- Index
- Preface
- Overview
- Using the Command-Line Interface
- Clustering Switches
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Managing Switch Stacks
- Administering the Switch
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Interface Characteristics
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLAN
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging and Smart Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring EtherChannels and Link-State Tracking
- Configuring TelePresence E911 IP Phone Support
- Configuring IP Unicast Routing
- Configuring IPv6 Routing
- Configuring IPv6 MLD Snooping
- Configuring IPv6 ACLs
- Configuring HSRP and VRRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring IP Multicast Routing
- Configuring MSDP
- Configuring Cache Services By Using WCCP
- Configuring Fallback Bridging
- Troubleshooting
- Configuring Online Diagnostics
- Configuring the Catalyst 3750G Integrated Wireless LAN Controller Switch
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 12.2(58)SE
- Understanding IPv6
- IPv6 Addresses
- Supported IPv6 Unicast Routing Features
- 128-Bit Wide Unicast Addresses
- DNS for IPv6
- Path MTU Discovery for IPv6 Unicast
- ICMPv6
- Neighbor Discovery
- Default Router Preference
- IPv6 Stateless Autoconfiguration and Duplicate Address Detection
- IPv6 Applications
- Dual IPv4 and IPv6 Protocol Stacks
- DHCP for IPv6 Address Assignment
- Static Routes for IPv6
- RIP for IPv6
- OSPF for IPv6
- OSPFv3 Graceful Restart
- EIGRP for IPv6
- HSRP for IPv6
- SNMP and Syslog Over IPv6
- HTTP(S) Over IPv6
- Unsupported IPv6 Unicast Routing Features
- Limitations
- IPv6 and Switch Stacks
- Configuring IPv6
- Default IPv6 Configuration
- Configuring IPv6 Addressing and Enabling IPv6 Routing
- Configuring Default Router Preference
- Configuring IPv4 and IPv6 Protocol Stacks
- Configuring DHCP for IPv6 Address Assignment
- Configuring IPv6 ICMP Rate Limiting
- Configuring CEF and dCEF for IPv6
- Configuring Static Routes for IPv6
- Configuring RIP for IPv6
- Configuring OSPF for IPv6
- Configuring EIGRP for IPv6
- Configuring HSRP for IPv6
Configuring IPv6 Unicast Routing
This chapter describes how to configure IPv6 unicast routing on the Catalyst 3750 switch.
Note To use all IPv6 features in this chapter, the stack master must be running the IP services image. Switches running the IP base image support only IPv6 static routing and RIP for IPv6.
For information about configuring IPv6 Multicast Listener Discovery (MLD) snooping, see Chapter40, “Configuring IPv6 MLD Snooping”For information on configuring IPv6 access control lists (ACLs), see Chapter41, “Configuring IPv6 ACLs” For information about configuring IPv4 unicast routing, see Chapter38, “Configuring IP Unicast Routing”
To enable IPv6 routing, you must configure the switch to use the a dual IPv4 and IPv6 switch database management (SDM) template. See the “Dual IPv4 and IPv6 Protocol Stacks” section.
Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS documentation referenced in the procedures.
Understanding IPv6
IPv4 users can move to IPv6 and receive services such as end-to-end security, quality of service (QoS), and globally unique addresses. The IPv6 address space reduces the need for private addresses and Network Address Translation (NAT) processing by border routers at network edges.
For information about how Cisco Systems implements IPv6, go to:
http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html
For information about IPv6 and other features in this chapter:
- See the Cisco IOS IPv6 Configuration Library :
http://www.cisco.com/en/US/docs/ios/12_2t/ipv6/ipv6_vgf.html - Use the Search field to locate the Cisco IOS software documentation. For example, if you want information about static routes, you can enter Implementing Static Routes for IPv6 in the search field to get this document about static routes:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-stat_routes_ps6441_TSD_Products_Configuration_Guide_Chapter.html
These sections describe IPv6 implementation on the switch.
- IPv6 Addresses
- Supported IPv6 Unicast Routing Features
- Unsupported IPv6 Unicast Routing Features
- Limitations
- IPv6 and Switch Stacks
IPv6 Addresses
The switch supports only IPv6 unicast addresses. It does not support site-local unicast addresses, anycast addresses, or multicast addresses.
The IPv6 128-bit addresses are represented as a series of eight 16-bit hexadecimal fields separated by colons in the format: n:n:n:n:n:n:n:n. This is an example of an IPv6 address:
2031:0000:130F:0000:0000:09C0:080F:130B
For easier implementation, leading zeros in each field are optional. This is the same address without leading zeros:
You can also use two colons (::) to represent successive hexadecimal fields of zeros, but you can use this short version only once in each address:
For more information about IPv6 address formats, address types, and the IPv6 packet header, see the “Implementing IPv6 Addressing and Basic Connectivity” chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.
In the “Implementing Addressing and Basic Connectivity” chapter, these sections apply to the Catalyst 3750switch:
Supported IPv6 Unicast Routing Features
These sections describe the IPv6 protocol features supported by the switch:
- 128-Bit Wide Unicast Addresses
- DNS for IPv6
- Path MTU Discovery for IPv6 Unicast
- ICMPv6
- Neighbor Discovery
- Default Router Preference
- IPv6 Stateless Autoconfiguration and Duplicate Address Detection
- IPv6 Applications
- Dual IPv4 and IPv6 Protocol Stacks
- DHCP for IPv6 Address Assignment
- Static Routes for IPv6
- RIP for IPv6
- OSPF for IPv6 (only on switches running the IP services image)
- OSPFv3 Graceful Restart (only on switches running the IP services image)
- EIGRP for IPv6 (only on switches running the IP services image)
- HSRP for IPv6 (only on switches running the IP services image)
- SNMP and Syslog Over IPv6
- HTTP(S) Over IPv6
Support on the switch includes expanded address capability, header format simplification, improved support of extensions and options, and hardware parsing of the extension header. The switch supports hop-by-hop extension header packets, which are routed or bridged in software.
The switch provides IPv6 routing capability over native Ethernet Inter-Switch Link (ISL) or 802.1Q trunk ports for static routes, Routing Information Protocol (RIP) for IPv6, and Open Shortest Path First (OSPF) Version 3 Protocol. It supports up to 16 equal-cost routes and can simultaneously forward IPv4 and IPv6 frames at line rate.
128-Bit Wide Unicast Addresses
The switch supports aggregatable global unicast addresses and link-local unicast addresses. It does not support site-local unicast addresses.
- Aggregatable global unicast addresses are IPv6 addresses from the aggregatable global unicast prefix. The address structure enables strict aggregation of routing prefixes and limits the number of routing table entries in the global routing table. These addresses are used on links that are aggregated through organizations and eventually to the Internet service provider.
These addresses are defined by a global routing prefix, a subnet ID, and an interface ID. Current global unicast address allocation uses the range of addresses that start with binary value 001 (2000::/3). Addresses with a prefix of 2000::/3(001) through E000::/3(111) must have 64-bit interface identifiers in the extended unique identifier (EUI)-64 format.
- Link local unicast addresses can be automatically configured on any interface by using the link-local prefix FE80::/10(1111 1110 10) and the interface identifier in the modified EUI format. Link-local addresses are used in the neighbor discovery protocol (NDP) and the stateless autoconfiguration process. Nodes on a local link use link-local addresses and do not require globally unique addresses to communicate. IPv6 routers do not forward packets with link-local source or destination addresses to other links.
For more information, see the section about IPv6 unicast addresses in the “Implementing IPv6 Addressing and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
DNS for IPv6
IPv6 supports Domain Name System (DNS) record types in the DNS name-to-address and address-to-name lookup processes. The DNS AAAA resource record types support IPv6 addresses and are equivalent to an A address record in IPv4. The switch supports DNS resolution for IPv4 and IPv6.
Path MTU Discovery for IPv6 Unicast
The switch supports advertising the system maximum transmission unit (MTU) to IPv6 nodes and path MTU discovery. Path MTU discovery allows a host to dynamically discover and adjust to differences in the MTU size of every link along a given data path. In IPv6, if a link along the path is not large enough to accommodate the packet size, the source of the packet handles the fragmentation. The switch does not support path MTU discovery for multicast packets.
ICMPv6
The Internet Control Message Protocol (ICMP) in IPv6 generates error messages, such as ICMP destination unreachable messages, to report errors during processing and other diagnostic functions. In IPv6, ICMP packets are also used in the neighbor discovery protocol and path MTU discovery.
Neighbor Discovery
The switch supports NDP for IPv6, a protocol running on top of ICMPv6, and static neighbor entries for IPv6 stations that do not support NDP. The IPv6 neighbor discovery process uses ICMP messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), to verify the reachability of the neighbor, and to keep track of neighboring routers.
The switch supports ICMPv6 redirect for routes with mask lengths less than 64 bits. ICMP redirect is not supported for host routes or for summarized routes with mask lengths greater than 64 bits.
Neighbor discovery throttling ensures that the switch CPU is not unnecessarily burdened while it is in the process of obtaining the next hop forwarding information to route an IPv6 packet. The switch drops any additional IPv6 packets whose next hop is the same neighbor that the switch is actively trying to resolve. This drop avoids further load on the CPU.
