Configuring IPv6 Unicast Hosts
This chapter describes how to configure IPv6 host functions on the Catalyst 2360 switch.
For information about configuring IPv6 Multicast Listener Discovery (MLD) snooping, see Chapter 16, "Configuring IPv6 MLD Snooping."
Note
For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS documentation referenced in the procedures
This chapter consists of these sections:
•
"Understanding IPv6" section
•
"Configuring IPv6" section
•
"Displaying IPv6" section
Understanding IPv6
IPv4 users can move to IPv6 and receive services such as end-to-end security, quality of service (QoS), and globally unique addresses. The IPv6 address space reduces the need for private addresses and Network Address Translation (NAT) processing by border routers at network edges.
For information about how Cisco Systems implements IPv6, go to this URL:
http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html
For information about IPv6 and other features in this chapter:
•
See the Cisco IOS IPv6 Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t.html
•
Use the Search field on Cisco.com to locate Cisco IOS software documentation. For example, if you want information about static routes, you can enter Implementing Static Routes for IPv6 in the search field to get see links to multiple documents about static routes.
These sections describe IPv6 implementation on the switch.
•
IPv6 Addresses
•
Supported IPv6 Host Features
IPv6 Addresses
The switch supports only IPv6 unicast addresses. It does not support site-local unicast addresses, anycast addresses, or multicast addresses.
The IPv6 128-bit addresses are represented as a series of eight 16-bit hexadecimal fields separated by colons in the format: n:n:n:n:n:n:n:n. This is an example of an IPv6 address:
2031:0000:130F:0000:0000:09C0:080F:130B
For easier implementation, leading zeros in each field are optional. This is the same address without leading zeros:
2031:0:130F:0:0:9C0:80F:130B
You can also use two colons (::) to represent successive hexadecimal fields of zeros, but you can use this short version only once in each address:
2031:0:130F::09C0:080F:130B
For more information about IPv6 address formats, address types, and the IPv6 packet header, see the "Implementing IPv6 Addressing and Basic Connectivity" chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.
In the "Information About Implementing Basic Connectivity for IPv6" chapter, these sections apply to the switch:
•
IPv6 Address Formats
•
IPv6 Address Output Display
•
Simplified IPv6 Packet Header
Supported IPv6 Host Features
These sections describe the IPv6 protocol features supported by the switch:
•
128-Bit Wide Unicast Addresses
•
DNS for IPv6
•
ICMPv6
•
Default Router Preference
•
IPv6 Stateless Autoconfiguration and Duplicate Address Detection
•
IPv6 Applications
•
SNMP and Syslog Over IPv6
•
HTTP(s) Over IPv6
•
For more information about IPv4 and IPv6 protocol stacks, see the "Implementing IPv6 Addressing and Basic Connectivity" chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.
Support on the switch includes expanded address capability, header format simplification, improved support of extensions and options, and hardware parsing of the extension header. The switch supports hop-by-hop extension header packets, which are routed or bridged in software.
128-Bit Wide Unicast Addresses
The switch supports aggregatable global unicast addresses and link-local unicast addresses. It does not support site-local unicast addresses.
•
Aggregatable global unicast addresses are IPv6 addresses from the aggregatable global unicast prefix. The address structure enables strict aggregation of routing prefixes and limits the number of routing table entries in the global routing table. These addresses are used on links that are aggregated through organizations and eventually to the Internet service provider.
These addresses are defined by a global routing prefix, a subnet ID, and an interface ID. Current global unicast address allocation uses the range of addresses that start with binary value 001 (2000::/3). Addresses with a prefix of 2000::/3(001) through E000::/3(111) must have 64-bit interface identifiers in the extended unique identifier (EUI)-64 format.
•
Link local unicast addresses can be automatically configured on any interface by using the link-local prefix FE80::/10(1111 1110 10) and the interface identifier in the modified EUI format. Link-local addresses are used in the neighbor discovery protocol (NDP) and the stateless autoconfiguration process. Nodes on a local link use link-local addresses and do not require globally unique addresses to communicate. IPv6 routers do not forward packets with link-local source or destination addresses to other links.
For more information, see the section about IPv6 unicast addresses in the "Implementing IPv6 Addressing and Basic Connectivity" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
DNS for IPv6
IPv6 supports Domain Name System (DNS) record types in the DNS name-to-address and address-to-name lookup processes. The DNS AAAA resource record types support IPv6 addresses and are equivalent to an A address record in IPv4. The switch supports DNS resolution for IPv4 and IPv6.
ICMPv6
The Internet Control Message Protocol (ICMP) in IPv6 generates error messages, such as ICMP destination unreachable messages, to report errors during processing and other diagnostic functions. In IPv6, ICMP packets are also used in path MTU discovery.
Default Router Preference
The switch supports IPv6 default router preference (DRP), an extension in router advertisement messages. DRP improves the ability of a host to select an appropriate router, especially when the host is multihomed and the routers are on different links. The switch does not support the Route Information Option in RFC 4191.
An IPv6 host maintains a default router list from which it selects a router for traffic to offlink destinations. The selected router for a destination is then cached in the destination cache. NDP for IPv6 specifies that routers that are reachable or probably reachable are preferred over routers whose reachability is unknown or suspect. For reachable or probably reachable routers, NDP can either select the same router every time or cycle through the router list. By using DRP, you can configure an IPv6 host to prefer one router over another, provided both are reachable or probably reachable.
For more information about DRP for IPv6, see the "Implementing IPv6 Addresses and Basic Connectivity" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
IPv6 Stateless Autoconfiguration and Duplicate Address Detection
The switch uses stateless autoconfiguration to manage link, subnet, and site addressing changes, such as management of host and mobile IP addresses. A host autonomously configures its own link-local address, and booting nodes send router solicitations to request router advertisements for configuring interfaces.
For more information about autoconfiguration and duplicate address detection, see the "Implementing IPv6 Addressing and Basic Connectivity" chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.
IPv6 Applications
The switch has IPv6 support for these applications:
•
Ping, traceroute, Telnet, TFTP, and FTP
•
HTTP server access over IPv6 transport
•
DNS resolver for AAAA over IPv4 transport
For more information about managing these applications, see the "Managing Cisco IOS Applications over IPv6" chapter and the "Implementing IPv6 Addressing and Basic Connectivity" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
SNMP and Syslog Over IPv6
To support both IPv4 and IPv6, IPv6 network management requires both IPv6 and IPv4 transports. Syslog over IPv6 supports address data types for these transports.
SNMP and syslog over IPv6 provide these features:
•
Support for both IPv4 and IPv6
•
IPv6 transport for SNMP and to modify the SNMP agent to support traps for an IPv6 host
•
SNMP- and syslog-related MIBs to support IPv6 addressing
•
Configuration of IPv6 hosts as trap receivers
For support over IPv6, SNMP modifies the existing IP transport mapping to simultaneously support IPv4 and IPv6. These SNMP actions support IPv6 transport management:
•
Opens User Datagram Protocol (UDP) SNMP socket with default settings
•
Provides a new transport mechanism called SR_IPV6_TRANSPORT
•
Sends SNMP notifications over IPv6 transport
•
Supports SNMP-named access lists for IPv6 transport
•
Supports SNMP proxy forwarding using IPv6 transport
•
Verifies SNMP Manager feature works with IPv6 transport
For information on SNMP over IPv6, including configuration procedures, see the "Managing Cisco IOS Applications over IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
For information about syslog over IPv6, including configuration procedures, see the "Implementing IPv6 Addressing and Basic Connectivity" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
HTTP(s) Over IPv6
The HTTP client sends requests to both IPv4 and IPv6 HTTP servers, which respond to requests from both IPv4 and IPv6 HTTP clients. URLs with literal IPv6 addresses must be specified in hexadecimal using 16-bit values between colons.
