疑難排解藉由思科路由器和 Microsoft Windows 電腦進行的 IPv6 動態位址指派

下載選項

  • PDF     (1.5 MB)
    在多種裝置上使用 Adobe Reader 檢視
  • ePub     (1.3 MB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視
  • Mobi (Kindle)     (842.7 KB)
    在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視
已更新: 2018 年 4 月 26 日
文件 ID:213272

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。

    簡介

    本文件說明動態 IPv6 位址指派的可用選項。包括無狀態地址自動配置(SLAAC)和動態主機配置協定第6版(DHCPv6)的故障排除。

    必要條件

    需求

    思科建議您瞭解以下主題:

    • IPv6地址體系結構
    • Microsoft Windows作業系統
    • 基本Wireshark使用

    採用元件

    本檔案中的資訊是根據以下硬體/軟體版本:

    • 採用Cisco IOS®的Cisco路由
    • Microsoft Windows® 7 PC

    本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。

    背景資訊

    運行Microsoft Windows的電腦和筆記型電腦等IPv6終端主機可能會遇到無法動態接收或按預期顯示IPv6地址的情況。

    建議對Cisco IOS和Microsoft Windows作業系統進行故障排除,以確保配置正確。

    附註:不同的作業系統可以有不同的行為。這取決於IPv6在其代碼中的實施方式。本文檔旨在為讀者提供在Microsoft Windows for IPv6上所需的配置示例。本文檔中介紹的Microsoft Windows上的配置已在實驗室經過測試,並且發現能夠按預期工作。思科技術支援中心(TAC)不支援Microsoft Windows配置幫助。

    IPv6動態地址分配的方法

    SLAAC
    • SLAAC是本機IPv6方法,用於動態為終端主機提供IPv6地址和預設網關資訊。
    • 它使用網際網路控制訊息通訊協定第6版(ICMPv6)封包。
    • 在啟用IPv6的路由器和終端主機之間交換ICMPv6路由器請求(RS)和ICMPv6路由器通告(RA)資料包。
    • 路由器定期將RA資料包(在Cisco IOS中預設每200秒傳送一次)傳送到本地網路,或者由傳送RS資料包的終端主機按需請求路由器。
    • 在接收RA資料包時,終端主機必須根據資料包中包含的資訊匯出IPv6地址(通過對主機部分使用EUI-64方法)和預設網關。
    DHCPv6無狀態
    • DHCPv6無狀態用於獲取其他配置引數(不由SLAAC提供),例如DNS、域名等。
    DHCPv6有狀態
    • DHCPv6有狀態資料庫可以為終端主機提供IPv6地址,並跟蹤租用的地址。
    • DNS、域名等資訊也可以通過DHCPv6有狀態方法提供。
    • 路由器在本地網路上傳送RA資料包後,仍必須提供預設網關資訊。
    • 此選項最類似於IPv4的DHCP。

    :終端主機可以動態獲取IPv6預設網關資訊的唯一方法是從本地路由器發起的ICMPv6路由器通告(RA)資料包獲取。DHCPv6資料包當前不攜帶任何IPv6預設網關資訊。

    SLAAC

    路由器與終端主機之間的資料包交換如下圖所示:

    步驟1.終端主機最初傳送ICMPv6 RS資料包。

    步驟2.路由器使用ICMPv6 RA資料包進行重放。

    若要檢視交換,請在電腦上運行自由開源資料包分析器Wireshark,然後使用以下過濾器:

    ICMPv6 RS icmpv6.type == 133
    ICMPv6 RA icmpv6.nd.ra.flag

    終端主機必須根據接收的ICMPv6 RA資料包中包含的資訊獲取IPv6地址和預設網關資訊。

    使用Wireshark獲取ICMPv6 RA資料包的示例:

    Frame 187: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::c801:b9ff:fef0:8, Dst: ff02::1          ! Default Gateway.
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x4ce1 [correct]
    Cur hop limit: 64
    Flags: 0x00
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)                         ! Prefix information.

    1)ICMPv6選項(字首資訊)欄位。

    這是終端主機用於其IPv6地址的網路部分的字首資訊。

    介面識別符號(主機部分)由使用EUI-64方法的終端主機建立。

    Microsoft Windows可以隨機建立主機部分。

    2)Internet Protocol Version 6, Source欄位。

    終端主機使用RA資料包的IPv6源地址配置其IPv6預設網關。

    排除SLAAC故障

    從Cisco IOS

    步驟1.確保在全域性配置模式下配置ipv6 unicast-routing命令。

    步驟2.確保本地網路中的介面配置了有效的IPv6地址。

    ipv6 unicast-routing             ! Enable IPv6 Routing. In absence of this command
!                                ! the Router does not send any ICMPv6 RA packet.
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
end

    步驟3.確保ICMPv6 RA資料包中通告的字首為字首長度/64。否則,終端主機無法通過SLAAC建立任何IPv6地址:

    ipv6 unicast-routing
!
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64     ! Prefix length defined as /64 on the Router.
end

    ICMPv6 RA資料包捕獲:

    Frame 187: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::c801:b9ff:fef0:8, Dst: ff02::1
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x4ce1 [correct]
    Cur hop limit: 64
    Flags: 0x00
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)                ! Prefix & prefix lenght information.

    步驟4.命令debug ipv6 nd 即時顯示本地網路上接收ICMPv6 RS資料包和通告ICMPv6 RA的資訊。

    Router# debug ipv6 nd
  ICMP Neighbor Discovery events debugging is on
Router#
    
    Router# show logging | include RS
     ICMPv6-ND: Received RS on GigabitEthernet0/0/0 from FE80::5850:6D61:1FB:EF3A
    R1#

    Router# show logging | include RA
     ICMPv6-ND: Sending solicited RA on GigabitEthernet0/0/0
     ICMPv6-ND: Request to send RA for FE80::C801:EFFF:FE5A:8
     ICMPv6-ND: Setup RA from FE80::C801:EFFF:FE5A:8 to FF02::1 on GigabitEthernet0/0/0
    Router#

    從Microsoft Windows PC

    步驟1.確保終端主機收到RA資料包。

    可以使用Wireshark完成此操作,也可以使用icmpv6.nd.ra.flag過濾器進行捕獲。

    步驟2.使用命令ipconfig驗證IPv6地址。

    如果IPv6地址仍未顯示,請按照以下步驟操作。

    步驟3.確保在Windows電腦上啟用了網路介面卡的Internet協定第6版(TCP/IPv6)覈取方塊。

    在Windows上,您可以在以下位置找到此配置:

    步驟1.導航至控制面板>網路和共用中心>更改介面卡設定

    步驟2.按一下右鍵所選的網路介面卡>屬性

    當您使用命令netsh interface ipv6 show interface "Local Area Connection"在Windows命令提示符(CMD)中收到下一條消息時,網路介面卡未啟用Internet協定第6版(TCP/IPv6)

    附註:在此命令中,可以將本地連線替換為Microsoft Windows用於連線到網路的網路介面卡的名稱。

    提示:開啟命令提示符。按鍵盤中的Windows + R開啟運行框。運行命令cmd,然後按OK

    步驟3.確保Router Discovery引數設定為enabled。

    在CMD中運行netsh interface ipv6 show interface "Local Area Connection" 命令。

    Router Discovery引數設定為disabled時,Microsoft Windows可以忽略已接收的ICMPv6 RA資料包的內容。這可能導致Microsoft Windows無法生成任何IPv6地址。

    使用以下命令啟用路由器發現:

    C:\> netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=enabled

    步驟4.確保Advertising引數設定為disabled。

    在CMD中運行netsh interface ipv6 show interface "Local Area Connection" 命令。

    如果Advertising引數設定為enabled,Microsoft Windows可以忽略收到的ICMPv6 RA資料包的內容。

    已啟用Advertising引數會導致Microsoft Windows的行為與IPv6路由器相同,並生成自己的ICMPv6 RA資料包並將其傳送到本地網路。

    必須禁用Advertising參的預設狀態

    使用以下命令禁用廣告:

    C:\> netsh interface ipv6 set interface "Local Area Connection" advertise=disabled

    DHCPv6無狀態

    終端主機可以使用DHCPv6無狀態地址請求其他IPv6配置引數,如DNS、域名等。為此,ICMPv6 RA資料包必須設定其他配置標誌(O位)。

    ipv6 nd other-config-flag命令出現在Cisco IOS介面配置模式下時,路由器會設定O標誌。

    Router#

interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
 ipv6 nd other-config-flag
    !

    路由器與終端主機之間的封包交換如圖所示。

    步驟1.終端主機最初傳送ICMPv6 RS

    步驟2.路由器使用ICMPv6 RA進行重放,並包含O標誌集

    步驟3.終端主機傳送DHCPv6 Information-request

    步驟4.路由器使用DHCPv6回覆重放

    ICMPv6 RA(帶有其他配置標志設定資料包捕獲):

    Frame 9: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::c801:b9ff:fef0:8, Dst: ff02::1
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x4ca1 [correct]
    Cur hop limit: 64
    Flags: 0x40
        0... .... = Managed address configuration: Not set
        .1.. .... = Other configuration: Set ! Cisco IOS command ipv6 nd other-config-flag sets the O flag
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)

    在Wireshark上,使用dhcpv6過濾器顯示DHCPv6資料包的交換:

    Source Destination Protocol Length Info
    PC IPv6 link local	ff02::1:2	DHCPv6	  120	  Information-request XID: 0x8018f9 CID: 000100011f3e8772000c29806ccc 

Frame 3884: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface 0
Ethernet II, Src: Vmware_80:6c:cc (00:0c:29:80:6c:cc), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a), Dst: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547) DHCPv6 Message type: Information-request (11) Transaction ID: 0x8018f9 Elapsed time Client Identifier Vendor Class Option Request Source Destination Protocol Length Info Router IPv6 link local PC IPv6 link local DHCPv6 136 Reply XID: 0x8018f9 CID: 000100011f3e8772000c29806ccc Frame 3887: 136 bytes on wire (1088 bits), 136 bytes captured (1088 bits) on interface 0 Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: Vmware_80:6c:cc (00:0c:29:80:6c:cc) Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a) User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546) DHCPv6 Message type: Reply (7) Transaction ID: 0x8018f9 Server Identifier Client Identifier DNS recursive name server Domain Search List

    Cisco IOS上的DHCPv6無狀態伺服器配置示例

    從Cisco IOS

    此示例顯示Cisco IOS中DHCPv6無狀態伺服器的配置。

    步驟1.在全域性配置模式下運行命令ipv6 dhcp pool NAME。

    步驟2.使用dns-serverdoman-name子命令定義通過DHCPv6傳送到終端主機的引數。

    步驟3.使用命令ipv6 dhcp server NAME應用介面配置模式下定義的池。

    步驟4.在介面配置模式下新增命令ipv6 nd other-config-flag。

    ipv6 unicast-routing
!
ipv6 dhcp pool LAN_POOL
 dns-server 2001:4860:4860::8888
 domain-name lab-test.net
!
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
 ipv6 nd other-config-flag ! Sets the Other Configuration flag in the RA packet.
 ipv6 dhcp server LAN_POOL
!

    若要確認Cisco IOS上的組態是否正確,請使用以下命令:

    步驟1. show ipv6 dhcp pool必須確認配置中應用的引數。

    步驟2. show ipv6 dhcp binding不能顯示任何資訊,因為DHCPv6無狀態不會跟蹤IPv6客戶端。

    步驟3. show ipv6 dhcp interface必須顯示地址池已應用於本地網路中的介面。

    Router#show ipv6 dhcp pool
DHCPv6 pool: LAN_POOL
  DNS server: 2001:4860:4860::8888
  Domain name: lab-test.net
  Active clients: 0         ! DHCPv6 Stateless does not keep track of IPv6 clients.
Router#

    
Router#show ipv6 dhcp binding
Router#

    
Router#show ipv6 dhcp interface
FastEthernet0/0 is in server mode
  Using pool: LAN_POOL
  Preference value: 0
  Hint from client: ignored
  Rapid-Commit: disabled
Router#

    debug ipv6 dhcp命令必須顯示路由器和終端主機之間的消息交換:

    Router#debug ipv6 dhcp
   IPv6 DHCP debugging is on
    
IPv6 DHCP: Received INFORMATION-REQUEST from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
IPv6 DHCP: Using interface pool LAN_POOL
IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8
IPv6 DHCP: Sending REPLY to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
Router#

    從Microsoft Windows

    在命令提示符下運行命令ipconfig /all,以確保Microsoft Windows已收到DNS伺服器資訊和域名:

    C:\Users\ >ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MY-LAPTOP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lab-test.net

Ethernet adapter Local Area Connection:

 Connection-specific DNS Suffix . : lab-test.net
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-80-6C-CC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a(Preferred)

   Temporary IPv6 Address. . . . . . : 2001:abcd::7151:b553:1a0a:80bb(Preferred)

   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11(Preferred)
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-3E-87-72-00-0C-29-80-6C-CC

 DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Connection-specific DNS Suffix Search List :
                                       lab-test.net

C:\Users\ >

    DHCPv6有狀態

    終端主機可以使用DHCPv6 Stateful請求IPv6地址和其他引數。為此,ICMPv6 RA資料包必須設定託管地址配置標誌(M標誌)。

    ipv6 nd managed-config-flag命令出現在Cisco IOS介面配置模式下時,路由器會設定M標誌。

    Router#

interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::1/64
 ipv6 nd managed-config-flag
    !

    路由器與終端主機之間的封包交換如圖所示。

    步驟1.終端主機最初傳送ICMPv6 RS。

    步驟2.路由器使用已設定M標誌的ICMPv6 RA重放。

    步驟3.終端主機傳送DHCPv6 Solicit。

    步驟4.路由器使用DHCPv6通告進行重播。

    步驟5.終端主機傳送DHCPv6請求。

    步驟6.路由器使用DHCPv6應答進行重放。

    帶有託管地址配置標誌設定資料包捕獲的ICMPv6 RA:

    Frame 1190: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: ff02::1 (ff02::1)
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x0642 [correct]
    Cur hop limit: 64
    Flags: 0x80
 1... .... = Managed address configuration: Set
        .0.. .... = Other configuration: Not set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Source link-layer address : ca:01:b9:f0:00:08)
    ICMPv6 Option (MTU : 1500)
    ICMPv6 Option (Prefix information : 2001:abcd::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0x80
            1... .... = On-link flag(L): Set
            .0.. .... = Autonomous address-configuration flag(A): Not set
            ..0. .... = Router address flag(R): Not set
            ...0 0000 = Reserved: 0
        Valid Lifetime: 1800
        Preferred Lifetime: 1800
        Reserved
        Prefix: 2001:abcd:: (2001:abcd::)

     在Wireshark中,使用dhcpv6過濾器顯示DHCPv6資料包的交換:

    Source              Destination   Protocol  Length  Info
PC IPv6 link local  ff02::1:2	  DHCPv6       157  Solicit XID: 0x328090 CID: 000100011f3e8772000c29806ccc 

Frame 965: 157 bytes on wire (1256 bits), 157 bytes captured (1256 bits) on interface 0
Ethernet II, Src: Vmware_80:6c:cc (00:0c:29:80:6c:cc), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a), Dst: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547)
DHCPv6 Message type: Solicit (1)
    Transaction ID: 0x328090
    Elapsed time
    Client Identifier
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Vendor Class
    Option Request


Source                  Destination         Protocol  Length  Info
Router IPv6 link local	PC IPv6 link local  DHCPv6    180     Advertise XID: 0x328090 CID: 000100011f3e8772000c29806ccc IAA: 2001:abcd::70a1:36a7:3e72:fa95 

Frame 966: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: Vmware_80:6c:cc (00:0c:29:80:6c:cc)
Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546)
DHCPv6 Message type: Advertise (2)
    Transaction ID: 0x328090
    Server Identifier
    Client Identifier
    Identity Association for Non-temporary Address
    DNS recursive name server
    Domain Search List


Source              Destination  Protocol  Length  Info
PC IPv6 link local  ff02::1:2	 DHCPv6	      199  Request XID: 0x328090 CID: 000100011f3e8772000c29806ccc IAA: 2001:abcd::70a1:36a7:3e72:fa95 

Frame 967: 199 bytes on wire (1592 bits), 199 bytes captured (1592 bits) on interface 0
Ethernet II, Src: Vmware_80:6c:cc (00:0c:29:80:6c:cc), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a), Dst: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547)
DHCPv6 Message type: Request (3)
    Transaction ID: 0x328090
    Elapsed time
    Client Identifier
    Server Identifier
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Vendor Class
    Option Request


Source                  Destination          Protocol  Length  Info
Router IPv6 link local	PC IPv6 link local   DHCPv6    180     Reply XID: 0x328090 CID: 000100011f3e8772000c29806ccc IAA: 2001:abcd::70a1:36a7:3e72:fa95 

Frame 968: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) on interface 0
Ethernet II, Src: ca:01:b9:f0:00:08 (ca:01:b9:f0:00:08), Dst: Vmware_80:6c:cc (00:0c:29:80:6c:cc)
Internet Protocol Version 6, Src: Router IPv6 link local (fe80::c801:b9ff:fef0:8), Dst: PC IPv6 link local (fe80::5850:6d61:1fb:ef3a)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546)
DHCPv6 Message type: Reply (7)
    Transaction ID: 0x328090
    Server Identifier
    Client Identifier
    Identity Association for Non-temporary Address
    DNS recursive name server
    Domain Search List

    Cisco IOS上的DHCPv6有狀態伺服器配置示例

    從Cisco IOS

    此示例顯示了Cisco IOS中DHCPv6有狀態伺服器的配置。

    步驟1.在全域性配置模式下運行命令ipv6 dhcp pool NAME。

    步驟2.使用address prefixdns-serverdoman-name子命令定義通過DHCPv6傳送到終端主機的引數。

    步驟3.使用命令ipv6 dhcp server NAME應用介面配置模式下定義的池。

    步驟4.在介面配置模式下新增命令ipv6 nd managed-config-flag。

    步驟5.在介面配置模式下新增命令ipv6 nd prefix default 1800 1800 no-autoconfig,以禁用ICMPv6 RA資料包中的Autonomous address-configuration(A)標誌。

    附註:使用DHCPv6有狀態伺服器方法時,終端主機可以為自身配置兩個不同的IPv6地址。第一個包含ICMPv6 RA資料包中包含資訊的資料包。第二個包含DHCPv6資料包中包含的資訊。為避免這種情況,ICMPv6 RA資料包可以禁用A標誌,以指示終端主機不要根據其中包含的資訊生成IPv6地址。

    附註:在介面配置模式下,可以使用ipv6 nd prefix default no-advertise 命令從ICMPv6 RA資料包的內容中刪除字首資訊。

    ipv6 unicast-routing
!
ipv6 dhcp pool LAN_POOL
 address prefix 2001:ABCD::/64 ! Includes the IPv6 prefix in the DHCPv6 packet exchange.
 dns-server 2001:4860:4860::8888
 domain-name lab-test.net
!
interface GigabitEthernet0/0/0
 ipv6 address 2001:ABCD::/64 eui-64
 ipv6 nd prefix default 1800 1800 no-autoconfig ! Disables the Autonomous address-configuration(A) flag in the ICMPv6 RA packet.
 ipv6 nd managed-config-flag ! Sets the Managed address configuration flag in the ICMPv6 RA packet.
 ipv6 dhcp server LAN_POOL
end

    若要確認Cisco IOS上的組態是否正確,請使用以下命令:

    步驟1. show ipv6 dhcp pool必須確認配置中應用的引數。

    步驟2. show ipv6 dhcp binding必須為租給終端主機的IPv6地址提供資訊。

    步驟3. show ipv6 dhcp interface必須顯示地址池已應用於本地網路中的介面。

    Router#show ipv6 dhcp pool 
DHCPv6 pool: LAN_POOL
  Address allocation prefix: 2001:ABCD::/64 valid 172800 preferred 86400 (1 in use, 0 conflicts)
  DNS server: 2001:4860:4860::8888
  Domain name: lab-test.net
  Active clients: 1
Router#


    Router#show ipv6 dhcp binding 
    Client: FE80::5850:6D61:1FB:EF3A 
      DUID: 000100011F3E8772000C29806CCC
      Username : unassigned
      IA NA: IA ID 0x0E000C29, T1 43200, T2 69120
        Address: 2001:ABCD::3DD4:77BB:E035:9375
                preferred lifetime 86400, valid lifetime 172800
                expires at Dec 28 2016 10:44 PM (172488 seconds)
    Router#


    Router#show ipv6 dhcp interface 
    FastEthernet0/0 is in server mode
      Using pool: LAN_POOL
      Preference value: 0
      Hint from client: ignored
      Rapid-Commit: disabled
    Router#

    debug ipv6 dhcp命令必須顯示路由器和終端主機之間的消息交換:

    Router#debug ipv6 dhcp 
   IPv6 DHCP debugging is on
Router#

IPv6 DHCP: Received SOLICIT from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Option UNKNOWN(39) is not processed
IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
IPv6 DHCP: Using interface pool LAN_POOL
IPv6 DHCP: Creating binding for FE80::5850:6D61:1FB:EF3A in pool LAN_POOL
IPv6 DHCP: Binding for IA_NA 0E000C29 not found
IPv6 DHCP: Allocating IA_NA 0E000C29 in binding for FE80::5850:6D61:1FB:EF3A
IPv6 DHCP: Looking up pool 2001:ABCD::/64 entry with username '000100011F3E8772000C29806CCC0E000C29'
IPv6 DHCP: Poolentry for user not found
IPv6 DHCP: Allocated new address 2001:ABCD::D9F7:61C:D803:DCF1
IPv6 DHCP: Allocating address 2001:ABCD::D9F7:61C:D803:DCF1 in binding for FE80::5850:6D61:1FB:EF3A, IAID 0E000C29
IPv6 DHCP: Updating binding address entry for address 2001:ABCD::D9F7:61C:D803:DCF1
IPv6 DHCP: Setting timer on 2001:ABCD::D9F7:61C:D803:DCF1 for 60 seconds
IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8
IPv6 DHCP: Sending ADVERTISE to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Received REQUEST from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
IPv6 DHCP: Option UNKNOWN(39) is not processed
IPv6 DHCP: Option VENDOR-CLASS(16) is not processed
IPv6 DHCP: Using interface pool LAN_POOL
IPv6 DHCP: Looking up pool 2001:ABCD::/64 entry with username '000100011F3E8772000C29806CCC0E000C29'
IPv6 DHCP: Poolentry for user found
IPv6 DHCP: Found address 2001:ABCD::D9F7:61C:D803:DCF1 in binding for FE80::5850:6D61:1FB:EF3A, IAID 0E000C29
IPv6 DHCP: Updating binding address entry for address 2001:ABCD::D9F7:61C:D803:DCF1
IPv6 DHCP: Setting timer on 2001:ABCD::D9F7:61C:D803:DCF1 for 172800 seconds
IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8
IPv6 DHCP: Sending REPLY to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0
Router#

    從Microsoft Windows

     運行命令ipconfig /all以確保Microsoft Windows已收到IPv6地址、預設網關、DNS伺服器資訊和域名:

    C:\Users\ >ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MY-LAPTOP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lab-test.net

