E4200 - IPv6 Neighbor Discovery

Hi,
I am currently developping an embedded IPv6 stack and I needed to get an IPv6 compatible router to perform different tests. I purchased an E4200 router, knowing that the latest firmware includes Native IPv6 support. On Cisco blog, I read that the router should now support RFC6204:
"While many of the base IPv6 specifications have been available for years, the IETF published RFC 6204 which defines the basic requirements for an IPv6 home router as recently as April 2011. IP is one of the most important protocols to the Internet, and IPv6 is the biggest change in IP in over 30 years. We want to be careful that the implementations we ship work well and adhere to the latest standards so that we do not hinder the adoption of IPv6 by content providers and ISPs."
Source: http://blogs.cisco.com/consumer/linksys-e4200-wireless-router-supports-ipv6/
My first test step involved the Neighbor Discovery Protocol and RFC6204 clearly states the following:
"The IPv6 CE router MUST support router behavior according Neighbor Discovery for IPv6 [RFC4861]"
My first question is the following: Is it normal that I don't see any 'Router Advertisement' messages send by the router? According to RFC4861, it is not.
It must day that my ISP doesn't support IPv6 so it doesn't assign a global IPv6 address to my router. However, I only require to have a link-local IPv6 link (at least for now). Can it explain why the router doesn't send periodic "Router Advertisement" messages?
Second, the router correcty responds to my "Neighbor Solicitation" messages when I try to ping the link-local address. But
it is not responding to my "Router Solicitation" messages. It's also conflicting with RFC4861.
Does someone know what is going on with Neighbor Discovery on that router? I will appreciate any comments & replies.
Many thanks!

Many thanks for you input. We decided to return the consumer router and we purchased a CISCO 881. The IOS software is much more flexible and it actually do what we want.
IPv6 experts are not easy to find so if you don't mind, I would have another question on a behavior I observed recently with our CISCO 881 router.
I implemented the ICMPv6 echo request functionnality and it works fine when I try to reach different hosts on my network.
However, I also tested it by using the link-local IP address of my router as the target. First, my stack sends a Neighbor Solicitation message (using IPv6-MCAST dest MAC address) to resolve the router IP address (assuming it is not yet on the router list) . The router reply back with a Neighbor Advertisement message, but does not includes the 'Target link-layer address' option into its message.
However, according the the RFC4861 (page 25), in Neighbor Advertisement messages, the Target link-layer address "option MUST be included on link layers that have addresses when responding to multicast solicitations."
It looks like a bad implementation; I was expecting the Neighbor Advertisement message, even if sent by a router, to include the Target link-layer option when responding to my multicast Neighbor Solicitation. Do you agree with that?
Simon

Similar Messages

IPV6 BGP and Neighbor Discovery

My understanding of IPv6 may not be accurate, so if there are any incorrect statements, please correct them.
We have a requirement that prohibits FE80::/10 addresses from passing from end sites to the provider network. FE80::/10 are the IPv6 link-local addresses. Since link-local addresses are required Neighbor Discovery Protocol, this blocks those operations that are part of it.
The sites use BGP with the provider network, so can IPv6 BGP work without link-local addresses? Is Neighbor Discovery necessary for reachability between BGP peers?

(The below messgage is just to address the concern whether blocking LL breaks all ND, it does not tie into rest of BGP configuration)
Larry,
Speaking of ND only... RFC (4861) only mandates that source IP is assigned address
http://tools.ietf.org/html/rfc4861#section-4.3
It does not mandate link-local, I have not read the updated RFC.
I did a simple test with two devices with assigned IP addresses.
Spoke2#ping vrf VRF 2001:db8::1 re 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 2001:DB8::1, timeout is 2 seconds:!Success rate is 100 percent (1/1), round-trip min/avg/max = 9/9/9 msSpoke2#*Nov 27 13:27:43.246: IPv6-Fwd: Destination lookup for 2001:DB8::1 : i/f=Ethernet0/0, nexthop=2001:DB8::1*Nov 27 13:27:43.246: IPv6-Fwd: SAS picked source 2001:DB8::FFFF for 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246: ICMPv6: Sent echo request, Src=2001:DB8::FFFF, Dst=2001:DB8::1*Nov 27 13:27:43.246: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.246: dest 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating*Nov 27 13:27:43.246: IPv6-Fwd: Created tmp mtu cache entry for 2001:DB8::FFFF 2001:DB8::1 1E000001*Nov 27 13:27:43.246: IPv6-Fwd: Encapsulation postponed, performing resolution*Nov 27 13:27:43.250: ICMPv6: Sent N-Solicit, Src=2001:DB8::FFFF, Dst=FF02::1:FF00:1*Nov 27 13:27:43.250: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.250: dest FF02::1:FF00:1 (Ethernet0/0)*Nov 27 13:27:43.250: traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating*Nov 27 13:27:43.250: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255: dest 2001:DB8::FFFF (Ethernet0/0)Spoke2#*Nov 27 13:27:43.255: traffic class 224, flow 0x0, len 72+14, prot 58, hops 255, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received N-Advert, Src=2001:DB8::1, Dst=2001:DB8::FFFF*Nov 27 13:27:43.255: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255: dest 2001:DB8::FFFF (Ethernet0/0)*Nov 27 13:27:43.255: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received echo reply, Src=2001:DB8::1, Dst=2001:DB8::FFFF
M.
Message was edited by: Marcin Latosiewicz, edited for clarity.

LWAPP Neighbor discovery

I'm trying to understand the LWAPP neighbor discovery mechanism. Specifically:
- What packets are used for this purpose (e.g. beacons, dedicated msgs, etc.)?
- What modulation/power level is used for above packets?
- What is the lowest power level an AP can measure for "g" and "a"?
- What is the lowest power level that may affect controller decisions?

The WLCs and LAPs use the discovery request LWAPP packets to find the controllers and join request packets to register with the controllers.

ASR1002 SNMP IPv6 Neighbor Table

I am trying to get the IPv6 neighbor table from an ASR 1002 running
asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin.
From the supported MIB list IP-MIB is listed but the IpNetToPhysicalTable only yields results for IPv4, not IPv6 (and yes, I have IPv6 neighbors if I do "show ipv6 neighbor" via CLI).
The cInetNetToMediaTable is empty as well.
On my 7010 Nexus IpNetToPhysicalTable works and on my 6500s the cInetNetToMediaTable generally works.
Anyone have this working on ASR? Suggestions?
Thanks

You are correct. Everything works fine on a LAN interface.
Thank you very much.
Why does it not work on a p2p interface?

Mib - counter - ipv6 neighbors

Hello,
I need to create a graph exactly like this one for my boss:
http://http://cisco-live6.com/munin/ipv6noc/ipv6noc/net_neighbors.html
http://cisco-live6.com/munin/ipv6noc/ipv6noc/net_neighbors.html
I need a mib that shows the total number of ipv6 neighbors.
I can't walk a table to get the number because it consumes too much CPU.
I need an accumulated count like the ones shown by "show ipv6 neighbor statistics"
Is there any such mib, if not will there be one in the future?
My switches are 6509's and have the following software: 12.2(33)SXH3 and 12.2(33)SXI7
I have looked extensively, but had no luck.
Your help would be greatly appreciated.
Thanks

There isn't one objects that will tell you this, but if you walk cInetNetToMediaPhysAddress and count the entries, that will tell you the number of neighbors. On newer versions of IOS, you may need to walk ipNetToPhysicalPhysAddress. But the same thing applies. Count the number of ipv6 entries returned to get your total number of neighbors.

