Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: [solved] Need help with three things for Cisco 2514 Router.  (Read 5521 times)

PatrickDickey

  • Newbie
  • *
  • Posts: 40

Hello everyone,

I have the tunnel in place, and am able to ping my he.net ipv6 server from my Cisco 2514 router.  Now I need to do four things (five if you count ipconfig /release and /renew to get my ipv6 addresses when I'm finished).

1.  I need to configure my inside interface (ethernet0) with my IPv6 address and enable dhcp to distribute my IPv6 addreses to my clients.
2.  I need to configure a static IP address for my Windows Home Server, if it's possible to do this (so it can be reached from the Internet).
3.  I need to forward ports 80, 443, and 4125 to the IPv6 for that server.
4.  I need to configure acl's to prevent anything else from getting in (if necessary).

I know my configuration commands for the interface will be something like:

int eth0
ipv6 address 2001:470:1f10:830::2
ip6 address autoconfig
ipv6 enable

Update:

I tried ipv6 address 2001:470:1f10:830::2/64  and it didn't work (said it was already configured somewhere else --on the tunnel of course).  So I'm at a loss as to what to put there.  I tried ipv6 address autoconfig and it assigned an FE80: address to my interface.  I did an ipconfig /release and /renew on my Windows 7 box, and got (sanitized a bit)

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1560:5f39:4fa0:2ca2%11
   IPv4 Address. . . . . . . . . . . : ipv4 address
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::2e0:b0ff:fe63:cc86%11
                                       ipv4 default gateway (which is right)

Ethernet adapter Hamachi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::100a:a4ff:8234:22bc%14
   IPv4 Address. . . . . . . . . . . : ipv4 address
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : ipv4 default gateway (which is right)

Tunnel adapter isatap.{436476CB-029E-4AD7-B1BE-13888ACC4214}:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.2.4%12
   Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c11:28ef:3f57:fdfb
   Link-local IPv6 Address . . . . . : fe80::3c11:28ef:3f57:fdfb%13
   Default Gateway . . . . . . . . . : ::


for a result.  I'm able to ping my 2001:470:1f10:830::2 address but nothing past that point.

So, I know that I need to configure something for my link-local on int eth0 but I'm at a loss as to what, and then how to get my computers on the LAN side to get an ipv6 address in my /64 range.

Any information on how to accomplish this will be greatly appreciated.  And I'll be willing to post the final (sanitized) configuration for anyone that would want it.  It combines a PPoE connection and the IPv6/IPv4 interfaces.

Have a great day:)
Patrick.
« Last Edit: June 26, 2010, 12:43:48 PM by PatrickDickey »
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2724
Re: Need help with three things for Cisco 2514 Router.
« Reply #1 on: June 25, 2010, 08:55:00 PM »

Without reading too much into this (Sorry, it's late)

You would need to assign an address out of your routed /64 to the inside interface of your router, then set your default route to point at your outside interface

As for assigning addresses, my ASA does Router Advertisement, so I assume your router also would.  If you don't need more than one network, you can just tell it to assign from that same routed /64

If you really want a static address on your Windows machine, you can just do it from the GUI (same way you would add a static IPv4 address) out of that same /64  Or, you can do it from the command line...I don't remember the commands off the top of my head, so you'd need to look those up.

As far as the rest, I don't know if you've seen this

http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-mng_apps.html

or

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/ftipv6c.htm
Logged

PatrickDickey

  • Newbie
  • *
  • Posts: 40
Re: Need help with three things for Cisco 2514 Router.
« Reply #2 on: June 26, 2010, 07:47:25 AM »

Without reading too much into this (Sorry, it's late)

You would need to assign an address out of your routed /64 to the inside interface of your router, then set your default route to point at your outside interface

As for assigning addresses, my ASA does Router Advertisement, so I assume your router also would.  If you don't need more than one network, you can just tell it to assign from that same routed /64

If you really want a static address on your Windows machine, you can just do it from the GUI (same way you would add a static IPv4 address) out of that same /64  Or, you can do it from the command line...I don't remember the commands off the top of my head, so you'd need to look those up.

