[SOLVED] Comcast IPv6 Prefix Delegation

I've built a gateway/firewall/network services box out of an old machine I had, and it works quite well for IPv4. I was super excited when Comcast finally rolled out IPv6 in my area, and have been attempting to get it to work, however with no success. I have at one point successfully been using an HE tunnel to provide IPv6 for the network. My goal is to have this box running Arch get a prefix from Comcast, distribute it to the local network via radvd, and route IPv6 traffic between the LAN and Comcast without manual intervention to assign the prefix anywhere.
My issue seems to be getting ISC's dhcpcd to apply the prefix that it receives from Comcast to the LAN interface. The prefix I receive is a /64, and if I run dhcpcd in verbose mode, I do see it receive a prefix assignment.
LAN: enp2s2
WAN: enp2s8
dhcpcd.conf
#Prefix delegation in theory
noipv6rs
interface enp2s8
ia_pd 1 enp2s2
radvd.conf
interface enp2s2 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
DeprecatePrefix on;
However, the prefix never shows up on any interface (using ip addr to view), so never seems to be usable. Just in case I wasn't checking it appropriately, I attempted to run radvd anyways, and it exits with an error about no prefixes to advertise as expected.
Furthermore, I've been having further issues, in that if I manually take the prefix, and give my router's LAN interface the prefix::1 address, I have no IPv6 connectivity. If I switch dhcpcd to use ia_na instead of pd, I get an address on the WAN interface and have fully functional IPv6 connectivity on the router, as expected. I was hoping that I could use both statements to get an address on the WAN and delegate a prefix to the LAN, but that seems to be disallowed by dhcpcd, probably for a good reason I'm not aware of. I was hoping neighbor discovery would inform my router of Comcast's router on the link-local link (is that the right term?), but it does not seem to be functioning.
I've googled extensively and have not been able to find a solution that does not require manual intervention to copy-paste the prefix from the dhcpcd/dhclient output either into radvd, or assigning the address manually. Any suggestions on where I should look, or what I should try?
Thanks in advance
Last edited by phate408 (2013-09-19 18:27:01)

phate408 wrote:I manually take the prefix, and give my router's LAN interface the prefix::1 address, I have no IPv6 connectivity.
If Comcast are anything like Internode here in Australia, they require the PD request to update their routers with the correct routing information.
AFAIK, you should be doing a IA_NA to get an address for your router (to connect the link between your router and Comcast), then you need to do the PD to get the addresses for your internal use which radvd will then advertise.
EDIT: I figured I should include some info for how I do it. I use dibbler-client with these options (obviously I've censored my PD):
inactive-mode
skip-confirm
log-mode short
log-level 7
iface "ppp200" {
pd {
prefix 2001:aa:aa:ab00::/56
option dns-server
IPv6 addresses are then statically assigned to the internal interfaces, and radvd runs with this config:
interface eth1 {
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
AdvDefaultLifetime 3600; # 1 hour
AdvDefaultPreference high; # this is the best router
AdvHomeAgentFlag off; # Disable Mobile IPv6 support
prefix 2001:aa:aa:ab01::/64 {
AdvOnLink on;
AdvAutonomous on;
RDNSS 2001:aa:aa:ab01::f1 {
Note the increment in the last byte of the network prefix:
:ab00: (ISP side of the router) => :ab01: (LAN side)

Similar Messages

  • IPv6 prefix delegation: after months of working fine, today no prefixes available

    Subject says it all. After months of having a /64 prefix delegated to my home network and working pretty reliably, today the dhcpv6 client is reporting: IA_PD status code NoPrefixAvail: "No prefix available on Link 'wa-bellevue-ten04-". Suffice it to say I can't get a /64 allocated. Can someone investigate?

