• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

[solved] Need help with three things for Cisco 2514 Router.

Started by PatrickDickey, June 24, 2010, 11:05:54 PM

Previous topic - Next topic

PatrickDickey

Hello everyone,

I have the tunnel in place, and am able to ping my he.net ipv6 server from my Cisco 2514 router.  Now I need to do four things (five if you count ipconfig /release and /renew to get my ipv6 addresses when I'm finished).

1.  I need to configure my inside interface (ethernet0) with my IPv6 address and enable dhcp to distribute my IPv6 addreses to my clients.
2.  I need to configure a static IP address for my Windows Home Server, if it's possible to do this (so it can be reached from the Internet).
3.  I need to forward ports 80, 443, and 4125 to the IPv6 for that server.
4.  I need to configure acl's to prevent anything else from getting in (if necessary).

I know my configuration commands for the interface will be something like:

int eth0
ipv6 address 2001:470:1f10:830::2
ip6 address autoconfig
ipv6 enable

Update:

I tried ipv6 address 2001:470:1f10:830::2/64  and it didn't work (said it was already configured somewhere else --on the tunnel of course).  So I'm at a loss as to what to put there.  I tried ipv6 address autoconfig and it assigned an FE80: address to my interface.  I did an ipconfig /release and /renew on my Windows 7 box, and got (sanitized a bit)

Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :
  Link-local IPv6 Address . . . . . : fe80::1560:5f39:4fa0:2ca2%11
  IPv4 Address. . . . . . . . . . . : ipv4 address
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : fe80::2e0:b0ff:fe63:cc86%11
                                      ipv4 default gateway (which is right)

Ethernet adapter Hamachi:

  Connection-specific DNS Suffix  . :
  Link-local IPv6 Address . . . . . : fe80::100a:a4ff:8234:22bc%14
  IPv4 Address. . . . . . . . . . . : ipv4 address
  Subnet Mask . . . . . . . . . . . : 255.0.0.0
  Default Gateway . . . . . . . . . : ipv4 default gateway (which is right)

Tunnel adapter isatap.{436476CB-029E-4AD7-B1BE-13888ACC4214}:

  Connection-specific DNS Suffix  . :
  Link-local IPv6 Address . . . . . : fe80::5efe:192.168.2.4%12
  Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 11:

  Connection-specific DNS Suffix  . :
  IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c11:28ef:3f57:fdfb
  Link-local IPv6 Address . . . . . : fe80::3c11:28ef:3f57:fdfb%13
  Default Gateway . . . . . . . . . : ::


for a result.  I'm able to ping my 2001:470:1f10:830::2 address but nothing past that point.

So, I know that I need to configure something for my link-local on int eth0 but I'm at a loss as to what, and then how to get my computers on the LAN side to get an ipv6 address in my /64 range.

Any information on how to accomplish this will be greatly appreciated.  And I'll be willing to post the final (sanitized) configuration for anyone that would want it.  It combines a PPoE connection and the IPv6/IPv4 interfaces.

Have a great day:)
Patrick.

cholzhauer

Without reading too much into this (Sorry, it's late)

You would need to assign an address out of your routed /64 to the inside interface of your router, then set your default route to point at your outside interface

As for assigning addresses, my ASA does Router Advertisement, so I assume your router also would.  If you don't need more than one network, you can just tell it to assign from that same routed /64

If you really want a static address on your Windows machine, you can just do it from the GUI (same way you would add a static IPv4 address) out of that same /64  Or, you can do it from the command line...I don't remember the commands off the top of my head, so you'd need to look those up.

As far as the rest, I don't know if you've seen this

http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-mng_apps.html

or

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/ftipv6c.htm

PatrickDickey

Quote from: cholzhauer on June 25, 2010, 08:55:00 PM
Without reading too much into this (Sorry, it's late)

You would need to assign an address out of your routed /64 to the inside interface of your router, then set your default route to point at your outside interface

As for assigning addresses, my ASA does Router Advertisement, so I assume your router also would.  If you don't need more than one network, you can just tell it to assign from that same routed /64

If you really want a static address on your Windows machine, you can just do it from the GUI (same way you would add a static IPv4 address) out of that same /64  Or, you can do it from the command line...I don't remember the commands off the top of my head, so you'd need to look those up.

