HSRP for IPv6

For HSRP and IPv6, I'm toying with the idea of using the same link local on all segments along with static Globals.
FE80::1 HSRP
FE80::2 First router
FE80::3 Second router
2001:db8::1/64 HSRP
2001:db8::2/64 First Router
2001:db8::3/64 Second Router
On my 4500s, I'm unable to configure the Global for HSRP.
Comments? Am I crazy insane?

I'll clarify further based on RFC 3484 section 5.
The source IP of the TTL expired packet would be based on the destination IP of the original packet.
If the source IP of the original packet, with TTL of 1, is a Global IP, and the router has a global IP on the receiving interface, then it stands to reason that the source IP of the TTL expired packet would then likely be the routers Global IP of the receiving interface.
It is not likely that your host/workstation would send a packet to a Global IP with a link-local source IP.
RFC 4291:
Routers must not forward any packets with Link-Local source or destination
addresses to other links.
Anyone know of an RFC that prevents the host/node from sending a packet with a link-local source IP to a Global IP?
My lab has been taken over my one of my co-workers.   Can anyone test this out?
Host A - Connected to VLAN A/Subnet A (2001:db8:0:1::100/64, default gw fe80::1)
Router A, Interface A - Connected to VLAN A ( ipv6 address fe80::1 link-local)
Router A, Interface lo0 - (ipv6 address 2001:db8::1/128)
Router A, Interface B - Connected to VLAN B ( ipv6 address fe80::2 link-local, ipv6 address 2001:db8:0:2::1/64)
Host B - Connected to VLAN B/Subnet B (2001:db8:0:2::100/64, default gw fe80::2)
On Host A cli [assuming Host A is linux], 'traceroute6 -n 2001:db8:0:2::100'.
What are the results of the traceroute?
I assume none of the TTLs would return given the lack of a Global IP on Router A Interface A. It wouldn't know where to sent them.   But how about when you add a static route for 2001:db8:0:1::/64 with destination of the physical interface 'Interface A'?
for example, 'ipv6 route 2001:db8:0:1::/64 gi1/1'. Would this not force the router to ND for 2001:db8:0:1::100 on Interface A?   What are the results of the traceroute after adding this route?
I think this is a good exercise for understanding the nature and bounds of link-local.

Similar Messages

Possible to use HSRP for ipv4 and ipv6 on Catalyst c3750x-48-TE ?

I have the newest IOS 15.2 on my two Switches.
I know that this cofiguration with IOS 12.x not work

I think HSRP for IPv6 is supported from 12.2(46)SE. So you should be able to configure it in 15.x
-Nagendra

Network Connectivity Status Indicator for IPv6 works wrong in Windows 7 and Windows 8

Hi Folks,
I am working on testing Network Connectivity Status Indicator for IPv6 in Windows 7 and 8.
Waht is "Network Connectivity Status Indicator(NCSI)" you can refer to https://technet.microsoft.com/en-us/library/ee126135%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
I found that even if Network Connectivity Status Indicator detect IPv6 connection to http://ipv6.msftncsi.com/ncsi.txt failed.
Windows IE still use IPv6 to connect to website first, rather than stop using IPv6 and to use IPv4.
It will cause IPv6 fallback to IPv4 problem, that's 21 secs and 7 secs delay for fallback in Windows 7 and 8.
Does anyone suffer the same problem?
Or someone know how this works?
Thanks!

Hi Roger_Wang0214,
"Windows IE still use IPv6 to connect to website first, rather than stop using IPv6 and to use IPv4."
By default Windows prefers IPv6 over IPv4,we can manually configure the IPv4 prefer over IPv6 if it has result in any troubles.
Here is a link for reference :
Resolving Internet connectivity issues after World IPv6 Launch (June 6, 2012)
https://support.microsoft.com/en-us/kb/2533454
"The "Prefer IPv4 over IPv6" Fix it solution will configure your computer to prefer IPv4, instead of IPv6. By default, Windows prefers IPv6 over IPv4. If you are having problems using IPv6 to connect to some websites, this may resolve the
problem."
For a Windows 7 machine ,we can try the following fixit tool to configure IPv4 prefer over IPv6 .For a Windows 8.1 machine ,we can configure it referring to the manual part .
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
If the DisabledComponents entry is unavailable, we can create it (DWORD (32-bit) Value).Then set a value with "0x20"to prefer IPv4 over IPv6 by changing entries in the prefix policy table.
Here is a link for reference :
How to disable IPv6 or its components in Windows
https://support.microsoft.com/en-us/kb/929852
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

