• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Configured a tunnel on a Cisco 871, now what

Started by chiel, March 27, 2009, 02:16:17 PM

Previous topic - Next topic


Oke, I have got a Cisco 871 wich works perfectly with ipv4. I have one IPv4 address and use NAT to connect clients on the LAN. Now I have setup a tunnel to hurican electric with the following config that was a example config on the tunnelbroker site:

interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:..../64
ipv6 enable
tunnel source ***** (ipv4)
tunnel destination **** (ipv4)
tunnel mode ipv6ip
ipv6 route ::/0 Tunnel0

This works without any problems from the router (I can ping a IPv6 address).
But what to do now? I want my clients to be able to use the router for IPv6. Must I configure a ipv6 dhcp pool on the router with my subnet?

Any comments are welcome!


You get a routed /64 in addition to the tunnel's point to point.

1) put ::1 of that allocation on your LAN facing interface on the cisco
2) configure RA on the cisco for that interface (might not need to, i know that on foundry you have to suppress-ra to stop things from autoconfiguring.

hosts on your LAN segment should autoconfigure themselves, and be able to reach IPv6 sites on the net


wow, it works! That was easy!!
I didn't need to do step 2. Only configure the /64 on the LAN was enough.

Thanks for your service!


@chiel, what was the specific command you used on the LAN interface to enable this?


interface Vlan1
ip address
ip nat inside
ip virtual-reassembly
ipv6 address 2001:*******/64 <- (the routed /64)
ipv6 enable

only the last two I had to enter to make it work. Btw, a thing to remember is that your ipv4 access lists dont have affect on ipv6


Hmm I get an error but I'm using a different platform (3725):

#ipv6 address 2001:470:XXXX:XXX::/64
% 2001:470:XXXX:XXX::/64 should not be configured on FastEthernet0/1.2, a subnet router anycast


I think that you didn't put the ::1 at the end (see tip 1 at "broquea" post).
Let me know if that worked.


That was what was causing the command to barf :-). Though I still can't get clients on the internal network to grab an IP.

I've tried these various commands based on others recommendations.

ipv6 address 2001:470:880D::1/64

ipv6 nd prefix 2001:470:1F07:3B6::/64 infinite infinite

ipv6 address 2001:470:880D::/64 eui-64

#sh ipv6 int f0/1.2
FastEthernet0/1.2 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::20C:85FF:FE07:A701
  Description: $FW_INSIDE$
  Global unicast address(es):
    2001:470:880D::1, subnet is 2001:470:880D::/64
    2001:470:880D:0:20C:85FF:FE07:A701, subnet is 2001:470:880D::/64 [EUI]
  Joined group address(es):
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds


Found it, I didn't have:

#ipv6 unicast-routing

Thanks for your help!