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3541750139
 revocation-check none
 rsakeypair TP-self-signed-3541750139
!         
!         
crypto pki certificate chain TP-self-signed-3541750139
 certificate self-signed 01
  XXXX
        quit
license udi pid CISCO1921/K9 sn XXXXX
!         
!         
username user4754 password XXXXX
!         
redundancy
!         
!         
!         
!         
!         
controller VDSL 0/1/0
 firmware filename flash:VA_A_39m_B_38u_24h.bin
!         
ip tcp synwait-time 5
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!         
interface GigabitEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!         
interface GigabitEthernet0/1
 description NETWORK INTERN
 ip address 192.168.50.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 ipv6 address MyLocals ::1/64
 ipv6 address NODE-PD ::1:0:0:0:1/64
 ipv6 enable
 ipv6 inspect inspectv6 out
 no mop enabled
!         
interface ATM0/1/0
 no ip address
 no atm ilmi-keepalive
!         
interface ATM0/1/0.1 point-to-point
 pvc 1/32
  bridge-dot1q encap 40
  pppoe-client dial-pool-number 1
 !        
!         
interface Ethernet0/1/0
 no ip address
 no ip route-cache
!         
interface Ethernet0/1/0.40
 encapsulation dot1Q 40
 no ip route-cache
 pppoe enable group global
 pppoe-client dial-pool-number 1
!         
interface GigabitEthernet0/0/0
 description NETWORK VOIP
 no ip address
!         
interface GigabitEthernet0/0/1
 no ip address
!         
interface GigabitEthernet0/0/2
 no ip address
!         
interface GigabitEthernet0/0/3
 no ip address
!         
interface Vlan1
 no ip address
!         
interface Dialer0
 description VDSL Einwahl Interface to ISP MNET
 mtu 1492
 ip address negotiated
 ip access-group 111 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 1800 inbound
 dialer-group 1
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 mtu 1492
 ipv6 dhcp client pd NODE-PD
 ipv6 verify unicast reverse-path
 ipv6 inspect inspectv6 out
 ipv6 traffic-filter native-ipv6-Firewall in
 ipv6 virtual-reassembly in
 no keepalive
 ppp authentication pap chap callin
 ppp chap hostname XXXXXX@mdsl.mnet-online.de
 ppp chap password XXXXX
 ppp ipcp dns request
 ppp ipcp mask request
 ppp ipcp route default
 no cdp enable
!         
ip forward-protocol nd
!         
ip http server
ip http secure-server
!         
ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!         
dialer-list 1 protocol ip list 101
ipv6 route ::/0 Dialer0
ipv6 local pool local-ipv6-pd-pool 2001:A61:31::/56 60
ipv6 router eigrp 12
!         
ipv6 router rip tag
!         
!         
!         
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny   ip any any log
!         
ipv6 access-list native-ipv6-Firewall
 permit icmp any any
 permit udp 2001::/56 eq 547 2001::/56
 permit udp FE80::/10 eq 547 FE80::/10
 permit tcp 2001::/56 eq 547 2001::/56
 permit tcp any any established
 permit udp any any eq 546
 sequence 80 permit tcp FD00::/56 eq 547 FD00::/56
 deny ipv6 any any
 permit tcp any any
 permit udp any any
!         
control-plane
!         
!         
!         
line con 0
 logging synchronous
 login local
 transport preferred none
line aux 0
line 2    
 no activation-character
 no exec  
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password XXXXX
 login local
 transport preferred none
 transport input telnet ssh
!         
scheduler allocate 20000 1000
!         
end       
          

it wont works

and on the client on my MAC which is connected to GigabitEthernet0/1, i have two 2001:...XXX.. IP Addresses, some FD00 Adresses,

Router adress is something which FE80..:XXX

But it DNS , theres only an ipv4 adresses 192.168.50.2 , but NO IPV6 Adress......

