Cisco DHCPv6 Server Configuration

(Rene Molenaar) #1

This topic is to discuss the following lesson:

(Jeff C) #2

Nice info, thanx!!

A couple of questions, for stateful:

  1. why did was the ‘ipv6 nd managed-config-flag’ not added to interface f0/0, so the RA sends the “M” flag for clients to make a DHCPv6 Solicit message request?

  2. why was ‘ipv6 nd prefix 2001:1111:1111:1111::/64 no-autoconfig’ not added to interface f0/0 so the RA does not send an “A” flag to tell clients not to autoconfig an addr (SLAAC off)?

Thanx…Jeff

(system) #3

Hello RENE,
Thank you for your nice posts.
I have some questions about adressing a network in IPv6:
Is there any rules to address an IPv6 network?
Can we for example use some small subnets such as /120 or should we always work with /64?
And if we are using stateful, shoud we use /64?
Thank you for your help

(system) #4

Hello Ali,

this document is good:

It helped me a lot.

Marek

(system) #5

Thank you Marek. Nice Doc

(Rene Molenaar) #6

Hi Jeff,

I just did some debugging and updated the post.

By default, Cisco routers only have the A flag enabled…the M flag is disabled and as a result my Windows 7 and Ubuntu client both preferred SLAAC instead of DHCPv6.

I enabled the M flag and Windows 7 and Ubuntu both prefer DHCPv6 instead of SLAAC then…having the A flag enabled or disabled didn’t matter but it sounds like a good idea to keep it disabled anyway.

Thanks :slight_smile:

Rene

(Rene Molenaar) #7

That’s a nice document indeed…good share Marek.

(system) #8

Hi Rene,

Thanks for the elaborate explanation.
I have a questions:
The command “ipv6 address dhcp” and “ipv6 address dhcp rapid-commit” is weirdly not recognized as a valid command by my cisco router while the server supports the “ipv6 dhcp server STATEFUL rapid-commit” is valid.
My IOS verion is (C880DATA-UNIVERSALK9-M), Version 12.4(20)T
I did a quick search about the support of rapid-commit and apparently it is supported.
Do you have any idea why I’m not able to use those two commands to get a a stateful address?

(Rene Molenaar) #9

Hi Imin,

It’s probably the IOS version. I wrote this tutorial using my 2800 routers running IOS 15.x. I checked it on a 3725 router in GNS3 running 12.4T and it also doesn’t support this command.

Rene

(seafarmer11@gmail.com) #10

Hi Rene,

Thnx again for uber-supper post again…

I would like to ask something that;

I make stateless / stateful config as exactly same you wrote. Client got Ipv6 addressing but is not able to get dns or domain informations both even I already added on dhcp pools separately.
You have any idea about that ?

Deniz
Thanx

Deniz

(Rene Molenaar) #11

Hi Deniz,

That’s a good question…it should work out of the box. The question is, does the server not send the options or does the client refuse them. What client did you use?

You could try a quick wireshark capture, take a look to see if the options are included in the DHCP messages from the server.

Rene

(seafarmer11@gmail.com) #12

Hi Rene again,

I have captured the packets from fa 0/0 statefull DHCP leg that contains ;
Solicit XID
Advertise XID
Request XID
Reply XID

Each of these messages contain Domain Search List and DNS Recursive Name ( as long as I checked the values , all of them have bulk datagram messages ), DNS and domain names are delivered properly.
I think the IOS images may cause the problem ?

Deniz
Thank You

(Rene Molenaar) #13

Hi Deniz,

Hmm that’s strange. What IOS image / router did you use? Also what client did you use?

Rene

(Frades) #14

Rene a question, what does this command do?

“ipv6 nd prefix 2001:1111:1111:1111::/64 14400 14400 no-autoconfig”

the ipv6 nd prefix 2001:1111:1111:1111::/64

and the 14400 14400 ?