Ethernet adapter Local Area Connection:

 Connection-specific DNS Suffix . : lab-test.net
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-80-6C-CC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:abcd::3dd4:77bb:e035:9375(Preferred)

   Lease Obtained. . . . . . . . . . : Sunday, January 01, 2017 4:47:02 PM
   Lease Expires . . . . . . . . . . : Tuesday, January 03, 2017 4:47:02 PM
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11(Preferred)
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-3E-87-72-00-0C-29-80-6C-CC

 DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Connection-specific DNS Suffix Search List :
                                       lab-test.net

C:\Users\ >

    禁用Windows隨機生成的介面ID

    預設情況下,Microsoft Windows為自動配置的IPv6地址(使用SLAAC)生成隨機介面ID,而不是使用EUI-64方法。

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a   ! Randomly generated interface ID.
   Temporary IPv6 Address. . . . . . : 2001:abcd::8d1:8bbb:14e4:658e
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11

    可以更改此行為以使Windows使用EUI-64進程。

    netsh interface ipv6 set global randomizeidentifiers=disabled

    現在您可以看到使用EUI-64進程生成的介面ID。

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::20c:29ff:fe80:6ccc   ! Interface ID now generated by EUI-64 method.
   Temporary IPv6 Address. . . . . . : 2001:abcd::9818:d729:fadb:8812
   Link-local IPv6 Address . . . . . : fe80::20c:29ff:fe80:6ccc%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11

    要再次使用隨機介面ID進程,可以運行命令:

    netsh interface ipv6 set global randomizeidentifiers=enabled

    禁用Windows臨時IPv6地址

    出於安全考慮,Windows可以臨時建立IPv6地址並將這些地址用作出站連線的源。

    如果預期終端主機使用某個IPv6地址來傳送通訊(如網路中定義了防火牆規則),則可能會造成混亂。

    臨時IPv6地址是因為Windows實施了RFC 4941

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a
   Temporary IPv6 Address. . . . . . : 2001:abcd::8d1:8bbb:14e4:658e
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11



    C:\Users\   >netsh interface ipv6 show privacy
    Querying active state...

    Temporary Address Parameters
    ---------------------------------------------
    Use Temporary Addresses             : enabled
    Duplicate Address Detection Attempts: 5
    Maximum Valid Lifetime              : 7d
    Maximum Preferred Lifetime          : 1d
    Regenerate Time                     : 5s
    Maximum Random Time                 : 10m
    Random Time                         : 0s


    C:\Users\Gus>

     要禁用自動建立臨時IPv6地址,請運行命令:

    netsh interface ipv6 set privacy state=disabled

    應用該命令後,輸出顯示:

    C:\Users\   >ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:abcd::5850:6d61:1fb:ef3a
   Link-local IPv6 Address . . . . . : fe80::5850:6d61:1fb:ef3a%11
   Default Gateway . . . . . . . . . : fe80::c801:b9ff:fef0:8%11

    
C:\Users\   >netsh interface ipv6 show privacy
Querying active state...

Temporary Address Parameters
---------------------------------------------
Use Temporary Addresses : disabled
Duplicate Address Detection Attempts: 5
Maximum Valid Lifetime              : 7d
Maximum Preferred Lifetime          : 1d
Regenerate Time                     : 5s
Maximum Random Time                 : 10m
Random Time                         : 0s

     要再次使用臨時IPv6地址,可以運行以下命令:

    netsh interface ipv6 set privacy state=enable

    IPv6動態地址分配提供的選項比IPv4中的DHCP多。必須瞭解主要的配置點,以及在過程沒有按預期完成時檢查什麼。在Cisco IOS和Microsoft Windows上提供了基本配置命令,用於檢視整個過程的完整檢視。

    相關資訊

    TAC Authored

    由思科工程師貢獻

    • Hector Gustavo Serrano Gutierrez
      Cisco TAC工程師

    這份文件是否有所幫助?

    Feedback意見

    讓思科協助您

    本文件適用於這些產品