As far as the rest, I don't know if you've seen this

http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-mng_apps.html

or
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/ftipv6c.htm


Wow!  No, I hadn't seen those.  In fact I did get the IP Addresses to work using some other Cisco docuents and just trying things.  I followed someone else's thread in here http://www.tunnelbroker.net/forums/index.php?topic=927.0 and tweaked it to work with mine.  In my case, I can't use ipv6 dhcp pool.  I had to do it all in one shot with

 ipv6 local pool poolname ipv6address/64  (I can't find it in my config file now, so I'm not sure if I ended up using it or not).

For the ethernet interface, I ended up putting

ipv6 address 2001xxxx:xxxx:830::/64 eui-64
 ipv6 enable

and that worked.  But until you replied, I still had no idea how to get a static IP and I definitely didn't know about these dods..

Thanks for your help, and have a great weekend :)
Patrick.
Logged

PatrickDickey

  • Newbie
  • *
  • Posts: 40
Re: [solved] Need help with three things for Cisco 2514 Router.
« Reply #3 on: June 26, 2010, 03:32:52 PM »

I wanted to add my generic configuration file to this thread as well.  And highlight the portions that deal with the IPv6 configuration.  The router is a Cisco2514 router with two ethernet ports and two serial ports.  The IOS version is 12.3(25).  And this is set up to get PPPoE through a DSL Modem (or cable modem) from your ISP and route your local (NAT/PAT) network through it.  (Ethernet 0 is your LAN side and Ethernet 1 is connected to the modem).  The commands that you need for IPv6 will be in bold. And the ()'s denote my comments only (as you won't use ()'s in your router configuration).

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname whatrouteriscalled
!
boot-start-marker
boot-end-marker
!
enable secret 5 removed-password
!
no aaa new-model
ip subnet-zero
ip cef
ip dhcp excluded-address eth0 ipv4 address
ip dhcp excluded-address switch vlan management ipv4 address
ip dhcp excluded-address server ipv4 address
ip dhcp excluded-address wireless router ipv4 address
ip dhcp excluded-address optional ipv4 (needed for a desktop
ip dhcp excluded-address second wireless router ipv4 address (open wireless)
!
ip dhcp pool internal-network
   network ipv4network (.0) 255.255.255.0
   default-router eth0 ipv4 address
   dns-server 208.67.222.222 208.67.220.220 (OpenDNS Public IPv4 addresses)
!
vpdn enable
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
ipv6 unicast-routing (enables IPv6 and allows for routing)
!
!
!
!
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address client-side ipv6 address/64
 ipv6 enable
 tunnel source Dialer1
 tunnel destination server side ipv4 address for he.net
 tunnel mode ipv6ip

!
interface Ethernet0
 description My LAN Interface
 ip address eth0 ipv4 address 255.255.255.0
 ip nat inside
 no ip mroute-cache
ipv6 address ipv6 network address/64 eui-64 *(ends in : : the space is there so you see the two : instead of the smiley)
 ipv6 enable

 no cdp enable
!
interface Ethernet1
 description Physical ADSL Interface (Facing the ISP)
 no ip address
 no ip mroute-cache
 pppoe enable
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface Serial0
 no ip address
 no ip mroute-cache
 shutdown
 no cdp enable
!
interface Serial1
 no ip address
 no ip mroute-cache
 shutdown
 no cdp enable
!
interface Dialer1
 description Logical ADSL Interface
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 ip tcp adjust-mss 1452
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname username provided by ISP
 ppp chap password 7 encrypted password provided by ISP
 ppp pap sent-username username provided by ISP password 7 encrypted password from ISP
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp server ipv4 address 4125 interface Dialer1 4125
ip nat inside source static tcp server ipv4 address 443 interface Dialer1 443
ip nat inside source static tcp server ipv4 address 80 interface Dialer1 80
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
access-list 10 permit ipv4 network (.0) 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Tunnel0
!
!
line con 0
 exec-timeout 120 0
 password 7 password (encrypted)
 login
 stopbits 1
line aux 0
line vty 0 4
 exec-timeout 0 0
 password 7 password (encrypted)
 no login
 length 0
!
scheduler max-task-time 5000
end
Hope this helps someone else out, and have a great day:)
Patrick.
Logged