Thank you

(Frades) #15

i just simulate this command and based on my understanding the ipv6 nd prefix is to advertise the prefix i want to advertise? which is 2001:1111:1111:1111::/64?
then the 14400 14400 are the valid time and preferred time in seconds.

i have config all the commands in the DHCPv6 server, but i have problem about the clients. Theres no “ipv6 address dhcp” the next in ipv6 address is

WORD General prefix name
X:X:X:X::X IPv6 link-local address
X:X:X:X::X/ IPv6 prefix
autoconfig Obtain address using autoconfiguration

theres no DHCP.
im using 7200 15.2ios and also 3745 12.4ios.
is there any other command? thank you

(Rene Molenaar) #16

Hi John,

I’ve seen this before and I think (for whatever reason) that it’s not yet supported in these versions. There’s no other command that I know of.

Perhaps use a Windows 7 or Linux client as the DHCP client instead?

Rene

(Ghaith B) #17

Hi,
just one question
DHCPV6(config-if)#ipv6 nd prefix 2001:1111:1111:1111::/64 14400 14400 no-autoconfig

14400 , what is this for?

(Rene Molenaar) #18

Hi,

The first value advertises how long the IPv6 prefix is valid. The second one advertises how long the prefix is the “preferred” prefix. This is useful if you are advertising multiple prefixes.

Rene

(Thomas K) #19

Hi. Couple questions/validations.

  1. Assume that in either case the default gateway is learned via the RA, not stateful or stateless DHCPv6?
    2 . For the stateful DHCPv6 example, what is it required to define the “ipv6 nd prefix 2001:1111:1111:1111::/64 14400 14400 no-autoconfig” under the interface - is this just to inform to not use stateless configuration - if so why need to define the prefix as isnt that provided as part underneath the DHCP pool?
  2. The host portion when using stateful DHCPv6 in this example is completely random in this case? Of course assume real world one would want to use a formal DHCPv6 like QIP/Infoblox and and have some sort of strategy/pattern for host recognition?
  3. I noticed some other option/choices instead of “… no-autoconfig” highlighted in question #2 above such as no-onlink, no-rtr-address, and off-link. Can you elaborate when might want to use those?

Many thanks in advance.

(Rene Molenaar) #20

Hi Thomas,

  1. Sending a RA when using DHCPv6 might sound redundant. You have to keep in mind that the RA is not only used for autoconfiguration. IPv4 uses the subnet mask to check if a destination is inside or outside the subnet. When the destination is outside of the subnet, we’ll use the default gateway. In IPv6 we can use the RA to advertise which prefixes are “on link” or “off link”. The no-autoconfig flag informs the host to use DHCP instead of autoconfiguration for its IPv6 address.

  2. The hosts will use EUI-64 to configure the 64 bits of address. This should be fine, you can always use DNS registration so that you can reach your hosts with hostnames instead of the IPv6 addresses.

  3. There’s a lot of stuff, let’s see what the ND/RA options are:

R1(config-if)#ipv6 nd prefix 2001:1111:1111:1111::/64 14400 14400 ?
no-autoconfig Do not use prefix for autoconfiguration
no-onlink Do not use prefix for onlink determination
no-rtr-address Do not send full router address in prefix advert
off-link Prefix is offlink

R1(config-if)#ipv6 nd ?
advertisement-interval Send an advertisement interval option in RA’s
autoconfig Automatic Configuration
cache Cache entry
dad Duplicate Address Detection
managed-config-flag Hosts should use DHCP for address config
ns-interval Set advertised NS retransmission interval
nud Neighbor Unreachability Detection
other-config-flag Hosts should use DHCP for non-address config
prefix Configure IPv6 Routing Prefix Advertisement
ra Router Advertisement control
reachable-time Set advertised reachability time
router-preference Set default router preference value
secured Configure SEND

no-onlink / off-link: this tells the host if a prefix is on-link or off-link. I’ll have to think of some examples when and why we want to use this…something for another tutorial.

no-rtr-address: this removes the router address so the hosts don’t have a default gateway, useful if hosts have to remain in their own subnet.

managed-config-flag: we’ve seen this one, it’s for DHCPv6.

other-config-flag: this is for stateless DHCPv6.

nud: neighbor unreachability detection…no idea how it works, need to lab it up :slight_smile:

router-preference: useful when you have multiple routers, you can use it to tell hosts what default gateway to prefer.

secured: haven’t tried this before but it’s a secure version of NDP (Neighbor Discovery).

Rene