Please help me with my IPv6 setup


I've got a 871W router (w/ Adv IP Services) on which I'd like to setup IPv6. I started on the WAN side and requested a IPv6 tunnel from a tunnel broker. The tunnel is a IPv6 in IPv4 tunnel and was easy to configure. I can ping (from the router) any IPv6 address on the internet, no problem.

Now I would like my laptop and desktop computer to also use IPv6. This is where my problems start. Whatever I try I cannot get my local (laptop->router) IPv6 connectivity working. My laptop IS using an address from the routed IPv6 subnet my tunnel-broker provided me for my local lan (autoconfig on the router).

At the moment I think my problem is sourced at using a BVI interface. The wireless and wired sections of this router are joined at the BVI interface. Out of the box IPv6 didn't work at all on the BVI interface. I needed to enable router advertisements, they are suppresed by default.

At the moment I cannot ping from my laptop to my router. A packet capture tells my router is not responding to IPv6 Neighbor Solicitations.

Considering the ipv6 configuration below; can someone help me get my local IPv6 going.

Regards, Erik Tamminga

---------- ipv6 unicast-routing ipv6 cef ipv6 dhcp pool IPv6-Vlan1 prefix-delegation 2001:xxx:xxx::/48 2001xxxxxx domain-name ! ipv6 inspect name IPv6-Firewall tcp ipv6 inspect name IPv6-Firewall udp ipv6 inspect name IPv6-Firewall icmp ipv6 inspect name IPv6-Firewall ftp ipv6 multicast-routing

bridge irb !

interface Tunnel1 description IPv6 uplink to XXXX no ip address ipv6 address 2001:xxx:xxx:371::2/64 ipv6 enable ipv6 traffic-filter IPv6-inet-in in ipv6 inspect IPv6-Firewall out tunnel source FastEthernet4 tunnel destination tunnel mode ipv6ip !

interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding !

interface Vlan1 no ip address ip tcp adjust-mss 1452 bridge-group 1 !

interface BVI1 ip address ip access-group 100 in ip pim sparse-dense-mode ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1412 ipv6 address 2001:xxx:yyy::1/64 ipv6 enable ipv6 nd prefix 2001:xxx:yyy::/64 86400 86400 ipv6 nd other-config-flag ipv6 nd router-preference High no ipv6 nd ra suppress ipv6 nd ra interval 30 ipv6 dhcp server IPv6-Vlan1 !

ipv6 route 2001:xxx:yyy::/48 Null0 ipv6 route 2000::/3 2001:xxx:xxx:371::1

ipv6 access-list IPv6-inet-in permit tcp any host 2001:xxx:xxx:371::2 eq 443 permit udp any any eq non500-isakmp permit udp any any eq isakmp permit esp any any permit ahp any any permit udp any any eq ntp permit udp any eq domain any gt 1024 permit icmp any any echo-reply permit icmp any any time-exceeded permit icmp any any unreachable permit icmp any any echo-request permit icmp FE80::/10 any deny ipv6 any any log !

bridge 1 protocol ieee bridge 1 route ip

Reply to
Erik Tamminga
Loading thread data ...

You need something like this:

interface Vlan1 ipv6 address 2001:abcd:efgh:ijkl::1/64 ipv6 enable ipv6 nd ra interval 30

That will allow you to use stateless autoconfiguration on hosts connected to the Cisco.

This won't work at all unfortunately. The problem is that Cisco's marvelous bridging code can't deal with IPv6. You would need a command like "bridge 1 route ipv6" which isn't supported yet(*).

My solution is to use a cheap access point (Netgear WG602v2) which supports proper ethernet level bridging and therefore handles IPv6 without problems. The WLAN feature in the Cisco 877W is disabled.

Kind regards

(*) Well, there is a version of IOS for the 877W which supports it. See here:

formatting link
But I have no idea where to get that IOS version.

Reply to
Matthias Scheler Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.