IPv6 prefix delegation with AVPair ipv6:delegated-prefix

Similar Messages

• IPv6 Delegated Prefixes no longer working?

  ATTENTION PeterGrace
  Your post was removed to a secure area out of public view because it violates forum posting guidelines.
  Forum Guidelines state >>> clickable link http://forums.comcast.com/t5/Forum-Guidelines/Posting-Guidelines/td-p/866289 which everyone should read BEFORE making a first post
  Please don't;
  Post personal information in the forums
  Please do your best to keep your identity and personal information safe. This includes:
  Your full name
  Your telephone number
  Your Physical/Mailing Address
  Email addresses
  Credit Card numbers
  Account numbers
  Personal public IP addresses
  Modem MAC address and / or serial number <<<<<<<<<<<<<<<<<<<<<
  Active phishing links
  Other personally identifiable information
  Here is your post with the information removed;
  Hi there!
  Has Comcast stopped assigning delegated prefixes for users who request them? I had my router setup to request a /60 via IA-PD but just today it appears to have stopped. I'm still getting an ipv6 address on the dhcpv6 solicit, but no more delegated prefixes. Thinking that the problem might be solved with a firewall software update, I upgraded to the latest release version but the same problem persists. Here's my IAID/DUID to aid in tracking down the issue.
  IAID: XXXXXXXXX
  DUID: XXXXXXXXXXXXXXXXXXXXXXXXXXX
  EDIT: Cablemodem HFC MAC: XXXXXXXXXXXXXXXX (found on surfboard diagnostic page)
  Let me know what other info I might provide to aid in diagnostics.
  Thanks in advance!

  Check my PM, I see PD being assigned to your device.
  -Chirag

• [SOLVED] Comcast IPv6 Prefix Delegation

  I've built a gateway/firewall/network services box out of an old machine I had, and it works quite well for IPv4. I was super excited when Comcast finally rolled out IPv6 in my area, and have been attempting to get it to work, however with no success. I have at one point successfully been using an HE tunnel to provide IPv6 for the network. My goal is to have this box running Arch get a prefix from Comcast, distribute it to the local network via radvd, and route IPv6 traffic between the LAN and Comcast without manual intervention to assign the prefix anywhere.
  My issue seems to be getting ISC's dhcpcd to apply the prefix that it receives from Comcast to the LAN interface. The prefix I receive is a /64, and if I run dhcpcd in verbose mode, I do see it receive a prefix assignment.
  LAN: enp2s2
  WAN: enp2s8
  dhcpcd.conf
  #Prefix delegation in theory
  noipv6rs
  interface enp2s8
  ia_pd 1 enp2s2
  radvd.conf
  interface enp2s2 {
  AdvSendAdvert on;
  MinRtrAdvInterval 3;
  MaxRtrAdvInterval 10;
  prefix ::/64 {
  AdvOnLink on;
  AdvAutonomous on;
  AdvRouterAddr on;
  DeprecatePrefix on;
  However, the prefix never shows up on any interface (using ip addr to view), so never seems to be usable. Just in case I wasn't checking it appropriately, I attempted to run radvd anyways, and it exits with an error about no prefixes to advertise as expected.
  Furthermore, I've been having further issues, in that if I manually take the prefix, and give my router's LAN interface the prefix::1 address, I have no IPv6 connectivity. If I switch dhcpcd to use ia_na instead of pd, I get an address on the WAN interface and have fully functional IPv6 connectivity on the router, as expected. I was hoping that I could use both statements to get an address on the WAN and delegate a prefix to the LAN, but that seems to be disallowed by dhcpcd, probably for a good reason I'm not aware of. I was hoping neighbor discovery would inform my router of Comcast's router on the link-local link (is that the right term?), but it does not seem to be functioning.
  I've googled extensively and have not been able to find a solution that does not require manual intervention to copy-paste the prefix from the dhcpcd/dhclient output either into radvd, or assigning the address manually. Any suggestions on where I should look, or what I should try?
  Thanks in advance
  Last edited by phate408 (2013-09-19 18:27:01)

  phate408 wrote:I manually take the prefix, and give my router's LAN interface the prefix::1 address, I have no IPv6 connectivity.
  If Comcast are anything like Internode here in Australia, they require the PD request to update their routers with the correct routing information.
  AFAIK, you should be doing a IA_NA to get an address for your router (to connect the link between your router and Comcast), then you need to do the PD to get the addresses for your internal use which radvd will then advertise.
  EDIT: I figured I should include some info for how I do it. I use dibbler-client with these options (obviously I've censored my PD):
  inactive-mode
  skip-confirm
  log-mode short
  log-level 7
  iface "ppp200" {
  pd {
  prefix 2001:aa:aa:ab00::/56
  option dns-server
  IPv6 addresses are then statically assigned to the internal interfaces, and radvd runs with this config:
  interface eth1 {
  AdvSendAdvert on;
  MinRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  AdvDefaultLifetime 3600; # 1 hour
  AdvDefaultPreference high; # this is the best router
  AdvHomeAgentFlag off; # Disable Mobile IPv6 support
  prefix 2001:aa:aa:ab01::/64 {
  AdvOnLink on;
  AdvAutonomous on;
  RDNSS 2001:aa:aa:ab01::f1 {
  Note the increment in the last byte of the network prefix:
  :ab00: (ISP side of the router) => :ab01: (LAN side)

• HT5656 This is all great but for me the "IPv6 Delegated Prefix" field never sticks. After the reboot to apply the settings, it is empty again. I have tried the 6.2 Airport Utility on OS X 10.8.2 and the iOS Airport Utility. Any ideas?

  Hi All,
     I had a working IPv6 tunnel with my Airport Express to tunnelbroker.net using the 7.6.1 firmware.  After updating to 7.6.3, I have tried many things to get it to work and the only one that works is downgrading from 7.6.3 back to 7.6.1.  After seeing this new technical note, it appears that the root of my issue is that I can not get the "IPv6 Delegated Prefix" field to stick - it is always empty after the reboot to apply the settings.
     Any ideas?
       Thanks,
         CraigN

  I'm in the same boat with a 3rd Gen AEBS.  Only thing I haven't tried is a complete reset and reconfiguration from nothing, which I may wind up doing this afternoon just to rule it out.  The best irony of all of this is that tunnelbroker.net is under my responsibility, and I can't validate the new settings paradigm.  At least getting back to 7.6.1 is easy enough and everything works fine there.
  IPv6 Delegated prefix doesn't get saved when using the format from their example, then a 6to4 address shows up as the local address on the main Internet page, and no RAs are received once the AEBS comes back from a reload.  Something's a little off on this release.

• IPv6 prefix delegation: after months of working fine, today no prefixes available

  Subject says it all. After months of having a /64 prefix delegated to my home network and working pretty reliably, today the dhcpv6 client is reporting: IA_PD status code NoPrefixAvail: "No prefix available on Link 'wa-bellevue-ten04-". Suffice it to say I can't get a /64 allocated. Can someone investigate?

  I am seeing the same issue, it started yesterday (16 June 2015) sometime in the afternoon. I discussed this with Comcast support today, and was told that they will not help because my cable modem is my own (I don't rent one) and they therefore have no access to my modem.  I am skeptical that this is a problem with my modem, as this (a) worked in the past, and (b) iappears that the DHCPv6 packet from Comcast is denying a prefix delegation: Jun 17 12:18:05.357 PDT: IPv6 DHCP: Received ADVERTISE from FE80::21D:70FF:FECC:58E2 on FastEthernet0
  Jun 17 12:18:05.357 PDT: IPv6 DHCP: detailed packet contents
  Jun 17 12:18:05.357 PDT: src FE80::21D:70FF:FECC:58E2 (FastEthernet0)
  Jun 17 12:18:05.357 PDT: dst FE80::216:C7FF:FE7C:BFBC (FastEthernet0)
  Jun 17 12:18:05.357 PDT: type ADVERTISE(2), xid 12121931
  Jun 17 12:18:05.357 PDT: option CLIENTID(1), len 10
  Jun 17 12:18:05.357 PDT: 000300010014A412E3B0
  Jun 17 12:18:05.357 PDT: option SERVERID(2), len 14
  Jun 17 12:18:05.357 PDT: 0001000117323D5614FEB5D6E776
  Jun 17 12:18:05.357 PDT: option IA-PD(25), len 71
  Jun 17 12:18:05.357 PDT: IAID 0x00020001, T1 0, T2 0
  Jun 17 12:18:05.357 PDT: option STATUS-CODE(13), len 55
  Jun 17 12:18:05.357 PDT: status code NOPREFIX-AVAIL(6)
  Jun 17 12:18:05.357 PDT: status message: No prefix available on Link 'wa-everett-ten05-link-S'
  Jun 17 12:18:05.357 PDT: option PREFERENCE(7), len 1
  Jun 17 12:18:05.357 PDT: preference value 0
  Jun 17 12:18:05.357 PDT: option DNS-SERVERS(23), len 32
  Jun 17 12:18:05.357 PDT: 2001:558:FEED::1
  Jun 17 12:18:05.357 PDT: 2001:558:FEED::2 I do receive a /128 IPv6 unicast address for my router itself, and it can access the internet at large via IPv6. Comcast support did confirm that I should be receiving a /56 delegation. 

• HT5656 IPv6 Delegated Prefix doesn't stay set

  Just as others have encountered after the upgrade to 7.6.3, the required field IPV6 Delegated prefix keeps getting unset.  When I click on the error pessage about a broken IPv6 tunnel and click Edit, it highlights the remote IPv4 address, which is set according to the settings specified by tunnelbroker.net.  Changing only the IPv6 delegated prefix field and clicking save then update doesn't prompt a reboot.  I have to change some of the other fields for the reboot to take effect.  My AirPort Extreme is circa 2007 and worked with the 7.6.1 firmware.

  I have this problem as well.  I have tried both /48 and /64 prefixes, but nothing will stay set.  I have tried setting it to automatic, reboot, change to manual, enter in all new settings.  Nothing seems to work.
  Apple needs to address this issue with a fix.  7.6.3 is either still broken, or the Airport Utility app is broken.  It's one of the two.

• RV220W and IPv6 PD (Prefix Delegation)

  Hi All,
  I have an RV220W with firmware version 1.0.2.4. My ISP makes available IPv6 over PPPoE in a Dual Stack configuration. One of the requirements is that my home router should support prefix delegation. I don't appear to be able to find any information pertaining to PD in relation to the RV220W - can anyone tell me definitively, is it supported, and if not, is it planned in a future release?
  If it is supported, any advice on successfully enabling would be most appreciated.
  Many thanks.
  Jordan

  I noticed that the recently released firmware version 1.2.0.9 for the RV110W router mentions in the release notes that DHCPv6 Prefix Delegation is now supported!
  Does that mean that this feature will also be implemented in some firmware release for the RV220W router?

• EA4500 IPv6 Prefix Delegation

  My ISP (OTEnet, Greece) offers IPv6 connectivity in the form of dual-stack IPv4/IPv6 with the requirement that the router supports DHCPv6 Prefix Delegation for establishing an IPv6 connection.
  Using other routers (Cisco 887W, DrayTek Vigor2130n), I have established an IPv4/IPv6 connection but I am unable to do so with the EA4500. As a matter of fact, when I have the "IPv6 - Automatic" option enabled the router not only cannot obtain an IPv6 prefix from the ISP but it gets stuck in the connection attempt and never obtains an IPv4 or an IPv6 address. I have to disable the IPv6 option in order to simply establish an IPv4-only connection without problems.
  So, my questions are:
  1. Does the latest (2.1.38.38880) firmware support dual-stack IPv6 and DHCPv6 Prefix Delegation?
  2. If the router cannot negotiate an IPv6 connection why is it not establishing an IPv4 connection only but gets stuck in the process?
  3. Any tips?

  The specifications for the router say that it supports native IPv6 but this remains to be proved. No tunnel technology can be considered as native and the information in http://tunnelbroker.net/ concerns tunneling IPv6 through an IPv4 connection. Before my ISP offered native IPv6 I used TunnelBroker which is quite slow.
  I need to note here that many ISPs around the world are now offering native IPv6 (e.g. Comcast, Internode etc) with the following requirements as far as the routers is concerned: 
  Support for running dual-stack IPv4/IPv6 through a single connection.
  Support for the DHCPv6 Prefix Delegation protocol for obtaining an IPv6 prefix from the ISP.
  Since the common IP language for explaining router configurations is the one used by Cisco IOS, here is the configuration required for native IPv6 to work properly on a typical Cisco router dialer interface:
  ipv6 dhcp pool DHCP6
  import dns-server
  import domain-name
  interface Dialer0
  ipv6 address autoconfig default
  ipv6 enable
  ipv6 dhcp client pd DHCP6
  Various other routers enable this functionality by the user interface they provide such as:
  NETGEAR home routers require the selection of the DHCP menu option in the IPv6 configuration screen.
  DrayTek routers require the selection of the DHCP-PD menu option in the IPv6 configuration screen.
  So, my question remains: is this supported by the EA4500?

• IPv6 ACLs for ZBFW with changing IPv6 prefix?

  Hi all
  Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
  Background:
  6RD based residential internet access.
  Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
  A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
  No big deal, one would think...
  zone security Z-INTERNET
   description * the outside world *
  zone security Z-DMZ
  zone security Z-OUTSIDE
  zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
   service-policy type inspect PMAP-INBOUND-TRAFFIC
  policy-map type inspect PMAP-INBOUND-TRAFFIC
   class type inspect CMAP-IN-TRACE-TRAFFIC
    pass
   class type inspect CMAP-IN-INSPECT-TRAFFIC
    inspect 
   class class-default
    drop log
  class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
   match access-group name ACLv6-ICMP-UNREACH   <-- some ICMP listed in this ACL, irrelevant here
  class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
   match access-group name ACLv6-INBOUND-TRAFFIC 
  Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
  ipv6 access-list ACLv6-INBOUND-TRAFFIC
   sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
  ... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
  For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
  However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
  router6rd(config-ipv6-acl)#permit ip any ?
    X:X:X:X::X/<0-128>  IPv6 destination prefix x:x::y/<z>
    any                 Any destination prefix
    host                A single destination host
  router6rd(config-ipv6-acl)#
  D'oh. What now?
  I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
  Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
  Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet? 
  Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
  thanks for your thoughts and ideas.
  Marc

  Hi all
  Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
  Background:
  6RD based residential internet access.
  Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
  A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
  No big deal, one would think...
  zone security Z-INTERNET
   description * the outside world *
  zone security Z-DMZ
  zone security Z-OUTSIDE
  zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
   service-policy type inspect PMAP-INBOUND-TRAFFIC
  policy-map type inspect PMAP-INBOUND-TRAFFIC
   class type inspect CMAP-IN-TRACE-TRAFFIC
    pass
   class type inspect CMAP-IN-INSPECT-TRAFFIC
    inspect 
   class class-default
    drop log
  class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
   match access-group name ACLv6-ICMP-UNREACH   <-- some ICMP listed in this ACL, irrelevant here
  class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
   match access-group name ACLv6-INBOUND-TRAFFIC 
  Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
  ipv6 access-list ACLv6-INBOUND-TRAFFIC
   sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
  ... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
  For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
  However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
  router6rd(config-ipv6-acl)#permit ip any ?
    X:X:X:X::X/<0-128>  IPv6 destination prefix x:x::y/<z>
    any                 Any destination prefix
    host                A single destination host
  router6rd(config-ipv6-acl)#
  D'oh. What now?
  I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
  Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
  Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet? 
  Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
  thanks for your thoughts and ideas.
  Marc

• Implementing IPv6 in a SP environment - Multiple Customer prefixes

  Consider a IPv4 SP that hosts customers Servers/WebSites.
  Today this SP has a LAN dedicated to these "SMB" clients, all "promiscuos" on the same LAN.
  Each customer has one IPv4 address, and can (via PAT) serve more than a physical "backend" Server.
  The SP thus gives "hosting" to potentially 1000+ customers on the same box.
  This SP is now considering IPv6, and wishes to mantain the same architecture.
  since there is no adress space issue with IPv6 and NAT/PAT is not supported he wants to give a /64 prefix to each customer.
  But... how can he route towards these /64 subnets?
  I see there options:
  1. Static Routes. But... is really advisable to place 1000+ static IPv6 routes on a single router?? (it is a N7K by the way)
  2. Dynamic Routing. But... this means that the customer is "forced" to have a Router with Dynamic Routing Capabilities.
  3. Prefix Delegation. (I'm not familiar with this one). But... can the customer assing a "static" IP to a server in the backend with a "delegated" prefix?
  4. I don't see a 4th hypotesis, but I'm sure someone does!
  Any idea is welcome,
  Francisco
  (I'm adding a diagram)

  Hi Jim,
  thank you very much for your post!
  You hit the issue...
  I agree with you, the solution for the "one server" customer is the "connected" subnet, so no further entries are needed there.
  The issue is in fact for the /64 backend subnets of the other customers. I think I was not clear before, the scenario is not a small setup, but we have thousands of these customers that are now attached to the same Router (in IPv4). The diagram is just an example, multiply the customers on the diagram by a 500 factor.
  Let's consider 1500 customers. Today they are all in the same frontend subnet, "hiding" their backend subnets via IPv4 PAT.
  Now we are migrating to IPv6 and we are giving 1500 /64 subnets that the customer can use on his backend.
  The question is: what is the best way to reach there 1500 backend subnets?
  Placing 1500 static routes might work, but it does not seem a very nice/elegant solution.
  Moreover I wonder if a config file this large could give any kind of issue, or if the Nexus could suffer due to the number of IPv6 routes it would have to handle.
  You still advise the "static" approach?
  Francisco

• RV220W - DHCPv6 Prefix Delegation - Edit the configuration file?

  I am trying to configure this router to obtain an IPv6 address from my ISP who offers a dual stack IPv4/IPv6 DHCPv6 Prefix Delegation service.
  I did a WAN packet capture to see the type of DHCPv6 packets the router sends to the ISP in order to obtain an IPv6 address and I saw that the router is sending DHCPv6 solicitation packets of type IA_NA i.e. for Identity Association for Non-temporary Address. However, most ISPs that offer a dual stack IP4/IPv6 service, they use DHCPv6 Prefix Delegation in which case the router is expected to send DHCPv6 solicitation packets of type IA_PD i.e. for Identity Association for Prefix Delegation.
  I then downloaded its configuration file and saw the following:
  dhcpv6c = {}
  dhcpv6c[1] = {}
  dhcpv6c[1]["renewTime"] = "3600"
  dhcpv6c[1]["statelessMode"] = "1"
  dhcpv6c[1]["prefixDelegation"] = "0"
  dhcpv6c[1]["preferredAddress"] = ""
  dhcpv6c[1]["LogicalIfName"] = "WAN1"
  dhcpv6c[1]["requestPreferredAddress"] = "0"
  dhcpv6c[1]["requestDNSSearchList"] = "0"
  dhcpv6c[1]["requestPreferredPrefix"] = "0"
  dhcpv6c[1]["preferredAddressPrefixLength"] = "0"
  dhcpv6c[1]["requestDNS"] = "1"
  dhcpv6c[1]["sendRapidCommit"] = "0"
  dhcpv6c[1]["isEnabled"] = "1"
  dhcpv6c[1]["preferredPrefix"] = ""
  dhcpv6c[1]["_ROWID_"] = "1"
  dhcpv6c[1]["preferredPrefixPrefixLength"] = "0"
  So, the option for the DHCPv6 client to perform a prefixDelegation request is disabled. Does that mean that if I set this flag to "1" it is going to work? Well, I edited the configuration file and changed this flag but the router refuses to load it! It complains about the file being changed. How does it know that? Is it computing some type of checksum? Does anyone know how can I manually edit this flag and update the router's configuration?

  I can't help you because our ISP doesn't support native ipv6.  I suggest you call Cisco Small Business technical support.  All you need is your serial number and your Cisco username to get support.  Tori is awesome to work with.

• Does Airport Extreme 802.11ac support DHCPv6 prefix delegation

  I have IPv6 working with my Airport Extreme 802.11ac. I'm experimenting (for fun) with IPv6 on my local network, and I was trying to create another IPv6 subnet using DHCPv6 prefix delegation.
  Comcast (my ISP) is indeed delegating a 64-bit prefix to the Airport Extreme, but the Airport Extreme does not seem capable of sub-delegating that 64-bit prefix (into say 2 65-bit prefixes, or 4 66-bit prefixes, etc).
  Is the Aiport Extreme 802.11ac is capable of sub-delegating IPv6 prefixes like this?

  I have the exact same problem with my ISP (Init7) here in Switzerland. They delegating IPv6 adresses via DHCPv6-PD (Prefix Delegation) and my Apple AirPort Extreme just get only an IPv4 address.
  Since the worldwide use of IPv6 is rising steadily, I really hope Apple will wake up and update the firmware of its AirPort devices to support DHCPv6-PD.

• Dual-Stack LNS - ppp negotiation fails if no ipv6 prefix assigned by Radius

  Hello,
  We have an LNS (asr1k), dual-stack CPE and Radius server.
  Everything works fine if both ipv4 and ipv6 prefix is assigned to CPE by Radius
  If we set Radius server not to assign v6 prefix, we expect to build up an ipv4-only session over ppp.
  This is not what happens. PPP negotiation fails with the following debug lines:
  IPv6 DHCP_AAA: No authorization data from SSS
  Vi2.2364 PPP DISC: Non-PPP hang up
  some config parts of LNS:
  no ipv6 source-route
  ipv6 unicast-routing
  ipv6 dhcp binding track ppp
  ipv6 dhcp pool IPv6_DHCP_POOL
  ipv6 dhcp pool POOL_DHCP_PD
  ipv6 multicast-routing
  ipv6 multicast rpf use-bgp
  interface Virtual-Template99
   mtu 1460
   ip unnumbered Loopback0
   ip tcp adjust-mss 1420
   no logging event link-status
   ipv6 enable
   no ipv6 nd prefix framed-ipv6-prefix
   no ipv6 nd ra suppress
   ipv6 dhcp server POOL_DHCP_PD allow-hint
   peer default ip address pool adslpool_1 adslpool_2
   ppp max-configure 3
   ppp authentication pap AAA_AUTHEN_PPP_noc3x
   ppp authorization AAA_AUTHOR_NET_noc3x
   ppp accounting AAA_ACCT_NET_noc3x
   ppp ipcp address required
   ppp ipcp address accept
   ppp ipcp no-renegotiation send-termreq
   ppp link reorders
   ppp timeout retry 5
   ppp timeout ncp 30
   ppp timeout authentication 30
  end
  Can anyone help?
  Regards,
  Antal

  Have opend a case with cisco. The solution for me is to put
  no ipv6 dhcp ppp terminate
  in to the global config.
  Hope that helps anyone who has the same problem.

• Airport ExtremeN 7.6, and IPv6 prefixes

  Does anyone know enough about Airport Extreme-N IPv6
  to tell me how IPv6 routers are supposed to advertise prefixes,
  and then how the Airport and MacOSX machines actually negotiate it?
  I have an Airport Extreme-N with firmware 7.6
  I set up my Airport Extreme-N for IPv6 Mode: "Tunnel",
  and I have configured it manually, with something like:
  WAN IPv6 Address: 2001:a123:b2a2:b2e2::2
  IPv6 Default Route: 2001:a123:b2a2:b2e2::1
  LAN IPv6 Address: 2001:a123:b2a3:b2e2::
  My Mac machines are set for IPv6 "Automatically"
  and I can see from 'netstat -rn' that they have assigned themselves:
  (link-local) fe80::d1e1:a1ff:fed1:b1e1    (using its ethernet EUI)
  (global) 2001:a123:b2a3:b2e2:d1e1:a1ff:fed1:b1e1
  using the prefix 2001:a123:b2a3:b2e2:, and their ethernet EUI for the last 64.
  This seems to make sense to me.
  Though in System Preferences/Network/TCPIP, they list router as something like:
  fe80:0000:0000:0000:c1a1:f1ff:fee1:c1a1
  which is the link-local address for the router.
  IPv6 works fine - I can browse to ipv6.google.com
  and ping6 to 2001:4860:800f::68
  Now, my other BSD machines on my network are not autoconfiguring properly.
  I have them configured to use 'rtsol' in /etc/hostname.if
  They get the router address as:
  fe80:0000:0000:0000:c1a1:c1ff:fea1:f1e1
  but they do NOT assign themselves a global IPv6 address with the prefix
  2001:a123:b2a3:b2e2
  Instead, they ONLY have their own link-local address.
  When I run rtsold from my BSD machines I get:
  rtsold: probing re0
  checking if re0 is ready...
  re0 is ready
  set timer for re0 to 0:386681
  New timer is 0:00386481
  timer expiration on re0, state = 1
  send RS on re0, whose state is 2
  set timer for re0 to 4:0
  New timer is 4:00000151
  received RA from fe80::c1a1:c1ff:fea1:f1e1 on re0, state is 2
  OtherConfigFlag on re0 is turned on
  stop timer for re0
  there is no timer
  So, maybe I'm missing something, but how is it supposed to work?
  How are the Mac machines correctly getting the LAN IPv6 Prefix of
  2001:a123:b2a3:b2e2:
  when the Airport is responding with router advertisements of only its link-local address?
  (does it have something to do with this "OtherConfigFlag", or am I supposed
  to use 'Neighbor Discovery Protocol' to get the globally routable prefix?)
  How am I supposed to setup an IPv6 network, so that my other machines
  get NON-link-local prefix from the router?
  Truly - thanks for any help.

  Unplug the router then plug it back into the power.
  After that, powercycle the modem as well.

• IPv6 Global Prefix RA question from R1 to R2

  Hello,
  I've a questiona about IPv6 Global Prefix RA.
  I have 2 routers (r1 and r2) connected via fastethernet0/0 interface.
  On the first router i have gone trough the ipv6 set up:
  1. I have create a ipv6 address: #ipv6 address 2001:aaa:bbbb:cccc::/64 eui-64
  2. told the router that it can route ipv6: #ipv6 unicast-routing
  Below is a #show ipv6 interface on R1:
  FastEthernet0/0 is up, line protocol is up
    IPv6 is enabled, link-local address is FE80::CA00:10FF:FE84:0
    Global unicast address(es):
      2001:AAA:BBBB:CCCC:CA00:10FF:FE84:0, subnet is 2001:AAA:BBBB:CCCC::/64
    Joined group address(es):
      FF02::1
      FF02::2
      FF02::1:FF84:0
  On the second router I have gone trough the ipv6 steps:
  1. I have enable ipv6: #ipv6 enable.
  I do see that the link-local address has been created: FE80::CA02:10FF:FE84:0
  Below is a # show ipv6 interface on R2:
  FastEthernet0/0 is up, line protocol is up
    IPv6 is enabled, link-local address is FE80::CA02:10FF:FE84:0
    No global unicast address is configured
    Joined group address(es):
      FF02::1
      FF02::2
      FF02::1:FF84:0
  My question is as follows: why doesn't get Router2 the global prefix information in the ipv6 address from Router 1
  I do see a RA send from R1 to R2.
  R1#
  *Mar  1 00:40:37.455: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
  *Mar  1 00:40:37.455: ICMPv6-ND:     MTU = 1500
  *Mar  1 00:40:37.455: ICMPv6-ND:     prefix = 2001:AAA:BBBB:CCCC::/64 onlink autoconfig
  *Mar  1 00:40:37.455: ICMPv6-ND:             2592000/604800 (valid/preferred)
  *Mar  1 00:40:37.455: IPV6: source FE80::CA00:10FF:FE84:0 (local)
  *Mar  1 00:40:37.455:       dest FF02::1 (FastEthernet0/0)
  *Mar  1 00:40:37.455:       traffic class 224, flow 0x0, len 104+1396, prot 58, hops 255, originating
  *Mar  1 00:40:37.455: IPv6: Sending on FastEthernet0/0
  R2(config)#
  *Mar  1 00:39:42.275: ICMPv6-ND: Received RA from FE80::CA00:10FF:FE84:0 on FastEthernet0/0
  What I also see is that R1 is getting RA from R2:
  R1#
  *Mar  1 00:47:56.199: ICMPv6-ND: Received RA from FE80::CA02:10FF:FE84:0 on FastEthernet0/0
  Thank I great advance,
  Lino

  Hi Lino,
  My question is as follows: why doesn't get Router2 the global prefix  information in the ipv6 address from Router 1
  You need to configure "ipv6 address autoconfig". When you have it enabled, IPv6 router on receiving RA will get the prefixes with A flag set and will append 64 bit Interface ID.
  What I also see is that R1 is getting RA from R2:
  Per my understanding, RA is not only for stateless autoconfiguration. SLAAC is one benefit from RA while there are otehr benefits like MAC learning, default router advertisement etc..
  Thanks,
  Nagendra