Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Configuring ipv6 on cisco 877

Reply
Thread Tools

Configuring ipv6 on cisco 877

 
 
Tony Hoyle
Guest
Posts: n/a
 
      12-07-2005
I have a cisco 877 that's been working fine (after an RMA on the first
one I had due to overheating issues) and thought I'd like to re-enable
ipv6, since the router supports it.

The configuration seems simple enough - the tunnel broker (btexact -
the only one left in the UK AFAIK) provides a script to configure IOS.
However although everything looks like it has worked, I cannot ping any
ipv6 addresses on the other end of the tunnel.

eg.
defiant#ping www.kame.net

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:200:0:8002:203:47FF:FEA5:3085,
timeout is 2 seconds:
......
Success rate is 0 percent (0/5)

A debug log (debug ip tunnel/debug ip packet) shows the packets going
out, but nothing is coming back at all..
050632: Dec 7 15:37:53.530: Tunnel0: IPv6/IP encapsulated
84.9.223.40->213.121.24.85 (linktype=79, len=120)
050633: Dec 7 15:37:53.530: IP: s=84.9.223.40 (Tunnel0),
d=213.121.24.85 (Dialer0), len 120, sending, proto=41
050646: Dec 7 15:40:20.167: Tunnel0: IPv6/IP encapsulated
84.9.223.40->213.121.24.85 (linktype=79, len=123)
050647: Dec 7 15:40:20.167: IP: s=84.9.223.40 (Tunnel0),
d=213.121.24.85 (Dialer0), len 123, sending, proto=41

At this point I'm stumped - short of asking to ISP to see if the
packets are actually leaving the cisco (which would be a major pain -
they don't 'support' anything but Windows and getting them to
understand such a request is not something I'm really keen to do).

Of course it's possible the tunnel broker is dead (it worked 2 years
ago when I last dabbled in ipv6, but a lot can happen in that time)..
I'd have to find another one then but they're getting scarce - all I
can find are dead links... any ideas for live ones? (preferably in
europe but if there are none there I'd settle for a US one).

Tony

(relevant bits of running config)
interface Tunnel0
description BTexact Technologies tunnel broker (tb.ipv6.btexact.com)
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ipv6 address 2001:618:400::549F28/128
ipv6 enable
ipv6 mtu 1280
tunnel source Dialer0
tunnel destination 213.121.24.85
tunnel mode ipv6ip
end

interface Vlan1
description $FW_INSIDE$
ip address 192.168.44.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
ipv6 address 2001:618:400:2EEA::/64 eui-64
ipv6 enable
ipv6 mtu 1280
end

 
Reply With Quote
 
 
 
 
michaeldale@gmail.com
Guest
Posts: n/a
 
      12-07-2005
Mmm, google gave me an error.

try adding:

ipv6 unicast-routing

To your config#

 
Reply With Quote
 
 
 
 
michaeldale@gmail.com
Guest
Posts: n/a
 
      12-08-2005
Try adding:

ipv6 unicast-routing

To your config#

 
Reply With Quote
 
Tony Hoyle
Guest
Posts: n/a
 
      12-08-2005

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Mmm, google gave me an error.
>
> try adding:
>
> ipv6 unicast-routing
>
> To your config#


Already got that, and a default route (ipv6 route ::/0 Tunnel0).

I'll post the whole thing, hopefully without any passwords etc. It's
SDM generated so is rather big (btw. does anyone know why an interface
would vanish from SDM? It can't see Dialer0 for some reason, even
though it's there and functioning).