The accept socket call chooses an IPv4 or IPv6 address family. The accept socket is either an IPv4 or IPv6 socket. The listening socket continues to listen for both IPv4 and IPv6 signals that indicate a connection. The IPv6 listening socket is bound to an IPv6 wildcard address.
The underlying TCP/IP stack supports a dual-stack environment. HTTP relies on the TCP/IP stack and the sockets for processing network-layer interactions.
Basic network connectivity (ping) must exist between the client and the server hosts before HTTP connections can be made.
For more information, see the "Managing Cisco IOS Applications over IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
For more information about IPv4 and IPv6 protocol stacks, see the "Implementing IPv6 Addressing and Basic Connectivity" chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring IPv6
•
Default IPv6 Configuration
•
Configuring IPv6 Addressing and Enabling IPv6 Host
•
Configuring Default Router Preference
•
Configuring IPv6 ICMP Rate Limiting
•
Configuring IPv6 ICMP Rate Limiting
•
Configuring IPv6 ICMP Rate Limiting
Default IPv6 Configuration
Table 27-1 shows the default IPv6 configuration.
Table 27-1 Default IPv6 Configuration
|
|
SDM template |
Default. |
IPv6 addresses |
None configured |
Configuring IPv6 Addressing and Enabling IPv6 Host
This section describes how to assign IPv6 addresses to individual interfaces and to globally forward IPv6 traffic on the switch.
Before configuring IPv6 on the switch, consider this:
•
In the ipv6 address interface configuration command, you must enter the ipv6-address and ipv6-prefix variables with the address specified in hexadecimal using 16-bit values between colons. The prefix-length variable (preceded by a slash [/]) is a decimal value that shows how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address).
To forward IPv6 traffic on an interface, you must configure a global IPv6 address on that interface. Configuring an IPv6 address on an interface automatically configures a link-local address and activates IPv6 for the interface. The configured interface automatically joins these required multicast groups for that link:
•
solicited-node multicast group FF02:0:0:0:0:1:ff00::/104 for each unicast address assigned to the interface (this address is used in the neighbor discovery process.)
•
all-nodes link-local multicast group FF02::1
•
all-routers link-local multicast group FF02::2
For more information about configuring IPv6, see the "Implementing Addressing and Basic Connectivity for IPv6" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Beginning in privileged EXEC mode, follow these steps to assign an IPv6 address to an interface and enable IPv6 forwarding:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface interface-id |
Enter interface configuration mode, and specify the Layer 3 interface to configure. The interface can be a physical interface, a switch virtual interface (SVI), or a Layer 3 EtherChannel. |
Step 3 |
ipv6 address ipv6-prefix/prefix length eui-64 or ipv6 address ipv6-address link-local or ipv6 enable |
Specify a global IPv6 address with an extended unique identifier (EUI) in the low-order 64 bits of the IPv6 address. Specify only the network prefix; the last 64 bits are automatically computed from the switch MAC address. This enables IPv6 processing on the interface. Specify a link-local address on the interface to be used instead of the link-local address that is automatically configured when IPv6 is enabled on the interface. This command enables IPv6 processing on the interface. Automatically configure an IPv6 link-local address on the interface, and enable the interface for IPv6 processing. The link-local address can only be used to communicate with nodes on the same link. |
Step 4 |
end |
Return to privileged EXEC mode. |
Step 5 |
show ipv6 interface interface-id |
Verify your entries. |
Step 6 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To remove an IPv6 address from an interface, use the no ipv6 address ipv6-prefix/prefix length eui-64 or no ipv6 address ipv6-address link-local interface configuration command. To remove all manually configured IPv6 addresses from an interface, use the no ipv6 address interface configuration command without arguments. To disable IPv6 processing on an interface that has not been explicitly configured with an IPv6 address, use the no ipv6 enable interface configuration command.
This example shows how to enable IPv6 with both a link-local address and a global address based on the IPv6 prefix 2001:0DB8:c18:1::/64. The EUI-64 interface ID is used in the low-order 64 bits of both addresses. Output from the show ipv6 interface EXEC command is included to show how the interface ID (20B:46FF:FE2F:D940) is appended to the link-local prefix FE80::/64 of the interface.