And yes, my ISP provides the DHCP Server....

maybe important:???

in show logging:

%IPV6_FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session 2001:A61:20BE:8601:6152:1E82:2410:3D3E:53581 to 2A02:26F0:12:197::90:80 [Initiator(flag 0,factor 5) Responder (flag 840083044, factor 244619520)]

Hello,

I hope this doesn't get too confusing...

I looked again at your original configuration. Is NODE-PD the name of the prefix delegation pool ? Try to add the following to your original config:

ipv6 dhcp pool NODE-DHCPV6

--> prefix-delegation pool NODE-PD lifetime 1800 60
 dns-server 2001:A60::53:1
 dns-server 2001:A60::53:2
 domain-name soho.intern

and under the interface config:

ipv6 dhcp client pd NODE-PD

yes NODE-PD is the prefix delegation pool name.

sure? you mean IPV6 DHCP client pd NODE-DHCPV6 and not Node-PD

heres my config :

Cisco1921#show running-config
Building configuration...

Current configuration : 7179 bytes
!
! Last configuration change at 23:21:55 CEST Sat Oct 8 2016 by user4754
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco1921
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 10
enable secret 5 XXXXX
!
no aaa new-model
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 192.168.50.170 192.168.50.254
ip dhcp excluded-address 192.168.50.1 192.168.50.153
!
ip dhcp pool Internal Network
 network 192.168.50.0 255.255.255.0
 domain-name soho.intern
 default-router 192.168.50.2
 dns-server 192.168.50.2
!
!
!
ip domain name soho.intern
ip name-server 212.18.0.5
ip name-server 212.18.3.5
ip name-server 2001:A60::53:1
ip name-server 2001:A60::53:2
ip inspect name Firewall udp
ip inspect name Firewall sip
ip inspect name Firewall rtsp
ip inspect name Firewall ftp
ip inspect name Firewall icmp
ip inspect name Firewall pptp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall pop3s
ip inspect name Firewall smtp
ip inspect name Firewall imaps
ip cef
ipv6 general-prefix MyLocals FD00:1234:5678::/48
ipv6 general-prefix MyLocals FD00:8765:4321::/48
ipv6 unicast-routing
ipv6 dhcp pool NODE-DHCPV6
 prefix-delegation pool NODE-PD lifetime 1800 60
 dns-server 2001:A60::53:1
 dns-server 2001:A60::53:2
 domain-name soho.intern
!
ipv6 inspect name inspectv6 tcp
ipv6 inspect name inspectv6 udp
ipv6 inspect name inspectv6 icmp
ipv6 inspect name inspectv6 ftp
ipv6 multicast-routing
ipv6 cef  
ipv6 cef accounting prefix-length
!         
multilink bundle-name authenticated
!         
cts logging verbose
!         
crypto pki trustpoint TP-self-signed-3541750139
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3541750139
 revocation-check none
 rsakeypair TP-self-signed-3541750139
!         
!         
crypto pki certificate chain TP-self-signed-3541750139
 certificate self-signed 01
 XXXXX
        quit
license udi pid CISCO1921/K9 sn XXXX
!         
!         
username user4754 password XXXXX
!         
redundancy
!         
!         
!         
!         
!         
controller VDSL 0/1/0
 firmware filename flash:VA_A_39m_B_38u_24h.bin
!         
ip tcp synwait-time 5
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!         
interface GigabitEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!         
interface GigabitEthernet0/1
 description NETWORK INTERN
 ip address 192.168.50.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 ipv6 address MyLocals ::1/64
 ipv6 address NODE-PD ::1/64
 ipv6 enable
 ipv6 dhcp client pd NODE-DHCPV6
 ipv6 inspect inspectv6 out
 no mop enabled
!         
interface ATM0/1/0
 no ip address
 no atm ilmi-keepalive
!         
interface ATM0/1/0.1 point-to-point
 pvc 1/32
  bridge-dot1q encap 40
  pppoe-client dial-pool-number 1
 !        
!         
interface Ethernet0/1/0
 no ip address
 no ip route-cache
!         
interface Ethernet0/1/0.40
 encapsulation dot1Q 40
 no ip route-cache
 pppoe enable group global
 pppoe-client dial-pool-number 1
!         
interface GigabitEthernet0/0/0
 description NETWORK VOIP
 no ip address
!         
interface GigabitEthernet0/0/1
 no ip address
!         
interface GigabitEthernet0/0/2
 no ip address
!         
interface GigabitEthernet0/0/3
 no ip address
!         
interface Vlan1
 no ip address
!         
interface Dialer0
 description VDSL Einwahl Interface to ISP MNET
 mtu 1492
 ip address negotiated
 ip access-group 111 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 1800 inbound
 dialer-group 1
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 mtu 1492
 ipv6 dhcp client pd NODE-PD
 ipv6 verify unicast reverse-path
 ipv6 inspect inspectv6 out
 ipv6 traffic-filter native-ipv6-Firewall in
 ipv6 virtual-reassembly in
 no keepalive
 ppp authentication pap chap callin
 ppp chap hostname XXXXX@mdsl.mnet-online.de
 ppp chap password XXXXXXX
 ppp ipcp dns request
 ppp ipcp mask request
 ppp ipcp route default
 no cdp enable
!         
ip forward-protocol nd
!         
ip http server
ip http secure-server
!         
ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!         
dialer-list 1 protocol ip list 101
ipv6 route ::/0 Dialer0
!         
!         
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny   ip any any log
!         
ipv6 access-list native-ipv6-Firewall
 permit icmp any any
 permit udp 2001::/56 eq 547 2001::/56
 permit udp FE80::/10 eq 547 FE80::/10
 permit tcp 2001::/56 eq 547 2001::/56
 permit tcp any any established
 permit udp any any eq 546
 sequence 80 permit tcp FD00::/56 eq 547 FD00::/56
 deny ipv6 any any
 permit tcp any any
 permit udp any any
!         
control-plane
!         
!         
!         
line con 0
 logging synchronous
 login local
 transport preferred none
line aux 0
line 2    
 no activation-character
 no exec  
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password XXXXX
 login local
 transport preferred none
 transport input telnet ssh
!         
scheduler allocate 20000 1000
!         
end       
          

