对思科路由器和 Microsoft Windows PC 上的 IPv6 动态地址分配问题进行故障排除

下载选项

  • PDF     (1.5 MB)
    在各种设备上使用 Adobe Reader 查看
  • ePub     (1.3 MB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
  • Mobi (Kindle)     (843.0 KB)
    在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看
已更新: 2018 年 4 月 26 日
文档 ID:213272

非歧视性语言

此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。

    简介

    本文档介绍动态 IPv6 地址分配的可用选项。本章介绍无状态地址自动配置(SLAAC)和动态主机配置协议第6版(DHCPv6)故障排除。

    先决条件

    要求

    Cisco 建议您了解以下主题:

    • IPv6地址架构
    • Microsoft Windows操作系统
    • 基本Wireshark用法

    使用的组件

    本文档中的信息基于以下硬件/软件版本:

    • 采用Cisco IOS®的Cisco路由
    • Microsoft Windows® 7 PC

    本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。

    背景信息

    运行Microsoft Windows的计算机和笔记本电脑等IPv6终端主机可能面临IPv6地址未按预期动态接收或显示的情况。

    建议对Cisco IOS和Microsoft Windows操作系统进行故障排除,以确保配置正确。

    注意:不同操作系统的行为可能不同。这取决于IPv6在其代码中的实施方式。本文档旨在为读者提供Microsoft Windows上IPv6所需配置的示例。本文档中介绍的Microsoft Windows配置已在实验室中测试,并发现可以按预期工作。思科技术支持中心(TAC)不支持Microsoft Windows配置帮助。

    IPv6动态地址分配方法

    SLAAC
    • SLAAC是本地IPv6方法,用于为终端主机动态提供IPv6地址和默认网关信息。
    • 它使用互联网控制消息协议第6版(ICMPv6)数据包。
    • ICMPv6路由器请求(RS)和ICMPv6路由器通告(RA)数据包在启用IPv6的路由器和终端主机之间交换。
    • 路由器定期向本地网络发送RA数据包(默认情况下,在Cisco IOS中每200秒),或由发送RS数据包的终端主机按需请求。
    • 收到RA数据包后,终端主机必须根据数据包中包含的信息获取IPv6地址(通过对主机部分使用EUI-64方法)和默认网关。
    DHCPv6无状态
    • DHCPv6无状态用于获取其他配置参数(不由SLAAC提供),如DNS、域名等。
    DHCPv6有状态
    • DHCPv6有状态数据库可以为终端主机提供IPv6地址并跟踪租用的地址。
    • DNS、域名等信息也可以通过DHCPv6有状态方法提供。
    • 路由器在本地网络上发送RA数据包后,仍必须提供默认网关信息。
    • 此选项与IPv4的DHCP最相似。

    :终端主机动态获取IPv6默认网关信息的唯一方式是从本地路由器发起的ICMPv6路由器通告(RA)数据包。DHCPv6数据包当前不传输任何IPv6默认网关信息。

    SLAAC

    路由器与终端主机之间的数据包交换如下所示:

    步骤1.终端主机最初发送ICMPv6 RS数据包。

    步骤2.路由器用ICMPv6 RA数据包重播。

    要查看交换,请在计算机上运行免费的开源数据包分析器Wireshark,并使用以下过滤器:

    ICMPv6 RS icmpv6.type == 133
    ICMPv6 RA icmpv6.nd.ra.flag

    终端主机必须根据收到的ICMPv6 RA数据包中包含的信息获取IPv6地址和默认网关信息。

    使用Wireshark获取ICMPv6 RA数据包的示例:

    Frame 187: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::c801:b9ff:fef0:8, Dst: ff02::1          ! Default Gateway.
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x4ce1 [correct]
    Cur hop limit: 64
    Flags: 0x00
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)                         ! Prefix information.