Switch(config)# sdm prefer dual-ipv4-and-ipv6 default
Switch(config)# interface gigabitethernet0/11
Switch(config-if)# ipv6 address 2001:0DB8:c18:1::/64 eui 64
Switch# show ipv6 interface gigabitethernet0/11
GigabitEthernet1/0/11 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20B:46FF:FE2F:D940
Global unicast address(es):
2001:0DB8:c18:1:20B:46FF:FE2F:D940, subnet is 2001:0DB8:c18:1::/64 [EUI]
Joined group address(es):
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
Configuring Default Router Preference
Router advertisement messages are sent with the default router preference (DRP) configured by the ipv6 nd router-preference interface configuration command. If no DRP is configured, RAs are sent with a medium preference.
A DRP is useful when two routers on a link might provide equivalent, but not equal-cost routing, and policy might dictate that hosts should prefer one of the routers.
Beginning in privileged EXEC mode, follow these steps to configure a DRP for a router on an interface.
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface interface-id |
Enter interface configuration mode, and enter the Layer 3 interface on which you want to specify the DRP. |
Step 3 |
ipv6 nd router-preference {high | medium | low} |
Specify a DRP for the router on the switch interface. |
Step 4 |
end |
Return to privileged EXEC mode. |
Step 5 |
show ipv6 interface |
Verify the configuration. |
Step 6 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
Use the no ipv6 nd router-preference interface configuration command to disable an IPv6 DRP.
This example shows how to configure a DRP of high for the router on an interface.
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ipv6 nd router-preference high
For more information about configuring DRP for IPv6, see the "Implementing IPv6 Addresses and Basic Connectivity" chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring IPv6 ICMP Rate Limiting
ICMP rate limiting is enabled by default with a default interval between error messages of 100 milliseconds and a bucket size (maximum number of tokens to be stored in a bucket) of 10.
Beginning in privileged EXEC mode, follow these steps to change the ICMP rate-limiting parameters:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
ipv6 icmp error-interval interval [bucketsize] |
Configure the interval and bucket size for IPv6 ICMP error messages: • interval—The interval (in milliseconds) between tokens being added to the bucket. The range is from 0 to 2147483647 milliseconds. • bucketsize—(Optional) The maximum number of tokens stored in the bucket. The range is from 1 to 200. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show ipv6 interface [interface-id] |
Verify your entries. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
To return to the default configuration, use the no ipv6 icmp error-interval global configuration command.
This example shows how to configure an IPv6 ICMP error message interval of 50 milliseconds and a bucket size of 20 tokens.
Switch(config)#ipv6 icmp error-interval 50 20
Displaying IPv6
For complete syntax and usage information on these commands, see the Cisco IOS command reference publications.
Table 27-2 shows the privileged EXEC commands for monitoring IPv6 on the switch.
Table 27-2 Commands for Monitoring IPv6
|
|
show ipv6 interface interface-id |
Display IPv6 interface status and configuration. |
show ipv6 mtu |
Display IPv6 MTU per destination cache. |
show ipv6 prefix-list |
Display a list of IPv6 prefix lists. |
show ipv6 static |
Display IPv6 static routes. |
show ipv6 traffic |
Display IPv6 traffic statistics. |
Table 27-3 shows the privileged EXEC commands for displaying information about IPv4 and IPv6 address types.
Table 27-3 Commands for Displaying IPv4 and IPv6 Address Types
|
|
show ip http server history |
Display the previous 20 connections to the HTTP server, including the IP address accessed and the time when the connection was closed. |
show ip http server connection |
Display the current connections to the HTTP server, including the local and remote IP addresses being accessed. |
show ip http client connection |
Display the configuration values for HTTP client connections to HTTP servers. |
show ip http client history |
Display a list of the last 20 requests made by the HTTP client to the server. |