• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

XP PC behind Cisco Router - rtr works, pc doesn't

Started by KevinGLong, December 02, 2008, 08:38:59 PM

Previous topic - Next topic

KevinGLong

I'm having a heck of a time with my setup.  And more confused after looking through the forum discussions.
I have a cable modem connected to a Cisco 1811 Router (fa0) with a built-in switch.  It receives a DHCP address from RoadRunner.
Then an XP(SP2) PC connected to one of the switch ports.
The router is running IOS v 12.4(22)T.  No security zones or policy-maps are enabled.

I can telnet to the router and can ping ipv6.google.com successfully.
The XP PC gets an IPv4 address via DHCP, 192.168.6.13.  It is a new PC, no AV or firewall enabled.

I have issued the XP IPv6 recommended commands from the tunnel details page. I believe this is for the PC to terminate one end of the tunnel but my router handles it instead.

In looking at the "IPv6 if" command I only see FE80: addresses associated with the interfaces so it is not getting a 2001: address from the router. (Should it?)
I tried the "ipv6 nd prefix 2001:470:5:1f4::/64 inf inf" command as mentioned in another thread but it didn't seem to make a difference.
I also tried a manual address on the PC of "ipv6 adu 2/2001:470:d859::2" but no change.
I did issue the "ipv6 rtu ::/0 2/::209.51.161.58 pub" command on the PC.

I just seem to be missing that last step that would tie it all together to get packets to the router and into the tunnel.  The PC cannot ping any ipv6 addresses on the router.

My Cisco certification is ashamed of me. :(

Here is a boatload of info from my router and PC:

Info about the tunnel from HE page:
Server IPv4: 209.51.161.58
Client  IPv4: 75.183.52.248  (no worries about publishing this address)
Server IPv6: 2001:470:4:1f4::1/64
Client  IPv6: 2001:470:4:1f4::2/64
Routed  /48: 2001:470:d859::/48
Routed  /64: 2001:470:5:1f4::/64

=== Cisco Router Config ===
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:4:1F4::2/64
ipv6 enable
tunnel source 75.183.52.248
tunnel destination 209.51.161.58
tunnel mode ipv6ip
!
interface FastEthernet0
description WAN outside facing cable modem
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ipv6 nd ra suppress    [tried both with and without]

interface Vlan1
description VLAN toward PC's
ip address 192.168.6.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ipv6 address 2001:470:D859::1/64
ipv6 enable
!
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit 192.168.6.0 0.0.0.255
!
ipv6 route ::/0 Tunnel0
=== End Cisco Router Config ===

=== Cisco IPv6 Interface Info ===
sho ipv6 int tunnel0
Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::4BB7:34F8
  No Virtual link-local address(es):
  Description: Hurricane Electric IPv6 Tunnel Broker
  Global unicast address(es):
    2001:470:4:1F4::2, subnet is 2001:470:4:1F4::/64
  Joined group address(es):
    FF02::1
    FF02::1:FF00:2
    FF02::1:FFB7:34F8
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 25725)
  Default router is FE80::21A:A0FF:FE0E:832E on Vlan1

sho ipv6 int fa0
[nothing shown]

sho ipv6 int vlan1
Vlan1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::213:C4FF:FEF4:7AC6
  No Virtual link-local address(es):
  Description: VLAN toward PC's
  Global unicast address(es):
    2001:470:D859::1, subnet is 2001:470:D859::/48
  Joined group address(es):
    FF02::1
    FF02::1:FF00:1
    FF02::1:FFF4:7AC6
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 33475)
  Default router is FE80::21A:A0FF:FE0E:832E on Vlan1
=== End Cisco IPv6 Interface Info ===

=== Cisco IPv6 Route Table ===
sho ipv6 route
IPv6 Routing Table - Default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, M - MIPv6, R - RIP, D - EIGRP
       EX - EIGRP external
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S   ::/0 [1/0]
     via Tunnel0, directly connected
C   2001:470:4:1F4::/64 [0/0]
     via Tunnel0, directly connected
L   2001:470:4:1F4::2/128 [0/0]
     via Tunnel0, receive
C   2001:470:5:1F4::/64 [0/0]
     via Vlan1, directly connected
C   2001:470:D859::/48 [0/0]
     via Vlan1, directly connected
L   2001:470:D859::1/128 [0/0]
     via Vlan1, receive
L   FF00::/8 [0/0]
=== End Cisco IPv6 Route Table ===

=== Output of Router Debug ipv6 icmp ===
[ Where is this coming from?  Looks like my side, runs continously]
004310: *Dec  3 03:38:37.551 UTC: ICMPv6: Received N-Solicit, Src=2001:470:4:1F4
::1, Dst=2001:470:4:1F4::2
004311: *Dec  3 03:38:37.551 UTC: ICMPv6: Sent N-Advert, Src=2001:470:4:1F4::2,
Dst=2001:470:4:1F4::1
004312: *Dec  3 03:38:38.551 UTC: ICMPv6: Received N-Solicit, Src=2001:470:4:1F4
::1, Dst=2001:470:4:1F4::2
004313: *Dec  3 03:38:38.551 UTC: ICMPv6: Sent N-Advert, Src=2001:470:4:1F4::2,
Dst=2001:470:4:1F4::1
=== End Output of Router Debug ipv6 icmp ===

=== Output of [PC] ipv6 if command ===
[ with ipv6 adu 2/2001:470:d859::2 command ]

Interface 5: Teredo Tunneling Pseudo-Interface
Guid {B1995C5C-70C3-4C73-85AF-1C6B05ECDE92}  zones: link 5 site 2  cable unplugged  uses
Neighbor Discovery  uses Router Discovery  routing preference 2  link-layer address:
0.0.0.0:0    preferred link-local fe80::ffff:ffff:fffd, life infinite    multicast
interface-local ff01::1, 1 refs, not reportable    multicast link-local ff02::1, 1
refs, not reportable  link MTU 1280 (true link MTU 1280)  current hop limit 128 
reachable time 18500ms (base 30000ms)  retransmission interval 1000ms  DAD transmits
0  default site prefix length 48

Interface 4: Ethernet: Local Area Connection
Guid {7E905548-1BB2-4088-8D94-0062222259BA}  uses Neighbor Discovery  uses Router
Discovery  link-layer address: 00-1a-a0-0e-83-2e    preferred link-local
fe80::21a:a0ff:fe0e:832e, life infinite    multicast interface-local ff01::1, 1
refs, not reportable    multicast link-local ff02::1, 1 refs, not reportable   
multicast link-local ff02::1:ff0e:832e, 1 refs, last reporter  link MTU 1500 (true
link MTU 1500)  current hop limit 128  reachable time 29000ms (base 30000ms) 
retransmission interval 1000ms  DAD transmits 1  default site prefix length 48

Interface 3: 6to4 Tunneling Pseudo-Interface
Guid {A995346E-9F3E-2EDB-47D1-9CC7BA01CD73}  does not use Neighbor Discovery  does not
use Router Discovery  routing preference 1  link MTU 1280 (true link MTU 65515) 
current hop limit 128  reachable time 42500ms (base 30000ms)  retransmission
interval 1000ms  DAD transmits 0  default site prefix length 48

Interface 2: Automatic Tunneling Pseudo-Interface 
Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} 
does not use Neighbor Discovery  does not use Router Discovery  routing preference 1
EUI-64 embedded IPv4 address: 0.0.0.0  router link-layer address: 0.0.0.0   
preferred global 2001:470:d859::2, life infinite (manual)    preferred link-local
fe80::5efe:192.168.6.13, life infinite  link MTU 1280 (true link MTU 65515)  current
hop limit 128  reachable time 21000ms (base 30000ms)  retransmission interval 1000ms
DAD transmits 0  default site prefix length 48

Interface 1: Loopback Pseudo-Interface 
Guid {6BD113CC-5EC2-7638-B953-0B889DA72014}  zones: link 1 site 3 
does not use Neighbor Discovery  does not use Router Discovery  link-layer address: 
   preferred link-local ::1, life infinite    preferred link-local fe80::1, life
infinite  link MTU 1500 (true link MTU 4294967295)  current hop limit 128  reachable
time 19500ms (base 30000ms)  retransmission interval 1000ms  DAD transmits 0 
default site prefix length 48
== End Output of [PC] ipv6 if command ===

Hoping someone can provide a life-giving spark.  Thank you in advance for helping me get some sleep.

Kevin Long, CCSP

KevinGLong

w00t!  Driving in the IPv6 lane on the Information SuperHighway.

I wanted to share what I have learned this evening on my network setup.
My last post was very long so this one only contains the important items.

My XP PC was not getting any routable addresses from the router.  I created an IPv6 DHCP pool on the router. 

I did an "netsh int ipv6 uninstall", reboot, and then a "netsh int ipv6 install" to clear out all of the configs I did last night. 

To see if any routes appeared I did "netsh int ipv6 show route" and they were there. 
So, after getting your router configured just install IPv6 and you should be good to go.

To make sure this actually was the correct way to do things I deleted the v6DHCP commands and rebooted the PC.  No v6 addresses were given.  I added the v6DHCP lines back to the router and I received my 2001: addresses. 
Note: I turned (Cisco) debugging on for the v6DHCP and did not see any addresses being given out but without them nothing worked.

I ask the moderator to edit my post if they feel it contains incorrect information.

Good luck.

Kevin

All comment lines start with !!!.

!!! important parts of the IOS config

ipv6 unicast-routing
ipv6 cef
!!! set up the v6 DHCP pool
ipv6 dhcp pool poolv6
!!! use the Routed /64 address from your tunnel
!!! the 005004... part came from a sample config I found
!!! Unknown what it actually does or stands for
prefix-delegation 2001:470:5:1F4::/64 0005000400F1A4D07003
prefix-delegation pool prefix-pool lifetime 1800 60
!!! this dns address came from www.internic.net/zones/named.root
dns-server 2001:503:BA3E::2:30
domain-name yourdomain.com

!!! this config is directly from the HE sample config for Cisco IOS
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:4:1F4::2/64
ipv6 enable
tunnel source 75.183.52.248
tunnel destination 209.51.161.58
tunnel mode ipv6ip
!
!!! Cisco interface to cable modem - no changes
interface FastEthernet0
description WAN interface facing cable modem
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ipv6 nd ra suppress
!
interface Vlan1
description VLAN toward PC's
ip address 192.168.6.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!!! use your Routed /48 address with a 1 on the end
ipv6 address 2001:470:D859::1/48
ipv6 enable
!!! use your Routed /64 address
ipv6 nd prefix 2001:470:5:1F4::/64 infinite infinite
!!! use the DHCP pool on this interface
ipv6 dhcp server poolv6
!!! static route from HE sample config
ipv6 route ::/0 Tunnel0

rsreese

Kevin,

Do you have to use DHCP? I was under the impression that autoconfigure would work through a Cisco device.

prietus

hi, with this config do you have ipv4/ipv6 connectivity through the internet? i can ping ipv4 addresses from th cisco but not from the pc hosts. you dont need ipv6 dhcp, stateless ipv6 works ok, you can enable security extenxions on the hosts to avoid the mac address to be shown.