E4200 IPV6 support (and the removal of it)

Dear Linksys representatives,
Could you please provide some detail on why IPv6 was available in the first builds of the router but then got removed in later firmware versions and the official lecture is that IPv6 is not being supported at all.
I've had a nice little chat with one of your representatives and they could not clarify this at all. Actually, they say no Linksys devices EVER supported IPv6 period, which does not seem to be entirely true. Saw that 1.0.00 (build 13) for the e4200 actaully has IPv6 support in it and the current build has not.
Could you also make a sticky post about IPv6 support on all Linksys devices with wether they will be supporting it in the future or not? Depending on the outcome to this question I'm deciding to return my Linksys device or not, since I actually need to have IPv6 support for development of new soft- and hardware.
Kind regards,
Michel
ps: happy IPv6 day!
http://www.worldipv6day.org/

The E4200v1 and E4200v2 both support IPv6 in the latest firmware. Do you still have a problem? See also: http://home.cisco.com/ipv6 for a list of routers and the test suites that they have past.
All future home routers are expected to have IPv6.

E4200 IPv6 Causes Win7 DHCP Client Crash

When I enable IPv6 on my E4200, the Windows 7 DHCP client crashes. It also seems to crash the audio service, the event logger and a few other windows services. Please let me know what extra information you need.
Thanks in advance.

Check the even viewer for details.
Generally, a crash of windows or windows services is a problem of windows. It must not crash. You may have to repair your windows installation or the network stack. Check a microsoft forum for instructions.

E4200 ipv6 strange why is it grayed out?

I flashed the firmware and the ipv6 automatic is on disabled and I cannot set it to enabled.
the 6rd tunnel option I can chenge but that has not effect- in fact from what I looked up it seems to be something used by some cable providers.
hate to have to reset the router to factory defaults and then reset the network up - just to see if i can get the option to set IPV6 auto to enabled
any ideas?

You can only enable IPv6 if your internet connection supports IPv6 either directly or via tunnel.

IPv6 - Turn Off Router Discovery

I have a Cisco AP 1262 running 15.2.4-JA1 which has IPv6 support.
I want to leave IPv6 neighbor discovery on but I want to disable router discovery so I can manually specify what default gateway to use.
You can do this on windows:
netsh inter ipv6 set interface XX routerdiscovery=disabled
I can't seem to find the command in IOS.
Thanks.

On the contrary,
It seems my 1262 AP is doing this by default.
I did nothing but assign an IPv6 address to my AP and it was able to ping IPv6 Internet.
interface BVI1
ip address XXX.XXX.1.250 255.255.255.0
no ip route-cache
ipv6 address XXXX:XXXX:XXXX:1:FFFF:FFFF:FFFF:FFFA/64
ipv6 enable
ap#show ipv6 inter bvi1
BVI1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::462B:3FF:FE91:XXXX
No Virtual link-local address(es):
Global unicast address(es):
    XXXX:XXXX:XXXX:1:FFFF:FFFF:FFFF:FFFA, subnet is XXXX:XXXX:XXXX:1::/64
Joined group address(es):
    FF02::1
    FF02::1:FF91:3C8D
    FF02::1:FFFF:FFFA
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds
Default router is FE80::C2EA:E4FF:FE09:XXXX on BVI1

Disable ipv6 on Cisco VG224

We have a vulnerability scanner that we use and it has picked up that our Voice GW has a "Cisco IPv6 Crafted Packet Vulnerability"
I entered the commands "no ipv6 unicast-routing" and "no ipv6 cef" the next scan is in a weeks time, but would these have done the trick?
Thank you
Bilal

