This topic is to discuss the following lesson:
HI Rene’
I not understand very well why the eui-64 i s needed, and also why on R1 the command
tunnel mode ipv6ip isatap
is not needed.
Also I’m testing this configuration on gns3 and router r1 not install a static route.
1 Like
Hello Giovanni
According to Cisco documentation, when configuring ISATAP:
The IPv6 tunnel interface must be configured with a modified EUI-64 address
because the last 32 bits in the interface identifier are constructed using the IPv4 tunnel source address.
If you were to specify the address fully, the ISATAP operation would not function.
Also, when you configure tunnel mode ipv6ip isatap on the headend, there is no need to specify the mode in which the tunnel will be functioning on the client. On the client, you also set ipv6 address autoconfig, which means that it will obtain the IPv6 address (and the mode of the tunnel) from the headend.
I hope this has been helpful!
Laz
1 Like
Hi Rene and Laz,
Would you say that the ISATAP operation is very similar to the DMVPN Phase 1 where all of the tunnel traffic has to traverse the “Headend” router just like with DMVPN phase 1 and its “HUB”?
1 Like
Hello Nitay
It is similar only so far as the traffic actually traverses the router itself (either the head end or the HUB in each case) to get to its destination. However, beyond that, the purpose and the mechanisms of the two features you mention are completely different.
I hope this has been helpful!
Laz
2 Likes
In the ISATAP lesson, client config section, the tunnel mode command says: tunnel mode ipv6ip and there is no isatap in the end. Was that left out on purpose -because it’s a client- or is that a typo?
Hello @haniyeh.maghsoudi,
That’s right, the client only needs tunnel mode ipv6ip . No need to add the isatap keyword there.
Rene
1 Like
Hi,
I tried to lab this up in CML2 but couldn’t get it working. The configs are identical apart form the interfaces being Gigabit and command no ipv6 nd ra suppress being slightly different.
Headend:
interface Tunnel0
no ip address
no ip redirects
ipv6 address 2001:DB8:13:13::/64 eui-64
no ipv6 nd ra suppress
tunnel source GigabitEthernet0/0
tunnel mode ipv6ip isatap
Client:
interface Tunnel0
no ip address
ipv6 address autoconfig
tunnel source GigabitEthernet0/0
tunnel mode ipv6ip
tunnel destination 192.168.23.3
The client is not acquiring an ipv6 address.
Tunnel0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C0A8:C01
No Virtual link-local address(es):
Stateless address autoconfig enabled
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::1:FFA8:C01
MTU is 1480 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds
see also…
R1#sh ipv6 int brief
GigabitEthernet0/0 [up/up]
unassigned
Tunnel0 [up/up]
FE80::C0A8:C01
The headend (R3) sh ipv6 int tunnel 0 output is as follows:
Tunnel0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::5EFE:C0A8:1703
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:13:13:0:5EFE:C0A8:1703, subnet is 2001:DB8:13:13::/64 [EUI]
Joined group address(es):
FF02::1
FF02::1:FFA8:1703
MTU is 1480 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds
which differs slightly from output in the course notes.
I have confirmed full connectivity via OSPF.
I’m beginning to think this is CML related.
Thanks for any help.
Sam
Hi @samirkhair ,
I ran into the same issue with both IOSv and CSR1000v on CML2. From what I can see, the config hasn’t changed:
On both routers, I enabled debug ipv6 nd. With IOSv, I don’t see any packets making it to the other side:
R1#show int tun0 | include packets
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
87 packets output, 5728 bytes, 0 underrunsR3#show int tun0 | include packets
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
95 packets input, 10036 bytes, 0 no buffer
0 packets output, 0 bytes, 0 underrunsWith the CSR1000v, I do see some interaction:
R1#show int tun0 | include packets
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2 packets input, 192 bytes, 0 no buffer
13 packets output, 1092 bytes, 0 underrunsR3#show int tun0 | include packets
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
11 packets input, 900 bytes, 0 no buffer
2 packets output, 232 bytes, 0 underrunsThe client doesn’t get an IPv6 address though. I don’t see anything meaningful with debug ipv6 nd.
Next week, I receive 2x ISR4331. I’ll give it another try then.
Rene
Hi Rene,
Thanks for the follow-up.
I’m getting the impression CML doesn’t quiet work 100% for all the features it claims it supports. Which throws me when I’m troubleshooting.
Thanks again,
Sam
Hi Sam,
Usually, the L2 features cause issues. Things like IGMP snooping.
I wouldn’t expect IPv6 tunneling and routing to fail but you never know…I’ll let you know next week what happens on my routers 
Rene
Hi Rene,
Thanks very much.
Sam
Hi Sam,
It took a bit longer but I tested this today. Still running into the same issue. This time, I’m running Cisco IOS XE Software, Version 17.04.01a on an ISR4331.
I did find something though. It seems to be related to the client. When I use Windows 10 as a client, it’s working
PS C:\Windows\system32> Set-NetIsatapConfiguration -State Enabled -Router 10.56.100.130 -PassThru
Description : ISATAP Configuration
State : Enabled
Router : 10.56.100.130
ResolutionState : Default
ResolutionIntervalSeconds : 60I can check my IPv6 address here:
PS C:\Users\info> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{FB3F1AD9-0574-4637-AFD2-CD6EFA0FC4C9}:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:db8:13:13:0:5efe:10.56.100.1
Link-local IPv6 Address . . . . . : fe80::5efe:10.56.100.1%79
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.44%79
Default Gateway . . . . . . . . . : fe80::5efe:10.56.100.130%79
Tunnel adapter isatap.{2B8ADB1C-52CE-4D47-B118-01E757D41E07}:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::5efe:172.25.0.1%80
Default Gateway . . . . . . . . . :Quick ping to test things:
PS C:\Users\info> ping 2001:DB8:3:3::3
Pinging 2001:db8:3:3::3 with 32 bytes of data:
Reply from 2001:db8:3:3::3: time=1ms
Reply from 2001:db8:3:3::3: time=1ms
Reply from 2001:db8:3:3::3: time=1ms
Reply from 2001:db8:3:3::3: time=1ms
Ping statistics for 2001:db8:3:3::3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1msI tried some of the tunnel mode settings on the router client but no luck.
Rene
Hi Rene,
Thanks for letting me know.
Sam
Hi Lazaros. What type of router and IOS version are you using in lab? I cant find the ipv6 nd suppress-ra command. Thank you!
Hello Frank
Indeed you are correct. The ipv6 nd suppress-ra command was available in IOS versions before 12.4(2)T. From 12.4(2)T and on, the command has become ipv6 nd ra suppress. More information about this can be found at this CIsco command reference:
I hope this has been helpful!
Laz