01-23-2020 02:03 PM - edited 07-05-2021 11:35 AM
Cisco 5520 / 8.5.140
Starting to roll out IPV6 testing on the WLC and I'm running in to trouble adding vlans with IPV6 interfaces to the controller.
I've added 1 dynamic interface (vlan 120) with a ipv6 address / 64 / and the link-local address of a router/DHCPv6/RA handling IPV6. This all works like it's supposed to. (xxxx:13e:xxxx:201::a /64)
Problem comes when trying to add a second dynamic interface for a different VLAN / additional /64 segment.
The IPv6 gateway cannot be the same, even though its the same router (trunked with multiple vlans) handling that VLAN / additional /64 segment of the network. (xxxx:13e:xxxx:501::a /64) The IPv6 gateway field will ONLY accept a link-local address, and it cannot be the same as another VLAN. No matter how many virtual interfaces, the link local address of the router is the same.
I'm an ipv6 noob, but what am I missing here?
Solved! Go to Solution.
01-24-2020 10:08 AM
Not using HSRP - but Thank you for responding to my posts!
I am using a (gasp!) pfsense router just inside the internet edge to keep the existing campus network configured the way it is, and offload/isolate public and guest wireless via IPV6. If this all works the way it's expected to, then we will eventually move other parts of our network over to using v6 and build out the core.
So nothing on the network core other than creating the public and guest vlans and allowing those vlans on the trunks for the WLC and isolated pfsense router. No ipv6 addressing on the core at all, except one private address on the WLC AP management VLAN and SVI. Since the IPV6 traffic is all tagged with the two respective IPV6 vlans (which have WLANS associated) , pfsense does the RA and DHCPv6, along with DNS resolution (using google's public DNS64) - handing off to NAT64 on the edge ASR if needed or straight out to the IPV6 internet.
Good News!
I found there is a way for the WLC to see an additional link-local addresses for the pfsense router. You just define it as an IP alias on the vlan interface of the router, and give it a link-local format. Looks so simple once you figure out that you can do it! Funny how there is very little info regarding it, or a use case example for the need.
Going through this endeavor has made me realize that IPV6 documentation (especially realworld examples) is really lacking. It been quite a journey so far...
01-24-2020 07:15 AM
01-24-2020 08:48 AM
They are different in the extent that they exist on the ipv6 router with interface id, which is trunked with vlan120 and vlan160
inet6 2720:14e:9001:200::3/64 LL fe80::230:48ff:fe8c:a0bb%em1.120 (vlan120)
inet6 2720:14e:9001:500::3/64 LL fe80::230:48ff:fe8c:a0bb%em1.160 (vlan160)
but the WLC only allows the address prior to % sign - it won't accept the full address - says improper format for link local if you try to include the interface designation.
01-24-2020 09:24 AM
01-24-2020 10:08 AM
Not using HSRP - but Thank you for responding to my posts!
I am using a (gasp!) pfsense router just inside the internet edge to keep the existing campus network configured the way it is, and offload/isolate public and guest wireless via IPV6. If this all works the way it's expected to, then we will eventually move other parts of our network over to using v6 and build out the core.
So nothing on the network core other than creating the public and guest vlans and allowing those vlans on the trunks for the WLC and isolated pfsense router. No ipv6 addressing on the core at all, except one private address on the WLC AP management VLAN and SVI. Since the IPV6 traffic is all tagged with the two respective IPV6 vlans (which have WLANS associated) , pfsense does the RA and DHCPv6, along with DNS resolution (using google's public DNS64) - handing off to NAT64 on the edge ASR if needed or straight out to the IPV6 internet.
Good News!
I found there is a way for the WLC to see an additional link-local addresses for the pfsense router. You just define it as an IP alias on the vlan interface of the router, and give it a link-local format. Looks so simple once you figure out that you can do it! Funny how there is very little info regarding it, or a use case example for the need.
Going through this endeavor has made me realize that IPV6 documentation (especially realworld examples) is really lacking. It been quite a journey so far...
01-24-2020 10:54 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide