Getting IPv6 working on cable networks

Unanswered Question
Jul 31st, 2012
User Badges:

Looking to get a router in my lab working on a comcast cable modem.  I am recieving RAs from the ISP router, however my router will not generate its global unicast from the prefixes, regardless of ipv6 address autoconfig


General config:

!

ipv6 unicast-routing

ipv6 cef

!

ipv6 multicast-routing

!


Interface config:

interface FastEthernet0/0

description $FW_OUTSIDE$

ip address dhcp

ip nat outside

ip inspect WANInbound in

ip virtual-reassembly

duplex auto

speed auto

ipv6 address autoconfig default

ipv6 enable

ipv6 nd ra suppress

!


Debug output:


1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w3d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0


Show Output:

UC520#show ipv6 routers

Router FE80::201:5CFF:FE23:A441 on FastEthernet0/0, last update 0 min

  Hops 0, Lifetime 1800 sec, AddrFlag=1, OtherFlag=1

  HomeAgentFlag=0, Preference=Medium

  Reachable time 30000 msec, Retransmit time 1000 msec

  Prefix 2001:558:4020:2F::/64

    Valid lifetime 604800, preferred lifetime 302400

  Prefix 2001:558:6007:2E::/64

    Valid lifetime 604800, preferred lifetime 302400

UC520#


In addition, if a computer is plugged directly into the cable modem, it picks up an IPv6 address no problem, and it works wonderfully.


Any ideas?


C

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Thu, 08/02/2012 - 06:41
User Badges:
  • Cisco Employee,

hey Cale,


Can you post

debug ipv6 icmp

debug ipv6 nd

show ipv6 int 


My config:


interface FastEthernet8

ip address 10.2.2.1 255.255.255.0

duplex auto

speed auto

ipv6 address autoconfig

ipv6 enable

ipv6 nd ra suppress

crypto ipsec client ezvpn EZ


Debugs:

bsns-892-2#sh ipv6 routers

Router FE80::32E4:DBFF:FEB3:B924 on FastEthernet8, last update 0 min

  Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500

  HomeAgentFlag=0, Preference=Medium

  Reachable time 0 (unspecified), Retransmit time 0 (unspecified)

  Prefix 2001:DB8::/64 onlink autoconfig

    Valid lifetime 2592000, preferred lifetime 604800

bsns-892-2#

bsns-892-2#

bsns-892-2#

*Aug  2 13:34:30.083: ICMPv6: Received R-Advert, Src=FE80::32E4:DBFF:FEB3:B924, Dst=FF02::1

*Aug  2 13:34:30.083: ICMPv6-ND: Received RA from FE80::32E4:DBFF:FEB3:B924 on FastEthernet8

*Aug  2 13:34:30.083: ICMPv6-ND: Prefix : 2001:DB8::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0

*Aug  2 13:34:30.083: ICMPv6-ND: Update on-link prefix 2001:DB8::/64 on FastEthernet8/FE80::32E4:DBFF:FEB3:B924, lifetime 2592000

*Aug  2 13:34:30.083: ICMPv6-ND: %FastEthernet8: OK: IPv6 Address Autoconfig 2001:DB8::/64 eui-64, 2001:DB8::32E4:DBFF:FEB3:B8E2 2001:DB8::32E4:DBFF:FEB3:B8E2/64 is existing

*Aug  2 13:34:30.083: ICMPv6: Received R-Advert, Src=FE80::32E4:DBFF:FEB3:B924, Dst=FF02::1

*Aug  2 13:34:30.083: ICMPv6-ND: Received RA from FE80::32E4:DBFF:FEB3:B924 on FastEthernet8

*Aug  2 13:34:30.083: ICMPv6-ND: Prefix : 2001:DB8::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0

*Aug  2 13:34:30.083: ICMPv6-ND: Update on-link prefix 2001:DB8::/64 on FastEthernet8/FE80::32E4:DBFF:FEB3:B924, lifetime 2592000

*Aug  2 13:34:30.083: ICMPv6-ND: %FastEthernet8: OK: IPv6 Address Autoconfig 2001:DB8::/64 eui-64, 2001:DB8::32E4:DBFF:FEB3:B8E2 2001:DB8::32E4:DBFF:FEB3:B8E2/64 is existing


this leads to:

bsns-892-2#sh ipv6 interface fa8

FastEthernet8 is up, line protocol is up

  IPv6 is enabled, link-local address is FE80::32E4:DBFF:FEB3:B8E2

  No Virtual link-local address(es):

  Stateless address autoconfig enabled

  Global unicast address(es):

    2001:DB8::32E4:DBFF:FEB3:B8E2, subnet is 2001:DB8::/64 [EUI/CAL/PRE]

      valid lifetime 2591988 preferred lifetime 604788

  Joined group address(es):

    FF02::1

    FF02::1:FFB3:B8E2

  MTU is 1500 bytes

  ICMP error messages limited to one every 100 milliseconds

  ICMP redirects are enabled

  ICMP unreachables are sent

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds (using 30000)

  ND NS retransmit interval is 1000 milliseconds

  Default router is FE80::32E4:DBFF:FEB3:B924 on FastEthernet8


Tested on 15.2(3)T on 892 router.


M.

calejaycolony Thu, 08/02/2012 - 21:46
User Badges:

The debugs:



1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0


The show:


UC520#show ipv6 interface fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

  IPv6 is enabled, link-local address is FE80::21E:13FF:FE27:4456

  No Virtual link-local address(es):

  Description: $FW_OUTSIDE$

  General-prefix in use for addressing

  No global unicast address is configured

  Joined group address(es):

    FF02::1

    FF02::2

    FF02::D

    FF02::16

    FF02::1:FF27:4456

  MTU is 1500 bytes

  ICMP error messages limited to one every 100 milliseconds

  ICMP redirects are enabled

  ICMP unreachables are sent

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds (using 25242)

  Hosts use stateless autoconfig for addresses.


UC520#show ipv6 neighbors

IPv6 Address                              Age Link-layer Addr State Interface

FE80::201:5CFF:FE23:A441                    3 0001.5c23.a441  STALE Fa0/0


On the readdition of ipv6 address autoconfig default to the interface:


1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: IPv6-Address: Adding operating owner autoconfigured on FastEthernet0/0

1w6d: ICMPv6-ND: Selected new default router FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: IPv6RT[Default]: static, Route add ::/0 [owner]

1w6d: IPv6RT[Default]: static, Adding next-hop FE80::201:5CFF:FE23:A441 over FastEthernet0/0 for ::/0, [1/0]

1w6d: ICMPv6-ND: Installed default to FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: IPv6RT[Default]: Event: ::/0, Path, owner static, previous None

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0

1w6d: ICMPv6-ND: O bit set; checking stateless DHCP

1w6d: ICMPv6: Received R-Advert, Src=FE80::201:5CFF:FE23:A441, Dst=FF02::1

1w6d: ICMPv6-ND: Received RA from FE80::201:5CFF:FE23:A441 on FastEthernet0/0


Results in:


UC520#show ipv6 address

IPv6 Address Database for Table Default

Code: * - administratively active


UC520#show ipv6 route

IPv6 Routing Table - Default - 3 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route

       M - MIPv6, R - RIP

S   ::/0 [1/0]

     via 2601:4:2CC0:40:201:5CFF:FE23:A441

     via FE80::201:5CFF:FE23:A441, FastEthernet0/0

S   2601:4:2CC0:40::/64 [1/0]

     via Null0, directly connected

L   FF00::/8 [0/0]

     via Null0, receive



Thanks for your input!

calejaycolony Thu, 08/02/2012 - 21:56
User Badges:

Also,


UC520#show ipv6 routers

Router FE80::201:5CFF:FE23:A441 on FastEthernet0/0, last update 0 min

  Hops 0, Lifetime 1800 sec, AddrFlag=1, OtherFlag=1

  HomeAgentFlag=0, Preference=Medium

  Reachable time 30000 msec, Retransmit time 1000 msec

  Prefix 2001:558:4020:2F::/64

    Valid lifetime 604800, preferred lifetime 302400

  Prefix 2001:558:6007:2E::/64

    Valid lifetime 604800, preferred lifetime 302400

Marcin Latosiewicz Fri, 08/03/2012 - 01:16
User Badges:
  • Cisco Employee,

Heh. That's interesting:


Unicast route to null0 ....


S   2601:4:2CC0:40::/64 [1/0]

     via Null0, directly connected


What SW version is this?

With the two debugs I mentioned above I would have expected way more info displayed - maybe you need to let it run a bit longer or do an upgrade to something more recent?



M.

calejaycolony Fri, 08/03/2012 - 01:21
User Badges:

UC520#show ver

Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Fri 11-Jul-08 08:44 by prod_rel_team



ROM: System Bootstrap, Version 12.4(11r)XW3, RELEASE SOFTWARE (fc1)



UC520 uptime is 1 week, 6 days, 8 hours, 55 minutes

System returned to ROM by power-on

System restarted at 19:24:01 EDT Fri Jul 20 2012

System image file is "flash:/uc500-advipservicesk9-mz.124-20.T.bin"





This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.



A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html



If you require further assistance please contact us by sending email to

[email protected].



Cisco UC520W-8U-4FXO-K9 (MPC8358) processor (revision 0x202) with 249856K/12288K bytes of memory.

Processor board ID FTX1219Z029

MPC8358 CPU Rev: Part Number 0x804A, Revision ID 0x20

14 User Licenses

10 FastEthernet interfaces

2 terminal lines

4 Voice FXO interfaces

4 Voice FXS interfaces

1 Voice MoH interface

1 802.11 Radio

1 cisco service engine(s)

128K bytes of non-volatile configuration memory.

125440K bytes of ATA CompactFlash (Read/Write)



Configuration register is 0x2102



UC520#

Marcin Latosiewicz Fri, 08/03/2012 - 01:26
User Badges:
  • Cisco Employee,

Come on, have mercy! 12.4(20)T? 

I would say (if you can) give it a try with 12.4(24)T-latest


and post show tech/running config.


But if you want to get it done faster - TAC case.

calejaycolony Fri, 08/03/2012 - 01:34
User Badges:

No contract, old equipment. Bummer I guess.. Will post a scrubbed config.


Sent from Cisco Technical Support iPad App

ROBERTO TACCON Thu, 08/02/2012 - 07:27
User Badges:

Have you try to remove the inspection and check if it works ...

"

ip inspect WANInbound in

"

calejaycolony Thu, 08/02/2012 - 21:53
User Badges:

I may be mistaken, but the ip inspection engine is seperate from ipv6 inspect.  IP inspect would only process packets if the ethertype is 0x0800, not 0x86DD.  Also, the router is recieving the RAs as noted in the OP.


On the likely hood I was mistaken, I removed it to no avail.


Thanks for the post though!

Andrew Yourtchenko Tue, 08/21/2012 - 13:48
User Badges:
  • Cisco Employee,

Router FE80::201:5CFF:FE23:A441 on FastEthernet0/0, last update 0 min

Hops 0, Lifetime 1800 sec, AddrFlag=1, OtherFlag=1


AddrFlag=1 means the sender sets managed config flag thus they want you to use DHCPv6, not SLAAC. The behavior is correct. If you configure your CPE router to run DHCP-PD client to populate a general prefix, you can use that general prefix for LAN facing interface and then use it to do SLAAC for your clients. IIRC they delegate a single /64 via PD by default, but you could ask for more.


Spoiler: http://www.dslreports.com/forum/remark,27192895 has the config


See if this helps.


Maybe counterintuitively to v4 wisdom, you do not really need the global address outside to route - the next hops are link locals.


Sent from Cisco Technical Support iPhone App

calejaycolony Tue, 08/21/2012 - 18:52
User Badges:

It was an incomplete implementation in the iOS build. Ended up using a 1941w upgraded to 1.4 and it worked like a charm, although I needed to activate the data eval license to enable the dhcp client pd command on the wan interface. Frustrated that you need to purchase high end feature licenses to emulate the functionality of consumer grade equipment at available at Walmart, but such is Cisco I guess...


Thanks again though!


Sent from Cisco Technical Support iPad App

Actions

This Discussion