CCNA Configuring IPv6


Chapter #1 – Static Addresses

We can configure IPv6 addresses statically, or dynamically (EUI-64, stateful DHCP, stateless DHCP, and SLAAC). Keep in mind that we can have IPv6 and IPv4 at the same time (dual-stack).

Most IPv6 commands are nearly the same as when we configure IPv4. We just use ‘ipv6’ instead of ‘ip’. For example, ‘ipv6 address’ configures an IPv6 address on an interface. The main difference is that we use the subnet mask in CIDR notation, instead of dotted-decimal notation.

As with IPv4, we can use ‘show ipv6 interface brief’ to see a list of IPv6-enabled interfaces and their IPs.

Ping works just as before. If you want to ping using the link-local address, you need to choose the output interface that the ping is sent from. That’s because all IPv6-enabled interfaces have the fe80::/64 network, so ping needs to know which one we mean.

Although we would normally use DNS to map names to IPs, we can also do this on a case-by-case basis, using the ‘ipv6 host’ command.

Chapter #2 – EUI-64

EUI-64 is a process that dynamically generates a 64-bit host portion of an IPv6 address. It does not generate the prefix, this is obtained in other ways.

EUI-64 uses the network card’s 48-bit MAC address. It breaks it into two even halves and enters the value ‘FF FE’ between them. This turns it into a 64-bit value.

It will then flip the seventh bit. The reasons why really aren’t all that important, and to be honest, aren’t even interesting.

Prefixes can be manually assigned through configuration (eg, ‘ipv6 address <prefix>/64 eui-64’), or dynamically assigned through SLAAC or DHCP. In the case of link-local addresses, the prefix is always fe80::/64.

Chapter #3 – Neighbour Discovery

NDP is a collection of tools used with IPv6. One of its jobs is to resolve IP addresses to MAC addresses (the former job of ARP). Another job is to discover routers in the local network, and another is to discover network prefixes and discover duplicate addresses.

NDP uses ICMPv6, including four special messages:

  • RS – Router Solicitation
  • RA – Router Advertisement
  • NS – Neighbour Solicitation
  • NA – Neighbour Advertisement

A client will ask a router for information, such as a prefix, using an NS message. This is sent to the ‘all routers’ multicast group (all multicast groups start with ‘FF’, and all link-local groups start with ‘FF02’). The router replies with the RA message, including the information requested.

The solicited-node multicast addresses is critical to NDP. It has the format ‘ff02::1:ffxx:xxxx’. The last 24-bits are the last 24-bits of the IPv6 address on the interface. This way, one device can ‘guess’ the solicited-node multicast address that another device belongs to. This makes IP to MAC resolution easier, as well as duplicate address detection. This is all without needing broadcasts.

When a MAC address to IP binding is learned, it is added to the neighbour cache. This is the IPv6 equivallent of the ARP cache.

Chapter #4 – SLAAC

SLAAC (Stateless Address Auto-Configuration) is a method of giving a client a 64-bit IPv6 prefix. The client can then use EUI-64 to generate the host 64-bits of the IP address, resulting in a full address.

SLAAC is stateless. It does not keep a track of the IPs that have been dynamically generated.

A client in need of an IP address will use NDP to request a prefix from a router. It does this by sending an RS message to the ‘all routers’ multicast group. The router responds with an RA message.

On the router, ‘ipv6 unicast-routing’ must be enabled. Then all that’s required is a valid IP address on its interface. It will automatically send RA messages at intervals, or in response to RS messages.

If needed, RA messages can be suppressed per-interface with the ‘ipv6 nd ra suppress’ command.

The problem with SLAAC is that it only provides the client with a prefix. It does not provide DNS server IPs or other information (like DHCP can).

Chapter #5 – DHCPv6

DHCPv6 can be stateful or stateless. Stateful DHCP keep a track of the addresses that have been allocated, while stateless does not. Stateful allocates IP addresses from a pool, while stateless allocates only a prefix, letting SLAAC do the rest.

Both types of DHCP send additional options, such as the IP addresses of DNS servers, to clients.

The client still uses NDP to communicate with the router, and request an IP.

NDP will use the ‘managed config’ flag if the IP address is being delivered through stateful DHCP. It will use the ‘other config’ flag if the IP is delivered through stateless DHCP/SLAAC.

Command Summary

show ipv6 interface briefGlobal ExecShow all IPv6 enabled interfaces and IPs
ipv6 address <ip>Interface configurationAdd an IPv6 address to an interface
ipv6 host <name> <ip>ConfigurationAssign an IP to a hostname
ipv6 address <prefix> eui-64Interface configurationAssign an IP to an interface with EUI-64
ipv6 unicast-routingConfigurationEnable IPv6 routing globally
ipv6 address autoconfigInterface configurationTell an interface to request it’s IP using SLAAC
ipv6 nd ra suppressInterface configurationSuppress sending NDP Router Advertisements on an interface
ipv6 dhcp pool <name>ConfigurationCreate an IPv6 DHCP pool
address prefix <prefix>DHCP configurationConfigure a DHCP assigned prefix
dns-server <ip>DHCP configurationDNS server IP to assign through DHCP
domain-name <domain>DHCP configurationDomain name to assign through DHCP
ipv6 nd managed-config-flagInterface configurationSet the managed config flag in NDP (enable DHCP, not SLAAC)
ipv6 enableInterface configurationEnable IPv6 on an interface
ipv6 address dhcpInterface configurationConfigure an interface to request an IP from a DHCP server
ipv6 nd other-config-flagInterface configuraitonTell the client the address/prefix is assigned with SLAAC, not DHCP