IPv6 Client IP Address LearningInformation About IPv6 Client Address LearningClient Address Learning is configured on device to learn the IPv4 and IPv6 address of wireless client, and the client's transition state maintained by the device on association and timeout. Show
There are three ways for an IPv6 client to acquire IPv6 addresses:
In all of these methods, the IPv6 client always sends a neighbor solicitation Duplicate Address Detection (DAD) request to ensure that there is no duplicate IP address on the network. The device snoops on the Neighbor Discovery Protocol (NDP) and DHCPv6 packets of the client to learn about its client IP addresses. Address Assignment Using SLAACThe most common method for IPv6 client address assignment is SLAAC, which provides simple plug-and-play connectivity, where clients self-assign an address based on the IPv6 prefix. SLAAC is configured as follows:
The following Cisco IOS configuration commands from a Cisco-capable IPv6 router are used to enable SLAAC addressing and router advertisements:
Stateful DHCPv6 Address AssignmentThe use of DHCPv6 is not required for IPv6 client connectivity if SLAAC is already deployed. There are two modes of operation for DHCPv6, that is, Stateless and Stateful. The DHCPv6 Stateless mode is used to provide clients with additional network information that is not available in the router advertisement, but not an IPv6 address, becuase this is already provided by SLAAC. This information includes the DNS domain name, DNS servers, and other DHCP vendor-specific options. Figure 2. Stateful DHCPv6 Address AssignmentThe following interface configuration is for a Cisco IOS IPv6 router implementing stateless DHCPv6 with SLAAC enabled:
Router SolicitationA Router Solicitation message is issued by a host controller to facilitate local routers to transmit a Router Advertisement from which the controller can obtain information about local routing, or perform stateless auto configuration. Router Advertisements are transmitted periodically and the host prompts with an immediate Router Advertisement using a Router Solicitation such as - when it boots or following a restart operation. Router AdvertisementA Router Advertisement message is issued periodically by a router or in response to a Router Solicitation message from a host. The information contained in these messages is used by a host to perform stateless auto configuration and to modify its routing table. Neighbor DiscoveryIPv6 Neighbor Discovery is a set of messages and processes that determine relationships between neighboring nodes. Neighbor Discovery replaces the Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP) Router Discovery, and ICMP Redirect used in IPv4. IPv6 Neighbor Discovery inspection analyzes neighbor discovery messages in order to build a trusted binding table database, and IPv6 Neighbor Discovery packets that do not comply, are dropped. The neighbor binding table in the tracks each IPv6 address and its associated MAC address. Clients are removed from the table according to neighbor-binding timers. Neighbor Discovery SuppressionThe IPv6 addresses of wireless clients are cached by a device once the wireless client is in RUN state. When the device receives an NS multicast, it looks into the IPv6 addresses cached. If the target address is known to the device and belongs to one of its wireless clients, the device converts the NS from multicast to unicast and forward it to the wireless client. If the target address is not present in the cache, then device interprets that the Multicast NS is for a wired entity and forward it towards the wired side and not to the wireless client. The same behaviour is seen for ARP request in case of IPv4 address, where the device maintains IPv4 address of the wireless client in the cache. When neither of the configuration is enabled, and when the device receives Non-DAD or DAD NS multicast looking for an IPv6 address, and if the target address is known to the device and belongs to one of its clients, the device will convert the multicast NS to unicast NS, with the destination MAC address, replaced with client's MAC and forward the unicast packet towards client. When full-proxy is enabled, and when the device receives Non-DAD or DAD NS multicast, looking for an IPv6 address, and if the target address is known to the device and belongs to one of its clients, the device will reply with an NA message on behalf of the client. You can use the ipv6 nd proxy command to enable or disable DAD or full proxy. When the device receives an DAD-NS multicast looking for an IPv6 address, and if the target address is known to the device and belongs to one of its clients, the device will reply with an NA message on behalf of the client. When the device receives Non-DAD NS multicast looking for an IPv6 address, and if the target address is known to the device and belongs to one of its clients, the device will convert the multicast NS to unicast NS, with the destination MAC address, replaced with client's MAC and forward the unicast packet towards client. If the device does not have the IPv6 address of a wireless client, the device does not respond with NA; instead, it forwards the NS packet to the wired side. Reason for forwarding to Wired Side is due to the assumption that all wireless client IPv6 address and the its mapped MAC address should be available in the controller and if an IPv6 address required in the NS is not available, then that address is not a wireless client address, so forwarded to wired side. Router Advertisement GuardThe RA Guard feature increases the security of the IPv6 network by dropping router advertisements coming from wireless clients. Without this feature, misconfigured or malicious IPv6 clients could announce themselves as a router for the network, often with a high priority, which could take precedence over legitimate IPv6 routers. By default, RA guard is always enabled on the controller.