    I am seeing the same issue, it started yesterday (16 June 2015) sometime in the afternoon. I discussed this with Comcast support today, and was told that they will not help because my cable modem is my own (I don't rent one) and they therefore have no access to my modem.  I am skeptical that this is a problem with my modem, as this (a) worked in the past, and (b) iappears that the DHCPv6 packet from Comcast is denying a prefix delegation: Jun 17 12:18:05.357 PDT: IPv6 DHCP: Received ADVERTISE from FE80::21D:70FF:FECC:58E2 on FastEthernet0
    Jun 17 12:18:05.357 PDT: IPv6 DHCP: detailed packet contents
    Jun 17 12:18:05.357 PDT: src FE80::21D:70FF:FECC:58E2 (FastEthernet0)
    Jun 17 12:18:05.357 PDT: dst FE80::216:C7FF:FE7C:BFBC (FastEthernet0)
    Jun 17 12:18:05.357 PDT: type ADVERTISE(2), xid 12121931
    Jun 17 12:18:05.357 PDT: option CLIENTID(1), len 10
    Jun 17 12:18:05.357 PDT: 000300010014A412E3B0
    Jun 17 12:18:05.357 PDT: option SERVERID(2), len 14
    Jun 17 12:18:05.357 PDT: 0001000117323D5614FEB5D6E776
    Jun 17 12:18:05.357 PDT: option IA-PD(25), len 71
    Jun 17 12:18:05.357 PDT: IAID 0x00020001, T1 0, T2 0
    Jun 17 12:18:05.357 PDT: option STATUS-CODE(13), len 55
    Jun 17 12:18:05.357 PDT: status code NOPREFIX-AVAIL(6)
    Jun 17 12:18:05.357 PDT: status message: No prefix available on Link 'wa-everett-ten05-link-S'
    Jun 17 12:18:05.357 PDT: option PREFERENCE(7), len 1
    Jun 17 12:18:05.357 PDT: preference value 0
    Jun 17 12:18:05.357 PDT: option DNS-SERVERS(23), len 32
    Jun 17 12:18:05.357 PDT: 2001:558:FEED::1
    Jun 17 12:18:05.357 PDT: 2001:558:FEED::2 I do receive a /128 IPv6 unicast address for my router itself, and it can access the internet at large via IPv6. Comcast support did confirm that I should be receiving a /56 delegation. 

  • EA4500 IPv6 Prefix Delegation

    My ISP (OTEnet, Greece) offers IPv6 connectivity in the form of dual-stack IPv4/IPv6 with the requirement that the router supports DHCPv6 Prefix Delegation for establishing an IPv6 connection.
    Using other routers (Cisco 887W, DrayTek Vigor2130n), I have established an IPv4/IPv6 connection but I am unable to do so with the EA4500. As a matter of fact, when I have the "IPv6 - Automatic" option enabled the router not only cannot obtain an IPv6 prefix from the ISP but it gets stuck in the connection attempt and never obtains an IPv4 or an IPv6 address. I have to disable the IPv6 option in order to simply establish an IPv4-only connection without problems.
    So, my questions are:
    1. Does the latest (2.1.38.38880) firmware support dual-stack IPv6 and DHCPv6 Prefix Delegation?
    2. If the router cannot negotiate an IPv6 connection why is it not establishing an IPv4 connection only but gets stuck in the process?
    3. Any tips?

    The specifications for the router say that it supports native IPv6 but this remains to be proved. No tunnel technology can be considered as native and the information in http://tunnelbroker.net/ concerns tunneling IPv6 through an IPv4 connection. Before my ISP offered native IPv6 I used TunnelBroker which is quite slow.
    I need to note here that many ISPs around the world are now offering native IPv6 (e.g. Comcast, Internode etc) with the following requirements as far as the routers is concerned: 
    Support for running dual-stack IPv4/IPv6 through a single connection.
    Support for the DHCPv6 Prefix Delegation protocol for obtaining an IPv6 prefix from the ISP.
    Since the common IP language for explaining router configurations is the one used by Cisco IOS, here is the configuration required for native IPv6 to work properly on a typical Cisco router dialer interface:
    ipv6 dhcp pool DHCP6
    import dns-server
    import domain-name
    interface Dialer0
    ipv6 address autoconfig default
    ipv6 enable
    ipv6 dhcp client pd DHCP6
    Various other routers enable this functionality by the user interface they provide such as:
    NETGEAR home routers require the selection of the DHCP menu option in the IPv6 configuration screen.
    DrayTek routers require the selection of the DHCP-PD menu option in the IPv6 configuration screen.
    So, my question remains: is this supported by the EA4500?