IPv6 Test Case for LinkSys Routers - Based on Ubuntu + Radvd + DHCPv6 - E1200v2 isn't ready for IPv6

Hello!
Here on this guide, you'll learn how to deploy your own Linux IPv6 Router, that can be used in ANY network, to give IPv6 connectivity to ANY ethernet device, including Windows, Mac, Ubuntu Server and Desktop, RedHat and, of course, LinkSys routers like E1200v2 and E2500 for its WAN interfaces.
I wrote this guide because I found a BUG on E1200v2, which doesn't work with IPv6 yet, already lost some money to figure this out.
That's it, when you see a E1200v2 box at the store, you can read: "* IPv6 Enabled", but that is not entirely true, since it does not work as expected.
Here on this post, it is a complete procedure to reproduce the problem.
NOTE: The model E2500 v1 does not suffer from this problem!
NOTE: This guide is very usefull if you have a LinkSys E2500 router and want to connect it directly into a Linux Router!
Who am I?
A.: I'm Thiago, I work in Brazil, for a company called iG (ig.com.br), I'm working here as a Network Engineer / SysAdmin and I have +10 years of experience with IPv4 networks + 5 years with IPv6.
* Brief
1- Install a Ubuntu 12.04.3, to act as your router, on a PC computer with two ethernet cards (eth0 will be Ubuntu's default route, eth1 will be used to connect LinkSys E1200v2);
2- Prepare your Ubuntu Router (very important step, read it carefully)
3- Connect E1200v2 directly into Ubuntu's eth1 ethernet card;
4- Connect a Windows PC at E1200v2 LAN port 1 (used to configure your E1200 with Cisco Connect everytime a reset is desired);
5- Reset (restore it from factory defaults) your E1200v2 router;
6- Install Cisco Connect in your Windows PC (LAN port 1);
7- Configure your E1200v2 as usual;
8- Browse the Internet (still IPv4);
9- Open Windows Command Prompt and type: ipconfig, ping, etc;
10- Open Google Chrome or Firefox and go to your E1200v2 Web Admin Interface at http://192.168.1.1/
11- Install a Ubuntu 12.04.3 Server connected at E1200v2 LAN port 2 to test IPv6 connectivity in deep, or;
12- Boot a Ubuntu Desktop 13.04 Live CD connected at E1200v2 LAN port 3 to test IPv6 connectivity in deep;
IMPORTANT NOTE:
* This tests will require IPv4 connectivity to the Internet, since the IPv6 blocks used on this example, are blocks used only for documentation (or small tests) porpuses, which means that those IPv6 tests we're about to do, will not reach the Internet (in IPv6), neighter be routed out from your E1200v2. But it is enough to prove that E1200v2 drops its clients IPv6 connectivity. Feel free to replace those IPv6 address with your current / valid IPv6 blocks (if you have a IPv6 /48 block from your ISP, you know what I'm talking about).
* Network Topology (Ubuntu Linux Router)
IPv6:
eth0
2001:db8:0:1::/64 = uplink allocation
2001:db8:0:1::1 = upstream router IP (Ubuntu's gateway IPv6)
2001:db8:0:1::2 = customer configured IP (your WAN uplink interface to provider - Ubuntu's eth0 IPv6 address)
eth1
2001:db8:1::/48 = statically routed subnet pointing at 2001:db8:0:1::2 that come from you IPv6-ISP
2001:db8:1::1 = your first IPv6 within your own infrastructure (Ubuntu's eth1 - E1200v2 directly connected here)
eth1:0
2001:db8:1:1::/64 = your first IPv6 /64 with Router Advertisement plus DHCPv6 running on Linux (radvd) (Ubuntu's eth1:0 - E1200v2 gets its WAN IPv6 address from this subnet)
2001:db8:1:1::1 = IP of your first /64 subnet, Radvd + DHCPv6 running here, Ubuntu as IPv6 router
IPv4:
eth0
192.168.10.0/24 = uplink allocation
192.168.10.1 = upstream router IP (Ubuntu's gateway IPv4)
192.168.10.2 = customer configured IP (your WAN uplink interface to provider - Ubuntu's eth0 IPv4 address)
eth1
192.168.20.1 = your E1200 will gets its WAN IPv4 address from this subnet - most common scenario for IPv4 wifi routers running inside enterprise environments today
* Complete procedure
1- Install a Ubuntu 12.04.3, to act as your router, on a PC computer with two ethernet cards
Install the following packages in your Ubuntu Router:
sudo apt-get install radvd isc-dhcp-server
2- Prepare your Ubuntu Router (very important step, read it carefully)
2.1- Ubuntu's file /etc/network/interfaces contents:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
# IPv6
iface eth0 inet6 static
address 2001:db8:0:1::2
netmask 64
gateway 2001:db8:0:1::1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 2001:4860:4860::8888
dns-search linksys.com
# IPv4
iface eth0 inet static
address 192.168.10.2
netmask 24
gateway 192.168.10.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8 8.8.4.4
dns-search linksys.com
# The secondary network interface, E1200 LinkSys wifi-router is connected here (WAN port)
auto eth1
# IPv6
iface eth1 inet6 static
address 2001:db8:1::1
netmask 48
auto eth1:0
iface eth1:0 inet6 manual
up ip -6 address add 2001:db8:1:1::1/64 dev $IFACE
down ip -6 address del 2001:db8:1:1::1/64 dev $IFACE
# IPv6 /56 block routed to LinkSys E1200v2, it is delegated to it through Prefix Delegation using DHCPv6
# Uncomment it later when your E1200v2 gets its own IPv6 Internet IP Address, keep reading this guide
#up ip -6 route add 2001:db8:1:f00::/56 via 2001:db8:1:1::2000
# IPv4
iface eth1 inet static
address 192.168.20.1
netmask 24
2.2- Configure Ubuntu /etc/sysctl.conf file
Uncomment the following two lines on it:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
After writting, run "sudo sysctl -p" to apply the changes.
2.3- Configuring Linux Router Advertisement daemon (radvd)
Your Linux Router Advertisement daemon running on Ubuntu, must have the following content:
# Ubuntu eth1
interface eth1
# Enable RA
AdvSendAdvert on;
# Enable clients getting their IPs from DHCPv6
AdvManagedFlag on;
AdvOtherConfigFlag on;
# Enable RA to the following subnet
prefix 2001:db8:1:1::/64
AdvOnLink on;
# When not allowing clients to auto-generate their IPv6 address (SLAAC), DHCPv6 will be used instead
AdvAutonomous off;
2.4- Configuring DHCPv6
Your isc-dhcp-server6 configuration file (/etc/dhcp/dhcpd6.conf) for IPv6 must have the following content:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
# Ubuntu eth1
# This is a very basic subnet declaration with Prefix Delegation enabled.
subnet6 2001:db8:1:1::/64 {
# Range for clients
range6 2001:db8:1:1::2 2001:db8:1:1::2000;
# Extra DHCP options
option dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
option dhcp6.domain-search "linksys.com";
  # The following line will delegate a subnet to LinkSys E1200v2,
  # using Prefix Delagation standards.
  # You'll be able to see this "Prefix Address" under "Status -> Local Network" E1200v2 menu.
prefix6 2001:db8:1:100:: 2001:db8:1:f00:: /56;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# Ubuntu eth0 - no DHCPv6 running but doesn't hurt to declare it here
subnet6 2001:db8:0:1::/64 {
Reference: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-isc-dhcp.html
2.5- Configuring DHCPv4
Your isc-dhcp-server configuration file (/etc/dhcp/dhcpd.conf) for IPv4 must have the following content:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
# Ubuntu eth1
# This is a very basic subnet declaration.
subnet 192.168.20.0 netmask 255.255.255.0 {
range 192.168.20.2 192.168.20.200;
option routers 192.168.20.1;
option domain-name "linksys.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# Ubuntu eth0 - no DHCPv4 running but doesn't hurt to declare it here
subnet 192.168.10.0 netmask 255.255.255.0 {
* Reboot your Ubuntu Router to apply all the changes
After rebooting it, try to "ping 8.8.8.8" to make sure your Ubuntu Router have at least, IPv4 Internet connectivity.
NOTE: From this point, you'll be able to start testing IPv6 from behind your Ubuntu Router (i.e. from its eth1), if you connect a Ubuntu Desktop, a Mac or a Windows on Ubuntu's eth1, it will provide IPv4 and IPv6 address to that devices, including your E1200v2 WAN port...
3- Connect E1200v2 directly into Ubuntu's eth1 ethernet card;
Plug a RJ45 cable between Ubuntu eth1 ethernet card and E1200v2 WAN port.
4- Connect a Windows PC at E1200v2 LAN port 1
This Windows computer will be used to (re)configure your E1200v2 with Cisco Connect everytime a reset is desired.
5- Reset (restore it from factory defaults) your E1200v2 router;
Press and hold the reset button for about 10 seconds.