    1)ICMPv6选项(前缀信息)字段。

    这是终端主机用于其IPv6地址网络部分的前缀信息。

    接口标识符(主机部分)由使用EUI-64方法的终端主机创建。

    Microsoft Windows可以随机创建主机部分。

    2)Internet协议版本6,源字段。

    终端主机使用RA数据包的IPv6源地址配置其IPv6默认网关。

    排除SLAAC故障

    从Cisco IOS

    步骤1.确保在全局配置模式下配置了ipv6 unicast-routing命令。

    步骤2.确保本地网络中的接口配置了有效的IPv6地址。

    ipv6 unicast-routing             ! Enable IPv6 Routing. In absence of this command
!                                ! the Router does not send any ICMPv6 RA packet.
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
end

    步骤3.确保在ICMPv6 RA数据包中通告的前缀是前缀长度/64。否则,终端主机无法通过SLAAC创建任何IPv6地址:

    ipv6 unicast-routing
!
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64     ! Prefix length defined as /64 on the Router.
end

    ICMPv6 RA数据包捕获:

    Frame 187: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::c801:b9ff:fef0:8, Dst: ff02::1
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x4ce1 [correct]
    Cur hop limit: 64
    Flags: 0x00
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)                ! Prefix & prefix lenght information.

    步骤4.命令debug ipv6 nd 实时显示ICMPv6 RS数据包的接收和ICMPv6 RA在本地网络上的通告。

    Router# debug ipv6 nd
  ICMP Neighbor Discovery events debugging is on
Router#
    
    Router# show logging | include RS
     ICMPv6-ND: Received RS on GigabitEthernet0/0/0 from FE80::5850:6D61:1FB:EF3A
    R1#

    Router# show logging | include RA
     ICMPv6-ND: Sending solicited RA on GigabitEthernet0/0/0
     ICMPv6-ND: Request to send RA for FE80::C801:EFFF:FE5A:8
     ICMPv6-ND: Setup RA from FE80::C801:EFFF:FE5A:8 to FF02::1 on GigabitEthernet0/0/0
    Router#

    从Microsoft Windows PC

    步骤1.确保终端主机收到RA数据包。

    这可以通过Wireshark和icmpv6.nd.ra.fl ag过滤器执行捕获。

    步骤2.使用命令ipconfig检验IPv6地址。

    如果IPv6地址仍未显示,请执行后续步骤。

    步骤3.确保网络适配器在Windows计算机上激活了Internet协议第6版(TCP/IPv6)复选框。

    在Windows上,您可以在以下位置找到此配置:

    步骤1.导航至“控制面板”>“网络和共享中心”>“更改适配器设置”

    步骤2.右键单击所选的网络适配器>属性

    当您在Windows命令提示符(CMD)中使用netsh interface ipv6 show interface "Local Area Connection"命令时,网络适配器未启用Internet协议第6版(TCP/IPv6)

    注意:在此命令中,可以用Microsoft Windows用于连接网络的网络适配器的名称替换本地连接。

    提示:打开命令提示符。在键盘上按Windows + R打开“Run(运行)”框。运行命令cmd并按确

    步骤3.确保将路由器发现参数设置为启用。

    在CMD中运行命令netsh interface ipv6 show interface "Local Area Connection"。

    当“路由器发现”参数设置为禁用时,Microsoft Windows可以忽略已接收的ICMPv6 RA数据包的内容。这可能导致Microsoft Windows无法生成任何IPv6地址。

    使用此命令可启用路由器发现:

    C:\> netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=enabled

    步骤4.确保Advertising数设置为禁用。

    在CMD中运行命令netsh interface ipv6 show interface "Local Area Connection"。

    如果Advertising参数设置为启用,则Microsoft Windows可以忽略已接收的ICMPv6 RA数据包的内容

    启用Advertising参数会导致Microsoft Windows像IPv6路由器一样运行,生成并发送其自己的ICMPv6 RA数据包到本地网络。

    必须禁用Advertising参的默认状态

    使用此命令可禁用通告:

    C:\> netsh interface ipv6 set interface "Local Area Connection" advertise=disabled

    DHCPv6无状态

    使用DHCPv6无状态,终端主机可以请求DNS、域名等其他IPv6配置参数。为此,ICMPv6 RA数据包必须设置其他配置标志(O位)。

    当Cisco IOS接口配置模式下出现ipv6 nd other-config-flag命令时,路由器会设置O标志。

    Router#

interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
 ipv6 nd other-config-flag
    !

