Cisco DHCPv6 Server Configuration

Hi Rene and staff,

i read the forum and i found questions (and answers) about where IID of R1’s interface f0/0 come from ? (because there is no range IID configured in the DHCPv6 stateful pool, like we know with IPV4)
Answer is: cisco does it randomly on R1, is not it ?

But my question is about configuring F0/0’s IID on the server DHCPV6; this is static configuration Rene use 0:0:0:1 for the lesson, but in production that seems too trivial and it would be better for security/privacy if we could use also a random IID, is not it ?
So i am surprised (with the IOS versions i am using) that cisco do not offer the option to generate a random IID for configuring static GUA with a given prefix on the router interfaces
I google a little but i dont find any answer to my question
Do i miss something ?

Hello Dominique

When implementing DHCPv6 in a stateful manner, yes, it looks like Cisco assigns the Interface ID of the client randomly. How this is assigned really depends on the operating system being used by the host. Some, like Windows, may use the eui-64 method to determine the IID for the GUAs for example.

Yes this is true, and this is confirmed in RFC4941 that a randomly assigned IID provides an improved level of privacy. However, this is the case for the client IPv6 addresses assigned via DHCPv6. The IID of the F0/0 interface of the DHCPv6 server must be static and cannot be randomly assigned, in order for DHCPv6 hosts to reach it.

Now you may say that using the ipv6 nd managed-config-flag command will tell the host where to find the DHCPv6 server, even if the GUA address is randomly assigned. In this particular case, the DHCPv6 server is the same as the default router, so this would work. However, in most cases the DHCPv6 server is a centralized server (not on the same subnet as the hosts) and is required to have a static IPv6 address so it can be reached.

The randomization of the IID of DHCPv6 hosts involves privacy issues that have more to do with collecting information about individuals and their habits, where they go, from where they connect and so on. These privacy issues don’t have such a great impact on the DHCPv6 server, as this is simply a server that is not vulnerable to such privacy issues.

For servers and services, it is always best practice to have a statically assigned GUA or a constant DNS record that points to the valid IPv6 address so that they are accessible all the time.

I hope this has been helpful!


1 Like

Hi Laz,
helpful ? yes it is

The true thing is: when you dive in DHCPv6, this is much more complex than DHCPv4. So i think this WAS one of the reasons not to introduce DHCPv6 in your company !!!

For those who are interesting i recommand 2 links from Pepelnjak


  1. my post was not clear.When a host use DHCPv6 (is forced to) it receives an ipv6 IID from the server DHCPv6. This IID is built randomly by the server and sent to the host: and the server stores the binding with this host. The question was: independently of DHCP (v6), when you assign a static addr to an interface why IOS does not offer a option to set IID randomly ?

  2. if you read the pepelnjak’s papers above, written in 2012 you will find
    “At the moment (2012), DHCPv6 cannot be used to send the prefix length …to IPv6 hosts”

I wonder why DHCPv6 was built in a so complex way.

First, you have to use ND RA to send prefix/length and to force dhcpv6 with flag M=1 and prefix flag A=1 and prefix flag L=1
Second, the server dhcpv6 has to build randomly the IID and send it to the host
Is it right ?

Pepelnjak said “at the moment”, so what is the situation in 2020 ? 8 years later


1 Like

Hello Dominique

It’s always great to see your posts, and to spend the time looking deeper into the concepts of IPv6!
Thanks for sharing those posts with us.

The answer here is “I don’t know”. This has to do with the policies adopted by each individual vendor and the way the operating system of the device is configured. Typically, if SLAAC is used, a Cisco device will use EUI-64 to generate its IID even for the global unicast address. A Microsoft Windows PC for example, will by default use a random interface ID, but can be configured to use the EUI-64 process. As far as I know Cisco devices cannot be configured to create a random IID. It’s not ideal from a privacy perspective, but there you go.

An effort has been made in IPv6 to disassociate the prefix length from the actual address. Unlike IPv4, where the subnet mask was an absolutely necessary component of the address, the prefix length here is something a little less connected. This is evident from comments I made in this other post responding to another query you had.

The prefix length is always provided by the default router via the RA.

