Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Routing Platforms => Topic started by: Nate K on January 17, 2020, 11:07:07 PM

Title: Cisco15.7 IOS HE Tunnels, ipv6 dhcp, vlans, sub interfaces,zone based firewall
Post by: Nate K on January 17, 2020, 11:07:07 PM
Hello,
I am trying to configure my Cisco IOS router with a HE tunnel. I already have it configured and I can ping ipv6 addresses with it. I need to figure out how to get routing working with ipv6 addressing. Say I have 2001:470:1f19:43::/64 given to me as my routed 64.

I have several vlans and a physical interface connected to a switch using 802.1Q.

Router 2001:470:1f19:43::1/64
Switch 2001:470:1f19:43::2/64

g0/1.20 vlan20 dhcp 2001:470:1f19:43:20::1/64
g0/1.30 vlan30 dhcp 2001:470:1f19:43:30::1/64
g0/1.40 vlan40 dhcp 2001:470:1f19:43:40::1/64
g0/1.50 vlan60 dhcp 2001:470:1f19:43:50::1/64
g0/1.60 vlan70 dhcp 2001:470:1f19:43:60::1/64
g0/1.70 vlan70 dhcp 2001:470:1f19:43:70::1/64
g0/1.80 vlan70 dhcp 2001:470:1f19:43:80::1/64


I get errors about overlapping ip addresses. This is my first venture into Cisco IOS as I got my router a week ago. I also need to figure out how to allow outgoing traffic one the "router" interface but deny all incoming. I have Tunnel0 as per the autoconfig template on the HE site. I am using zone based access list for my vlans. vlan20 vlan30 etc. blocking off some ip's for static would be nice aswell?

How do I do these things?
Title: Re: Cisco15.7 IOS HE Tunnels, ipv6 dhcp, vlans, sub interfaces,zone based firewall
Post by: snarked on January 18, 2020, 10:11:47 AM
> I get errors about overlapping ip addresses.

Look at your subnet masks.  Maybe you want /80ís for your vlans....
Title: Re: Cisco15.7 IOS HE Tunnels, ipv6 dhcp, vlans, sub interfaces,zone based firewall
Post by: Nate K on January 18, 2020, 11:23:40 AM
> I get errors about overlapping ip addresses.

Look at your subnet masks.  Maybe you want /80ís for your vlans....

NASA(config-subif)#no  ipv6 address 2001:470:1F19:43::3/64
NASA(config-subif)#ipv6 address 2001:470:1F19:43::1/64   
NASA(config-subif)#exit
NASA(config)#int g0/1.20                           
NASA(config-subif)#ipv6 address 2001:470:1F19:43:20::1/80
%GigabitEthernet0/1.20: Error: 2001:470:1F19:43:20::/80 is overlapping with 2001:470:1F19:43::/64 on GigabitEthernet0

I am confused and have no idea what I am doing. I need to set a primary ipv6 to talk to my router and switch. interface g0/1.1 on my router and Vlan1 on my Switch which I am 802.1Q trunking over.

I also need to configure 8 Vlans and was to specified specific ranges for each with a few blocked off addresses for Static.
Title: Re: Cisco15.7 IOS HE Tunnels, ipv6 dhcp, vlans, sub interfaces,zone based firewall
Post by: Nate K on January 18, 2020, 02:43:34 PM
I figured it out. I used a subnet calculator. I find ipv6 confusing nor do i understand subnetting.