(The Ziggo Prefix is 2001:1c00:1000::/36)
My first setup wass Ziggo Ubee modem (still in router mode) -> Cisco ASA.
I've spent a few frustrating evenings getting things working on my ASA. Finally I gave up because the ASA is not able to get delegated prefixes (DHCP-PD) from the modem and putting them through to the LAN side. In comes an trusty old 1841 router. If you think everything was going smooth from then, wrong...... IPv6 is a #$@%&!&@ 20 years old but it took an 2012 version of IOS (12.4.24T) getting things working (in other words getting IPv6 DHCP working).
My setup is now : ASA for IPv4 and the 1841 for IPv6. Both behind the Ubee modem.
First step : enable ipv6
ipv6 unicast-routing
ipv6 cef
Step two configuring the outside interface (fa0/0)
int fa0/0Step three configure the inside interface (fa0/1)
!
! get your own IPv6 address by neighbour discovery
! and get a default route
!
ipv6 address autoconfig default
!
!
! this command is obsolete as soon you enter a
! IPv6 command but I left it there
!
ipv6 enable
!
! gimme a prefix, preferably a ::/60
!
ipv6 dhcp client pd hint ::/60
!
! put that prefix in this variable
!
ipv6 dhcp client pd prefix-from-ziggo
!
int fa0/1
! first a recognizable link-local address
!
ipv6 address FE80::1 link-local
!
! now let's get a routable address (this will
! form the address {prefix-from-ziggo}2:0:0:0:1)
!
ipv6 address prefix-from-ziggo ::2:0:0:0:1/64
ipv6 enable
!
!
Let's check if the config is working
RTR-01#sh ipv6 interface
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::{EUI-64 address}
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
default-ziggo-prefix:x00:{EUI-64 address}, subnet is default-ziggo-prefix:x00::/64 [EUI/CAL/PRE]
valid lifetime 1209594 preferred lifetime 604794
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF22:51AC
MTU is 1500 bytes
[etc..]
The outside interface will get the same ::/64 prefix as the LAN-interface of the Ubee modem (default-ziggo-prefix:x00). The last 2 bytes are for you to use (the 2 zeroes).
The inside interface:
FastEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1
No Virtual link-local address(es):
General-prefix in use for addressing
Global unicast address(es):
prefix-from-ziggo:xc2::1, subnet is prefix-from-ziggo:xc2::/64 [CAL/PRE]
valid lifetime 56 preferred lifetime 26
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FF00:1
FF05::1:3
MTU is 1500 bytes
[etc..]
The Ubee modem delegated a prefix ending in C0. The ::2:0:0:0:1/64 in the address statement changes this in C2.
The prefix hint was a ::/60 but the modem delegated a ::/59
RTR-01#sh ipv6 dhcp interface
FastEthernet0/0 is in client mode
Prefix State is OPEN (0)
Information refresh timer expires in 23:59:52
Renew will be sent in 00:00:07
Address State is IDLE
List of known servers:
Reachable via address: FE80::{EUI-64}
DUID: 0003000190{MAC-ADDRESS}
Preference: 0
Configuration parameters:
IA PD: IA ID 0x00030001, T1 15, T2 22
Prefix: prefix-from-ziggoC0::/59
preferred lifetime 30, valid lifetime 60
expires at Jun 06 2015 10:36 PM (53 seconds)
DNS server: 2001:B88:1002::10
DNS server: 2001:B88:1202::10
Information refresh time: 0
Prefix name: prefix-from-ziggo
Prefix Rapid-Commit: disabled
Address Rapid-Commit: disabled
Prefixes sent as hint:
::/60
I am able to assign the subnets C0 to DF to my internal networks (just one :-)).I will only use C2.
Step four : DHCPv6 on the inside
Little sidenote : personnaly I want to move this function to my Raspberry PI server (ISC HDCP server) because of dynamic DNS updates in Bind9.
<rant>
ok IPv6 developers I haven't read all the RFCs (so I might miss any good reason why it's the way it is now) but why why why did you mess up the IPv4 method of assigning IP addresses ? Why do we need 2 different daemons / server modules for this (RA and DHCPv6). The current complexity of setting up IPv6 will severely hinder acceptance.
</rant>
To get the prefix advertised on the LAN we need to use the neighbour discovery commands:
int fa0/1
!
! use the full subnet prefix found when using
! sh ipv6 interface fa0/1 | i subnet
!
ipv6 nd prefix {subnet-prefix}
!
! tell the client it will contact a IPv6 DHCP server
! for the DNS settings. Gateway will automatically be
! the router advertising the subnet prefix
!
ipv6 nd Managed-config-flag
!
The router is also a DHCPv6 server
ipv6 dhcp pool intern
ip address prefix {subnet-prefix}
dns-server 2001:B88:1002::10
domain-name tempelman.local
!
!
int fa0/1
!
ipv6 dhcp server intern
!
That's it. Now I'm going to look into getting a proper firewall config. The Ubee modem has a IPv6 firewall running so while testing you will not be exposed that much but better safe than sorry !
Edit: made some changes based on this link
Edit 2 : Suggested reading : Cisco DHCPv6 Based Access Services
Edit 3 : Extra config info @ Internode website
No comments:
Post a Comment