• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HE v6 tunnel on Cisco 2911XM - which IOS version? Config hints?

Started by wooshell, November 10, 2011, 05:09:11 AM

Previous topic - Next topic

wooshell

Hi all,
I'm just about to take my first steps in the IPv6 world, and I've reserved some decent hardware for that, but I'd need a little assistance.
I've got a Cisco 2611XM available that I'd like to use. It currently has IOS 12.4.25d "IP base with crypto" package installed.
One of our network gurus at work told me it might be possible that I need to install the "Advanced IP services" or even the "Enterprise services" IOS
to get the necessary functions for 6to4 tunneling. As Cisco packages and licensing are rather complicated, can anyone here shed some light on that?
The IP base package speaks IPv6 just fine, but does it offer enough to set up a static tunnel via HE?
(I've got access to all packages/licenses, but upgrading to Advanced or Enterprise would mean I need to buy a larger Flash module first.)

Also, I've last spoken IOS back when it was v7.. would anyone be so kind to refresh my memory a little on how to set up the router's interfaces?
I want to speak v4 for the tunnel towards my ISP router on Fa0/0 and v6 towards my lab network on Fa1/0.
This should mean that I can simply configure the Cisco as gateway on the PCs.. or can't I?

cholzhauer

Quote
This should mean that I can simply configure the Cisco as gateway on the PCs.. or can't I?

Yes, you're correct.  One side of the router would connect to the internet (or at least a device that can connect you to the internet) and the other side connects to your private LAN.

If you have multiple segments, your router needs to have multiple interfaces (or at least run a VLAN)

I can't help you much with the rest of your questions, but I can try and point you at some other posts that might be helpful

http://www.tunnelbroker.net/forums/index.php?topic=879.0


wooshell

ah.. found my other info in the sticky thread above - 2611XM with 12.4.x needs Advanced IP Services package, and thus a 32MB Flash upgrade in my box.
I'll go grab a stick of memory then..

@Admins: perhaps the sticky thread should have its subject adjusted to show it's a reference for ALL Cisco routers, not just the 4700?

nickbeee

Yes you need Advanced IP Services for 12.4 and 12.4T. I've successfully got it working on a 1711 with c1700-advipservicesk9-mz.124-25d.bin. I used the info from the tunnel broker config page and some additional info on http://wiki.nil.com/IPv6_over_IPv4_tunneling.

Watch for the bug that exists in some 12.4 IOS that cripples the IPv6 throughput if you have IPV6 INSPECT rules. You'll find your upstream bandwidth is crippled.

Do you have native IPv6 connectivity or are you tunnelling?
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.

wooshell

I've now installed the Advanced Enterprise Services image for 12.4.25d and created the tunnel0 interface with the HE example configuration.
If it works on your 12.4.25d, I guess it will also work on mine.. ;-) besides, speed is not an issue at the moment, I'm still in the proof-of-concept phase for my home lab.

I have copied most of the tunnelbroker example configuration from the link you posted, adapted to my prefix and local network.. now let's see whether it works...

wooshell

starts to look nice.. my win2k3 client picks itself an IP from within the prefix I assigned to the 2611XM's LAN interface, so that part seems to work already. it just doesn't seem to regard the router as, well, a router.. all network access now seems to wait for 10 seconds and then fall back to v4. disabling v4 on w2k3 doesn't seem possible either.. when I detach the v4 protocol from the network card, v6 gets turned off as well (at least according to ipconfig).

Can I test from within IOS whether the tunnel is working correctly?

nickbeee

Quote from: wooshell on November 19, 2011, 08:32:18 AM
Can I test from within IOS whether the tunnel is working correctly?

Yes, see if you can ping6 and traceroute6 the remote end of the tunnel.
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.

wooshell

aaargh.. I feel so stupid now..
been looking through show-run at least ten times.. and always overlooked that one line that pointed the ipv4 default route to my old ISP router from the former network config.. as soon as I fixed that entry, I got "line protocol on Tunnel0 changed state to UP"..
and http://www.test-ipv6.com/ seems to confirm that I'm running fine via v6.

now the only thing left to do is secure that tunnel a bit..
got any suggestions for a "block all inbound, permit all outbound" config?
I'm not too good with IOS access lists.. but that should be sufficient for now.

SomeJoe7777

I have a Cisco 2811 with IOS 15.0M that is running IPv6 CBAC and access lists.

The relevant configuration is posted here:

http://www.tunnelbroker.net/forums/index.php?topic=1591.msg9435#msg9435