    路由器和终端主机之间的数据包交换如图所示。

    步骤1.终端主机最初发送ICMPv6 RS

    步骤2.路由器用ICMPv6 RA重播并包含O标志集

    步骤3.终端主机发送DHCPv6信息请求

    步骤4.路由器用DHCPv6应答重播

    ICMPv6 RA(带其他配置标志集数据包捕获:

    Frame 9: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::c801:b9ff:fef0:8, Dst: ff02::1
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x4ca1 [correct]
    Cur hop limit: 64
    Flags: 0x40
        0... .... = Managed address configuration: Not set
        .1.. .... = Other configuration: Set ! Cisco IOS command ipv6 nd other-config-flag sets the O flag
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)

    在Wireshark上,使用dhcpv6过滤器显示DHCPv6数据包的交换:

    Source Destination Protocol Length Info
    PC IPv6 link local	ff02::1:2	DHCPv6	  120	  Information-request XID: 0x8018f9 CID: 000100011f3e8772000c29806ccc 

Frame 3884: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface 0
Ethernet II, Src: Vmware_80:6c:cc (00:0c:29:80:6c:cc), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a), Dst: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547) DHCPv6 Message type: Information-request (11) Transaction ID: 0x8018f9 Elapsed time Client Identifier Vendor Class Option Request Source Destination Protocol Length Info Router IPv6 link local PC IPv6 link local DHCPv6 136 Reply XID: 0x8018f9 CID: 000100011f3e8772000c29806ccc Frame 3887: 136 bytes on wire (1088 bits), 136 bytes captured (1088 bits) on interface 0 Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: Vmware_80:6c:cc (00:0c:29:80:6c:cc) Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a) User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546) DHCPv6 Message type: Reply (7) Transaction ID: 0x8018f9 Server Identifier Client Identifier DNS recursive name server Domain Search List

    Cisco IOS上的DHCPv6无状态服务器配置示例

    从Cisco IOS

    本示例显示Cisco IOS中DHCPv6无状态服务器的配置。

    步骤1.在全局配置模式下运行ipv6 dhcp pool NAME命令。

    步骤2.使用dns-serverdoman-name子命令定义通过DHCPv6发送到终端主机的参数。

    步骤3.使用命令ipv6 dhcp server NAME应用在接口配置模式下定义的池

    步骤4.在接口配置模式下添加ipv6 nd other-config-flag命令。

    ipv6 unicast-routing
!
ipv6 dhcp pool LAN_POOL
 dns-server 2001:4860:4860::8888
 domain-name lab-test.net
!
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
 ipv6 nd other-config-flag ! Sets the Other Configuration flag in the RA packet.
 ipv6 dhcp server LAN_POOL
!

    要验证Cisco IOS上的配置是否正确,请使用以下命令:

    步骤1. show ipv6 dhcp pool必须确认配置中应用的参数。

    步骤2. show ipv6 dhcp binding not show any information,因为DHCPv6无状态不跟踪IPv6客户端。

    步骤3. show ipv6 dhcp interface必须显示池已应用到本地网络中的接口。

    Router#show ipv6 dhcp pool
DHCPv6 pool: LAN_POOL
  DNS server: 2001:4860:4860::8888
  Domain name: lab-test.net
  Active clients: 0         ! DHCPv6 Stateless does not keep track of IPv6 clients.
Router#

    
Router#show ipv6 dhcp binding
Router#

    
Router#show ipv6 dhcp interface
FastEthernet0/0 is in server mode
  Using pool: LAN_POOL
  Preference value: 0
  Hint from client: ignored
  Rapid-Commit: disabled
Router#

    命令debug ipv6 dhcp必须显示路由器与终端主机之间的消息交换:

    Router#debug ipv6 dhcp
   IPv6 DHCP debugging is on
    
IPv6 DHCP: Received INFORMATION-REQUEST from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
IPv6 DHCP: Using interface pool LAN_POOL
IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8
IPv6 DHCP: Sending REPLY to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
Router#

    从Microsoft Windows

    在命令提示符下,运行命令ipconfig /all,确保Microsoft Windows已收到DNS服务器信息和域名:

    C:\Users\ >ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MY-LAPTOP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lab-test.net

Ethernet adapter Local Area Connection:

 Connection-specific DNS Suffix . : lab-test.net
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-80-6C-CC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a(Preferred)

   Temporary IPv6 Address. . . . . . : 2001:abcd::7151:b553:1a0a:80bb(Preferred)

   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11(Preferred)
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-3E-87-72-00-0C-29-80-6C-CC

 DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Connection-specific DNS Suffix Search List :
                                       lab-test.net

C:\Users\ >

    DHCPv6有状态

    终端主机可以使用DHCPv6有状态地址请求IPv6地址和其他参数。为此,ICMPv6 RA数据包必须设置托管地址配置标志(M标志)。

    当Cisco IOS接口配置模式中存在ipv6 nd managed-config-flag命令时,路由器会设置M标志。

    Router#

interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
 ipv6 nd managed-config-flag
    !

    路由器和终端主机之间的数据包交换如图所示。

    步骤1.终端主机最初发送ICMPv6 RS。

    步骤2.路由器使用ICMPv6 RA重播,并设置M标志。

    步骤3.终端主机发送DHCPv6请求。

    步骤4.路由器用DHCPv6通告重播。

    步骤5.终端主机发送DHCPv6请求。

    步骤6.路由器用DHCPv6应答重播。

    ICMPv6 RA,带受管地址配置标志集数据包捕获:

    Frame 1190: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: ff02::1 (ff02::1)
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x0642 [correct]
    Cur hop limit: 64
    Flags: 0x80
 1... .... = Managed address configuration: Set
        .0.. .... = Other configuration: Not set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0x80
            1... .... = On-link flag(L): Set
            .0.. .... = Autonomous address-configuration flag(A): Not set
            ..0. .... = Router address flag(R): Not set
            ...0 0000 = Reserved: 0
        Valid Lifetime: 1800
        Preferred Lifetime: 1800
        Reserved
        Prefix: 2001:abcd:: (2001:abcd::)

     在Wireshark中,使用dhcpv6过滤器显示DHCPv6数据包的交换:

    Source              Destination   Protocol  Length  Info
PC IPv6 link local  ff02::1:2	  DHCPv6       157  Solicit XID: 0x328090 CID: 000100011f3e8772000c29806ccc 

Frame 965: 157 bytes on wire (1256 bits), 157 bytes captured (1256 bits) on interface 0
Ethernet II, Src: Vmware_80:6c:cc (00:0c:29:80:6c:cc), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a), Dst: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547)
DHCPv6 Message type: Solicit (1)
    Transaction ID: 0x328090
    Elapsed time
    Client Identifier
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Vendor Class
    Option Request


Source                  Destination         Protocol  Length  Info
Router IPv6 link local	PC IPv6 link local  DHCPv6    180     Advertise XID: 0x328090 CID: 000100011f3e8772000c29806ccc IAA: 2001:abcd::70a1:36a7:3e72:fa95 

Frame 966: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: Vmware_80:6c:cc (00:0c:29:80:6c:cc)
Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546)
DHCPv6 Message type: Advertise (2)
    Transaction ID: 0x328090
    Server Identifier
    Client Identifier
    Identity Association for Non-temporary Address
    DNS recursive name server
    Domain Search List


Source              Destination  Protocol  Length  Info
PC IPv6 link local  ff02::1:2	 DHCPv6	      199  Request XID: 0x328090 CID: 000100011f3e8772000c29806ccc IAA: 2001:abcd::70a1:36a7:3e72:fa95 

Frame 967: 199 bytes on wire (1592 bits), 199 bytes captured (1592 bits) on interface 0
Ethernet II, Src: Vmware_80:6c:cc (00:0c:29:80:6c:cc), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a), Dst: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547)
DHCPv6 Message type: Request (3)
    Transaction ID: 0x328090
    Elapsed time
    Client Identifier
    Server Identifier
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Vendor Class
    Option Request


Source                  Destination          Protocol  Length  Info
Router IPv6 link local	PC IPv6 link local   DHCPv6    180     Reply XID: 0x328090 CID: 000100011f3e8772000c29806ccc IAA: 2001:abcd::70a1:36a7:3e72:fa95 

Frame 968: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: Vmware_80:6c:cc (00:0c:29:80:6c:cc)
Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546)
DHCPv6 Message type: Reply (7)
    Transaction ID: 0x328090
    Server Identifier
    Client Identifier
    Identity Association for Non-temporary Address
    DNS recursive name server
    Domain Search List

    Cisco IOS上的DHCPv6状态服务器配置示例

    从Cisco IOS

    本示例显示Cisco IOS中DHCPv6有状态服务器的配置。

    步骤1.在全局配置模式下运行ipv6 dhcp pool NAME命令。

    步骤2.使用address prefixdns-serverdoman-name子命令定义通过DHCPv6发送到终端主机的参数。

    步骤3.使用命令ipv6 dhcp server NAME应用在接口配置模式下定义的池

    步骤4.在接口配置模式下添加命令ipv6 nd managed-config-flag。

    步骤5.在接口配置模式下添加命令ipv6 nd prefix default 1800 1800 no-autoconfig,以禁用ICMPv6 RA数据包中的Autonomous address-configuration(A)标志。

