Router - Cisco IPv6 Native Config: Difference between revisions
Content deleted Content added
Created page with "= This page will walk you through getting IPv6 to work correctly on your Cisco device = == Enable IPv6 routing on your router == <pre> #conf t #ipv6 source-route #ipv6 unicast-..." |
No edit summary |
||
| (17 intermediate revisions by 6 users not shown) | |||
| Line 4: | Line 4: | ||
<pre> |
<pre> |
||
conf t |
|||
ipv6 source-route |
|||
ipv6 unicast-routing |
|||
ipv6 cef |
|||
ipv6 multicast-routing |
|||
ipv6 route ::/0 Dialer0 |
|||
</pre> |
</pre> |
||
| Line 15: | Line 15: | ||
<pre> |
<pre> |
||
conf t |
|||
interface FastEthernet 0/0 |
|||
ipv6 address <your_slash_48>:1::/64 eui-64 |
|||
ipv6 enable |
|||
ipv6 nd prefix <your_slash_48>:1::/64 |
|||
ipv6 nd managed-config-flag |
|||
ipv6 nd router-preference High |
|||
ipv6 nd ra interval 60 |
|||
</pre> |
|||
EDIT - Feb 2015 - Above didn't work for me, alternative config below |
|||
<pre> |
|||
! Feb 2015 - Cisco 1841 / FTTC |
|||
! LAN Port (I used default /64 on clueless) |
|||
! |
|||
interface FastEthernet0/0 |
|||
ipv6 address 2001:8B0:xx:xxxx::1/64 |
|||
ipv6 enable |
|||
ipv6 nd other-config-flag |
|||
ipv6 dhcp server ipv6dhcp_pool |
|||
! |
|||
! Below gives out IPv6 DNS to clients |
|||
! |
|||
ipv6 dhcp pool ipv6dhcp_pool |
|||
dns-server 2001:8B0::2020 |
|||
dns-server 2001:8B0::2021 |
|||
</pre> |
</pre> |
||
| Line 28: | Line 47: | ||
<pre> |
<pre> |
||
conf t |
|||
interface dialer0 |
|||
ipv6 enable |
|||
ipv6 traffic-filter adsl-ipv6 in |
|||
</pre> |
|||
02/11/2011 |
|||
The above config didn't work for me I had to create a new /64 via Clueless and add this here as an IP address |
|||
<pre> |
|||
ipv6 nd prefix <your_slash_64>::1/64 |
|||
</pre> |
|||
I would also add the following traffic-filter to the dialer interface |
|||
<pre> |
|||
ipv6 traffic-filter outboundfilters-ipv6 out |
|||
</pre> |
|||
EDIT Feb 2015 - Alternative config below |
|||
<pre> |
|||
! Feb 2015 - Cisco 1841 / FTTC |
|||
! WAN |
|||
! |
|||
interface Dialer0 |
|||
ipv6 address dhcp rapid-commit |
|||
ipv6 enable |
|||
</pre> |
</pre> |
||
| Line 37: | Line 78: | ||
<pre> |
<pre> |
||
conf t |
|||
ipv6 access-list ipv6 adsl-ipv6 |
|||
permit tcp any any established |
|||
permit icmp any any |
|||
deny ipv6 any any |
|||
interface dialer0 |
|||
ipv6 traffic-filter adsl-ipv6 in |
|||
</pre> |
</pre> |
||
02/11/2011 |
|||
I would use the following access-list - I would advise against allowing any IPv6 ICMP into the network unless absolutely necessary and then only allow on a case-by-case basis |
|||
<pre> |
|||
ipv6 access-list adsl-ipv6 |
|||
! This only allows in IPv6 traffic which originated from our local network |
|||
! No need for a deny at the end as an implicit deny is the default |
|||
evaluate tcptraffic-out-ipv6 |
|||
evaluate udptraffic-out-ipv6 |
|||
evaluate icmptraffic-out-ipv6 |
|||
ipv6 access-list outboundfilters-ipv6 |
|||
! This only creates a reflexive access-list that adsl-ipv6 uses to allow traffic back in |
|||
! No need for a deny at the end as an implicit deny is the default |
|||
permit tcp any any reflect tcptraffic-out-ipv6 timeout 30 |
|||
permit icmp any any reflect icmptraffic-out-ipv6 timeout 30 |
|||
permit udp any any reflect udptraffic-out-ipv6 timeout 30 |
|||
interface dialer<n> |
|||
ipv6 traffic-filter adsl-ipv6 in |
|||
ipv6 traffic-filter outboundfilters-ipv6 out |
|||
</pre> |
|||
If you include the "deny any any" line a "show access-lists ..." will show the number of |
|||
packets that have hit that line. Thus you can tell if a problem exists because |
|||
the packets are not passing through the access list or failure to communicate is |
|||
because of some other problem. |
|||
[[Category:3rd Party Routers|Cisco]] [[Category:IPv6]] |
|||