Default Router Preference
The switch supports IPv6 default router preference (DRP), an extension in router advertisement messages. DRP improves the ability of a host to select an appropriate router, especially when the host is multihomed and the routers are on different links. The switch does not support the Route Information Option in RFC 4191.
An IPv6 host maintains a default router list from which it selects a router for traffic to offlink destinations. The selected router for a destination is then cached in the destination cache. NDP for IPv6 specifies that routers that are reachable or probably reachable are preferred over routers whose reachability is unknown or suspect. For reachable or probably reachable routers, NDP can either select the same router every time or cycle through the router list. By using DRP, you can configure an IPv6 host to prefer one router over another, provided both are reachable or probably reachable.
For more information about DRP for IPv6, see the “Implementing IPv6 Addresses and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
IPv6 Stateless Autoconfiguration and Duplicate Address Detection
The switch uses stateless autoconfiguration to manage link, subnet, and site addressing changes, such as management of host and mobile IP addresses. A host autonomously configures its own link-local address, and booting nodes send router solicitations to request router advertisements for configuring interfaces.
For more information about autoconfiguration and duplicate address detection, see the “Implementing IPv6 Addressing and Basic Connectivity” chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.
IPv6 Applications
The switch has IPv6 support for these applications:
- Ping, traceroute, Telnet, and TFTP
- Secure Shell (SSH) over an IPv6 transport
- HTTP server access over IPv6 transport
- DNS resolver for AAAA over IPv4 transport
- Cisco Discovery Protocol (CDP) support for IPv6 addresses
For more information about managing these applications, see the “Managing Cisco IOS Applications over IPv6” chapter and the “Implementing IPv6 Addressing and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Dual IPv4 and IPv6 Protocol Stacks
You must use the dual IPv4 and IPv6 template to allocate ternary content addressable memory (TCAM) usage to both IPv4 and IPv6 protocols.
Dual IPv4 and IPv6 Support on an Interface shows a router forwarding both IPv4 and IPv6 traffic through the same interface, based on the IP packet and destination addresses.
Figure 39-1 Dual IPv4 and IPv6 Support on an Interface
Use the dual IPv4 and IPv6 switch database management (SDM) template to enable IPv6 routing. For more information about the dual IPv4 and IPv6 SDM template, see Chapter8, “Configuring SDM Templates”
The dual desktop and aggregator IPv4 and IPv6 templates allow the switch to be used in dual stack environments.
- If you try to configure IPv6 without first selecting a dual IPv4 and IPv6 template, a warning message appears.
- In IPv4-only environments, the switch routes IPv4 packets and applies IPv4 QoS and ACLs in hardware. IPv6 packets are not supported.
- In dual IPv4 and IPv6 environments, the switch routes both IPv4 and IPv6 packets and applies IPv4 QoS in hardware.
- Full IPv6 QoS is not supported. IPv6 QoS trust is supported.
- If you do not plan to use IPv6, do not use the dual stack template because this template results in less TCAM capacity for each resource.
For more information about IPv4 and IPv6 protocol stacks, see the “Implementing IPv6 Addressing and Basic Connectivity” chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.
DHCP for IPv6 Address Assignment
DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 clients. The address assignment feature manages nonduplicate address assignment in the correct prefix based on the network where the host is connected. Assigned addresses can be from one or multiple prefix pools. Additional options, such as default domain and DNS name-server address, can be passed back to the client. Address pools can be assigned for use on a specific interface, on multiple interfaces, or the server can automatically find the appropriate pool.
Beginning with Cisco IOS Release 12.2(58)SE, switches running the IP-base feature set support these features:
DHCPv6 bulk-lease query allows a client to request information about DHCPv6 bindings. This functionality adds new query types and allows the bulk transfer of DHCPv6 binding data through TCP. Bulk transfer of DHCPv6 binding data is useful when the relay server switch is rebooted and the relay server has lost all the binding information. After the reboot, the relay server automatically generates a bulk-lease query to get the binding information from the DHCP server.
The DHCPv6 server replies to the source address of the DHCP relay agent. Typically, messages from a DHCPv6 relay agent show the source address of the interface from which they are sent. You can use the DHCPv6 relay source configuration feature to configure a more stable address (such as a loopback interface) as the source address for messages from the relay agent. You can configure the source address globally for the switch or for a specific interface. An address configured on an interface takes precedence over one configured globally.
For more information and to configure these features, see the Cisco IOS IPv6 Configuration Guide, Release 12.4.
This document describes only the DHCPv6 address assignment. For more information about configuring the DHCPv6 client, server, or relay agent functions, see the “Implementing DHCP for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Static Routes for IPv6
Static routes are manually configured and define an explicit route between two networking devices. Static routes are useful for smaller networks with only one path to an outside network or to provide security for certain types of traffic in a larger network.
