-
Cisco IOS IPv6 Configuration Guide, Release 12.4T
-
Start Here: Cisco IOS Software Release Specifics for IPv6 Features
-
Implementing IPv6 Addressing and Basic Connectivity
-
Implementing ADSL and Deploying Dial Access for IPv6
-
Implementing Multiprotocol BGP for IPv6
-
Implementing DHCP for IPv6
-
Implementing Dynamic Multipoint VPN for IPv6
-
Implementing EIGRP for IPv6
-
Configuring First Hop Redundancy Protocols in IPv6
-
Implementing IPv6 Secure Neighbor Discovery
-
Implementing IPsec in IPv6 Security
-
Implementing IS-IS for IPv6
-
Implementing IPv6 for Network Management
-
Implementing Mobile IPv6
-
Implementing IPv6 Multicast
-
Implementing NAT-PT for IPv6
-
Implementing NetFlow for IPv6
-
Netflow v9 for IPv6
-
Implementing NTPv4 in IPv6
-
Implementing OSPF for IPv6
-
Implementing IPv6 over MPLS
-
Implementing IPv6 VPN over MPLS
-
Implementing Policy-Based Routing for IPv6
-
Implementing QoS for IPv6
-
Implementing RIP for IPv6
-
Implementing Traffic Filters and Firewalls for IPv6 Security
-
Implementing Static Routes for IPv6
-
Implementing Tunneling for IPv6
-
Implementing VoIP for IPv6
-
Table Of Contents
Implementing ADSL and Deploying Dial Access for IPv6
Prerequisites for Implementing ADSL and Dial Access for IPv6
Restrictions for Implementing ADSL and Deploying Dial Access for IPv6
Information About Implementing ADSL and Deploying Dial Access for IPv6
Stateless Address Autoconfiguration
Prerequisites for Using AAA Attributes for IPv6
RADIUS Per-User Attributes for Virtual Access in IPv6 Environments
How to Configure ADSL and Deploy Dial Access in IPv6
Configuring the Remote CE Router
Configuring the DHCP for IPv6 Server to Obtain Prefixes from RADIUS Servers
Configuring DHCP for IPv6 AAA and SIP Options
Configuration Examples for Implementing ADSL and Deploying Dial Access for IPv6
Implementing ADSL and Deploying Dial Access for IPv6: Example
Feature Information for Implementing ADSL and Deploying Dial Access for IPv6
Implementing ADSL and Deploying Dial Access for IPv6
First Published: November 25, 2002Last Updated: October 21, 2009This module describes the implementation of prefix pools and per-user Remote Access Dial-In User Service (RADIUS) attributes in IPv6. It also describes the deployment of IPv6 in Digital Subscriber Line (DSL) and dial-access environments. Asymmetric Digital Subscriber Line (ADSL) and dial deployment provide the extensions that make large-scale access possible for IPv6 environments, including IPv6 RADIUS attributes, stateless address configuration on Point-to-Point Protocol (PPP) links, per-user static routes, and access control lists (ACLs).
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Implementing ADSL and Deploying Dial Access for IPv6" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for Implementing ADSL and Dial Access for IPv6
•
•
•
•
•
Prerequisites for Implementing ADSL and Dial Access for IPv6
This document assumes that you are familiar with IPv4. Refer to the publications referenced in the "Additional References" section for IPv4 configuration and command reference information.
Restrictions for Implementing ADSL and Deploying Dial Access for IPv6
ADSL and Dial Deployment is available for interfaces with PPP encapsulation enabled, including PPP over ATM (PPPoA), PPP over Ethernet (PPPoE), PPP over async, and PPP over ISDN.
Information About Implementing ADSL and Deploying Dial Access for IPv6
To implement ADSL and deploy dial access for IPv6, you need to understand the following concepts:
Address Assignment for IPv6
A Cisco router configured with IPv6 will advertise its IPv6 prefixes on one or more interfaces, allowing IPv6 clients to automatically configure their addresses. In IPv6, address assignment is performed at the network layer, in contrast to IPv4 where a number of functions are handled in the PPP layer. The only function handled in IPv6 Control Protocol (IPv6CP) is the negotiation of a unique interface identifier. Everything else, including DNS server discovery, is done within the IPv6 protocol itself.
Contrary to IPv4 address assignment, an IPv6 user will be assigned a prefix, not a single address. Typically the Internet Service Provider (ISP) assigns a 64- or 48-bit prefix.
In the IPv6 world, Internet service providers (ISPs) assign long-lived prefixes to users, which has some impact on the routing system. In typical IPv4 environments, each network access server (NAS) has a pool of 24-bit addresses and users get addresses from this pool when dialing in. If a user dials another POP or is connected to another NAS at the same POP, a different IPv4 address is assigned.
Addresses for IPv6 are assigned by two different methods.
•
Stateless Address Autoconfiguration
Assigning addresses using the stateless address autoconfiguration method can only be used to assign 64-bit prefixes. Each user is assigned a 64-bit prefix, which is advertised to the user in a router advertisement (RA). All addresses are automatically configured based on the assigned prefix.
A typical scenario is to assign a separate 64-bit prefix per user; however, users can also be assigned a prefix from a shared pool of addresses. Using the shared limits addresses to only one address per user.
This solution works best for the cases where the customer provider edge router (CPE) is a single PC or is limited to only one subnet. If the user has multiple subnets, Layer 2 (L2) bridging, multilink subnets or proxy RA can be used. The prefix advertised in the RA can come from an authorization, authentication, and accounting (AAA) server, which also provides the prefix attribute, can be manually configured, or can be allocated from a prefix pool.
The Framed-Interface-Id AAA attribute influences the choice of interface identifier for peers and, in combination with the prefix, the complete IPv6 address can be determined.
Prefix Delegation
Prefix delegation uses Dynamic Host Configuration Protocol (DHCP). When the user requests a prefix from the prefix delegator, typically the NAS, the prefix is allocated as described in the "Stateless Address Autoconfiguration" section.
An IPv6 prefix delegating router selects IPv6 prefixes to be assigned to a requesting router upon receiving a request from the client. The delegating router might select prefixes for a requesting router in the following ways:
•
•
•
DHCP SIP Server Options
Two DHCP for IPv6 Session Initiation Protocol (SIP) server options describe a local outbound SIP proxy: one carries a list of domain names, the other a list of IPv6 addresses. These two options can be configured in a DHCPv6 configuration pool.
AAA Attributes for IPv6
Vendor-specific attributes (VSAs) have been developed to support AAA for IPv6. The Cisco VSAs are inacl, outacl, route, and prefix.
Prefix pools and pool names are configurable through AAA.
The following RADIUS attributes as described in RFC 3162 are supported for IPv6:
•
•
•
•
•
These attributes can be configured on a RADIUS server and downloaded to access servers where they can be applied to access connections.
AAA attributes are described in the following sections:
•
Prerequisites for Using AAA Attributes for IPv6
The AAA attributes for IPv6 are compliant with RFC 3162 and require a RADIUS server capable of supporting RFC 3162.
RADIUS Per-User Attributes for Virtual Access in IPv6 Environments
The following IPv6 attributes for RADIUS attribute-value (AV) pairs are supported for virtual access:
Apart from the new IPv6 prefix and IPv6 pool attributes, these are all existing Cisco VSAs extended to support the IPv6 protocol.
Framed-Interface-Id
The Framed-Interface-Id attribute indicates the IPv6 interface identifier to be configured. This per-user attribute is used during the IPv6CP negotiations and may be used in access-accept packets. If the Interface-Identifier IPv6CP option has been successfully negotiated, this attribute must be included in an Acc-0Request packet as a hint by the NAS to the server that it would prefer that value.
Framed-IPv6-Prefix
The Framed-IPv6-Prefix attribute performs the same function as the Cisco VSA: It is used for virtual access only and indicates an IPv6 prefix (and corresponding route) to be configured. This attribute is a per-user attribute and lets the user specify which prefixes to advertise in Neighbor Discovery Router Advertisement messages. The Framed-IPv6-Prefix attribute may be used in access-accept packets and can appear multiple times. The NAS will create a corresponding route for the prefix.
To use this attribute for DHCP for IPv6 prefix delegation, create a profile for the same user on the RADIUS server. The user name associated with the second profile has the suffix "-dhcpv6."
The Framed-IPv6-Prefix attribute in the two profiles is treated differently. If a NAS needs both to send a prefix in router advertisements (RAs) and delegate a prefix to a remote user's network, the prefix for RA is placed in the Framed-IPv6-Prefix attribute in the user's regular profile, and the prefix used for prefix delegation is placed in the attribute in the user's separate profile.
Login-IPv6-Host
The Login-IPv6-Host attribute is a per-user attribute that indicates the IPv6 system with which to connect the user when the Login-Service attribute is included.
Framed-IPv6-Route
The Framed-IPv6-Route attribute performs the same function as the Cisco VSA: It is a per-user attribute that provides routing information to be configured for the user on the NAS. This attribute is a string attribute and is specified using the ipv6 route command.
Framed-IPv6-Pool
The IPv6-Pool attribute is a per-user attribute that contains the name of an assigned pool that should be used to assign an IPv6 prefix for the user. This pool should either be defined locally on the router or defined on a RADIUS server from which pools can be downloaded.
IPv6 Route
The IPv6 route attribute allows you to specify a per-user static route. A static route is appropriate when the Cisco IOS software cannot dynamically build a route to the destination. See the description of the ipv6 route command for more information about building static routes.