  • IPv6 prefix delegation with AVPair ipv6:delegated-prefix

    Dear all
    I have a LNS running c7200-adventerprisek9-mz.124-24.T4.bin.
    I am trying to delegate IPv6 prefixes to vpdn users as described in
    http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6553/whitepaper_c11-602131.html#wp9000270
    From this whitepaper: "When the delegating provider edge router supports  RFC 4818, only one user profile is stored for the RADIUS server. In  addition the RADIUS server may be configured with a DNS server per user,  which overwrites the providers edge router's default DNS server address  configured in the DHCP pool"
    Our Freeradius has the following user entry according to the mentioned whitepaper:
    user@foobar Auth-Type = Local, Password == "foo"
       Service-Type = Framed-User,
       Framed-Protocol = "PPP",
       Framed-IP-Address = "10.0.0.1",
       Framed-IP-Netmask = "255.255.255.255",
       Framed-MTU = "1492",
       Framed-Compression = "Van-Jacobson-TCP-IP",
       Cisco-AVPair = "ipv6:prefix#1=201:DB8:F1:0::/64",
       Cisco-AVPair += "ipv6:delegated-prefix=201:DB8:AAAA::/48",
       Cisco-AVPair += "lcp:interface-config=mtu 1460"
    If I try to connect this user I get the PPP-Link established with prefix 201:DB8:F1:0::/64 as expected. But instead of providing the delegated prefix from the AVPair the router queries the radius server again for the user user@foobar-dhcpv6pd which I have not configured since I assume that this router "supports RFC 4818", right?
    So why does it as for user@foobar-dhcpv6pd ?
    Thanks for any hint,
    Grischa

    Hi,
    RFC4818 is supported starting with 15.1(1)T or later. 151-2.T2a seems to have an issue though.
    HTH
    Laurent.

  • RV220W and IPv6 PD (Prefix Delegation)

    Hi All,
    I have an RV220W with firmware version 1.0.2.4. My ISP makes available IPv6 over PPPoE in a Dual Stack configuration. One of the requirements is that my home router should support prefix delegation. I don't appear to be able to find any information pertaining to PD in relation to the RV220W - can anyone tell me definitively, is it supported, and if not, is it planned in a future release?
    If it is supported, any advice on successfully enabling would be most appreciated.
    Many thanks.
    Jordan

    I noticed that the recently released firmware version 1.2.0.9 for the RV110W router mentions in the release notes that DHCPv6 Prefix Delegation is now supported!
    Does that mean that this feature will also be implemented in some firmware release for the RV220W router?

  • Does Airport Extreme 802.11ac support DHCPv6 prefix delegation

    I have IPv6 working with my Airport Extreme 802.11ac. I'm experimenting (for fun) with IPv6 on my local network, and I was trying to create another IPv6 subnet using DHCPv6 prefix delegation.
    Comcast (my ISP) is indeed delegating a 64-bit prefix to the Airport Extreme, but the Airport Extreme does not seem capable of sub-delegating that 64-bit prefix (into say 2 65-bit prefixes, or 4 66-bit prefixes, etc).
    Is the Aiport Extreme 802.11ac is capable of sub-delegating IPv6 prefixes like this?

    I have the exact same problem with my ISP (Init7) here in Switzerland. They delegating IPv6 adresses via DHCPv6-PD (Prefix Delegation) and my Apple AirPort Extreme just get only an IPv4 address.
    Since the worldwide use of IPv6 is rising steadily, I really hope Apple will wake up and update the firmware of its AirPort devices to support DHCPv6-PD.

  • RV220W - DHCPv6 Prefix Delegation - Edit the configuration file?

    I am trying to configure this router to obtain an IPv6 address from my ISP who offers a dual stack IPv4/IPv6 DHCPv6 Prefix Delegation service.
    I did a WAN packet capture to see the type of DHCPv6 packets the router sends to the ISP in order to obtain an IPv6 address and I saw that the router is sending DHCPv6 solicitation packets of type IA_NA i.e. for Identity Association for Non-temporary Address. However, most ISPs that offer a dual stack IP4/IPv6 service, they use DHCPv6 Prefix Delegation in which case the router is expected to send DHCPv6 solicitation packets of type IA_PD i.e. for Identity Association for Prefix Delegation.
    I then downloaded its configuration file and saw the following:
    dhcpv6c = {}
    dhcpv6c[1] = {}
    dhcpv6c[1]["renewTime"] = "3600"
    dhcpv6c[1]["statelessMode"] = "1"
    dhcpv6c[1]["prefixDelegation"] = "0"
    dhcpv6c[1]["preferredAddress"] = ""
    dhcpv6c[1]["LogicalIfName"] = "WAN1"
    dhcpv6c[1]["requestPreferredAddress"] = "0"
    dhcpv6c[1]["requestDNSSearchList"] = "0"
    dhcpv6c[1]["requestPreferredPrefix"] = "0"
    dhcpv6c[1]["preferredAddressPrefixLength"] = "0"
    dhcpv6c[1]["requestDNS"] = "1"
    dhcpv6c[1]["sendRapidCommit"] = "0"
    dhcpv6c[1]["isEnabled"] = "1"
    dhcpv6c[1]["preferredPrefix"] = ""
    dhcpv6c[1]["_ROWID_"] = "1"
    dhcpv6c[1]["preferredPrefixPrefixLength"] = "0"
    So, the option for the DHCPv6 client to perform a prefixDelegation request is disabled. Does that mean that if I set this flag to "1" it is going to work? Well, I edited the configuration file and changed this flag but the router refuses to load it! It complains about the file being changed. How does it know that? Is it computing some type of checksum? Does anyone know how can I manually edit this flag and update the router's configuration?

    I can't help you because our ISP doesn't support native ipv6.  I suggest you call Cisco Small Business technical support.  All you need is your serial number and your Cisco username to get support.  Tori is awesome to work with.

  • IPv6 ACLs for ZBFW with changing IPv6 prefix?

    Hi all
    Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
    Background:
    6RD based residential internet access.
    Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
    A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
    No big deal, one would think...
    zone security Z-INTERNET
     description * the outside world *
    zone security Z-DMZ
    zone security Z-OUTSIDE
    zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
     service-policy type inspect PMAP-INBOUND-TRAFFIC
    policy-map type inspect PMAP-INBOUND-TRAFFIC
     class type inspect CMAP-IN-TRACE-TRAFFIC
      pass
     class type inspect CMAP-IN-INSPECT-TRAFFIC
      inspect 
     class class-default
      drop log
    class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
     match access-group name ACLv6-ICMP-UNREACH   <-- some ICMP listed in this ACL, irrelevant here
    class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
     match access-group name ACLv6-INBOUND-TRAFFIC 
    Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
    ipv6 access-list ACLv6-INBOUND-TRAFFIC
     sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
    ... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
    For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
    However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
    router6rd(config-ipv6-acl)#permit ip any ?
      X:X:X:X::X/<0-128>  IPv6 destination prefix x:x::y/<z>
      any                 Any destination prefix
      host                A single destination host
    router6rd(config-ipv6-acl)#
    D'oh. What now?
    I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
    Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
    Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet? 
    Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
    thanks for your thoughts and ideas.
    Marc