6- Install Cisco Connect in your Windows PC (LAN port 1);
Boot(reboot) Windows and install Cisco Connect on it.
7- Configure your E1200v2 as usual (by finishing Cisco Connect installation procedure);
After concluding this step, your Windows PC will have both IPv4 and IPv6 address, that come from E1200v2.
Windows gets its IPv4 from DHCP and IPv6 from SLAAC (main point of the problem), both provided by E1200v2.
NOTE: From this point, you'll be able to see the problem with E1200v2 internal RA daemon, you'll lose your IPv6 connectivity that come from E1200v2. But, lets keep testing it...
8- Browse the Internet (still IPv4);
That's it, try to browse google.com from your Windows PC, if Ubuntu Router can "ping google.com", Windows PC should be able to do it so.
9- Open Windows Command Prompt and type: ipconfig, ping, etc;
Run "ipconfig" to see your IPv4 and IPv6 address...
Run "ping 8.8.8.8" to see if you can reach the Internet...
10- Open Google Chrome or Firefox and open your E1200v2 Web Admin Interface at http://192.168.1.1/
Access your E1200v2 Web Admin and go to the "Status -> Router" menu.
Write down its Internet IPv6 address, it will be something like this:
IPv6 - Internet IP Address: 2001:db8:1:1::2000
NOTE: You can get this address at the Ubuntu Router itself, by reading the file /var/log/syslog (`grep pool' might help), for example:
# grep pool /var/log/syslog
Sep 24 00:47:13 ubuntu-router-1 dhcpd: Picking pool address 2001:db8:1:1::2000
Sep 24 00:47:13 ubuntu-router-1 dhcpd: Picking pool prefix 2001:db8:1:1::/56
You'll see the above message on your Ubuntu Router, right after turning on your E1200v2. Pool address is the IPv6 Internet IP Address of your E1200v2's WAN port, pool prefix is the delegated subnet to your E1200v2 router. After thatn, it will start to advertiser that block on its LAN ports and WiFi (which doesn't work as expected, there is a problem there, whithin E1200v2 itself.
11- Install a Ubuntu 12.04.3 Server connected at E1200v2 LAN port 2, to test IPv6 connectivity in deep;
Here is the most important test:
* Testing the IPv6 connectivity from E1200v2 LAN ports.
This test is very simple, we just need to try ping E1200v2's IPv6 Internet IP Address.
This Ubuntu Server will have the following content on its /etc/network/interfaces file:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
# IPv6 - SLAAC - No DHCPv6 client required - E1200v2 will kicks off this IPv6, and I don't know why...
iface eth0 inet6 auto
# IPv4 - Requires DHCPv4
iface eth0 inet dhcp
After this, your Ubuntu Server will be able to "ping 8.8.8.8" and "ping6 2001:db8:1:1::2000" (E1200v2 WAN IPv6 Address noted before).
To prove that E1200v2 have a problem with IPv6, try to ping it, just run:
mtr -n 2001:db8:1:1::2000
...And after a few minutes, Ubuntu Server will lose its IPv6 address, because E1200v2 is kicking it off.
You'll be able to see a lots of package loss going on "mtr -n 2001:db8:1:1::2000".
If you connect a Mac OSX on E1200v2 LAN por 3, for example, it will also lose its IPv6 from time to time.
Wireless clients connected at E1200v2, like Android, iPad, Windows, Mac and Ubuntu laptops, also loses its IPv6 (that come from E1200v2) from time to time.
You guys must note that the E1200v2 itself, ramdomly becomes unreacheable from its own LAN ports (via IPv6)!! Which is unnaceptable.
12- Boot a Ubuntu Desktop 13.04 Live CD connected at E1200v2 LAN port 3 to test IPv6 connectivity in deep;
Boot a Ubuntu Desktop connected at your LinkSys E1200v2 router, and open 2 Terminals, on each of it, you should run:
Terminal 1:
mtr -n 2001:db8:1:1::2000
Terminal 2:
sudo tail -f /var/log/syslog
You'll be able to see a lots of package loss going on "mtr -n 2001:db8:1:1::2000" after a few minutes AND at the syslog, you'll be able to see when you lose your IPv6, that come from E1200v2.
Conclusion
E1200v2 doesn't have a working IPv6 Router Advertisement service. Please Cisco, fix it!
The IPv4 from behind E1200v2 is fine, I'm using LinkSys products for about +10 years now... First time with problems like this but, IPv6 is more or like new and, problems are expected... Lets work on it?!
Best Regards,
Thiago

Try to use dhclient perhaps? Might I also suggest letting systemd deal with the dhcp issue and not NM. That may seem incongruous but it is possible NM is mis-handling the dhcp hand-off to the network card. I'm no guru but I got thinking about this when I saw this in your output:
aug 26 19:15:39 arch_daboka NetworkManager[527]: <info> (enp1s0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
aug 26 19:15:39 arch_daboka NetworkManager[527]: <info> (enp1s0): device state change: secondaries -> activated (reason 'none') [90 100 0]
aug 26 19:15:40 arch_daboka NetworkManager[527]: <info> NetworkManager state is now CONNECTED_LOCAL
It is very possible that I'm mis-interpreting this information so please take it with a boulder of salt.

Monitor Capture for IPv6

Trying to capture IPv6 BGP hello traffic with monitor capture feature without success.
With the monitor capture for IPv6 traffic active and running; If I traceroute (IPv6) from this same router I do see the IPv6 traceroute traffic but NEVER IPv6 BGP hellos.
NOTE:
IPv6 traceroute traffic is not shown in the below output because I already cleared the V6BUFF buffer before running the show command.
My setup:
monitor capture buffer V6BUFF size 512 max-size 128 linear
monitor capture point ipv6 cef V6PT mfr0.1 both
monitor capture point associate V6PT V6BUFF
monitor capture point start V6PT
Troubleshooting
After disassociating monitor capture point V4PT here are the results:
1941-WAN3#sh mon cap buff all par
Capture buffer V6BUFF (linear buffer)
Buffer Size : 524288 bytes, Max Element Size : 128 bytes, Packets : 0
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : V6PT, Status : Active
Configuration:
monitor capture buffer V6BUFF size 512 max-size 128 linear
monitor capture point associate V6PT V6BUFF
Capture buffer V4BUFF (linear buffer)
Buffer Size : 524288 bytes, Max Element Size : 128 bytes, Packets : 125
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : V4PT, Status : Inactive <--- I already disassociated this one
Configuration:
monitor capture buffer V4BUFF size 512 max-size 128 linear
monitor capture point associate V4PT V4BUFF
Regards
Frank

What was the issue and how did you solve it?
-Deepak

HSRP For the Gateway Redundancy.

Hi all
i just need a simple how to configure 2 Routers(R1;R2) to run HSRP For the Gateway Redundancy ,if one of the 2 routers Fail.should i connect the 2 routers 2gather via cross cable.than one straight cable to the 2 separate distribution switch.(2 Etherchanel configured between Dist switch)PS LIST ur optimum Configuration
Ur help very much Appreciated

Hi,
i think you talking about campus network where you have two distribution two access and two core router's.
With that prospects.
My suggesion will be to have etherchannel between distribution switches and both the distribution switch should be connected to both the core router.
than use HSRP in distribution swithes.
configuration and diagram is given below.
do let us know if you want any more information.
interface FastEthernet2
ip address 172.69.90.1 255.255.255.0
standby priority 200
standby preempt
standby ip 172.69.90.6
interface FastEthernet3
ip address 172.69.91.1 255.255.255.0
standby priority 200
standby preempt
standby ip 172.69.91.6
like the above configuration you can configure second switch also you can apply on vlan interface too.
HTH

IOS DNS local-cache for IPv6 ?

Hi there,
I have a humble question on whether it's possible for IOS DNS server to sniff and store mDNS (or other way) speaking hosts in order to track SLAAC-ed endpoint IPv6 addresses and their hostnames for comfortable connectivity using FQDNs among IPv6 hosts on different L3 subnets? Based on what I've reserched on CCO the chance is almost none..
I'm preparing CPE design for IPv6 rollout and this would be fine feature to offer with small sized deployments without having to run some central DNS server taking care of this (will be considered, optionally).
Thanks for your response.
Regards
Peter Gasparovic

Hi,
I'm sorry but we need to keep Cisco CPE line at this moment :-)
Well, I spent these 3 days in tough condition trying to make IOS DNS server what it's not :-)) A DDNS-capable one. I simply can't understand why such "easy" and rather useful thing compared to milions in IOS code is not supported. From my experiments in IPv4 yet, I can't get DNS server to respond to SOA query as would be needed per RFC 2136 and highlighted by this WinXP doc, which I have referred to :
http://technet.microsoft.com/en-us/library/cc784052%28v=ws.10%29.aspx
Another quick link almost touching it...
http://blog.ipspace.net/2006/09/use-your-cisco-router-as-primary-dns.html
So, I leave this for whoever might find this issue in coming weeks or months - to help save his time. With very little hope, that someone from related BU could think of it and put it on roadmap. Perhaps.. one day
Bye.

Does Aironet 1100/1120/1130 support for IPv6 ?

Experts,
I find much document, but not found information about whether those support for IPv6 e.g. dual-stack like newer series.
Has anyone used to test on those?
Thank you in advance for any info,
Nipat.p

Hi,
When working with WLCs if you are running code 7.2 you will be able to support IPV6 but this code is only supported by the latest model of WLCs and the APs that are supported under this code.
On previous WLCs models that support up to code 7.0, the WLC only handles IPV6 pass through after code 6.0 since it does not support native IPV6.

ACE support for IPv6

Hi,
Does ACE support IPv6? Are there any limitations on deploying ACE with IPv6?
Thanks,
Nitesh

Hi Syed,
What's the update on support for IPv6. When is it expected to support it. Any comments on it?
Regards,
Nitesh

15.1 License Level for ipv6?

Specifically looking at branch routers here.
Under IOS 12.4 it was very easy to identify what features were included in a specific firmware build, you just powered up the software feature navigator entered your router and what feature you required and you would be provided with a list of firmware images to upgrade to/purchase to achieve the desired feature.
Unfortunately with 15.1 licensing this no longer works, it appears that every feature is shown as available in the "UNIVERSAL DATA" image with the unhelpful comment at the end of the list indicating that some features may require an additional license but with no pointer to discover which license level contains which feature.
To give an example, try searching for images for the CISCO887VA-M Integrated Services Router. This is available in 2 flavours ADVANCED SECURITY & ADVANCED IP SERVICES, now ADV SEC does support ipv6 but the question is how much of the ipv6 feature set does it support before an upgrade to ADV IP SERVICES is required?
Thanks for any pointers,
Iain

Roberto,
I agree that Cisco says so and also it should be so.
But it happens I know it is not true. At least for one command that many will agree is one of the most needed in the ipv6 world.
Most of us to obtain an IPv6 address from a provider use an ipv4 tunnel which requires the "tunnel mode ipv6ip"
command. This command was available in the ip plus feature set but it is not in the universal image ip base.
You need a data k9 license probably for a few commands ipv6 related. I have opened a TAC case and reported it to Cisco. No reply whatsoever.
I had to buy a 370 USD data license for my 1921 (a 1000 USD hardware) just to raise the tunnel.
this does not match with the Cisco statement:
Cisco will support packaging parity for IPv6 with IPv4, for Cisco Integrated Services Routers Generation 2, starting with Cisco IOS Software Release 15.0(1)M, as well as in future 15 M and 15 T releases. IPv6 feature support for a technology will now be packaged in the same feature set as IPv4.
In fact the ipip tunnel mode is in the base image/license.
Hope this helps
Fabio

Support for IPv6 DHCP or RDDNS

Hi,
I'm deploying IPv6 on our company and found out there is not possible way to automatically get DNS servers for IPv6 for mac computers, since it doesn't support dhcpv6 or the extensions for RA in stateless configuration mode.
Any word on when are this features going to be available?

It's really rather ridiculous DHCPv6 isn't implemented in OS X yet. I can (possibly) understand this for 10.4 and 10.5 but 10.6 is going to run into IPv6 deployment scenario's and should be able to handle all cases. I hope to God 10.7 has decent v6 support throughout OS X.
As far as I know, the dhcp-client used by OS X is the KAME project client, now known as WIDE-DHCP which does have support for DHCPv6 and has so for a long time. Why Apple is so reluctant to include this feature in both iOS and OS X is quite the mystery.

Why use link-local addressing for HSRP in IPv6?

I have scoured the internet for an answer to this question, and am no closer to having it answered. Am hoping someone here can help!
* Why do we use link-local (or autoconfig) addresses for the standby IP in FHRPs? If you are forwarding a packet towards a link-local destination address, wouldn't the source address then have to be a link-local address from the same prefix, which according to scope, should not route beyond the local link? How do you route an IP packet that has a link-local address for a source address?
Any insight would be much appreciated.
Thank you in advance.

Dougles,
next hop is used for reaching "gateway" that know where to send packets farther (read it as "next hop to the destination")... routing in IPvX is hopping between nodes where every hop is closer to destination... This is theory behind.
So as machine that needs to send packet to "not directly connected destination" you only need to send packet to gateway leading to this destination...
so you need to send packet so, that "gateway" will recieve this packet and gateway then send this packet farther... it is not important what IP address this gateway has.
On ethernet you only need to know MAC address of this gateway and you send packet (with your source IPv6 address and intended destination IPv6 address) encapsulated with "destination MAC address" of gateway. When gateway recieve ethernet frame, and this frame is for it (destination MAC address is its MAC address), the gateway will proceed IP header (inside IP header the gateway see IT is not final destination for this packet, and gateway will route this packet).
So configuring IP address as next hop is just "hleper for simpler administration".. MAC address of gateway is important. In IPv4 address resolution protocol (ARP) is used to automaticly get MAC address of gateway if you configure next hop as IP address. In IPv6 there is neighbor discovery protocol(ND) used for this task.
conclusion: you can use link local address as nex hop address for addresses from any scope ... next hop is just next hop, it is not used just for the same scope communication.
And question is... if we need just information about MAC address of gateway, why to ask using global address?
We need to get MAC address... that is information important just "locally"... so to ask for local information, why not use link local address ?
HSRP is the same case... really just need MAC address to send packets correctly.

Best practice for IPv6 ACL on 6500

Hi,
I am trying to implement IPv6 ACL on Cisco 6500.
Any suggestion for the example of the good IPv6 ACL for 6500 would be appreciated.
Thank you
Salja

Salja,
Example of config can be found here:
http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/exampl_f.html#wpxref44215
Configuring IPv6 Access Lists
Configuring an IPv6 access list is similar configuring an IPv4 access, but with IPv6 addresses.
To configure an IPv6 access list, perform the following steps:
Step 1 Create an access entry. To create an access list, use the ipv6 access-list command to create entries for the access list. There are two main forms of this command to choose from, one for creating access list entries specifically for ICMP traffic, and one to create access list entries for all other types of IP traffic.
•To create an IPv6 access list entry specifically for ICMP traffic, enter the following command:
hostname(config)# ipv6 access-list id [line num] {permit | deny} icmp source
destination [icmp_type]
•To create an IPv6 access list entry, enter the following command:
hostname(config)# ipv6 access-list id [line num] {permit | deny} protocol source
[src_port] destination [dst_port]
The following describes the arguments for the ipv6 access-list command:
•id—The name of the access list. Use the same id in each command when you are entering multiple entries for an access list.
•line num—When adding an entry to an access list, you can specify the line number in the list where the entry should appear.
•permit | deny—Determines whether the specified traffic is blocked or allowed to pass.
•icmp—Indicates that the access list entry applies to ICMP traffic.
•protocol—Specifies the traffic being controlled by the access list entry. This can be the name (ip, tcp, or udp) or number (1-254) of an IP protocol. Alternatively, you can specify a protocol object group using object-group grp_id.
•source and destination—Specifies the source or destination of the traffic. The source or destination can be an IPv6 prefix, in the format prefix/length, to indicate a range of addresses, the keyword any, to specify any address, or a specific host designated by host host_ipv6_addr.
•src_port and dst_port—The source and destination port (or service) argument. Enter an operator (lt for less than, gt for greater than, eq for equal to,neq for not equal to, or range for an inclusive range) followed by a space and a port number (or two port numbers separated by a space for the rangekeyword).
•icmp_type—Specifies the ICMP message type being filtered by the access rule. The value can be a valid ICMP type number (from 0 to 155) or one of the ICMP type literals as shown in "Addresses, Protocols, and Ports". Alternatively, you can specify an ICMP object group using object-group id.
Step 2 To apply the access list to an interface, enter the following command:
hostname(config)# access-group access_list_name {in | out} interface if_name
HTH
Regards
Inayath