this config wont works .

by the way, My Client does get no DNS Adress in IPV6.....?????

Shall i use

ipv6 nd ra dns server FD00:1234:5678::1

on GigabitEthernet0/1...

with them it wont works.....

Do you have another ideas?

Hello,

the interface facing your provider, Dialer0, should have this:

ipv6 address dhcp
ipv6 address autoconfig default
ipv6 enable
ipv6 dhcp client pd NODE-PD

The interfaces connected to your clients should have this:

ipv6 address NODE-PD ::1/64
ipv6 address autoconfig
ipv6 enable
ipv6 dhcp server NODE-DHCPV6

hi,

thanks for your answer.

So heres my config:

Cisco1921#show running-config
Building configuration...

Current configuration : 7173 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco1921
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 10
enable secret XXXX
!
no aaa new-model
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
ip dhcp binding cleanup interval 600
ip dhcp excluded-address 192.168.50.170 192.168.50.254
ip dhcp excluded-address 192.168.50.1 192.168.50.153
!
ip dhcp pool Internal Network
 network 192.168.50.0 255.255.255.0
 domain-name soho.intern
 default-router 192.168.50.2
 dns-server 192.168.50.2
!
!
!
ip domain name soho.intern
ip name-server 212.18.0.5
ip name-server 212.18.3.5
ip name-server 2001:A60::53:1
ip name-server 2001:A60::53:2
ip inspect name Firewall udp
ip inspect name Firewall sip
ip inspect name Firewall rtsp
ip inspect name Firewall ftp
ip inspect name Firewall icmp
ip inspect name Firewall pptp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall pop3s
ip inspect name Firewall smtp
ip inspect name Firewall imaps
ip cef
ipv6 general-prefix MyLocals FD00:1234:5678::/48
ipv6 general-prefix MyLocals FD00:8765:4321::/48
ipv6 unicast-routing
ipv6 dhcp pool NODE-DHCPV6
 prefix-delegation pool NODE-PD lifetime 1800 60
 dns-server 2001:A60::53:1
 dns-server 2001:A60::53:2
 domain-name soho.intern
!
ipv6 inspect name inspectv6 tcp
ipv6 inspect name inspectv6 udp
ipv6 inspect name inspectv6 icmp
ipv6 inspect name inspectv6 ftp
ipv6 multicast-routing
ipv6 cef
ipv6 cef accounting prefix-length
!
multilink bundle-name authenticated
!         
cts logging verbose
!         
crypto pki trustpoint TP-self-signed-3541750139
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3541750139
 revocation-check none
 rsakeypair TP-self-signed-3541750139
!         
!         
crypto pki certificate chain TP-self-signed-3541750139
 certificate self-signed 01
 XXXX
        quit
license udi pid CISCO1921/K9 sn XXXX
!         
!         
username user4754 password 7 XXXX
!         
redundancy
!         
!         
!         
!         
!         
controller VDSL 0/1/0
 firmware filename flash:VA_A_39m_B_38u_24h.bin
!         
ip tcp synwait-time 5
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!         
interface GigabitEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!         
interface GigabitEthernet0/1
 description NETWORK INTERN
