Router - Cisco IPv6 Native Config: Difference between revisions

← Older edit

Router - Cisco IPv6 Native Config (view source)

Revision as of 10:05, 27 February 2015

2,166 bytes added , 27 February 2015

no edit summary

Cmat100

3

edits

Revision as of 21:58, 7 February 2011 (view source) Buzzons (talk \| contribs) (Created page with "= This page will walk you through getting IPv6 to work correctly on your Cisco device = == Enable IPv6 routing on your router == <pre> #conf t #ipv6 source-route #ipv6 unicast-...")		Latest revision as of 10:05, 27 February 2015 (view source) Cmat100 (talk \| contribs) No edit summary
(17 intermediate revisions by 6 users not shown)
<pre> # conf t # ipv6 source-route # ipv6 unicast-routing # ipv6 cef # ipv6 multicast-routing # ipv6 route ::/0 Dialer0 </pre> <pre> # conf t # interface FastEthernet 0/0 # ipv6 address <your_slash_48>:1::/64 eui-64 # ipv6 enable # ipv6 nd prefix <your_slash_48>:1::/64 # ipv6 nd managed-config-flag # ipv6 nd router-preference High # ipv6 nd ra interval 60 </pre> EDIT - Feb 2015 - Above didn't work for me, alternative config below <pre> ! Feb 2015 - Cisco 1841 / FTTC ! LAN Port (I used default /64 on clueless) ! interface FastEthernet0/0 ipv6 address 2001:8B0:xx:xxxx::1/64 ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server ipv6dhcp_pool ! ! Below gives out IPv6 DNS to clients ! ipv6 dhcp pool ipv6dhcp_pool dns-server 2001:8B0::2020 dns-server 2001:8B0::2021 </pre> <pre> # conf t # interface dialer0 # ipv6 enable # ipv6 traffic-filter adsl-ipv6 in </pre> 02/11/2011 The above config didn't work for me I had to create a new /64 via Clueless and add this here as an IP address <pre> ipv6 nd prefix <your_slash_64>::1/64 </pre> I would also add the following traffic-filter to the dialer interface <pre> ipv6 traffic-filter outboundfilters-ipv6 out </pre> EDIT Feb 2015 - Alternative config below <pre> ! Feb 2015 - Cisco 1841 / FTTC ! WAN ! interface Dialer0 ipv6 address dhcp rapid-commit ipv6 enable </pre> <pre> # conf t # ipv6 access-list ipv6 adsl-ipv6 # permit tcp any any established # permit icmp any any # deny ipv6 any any # interface dialer0 # ipv6 traffic-filter adsl-ipv6 in </pre> 02/11/2011 I would use the following access-list - I would advise against allowing any IPv6 ICMP into the network unless absolutely necessary and then only allow on a case-by-case basis <pre> ipv6 access-list adsl-ipv6 ! This only allows in IPv6 traffic which originated from our local network ! No need for a deny at the end as an implicit deny is the default evaluate tcptraffic-out-ipv6 evaluate udptraffic-out-ipv6 evaluate icmptraffic-out-ipv6 ipv6 access-list outboundfilters-ipv6 ! This only creates a reflexive access-list that adsl-ipv6 uses to allow traffic back in ! No need for a deny at the end as an implicit deny is the default permit tcp any any reflect tcptraffic-out-ipv6 timeout 30 permit icmp any any reflect icmptraffic-out-ipv6 timeout 30 permit udp any any reflect udptraffic-out-ipv6 timeout 30 interface dialer<n> ipv6 traffic-filter adsl-ipv6 in ipv6 traffic-filter outboundfilters-ipv6 out </pre> If you include the "deny any any" line a "show access-lists ..." will show the number of packets that have hit that line. Thus you can tell if a problem exists because the packets are not passing through the access list or failure to communicate is because of some other problem. [[Category:3rd Party Routers\|Cisco]] [[Category:IPv6]]