Router - Cisco IPv6 Native Config: Difference between revisions

From AAISP Support Site
No edit summary
 
(14 intermediate revisions by 6 users not shown)
Line 4: Line 4:


<pre>
<pre>
#conf t
conf t
#ipv6 source-route
ipv6 source-route
#ipv6 unicast-routing
ipv6 unicast-routing
#ipv6 cef
ipv6 cef
#ipv6 multicast-routing
ipv6 multicast-routing
#ipv6 route ::/0 Dialer0
ipv6 route ::/0 Dialer0
</pre>
</pre>


Line 15: Line 15:


<pre>
<pre>
#conf t
conf t
#interface FastEthernet 0/0
interface FastEthernet 0/0
#ipv6 address <your_slash_48>:1::/64 eui-64
ipv6 address <your_slash_48>:1::/64 eui-64
#ipv6 enable
ipv6 enable
#ipv6 nd prefix <your_slash_48>:1::/64
ipv6 nd prefix <your_slash_48>:1::/64
#ipv6 nd managed-config-flag
ipv6 nd managed-config-flag
#ipv6 nd router-preference High
ipv6 nd router-preference High
#ipv6 nd ra interval 60
ipv6 nd ra interval 60
</pre>

EDIT - Feb 2015 - Above didn't work for me, alternative config below

<pre>
! Feb 2015 - Cisco 1841 / FTTC
! LAN Port (I used default /64 on clueless)
!
interface FastEthernet0/0
ipv6 address 2001:8B0:xx:xxxx::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server ipv6dhcp_pool
!
! Below gives out IPv6 DNS to clients
!
ipv6 dhcp pool ipv6dhcp_pool
dns-server 2001:8B0::2020
dns-server 2001:8B0::2021
</pre>
</pre>


Line 28: Line 47:


<pre>
<pre>
#conf t
conf t
#interface dialer0
interface dialer0
#ipv6 enable
ipv6 enable
#ipv6 traffic-filter adsl-ipv6 in
ipv6 traffic-filter adsl-ipv6 in
</pre>
</pre>


02/11/2011
The above config didn't work for me I had to create a new /64 via Clueless and add this here as an IP address
The above config didn't work for me I had to create a new /64 via Clueless and add this here as an IP address
<pre>
<pre>
#ipv6 nd prefix <your_slash_64>::1/64
ipv6 nd prefix <your_slash_64>::1/64
</pre>
</pre>


I would also add the following traffic-filter to the dialer interface
I would also add the following traffic-filter to the dialer interface
<pre>
<pre>
#ipv6 traffic-filter outboundfilters-ipv6 out
ipv6 traffic-filter outboundfilters-ipv6 out
</pre>

EDIT Feb 2015 - Alternative config below

<pre>
! Feb 2015 - Cisco 1841 / FTTC
! WAN
!
interface Dialer0
ipv6 address dhcp rapid-commit
ipv6 enable
</pre>
</pre>


Line 47: Line 78:


<pre>
<pre>
#conf t
conf t
#ipv6 access-list ipv6 adsl-ipv6
ipv6 access-list ipv6 adsl-ipv6
#permit tcp any any established
permit tcp any any established
#permit icmp any any
permit icmp any any
#deny ipv6 any any
deny ipv6 any any
#interface dialer0
interface dialer0
#ipv6 traffic-filter adsl-ipv6 in
ipv6 traffic-filter adsl-ipv6 in
</pre>
</pre>


Line 78: Line 109:
ipv6 traffic-filter outboundfilters-ipv6 out
ipv6 traffic-filter outboundfilters-ipv6 out
</pre>
</pre>

If you include the "deny any any" line a "show access-lists ..." will show the number of
packets that have hit that line. Thus you can tell if a problem exists because
the packets are not passing through the access list or failure to communicate is
because of some other problem.



[[Category:3rd Party Routers|Cisco]] [[Category:IPv6]]

Latest revision as of 10:05, 27 February 2015

This page will walk you through getting IPv6 to work correctly on your Cisco device

Enable IPv6 routing on your router

 conf t
 ipv6 source-route
 ipv6 unicast-routing
 ipv6 cef
 ipv6 multicast-routing
 ipv6 route ::/0 Dialer0

Enable IPv6 to work on your internal Ethernet Ports

 conf t
 interface FastEthernet 0/0
 ipv6 address <your_slash_48>:1::/64 eui-64
 ipv6 enable
 ipv6 nd prefix <your_slash_48>:1::/64
 ipv6 nd managed-config-flag
 ipv6 nd router-preference High
 ipv6 nd ra interval 60

EDIT - Feb 2015 - Above didn't work for me, alternative config below

! Feb 2015 - Cisco 1841 / FTTC 
! LAN Port (I used default /64 on clueless)
!
interface FastEthernet0/0
 ipv6 address 2001:8B0:xx:xxxx::1/64
 ipv6 enable
 ipv6 nd other-config-flag
 ipv6 dhcp server ipv6dhcp_pool
!
! Below gives out IPv6 DNS to clients
!
ipv6 dhcp pool ipv6dhcp_pool
  dns-server 2001:8B0::2020
  dns-server 2001:8B0::2021

Enable IPv6 to work on your WAN side

 conf t
 interface dialer0
 ipv6 enable
 ipv6 traffic-filter adsl-ipv6 in

02/11/2011 The above config didn't work for me I had to create a new /64 via Clueless and add this here as an IP address

 ipv6 nd prefix <your_slash_64>::1/64

I would also add the following traffic-filter to the dialer interface

 ipv6 traffic-filter outboundfilters-ipv6 out

EDIT Feb 2015 - Alternative config below

! Feb 2015 - Cisco 1841 / FTTC 
! WAN 
!
 interface Dialer0
  ipv6 address dhcp rapid-commit
  ipv6 enable

Lock down your IPv6 network with an access list

 conf t
 ipv6 access-list ipv6 adsl-ipv6
 permit tcp any any established
 permit icmp any any
 deny ipv6 any any
 interface dialer0
 ipv6 traffic-filter adsl-ipv6 in


02/11/2011 I would use the following access-list - I would advise against allowing any IPv6 ICMP into the network unless absolutely necessary and then only allow on a case-by-case basis

ipv6 access-list adsl-ipv6
! This only allows in IPv6 traffic which originated from our local network
! No need for a deny at the end as an implicit deny is the default
 evaluate tcptraffic-out-ipv6
 evaluate udptraffic-out-ipv6
 evaluate icmptraffic-out-ipv6

ipv6 access-list outboundfilters-ipv6
! This only creates a reflexive access-list that adsl-ipv6 uses to allow traffic back in
! No need for a deny at the end as an implicit deny is the default
 permit tcp any any reflect tcptraffic-out-ipv6 timeout 30
 permit icmp any any reflect icmptraffic-out-ipv6 timeout 30
 permit udp any any reflect udptraffic-out-ipv6 timeout 30

interface dialer<n>
 ipv6 traffic-filter adsl-ipv6 in
 ipv6 traffic-filter outboundfilters-ipv6 out

If you include the "deny any any" line a "show access-lists ..." will show the number of packets that have hit that line. Thus you can tell if a problem exists because the packets are not passing through the access list or failure to communicate is because of some other problem.