    Hi all
    Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
    Background:
    6RD based residential internet access.
    Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
    A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
    No big deal, one would think...
    zone security Z-INTERNET
     description * the outside world *
    zone security Z-DMZ
    zone security Z-OUTSIDE
    zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
     service-policy type inspect PMAP-INBOUND-TRAFFIC
    policy-map type inspect PMAP-INBOUND-TRAFFIC
     class type inspect CMAP-IN-TRACE-TRAFFIC
      pass
     class type inspect CMAP-IN-INSPECT-TRAFFIC
      inspect 
     class class-default
      drop log
    class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
     match access-group name ACLv6-ICMP-UNREACH   <-- some ICMP listed in this ACL, irrelevant here
    class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
     match access-group name ACLv6-INBOUND-TRAFFIC 
    Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
    ipv6 access-list ACLv6-INBOUND-TRAFFIC
     sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
    ... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
    For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
    However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
    router6rd(config-ipv6-acl)#permit ip any ?
      X:X:X:X::X/<0-128>  IPv6 destination prefix x:x::y/<z>
      any                 Any destination prefix
      host                A single destination host
    router6rd(config-ipv6-acl)#
    D'oh. What now?
    I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
    Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
    Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet? 
    Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
    thanks for your thoughts and ideas.
    Marc

  • Dual-Stack LNS - ppp negotiation fails if no ipv6 prefix assigned by Radius

    Hello,
    We have an LNS (asr1k), dual-stack CPE and Radius server.
    Everything works fine if both ipv4 and ipv6 prefix is assigned to CPE by Radius
    If we set Radius server not to assign v6 prefix, we expect to build up an ipv4-only session over ppp.
    This is not what happens. PPP negotiation fails with the following debug lines:
    IPv6 DHCP_AAA: No authorization data from SSS
    Vi2.2364 PPP DISC: Non-PPP hang up
    some config parts of LNS:
    no ipv6 source-route
    ipv6 unicast-routing
    ipv6 dhcp binding track ppp
    ipv6 dhcp pool IPv6_DHCP_POOL
    ipv6 dhcp pool POOL_DHCP_PD
    ipv6 multicast-routing
    ipv6 multicast rpf use-bgp
    interface Virtual-Template99
     mtu 1460
     ip unnumbered Loopback0
     ip tcp adjust-mss 1420
     no logging event link-status
     ipv6 enable
     no ipv6 nd prefix framed-ipv6-prefix
     no ipv6 nd ra suppress
     ipv6 dhcp server POOL_DHCP_PD allow-hint
     peer default ip address pool adslpool_1 adslpool_2
     ppp max-configure 3
     ppp authentication pap AAA_AUTHEN_PPP_noc3x
     ppp authorization AAA_AUTHOR_NET_noc3x
     ppp accounting AAA_ACCT_NET_noc3x
     ppp ipcp address required
     ppp ipcp address accept
     ppp ipcp no-renegotiation send-termreq
     ppp link reorders
     ppp timeout retry 5
     ppp timeout ncp 30
     ppp timeout authentication 30
    end
    Can anyone help?
    Regards,
    Antal

    Have opend a case with cisco. The solution for me is to put
    no ipv6 dhcp ppp terminate
    in to the global config.
    Hope that helps anyone who has the same problem.

  • How to add a ipv6 prefix boundary in sccm for Direct Access

    Does anyone know how to add a ipv6 prefix for a sccm 2012 boundary?   For one, I'm not sure which prefix I should add.   I tried adding a couple prefix ipv6 addresses I seen on the DirectAccess gpo that is autocreated but sccm says invalid.  For
    some reason SCCM adds a bunch of zeros after what I put.   
    Any help is appreciated.
    Thanks

    I opened the sccm console and looked for my test computer.  I right clicked the device and did properties.   It then showed all the ipv6 prefixes for under discovery data.   Did all the work for me.   Added those and now my software will
    download and install from software center.

  • Airport ExtremeN 7.6, and IPv6 prefixes

    Does anyone know enough about Airport Extreme-N IPv6
    to tell me how IPv6 routers are supposed to advertise prefixes,
    and then how the Airport and MacOSX machines actually negotiate it?
    I have an Airport Extreme-N with firmware 7.6
    I set up my Airport Extreme-N for IPv6 Mode: "Tunnel",
    and I have configured it manually, with something like:
    WAN IPv6 Address: 2001:a123:b2a2:b2e2::2
    IPv6 Default Route: 2001:a123:b2a2:b2e2::1
    LAN IPv6 Address: 2001:a123:b2a3:b2e2::
    My Mac machines are set for IPv6 "Automatically"
    and I can see from 'netstat -rn' that they have assigned themselves:
    (link-local) fe80::d1e1:a1ff:fed1:b1e1    (using its ethernet EUI)
    (global) 2001:a123:b2a3:b2e2:d1e1:a1ff:fed1:b1e1
    using the prefix 2001:a123:b2a3:b2e2:, and their ethernet EUI for the last 64.
    This seems to make sense to me.
    Though in System Preferences/Network/TCPIP, they list router as something like:
    fe80:0000:0000:0000:c1a1:f1ff:fee1:c1a1
    which is the link-local address for the router.
    IPv6 works fine - I can browse to ipv6.google.com
    and ping6 to 2001:4860:800f::68
    Now, my other BSD machines on my network are not autoconfiguring properly.
    I have them configured to use 'rtsol' in /etc/hostname.if
    They get the router address as:
    fe80:0000:0000:0000:c1a1:c1ff:fea1:f1e1
    but they do NOT assign themselves a global IPv6 address with the prefix
    2001:a123:b2a3:b2e2
    Instead, they ONLY have their own link-local address.
    When I run rtsold from my BSD machines I get:
    rtsold: probing re0
    checking if re0 is ready...
    re0 is ready
    set timer for re0 to 0:386681
    New timer is 0:00386481
    timer expiration on re0, state = 1
    send RS on re0, whose state is 2
    set timer for re0 to 4:0
    New timer is 4:00000151
    received RA from fe80::c1a1:c1ff:fea1:f1e1 on re0, state is 2
    OtherConfigFlag on re0 is turned on
    stop timer for re0
    there is no timer
    So, maybe I'm missing something, but how is it supposed to work?
    How are the Mac machines correctly getting the LAN IPv6 Prefix of
    2001:a123:b2a3:b2e2:
    when the Airport is responding with router advertisements of only its link-local address?
    (does it have something to do with this "OtherConfigFlag", or am I supposed
    to use 'Neighbor Discovery Protocol' to get the globally routable prefix?)
    How am I supposed to setup an IPv6 network, so that my other machines
    get NON-link-local prefix from the router?
    Truly - thanks for any help.

    Unplug the router then plug it back into the power.
    After that, powercycle the modem as well.

  • DirectAccess Client IPv6 Prefix problems

    I've been deploying DirectAccess and have created a mixed IPv6 and IPv4 infrastructure on the internal side. The external side is IPv4.
    In a single server installation I have got inbound access and manage out access working perfectly...
    When I introduce another node for load balancing the new node doesn't get a different client IPv6 Prefix so the entire load-balanced cluster uses the same Client IPv6 prefix - this means I can't route manage out traffic, or even return traffic correctly.
    This is using IP-HTTPS. The external network scope is 172.28.242.0/24 and there is a Citrix Netscaler to load balance the inbound traffic. The internal network scope, IPv4 172.28.246.0/24 and the IPv6 is fd11:1:1:246::/64, the next hop on the IPv6 network
    is fd11:1:1:246::1 which is a Cisco ASA and that routes off to the network quite happily.
    If each node in the cluster had a different client IPv6 prefix then manage out/return traffic would be very simple to organise.
    Does any one know how to make each node have different client IPv6 prefixes?

    Hi Ryan,
    According to your description, you are using the DirectAccess with external loadbalancer.
    Here is a article about how to configure a load-balanced DirectAccess cluster.
    Step 3: Configure a Load-Balanced Cluster
    http://technet.microsoft.com/en-us/library/jj134209.aspx#BKMK_Prefix
    Besides, here is a article about planning a Load-Balanced Cluster Deployment.
    Plan a Load-Balanced Cluster Deployment
    http://technet.microsoft.com/en-us/library/jj134166.aspx
    Best Regards.
    Steven Lee
    TechNet Community Support

  • A little bit confused about the ipv6 prefix-list

    when I configured ;
    ipv6 prefix-list abc permit ::/0 ge 0
    which I wish is to permit all the ipv6 routes,
    but the running information becomes "ipv6 prefix-list abc permit ::/0" which only matched the default ipv6 routes
    what is wrong with me

    Hardware > Version > 5.1
    Don't forget to test it on real hardware. There should be plenty of iOS 5.1-limited devices available real soon now. Keep one of those for testing.

