PPP and IPv6 stateless address configuration

Hello everyone.
I'm doing some tests with IPv6 over PPP. Using IPv6 over the Ethernet you can use the "stateless address autoconfiguration" to assign a global IPv6 address to a machine when in.ndpd is running on one machine in the network.
Is it possible to do stateless autoconfiguration using a PPP connection ?
The computer which shall configure itself is running under Solaris. Currently I use only one computer with two instances of pppd running. The interfaces "sppp0"/"sppp1" do not have the "ADDRCONF" flag set. After setting this flag manually using ioctl(SIOCSLIFFLAGS) ifconfig says that the ADDRCONF flag is set but the address is not automatically configured.
ndpd.conf contains the following lines:
prefix (a test prefix here) sppp0
prefix (another test prefix here) sppp1
I re-started in.ndpd after the PPP connection was up but this did not help.
Any ideas ?
Martin

Hello again.
It seems I only forgot the "if sppp0 AdvSendAdvertisements on" line in the ndpd.conf file.
Address autoconfiguration seems to work now. I tested a connection between a computer running Linux and a computer running Solaris - it worked well.
Martin

Similar Messages

IPv6 Temporary Address

I am little confused about the IPv6 temporary address. From my understanding, by default both Win7 and MAC comuputers generate IPv6 temporary address once they learn a prefix from RA message. And more imporant, they will use the temporary address as the source of the communications. For ex, when a computer has one IPv6 address(got from DHCP) and one temporary address, it will use the temporary address for communications and the DHCP address will not be used at all. Has anyone seen any issues arised from using temporary address? Do you force computers to not using temporary address?
Following notes are taken from RFC4941 about the use of temporary address:
"The use of temporary addresses may cause unexpected difficulties with some applications. As described below, some servers refuse to accept communications from clients for which they cannot map the IP address into a DNS name. In addition, some applications may not behave robustly if temporary addresses are used and an address expires before the application has terminated, or if it opens multiple sessions, but expects them to all use the same addresses. Consequently, the use of temporary addresses SHOULD be disabled by default in order to minimize potential disruptions. Individual applications, which have specific knowledge about the normal duration of connections, MAY override this as appropriate.
If anyone can share their experience of using temporary address in production network, that will be great!
Thanks.
Zhenning

So temporary addresses, or privacy addresses as they are somtimes called, work well for a lot of applications. If you do not care about the privacy afforded by temporary addresses, you an disable them:
http://blackundertone.wordpress.com/2011/08/04/disable-windows-7-ipv6-random-temporary-addresses/
http://tech.buraglio.com/2011/07/macos-107-and-ipv6-privacy-addressing.html
Also, you can configure the routers such that the devices themselves do not use SLAAC at all and rely exclusively on DHCP, depending on whether or not your DHCPv6 server is managing addresses.
See http://blogs.cisco.com/borderless/ipv6-automatic-addressing/ for more tips.

2504 WebAuth and IPv6 RADIUS Accounting (IPv6-Framed-Address)

Hi Board,
I'm playing around with RADIUS Accounting in combination with local web authentication on the wireless LAN controller.
So far so good - everything works well, but I'm missing the "IPv6-Framed-Address" in the RADIUS accounting messages.
The only thing I can see is the v4 framed IP address and the "Framed-IPv6-Prefix". According to the configuration guide
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0101001.html#ID807
the "IPv6-Framed-Address" should be sent by the WLC. I took a capture on a span port of the WLC to verify this. Anybody else experiencing this behavior or is it a simple misconfiguration on my side? In the client details I can see the global IPv6 addresses and the link-local.
I tested it on a WLC 2504 with 8.0.100.0 code.
Cheers
Johannes

Hi Board,
I'm playing around with RADIUS Accounting in combination with local web authentication on the wireless LAN controller.
So far so good - everything works well, but I'm missing the "IPv6-Framed-Address" in the RADIUS accounting messages.
The only thing I can see is the v4 framed IP address and the "Framed-IPv6-Prefix". According to the configuration guide
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0101001.html#ID807
the "IPv6-Framed-Address" should be sent by the WLC. I took a capture on a span port of the WLC to verify this. Anybody else experiencing this behavior or is it a simple misconfiguration on my side? In the client details I can see the global IPv6 addresses and the link-local.
I tested it on a WLC 2504 with 8.0.100.0 code.
Cheers
Johannes

Coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpA

Hi
I have installed coheI have installed coherence server "fmw_12.1.3.0.0_coherence_Disk1_1of1.zip" along with Examples on windows machine and C++ client coherence-cpp-12.1.3.0.0b51709-windows-x86-vs2012.zip on the same machine.
I have built the "contacts" C++ Example successfully and while I execute this "contacts" using run I am facing TcpAcceptor error.
On my coherence server the TcpAcceptor is listening on port 8088, so I have modified the extend-cache-config.xml file with values "ip address of my windows machine" and port as "8088".
All the time I am getting below error,
coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpAcceptor
    at class coherence::lang::TypedHandle<class coherence::component::net::extend::PofConnection> __thiscall coherence::component::util::TcpInitiator::openConne
ction(void)(TcpInitiator.cpp:307)
    at coherence::component::util::TcpInitiator::openConnection
    at coherence::component::util::Initiator::ensureConnection
    at coherence::component::net::extend::RemoteCacheService::openChannel
    at coherence::component::net::extend::RemoteService::doStart
    at coherence::component::net::extend::RemoteService::start
    at coherence::component::util::SafeService::startService
    at coherence::component::util::SafeService::restartService
    at coherence::component::util::SafeService::ensureRunningServiceInternal
    at coherence::component::util::SafeService::start
    at coherence::net::DefaultConfigurableCacheFactory::configureService
    at coherence::net::DefaultConfigurableCacheFactory::ensureService
    at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
    at coherence::net::DefaultConfigurableCacheFactory::configureCache
    at coherence::net::DefaultConfigurableCacheFactory::ensureCache
    at coherence::net::CacheFactory::getCache
    at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void,void,void,void> >::sizeOf(bool)
    at _onexit
    at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
    at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
    at BaseThreadInitThunk
    at RtlInitializeExceptionChain
    at RtlInitializeExceptionChain
    on thread "main"
Caused by: coherence::net::messaging::ConnectionException: coherence::component::util::TcpInitiator::TcpConnection@029EAD78{Id=NULL, Open=1, LocalAddress=NULL,
RemoteAddress=10.242.152.242/10.242.152.242:8088}: socket disconnect
    at class coherence::lang::TypedHandle<class coherence::net::messaging::Response> __thiscall coherence::component::net::extend::AbstractPofRequest::Status::g
etResponse(void)(AbstractPofRequest.cpp:203)
    at coherence::component::net::extend::AbstractPofRequest::Status::getResponse
    at coherence::component::net::extend::AbstractPofRequest::Status::waitForResponse
    at coherence::component::util::Initiator::openConnection
    at coherence::component::net::extend::PofConnection::open
    at coherence::component::util::TcpInitiator::openConnection
    at coherence::component::util::Initiator::ensureConnection
    at coherence::component::net::extend::RemoteCacheService::openChannel
    at coherence::component::net::extend::RemoteService::doStart
    at coherence::component::net::extend::RemoteService::start
    at coherence::component::util::SafeService::startService
    at coherence::component::util::SafeService::restartService
    at coherence::component::util::SafeService::ensureRunningServiceInternal
    at coherence::component::util::SafeService::start
    at coherence::net::DefaultConfigurableCacheFactory::configureService
    at coherence::net::DefaultConfigurableCacheFactory::ensureService
    at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
    at coherence::net::DefaultConfigurableCacheFactory::configureCache
    at coherence::net::DefaultConfigurableCacheFactory::ensureCache
    at coherence::net::CacheFactory::getCache
    at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object
,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void
,void,void,void> >::sizeOf(bool)
    at _onexit
    at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
    at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
    at BaseThreadInitThunk
    at RtlInitializeExceptionChain
    at RtlInitializeExceptionChain
    on thread "main"
Caused by: coherence::io::IOException: socket disconnect
    at unsigned int __thiscall coherence::net::Socket::readInternal(unsigned char *,unsigned int)(Socket.cpp:333)
    at coherence::net::Socket::readInternal
    at coherence::net::Socket::SocketInput::read
    at coherence::io::BufferedInputStream::fillBuffer
    at coherence::io::BufferedInputStream::read
    at coherence::component::util::TcpInitiator::readMessageLength
    at coherence::component::util::TcpInitiator::TcpConnection::TcpReader::onNotify
    at coherence::component::util::Daemon::run
    at coherence::lang::Thread::run
    on thread "ExtendTcpCacheService:coherence::component::util::TcpInitiator:coherence::component::util::TcpInitiator::TcpConnection::TcpReader"

We are facing same issue.    Could you please provide us any working .Net sample code for the version 12.1.2.0.
<ssl>
              <protocol>Tls</protocol>
              <local-certificates>
                <certificate>
                  <url>c:\Cert\</url>
                  <password>password</password>
                  <flags>DefaultKeySet</flags>
                </certificate>
              </local-certificates>
            </ssl>
thanks
Bala

Configure active and standby mac address in failover

Hi guys,
I just have a doubt that, if I configure the active and standby mac address in failover, does it will cause any downtime?
As I planning to configure the active and standby mac addresses in failover during production time and not wish that it will bring any downtime to me.
Besides that, just need some guideline that do I need to put all the interfaces' mac addresses in failover?
failover mac address GigabitEthernet0/0 0022.90fe.2000 0022.90fe.2001
failover mac address GigabitEthernet0/1 0022.90fe.3000 0022.90fe.3001
failover mac address GigabitEthernet0/2 0022.90fe.4000 0022.90fe.4001
failover mac address GigabitEthernet0/3 0022.90fe.5000 0022.90fe.5001

Hi Marius,
Seem like set the failover MAC address was not working for me.
Last friday I was tested the failover MAC address.
TEST 1
1, Power off primary ASA and secondary ASA work as active.
2, 2821 router able to learn the correct arp entries.
TEST 2
1, Power on primary ASA and failover from secondary to primary.
2, 2821 router able to learn the correct arp entries from ASA.
3, Set failover MAC address, power off primary ASA and secondary ASA be active.
4, 2821 router unable to learn the correct arp entries.
TEST 3
1, Removed failover MAC address from secondary ASA.
2, 2821 router still unable to learn the correct arp entries from ASA.
3, Power up primary ASA and secondary ASA still in active.
4, 2821 router still unable to learn the correct arp entries from ASA.
5, Reboot 2821 router and it able to learn the arp entries from ASA.
I am not sure this issue from router or from the ASA. But I guess I will try to upgrade the router in term of software and hardware.

Per-session VRF and IPv6

Hello. I cant get Per-session VRF feature working with IPv6 protocol. IPv4 is working fine.
Here is what i've got:
test1 Cleartext-Password := "test"
Framed-Protocol = PPP,
Service-Type == Framed-User,
Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat",
Cisco-AVPair += "ip:vrf-id=NoNAT",
Cisco-AVPair += "ip:ip-unnumbered=Loopback1",
Cisco-AVPair += "ip:addr-pool=real"
Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat"
test2 Cleartext-Password := "test"
Framed-Protocol = PPP,
Service-Type == Framed-User,
Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool",
Cisco-AVPair += "lcp:interface-config=ip nat inside"
#sho run
interface Loopback0
ip address ****
ipv6 address 2001:DB8::20/128
ipv6 enable
interface Loopback1
vrf forwarding NoNAT
ip address *****
ipv6 address 2001:DB8::21/128
ipv6 enable
ipv6 dhcp pool AAA_dhcpv6_pool
prefix-delegation aaa method-list FREERADIUS
ip local pool pool192_168 192.168.128.0 192.168.255.254
ip local pool real *.*.*.* *.*.*.*
ipv6 local pool ppp_delegate_56_v6_pool 2001:DB8:3::/48 56
ipv6 local pool ppp_link_v6_pool 2001:DB8:1::/49 64
ipv6 local pool ppp_delegate_56_v6_pool_vrf_no_nat 2001:DB8:6::/48 56
ipv6 local pool ppp_link_v6_pool_vrf_no_nat 2001:DB8:4::/49 64
interface Virtual-Template1
ip unnumbered Loopback0
ipv6 unnumbered Loopback0
ipv6 enable
no ipv6 nd ra suppress
ipv6 dhcp server AAA_dhcpv6_pool
peer default ip address pool pool192_168
peer default ipv6 pool ppp_link_v6_pool
! non-related config skipped
User test2 receive IPv4 private address and full IPv6 service: address negotiated on the link and delegation DHCPv6 service.
User test1 receive IPv4 real address only and no IPv6 at all.
Here is the debug, take a look at the bold line:
Jul 8 10:13:41: RADIUS(000000DF): Send Access-Request to 10.0.6.10:1812 id 1645/139, len 207
Jul 8 10:13:41: RADIUS: authenticator B8 8A 07 F3 D8 90 A5 FE - B0 10 9F 51 B2 4F 7E 0A
Jul 8 10:13:41: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jul 8 10:13:41: RADIUS: User-Name [1] 6 "test"
Jul 8 10:13:41: RADIUS: CHAP-Password [3] 19 *
Jul 8 10:13:41: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Jul 8 10:13:41: RADIUS: NAS-Port [5] 6 0
Jul 8 10:13:41: RADIUS: NAS-Port-Id [87] 13 "0/1/0/2.301"
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 41
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 35 "client-mac-address=5254.0018.9fb1"
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 39
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 33 "circuit-id-tag=SNR eth 001,0301"
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 39
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 33 "remote-id-tag=f8-f0-82-10-9b-9d"
Jul 8 10:13:41: RADIUS: Service-Type [6] 6 Framed [2]
Jul 8 10:13:41: RADIUS: NAS-IP-Address [4] 6 10.0.6.21
Jul 8 10:13:41: RADIUS(000000DF): Sending a IPv4 Radius Packet
Jul 8 10:13:41: RADIUS(000000DF): Started 5 sec timeout
Jul 8 10:13:41: RADIUS: Received from id 1645/139 10.0.6.10:1812, Access-Accept, len 236
Jul 8 10:13:41: RADIUS: authenticator 9C E6 3B 43 A3 58 06 AB - 17 99 AD 06 FF C6 9A 35
Jul 8 10:13:41: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jul 8 10:13:41: RADIUS: Service-Type [6] 6 Framed [2]
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 67
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 61 "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat"
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 23
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 17 "ip:vrf-id=NoNAT"
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 34
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 28 "ip:ip-unnumbered=Loopback1"
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 25
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 19 "ip:addr-pool=real"
Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 55
Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 49 "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat"
Jul 8 10:13:41: RADIUS(000000DF): Received from id 1645/139
Jul 8 10:13:41: ppp202 PPP SSS: Forwarding request
Jul 8 10:13:41: ppp202 PPP: Phase is FORWARDING, Attempting Forward
Jul 8 10:13:41: PPP: Bind ppp202 to Virtual-Access2.1
Jul 8 10:13:41: Vi2.1 PPP: Static Bind peer_type[3]
Jul 8 10:13:41: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User
Jul 8 10:13:41: Vi2.1 CHAP: O SUCCESS id 1 len 4
Jul 8 10:13:41: Vi2.1 PPP: Phase is UP
Jul 8 10:13:41: Vi2.1 IPCP: Protocol configured, start CP. state[Initial]
Jul 8 10:13:41: Vi2.1 IPCP: Event[OPEN] State[Initial to Starting]
Jul 8 10:13:41: Vi2.1 IPCP: O CONFREQ [Starting] id 1 len 10
Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.8 (0x0306B92EC408)
Jul 8 10:13:41: Vi2.1 IPCP: Event[UP] State[Starting to REQsent]
Jul 8 10:13:41: Vi2.1 PPP: Send Message[Static Bind Response]
Jul 8 10:13:41: Vi2.1 IPCP: I CONFREQ [REQsent] id 1 len 22
Jul 8 10:13:41: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0
Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Says use pool real
Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Pool returned *.*.*.11
Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Done. Her address 0.0.0.0, we want *.*.*.11
Jul 8 10:13:41: Vi2.1 IPCP: O CONFNAK [REQsent] id 1 len 22
Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.11 (0x0306B92EC50B)
Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 8.8.8.8 (0x810608080808)
Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 8.8.4.4 (0x830608080404)
Jul 8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]
Jul 8 10:13:41: Vi2.1 IPV6CP: I CONFREQ [UNKNOWN] id 1 len 14
Jul 8 10:13:41: Vi2.1 IPV6CP: Interface-Id 11BF:9891:6F31:7C15 (0x010A11BF98916F317C15)
Jul 8 10:13:41: Vi2.1 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x0101000E010A11BF98916F317C15)
Jul 8 10:13:41: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10
Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.8 (0x0306B92EC408)
Jul 8 10:13:41: Vi2.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
Jul 8 10:13:41: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.11 (0x0306B92EC50B)
Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 8.8.8.8 (0x810608080808)
Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 8.8.4.4 (0x830608080404)
Jul 8 10:13:41: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 2 len 22
Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.11 (0x0306B92EC50B)
Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 8.8.8.8 (0x810608080808)
Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 8.8.4.4 (0x830608080404)
Jul 8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
Jul 8 10:13:41: Vi2.1 IPCP: State is Open
Jul 8 10:13:41: Vi2.1 Added to neighbor route AVL tree: topoid 2, address *.*.*.11
Jul 8 10:13:41: Vi2.1 IPCP: Install route to *.*.*.11
Jul 8 10:13:41: RADIUS/ENCODE(000000DF):Orig. component type = PPPoE
Jul 8 10:13:41: RADIUS(000000DF): Config NAS IP: 10.0.6.21
Jul 8 10:13:41: RADIUS(000000DF): Config NAS IPv6: ::
Jul 8 10:13:41: RADIUS(000000DF): sending
Jul 8 10:13:41: RADIUS(000000DF): Send Accounting-Request to 10.0.6.10:1813 id 1646/109, len 264
Any suggestions?

Fixed one problem and moved into other.
I've added
Cisco-AVPair += "lcp:interface-config=ipv6 unnumbered Loopback1"
to user profile, but stumbled into another problem: router ignores
Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool"
regardless of vrf, even on usual user profile

Issue about IPV6 Stateless auto-config

Hi,
I have this link local adress:
FE80::A1:2345:6789
and this router global adress:
2001:AAAA:BBBB:CCCC:DDDD::1/64
What is the statless autoconf global unicast address of my station?
2001:AAAA:BBBB:CCCC::A1:2345:6789
or
2001:AAAA:BBBB:CCCC:FE80::A1:2345:6789
Thanks

Hello Theodor,
the answer that has been provided to you by Nagendra is the correct one.
You should take in consideration the fact that your test/quiz can be wrong.
Note also that providing a rating of 1 in these forums is regarded as unfair and in this case it is.
read by yourself ipv6 basic addressing guide about stateless autoconfiguration
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1038169
it is IPV6 prefix /64 + EUI associated to device NIC mac address
EUI is a 64 bits entity derived from MAC address
Hope to help
Giuseppe

TC and IPv6.

Does anyone know if TC (the latest with 7.5.1) supports the following:
WAN side requirements:
W-1: When the router is attached to the WAN interface link it MUST
act as an IPv6 host for the purposes of stateless or stateful
interface address assignment ([RFC4862]/[RFC3315]).
W-2: The router MUST act as a requesting router for the purposes of
DHCPv6 prefix delegation ([RFC3633]).
W-3: DHCPv6 address assignment (IA_NA) and DHCPv6 prefix delegation
(IA_PD) SHOULD be done as a single DHCPv6 session.
My provider supports IPv6, my modem does, but I can't get it to work...any clues?

ipv6.google.com is now open. I have similar issues configuring a time capsule to do simple native IPv6 routing.
According to http://lists.apple.com/archives/ipv6-dev/2009/Nov/msg00003.html
I've read that version 7.5.1 has:
+ new IPv6 "native router" configuration mode:
- available only in IPv4/NAT mode;
- not available when WAN is configured for PPPoE (sigh);
- manual IPv6 WAN configuration is optional;
- DHCP6 client requests prefix delegation, advertised on LAN bridge.
7.5.1 should match what you describe in your requirements, but as always with new features ymmv, and the only real way to test is to do a packet capture on the WAN link with e.g. wireshark. Or do a seach on xs4all and airport extreme, since I presume that's your IPv6 ISP since they're the only ones in NL in production so far
Show Leopard is known to have a broken IPv6 resolver. So even if your TC works, maybe the problem is your Macbook Pro OS. Local IPv6 connectivity uses IPv6 link local addresses and a different method of name resolution, which would explain why that is working already.
I'm running a slightly older version 7.4.2, but there's no update available to 7.5.1 for my TC and AE hardware.
in 7.4.2 Apple seems to assume that the TC either acts in: host mode, bridge mode, or tunnel mode.
However, as more ISP's roll out native IPv6 the TC should support native IPv6 routing (for feature compatability with IPv4) and also participate in DHCPv6 PD prefix delegation. Otherwise people are not going to be able to use their TC to connect to the (IPv6) Internet any longer.
Bridge mode won't work because you'll lose the firewall functionality.
Host mode won't work as it does not support DHCPv6, and I'm not sure it'll then act as a wireless AP properly.
Tunnel mode won't work, as there will no longer be a 6to4 tunnel broker on the WAN side.
Come on Apple! Get your act together and support IPv6 properly for home users with native IPv6 services, and who paid out good money for your products less than 18 months ago. Native IPv6 is coming fast here in the Netherlands.
Why are the new features in 7.5.1 (and decent IPv6 support) not available for products that are still well within their expected service life?

How can I turn off IPv6 temporary addresses in a enterprise environment

So in a default configuration Vista and Windows 7 clients will use IPv6 temporary address (per RFC 3041), but I would like to be able to disable this with a GPO.
I know I can do this by using a startup script tied to a GPO using the netsh interface ipv6 set privacy state=disabled store=persistent but I really do not want to run a logon script especially when as you can see in the command it is a persistent
setting.
Any ideas on using a registry based GPO for this?

Hi,
OK, I understand what you want. But after I use the Process Monitor to capture the behavior, I found that a lot of registry keys would be changed. So you can not set it via registry unless the IPv6 is disabled.
Thanks for understanding.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
Thank you again for the answer.
As a follow up question... How does one suggest/request a change in default behavior in a MS product?
While the RFC 3041 addresses might be nice to have for the average consumer they are not ideal in a enterprise environment. I have found that the temporary addresses will register in DNS, but this doesn't completely solve the issue of tracking and accountability,
you would still need a application to query, correlate and store that information.
So it would be nice if the business versions of Windows Vista/7/2K8 and the next client OS would not have this behavior by default.

Best way to pass IPv4 and IPv6 traffic over a GRE Tunnel

Hello,
We have two 3825 routers with Advanced Enterprise IOS 12.4.9(T). Each of them serves many IPv4 (private and public) and IPv6 networks on their respective site.
We have created a wireless link between the two, using 4 wireless devices, with IP Addresses 10.10.2.2, 3, 4, 5 respectively (1 and 6 are the two end Ethernet interfaces on the routers).
Then we created a GRE tunnel over this link using addresses 172.16.1.1 and 2 (for the two ends) to route traffic over this link.
Now we want to route IPv6 traffic over the same link. However, we found that simply routing the IPv6 traffic over the above GRE / IP tunnel did not work.
Questions:
Is there a way we can use the same (GRE / IP) tunnel to transport both IPv4 and IPv6 traffic?
If not, can we setup two GRE tunnels over the same wireless link, that is, one GRE / IP for IPv4 traffic and a second one GRE / IPv6 for IPv6 traffic?
In brief, what is the suggested way to transport IPv4 and IPv6 traffic over the aforementioned (wireless) link?
I have read http://www.cisco.com/c/en/us/td/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1061361 and other Internet material, however I am still confused.
Please help.
Thanks in advance,
Nick

We have set up two tunnels over the same link, one GRE / IP for the IPv4 traffic and one IPv6 / IP ("manual") for the IPv6 traffic. This setup seems to be working OK.
If there are other suggestions, please advise.
Thanks,
Nick

Firewall and IPv6, how to block ports?

I am using free.fr in France, and IPv6 is enabled as part of the service. There are certain services running that were only accessible to the local network, but I now find that if I know the IPv6 address of the machine they are world accessible. I tried limiting services to be only accessible to the local machine, by adjusting the settings in the Firewall configurations in the system preferences, but the services still seem to be world accessible. Do the firewall configurations ignore IPv6? Is there any way to make it so that services are only available to machines in the local networks via IPv6. I suspect I going to need a command line tool or a third-party tool, but I am willing to deal with this until Apple sorts this out through a security update (please?).
The machine in question is a G4 based PowerMac, so I can't upgrade to 10.5.

Hi Andre,
The machine in question is a G4 based PowerMac, so I can't upgrade to 10.5.
What speed is it? 867
Leopard requirements...
* Mac computer with an Intel, PowerPC G5, or PowerPC G4 (867MHz or faster) processor
minimum system requirements
* 512MB of memory
* DVD drive for installation
* 9GB of available disk space
Not sure on IPv6, since the whole purpose seems to be to pinpoint individual computers to the whole world, but IPFW may still work...
WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, predefined rule sets, wizard, logs, statistics and other features...
http://www.macupdate.com/info.php/id/23317
See also...
http://oreilly.com/pub/a/mac/2005/03/15/firewall.html
http://tadek.pietraszek.org/blog/2007/05/01/adding-custom-firewall-rules-in-osx/

Reassigning IPv6 temporary address when it receives router advertisements

Hi everybody.
I've just met a problem with IPv6 connectivity.
*My environment*
I list my environment that I tested as follows.
1. MacBook Pro (A)
OS Version: 10.6.4
Card Type: AirPort Extreme (0x14E4, 0x93)
Firmware Version: Broadcom BCM43xx 1.0 (5.10.131.16.1)
IPv6 temporary address setting: net.inet6.ip6.use_tempaddr=1
2. AP+Router
TimeCapsule
N.B., I experienced same problem under other sets of router and access point (Cisco's ones). So, let me skip to write the detail of this.
3. MacBook Pro (B) (No problem with this Laptop)
OS Version: 10.6.4
Card Type: AirPort Extreme (0x168C, 0x87)
Firmware Version: Atheros 5416: 2.0.19.10
IPv6 temporary address setting: net.inet6.ip6.use_tempaddr=1
N.B., All user data and settings are transferred to MacBook Pro (A). I think the difference between these two MacBooks is about hardwares.
*The problem*
1. Connect the MacBook Pro (A) to AP+Router.
2. Receive IPv6 router advertisement from the router. (router lifetime=1800, valid lifetime=2592000, preferred lifetime=604800)
3. Assign both IPv6 EUI-64 address and temporary address.
4. Receive IPv6 router advertisement from the router again, 70 sec after previous one.
5. Both the EUI-64 and temporary addresses are removed, and then same EUI-64 address and _new_ temporary address are assigned.
The problem here is that MacBook Pro (A) configures _new_ temporary address, or it removes old temporary address. This causes additional issues on TCP connections because TCP sessions become no longer available after the temporary address has changed.
This problem is not experienced my old MacBook Pro (B); i.e., it keeps the temporary address even after receiving router advertisements.
All the data and setting in MacBook Pro (A) are transferred from MacBook Pro (B).
Therefore, I think the problem is due to hardwares.
I prefer to use IPv6 because I'm in a networking group and also prefer to use temporary addresses.
Do you experience same problem or any suggestions to me?
If you need additional environment description, please ask me.
Thank you in advance, and sorry for my poor English.
Message was edited by: scyphus

This bug has been stealthily fixed in the update http://support.apple.com/kb/HT4250 today, though I have received no reply from Apple bug reporter site.

ZBF in a mixed ipv4 and ipv6 environment, don't touch ipv4

I have a dual stacked router for both ipv4 and ipv6. Ipv4 traffic should pass the zbf untouched due to the fact that there is another rock solid ipv4 firewall egress of the inside Interface. Is there a way that a class map like this could function on ipv6 traffic only?:
class-map type inspect match-any fullproto
description Permitted Traffic to internet
match protocol http
match protocol https
match protocol dns
match protocol imaps
match protocol icmp
match protocol ftp
match protocol ntp
match protocol rtsp
match protocol realmedia
match protocol netshow
match protocol appleqtc
match protocol streamworks
match protocol vdolive
match protocol ssh
match protocol user-rdp
So far there is only a CBAC solution in place for ipv6.
I'm showing my Interfaces:
interface FastEthernet0/0
description *** Inside IPV6 ***
no ip address
speed auto
full-duplex
ipv6 address FE80::1 link-local
ipv6 address ????:????:????:10::1/64
ipv6 nd other-config-flag
ipv6 dhcp relay destination ?:?:?:10::12
ipv6 traffic-filter inne6-inn in
no cdp enable
no mop enabled
interface FastEthernet0/0.4
description *** Inside IPV4 ***
encapsulation dot1Q 4
ip address 82.?.?.129 255.255.255.248
no cdp enable
interface FastEthernet0/1
description *** Outside ***
ip address 82.?.?.42 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
ipv6 address FE80::2 link-local
ipv6 address ?:599::2/126
ipv6 enable
ipv6 nd prefix default no-advertise
ipv6 nd prefix ?:599::/126 no-advertise
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd router-preference High
ipv6 inspect ipv6-cbac out
ipv6 traffic-filter ut-inn6 in
no cdp enable
no mop enabled
Please advise.
Regards,
Henning

I didn't test it, but what about the following:
Configure a new class-map where you match on an ipv6 access-list "any to any"
Configure a third class map of type ""match all" where you match on your "fullproto" class-map and also the above ipv6 class-map. For this class map you configure your inspections.
For ipv4-traffic you configure a class with a "pass" action in both directions.

Time Capsule and IPv6.

Hi Guys,
Has anyone succeeded in configuring their TC to support IPv6 natively? So no tunnelling, but native v6 from your provider. I've been trying just about anything but can't get it to work.
Any ideas? To be sure I use a Draytek Vigor 120 modem with IPv6 firmware and the TC is configured to route PPPoE from the Draytek.

It's a chicken-and-egg thing. Sites won't go IPv6 until ISPs provide the right infrastructure, and ISPs won't provide the right infrastructure until forced to because some sites are IPv6 only.
I think you'll see a lot more action on this in the next two years now that the main pool of IPv4 address is exhausted.
Truly, today, though, essentially nothing on the net publicly is IPv6. I actually hooked up with Hurricane Electric's free tunnel and had IPv6 working at my house for a short time (yes, through my Time Capsule -- worked fine), and I had lots of trouble finding anything to surf. Yes, Google and a few other sites have IPv6 sites, but they really are essentially no different than IPv4, or else they are specific sites just meant to test IPv6 (no real content). So, at least as of today, you're not missing anything.
Very few US ISPs have IPv6. Most are just in the beginning of tests with a few select customers. This is going to change over the next few years.
It isn't as simple as just flipping a switch, because as I mentioned, every computer becomes a fully addressable node on IPv6, and DHCP goes away, to be replaced mostly with a protocol where your ISP gives you a prefix, and your equipment appends a long suffix. Those two together uniquely identify your computer and can be found from ANYWHERE on internet. That means the routing protocols have to track a phenomenally larger number of routes than they did before, or (in practice) they have to hand off the job to routers down the line. The whole addressing scheme works differently and it will take some time for the ISP equipment to be fully compliant.

Lion server postfix errors (and mail is NOT configured to run)

I rebooted my Lion 10.7.1 server today and the logs (kernel and server) started filling up with the following:
10/8/11 3:46:48.434 PM postfix/master: fatal: fe80::1%lo0:submission: valid hostname or network address required
10/8/11 3:46:49.000 PM kernel: nstat_lookup_entry failed: 2
10/8/11 3:46:49.000 PM kernel: nstat_lookup_entry failed: 2
10/8/11 3:46:49.435 PM com.apple.launchd: (org.postfix.master[490]) Exited with code: 1
10/8/11 3:46:49.435 PM com.apple.launchd: (org.postfix.master) Throttling respawn: Will start in 9 seconds
Mail is not configured to run on my server, I've changed nothing on my system, yet the logs are getting bloated with these messages as they repeat every 10 seconds.
I've checked the LaunchAgents and LaunchServices directories (and the plists in side), StartupItems, etc. I cannot figure out why postfix is constantly attempting to start by itself. It is running for short periods of time because if I time it right, "sudo postfix stop" returns a "stopping postfix"
Pointers?

"Instead of hard-coding 127.0.0.1 and ::1 loopback addresses in master.cf, specify
"inet_interfaces = loopback-only" in main.cf. This way you can use the same master.cf file regardless of whether or not Postfix will run on an IPv6-enabled system."
Postfix IPv6 Support

PPP and IPv6 stateless address configuration

Similar Messages

Maybe you are looking for