Named EIGRP for IPv6

Hi,
I'm trying to do some lab testing and tested named EIGRP. I was able to understand the EIGRPv6 configuration where you configure the EIGRP statement under the interface and by issuing "no shutdown" under the EIGRP process created. So basically all IPv6 networks that has to be advertised via EIGRP has to have the "ip eigrp xxx" statement under the interface.
Now, I'm trying to do named EIGRP. By simply creating the EIGRP multi-af process and by issuing "no shutdown" under the address-family ipv6 autonomous-system, all interfaces with IPv6 address are being advertised right away and EIGRP peering gets established as well.
Is this the normal behavior? So is it a general practice to shutdown the address-family ipv6 process first and af-interface default to shutdown state, then individually turn on specific af-interface for EIGRP IPv6 processing?
Thanks,
JL
Configuration Below:
R1#sh run
Building configuration...
Current configuration : 1030 bytes
! Last configuration change at 16:23:15 UTC Wed Oct 8 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname R1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 150.1.1.1 255.255.255.255
ipv6 address 2001:1:1:1::1/128
interface Loopback1
no ip address
ipv6 address 2001:1:1:1::11/128
interface FastEthernet0/0
no ip address
shutdown
speed auto
duplex auto
interface FastEthernet0/1
ip address 155.1.12.1 255.255.255.0
speed auto
duplex auto
ipv6 address 2001:1:1:12::1/64
router eigrp multi_af
address-family ipv6 unicast autonomous-system 100
topology base
exit-af-topology
exit-address-family
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
R1#
R2#sh running-config
Building configuration...
Current configuration : 969 bytes
! Last configuration change at 16:23:26 UTC Wed Oct 8 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 150.1.2.2 255.255.255.255
delay 1
ipv6 address 2001:1:1:1::2/128
interface FastEthernet0/0
no ip address
shutdown
speed auto
duplex auto
interface FastEthernet0/1
ip address 155.1.12.2 255.255.255.0
speed auto
duplex auto
ipv6 address 2001:1:1:12::2/64
router eigrp multi_af
address-family ipv6 unicast autonomous-system 100
topology base
exit-af-topology
exit-address-family
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
R2#
R1#sh ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
LC 2001:1:1:1::1/128 [0/0]
     via Loopback0, receive
D   2001:1:1:1::2/128 [90/107520]
     via FE80::C80C:10FF:FEF4:6, FastEthernet0/1
LC 2001:1:1:1::11/128 [0/0]
     via Loopback1, receive
C   2001:1:1:12::/64 [0/0]
     via FastEthernet0/1, directly connected
L   2001:1:1:12::1/128 [0/0]
     via FastEthernet0/1, receive
L   FF00::/8 [0/0]
     via Null0, receive
R1#
R2#sh ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
D   2001:1:1:1::1/128 [90/103040]
     via FE80::C80A:10FF:FEF4:6, FastEthernet0/1
LC 2001:1:1:1::2/128 [0/0]
     via Loopback0, receive
D   2001:1:1:1::11/128 [90/103040]
     via FE80::C80A:10FF:FEF4:6, FastEthernet0/1
C   2001:1:1:12::/64 [0/0]
     via FastEthernet0/1, directly connected
L   2001:1:1:12::2/128 [0/0]
     via FastEthernet0/1, receive
L   FF00::/8 [0/0]
     via Null0, receive
R2#

The only way I found to disable the automatic route advertisement is to shut the routing process right away after it was created. Go to IPv6 address-family and shut the af-interface default and turn on individual interface that needs to participate. If the routing process is turned on and you added an IPv6 address-family, all interfaces with IPv6 address will automatically participate. So if you already have an IPv4 address-family running in the first place and you want to add IPv6 under the same EIGRP process then it would be ideal to plot it through notepad and paste it to ensure you can have absolute control of the IPv6 advertisement.
That's how I see it and just correct me if I am wrong.

ISE: support for IPv6 DACL's

Hi,
Does anyone know if/when ISE will be able to push out IPv6 dynamic acl's? I have not managed to find any information on this other than an old post here: https://supportforums.cisco.com/discussion/11795676/ise-support-ipv6-dynamic-acls
Thanks,
Phill Macey

It's not supported as of the current ISE 1.3.
I've heard it is planned for a future release but there's no announced or committed date as of yet.
If your're working with a partner or Cisco account manager, be sure to officially request it if it's important to you. Customer requests help build the business case for prioritizing the features.

HSRP for IPv6

Similar Messages

Maybe you are looking for