IPv6 ISATAP configuration example with a Cisco router as a client

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Added metadata template)
 
Line 1: Line 1:
{{Template:Required Metadata}}
{{Template:Required Metadata}}
 +
{{Template:Metadata IPv6 Config Example}}
==Introduction==
==Introduction==

Latest revision as of 23:42, 14 June 2011

Contents

Introduction

This example demonstrates ISATAP configuration on the head-end router and a simulated ISATAP client using a Cisco router.
Usually the client is a Windows PC with IPv6 enabled, initiating the tunnel. For testing and verification purposes, a Cisco router closest to the clients can act as a client.
For this, we are using ISATAP tunnel at the head-end and IPv6 over IPv4 manual tunnel at the client router. IPv6 unicast routing can be disabled on the client router, so that it will behave as a true client and install a default IPv6 static route towards the head-end.
Check feature navigator to verify head-end router image supports ISATAP tunnels.
Check feature navigator to verify simulated client router supports manually configured IPv6 over IPv4 tunnels.

Design

ISATAP client.jpg

Configuration

Head-end router configuration

ipv6 unicast-routing
!
interface Loopback0
 ip address 15.100.8.1 255.255.255.255
!
interface Tunnel1
 no ip address
 no ip redirects
 ipv6 address 2001:DB8:CAFE:65::/64 eui-64 <<<Any /64 IPv6 address will work
 no ipv6 nd ra suppress       <<< IPv6 ra is suppressed by default on tunnel. Need to re-enable for client auto-configuration.
 tunnel source Loopback0
 tunnel mode ipv6ip isatap

Simulated ISATAP client on Cisco router

interface ethernet0
 ip address 15.2.8.128 255.255.255.0
!
interface Tunnel1
 no ip address
 ipv6 address autoconfig
 ipv6 enable
 tunnel mode ipv6ip
 tunnel source ethernet0
 tunnel destination 15.100.8.1


Related show Commands

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.


Show running-config

Client Tunnel1 should acquire IPv6 address prefix from head-end. Then client source IPv4 address is appended at the end. In this example, 15.2.8.128 => F02:880

 show ipv6 interface tunnel1
 IPv6 is enabled, link-local address is FE80::F02:880 
 No Virtual link-local address(es):
 Stateless address autoconfig enabled
 Global unicast address(es):
   2001:DB8:CAFE:65::F02:880, subnet is 2001:DB8:CAFE:65::/64 [EUI/CAL/PRE]  <<< Acquired IPv6 prefix and resultant IPv6 autoconfig address
     valid lifetime 2591770 preferred lifetime 604570
 Joined group address(es):
   FF02::1
   FF02::1:FF02:880
 MTU is 1480 bytes
 ICMP error messages limited to one every 100 milliseconds
 ICMP redirects are enabled
 ICMP unreachables are sent
 ND DAD is enabled, number of DAD attempts: 1
 ND reachable time is 30000 milliseconds (using 30000)
 Default router is FE80::5EFE:F64:801 on Tunnel1 <<< ISATAP head-end as the default router with 0000:5EFE appended with head-end source IPv4


If IPv6 unicast-routing is disabled on the client router, it will also install a default static route pointing towards the ISATAP head-end router.

show ipv6 route
IPv6 Routing Table - default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
      B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2
      IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external
      ND - Neighbor Discovery, l - LISP
      O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
      ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S   ::/0 [2/0]
     via FE80::5EFE:F64:801, Tunnel1
C   2001:DB8:CAFE:65::/64 [0/0]
     via Tunnel1, directly connected
L   2001:DB8:CAFE:65::F02:880/128 [0/0]
     via Tunnel1, receive
L   FF00::/8 [0/0]
     via Null0, receive

Head-end should be able to ping the client.

router#ping ipv6 2001:DB8:CAFE:65::F02:880
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:CAFE:65::F02:880, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

Related Information

Technical Support & Documentation - Cisco Systems

Rating: 3.7/5 (7 votes cast)

Personal tools