  • Anybody Got Experience Getting ASA to Work With Comcast IPv6?

    I'd like to enable dual stack IP with my ISP, Comcast. Unfortunately, Comcast requires residential CPE equipment to support DHCPv6-PD, which the ASA doesn't do. On Comcast forums, others have posted that the workaround is to place a router supporting DHCPv6 between the cable modem and the ASA.
    My question is, given that scenario, I assume the ASA can get the information it needs to configure its outside interface from the router's RA messages? I'm a newbie when it comes to IPv6, so I'd appreciate any help or pointers to information on setting up my ASA correctly for IPv6 behind a router.
    Thanks very much!
    Sent from Cisco Technical Support iPad App

    #1 What is the brand and model of the router?
    #2 What software firewall is on your computer?
    #3 What is your OS and version?
    If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

  • Comcast IPv6 DHCP-PD Implementation

    Recently, Comcast enabled IPv6 for my internet connection. My Router picks up the prefix perfectly and is giving out addresses from ::100 to ::177. What I would like to do is implement DHCPv6 on my domain controller, assign static addresses to my DC and
    Exchange Server, and use the DNS Server on my DC for registration and requests. I also am aware that certain features require IPv6 to be enaled. To date I have had no success in getting this to work and am looking for pointers and advice so I can fully use
    IPv6 here in my environment. The Prefix starts with 2601 so I think these are available from the internet but am not sure. The router also gets a 2001 address which I know is globally available.
    Please advise
    Bob Hessenauer

    Recently, Comcast enabled IPv6 for my internet connection. My Router picks up the prefix perfectly and is giving out addresses from ::100 to ::177. What I would like to do is implement DHCPv6 on my domain controller, assign static addresses to my DC and
    Exchange Server, and use the DNS Server on my DC for registration and requests. I also am aware that certain features require IPv6 to be enaled. To date I have had no success in getting this to work and am looking for pointers and advice so I can fully use
    IPv6 here in my environment. The Prefix starts with 2601 so I think these are available from the internet but am not sure. The router also gets a 2001 address which I know is globally available.
    Please advise
    Bob Hessenauer
    2601 is globally routable (I get the same first bytes from my crapcast connection).  Why do you want to use dhcpv6?  If you want relatively static addresses, disable EUI randomization: Set-NetIPv6Protocol
    -RandomizeIdentifiers Disabled; 

Maybe you are looking for

  • Oracle user installation issue

    I followed the instructions from http://docs.oracle.com/cd/E16655_01/install.121/e17752/usr_grps.htm#BACGFIFJ on my Solaris 11.1 VirtualBox box. Since i used the Solaris 11.1 - Text install, i don't have a graphical interface (no X11) i created an or

  • A little help plea

    Hello, I just bought a Vision: M today. Ive been charging it on the USB for about 30 mins and it will not start up. Is this normal for the USB charge out of the box? Or do I have a problem with the unit's Thanks for any help.

  • Issue with Adobe Drive showing 2 drives when connecting to a HA environment

    I am using Adobe Drive 5 and when connecting to a HA application it shows 2 drives. Even if I use the direct IP of one node 2 drives show up Any idea how to stop a second drive shown up?

  • How do I troubleshoot itunes download

    I'm trying to reload itunes after a harddrive rebuild. itunes it telling me I'm not the admin, but 'm the only registered user and noted as admin on the control panel.

  • N85 tries to open GPRS-connection by itself

    Hi. I have used N85 for couple months now, and after latest software update (20.175) bumped to a problem. Almost every day I notice that my phone has opened packet data connection. When I check running applications there are no extra applications. GP