Hi
Server 2003 in a workgroup can`t access Internet with IPv6.
All other workstations with OS XP and Win7 works automatic in VLAN10.
Ping output from server 2003 :
Pinging ipv6.l.google.com [2a00:1450:8007::93] from fe80::21b:fcff:fef9:b711%5 w
ith 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Equipment is Cisco 1812w and Cisco 2950 with 4 VLAN`s.
Also tested without Zone based policy firewall.
interface FastEthernet0
description ISP-connect
bandwidth 15000
ip address dhcp
ip nbar protocol-discovery
ip nat outside
no ip virtual-reassembly in
zone-member security INTERNET
duplex auto
speed auto
ipv6 enable
no cdp enable
crypto map CRYDYN
service-policy input mark_qos
no routing dynamic
ipv6 unicast routing is enabled
ipv6 route ::/0 Tunnel0
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
zone-member security INTERNET
ipv6 address 2001:470:27:667::2/64
ipv6 enable
tunnel source 81.167.x.x
tunnel mode ipv6ip
tunnel destination 216.66.80.x
This is the VLAN with server 2003 :
Show run output from VLAN 300
interface Vlan300
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security PRIVATE
ipv6 address 2001:470:27:669::3/64
ipv6 enable
service-policy input trust_qos
service-policy output mark_qos
Box#sh ipv6 int vlan 300
Vlan300 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::21B:D5FF:FE33:C07C
No Virtual link-local address(es):
Global unicast address(es):
2001:470:27:669::3, subnet is 2001:470:27:669::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:3
FF02::1:FF33:C07C
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: QoS classify QoS actions
Output features: CCE Classification Zone based Firewall QoS classify QoS actions
Post_Encap features: QoS Actions
Service-policy input: trust_qos
Service-policy output: mark_qos
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
-------------------------------------------------------------------
This is the VLAN with XP and Win7 (working) :
Show run int vl 10 output
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
zone-member security PRIVATE
ipv6 address 2001:470:28:667::1/64
ipv6 enable
ipv6 mobile home-agent
service-policy input trust_qos
service-policy output mark_qos
Box#sh ipv6 int vlan 10
Vlan10 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::21B:D5FF:FE33:C07C
No Virtual link-local address(es):
Global unicast address(es):
2001:470:28:667::1, subnet is 2001:470:28:667::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF33:C07C
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: QoS classify QoS actions
Output features: CCE Classification Zone based Firewall QoS classify QoS actions
Post_Encap features: QoS Actions
Service-policy input: trust_qos
Service-policy output: mark_qos
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Thank you
Øyvind
Quote
Pinging ipv6.l.google.com [2a00:1450:8007::93] from fe80::21b:fcff:fef9:b711%5 w
It's not getting a global address...I haven't looked real close at your config yet, but what's different between that subnet and that ones that are working?
The config is identical, just different IPv4 subnets.
The IPv6 source address on Interface VLAN 10 2001:470:28:667::1/64 can ping adresses on Internet, but not the source address 2001:470:27:669::3/64 on VLAN 300.
It seem that problem is on the router . Any ideas ?
These IPv6 addresses is manually assigned by me.
Is this a routed /48? If not, you can only have one LAN /64. If you want more than one LAN terminated to the same router you need a /48.
If you have two separate tunnels to each router, then you'll get a separate /64 for each. But only one /64.
Yeah, something's wrong with your address scheme
Quote
...
Global unicast address(es):
2001:470:27:669::3, subnet is 2001:470:27:669::/64
...
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
zone-member security INTERNET
ipv6 address 2001:470:27:667::2/64
If you were using your routed /64, it's only one character away from your tunnel IP. If you were using your /48, it wouldn't even be close to the same address. Better double check something.
Do this mean 48 bit mask on the tunnel and the Interface VLAN`s or only on the tunnel interface ?
Thank you.
Neither...you have to take /64's out of your /48 and use those for your vlans
You shouldn't be writing "/48" anywhere in your configurations