Tony

---

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname defiant
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 52000 debugging
enable secret xxxx
enable password xxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.44.1 192.168.44.15
!
ip dhcp pool sdm-pool1
import all
network 192.168.44.0 255.255.255.0
dns-server 192.168.44.7 192.168.44.3
default-router 192.168.44.1
domain-name local.nodomain.org
netbios-name-server 192.168.44.4
!
!
ip dhcp update dns
ip tcp synwait-time 10
no ip bootp server
ip domain name local.nodomain.org
ip name-server 192.168.44.7
ip name-server 192.168.44.3
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM sip
ip ips sdf location flash://sdmips.sdf
ip ips sdf location flash://128MB.sdf
ip ips notify SDEE
ip ddns update method sdm_ddns1
DDNS both
!
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
!
ipv6 unicast-routing
!
crypto pki trustpoint TP-self-signed-4147855391
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4147855391
revocation-check none
rsakeypair TP-self-signed-4147855391
!
!
crypto pki certificate chain TP-self-signed-4147855391
certificate self-signed 01
quit
username root privilege 15 secret xxxxxx
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_gnutella
class sdm_p2p_bittorrent
class sdm_p2p_edonkey
class sdm_p2p_kazaa
!
!
!
!
!
!
interface Tunnel0
description BTexact Technologies tunnel broker (tb.ipv6.btexact.com)
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ipv6 address 2001:618:400::549F28/128
tunnel source Dialer0
tunnel destination 213.121.24.85
tunnel mode ipv6ip
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
no cdp enable
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.44.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
ipv6 address 2001:618:400:2EEA::/64 eui-64
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxx
ppp chap password xxxx
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.1.0 255.255.255.0 192.168.44.4 2 permanent
!
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.44.4 1723 interface Dialer0
1723
ip nat inside source static tcp 192.168.44.3 873 interface Dialer0 873
ip nat inside source static tcp 192.168.44.3 2401 interface Dialer0
2401
ip nat inside source static tcp 192.168.44.3 22 interface Dialer0 22
ip nat inside source static tcp 192.168.44.3 25 interface Dialer0 25
ip nat inside source static tcp 192.168.44.3 80 interface Dialer0 80
ip nat inside source static tcp 192.168.44.7 53 interface Dialer0 53
ip nat inside source static udp 192.168.44.7 53 interface Dialer0 53
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.44.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.44.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 192.168.44.0 0.0.0.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 permit 41 any any
access-list 101 permit gre any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 873
access-list 101 permit tcp any any eq 2401
access-list 101 permit tcp any any eq 22
access-list 101 permit udp any any eq domain
access-list 101 permit tcp any any eq domain
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq www
access-list 101 remark Auto generated by SDM for NTP (123)
ntp2.mcc.ac.uk
access-list 101 permit udp host 130.88.200.6 eq ntp any eq ntp
access-list 101 remark Auto generated by SDM for NTP (123)
ntp1.mcc.ac.uk
access-list 101 permit udp host 130.88.200.98 eq ntp any eq ntp
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny tcp any any eq 135
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 445
access-list 101 deny ip any any log
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.168.44.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 199 permit 41 any any
access-list 199 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Tunnel0
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 102 in
password xxxx
authorization exec local_author
login authentication local_authen
transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
no process cpu extended
no process cpu autoprofile hog
ntp clock-period 17174925
ntp server 130.88.200.98 source Dialer0
ntp server 192.168.44.7 source Vlan1 prefer
ntp server 130.88.200.6 source Dialer0
end

 
Reply With Quote
 
Tony Hoyle
Guest
Posts: n/a
 
      12-08-2005

Tony Hoyle wrote:

> Already got that, and a default route (ipv6 route ::/0 Tunnel0).
>
>

The problem is btexact was broke. I setup a tunnel with Hurricane
Electric in the US and it worked first time... It's a 300ms ping to the
first hop though..

Now I have to work out the firewall.. it'd be easier if SDM supported
ipv6 but that's not likely to happen, so I'll have to get to grips with
building access lists manually (looks quite hard, as you can't delete
individual entries or move them).

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 877 IPv6 issue Mike Zanker Cisco 2 10-30-2009 12:01 AM
Re: Newbie, Cisco 877, ipv6, IOS, completely stuck News Reader Cisco 10 04-19-2008 04:51 PM
Cisco 877 & Cisco 827 as backup Simon Gronow Cisco 2 12-18-2006 06:58 AM
cisco 877 pptp passthrough Cen Cisco 1 08-17-2005 02:22 AM
Ipv6 on a ipv4/ipv6 hostname Jesse van den Kieboom Ruby 1 06-05-2005 12:57 PM



Advertisments