The following example shows the IPv6 route attribute used to define a static route:
cisco-avpair = "ipv6:route#1=2001:0DB8:cc00:1::/48",cisco-avpair = "ipv6:route#2=2001::0DB8:cc00:2::/48",IPv6 ACL
You can specify a complete IPv6 access list. The unique name of the access list is generated automatically. The access list is removed when its user logs out. The previous access list on the interface is reapplied.
The inacl and outacl attributes allow you to a specific existing access list configured on the router. The following example shows ACL number 1 specified as the access list:
cisco-avpair = "ipv6:inacl#1=permit 2001:0DB8:cc00:1::/48",cisco-avpair = "ipv6:outacl#1=deny 2001:0DB8::/10",IPv6 Prefix#
The IPv6 prefix# attribute lets you indicate which prefixes to advertise in Neighbor Discovery Router Advertisement messages. When the prefix# attribute is used, a corresponding route (marked as a per-user static route) is installed in the routing information base (RIB) tables for the given prefix.
cisco-avpair = "ipv6:prefix#1=2001:0db8::/64",cisco-avpair = "ipv6:prefix#2=2001:0db8::/64",IPv6 Pool
For RADIUS authentication, the IPv6 pool attribute extends the IPv4 address pool attributed to support the IPv6 protocol. It specifies the name of a local pool on the NAS from which to get the prefix and is used whenever the service is configured as PPP and whenever the protocol is specified as IPv6. Note that the address pool works in conjunction with local pooling. It specifies the name of the local pool that has been preconfigured on the NAS.
IPv6 Prefix Pools
The function of prefix pools in IPv6 is similar to that of address pools in IPv4. The main difference is that IPv6 assigns prefixes rather than single addresses.
As for IPv4, a pool or a pool definition can be configured locally or it can be retrieved from an AAA server. Overlapping membership between pools is not permitted.
Once a pool is configured, it cannot be changed. If you change the configuration, the pool will be removed and re-created. All prefixes previously allocated will be freed.
Prefix pools can be defined so that each user is allocated a 64-bit prefix or so that a single prefix is shared among several users. In a shared prefix pool, each user may receive only one address from the pool.
How to Configure ADSL and Deploy Dial Access in IPv6
The configuration guidelines contained in this section show how to configure ADSL and dial access in IPv6 environments.
•
•
•
•
Configuring the NAS
The first step in setting up dial access is to configure the NAS. All of the dialer groups, access lists, and routes are known to the NAS. This task shows how to configure the NAS to implement ADSL and deploy dial access for IPv6 environments.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
DETAILED STEPS
Troubleshooting Tips
Verify that the access list is installed correctly before proceeding with the next task. Use the show ipv6 access-list and show ipv6 interface commands.
Configuring the Remote CE Router
The following task describes how to configure each remote CE router.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
DETAILED STEPS
What to Do Next
Once you have configured the NAS and CE router, configure RADIUS to establish the AV pairs for callback. Callback allows remote network users to dial in to the NAS without being charged. When callback is required, the NAS hangs up the current call and dials the caller back. When the NAS performs the callback, only information for the outgoing connection is applied. The rest of the attributes from the preauthentication access-accept message are discarded.
The following example shows a RADIUS profile configuration for a local campus:
campus1 Auth-Type = Local, Password = "mypassword"User-Service-Type = Framed-User,Framed-Protocol = PPP,cisco-avpair = "ipv6:inacl#1=permit dead::/64 any",cisco-avpair = "ipv6:route=dead::/64",cisco-avpair = "ipv6:route=cafe::/64",cisco-avpair = "ipv6:prefix=dead::/64 0 0 onlink autoconfig",cisco-avpair = "ipv6:prefix=cafe::/64 0 0 onlink autoconfig",cisco-avpair = "ip:route=10.0.0.0 255.0.0.0",The RADIUS AV pairs for IPv6 are described in RADIUS Per-User Attributes for Virtual Access in IPv6 Environments.
Configuring the DHCP for IPv6 Server to Obtain Prefixes from RADIUS Servers
The following task describes how to configure the DHCP for IPv6 server to obtain prefixes from RADIUS servers.