Qualys vulnerability scanner, the version of ios is vg224-i6k9s-mz.124-24.T5.bin
The report states:
IPv6 is the "Internet Protocol Version 6", designed by the Internet Engineering Task Force (IETF) to replace Internet Protocol Version 4 (IPv4). A vulnerability exists in the processing of IPv6 packets. Crafted packets from the local segment received on logical interfaces (that is, tunnels including 6to4 tunnels) as well as physical interfaces can trigger this vulnerability. Crafted packets cannot traverse a 6to4 tunnel and attack a box across the tunnel.
The crafted packet must be sent from a local network segment to trigger the attack. This vulnerability cannot be exploited one or more hops from the IOS device.
NOTE: This check requires that the "Clear Text Password" check box is enabled in your Authentication Preferences.
IMPACT:
Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code. Repeated exploitation could result in a sustained denial of service attack or execution of arbitrary code on Cisco IOS devices. Successful exploitation of the vulnerability on Cisco IOS-XR may result in a restart of the IPv6 neighbor discovery process. A restart of this process will only affect IPv6 traffic passing through the system. All other processes and traffic will be unaffected. Repeated exploitation could result in a sustained denial of service attack on IPv6 traffic.
SOLUTION:
Cisco has made free software available to address this vulnerability for all affected customers. Workaround:
In networks where IPv6 is not needed but enabled, disabling IPv6 processing on an IOS device will eliminate exposure to this vulnerability. On a router which is configured for IPv6, this must be done by issuing the command "no ipv6 enable" and "no ipv6 address" on each interface.
VG224-1(config)#no ipv6 enable
^
% Invalid input detected at '^' marker.
VG224-1(config)#int fa0/0
VG224-1(config-if)#no ipv6 enable
VG224-1(config-if)#int fa0/1
VG224-1(config-if)#no ipv6 enable
What does the note in bold mean? There's no check box in cli :-/
Thank you

Netra t1 with solaris 9 fresh install on/standby switch

Hi,
I recently installed solaris 9 onto my Netra 105 box. For the likes off me I can't figure out why the on/standby switch simply does not work since reinstalling. The only way I can power down the box is by literally unplugging it from the wall. I am a total newbie to Sun boxes (& solaris for that matter) & have had zero luck in finding any info specific info relating to this. Can some kind soul put me on the right track?

I have down precisely what you have recommended & the thing still won't go into standby. After executing poweroff from the LOM prompt It just sits there continually humming away. Yet it worked fine prior to the installation off solaris 9 from solaris 8. I have even reinstalled again, this time making sure to include the power management options. All reinstalls were done with the "initial installation" option.
Here is a screen dump off the unit booting & me executing the poweroff commnd:
lom>reset
LOM event: host reset
Netra t1 (UltraSPARC-IIi 440MHz), No Keyboard
OpenBoot 3.10.25 ME, 512 MB memory installed, Serial #14315586.
Ethernet address 8:0:20:da:70:42, Host ID: 80da7042.
Boot device: disk File and args:
SunOS Release 5.9 Version Generic_112233-05 64-bit
Copyright 1983-2002 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
configuring IPv4 interfaces: hme0.
configuring IPv6 interfaces: hme0.
starting DHCP on primary interface hme0
Hostname: unknown
The system is coming up. Please wait.
checking ufs filesystems
/dev/rdsk/c0t0d0s7: is stable.
Starting IPv6 neighbor discovery.
Setting default IPv6 interface for multicast: add net ff00::/8: gateway fe80::a00:20ff:feda:7042
starting rpc services: rpcbind done.
Setting default IPv4 interface for multicast: add net 224.0/4: gateway 192.168.0.125
syslog service starting.
syslogd: line 24: WARNING: loghost could not be resolved
Jun 27 19:19:36 unknown /usr/lib/power/powerd: powerd: failed to get idle time for console mouse
volume management starting.
The system is ready.
unknown console login: root
Password:
Last login: Fri Jun 27 19:00:09 on console
Jun 27 19:19:55 unknown login: ROOT LOGIN /dev/console
Sun Microsystems Inc. SunOS 5.9 Generic May 2002
# #.lom>poweroff
lom>
This problem is annoying the hell out off me. Everyone I have spoken to hasn't even heard off this problem.
Any other advice you can give would be very much appreciated.

Sol 8 Install: Getting NIS Timeout [???]

Howdy.
A newbie here. Seems I have turned a perfectly functional Sparc Ultra 10 running 2.6 into a corpse, following my attempted install of 2.8. What's galling is that I did the same thing on the machine next to it (an E250) and it's running fine. Anyway, the symptoms:
At reboot following the install, I see the following messages:
The System is coming up. Please wait
WARNING: /pci@1f,0/pci@1/scsi@2 (glm0):
connected command timeout for Target 3.0
WARNING: /pci@.....(glm0)
Target 3 reducing sync. transfer rate
WARNING: /pci@....(glm0)
got SCSI bus reset
WARNING: /pci@....(glm0)
SCSI transport failed: reason `timeout`: retrying cmd
checking UFS filesystems:
/dev/rdsk/c0t0d0s5: is stable
/dev/rdsk/c1t3d0s1: is stable
/dev/rdsk/c1t3d0s3: is stable
/dev/rdsk/c1t3d0s0: is stable
NIS domainname is xxx.xxx.com
Starting IPv6 neighbor discovery
Setting default IPv6 interface for multicast: add net ff00:/8: gateway fe80::a00: 20ff:feb9:1633
starting rpc services: rpcbind keyserv ypbind done.
WARNING: Timed out waiting for NIS to come up
After this last warning, it hangs.
The following files look OK per comparison with the e250 and other internal doc:
/etc/hosts
/etc/defaultrouter
/etc/resolv.conf
/etc/hostname.hme0
My nsswitch.conf file was cloned from nsswitch.nis. I added dns to the hosts line. I'm running on a typical (?) large corporate intranet. I can ping this machine from the E250 and can ping the E250 from this machine.
Truth to tell, I have no idea whether I'm supposed to be using NIS or DNS. Have tried an nsswitch.files and nsswitch.nis.
Can someone at least suggest some troubleshooting techniques or possible causes. I'm about out of ammo here. Many thanks.
Peter

Hello,
I�m not sure of my answer, but maybe the problem can be that your system is looking for a NIS server and it cannot find or access it. When solaris boots it looks for a file called /etc/defaultdomain for a NIS domain without looking at /etc/nsswitch.conf. I think it only uses this file to determine which sources to look at for an information, not the available naming services.
Is that file present on your system? I think it is because it tries to access a NIS domain. Is the corresponding NIS server accesible from this host? Does the E250 boot in a similar way? Is the E250 on a NIS domain or you cannot see similar messages refering to NIS on it�s boot process?
Bye,
jmiturbe

IPV6 ebGP neighbor

Dear cisco community,
I am currently running a IPV4 ebgp neighbor via my current 10G pipe to my ISP.
we recently added IPV6 neighbor,
we noticed, that the IPV4 neighbor is still pretty stable, however, our IPV6 neighbor keeps flapping from 5-10mins.
we can not get a stable BGp connection we our IPV6 addressing.
I am using a cisco CRS. 4.1 version.
is this behavior related to my physical 10G pipe, or my router neighbor discovery (ND).
thanks
-jon

Hi Jonathan,
What error are you seeing with the flap?. Can you paste the error logs?.
-Nagendra

[SOLVED] Comcast IPv6 Prefix Delegation

I've built a gateway/firewall/network services box out of an old machine I had, and it works quite well for IPv4. I was super excited when Comcast finally rolled out IPv6 in my area, and have been attempting to get it to work, however with no success. I have at one point successfully been using an HE tunnel to provide IPv6 for the network. My goal is to have this box running Arch get a prefix from Comcast, distribute it to the local network via radvd, and route IPv6 traffic between the LAN and Comcast without manual intervention to assign the prefix anywhere.
My issue seems to be getting ISC's dhcpcd to apply the prefix that it receives from Comcast to the LAN interface. The prefix I receive is a /64, and if I run dhcpcd in verbose mode, I do see it receive a prefix assignment.
LAN: enp2s2
WAN: enp2s8
dhcpcd.conf
#Prefix delegation in theory
noipv6rs
interface enp2s8
ia_pd 1 enp2s2
radvd.conf
interface enp2s2 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
DeprecatePrefix on;
However, the prefix never shows up on any interface (using ip addr to view), so never seems to be usable. Just in case I wasn't checking it appropriately, I attempted to run radvd anyways, and it exits with an error about no prefixes to advertise as expected.
Furthermore, I've been having further issues, in that if I manually take the prefix, and give my router's LAN interface the prefix::1 address, I have no IPv6 connectivity. If I switch dhcpcd to use ia_na instead of pd, I get an address on the WAN interface and have fully functional IPv6 connectivity on the router, as expected. I was hoping that I could use both statements to get an address on the WAN and delegate a prefix to the LAN, but that seems to be disallowed by dhcpcd, probably for a good reason I'm not aware of. I was hoping neighbor discovery would inform my router of Comcast's router on the link-local link (is that the right term?), but it does not seem to be functioning.
I've googled extensively and have not been able to find a solution that does not require manual intervention to copy-paste the prefix from the dhcpcd/dhclient output either into radvd, or assigning the address manually. Any suggestions on where I should look, or what I should try?
Thanks in advance
Last edited by phate408 (2013-09-19 18:27:01)

