Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5210
Views
0
Helpful
8
Replies

IPv6 Internet access

Go to solution
PNI-ITRNP
Level 1
Level 1

‎02-17-2021 06:29 AM

So you all know, I'm NEW to IPv6... and I mean GREEN!

 

I have configured an IPv4 Cisco 9200 configured with multiple VLANs for an IPv4 network. In addition, this 9200 has 1 VLAN that needs to be IPv6.

 

My config includes the following for IPv6:

 

ipv6 dhcp pool DHCPv6-VLAN

address prefix fd00:dc:600:1::/64

dns-server fd00:dc:607:1::2

domain-name example.com

 

int vlan 600

ipv6 address fd00:dc:607:1::1

ipv6 dhcp server DHCPv6-VLAN

ipv6 nd managed-config-flag

 

Clients in this VLAN get an IPv6 address, and when checking the status of the ipv6 DHCP pool it shows active clients.

 

I can ping each device from the 9200 and can ping from device to device over ipv6. I also added records in the DNS server for each device so I could test pinging by name resolution and this also works.

 

However, I cannot access the internet.

 

My question is how do I configure IPv6 Internet access for this VLAN. I know I'll need some static route, but not sure how to go about it to get it configured.

 

Interface G1/0/48 is connected to a SonicWall that has access to the internet over IPv4 and IPv6. Will that interface need an IPv6 IP?

 

Any suggestions are much appreciated.

 

Thanks...

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to PNI-ITRNP

‎02-18-2021 06:41 AM

Hi,

 

Here is what the config would look like with the assumption you receive at least at least a /60 fro your provider. I will use 2001:db8:12ff:fff0::/60 in this case. 

 

ipv6 dhcp pool DHCPv6-VLAN

address prefix 2001:db8:12ff:fff1::/64

dns-server 2001:db8:12ff:fff1:2

domain-name example.com

 

int vlan 600

ipv6 address 2001:db8:12ff:fff1::1/64

ipv6 dhcp server DHCPv6-VLAN

ipv6 nd managed-config-flag

!

int G1/0/48

ipv6 address 2001:db8:12ff:fff0::/127

!

ipv6 route ::/0 2001:db8:12ff:fff0::1

 

You would also need a static route for prefix 2001:db8:12ff:fff0::/60 on the FW pointing at 2001:db8:12ff:fff0::, which is the address assigned to g1/0/48.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎02-17-2021 07:39 AM

Hi,

 

There are a few things missing. 

 

1. The IPv6 addresses you are using on the VLAN are called unique local addresses (ULA). These addresses are more or less equivalent to the IPv4 private addresses and can not be used to access the Internet. You should use addresses that were given to you by your provider to configure the VLAN and DHCP.

 

2. You need to configure an IPv6 address on the interface towards the firewall.

 

3. You need to configure a static default route towards the firewall.

 

4. You need a static route on the firewall pointing at the /64 prefix that you assigned to the VLAN.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
PNI-ITRNP
Level 1
Level 1

‎02-17-2021 07:47 AM

Thanks so much for the response, much appreciated. I knew I was missing part of the configuration and this explains a lot.

I created the Unique Local addresses as a test but also did not realize you could not use these to access the internet.

Would you be able to provide a config with all of the mentioned configuration settings so I can see what it looks like?

I know I need to get addresses from the provider and will take care of that soon enough. But if you can provide a config that would help me get a better understanding of what the actual config looks like. You can simply use the document IPv6 2001:DB8: 

Truly appreciate the response.

Thanks...

0 Helpful

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to PNI-ITRNP

‎02-18-2021 06:41 AM

Hi,

 

Here is what the config would look like with the assumption you receive at least at least a /60 fro your provider. I will use 2001:db8:12ff:fff0::/60 in this case. 

 

ipv6 dhcp pool DHCPv6-VLAN

address prefix 2001:db8:12ff:fff1::/64

dns-server 2001:db8:12ff:fff1:2

domain-name example.com

 

int vlan 600

ipv6 address 2001:db8:12ff:fff1::1/64

ipv6 dhcp server DHCPv6-VLAN

ipv6 nd managed-config-flag

!

int G1/0/48

ipv6 address 2001:db8:12ff:fff0::/127

!

ipv6 route ::/0 2001:db8:12ff:fff0::1

 

You would also need a static route for prefix 2001:db8:12ff:fff0::/60 on the FW pointing at 2001:db8:12ff:fff0::, which is the address assigned to g1/0/48.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
PNI-ITRNP
Level 1
Level 1

‎02-18-2021 11:10 AM

Thank you so much, this makes a lot of sense now.

This truly helps me to learn IPv6 a bit more.

 

0 Helpful

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to PNI-ITRNP

‎02-18-2021 01:17 PM

You are very welcome. Let us know if you have any additional question, once you get the addresses from your SP.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
PNI-ITRNP
Level 1
Level 1

‎02-19-2021 08:07 AM

I just thought of another question, going to pick your brain @Harold Ritter

I have tested this configuration with Unique Local on 1 switch. If I add additional switches and add the VLAN 600 to those switches aside from enabling IPv6 on the additional switches do I need to add an IPv6 IP to the additional switch or just add the VLAN?

From the documentation I’m reading, it looks like I would add an IP to the interface of the L3 Switch, but only the VLAN to the L2 Switch.

0 Helpful

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to PNI-ITRNP

‎02-19-2021 10:01 AM

If by switch you strictly mean L2 switch, then you do not need to configure or enable anything on these additional devices. Simply adding the VLAN would be sufficient.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
PNI-ITRNP
Level 1
Level 1

‎02-22-2021 05:31 AM

That's exactly what I meant. Perfect, I was hoping that would be the same as IPv4. Still learning IPv6!

Thank you so very much for your responses, this has been very helpful.

0 Helpful
Customers Also Viewed These Support Documents