One common error with SLAAC and with it simple address assignment & that's commonly made; is the lack of ipv6 unicast routing enabled global, and the effects of SLACC assignments due to this.
This has caused a few issues in the past, and can easily be identified.
Follow this example. let's say you enable ipv6 on a interface.
e.g
!
interface GigabitEthernet0/0
description HE /48 announcement of mine
ip address 1.1.1.253 255.255.255.0
duplex auto
speed auto
media-type rj45
ipv6 address 2001:470:C021:1::1/64
ipv6 enable
end
It looks good right? Wait a minute not so fast :)
Will issue a "show ipv6 int gi 0/0" and it shows the following ( output truncated );
FF02::1:FF39:7F00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
router3825#
Notice how the output speaks nothing about SLAAC, being enabled on that interface? Okay so we can correct the problem by enabling ipv6 unicast-routing globally within the router.
e.g
router3825#config t
Enter configuration commands, one per line. End with CNTL/Z.
router3825(config)#ipv6 uni
router3825(config)#ipv6 unicast-routing
router3825(config)#^Z
and now re-issues that same show command;
and now re-issues that same show command;
router3825#show ipv6 int gi 0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::21D:70FF:FE39:7F00
No Virtual link-local address(es):
Global unicast address(es):
2001:470:C021:1::1, subnet is 2001:470:C021:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF39:7F00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
router3825#
*Oct 31 21:40:35.931: %SYS-5-CONFIG_I: Configured from console by console
Okay you see the difference now ?
By default RA ( route advertisements ) are enable, and the interface is now SLAAC enabled to assign address for ipv6 clients. Without this command, that interface would not assign any ipv6 address to any ipv6 clients that solicit a ipv6 request.
I hope you find this posting useful if you run into any ipv6 assignment issues or lack of clients receiving their ipv6 addressing information. You can also validate that ipv6 is configured with a simple "show ipv6 protocol" cmd
e.g
router3825#show ipv6 protocols
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "connected"
router3825#
But don't be fooled, the above will populate even WITHOUT unicast-routing enable. The issuance of ipv6 unicast-routing just now allow the interfaces that are configured for ipv6 to route and participate in the ipv6 routing.
Ken Felix
Freelance Security and Network Engineer
kfelix " a t " hyperfeed.com
No comments:
Post a Comment