    注意:使用DHCPv6有状态服务器方法时,终端主机可以为自己配置两个不同的IPv6地址。第一个包含ICMPv6 RA数据包中包含的信息。第二个数据包包含DHCPv6数据包中的信息。为避免这种情况,ICMPv6 RA数据包可以禁用A标志,以指示终端主机不根据其中包含的信息生成IPv6地址。

    注意:在接口配置模式下,使用命令ipv6 nd prefix default no-advertise可以从ICMPv6 RA数据包的内容中删除前缀信息

    ipv6 unicast-routing
!
ipv6 dhcp pool LAN_POOL
 address prefix 2001:ABCD::/64 ! Includes the IPv6 prefix in the DHCPv6 packet exchange.
 dns-server 2001:4860:4860::8888
 domain-name lab-test.net
!
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::/64 eui-64
 ipv6 nd prefix default 1800 1800 no-autoconfig ! Disables the Autonomous address-configuration(A) flag in the ICMPv6 RA packet.
 ipv6 nd managed-config-flag ! Sets the Managed address configuration flag in the ICMPv6 RA packet.
 ipv6 dhcp server LAN_POOL
end

    要验证Cisco IOS上的配置是否正确,请使用以下命令:

    步骤1. show ipv6 dhcp pool必须确认配置中应用的参数。

    步骤2. show ipv6 dhcp binding must information for the IPv6 addresses leased to end hosts.(show ipv6 dhcp binding必须是租给终端主机的IPv6地址的信息。)

    步骤3. show ipv6 dhcp interface必须显示池已应用到本地网络中的接口。

    Router#show ipv6 dhcp pool 
DHCPv6 pool: LAN_POOL
  Address allocation prefix: 2001:ABCD::/64 valid 172800 preferred 86400 (1 in use, 0 conflicts)
  DNS server: 2001:4860:4860::8888
  Domain name: lab-test.net
  Active clients: 1
Router#


    Router#show ipv6 dhcp binding 
    Client: FE80::5850:6D61:1FB:EF3A 
      DUID: 000100011F3E8772000C29806CCC
      Username : unassigned
      IA NA: IA ID 0x0E000C29, T1 43200, T2 69120
        Address: 2001:ABCD::3DD4:77BB:E035:9375
                preferred lifetime 86400, valid lifetime 172800
                expires at Dec 28 2016 10:44 PM (172488 seconds)
    Router#


    Router#show ipv6 dhcp interface 
    FastEthernet0/0 is in server mode
      Using pool: LAN_POOL
      Preference value: 0
      Hint from client: ignored
      Rapid-Commit: disabled
    Router#

    命令debug ipv6 dhcp必须显示路由器与终端主机之间的消息交换:

    Router#debug ipv6 dhcp 
   IPv6 DHCP debugging is on
Router#

IPv6 DHCP: Received SOLICIT from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Option UNKNOWN(39) is not processed
IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
IPv6 DHCP: Using interface pool LAN_POOL
IPv6 DHCP: Creating binding for FE80::5850:6D61:1FB:EF3A in pool LAN_POOL
IPv6 DHCP: Binding for IA_NA 0E000C29 not found
IPv6 DHCP: Allocating IA_NA 0E000C29 in binding for FE80::5850:6D61:1FB:EF3A
IPv6 DHCP: Looking up pool 2001:ABCD::/64 entry with username '000100011F3E8772000C29806CCC0E000C29'
IPv6 DHCP: Poolentry for user not found
IPv6 DHCP: Allocated new address 2001:ABCD::D9F7:61C:D803:DCF1
IPv6 DHCP: Allocating address 2001:ABCD::D9F7:61C:D803:DCF1 in binding for FE80::5850:6D61:1FB:EF3A, IAID 0E000C29
IPv6 DHCP: Updating binding address entry for address 2001:ABCD::D9F7:61C:D803:DCF1
IPv6 DHCP: Setting timer on 2001:ABCD::D9F7:61C:D803:DCF1 for 60 seconds
IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8
IPv6 DHCP: Sending ADVERTISE to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Received REQUEST from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Option UNKNOWN(39) is not processed
IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
IPv6 DHCP: Using interface pool LAN_POOL
IPv6 DHCP: Looking up pool 2001:ABCD::/64 entry with username '000100011F3E8772000C29806CCC0E000C29'
IPv6 DHCP: Poolentry for user found
IPv6 DHCP: Found address 2001:ABCD::D9F7:61C:D803:DCF1 in binding for FE80::5850:6D61:1FB:EF3A, IAID 0E000C29
IPv6 DHCP: Updating binding address entry for address 2001:ABCD::D9F7:61C:D803:DCF1
IPv6 DHCP: Setting timer on 2001:ABCD::D9F7:61C:D803:DCF1 for 172800 seconds
IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8
IPv6 DHCP: Sending REPLY to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
Router#

    从Microsoft Windows

     运行命令ipconfig /all,确保Microsoft Windows已收到IPv6地址、默认网关、DNS服务器信息和域名:

    C:\Users\ >ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MY-LAPTOP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lab-test.net

Ethernet adapter Local Area Connection:

 Connection-specific DNS Suffix . : lab-test.net
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-80-6C-CC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:abcd::3dd4:77bb:e035:9375(Preferred)

   Lease Obtained. . . . . . . . . . : Sunday, January 01, 2017 4:47:02 PM
   Lease Expires . . . . . . . . . . : Tuesday, January 03, 2017 4:47:02 PM
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11(Preferred)
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-3E-87-72-00-0C-29-80-6C-CC

 DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Connection-specific DNS Suffix Search List :
                                       lab-test.net

C:\Users\ >

    禁用Windows随机生成的接口ID

    默认情况下,Microsoft Windows会为自动配置的IPv6地址(使用SLAAC)生成随机接口ID,而不是使用EUI-64方法。

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a   ! Randomly generated interface ID.
   Temporary IPv6 Address. . . . . . : 2001:abcd::8d1:8bbb:14e4:658e
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11

    可以更改此行为,使Windows使用EUI-64进程。

    netsh interface ipv6 set global randomizeidentifiers=disabled

    您现在可以看到接口ID是使用EUI-64进程生成的。

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::20c:29ff:fe80:6ccc   ! Interface ID now generated by EUI-64 method.
   Temporary IPv6 Address. . . . . . : 2001:abcd::9818:d729:fadb:8812
   Link-local IPv6 Address . . . . . : fe80::20c:29ff:fe80:6ccc%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11

    要再次使用随机接口ID进程,可以运行以下命令:

    netsh interface ipv6 set global randomizeidentifiers=enabled

    禁用Windows临时IPv6地址

    出于安全原因,Windows可以临时创建IPv6地址并将其用作出站连接的源。

    当期望终端主机使用某些IPv6地址来源通信时(如在网络中定义防火墙规则时),这会在场景中造成混乱。

    时IPv6地址是因为Windows实施了RFC 4941

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a
   Temporary IPv6 Address. . . . . . : 2001:abcd::8d1:8bbb:14e4:658e
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11



    C:\Users\   >netsh interface ipv6 show privacy
    Querying active state...

    Temporary Address Parameters
    ---------------------------------------------
    Use Temporary Addresses             : enabled
    Duplicate Address Detection Attempts: 5
    Maximum Valid Lifetime              : 7d
    Maximum Preferred Lifetime          : 1d
    Regenerate Time                     : 5s
    Maximum Random Time                 : 10m
    Random Time                         : 0s


    C:\Users\Gus>

     要禁用自动创建临时IPv6地址,请运行以下命令:

    netsh interface ipv6 set privacy state=disabled

    应用命令后,输出显示:

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11

    
C:\Users\   >netsh interface ipv6 show privacy
Querying active state...

Temporary Address Parameters
---------------------------------------------
Use Temporary Addresses : disabled
Duplicate Address Detection Attempts: 5
Maximum Valid Lifetime              : 7d
Maximum Preferred Lifetime          : 1d
Regenerate Time                     : 5s
Maximum Random Time                 : 10m
Random Time                         : 0s

     要再次使用临时IPv6地址,可以运行命令:

    netsh interface ipv6 set privacy state=enable

    在IPv4中,IPv6动态地址分配提供的选项比DHCP更多。必须知道主要配置点以及当过程未按预期完成时要检查什么。在Cisco IOS和Microsoft Windows上提供基本配置命令,以全面了解整个过程。

    相关信息

    TAC Authored

    由思科工程师提供

    • Hector Gustavo Serrano Gutierrez
      Cisco TAC Engineer

    此文档是否有帮助?

    Feedback反馈

    联系我们

    本文档适用于以下产品