 ip address 192.168.50.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 ipv6 address MyLocals ::1/64
 ipv6 address NODE-PD ::1/64
 ipv6 address autoconfig
 ipv6 enable
 ipv6 nd other-config-flag
 ipv6 dhcp server NODE-DHCPV6
 ipv6 inspect inspectv6 out
 no mop enabled
!         
interface ATM0/1/0
 no ip address
 no atm ilmi-keepalive
!         
interface ATM0/1/0.1 point-to-point
 pvc 1/32
  bridge-dot1q encap 40
  pppoe-client dial-pool-number 1
 !        
!         
interface Ethernet0/1/0
 no ip address
 no ip route-cache
!         
interface Ethernet0/1/0.40
 encapsulation dot1Q 40
 no ip route-cache
 pppoe enable group global
 pppoe-client dial-pool-number 1
!         
interface GigabitEthernet0/0/0
 description NETWORK VOIP
 no ip address
!         
interface GigabitEthernet0/0/1
 no ip address
!         
interface GigabitEthernet0/0/2
 no ip address
!         
interface GigabitEthernet0/0/3
 no ip address
!         
interface Vlan1
 no ip address
!         
interface Dialer0
 description VDSL Einwahl Interface to ISP MNET
 mtu 1492
 ip address negotiated
 ip access-group 111 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 1800 inbound
 dialer-group 1
 ipv6 address dhcp
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 mtu 1492
 ipv6 dhcp client pd NODE-PD
 ipv6 verify unicast reverse-path
 ipv6 inspect inspectv6 out
 ipv6 traffic-filter native-ipv6-Firewall in
 ipv6 virtual-reassembly in
 no keepalive
 ppp authentication pap chap callin
 ppp chap hostname XXXXX@mdsl.mnet-online.de
 ppp chap password XXX
 ppp ipcp dns request
 ppp ipcp mask request
 ppp ipcp route default
 no cdp enable
!         
ip forward-protocol nd
!         
ip http server
ip http secure-server
!         
ip dns server
no ip nat service sip udp port 5060
ip nat inside source list 101 interface Dialer0 overload
!         
dialer-list 1 protocol ip list 101
ipv6 route ::/0 Dialer0
!         
!         
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit udp any eq ntp any
access-list 111 permit gre any any
access-list 111 permit udp any eq bootps any
access-list 111 permit udp any any eq 546
access-list 111 permit udp any eq 5060 any
access-list 111 deny   ip any any log
!         
ipv6 access-list native-ipv6-Firewall
 permit icmp any any
 permit udp 2001::/56 eq 547 2001::/56
 permit udp FE80::/10 eq 547 FE80::/10
 permit tcp 2001::/56 eq 547 2001::/56
 permit tcp any any established
 permit udp any any eq 546
 sequence 80 permit tcp FD00::/56 eq 547 FD00::/56
 deny ipv6 any any
 permit tcp any any
 permit udp any any
!         
control-plane
!         
!         
!         
line con 0
 logging synchronous
 login local
 transport preferred none
line aux 0
line 2    
 no activation-character
 no exec  
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password XXXXX
 login local
 transport preferred none
 transport input telnet ssh
!         
scheduler allocate 20000 1000
!         
end       
  