For more information about static routes, see the “Implementing Static Routes for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
RIP for IPv6
Routing Information Protocol (RIP) for IPv6 is a distance-vector protocol that uses hop count as a routing metric. It includes support for IPv6 addresses and prefixes and the all-RIP-routers multicast group address FF02::9 as the destination address for RIP update messages.
For more information about RIP for IPv6, see the “Implementing RIP for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
OSPF for IPv6
The switch running the IP services image supports Open Shortest Path First (OSPF) for IPv6, a link-state protocol for IP. For more information, see the “Implementing OSFP for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
OSPFv3 Graceful Restart
Beginning with Cisco IOS Release 12.2(58)SE, switches running the IP-services feature set support the graceful restart feature in OSPFv3. This feature allows nonstop data forwarding along known routes while the OSPFv3 routing protocol information is restored. A switch uses graceful restart either in restart mode (for a graceful-restart-capable switch) or in helper mode (for a graceful-restart-aware switch).
To use the graceful restart function, a switch must be in high-availability stateful switchover (SSO) mode (dual route processor). A switch capable of graceful restart uses it when these failures occur:
- A route processor failure that results in changeover to the standby route processor
- A planned route processor changeover to the standby route processor
The graceful restart feature requires that neighboring switches be graceful-restart aware.
For more information, see the “Implementing OSFP for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
EIGRP for IPv6
Switches running the IP services image support the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6. It is configured on the interfaces on which it runs and does not require a global IPv6 address.
Note Switches running the IP base image do not support any IPv6 EIGRP features, including IPv6 EIGRP stub routing.
Before running, an instance of EIGRP IPv6 requires an implicit or explicit router ID. An implicit router ID is derived from a local IPv4 address, so any IPv4 node always has an available router ID. However, EIGRP IPv6 might be running in a network with only IPv6 nodes and therefore might not have an available IPv4 router ID.
For more information about EIGRP for IPv6, see the “Implementing EIGRP for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
HSRP for IPv6
The switch running the IP services image supports the Hot Standby Router Protocol (HSRP) for IPv6. HSRP provides routing redundancy for routing IPv6 traffic not dependent on the availability of any single router. IPv6 hosts learn of available routers through IPv6 neighbor discovery router advertisement messages. These messages are multicast periodically or are solicited by hosts.
An HSRP IPv6 group has a virtual MAC address that is derived from the HSRP group number and a virtual IPv6 link-local address that is, by default, derived from the HSRP virtual MAC address. Periodic messages are sent for the HSRP virtual IPv6 link-local address when the HSRP group is active. These messages stop after a final one is sent when the group leaves the active state.
For more information about configuring HSRP for IPv6, see the “Configuring First Hop Redundancy Protocols in IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
SNMP and Syslog Over IPv6
To support both IPv4 and IPv6, IPv6 network management requires both IPv6 and IPv4 transports. Syslog over IPv6 supports address data types for these transports.
SNMP and syslog over IPv6 provide these features:
- Support for both IPv4 and IPv6
- IPv6 transport for SNMP and to modify the SNMP agent to support traps for an IPv6 host
- SNMP- and syslog-related MIBs to support IPv6 addressing
- Configuration of IPv6 hosts as trap receivers
For support over IPv6, SNMP modifies the existing IP transport mapping to simultaneously support IPv4 and IPv6. These SNMP actions support IPv6 transport management:
- Opens User Datagram Protocol (UDP) SNMP socket with default settings
- Provides a new transport mechanism called SR_IPV6_TRANSPORT
- Sends SNMP notifications over IPv6 transport
- Supports SNMP-named access lists for IPv6 transport
- Supports SNMP proxy forwarding using IPv6 transport
- Verifies SNMP Manager feature works with IPv6 transport
For information on SNMP over IPv6, including configuration procedures, see the “Managing Cisco IOS Applications over IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
For information about syslog over IPv6, including configuration procedures, see the “Implementing IPv6 Addressing and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
HTTP(S) Over IPv6
The HTTP client sends requests to both IPv4 and IPv6 HTTP servers, which respond to requests from both IPv4 and IPv6 HTTP clients. URLs with literal IPv6 addresses must be specified in hexadecimal using 16-bit values between colons.
The accept socket call chooses an IPv4 or IPv6 address family. The accept socket is either an IPv4 or IPv6 socket. The listening socket continues to listen for both IPv4 and IPv6 signals that indicate a connection. The IPv6 listening socket is bound to an IPv6 wildcard address.
The underlying TCP/IP stack supports a dual-stack environment. HTTP relies on the TCP/IP stack and the sockets for processing network-layer interactions.
Basic network connectivity (ping) must exist between the client and the server hosts before HTTP connections can be made.
For more information, see the “Managing Cisco IOS Applications over IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Unsupported IPv6 Unicast Routing Features
The switch does not support these IPv6 features:
- IPv6 policy-based routing
- IPv6 virtual private network (VPN) routing and forwarding (VRF) table support
- Support for IPv6 routing protocols: multiprotocol Border Gateway Protocol (BGP) and Intermediate System-to-Intermediate System (IS-IS) routing
- IPv6 packets destined to site-local addresses
- Tunneling protocols, such as IPv4-to-IPv6 or IPv6-to-IPv4
- The switch as a tunnel endpoint supporting IPv4-to-IPv6 or IPv6-to-IPv4 tunneling protocols
- IPv6 unicast reverse-path forwarding
- IPv6 general prefixes
Limitations
Because IPv6 is implemented in switch hardware, some limitations occur due to the IPv6 compressed addresses in the TCAM. These hardware limitations result in some loss of functionality and limits some features.
These are feature limitations.
- ICMPv6 redirect functionality is not supported for IPv6 host routes (routes used to reach a specific host) or for IPv6 routes with masks greater than 64 bits. The switch cannot redirect hosts to a better first-hop router for a specific destination that is reachable through a host route or through a route with masks greater than 64 bits.
- Load balancing using equal cost and unequal cost routes is not supported for IPv6 host routes or for IPv6 routes with a mask greater than 64 bits.
- The switch cannot forward SNAP-encapsulated IPv6 packets.
Note There is a similar limitation for IPv4 SNAP-encapsulated packets, but the packets are dropped at the switch and are not forwarded.
- The switch routes IPv6-to-IPv4 and IPv4-to-IPv6 packets in hardware, but the switch cannot be an IPv6-to-IPv4 or IPv4-to-IPv6 tunnel endpoint.
- Bridged IPv6 packets with hop-by-hop extension headers are forwarded in software. In IPv4, these packets are routed in software, but bridged in hardware.
- Interface counters for IPv6 traffic include software-forwarded traffic only; hardware- switched traffic is excluded.
- In addition to the normal SPAN and RSPAN limitations defined in the software configuration guide, these limitations are specific to IPv6 packets:
– When you send RSPAN IPv6-routed packets, the source MAC address in the SPAN output packet can be incorrect.
– When you send RSPAN IPv6-routed packets, the destination MAC address can be incorrect. Normal traffic is not affected.
IPv6 and Switch Stacks
The switch supports IPv6 forwarding across the stack and IPv6 host functionality on the stack master. The stack master runs the IPv6 unicast routing protocols and computes the routing tables. Using distributed CEF (dCEF), the stack master downloads the routing table to the stack member switches. They receive the tables and create hardware IPv6 routes for forwarding. The stack master also runs all IPv6 applications.
Note To route IPv6 packets in a stack, all switches in the stack must be running the IP services image.
If a new switch becomes the stack master, it recomputes the IPv6 routing tables and distributes them to the member switches. While the new stack master is being elected and is resetting, the switch stack does not forward IPv6 packets. The stack MAC address changes, which also changes the IPv6 address. When you specify the stack IPv6 address with an extended unique identifier (EUI) by using the ipv6 address ipv6-prefix/prefix length eui-64 interface configuration command, the address is based on the interface MAC address. See the “Configuring IPv6 Addressing and Enabling IPv6 Routing” section.
If you configure the persistent MAC address feature on the stack and the stack master changes, the stack MAC address does not change for approximately 4 minutes. For more information, see the “Enabling Persistent MAC Address” section in Chapter5, “Managing Switch Stacks”
These are the functions of IPv6 stack master and members:
– distributes CEFv6 routing tables to stack members that use dCEFv6
– runs IPv6 host functionality and IPv6 applications
– receives CEFv6 routing tables from the stack master
– programs the routes into hardware
Note IPv6 packets are routed in hardware across the stack if the packet does not have exceptions (IPv6Options) and the switches in the stack have not run out of hardware resources.
Configuring IPv6
These sections contain this IPv6 forwarding configuration information:
- Default IPv6 Configuration
- Configuring IPv6 Addressing and Enabling IPv6 Routing
- Configuring Default Router Preference
- Configuring IPv4 and IPv6 Protocol Stacks
- Configuring DHCP for IPv6 Address Assignment
- Configuring IPv6 ICMP Rate Limiting
- Configuring CEF and dCEF for IPv6
- Configuring Static Routes for IPv6
- Configuring RIP for IPv6
- Configuring OSPF for IPv6
- Configuring EIGRP for IPv6
- Configuring HSRP for IPv6
Default IPv6 Configuration
Table 39-1 shows the default IPv6 configuration.
|
|
---|---|
Disabled (IPv4 CEF and dCEF are enabled by default). Note When IPv6 routing is enabled, CEFv6 and dCEF6 are automatically enabled. |
|
Configuring IPv6 Addressing and Enabling IPv6 Routing
This section describes how to assign IPv6 addresses to individual Layer 3 interfaces and to globally forward IPv6 traffic on the switch.