I think the reasoning behind this architecture is to try to make IPv6 as “plug and play” as possible. What I mean is, if everything is set to the default, an IPv6 device plugged in to an IPv6 network, will automatically gain its default gateway and obtain network connectivity without a single configuration from a human being. This philosophy is phenomenal if you think about it, because from now on, new devices (TVs, cameras, refrigerators, washers, dryers, lights, cars, alarm systems, traffic signs, sensors, etc, etc, etc, etc…) will all automatically obtain network connectivity. Do you want to go in and configure each one? Or configure each network to function appropriately? These will all connect by default.

The whole concept behind all of this is to make future networks, which will be networks with devices that don’t have a direct human-computer interface, obtain network connectivity with zero configuration. In order to achieve this “simplicity” it was necessary to create a more complex autoconfiguration concept for such networks. For networks that require more information than is available from the autoconfig, like more traditional PCs, IP phones, mobile phones, laptops etc, such as DNS, and additional DHCP options, the additional functionality of DHCPv6 is added on top of the autoconfig capability.

And as always, I hope this has been helpful!



Great lesson! When I tried this lab today on GNS3 (2.2.25) using VIRL images, specifically IOSv 15.7 routers, concerning the stateless configuration, my stateless host could not compute a Global unicast ipv6 address unless i configured it first with the ipv6 address autoconfig command. If I did the stateless DHCP server first, then tried to enable autoconfig on my stateless host it would not compute a Global unicast address only a link-local. Is there a reason for this?

Hello Earl

An IPv6 interface will compute a global unicast IPv6 address only if the ipv6 address autoconfig command is issued AND there is an active IPv6 router on that subnet. So your first statement makes sense, that no IPv6 global unicast address is computed unless that command is issued on the interface.

Your second statement however shouldn’t be so. If you have the DHCPv6 stateless configuration on the DHCPv6 router configured, then R2 should be able to compute its global unicast IPv6 address. If no IPv6 global unicast address can be computed, then that means that R2 is not able to receive any RA messages from the DHCPv6 router. Can you confirm that your configuration is correct? You can also use the debug commands used in the lesson to see if the information request is being received by the DHCPv6 router.

Let us know how you get along so that we can help you further in troubleshooting.

I hope this has been helpful!


I’m trying to sort out an issue with DHCPv6 Lease times.
My issue is how do I set a lease to infinite.
The default Lease time for Cisco kit is 30 days, i would like to make it like a static address.
I’ve tried the information refresh infinite but that doesn’t appear to change the 30 days.


Hello Andy

I went into one of my production ISR 4331 routers and created an IPv6 DHCP pool called “laz”.
I attempted to change the information refresh infinite command, and I was able to do so:

R1(config)#ipv6 dhcp pool laz
R1(config-dhcpv6)#information refresh infinite
R1#show ipv6 dhcp pool
DHCPv6 pool: laz
  Information refresh: 4294967295
  Active clients: 0

You can see that the information refresh is set to 4294967295. The value for the refresh time interval is represented by a 32-bit value. According to RFC 8415, when this 32-bit number is set to all ones, the value is interpreted as infinity. This means that the information refresh value of 4294967295, which is 2^32 which is indeed the decimal number that corresponds to a 32-bit number of all ones, thus it means infinity.

What do you see on your device that indicates that this configuration doesn’t change the DHCPv6 behavior? Let us know so that we can further help you in your troubleshooting procedures.

I hope this has been helpful!


Hi Laz,
I was looking in the wrong place…
I was looking under

ISP#sh ipv6 dhcp bind
Client: FE80::5054:FF:FE04:4B25 
  DUID: 00030001525400044B25
  Username : unassigned
  VRF : default
  Interface : GigabitEthernet0/0
  IA PD: IA ID 0x00020001, T1 302400, T2 483840
    Prefix: 2001:DB8:1100::/48
            preferred lifetime 604800, valid lifetime 2592000
            expires at Nov 05 2021 11:18 AM (2590873 seconds)

and expecting the expires to change but as you pointed out

ISP#sh ipv6 dhcp pool
  Prefix pool: GLOBAL_POOL
               preferred lifetime 604800, valid lifetime 2592000
  DNS server: 2001:4860:4860::8888
  DNS server: 2001:4860:4860::8844
  Information refresh: **4294967295**
  Active clients: 1

is where I should have been looking.

I’ll have to start reading the RFC’s :thinking:

1 Like

Hi Community !

As we verify #show ipv6 dhcp pool on DHCPV6 Server , the STATEFUL DHCP pool is showing Active Clients where as STATELESS DHCP pool is showing Active Clients = 0, even though STATELESS DHCPV6 client received IPV6 address through AUTOCONFIG. Please explain if any config is missing.

Hello Raghu

When configuring DHCP pools for use with stateless DHCP, the DHCP server is not actually managing IPv6 addresses. It is just providing supplementary information such as DNS server addresses to the stateless clients. Since no actual IPv6 addresses are being provided by the DHCP pool, the “active client” number remains zero. An active client is only one for which IPv6 addresses are actively managed.

I labbed this one up as well just to verify.

I hope this has been helpful!


Hi Lazaros
Thanks for the explanation. :smile:

1 Like

Hi all,

very interesting discussion and lab. I’m trying to setup a similar IPV6 dhcp stateful environment using also a dhcp relay router so dhcp server and client are not on the same segment.
For now I have some problems because router acting as client is not able to get also the ipv6 address from dhcp; it seems that dhcp server is receiving request and seems reply…but in some parts the comunication is broken

Do you have in plan to describe in a lesson lab also this type of case?


Hello Stefano

That’s a good exercise to do. You can take a look at the following thread in Cisco’s community that describes how to set up a DHCPv6 relay.

Remember that for DHCPv6, it is possible to have your local router deliver the IPv6 prefix to the client, and still use DHCPv6 relay for other network parameters such as DNS server for example. So even if you do enable the relay feature, you may not be getting your IPv6 addresses from the relayed DHCPv6 server, but from the local router. In order to ensure that your IPv6 addresses are being delivered by the DHCPv6 server, you can use the no-autoconfig keyword as used in this lesson.

Can you share some more details of the specific trouble you are facing in your particular implementation? Maybe we’ll be able to help you further…

I hope this has been helpful!


Hello Laz,
Thanks a lot for your suggestion that confirmed my experience on the Lab.

My issue at the end was a trivial routing problem due to the mechanism how the DHCP relay router send packet to DHCP server , using Always as source ip the wan interface and not the interface facing clients

I’ll send as soon as possibile a description of my Lab and a synthesis of configs applied.

Just a note : for my experience using a Cisco iOS router to simulate an IPv6 client It Is Better to not enable IPv6 unicast-routing as with routing enabled i was not able ti have a a vallid default route installed.

Thanks and good Day to all


Hello Stefano

Thanks for sharing your solution! Looking forward to seeing your description of the lab for more detailed info.

Yes, thanks for pointing that out. That would be best practice since most IPv6 hosts, such as a PC or a mobile device are not capable of IPv6 routing, so that would be a more accurate simulation.

Thanks for your input!


I have got an issue with the command
#ipv6 address dhcp

I couldn’t find dhcp after address, when i put ?
It gives other options but not dhcp.

Hello Abdalla

It seems that your device simply doesn’t support the DHCP option for IPv6 addresses. There are indeed some IOS versions that will not support this. Can you share your IOS version with us so we can verify?

I hope this has been helpful!


Thank you Lagpides,
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1)
Technical Support:
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 20-Feb-14 06:51 by prod_rel_team

ROM: ROMMON Emulation Microcode
BOOTLDR: 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1)

Hello Abdalla

The 7200 series routers are indeed older routers with an end of sale data in 2012 and end of support date of 2017. Although they do support some IPv6 features, I believe that they are limited, and this is why you do not find the command in the CLI.

To confirm this I tried going into the archived data section of the Cisco Feature Navigator to find the exact features that the device supports, however, I was unable to find it, or the service was down at the time. Cisco states that the data in the archived section may be incomplete, so I was unable to confirm. However, you can attempt to go to this Cisco tool and determine if the configuration of an IPv6 address on an interface via DHCP is supported.

I hope this has been helpful!