As far as the rest, I don't know if you've seen this

http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-mng_apps.html

or
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/ftipv6c.htm


Wow!  No, I hadn't seen those.  In fact I did get the IP Addresses to work using some other Cisco docuents and just trying things.  I followed someone else's thread in here http://www.tunnelbroker.net/forums/index.php?topic=927.0 and tweaked it to work with mine.  In my case, I can't use ipv6 dhcp pool.  I had to do it all in one shot with

ipv6 local pool poolname ipv6address/64  (I can't find it in my config file now, so I'm not sure if I ended up using it or not).

For the ethernet interface, I ended up putting

ipv6 address 2001xxxx:xxxx:830::/64 eui-64
ipv6 enable

and that worked.  But until you replied, I still had no idea how to get a static IP and I definitely didn't know about these dods..

Thanks for your help, and have a great weekend :)
Patrick.

PatrickDickey

I wanted to add my generic configuration file to this thread as well.  And highlight the portions that deal with the IPv6 configuration.  The router is a Cisco2514 router with two ethernet ports and two serial ports.  The IOS version is 12.3(25).  And this is set up to get PPPoE through a DSL Modem (or cable modem) from your ISP and route your local (NAT/PAT) network through it.  (Ethernet 0 is your LAN side and Ethernet 1 is connected to the modem).  The commands that you need for IPv6 will be in bold. And the ()'s denote my comments only (as you won't use ()'s in your router configuration).

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname whatrouteriscalled
!
boot-start-marker
boot-end-marker
!
enable secret 5 removed-password
!
no aaa new-model
ip subnet-zero
ip cef
ip dhcp excluded-address eth0 ipv4 address
ip dhcp excluded-address switch vlan management ipv4 address
ip dhcp excluded-address server ipv4 address
ip dhcp excluded-address wireless router ipv4 address
ip dhcp excluded-address optional ipv4 (needed for a desktop
ip dhcp excluded-address second wireless router ipv4 address (open wireless)
!
ip dhcp pool internal-network
   network ipv4network (.0) 255.255.255.0
   default-router eth0 ipv4 address
   dns-server 208.67.222.222 208.67.220.220 (OpenDNS Public IPv4 addresses)
!
vpdn enable
!
vpdn-group 1
request-dialin
  protocol pppoe
!
ipv6 unicast-routing (enables IPv6 and allows for routing)
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address client-side ipv6 address/64
ipv6 enable
tunnel source Dialer1
tunnel destination server side ipv4 address for he.net
tunnel mode ipv6ip

!
interface Ethernet0
description My LAN Interface
ip address eth0 ipv4 address 255.255.255.0
ip nat inside
no ip mroute-cache
ipv6 address ipv6 network address/64 eui-64 *(ends in : : the space is there so you see the two : instead of the smiley)
ipv6 enable

no cdp enable
!
interface Ethernet1
description Physical ADSL Interface (Facing the ISP)
no ip address
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Dialer1
description Logical ADSL Interface
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username provided by ISP
ppp chap password 7 encrypted password provided by ISP
ppp pap sent-username username provided by ISP password 7 encrypted password from ISP
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp server ipv4 address 4125 interface Dialer1 4125
ip nat inside source static tcp server ipv4 address 443 interface Dialer1 443
ip nat inside source static tcp server ipv4 address 80 interface Dialer1 80
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
access-list 10 permit ipv4 network (.0) 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Tunnel0
!
!
line con 0
exec-timeout 120 0
password 7 password (encrypted)
login
stopbits 1
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 password (encrypted)
no login
length 0
!
scheduler max-task-time 5000
end
Hope this helps someone else out, and have a great day:)
Patrick.