Before configuring IPv6 on the switch, consider these guidelines:
- Be sure to select a dual IPv4 and IPv6 SDM template.
- Not all features discussed in this chapter are supported by the Catalyst 3750 switch running the IP services image. See the “Unsupported IPv6 Unicast Routing Features” section.
- In the ipv6 address interface configuration command, you must enter the ipv6-address and ipv6-prefix variables with the address specified in hexadecimal using 16-bit values between colons. The prefix-length variable (preceded by a slash [/]) is a decimal value that shows how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address).
To forward IPv6 traffic on an interface, you must configure a global IPv6 address on that interface. Configuring an IPv6 address on an interface automatically configures a link-local address and activates IPv6 for the interface. The configured interface automatically joins these required multicast groups for that link:
- solicited-node multicast group FF02:0:0:0:0:1:ff00::/104 for each unicast address assigned to the interface (this address is used in the neighbor discovery process.)
- all-nodes link-local multicast group FF02::1
- all-routers link-local multicast group FF02::2
For more information about configuring IPv6 routing, see the “Implementing Addressing and Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Beginning in privileged EXEC mode, follow these steps to assign an IPv6 address to a Layer 3 interface and enable IPv6 routing:
To remove an IPv6 address from an interface, use the no ipv6 address ipv6-prefix/prefix length eui-64 or no ipv6 address ipv6-address link-local interface configuration command. To remove all manually configured IPv6 addresses from an interface, use the no ipv6 address interface configuration command without arguments. To disable IPv6 processing on an interface that has not been explicitly configured with an IPv6 address, use the no ipv6 enable interface configuration command. To globally disable IPv6 routing, use the no ipv6 unicast-routing global configuration command.
This example shows how to enable IPv6 with both a link-local address and a global address based on the IPv6 prefix 2001:0DB8:c18:1::/64. The EUI-64 interface ID is used in the low-order 64 bits of both addresses. Output from the show ipv6 interface EXEC command shows how the interface ID (20B:46FF:FE2F:D940) is appended to the link-local prefix FE80::/64 of the interface.
Configuring Default Router Preference
Router advertisement messages are sent with the default router preference (DRP) configured by the ipv6 nd router-preference interface configuration command. If no DRP is configured, RAs are sent with a medium preference.
A DRP is useful when two routers on a link might provide equivalent, but not equal-cost routing, and policy might dictate that hosts should prefer one of the routers.
Beginning in privileged EXEC mode, follow these steps to configure a DRP for a router on an interface.
|
|
|
---|---|---|
Enter interface configuration mode, and enter the Layer 3 interface on which you want to specify the DRP. |
||
Use the no ipv6 nd router-preference interface configuration command to disable an IPv6 DRP.
This example shows how to configure a DRP of high for the router on an interface.
For more information about configuring DRP for IPv6, see the “Implementing IPv6 Addresses and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring IPv4 and IPv6 Protocol Stacks
Before configuring IPv6 routing, you must select an SDM template that supports IPv4 and IPv6. If not already configured, use the sdm prefer dual-ipv4-and-ipv6 { default | routing | vlan } [ desktop ] global configuration command to configure a template that supports IPv6. When you select a new template, you must reload the switch by using the reload privileged EXEC command so that the template takes effect.
Beginning in privileged EXEC mode, follow these steps to configure a Layer 3 interface to support both IPv4 and IPv6 and to enable IPv6 routing.
To disable IPv4 routing, use the no ip routing global configuration command. To disable IPv6 routing, use the no ipv6 unicast-routing global configuration command. To remove an IPv4 address from an interface, use the no ip address ip-address mask interface configuration command. To remove an IPv6 address from an interface, use the no ipv6 address ipv6-prefix/prefix length eui-64 or no ipv6 address ipv6-address link-local interface configuration command. To remove all manually configured IPv6 addresses from an interface, use the no ipv6 address interface configuration command without arguments. To disable IPv6 processing on an interface that has not been explicitly configured with an IPv6 address, use the no ipv6 enable interface configuration command.
This example shows how to enable IPv4 and IPv6 routing on an interface.
Configuring DHCP for IPv6 Address Assignment
These sections describe how to configure Dynamic Host Configuration Protocol for IPv6 (DHCPv6) address assignment:
Default DHCPv6 Address Assignment Configuration
By default, no DHCPv6 features are configured on the switch.
DHCPv6 Address Assignment Configuration Guidelines
When configuring DHCPv6 address assignment, consider these guidelines:
– DHCPv6 IPv6 routing must be enabled on a Layer 3 interface.
