04-03-2017 07:15 AM - edited 07-05-2021 06:47 AM
Hello,
Looking at "Web-Auth with Pure IPv6 Client" of this document (http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/IPV6_DG.html#pgfId-77275), I remarked something strange: [::ffff:192.0.2.1] is an address transported by the IPv4 stack. IPv6 only clients (without IPv4 stack) are unable to route it since there is nothing in their ipv4 routing table. For me, the address should be [::ffff:0:0:192.0.2.1], but wism2 controller considers it as a foreign address and creates a redirection loop...
Any hints?
Thanks.
04-05-2017 02:47 AM
[::ffff:0:0:192.0.2.1] is not going to work ,the redirection to the CP will be set to the address [::ffff:192.0.2.1] which is embedded with the virtual IP .
In case you see this an issue raise a tac case with appropriate RFC which states it will not work in a pure IPV6 stack implementation.
04-05-2017 04:08 AM
It is really very simple to test using tcpdump... Packets for [::ffff:192.0.2.1] are sent into ipv4 packets with 192.0.2.1 as destination address...
Check: http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding-2.htm ; and you will see that theses addresses are not made for ipv6 traffic.
But you are right, [::ffff:0:0:192.0.2.1] is not the right solution. There are IPv4-Compatible IPv6 Addresses ("deprecated because the current IPv6 transition mechanisms no longer use these addresses" [RFC 4291]), that seem to be useful for Cisco web portal mechanism in the form [::192.0.2.1]. But, of course controller redirects them as it does for [::ffff:0:0:192.0.2.1].
04-05-2017 10:39 PM
Raise a tac case the default assignment of the IPV6 address for the system for virtual IP is defined under dtl0 interface
(Cisco Controller) >show system interfaces
dtl0 Link encap:Ethernet HWaddr A4:93:4C:B0:75:6F
inet addr:2.2.2.2 Bcast:2.2.2.2 Mask:255.255.255.255
inet6 addr: ::ffff:2.2.2.2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1430 Metric:1
RX packets:361504371 errors:0 dropped:157 overruns:0 frame:0
TX packets:152016892 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:107192721133 (99.8 GiB) TX bytes:36451502969 (33.9 GiB)
04-06-2017 06:07 AM
OK, thanks.
By the way, on my controller I have:
dtl0 Link encap:Ethernet HWaddr B8:38:21:B2:0A:0F
inet addr:10.122.14.98 Bcast:10.122.255.255 Mask:255.255.0.0
inet6 addr: fe80::ba38:21ff:feb2:a0f/64 Scope:Link
inet6 addr: ::ffff:2.2.2.2/64 Scope:Global
and
dtl0:1 Link encap:Ethernet HWaddr B8:38:21:B2:0A:0F
inet addr:2.2.2.2 Bcast:2.2.2.2 Mask:255.255.255.255
where dtl0 is the management interface and dtl0:1 the service one...
I wonder why ::ffff:2.2.2.2/64 belongs to the first one?
04-06-2017 07:57 PM
which release are you on
8.2 bought about changes the way the interfaces are created on the box
04-10-2017 01:13 AM
80.0.140.0
8.2 release has some annoying open caveats and some of them won't be solved before 8.3.
04-11-2017 05:31 AM
"Actually, this feature is not supported for pure IPv6 clients."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide