Trying to get Tunnel Broker config to work - Cisco Community

3413

Views

0

Helpful

4

Replies

I have my 1811 setup as a Tunnel broker to he.net but although the tunnel says it is up, I cant ping anything on IPv6.

Any suggestions on where my problem is ? My 1811 is connected directly to the cable modem.

The config I am using was pieced together from the examples I have found -

interface Tunnel0

description Hurricane Electric IPv6 Tunnel Broker

no ip address

ipv6 address 2001:470:1F10:102::1/64

ipv6 enable

tunnel source Vlan1

tunnel destination 209.51.181.2

tunnel mode ipv6ip

!

interface FastEthernet1

description WAN

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description LAN

ip address 192.168.1.100 255.255.255.0

ip nat inside

ip virtual-reassembly

ipv6 address 2001:470:1F11:102::1/64

ipv6 enable

!

ip route 0.0.0.0 0.0.0.0 FastEthernet1

ip nat inside source list 1 interface FastEthernet1 overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

ipv6 route ::/0 Tunnel0

!

Here is what the debug tunnel shows -

Feb 1 21:39:51: FIBtunnel: Tunnel0 physical idb changed from FastEthernet1 to FastEthernet1

Feb 1 21:39:51: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.1.11)

Feb 1 21:39:53: %LINK-3-UPDOWN: Interface Tunnel0, changed state to up

Feb 1 21:39:53: FIBtunnel: Tu0: stacking IPV6 :: to Default:209.51.181.2

Feb 1 21:39:53: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)

Feb 1 21:39:53: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:54: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=96)

Feb 1 21:39:54: Tunnel0 count tx, adding 20 encap bytes

Feb 1 21:39:55: Tunnel0: IPv6/IP encapsulated 192.168.1.100->209.51.181.2 (linktype=79, len=84)

Feb 1 21:39:55: Tunnel0 count tx, adding 20 encap bytes

Using c181x-advipservicesk9-mz.124-22.T.bin.

Any suggestions appreciated.

Ron

4 Replies 4

interface Tunnel0

description Hurricane Electric IPv6 Tunnel Broker

no ip address

ipv6 address 2001:470:1F10:102::1/64

ipv6 enable

tunnel source Vlan1 !!! <- here is the mistake

tunnel destination 209.51.181.2

tunnel mode ipv6ip

Your tunnel source cannot be Vlan 1 as this has a private IP address which is not visible at the other end 209.51.181.2

Your tunnel source has to be a static IP address or DDNS and this is has to be public and visible from 209.51.181.2.

As I see the Fa1 is your WAN connections, so this should get the public IP address.

If this is dynamic DHCP you have to setup DDNS and set this in the configuration page of Tunnelbroker.

If this is static DHCP (you get the same IP address all the time) , then you only need to change the config to:

interface tun0

tunnel source Fa1

Btw, at tunnelbroker you have a sample configureation for Cisco IOS for your specific tunnel configuration (Example Configuration tab in the config page).

Here is a discussion about tunnelbroker and DDNS

https://www.tunnelbroker.net/forums/index.php?topic=2180.0

HTH,

Calin

Calin:

Thanks for the positng. Vlan1 was partof the problem. The other one is that I had the wrong IPv6 address on the tunnel0 interface (I was using .1 and should have been using .2). Once I changed both, I was able to start pinging IPv6 hosts as well as go to IPv6 only websites.

The only debug command that I found that gave me any info was debug tunnel. All I could see was traffic going out but no indication of what nothing was coming back. Will be digging more into that area. I am using this to help my learning so I can get more experience with IPv6 and do better when I start taking the CCNP R/S exams in a few weeks (already have CCNP Security).

Will Also take a look at the link you provided about DDNS. Want to look at that as well.

Ron

Hello Ron

Good that it's working now. The source as Vlan1 was visible to me, but the one with the IPv6 addressing not as I don't know what tunnelbroker assigned to you. Logical is that .1 is on the "provider side" and .2 on the "client side", but you never know.

Regards,

Calin

hi Ronald,

be also aware to allow protocol 41 when you bind access list to the interface you are using for the tunnel. happened to me lately

cheers

phil

Sent from Cisco Technical Support iPad App

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community