Community Forum
Top

IPv6 - Cisco IOS Router - Dual Stack prefix delegation

FiberOptics
Regular Visitor
‎07-21-2020 10:47 PM

IPv6 - Cisco IOS Router - Dual Stack prefix delegation

Hello, Comcast Internet users

 

I am just posting what I found on the forum with a working IPv6 / IPv4 dual stack Cisco IOS config. I want to make sure anyone that is trying to get this to work has a good starting point. I had a few issues and would like more suggestions to have a solid conifguration. The Cisco router model is a 2851 - 

 

Hopefully this helps anyone that might be having problems getting this to work.

-----

RTR01-IPv6-HOME#sh ipv6 interface gigabitEthernet 0/0


GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::218:B9FF:FECD:B1B8
No Virtual link-local address(es):
Description: <Cable Modem LAN / PUB INTERFACE> <OUTSIDE IP>
Stateless address autoconfig enabled
Global unicast address(es):
2001:558:XXXX:XX:XXXX:XXXX:XXXX:F61A, subnet is 2001:558:XXXX:XX:XXXX:XXXX:XXXX:F61A/128

 

RTR01-IPv6-HOME#sh ipv6 interface gigabitEthernet 0/1


GigabitEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::218:B9FF:FECD:B1B9
No Virtual link-local address(es):
Description: <Home Data-Network>
General-prefix in use for addressing
Global unicast address(es):
2601:641:XXX:XXXX::1, subnet is 2601:641:XXX:XXXX::/64 [CAL/PRE]

 

RTR02-IPv6-HOME#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S ::/0 [2/0]
via FE80::201:XXXX:XXXX:7E46, GigabitEthernet0/0
LC 2001:558:XXXX:XX:XXXX:XXXX:XXXX:F61A/128 [0/0]
via GigabitEthernet0/0, receive
S 2601:641:XXX:XXXX::/60 [1/0]
via Null0, directly connected
C 2601:641:XXX:XXXX::/64 [0/0]
via GigabitEthernet0/1, directly connected
L 2601:641:XXX:XXXX::1/128 [0/0]
via GigabitEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive

 

----Cisco Configuration - Modify interfaces to what shows on your show run

ip dhcp excluded-address 10.10.20.1 10.10.20.100
!
ip dhcp pool data-ips
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server 1.1.1.1
lease 0 2

 

ipv6 nd reachable-time 3600000
ipv6 unicast-routing
ipv6 cef
ipv6 cef accounting prefix-length

 

ipv6 dhcp pool ComcastPool
prefix-delegation pool comcast-ipv6
dns-server 2606:4700:4700::1111
dns-server 2606:4700:4700::1001

 

ipv6 inspect name firewallv6 udp
ipv6 inspect name IPv6Rule udp
ipv6 inspect name IPv6Rule ftp
ipv6 inspect name IPv6Rule icmp
ipv6 inspect name traffic ftp
ipv6 inspect name traffic udp
ipv6 inspect name traffic icmp

 

interface GigabitEthernet0/0
description <Cable Modem LAN / PUB INTERFACE> <OUTSIDE IP>
bandwidth 70000
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ipv6 nd reachable-time 3600000
ipv6 nd autoconfig default-route
ipv6 dhcp client pd hint ::/60
ipv6 dhcp client pd comcast-ipv6
ipv6 traffic-filter wan-in in
ipv6 traffic-filter wan-out out

 

interface GigabitEthernet0/1
description <Home Local LAN>
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address dhcp
ipv6 address comcast-ipv6 ::1/64
ipv6 enable
ipv6 mtu 1280
ipv6 nd other-config-flag
ipv6 verify unicast reverse-path
ipv6 inspect IPv6Rule out

 

ip nat inside source list 110 interface GigabitEthernet0/0 overload

access-list 11 permit 10.10.20.0 0.0.0.255

access-list 110 permit ip 10.0.0.0 0.255.255.255 any

 

route-map nonat permit 10
match ip address 110

 

ipv6 access-list wan-in
permit icmp any any
permit udp any any eq 546
permit tcp any any established
sequence 100 deny ipv6 any any
!
ipv6 access-list wan-out
permit icmp any any
permit tcp any any
permit udp any any
sequence 100 deny ipv6 any any

 

ipv6 access-list IPv6
permit icmp any any unreachable
permit icmp any any packet-too-big
permit icmp any any hop-limit
permit icmp any any reassembly-timeout
permit icmp any any header
permit icmp any any next-header
permit icmp any any parameter-option
permit icmp any any echo-reply
permit icmp any any dhaad-request
permit icmp any any dhaad-reply
permit icmp any any mpd-solicitation
permit icmp any any mpd-advertisement
permit icmp any any nd-na
permit icmp any any nd-ns
deny ipv6 any any log

 

---

 

RTR02-IPv6-HOME#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp XX.XX.67.205:18986 10.10.20.101:18986 1.1.1.1:53 1.1.1.1:53

tcp XX.XXX.67.205:32784 10.10.20.101:32784 XXX.XXX.164.118:443 172.217.164.118:443

 

RTR02-IPv6-HOME#show ver
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.

 

 

 

Reply
Visit Our Help Communities