I'm trying to draft an IPv6-based version of our location's current routing configuration in anticipation of when our ISP will finally roll it out, and address management has been giving me the biggest headache - ironic, considering IPv6 was supposed to simplify address allocation. My first config draft was made assuming that I would be getting a static /56 or /60 prefix from the ISP, and I was just going to insert the prefix into my DHCP pools and there would be no issues. That was before reading around and discovering that some ISPs are considering prefix delegation (PD) for both residential and business accounts instead of static blocks. Now I have questions about how to stick as close to the current IPv4 configuration as possible. For the PD scenario, what I am looking at now are two addresses ranges for each network - a ULA /120 space that I want to control using stateful DHCPv6, and the global space which can be /64 and auto-configured. That way there will be a "private" address space for internal routing in the event of a prefix change or an extended outage. But I'm not sure how the config should look for such a scenario. What I have drafted so far is this: ipv6 dhcp pool DHCP6_INTERNAL  address prefix FDAB::1:0/120  domain-name whatever.net  dns-server FDAB::1:1 ! ipv6 dhcp pool DHCP6_DMZ-WIFI  address prefix FDAB::2:0/120  domain-name guest.whatever.net  dns-server FDAB::2:1 ! interface GigabitEthernet0  description WAN-LINK  ipv6 enable  ipv6 address dhcp  no ipv6 unreachables  no ipv6 redirects  ipv6 flow ingress  ipv6 flow egress  ipv6 virtual-reassembly in  ipv6 nd autoconfig default-route  ipv6 dhcp client pd hint ::/56  ipv6 dhcp client pd ISP-PREFIX  zone-member security OUTSIDE  speed auto  duplex auto  no cdp enable ! interface FastEthernet8.1  description VLAN_1-INTERNAL  encapsulation dot1Q 1 native  ipv6 enable  ipv6 address FDAB::1:1/120  ipv6 address ISP-PREFIX ::1:0:0:0:1/64  ipv6 flow ingress  ipv6 flow egress  ipv6 virtual-reassembly in  zone-member security INSIDE  ip tcp adjust-mss 1300  ipv6 dhcp server DHCP6_INTERNAL  ipv6 nd managed-config-flag  ipv6 nd other-config-flag ! interface FastEthernet8.2  description VLAN_2-DMZ-WIFI  encapsulation dot1Q 2  ipv6 enable  ipv6 address FDAB::2:1/120  ipv6 address ISP-PREFIX ::2:0:0:0:1/64  ipv6 flow ingress  ipv6 flow egress  ipv6 virtual-reassembly in  zone-member security DMZ  ip tcp adjust-mss 1300  ipv6 dhcp server DHCP6_DMZ-WIFI  ipv6 nd managed-config-flag  ipv6 nd other-config-flag ! Will this config work? By which I mean: will the DHCPv6 servers provide ULA addresses, and will SLAAC work for global address allocation? If not, what needs to be changed? Also, another question. I found a few references to a prefix name (the "ISP-PREFIX") which can be used as part of a static IPv6 address on an interface, which is a good idea in case the prefix changes. But that brings up another concern - if the prefix changes, that will invalidate ACLs referencing the global addresses using the previous prefix. Is there anything similar to the prefix name string that can be used in ACLs to keep this from occurring? ... View more