Prerequisites
Before you perform this task, you must configure the AAA client and PPP on the router.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Configuring DHCP for IPv6 AAA and SIP Options
This optional task allows users to enable the router to support AAA and SIP options.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Configuration Examples for Implementing ADSL and Deploying Dial Access for IPv6
This section provides the following configuration example:
•
Implementing ADSL and Deploying Dial Access for IPv6: Example
This example shows a typical configuration for ADSL and dial access. The following three separate configurations are required:
•
NAS Configuration
This configuration for the ISP NAS shows the configuration that supports access from the remote CE router.
hostname cust1-53aaaa new-modelaaa authentication ppp default if-needed group radiusaaa authorization network default group radiusvirtual-profile virtual-template 1interface Serial0:15encapsulation pppdialer-group 1ppp authentication chap!interface Virtual-Template1ipv6 enable!dialer-list 1 protocol ipv6 permitradius-server host 172.17.250.8 auth-port 1812 acct-port 1813 key testing123Remote CE Router Configuration
This configuration for the remote customer edge router shows PPP encapsulation and IPv6 routes defined.
hostname cust-36ainterface BRI1/0encapsulation pppipv6 enableisdn switch-type basic-net3ppp authentication chap optionalppp multilink!dialer-list 1 protocol ipv6 permitipv6 route 2001:0DB8:1/128 BRI1/0ipv6 route ::/0 2001:0db8:1RADIUS Configuration
This RADIUS configuration shows the definition of AV pairs to establish the static routes.
campus1 Auth-Type = Local, Password = "mypassword"User-Service-Type = Framed-User,Framed-Protocol = PPP,cisco-avpair = "ipv6:inacl#1=permit dead::/64 any",cisco-avpair = "ipv6:route=library::/64",cisco-avpair = "ipv6:route=cafe::/64",cisco-avpair = "ipv6:prefix=library::/64 0 0 onlink autoconfig",cisco-avpair = "ipv6:prefix=cafe::/64 0 0 onlink autoconfig",cisco-avpair = "ip:route=10.0.0.0 255.0.0.0",Where to Go Next
For information about implementing routing protocols for IPv6, refer to the Implementing RIP for IPv6, Implementing IS-IS for IPv6, or the Implementing Multiprotocol BGP for IPv6 module. For information about implementing security for IPv6 environments, refer to the Implementing IPsec in IPv6 Security and Implementing Traffic Filters and Firewalls for IPv6 Security modules.
Additional References
The following sections provide references related to the Implementing ADSL and Deploying Dial Access for IPv6 feature.
Related Documents
IPv6 supported feature list
"Start Here: Cisco IOS Software Release Specifics for IPv6 Features," Cisco IOS IPv6 Configuration Guide
IPv6 basic connectivity
"Implementing IPv6 Addressing and Basic Connectivity," Cisco IOS IPv6 Configuration Guide
IPv6 commands: complete command syntax, command mode, defaults, usage guidelines, and examples
Certification authority and interoperability, RA proxy
"Security Overview," Cisco IOS Security Configuration Guide
RADIUS server configuration
"Security Overview," Cisco IOS Security Configuration Guide
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
RFCs
RFC 3162
RADIUS and IPv6
RFC 3177
IAB/IESG Recommendations on IPv6 Address
RFC 3319
Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiated Protocol (SIP) Servers
Technical Assistance
Feature Information for Implementing ADSL and Deploying Dial Access for IPv6
Table 15 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(13)T or a later release appear in the table.
For information on a feature in this technology that is not documented here, see the Start Here: Cisco IOS Software Release Specifies for IPv6 Features roadmap.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 15 identifies the earliest release for each early-deployment train in which each feature became available.
Table 15 Feature Information for Implementing ADSL and Deploying Dial Access for IPv6
Enhanced IPv6 features for ADSL and dial deployment
12.2(13)T
12.3
12.3(2)T
12.4
12.4(2)TSeveral features were enhanced to enable IPv6 to use ADSL and dial deployment.
The following sections provide information about these features:
•
AAA support for Cisco VSA IPv6 attributes
12.2(13)T
12.3
12.3(2)T
12.4
12.4(2)TVendor-specific attributes (VSAs) were developed to support AAA for IPv6.
The following section provides information about this feature:
PPPoA
12.2(13)T
12.3
12.3(2)T
12.4
12.4(2)TADSL and dial deployment is available for interfaces with PPP encapsulation enabled, including PPPoA.
The following sections provide information about these features:
PPPoE
12.2(13)T
12.3
12.3(2)T
12.4
12.4(2)TADSL and dial deployment is available for interfaces with PPP encapsulation enabled, including PPPoE.
The following sections provide information about these features:
IPv6 prefix pools
12.2(13)T
12.3
12.3(2)T
12.4
12.4(2)TThe function of prefix pools in IPv6 is similar to that of address pools in IPv4. The main difference is that IPv6 assigns prefixes rather than single addresses.
The following sections provide information about these features:
•
AAA support for RFC 3162 IPv6 RADIUS attributes
12.3(4)T
12.4
12.4(2)TThe AAA attributes for IPv6 are compliant with RFC 3162 and require a RADIUS server capable of supporting RFC 3162.
The following sections provide information about these features:
•
•
•
DHCP for IPv6 prefix delegation via AAA
12.2(18)SXE
12.3(14)T
12.4
12.4(2)TThe following sections provide information about these features:
•
•
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2002-2009 Cisco Systems, Inc. All rights reserved.
