• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Please help me setup a tunnel on my Cisco 2611XM!

Started by fonestar, April 10, 2010, 04:01:28 PM

Previous topic - Next topic

fonestar

Hi there,

Could someone please help me with the config on my 2611XM router?  I have included my actual IP addresses to help and so there will be no confusion (on my part that is).


        Server IPv4 address:     216.218.226.238
   Server IPv6 address:    2001:470:a:225::1/64
   Client IPv4 address:    96.54.52.254
   Client IPv6 address:    2001:470:a:225::2/64

Thank-you!

jimb

Take a look at the tunnel status on the tunnelbroker web site.  There should be a config example you can select for Cisco IOS.

fonestar

Yes, I have tried that... for both my Cisco 2611XM and the client (my Windows XP Pro with IPv6 enabled).  The Cisco also has ipv6 unicast-routing enabled.  Any ideas?  When I go to take further tests it tells me to set up a tunnel still and reports my IPv4 wan ip?

Please help!  I need to have a firm grasp on this!

Thank-you!

broquea

After running the commands on the cisco (or XP for that matter), can it ping ipv6 our side of the tunnel?

If yes, yay! now configure the routed /64 on the cisco's LAN facing interface. Hosts on the lan should auto-configure an address as long as "ipv6 nd suppress-ra" isn't configured on that interface.

If no, paste the cisco config (sanitized if you like) and maybe something obvious will be seen.
Is there anything upstream of the cisco, that might not be forwarding Protocol 41?

jimb

I really wish Cisco would have RA turned off by default.  First time I was dorking around w/ dynamips I found myself with a new default router 'cause I forgot to turn RA off on the LAN interface.

This will be especially troublesome if they start shipping IOS w/ IPv6 enabled by default.  How many people will go ahead an set a V6 address forgetting to turn off RA?

fonestar

I can ping ipv6.he.net from the Cisco 2611XM, not XP.  Here is the Lan facing sub-if of the Cisco, I only configured the ::2 so I don't know if the other one was auto-configured?

!
interface FastEthernet0/1.100
description DATA$FW_INSIDE$
encapsulation dot1Q 100
ip address 192.168.100.254 255.255.255.0
ip access-group 101 in
ip nat inside
ip virtual-reassembly
ipv6 address 2001:470:B:225::/64
ipv6 address 2001:470:B:225::2/64
ipv6 address autoconfig
ipv6 enable
no keepalive
!

lobotiger

Here's what my LAN facing port looks like for reference:

interface FastEthernet0
description to LAN
ip address 192.168.0.1 255.255.255.0
ip access-group INTERNAL_ACL in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
ipv6 address 2001:470:xxxx::1/64
ipv6 enable
service-policy output egress-to-LAN-parent
end

I didn't really add anything more than "ipv6 unicast-routing" in the global config plus what's on that interface.  All my IPv6 capable PCs on the LAN are getting an IP address from the /64 block and can ping the LAN interface as well as any other IPv6 address or site.

BTW, if anyone else thinks I should add/change anything to my config please let me know.

LoboTiger

jimb

@fone:  I'm not sure if the all zeros address is legal or not.  Does that just indicate a prefix for it to self-auto-configure?  If so then it's fine since it's just listing the prefix to use.  If not, it's an invalid IPv6.  It should simply have an address like the :2 address.

@lobo:  Looks good to me.  All you should need is a default route pointing through the tunnel (if this is the tunnel router).

fonestar

Thanks for all your responses.  What I did was I uninstalled ipv6 from XP, rebooted, used netsh to reinstall, auto-configure and now it works fine!

Thanks for the help!