Solved: Re: How to set-up DHCPv6 or Stateless RA on CBS350 switch

Jan Kolecek · ‎08-30-2023

Hello, Cisco community,

I have bought my first Cisco device - the CBS350 switch.

I am almost done with the configuration. The last thing is IPv6. I have a /48 prefix from HE routed to switch over the pfSense router.

VLAN1 (fd00::/64) is used for interconnection between the router and the switch (router IP fd00::1, switch IP fd00::2).

I have three additional VLANs: VLAN 10 (xxxx:xxxx:xxxx:10::/64), VLAN 20 (xxxx:xxxx:xxxx:20::/64), and VLAN 98 (xxxx:xxxx:xxxx:98::/64). For each VLAN I have added an IPv6 address xxxx:xxxx:xxxx:yy::1 (yy is 10 or 20 or 98) IPv6 routing seems to be working as I tried to ping the mentioned addresses from the different IPv6 subnet on the router. I have added the prefixes for each VLAN.

The current state is that clients connected to the switch are able to get a correct prefix and set a random interface ID itself. The only problem is they do not have a default gateway and DNS IP address. If possible I would like to set the switch to act like a "DNS relay" so the IP address of the DNS provided to clients will be the same as the default gateway. DNS queries will be then redirected to the real DNS server set internally on the switch. Is it possible to do that? Compared to IPv4, the configuration of the IPv6 is quite confusing for me on this switch. I am using mainly GUI. I do not have a console cable, so I am using SSH if using CLI is needed.

Small off-topic question:

I was not able to set up a "DNS relay" for IPv4, so as a workaround, I specified the DNS IP address in DHCP server settings and this IP is being distributed to clients by DHCP. Is it possible to pass the same IP address of the DNS as the default gateway IP address and set the switch to pass DNS queries from the clients to the DNS server internally set on the switch? When I tried to manually set a client to use switch SVI a DNS server, DNS did not work on that client.

Thank you very much for your help. Really appreciate it.

Regards,

Jan

Harold Ritter · ‎09-01-2023

Hi @Jan Kolecek ,

> I would like to know whether there is the possibility of providing IPv6 clients with an IPv6 DNS server (DNS server with IPv6 address) using RA.

It might be possible, but I am not sure how you would configure it with the CBS350.

> What if I wanted to run an IPv6 network only? I know, non-sense these days but still I want to know, where to configure this.

You would need to configure NAT64/DNS64 to accomplish IPv6 only. Not sure this is supported on the CBS350.

Anyhow, it looks like you are in good shape now and able to access the IPv6 Internet from the clients. Let us know if you have more questions.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

KJK99 · ‎08-30-2023

I do not use IPv6 so I can’t help you with that. As for the IPv4 DNS issue, the switch cannot act as a “DNS Relay.” You can configure a DNS client on the switch, but that’s for the switch itself, not for devices connected to it. However, if you configure the switch’s DNS client, the DNS servers which you specify there will appear in the DNS server selection list of the DHCP pool configuration. Unfortunately, the DHCP pool GUI configuration allows you to specify only one DNS server. That’s very limiting. I have two local DNS servers on my network. Well, actually more the one DNS server can be specified, but you need to use CLI to do that and it will not be shown in the GUI. It will be also lost if you try to make any modification there. Of course, you can also specify your router as the DNS server. pfSense not only can act as a DNS relay, but it also comes with a DNS server.

Kris K

Jan Kolecek · ‎08-30-2023

@KJK99 ,

For IPv4, I did that trick you mentioned. DHCP assigns the IP address of the router interface as a DNS server for the clients connected to the switch. It is not what I wanted, but it works. The IPv6 on the switch is my current pain. Hopefully, someone will know the solution.

Regards,

Jan

Harold Ritter · ‎08-30-2023

Hi @Jan Kolecek ,

> The only problem is they do not have a default gateway and DNS IP address.

The GW is set according to the device sending the router advertisement (RA). If your clients get the prefix from the RA, they should also get the proper GW information. To verify that, you can ping from a client on subnet 10 to xxxx:xxxx:xxxx:20::1 or better to 2001:4860:4860::8888 (Google public DNS server).

As far as the DNS IP address is concerned, since the clients already receive a DNS IPv4 address via DHCP, there is nothing you need to do there and both A and AAAA will be resolved via the configured IPv4 DNS.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Jan Kolecek · ‎09-01-2023

Hello @Harold Ritter,

thank you for your reply. I am sorry for the late reply as I had another priority yesterday and had no time to play with the switch.

I also apologize for mystifying you. I originally wrote that clients connected to the switch are not provided with a default IPv6 gateway. Actually, they are, but (unexpectedly for me) with the link-local IPv6 address of the switch. I have experience that Windows is set to assign itself a random link-local IPv6 address. On the default IPv6 gateway on the client, I saw also a link-local address and I considered that address as a random address assigned by Windows.

After reading your post I realized that that "random" IPv6 gateway on the client is the IPv6 address of the switch. So default gateway is OK. I have successfully tried ping to Google IPv6 DNS server. So I verified that IPv6 routing on the switch is working, the default route on the switch is working, and also the router itself is properly configured as on the router I had to add IPv6 static routes to my three VLANs on the switch.

Yes, you are right that the DNS server assigned by the IPv4 DHCP server can resolve both A and AAAA DNS records, but still, I would like to know whether there is the possibility of providing IPv6 clients with an IPv6 DNS server (DNS server with IPv6 address) using RA. What if I wanted to run an IPv6 network only? I know, non-sense these days but still I want to know, where to configure this.

For DHCPv4 I just discovered there are settable "DHCP options" for DHCP pools I have already defined, so I am about to try this way, but still, I would prefer to do this using RA.

Regards,

Jan

Harold Ritter · ‎09-01-2023

Hi @Jan Kolecek ,

> I would like to know whether there is the possibility of providing IPv6 clients with an IPv6 DNS server (DNS server with IPv6 address) using RA.

It might be possible, but I am not sure how you would configure it with the CBS350.

> What if I wanted to run an IPv6 network only? I know, non-sense these days but still I want to know, where to configure this.

You would need to configure NAT64/DNS64 to accomplish IPv6 only. Not sure this is supported on the CBS350.

Anyhow, it looks like you are in good shape now and able to access the IPv6 Internet from the clients. Let us know if you have more questions.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Jan Kolecek · ‎09-01-2023

Hello @Harold Ritter,

thank you for your help. I will try whether there is a way to assign an IPv6 DNS server using DHCPv4 and also wait for other responses from the community.

I forgot to add screen captures of my configuration in my last post, so others might check it and propose improvements in configuration if needed. This is my first Cisco switch and I did such a configuration for the first time, so there might be some imperfections that could be improved.

Regards,

Jan