Router Advertisement ThrottlingRA throttling allows the controller to enforce limits to the RA packets headed toward the wireless network. By enabling RA throttling, routers that send multiple RA packets can be trimmed to a minimum frequency that will still maintain an IPv6 client connectivity. If a client sends an RS packet, an RA is sent back to the client. This RA is allowed through the controller and unicast to the client. This process ensures that the new clients or roaming clients are not affected by the RA throttling. Prerequisites for IPv6 Client Address LearningBefore configuring IPv6 client address learning, configure the clients to support IPv6. To enable wireless IPv6 client connectivity, the underlying wired network must support IPv6 routing and an address assignment mechanism, such as SLAAC or DHCPv6. The wireless LAN controller must have L2 adjacency to the IPv6 router.
Configuring RA Throttle Policy (CLI)Configure RA Throttle policy to allow the enforce the limits Procedure
Applying RA Throttle Policy on VLAN (GUI)Procedure
Applying RA Throttle Policy on a VLAN (CLI)Applying the RA Throttle policy on a VLAN. By enabling RA throttling, routers that send many RA packets can be trimmed to a minimum frequency that will still maintain an IPv6 client connectivity. Procedure
Configuring IPv6 Interface on a Switch (GUI)Procedure
Configuring IPv6 on Interface (CLI)Follow the procedure given below to configure IPv6 on an interface: Before you beginEnable IPv6 on the client and IPv6 support on the wired infrastructure. Procedure
Configuring DHCP Pool on Switch (GUI)Procedure
Configuring DHCP Pool on Switch (CLI)Follow the procedure given below to configure DHCP Pool on an interface: Procedure
Configuring Stateless Auto Address Configuration Without DHCP on Switch (CLI)Follow the procedure given below to configure stateless auto address configuration without DHCP: Procedure
Configuring Stateless Auto Address Configuration With DHCP on SwitchFollow the procedure given below to configure stateless auto address configuration with DHCP: Procedure
Configuring Stateless Address Auto Configuration Without DHCP on Switch (CLI)Follow the procedure given below to configure stateless auto address configuration without DHCP: Procedure
Native IPv6 Information About IPv6IPv6 is a packet-based protocol used to exchange data, voice, and video traffic over digital networks. IPv6 is based on IP, but with a much larger address space, and improvements such as a simplified main header and extension headers. The architecture of IPv6 has been designed to allow existing IPv4 users to transition easily to IPv6 while continuing to use services such as end-to-end security, quality of service (QoS), and globally unique addresses. The larger IPv6 address space allows networks to scale and provide global reachability.
General Guidelines
Unsupported Features
Configuring IPv6 AddressingFollow the procedure given below to configure IPv6 addressing:
Procedure
Creating an AP Join Profile (GUI)Procedure
Creating an AP Join Profile (CLI)Procedure
Configuring the Primary and Backup Controller (GUI)Before you beginEnsure that you have configured an AP join profile prior to configuring the primary and backup controller s. Procedure
Configuring Primary and Backup Controller (CLI)Follow the procedure given below to configure the primary and secondary controllers for a selected AP: Procedure
Verifying IPv6 ConfigurationUse the following show command to verify the IPv6 configuration:
What type of ICMPv6 message provides network addressing information to hosts using Slaac?Using SLAAC, the host sends an ICMPv6 (type 135) Router Solicitation (RS) message that requests a Router Advertisement (RA).
Which two ICMPv6 messages are used in the Slaac process?The two ICMPv6 messages used in SLAAC are the router solicitation and the router advertisement.
What is router advertisement messages for IPv6?The RADVD (Router Advertisement Daemon) is used for IPv6 auto-configuration and routing. When enabled, messages are sent by the router periodically and in response to solicitations. A host uses the information to learn the prefixes and parameters for the local network.
What is RA configuration?A device periodically sends Router Advertisement (RA) messages that carry prefixes and flag bits, or responds to the router request messages with RA messages.
|