– SVI: a VLAN interface created by using the interface vlan vlan_id command.
– EtherChannel port channel in Layer 3 mode: a port-channel logical interface created by using the interface port-channel port-channel-number command.
- Before configuring DHCPv6, you must select a Switch Database Management (SDM) template that supports IPv4 and IPv6.
- The DHCPv6 client, server, or relay agent runs only on the master switch. When there is a stack master re-election, the new master switch retains the DHCPv6 configuration. However, the local RAM copy of the DHCP server database lease information is not retained.
Enabling DHCPv6 Server Function
Beginning in privileged EXEC mode, follow these steps to enable the DHCPv6 server function on an interface.
To delete a DHCPv6 pool, use the no ipv6 dhcp pool poolname global configuration command. Use the no form of the DHCP pool configuration mode commands to change the DHCPv6 pool characteristics. To disable the DHCPv6 server function on an interface, use the no ipv6 dhcp server interface configuration command.
This example shows how to configure a pool called engineering with an IPv6 address prefix :
This example shows how to configure a pool called testgroup with three link-addresses and an IPv6 address prefix:
This example shows how to configure a pool called 350 with vendor-specific options:
Enabling DHCPv6 Client Function
Beginning in privileged EXEC mode, follow these steps to enable DHCPv6 client function on an interface.
To disable the DHCPv6 client function, use the no ipv6 address dhcp interface configuration command. To remove the DHCPv6 client request, use the no ipv6 address dhcp client request interface configuration command.
This example shows how to acquire an IPv6 address and to enable the rapid-commit option:
This document describes only the DHCPv6 address assignment. For more information about configuring the DHCPv6 client, server, or relay agent functions, see the “Implementing DHCP for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring IPv6 ICMP Rate Limiting
ICMP rate limiting is enabled by default with a default interval between error messages of 100 milliseconds and a bucket size (maximum number of tokens to be stored in a bucket) of 10.
Beginning in privileged EXEC mode, follow these steps to change the ICMP rate-limiting parameters:
|
|
|
---|---|---|
Configure the interval and bucket size for IPv6 ICMP error messages: |
||
To return to the default configuration, use the no ipv6 icmp error-interval global configuration command.
This example shows how to configure an IPv6 ICMP error message interval of 50 milliseconds and a bucket size of 20 tokens.
Configuring CEF and dCEF for IPv6
Cisco Express Forwarding (CEF) is a Layer 3 IP switching technology to improve network performance. In a Catalyst 3750 switch stack, the hardware uses distributed CEF (dCEF) in the stack. IPv6 CEF and dCEF are disabled by default but are automatically enabled when you configure IPv6 routing.
To route IPv6 unicast packets, you must first globally configure IPv6 unicast packet forwarding by using the ipv6 unicast-routing global configuration command. You must configure an IPv6 address and IPv6 processing on an interface by using the ipv6 address interface configuration command.
To disable IPv6 CEF or distributed CEF, use the no ipv6 cef or no ipv6 cef distributed global configuration command. To reenable IPv6 CEF or dCEF if it has been disabled, use the ipv6 cef or ipv6 cef distributed global configuration command. You can verify the IPv6 state by entering the show ipv6 cef privileged EXEC command.
For more information about configuring CEF and dCEF, see the “Implementing IPv6 Addressing and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring Static Routes for IPv6
Before configuring a static IPv6 route, you must enable routing by using the ip routing global configuration command, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing global configuration command, and enable IPv6 on at least one Layer 3 interface by configuring an IPv6 address on the interface.
Beginning in privileged EXEC mode, follow these steps to configure an IPv6 static route:
To remove a configured static route, use the no ipv6 route ipv6-prefix/prefix length { ipv6-address | interface-id [ ipv6-address ]} [ administrative distance ] global configuration command.
This example shows how to configure a floating static route with an administrative distance of 130 to an interface:
For more information about configuring static IPv6 routing, see the “Implementing Static Routes for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring RIP for IPv6
Before configuring the switch to run IPv6 RIP, you must enable routing by using the ip routing global configuration command, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing global configuration command, and enable IPv6 on any Layer 3 interfaces on which IPv6 RIP is to be enabled.
Beginning in privileged EXEC mode, follow these required and optional steps to configure IPv6 RIP:
To disable a RIP routing process, use the no ipv6 router rip name global configuration command. To disable the RIP routing process for an interface, use the no ipv6 rip name interface configuration command.
This example shows how to enable the RIP routing process cisco with a maximum of eight equal-cost routes and to enable it on an interface:
For more information about configuring RIP routing for IPv6, see the “Implementing RIP for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com
Configuring OSPF for IPv6
You can customize OSPF for IPv6 for your network. However, the defaults for OSPF in IPv6 are set to meet the requirements of most customers and features.
