cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1437
Views
0
Helpful
8
Replies

WAP4410N, FW V2.0.7.4 and IPv6

Michal Bruncko
Level 4
Level 4

Hello guys,

I have troubles with getting IPv6 working on those devices. I have 7 pieces of them, but it is not working on any of them. What is the problem:

- I am using IPv6 as additional stack to existing IPv4 stack

- the IPv6 connectivity within (management) subnet is working fine - I am able to ping/telnet connect to other device within same subnet - no problem here

- the problem is that no any AP is able to respond to ping from different subnet behind IPv6 capable router

- I have other devices in management subnet (like some SG-300 switches) and there are no such problems for them - the intervlan routing is working as expected

Configuration is pretty simple

example AP:

- IPv6: 2001:a:b:c::14

- IPv6 prefix length: 64

- IPv6 gateway: 2001:a:b:c::1/64

- IPv6 DNS server: 2001:a:b:d::55

router:

- management interface IPv6: 2001:a:b:c::1/64

- other interface IPv6: 2001:a:b:d::1/64

Behavior:

- I can ping AP from router using: ping6 2001:a:b:c::14

- I can ping AP from any other device within same IPv6 subnet

- I can't ping AP from router with specifying different source IP using: ping6 -I 2001:a:b:d::1 2001:a:b:c::14

- I can't ping AP from any other device outside of AP (management) IPv6 subnet

From the packet captures I can see, that once router wanted to send ICMPv6 echo request originated from different IPv6 subnet, it will send neighbor solicitation for 2001:a:b:c::14. AP correctly responds using neighbor advertisement with it's MAC address back to router. Afterthat router is sending ICMPv6 Echo request outside the network interface. But the AP will never ask (using neighbor solicitation) for the MAC address of configured IPv6 default gateway (2001:a:b:c::1/64). And also AP will never respond to this echo request.

The problem here is also that this cannot be troubleshooted from AP point of view - the only Web GUI diagnostic tool is PING which is only IPv4 capable. Also the command line in AP is IPv4 only as well. I have no idea how to display IPv6 routing table or IPv6 neighbor table.

Is there something that I am missing to get this work? Is there any chance to view IPv6 routing table using command line? Can someone help me with this issue?

thank you

michal

8 Replies 8

Michal Bruncko
Level 4
Level 4

I found that ping6 is available using command line interface. Now my suspicion was confirmed: the communication is behaving like there was no IPv6 default gateway defined in AP:

once I tried to ping IPv6 DNS server using: "ping6 2001:a:b:d::55" I can see the AP is asking using neighbor solicitation DIRECTLY for MAC address of this pinged device which seems not be correct. It should request the MAC address for all devices outside of local subnet.

Please can someone else confirm same behavior?

Ok, the only possible way to check IPv6 routing table is using "cat /proc/net/ipv6_route". As I can see from the output there is no default route present even if it is defined in GUI. But the host routes related to IPv6 address are here. is this bug please?

Again, last one: after manuall adding of IPv6 default route using "route -A inet6 add ::/0 gw 2001:a:b:c::1" the internetwork communication FINALLY started to work.

For me this is definitely a bug - system is not able to apply defined IPv6 default gateway. My "workaround" is in place till next reboot of AP which is not sufficient at all.

Michal Bruncko
Level 4
Level 4

Additional question: why there is necessarry to define prefix length within default gateway? What is the purpose of this requirement? I never met similar requirement on other IPv6 capable devices. For defining of network size there is standalone field "IPv6 prefix length" which should be sufficient.

Michal Bruncko
Level 4
Level 4

Again with one-man replies show...

this issue is here for long time -  for me it is included in all public firmware versions beggining 2.0.3.3 (lowest firmware that I have tried) to the current latest version.

the only possibility to have internetwork IPv6 routing working is to have a router advertisement daemon available on router device within subnet with AP's. All AP's will then set the IPv6 default gateway according info from received router advertisements.

Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center. Thank you for using the Cisco Community Post Forums.

Sorry for the late response. Are you configuring the WAP4410N with a static configuration or automatic? If you used static did you check the Accept Router Advertisement check box?

Thanks

Eric Moyers    .:|:.:|:.

Cisco Small Business US STAC Advanced Support Engineer

Wireless Subject Matter Expert

CCNA, CCNA-Wireless

*Please rate the Post so other will know when an answer has been found.

Hello Eric,

thanks for response. that mentioned checkbox "Accept Router Advertisement" is visible in automatic configuration section only. And yes, if I switch to "Automatic Configuration" it is checked. But I am using "Static IP Address" and there is no checkbox.

If choose "Automatic Configuration", uncheck "Accept Router Advertisement", move back to "Static IP Address" and click "Save" followed by manual reboot, then:

- "Accept Router Advertisement" remains unchecked in "Automatic Configuration"

- I still have remote IPv6 access to AP, but not using my manually defined IPv6 gateway, but still using route from route advertisements -> this has been checked using "cat /proc/net/ipv6_route" - there is no any route which includes my defined IPv6 gateway. just default route toward link-local address.

I performed another test - I have disabled IPv6 router advertising daemon for management network, with results:

- no IPv6 connectivity to AP from remote IPv6 subnet

- BUT I can see some new IPv6 route inside the ipv6 route table that I have not seen before:

# route -A inet6

Kernel IPv6 routing table

Destination                                 Next Hop                                Flags Metric Ref    Use Iface

::1/128                                     ::                                      U     0      0        2 lo

2001:a:b:c::1/128                   2001:a:b:c::1                   UC    0      4       20 br998  <<<<<<<<<<<<<<<<<<<

2001:a:b:c::11/128                  ::        U     0      157       2 lo

2001:a:b:c::/64                     ::        U     1      0        0 br998

2001:a:b:c::/64                     ::        U     256    0        0 br998

fe80::c67d:4fff:fe88:b340/128       ::        U     0      0        2 lo

fe80::c67d:4fff:fe88:b340/128       ::        U     0      0        2 lo

fe80::c67d:4fff:fe88:b340/128       ::        U     0      0        2 lo

fe80::c67d:4fff:fe88:b340/128       ::        U     0      0        2 lo

fe80::c67d:4fff:fe88:b340/128       ::        U     0      0        2 lo

fe80::c67d:4fff:fe88:b340/128       ::        U     0      0        2 lo

...

And that route make no sense to me. There is firstly used my-defined IPv6 gateway address, but here it is pointing to itself. (number 998 is just related to used management VLAN number 998). And I think it should look like this:

*/0                   2001:a:b:c::1                   UG    0      4       20 br998

Hi Eric

what you think about results? Is this correct behavior?

thanks

michal