on my mac os client, now i dont have a IPV6 Adress like 2001:XXX , now missing...only FD00 Adresses availbility.....

Routers IPV6 is now FE80...xXX

DNS is

dns-server 2001:A60::53:1
 dns-server 2001:A60::53:2

###############

Another Checkup for you, maybe important??

Cisco1921#show ipv6 int           
GigabitEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B41
  No Virtual link-local address(es):
  Description: NETWORK INTERN
  Stateless address autoconfig enabled
  General-prefix in use for addressing
  Global unicast address(es):
    2001:A61:20B8:1D00::1, subnet is 2001:A61:20B8:1D00::/64 [CAL/PRE]
      valid lifetime 6712 preferred lifetime 3112
    FD00:1234:5678::1, subnet is FD00:1234:5678::/64
    FD00:8765:4321::1, subnet is FD00:8765:4321::/64
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::D
    FF02::16
    FF02::1:2
    FF02::1:FF00:1
    FF02::1:FF57:B41
    FF05::1:3
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification Common pak subblock
  Output features: Common Flow Table Stile Classification Firewall Inspection MFIB Adjacency
  Outbound Inspection Rule inspectv6
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.
  Hosts use DHCP to obtain other configuration.
Dialer0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B40
  No Virtual link-local address(es):
  Description: VDSL Einwahl Interface to ISP MNET
  Stateless address autoconfig enabled
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::D
    FF02::16
    FF02::1:FF57:B40
  MTU is 1492 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common Flow Table Stile classification Dialer i/f override Common pak subblock Virtual fragment reassembly Access List Verify Unicast Reverse-Path
  Output features: Common Flow Table Stile Classification Firewall Inspection
  IPv6 VFR(in) Parameters:

  IPv6 configured max datagram reassembly cnt: 64
  IPv6 configured max fragments per datagram: 16
  IPv6 configured time to hold individual datagram: 3 seconds
  IPv6 configured drop fragment option: OFF


  Inbound access list native-ipv6-Firewall
 IPv6 verify source reachable-via rx, allow default
   4 verification drop(s) (process), 0 (CEF)
   0 suppressed verification drop(s) (process), 0 (CEF)
  Outbound Inspection Rule inspectv6
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.
Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B40
  No Virtual link-local address(es):
  Description: Pim Register Tunnel (Encap) for Embedded RP
  Interface is unnumbered. Using address of GigabitEthernet0/1
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF57:B40
  MTU is 1452 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Common pak subblock
  Output features: Firewall Inspection
  ND DAD is not supported
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.
Virtual-Access2 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::669E:F3FF:FE57:B40
  No Virtual link-local address(es):
  Description: VDSL Einwahl Interface to ISP MNET
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::D
    FF02::16
    FF02::1:FF57:B40
  MTU is 1492 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Dialer i/f override Common pak subblock
  Output features: Firewall Inspection Dialer idle reset
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.

As you can see, i am still also trying to FInd Help in another Forum:

its also in German, but maybe its helpful for you for finding my Error....

https://www.administrator.de/content/detail.php?id=311537&token=861#comment-1140266

At the Moment i still cant get an Ipv6 Address on the Dialer0 with DHCP....

Review Cisco Networking for a $25 gift card