- The switch must be running the IP services image.
- Be careful when changing the defaults for IPv6 commands. Changing the defaults might adversely affect OSPF for the IPv6 network.
- Before you enable IPv6 OSPF on an interface, you must enable routing by using the ip routing global configuration command, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing global configuration command, and enable IPv6 on Layer 3 interfaces on which you are enabling IPv6 OSPF.
Beginning in privileged EXEC mode, follow these required and optional steps to configure IPv6 OSPF:
To disable an OSPF routing process, use the no ipv6 router ospf process-id global configuration command. To disable the OSPF routing process for an interface, use the no ipv6 ospf process-id area area-id interface configuration command.
For more information about configuring OSPF routing for IPv6, see the “Implementing OSPF for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Configuring EIGRP for IPv6
EIGRP for IPv6 is enabled when you configure the ipv6 router eigrp as-number command and ipv6 eigrp as-number command on the interface.
To set an explicit router ID, use the show ipv6 eigrp command to identify the configured router IDs, and then use the eigrp router-id ip-address command.
The switch must be running the IP services image.
As with EIGRP IPv4, you can use EIGRPv6 to specify your EIGRP IPv4 interfaces and to select a subset of those as passive interfaces. Use the passive-interface default command to make all interfaces passive, and then use the no passive-interface command on selected interfaces to make them active. EIGRP IPv6 does not need to be configured on a passive interface.
For more configuration procedures, see the “Implementing EIGRP for IPv6” chapter, in the Cisco IOS IPv6 Configuration Guide.
Configuring HSRP for IPv6
Hot Standby Router Protocol (HSRP) for IPv6 provides routing redundancy for routing IPv6 traffic not dependent on the availability of any single router.
When HSRP for IPv6 is enabled on a switch, IPv6 hosts learn of available IPv6 routers through IPv6 neighbor discovery router advertisement messages. An HSRP IPv6 group has a virtual MAC address that is derived from the HSRP group number. The group has a virtual IPv6 link-local address that is, by default, derived from the HSRP virtual MAC address. Periodic messages are sent for the HSRP virtual IPv6 link-local address when the HSRP group is active.
The switch must be running the IP services image.
When configuring HSRP for IPv6, you must enable HSRP version 2 (HSRPv2) on the interface.
For configuration guidelines when configuring HSRP for IPv6 with HSRPv1 and HSRPv2, see the “HSRP Configuration Guidelines” section and the “Troubleshooting HSRP” section.
For more information about HSRP for IPv6 and HSRPv2, see the Chapter42, “Configuring HSRP and VRRP”
Note Before configuring an HSRP for IPv6 group, you must enable the forwarding of IPv6 packets by using the ipv6 unicast-routing global configuration command and enable IPv6 on the interface on which you will configure an HSRP for IPv6 group.
Enabling HSRP Version 2
Beginning in privileged EXEC mode, follow these steps to enable HSRP version 2 on a Layer 3 interface.
|
|
|
---|---|---|
Enter interface configuration mode, and enter the Layer 3 interface on which you want to specify the standby version. |
||
Enabling an HSRP Group for IPv6
Beginning in privileged EXEC mode, follow these steps to create or enable HSRP for IPv6 on a Layer 3 interface.
Use the no standby [ group-number ] ipv6 interface configuration command to disable HSRP for IPv6.
This example shows how to activate HSRP for IPv6 for group 1 on a port. The IP address used by the hot standby group is learned by using HSRP for IPv6.
Note This procedure is the minimum number of steps required to enable HSRP for IPv6. Other configurations are optional.
For more information about configuring HSRP for IPv6, see the “Configuring First Hop Redundancy Protocols in IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Displaying IPv6
For complete syntax and usage information on these commands, see the Cisco IOS command reference publications.
Table 39-2 shows the privileged EXEC commands for monitoring IPv6 on the switch.
|
|
---|---|
Table 39-3 shows the privileged EXEC command for displaying EIGRP IPv6 information.
Table 39-4 shows the privileged EXEC commands for displaying information about IPv4 and IPv6 address types.
This is an example of the output from the show ipv6 interface privileged EXEC command:
This is an example of the output from the show ipv6 cef privileged EXEC command:
This is an example of the output from the show ipv6 protocols privileged EXEC command:
This is an example of the output from the show ipv6 rip privileged EXEC command:
This is an example of the output from the show ipv6 static privileged EXEC command:
This is an example of the output from the show ipv6 neighbor privileged EXEC command:
This is an example of the output from the show ipv6 route privileged EXEC command:
This is an example of the output from the show ipv6 traffic privileged EXEC command.