IPv6 ISATAP configuration example with a Cisco router as a client
From DocWiki
Contents |
Introduction
This example demonstrates ISATAP configuration on the head-end router and a simulated ISATAP client using a Cisco router.
Usually the client is a Windows PC with IPv6 enabled, initiating the tunnel.
For testing and verification purposes, a Cisco router closest to the clients can act as a client.
For this, we are using ISATAP tunnel at the head-end and IPv6 over IPv4 manual tunnel at the client router.
IPv6 unicast routing can be disabled on the client router, so that it will behave as a true client and install a default IPv6 static route towards the head-end.
Check feature navigator to verify head-end router image supports ISATAP tunnels.
Check feature navigator to verify simulated client router supports manually configured IPv6 over IPv4 tunnels.
Design
Configuration
Head-end router configuration
ipv6 unicast-routing ! interface Loopback0 ip address 15.100.8.1 255.255.255.255 ! interface Tunnel1 no ip address no ip redirects ipv6 address 2001:DB8:CAFE:65::/64 eui-64 <<<Any /64 IPv6 address will work no ipv6 nd ra suppress <<< IPv6 ra is suppressed by default on tunnel. Need to re-enable for client auto-configuration. tunnel source Loopback0 tunnel mode ipv6ip isatap
Simulated ISATAP client on Cisco router
interface ethernet0 ip address 15.2.8.128 255.255.255.0 ! interface Tunnel1 no ip address ipv6 address autoconfig ipv6 enable tunnel mode ipv6ip tunnel source ethernet0 tunnel destination 15.100.8.1
Related show Commands
This section provides information you can use to confirm your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.
Show running-config
Client Tunnel1 should acquire IPv6 address prefix from head-end. Then client source IPv4 address is appended at the end. In this example, 15.2.8.128 => F02:880
show ipv6 interface tunnel1 IPv6 is enabled, link-local address is FE80::F02:880 No Virtual link-local address(es): Stateless address autoconfig enabled Global unicast address(es): 2001:DB8:CAFE:65::F02:880, subnet is 2001:DB8:CAFE:65::/64 [EUI/CAL/PRE] <<< Acquired IPv6 prefix and resultant IPv6 autoconfig address valid lifetime 2591770 preferred lifetime 604570 Joined group address(es): FF02::1 FF02::1:FF02:880 MTU is 1480 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) Default router is FE80::5EFE:F64:801 on Tunnel1 <<< ISATAP head-end as the default router with 0000:5EFE appended with head-end source IPv4
If IPv6 unicast-routing is disabled on the client router, it will also install a default static route pointing towards the ISATAP head-end router.
show ipv6 route IPv6 Routing Table - default - 4 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2 IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external ND - Neighbor Discovery, l - LISP O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 S ::/0 [2/0] via FE80::5EFE:F64:801, Tunnel1 C 2001:DB8:CAFE:65::/64 [0/0] via Tunnel1, directly connected L 2001:DB8:CAFE:65::F02:880/128 [0/0] via Tunnel1, receive L FF00::/8 [0/0] via Null0, receive
Head-end should be able to ping the client.
router#ping ipv6 2001:DB8:CAFE:65::F02:880 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:CAFE:65::F02:880, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms