cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2276
Views
0
Helpful
4
Replies

IPv6 on bridged virtual interface (bvi), 871W

etamminga
Spotlight
Spotlight

Hi,

Can someone help me configure IPv6 on my Cisco 871W router.

I HAVE succesfully setup a IPv6/IPv4 tunnel to a tunnel broker. I am able to ping (ipv6) over the tunnel but am unable to ping locally connected IPv6 devices.

My guess is that this has something to do with having ipv6 enabled a non-ethernet interface. My router is using bridging to join the wireless and wired interfaces. I already had to explicitly enable router advertisements because BVI1 is not considered a LAN interface.

Sniffing on other locally connected devices tells me the router is not answering to neighbor solicitations.

Why can't I fullfill this easy task of establishing local ipv6 connectivity.

Regards,

Erik Tamminga

My current config (the ipv6 relevant parts) is...

----------

ipv6 unicast-routing

ipv6 cef

ipv6 dhcp pool IPv6-Vlan1

prefix-delegation 2001:xxx:xxx::/48 2001xxxxxx

domain-name ipv6.etamminga.nl

!

ipv6 inspect name IPv6-Firewall tcp

ipv6 inspect name IPv6-Firewall udp

ipv6 inspect name IPv6-Firewall icmp

ipv6 inspect name IPv6-Firewall ftp

ipv6 multicast-routing

bridge irb

!

interface Tunnel1

description IPv6 uplink to XXXX

no ip address

ipv6 address 2001:xxx:xxx:371::2/64

ipv6 enable

ipv6 traffic-filter IPv6-inet-in in

ipv6 inspect IPv6-Firewall out

tunnel source FastEthernet4

tunnel destination 192.87.xxx.xxx

tunnel mode ipv6ip

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

ip tcp adjust-mss 1452

bridge-group 1

!

interface BVI1

ip address 10.10.10.1 255.255.255.0

ip access-group 100 in

ip pim sparse-dense-mode

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412

ipv6 address 2001:xxx:yyy::1/64

ipv6 enable

ipv6 nd prefix 2001:xxx:yyy::/64 86400 86400

ipv6 nd other-config-flag

ipv6 nd router-preference High

no ipv6 nd ra suppress

ipv6 nd ra interval 30

ipv6 dhcp server IPv6-Vlan1

!

ipv6 route 2001:xxx:yyy::/48 Null0

ipv6 route 2000::/3 2001:xxx:xxx:371::1

ipv6 access-list IPv6-inet-in

permit tcp any host 2001:xxx:xxx:371::2 eq 443

permit udp any any eq non500-isakmp

permit udp any any eq isakmp

permit esp any any

permit ahp any any

permit udp any any eq ntp

permit udp any eq domain any gt 1024

permit icmp any any echo-reply

permit icmp any any time-exceeded

permit icmp any any unreachable

permit icmp any any echo-request

permit icmp FE80::/10 any

deny ipv6 any any log

!

bridge 1 protocol ieee

bridge 1 route ip

4 Replies 4

b.hsu
Level 5
Level 5

In the access list "IPV6-net-in", you must also permit traffic destined to Solicitated Node Multicast Address.

Refer to

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c3d.html#wp10

Well, IPV6-inet-in is not attached to interface BVI1. So that's not the problem...

Any other thoughts?

Regards,

Erik Tamminga

On several websites on the internet bug CSCej50923 is mentioned in combination with IPv6 and the bridging capabilities of the Cisco ISR routers.

CSCej50923 cannot be found in the Cisco bug toolkit.

Can someone from cisco give us a statusupdate on this bug?

Regards,

Erik

Phillip Remaker
Cisco Employee
Cisco Employee

For IPv6 complete BVI support you need 15.1(3)T or later IOS.

See Enhancement CSCta27529

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCta27529

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: