IPv6 ISATAP (Intra Site Automatic Tunnel Addressing Protocol)

This topic is to discuss the following lesson:

HI Rene’

I not understand very well why the eui-64 i s needed, and also why on R1 the command
tunnel mode ipv6ip isatap
is not needed.
Also I’m testing this configuration on gns3 and router r1 not install a static route.

1 Like

Hello Giovanni

According to Cisco documentation, when configuring ISATAP:

The IPv6 tunnel interface must be configured with a modified EUI-64 address
because the last 32 bits in the interface identifier are constructed using the IPv4 tunnel source address.

If you were to specify the address fully, the ISATAP operation would not function.

Also, when you configure tunnel mode ipv6ip isatap on the headend, there is no need to specify the mode in which the tunnel will be functioning on the client. On the client, you also set ipv6 address autoconfig, which means that it will obtain the IPv6 address (and the mode of the tunnel) from the headend.

I hope this has been helpful!

Laz

1 Like

Hi Rene and Laz,

Would you say that the ISATAP operation is very similar to the DMVPN Phase 1 where all of the tunnel traffic has to traverse the “Headend” router just like with DMVPN phase 1 and its “HUB”?

1 Like

Hello Nitay

It is similar only so far as the traffic actually traverses the router itself (either the head end or the HUB in each case) to get to its destination. However, beyond that, the purpose and the mechanisms of the two features you mention are completely different.

I hope this has been helpful!

Laz

2 Likes

In the ISATAP lesson, client config section, the tunnel mode command says: tunnel mode ipv6ip and there is no isatap in the end. Was that left out on purpose -because it’s a client- or is that a typo?

Hello @haniyeh.maghsoudi,

That’s right, the client only needs tunnel mode ipv6ip . No need to add the isatap keyword there.

Rene

1 Like

Hi,

I tried to lab this up in CML2 but couldn’t get it working. The configs are identical apart form the interfaces being Gigabit and command no ipv6 nd ra suppress being slightly different.

Headend:

interface Tunnel0
 no ip address
 no ip redirects
 ipv6 address 2001:DB8:13:13::/64 eui-64
 no ipv6 nd ra suppress
 tunnel source GigabitEthernet0/0
 tunnel mode ipv6ip isatap

Client:

interface Tunnel0
 no ip address
 ipv6 address autoconfig
 tunnel source GigabitEthernet0/0
 tunnel mode ipv6ip
 tunnel destination 192.168.23.3

The client is not acquiring an ipv6 address.

Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::C0A8:C01 
  No Virtual link-local address(es):
  Stateless address autoconfig enabled
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::1:FFA8:C01
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND NS retransmit interval is 1000 milliseconds

see also…

R1#sh ipv6 int brief
GigabitEthernet0/0     [up/up]
    unassigned
Tunnel0                [up/up]
    FE80::C0A8:C01

The headend (R3) sh ipv6 int tunnel 0 output is as follows:

Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::5EFE:C0A8:1703 
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:13:13:0:5EFE:C0A8:1703, subnet is 2001:DB8:13:13::/64 [EUI]
  Joined group address(es):
    FF02::1
    FF02::1:FFA8:1703
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is not supported
  ND reachable time is 30000 milliseconds (using 30000)
  ND NS retransmit interval is 1000 milliseconds

which differs slightly from output in the course notes.

I have confirmed full connectivity via OSPF.

I’m beginning to think this is CML related.

Thanks for any help.

Sam