phate408 wrote:I manually take the prefix, and give my router's LAN interface the prefix::1 address, I have no IPv6 connectivity.
If Comcast are anything like Internode here in Australia, they require the PD request to update their routers with the correct routing information.
AFAIK, you should be doing a IA_NA to get an address for your router (to connect the link between your router and Comcast), then you need to do the PD to get the addresses for your internal use which radvd will then advertise.
EDIT: I figured I should include some info for how I do it. I use dibbler-client with these options (obviously I've censored my PD):
inactive-mode
skip-confirm
log-mode short
log-level 7
iface "ppp200" {
pd {
prefix 2001:aa:aa:ab00::/56
option dns-server
IPv6 addresses are then statically assigned to the internal interfaces, and radvd runs with this config:
interface eth1 {
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
AdvDefaultLifetime 3600; # 1 hour
AdvDefaultPreference high; # this is the best router
AdvHomeAgentFlag off; # Disable Mobile IPv6 support
prefix 2001:aa:aa:ab01::/64 {
AdvOnLink on;
AdvAutonomous on;
RDNSS 2001:aa:aa:ab01::f1 {
Note the increment in the last byte of the network prefix:
:ab00: (ISP side of the router) => :ab01: (LAN side)

Problem: IPv6 w/ PPPoE on Cisco 2901

Folks: I have this Cisco 2901 configured with PPPoE and IPv6 and connect it through a CO (DSLAM) to an Actiontec xDSL router. PPPoE connections are on FE0/0/0, through virtual template.
The Actiontec router gets NA and PD addresses succesfully and LAN PC connected to Actiontec router can surf the IPv6 Internet w/ no problem. However, Cisco 2901 can't reach the Actiontec router by its NA or TA public IPv6 address. A 'stupid' workaround is to manually add a route w/ the virtual access. It is stupid cuz each new connection will bring up a different virtual acess.
I guess this is a bug on 2901, but want to confirm with you guys first. Now the whole config:
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname AEI_SV_Cisco_2091
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no aaa new-model
ipv6 unicast-routing
ipv6 dhcp pool HE
prefix-delegation pool HE-48
address prefix 2001:470:1F05:7A::/64
ipv6 cef
ip dhcp pool default
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.1
ip dhcp pool dslam1
network 10.11.11.0 255.255.255.0
default-router 10.11.11.1
dns-server 10.11.11.1
ip domain name yourdomain.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
multilink bundle-name authenticated
vpdn enable
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3962993046
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3962993046
revocation-check none
rsakeypair TP-self-signed-3962993046
crypto pki certificate chain TP-self-signed-3962993046
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393632 39393330 3436301E 170D3131 31313232 31363132
31335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39363239
39333034 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E6AF 1640A998 F13E9F8B EB9E404C F0D6E105 8DE05E45 9C9C525A 5AAEAF59
456A4578 1C0E283C 39B3751D 3F362D64 13FACD69 A92C31BA 6D2EEFBE 52BCC70C
73359968 2F76B830 A978BD5F 9A86903F C12BB00B C35C47D1 BADBE727 773E205D
A839969D FE3854B3 26E93F21 63DC4E57 D4C44821 FBE88BAA 4A1D5565 DA416138
3A7D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14BA6DEA 79E4742D 4878C88E D014C7A3 8022546A FE301D06
03551D0E 04160414 BA6DEA79 E4742D48 78C88ED0 14C7A380 22546AFE 300D0609
2A864886 F70D0101 05050003 818100CE C6732F7E 6AB385C5 5BF4E241 BE179F5D
E7C5CC78 2BFB33EC 3181D4D2 90981D2B 1106205F A3C5FEE8 E78A013B ABF3F5E0
52772A22 F3A0A24C C4F62DDB E2E6A21D AC75772B 6FEC9323 3DFC4165 CC645E62
5C8F5842 18B8DF5B C3E3C39C EBB60D3E E7ADA89B A72FB468 92F77F0A A33B5591
F5048271 F074C64E 38291F93 848F09
            quit
license udi pid CISCO2901/K9 sn FCZ15489123
username admin privilege 15 secret 5 $1$.CdN$d0DXERD9PqUtu6XPilTv/.
username chap password 0 chap
bba-group pppoe global
virtual-template 1
sessions max limit 256
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F04:7A::2/64
ipv6 enable
tunnel source 173.13.177.215
tunnel mode ipv6ip
tunnel destination 72.52.104.74
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip nat allow-static-host
ip nat enable
ip virtual-reassembly in
shutdown
duplex auto
speed auto
ipv6 enable
ipv6 dhcp server HE1
interface GigabitEthernet0/1
ip address 173.13.177.215 255.255.255.240
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/0/0
ip address 10.11.11.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address 2001:470:1F05:7A::1/64
ipv6 enable
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 dhcp server HE
pppoe enable group global
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
interface Virtual-Template1
mtu 1492
ip unnumbered FastEthernet0/0/0
ip nat inside
ip nat enable
ip virtual-reassembly in
ipv6 enable
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
no ipv6 nd ra suppress
ipv6 dhcp server HE
peer default ip address dhcp-pool dslam1
peer default ipv6 pool HE
ppp authentication chap
no routing dynamic
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 173.13.177.222
access-list 1 permit any
ipv6 route ::/0 Tunnel0
ipv6 local pool test 2001:470:7007::/48 64
ipv6 local pool HE-48 2001:470:8008::/48 64
control-plane
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport preferred none
transport input all
transport output all
line vty 5 15
privilege level 15
login local
transport preferred none
transport input all
transport output all
scheduler allocate 20000 1000
end
See both IPv4 and IPv6 are using virtual template to get PPPoE work. Everything's working fairly well on IPv4. I can ping from cisco to the 10.11.11.x address on Actiontec router. But with IPv6, I can't ping 2001:470:1f05:7a:: address on Actiontec router. The correct route through virtual-access is not installed, or the F0/0/0 interface doesn't pass the IPv6 traffic to the corresponding virtual access interface:
AEI_SV_Cisco_2091#sh ipv6 route
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2
       IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external
       ND - Neighbor Discovery, l - LISP
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S   ::/0 [1/0]
     via Tunnel0, directly connected
C   2001:470:1F04:7A::/64 [0/0]
     via Tunnel0, directly connected
L   2001:470:1F04:7A::2/128 [0/0]
     via Tunnel0, receive
C   2001:470:1F05:7A::/64 [0/0]
     via FastEthernet0/0/0, directly connected (this sounds correct, but I'm not able to reach client from this interface)
L   2001:470:1F05:7A::1/128 [0/0]
     via FastEthernet0/0/0, receive
S   2001:470:8008::/64 [1/0]
     via FE80::21F6:88C4:497E:6F9C, Virtual-Access2.2
L   FF00::/8 [0/0]
     via Null0, receive
Can some help? Thanks!
Henry

Hi,
The 'bug' i described above seems to apply only to packets the router generates itself. I tested it by creating a temporary subnet. Even though i had no end-to-end connectivity i could see packets matching the outbound acl which were created from a host on that subnet.
Carsten

E4200 - IPv6 Neighbor Discovery

Similar Messages

Maybe you are looking for