IP6FD I

IPv6 Fundamentals,
Design, and
Deployment
Version3.0

Lab Guide

Text part Number: 97·2948·02

 Americas Headquarters Asia Pacific Headquarlers Europe Headquarters
Cisco Syslems.lnc. Cisco Systems (USA) Pte. Ud. Cisco Systems Inlernalional BV Amslerdam.
San Jose.CA Singapore The Netherlands

Cisco has more Ihan 200 oflices wortdwide. Addresses. phone numbers. and fax numhers are listad on Ihe Cisco Website al www.cisco.com/go/offices.

( ) Cisco and Ihe Cisco lago are trademarks 01 Cisco Syslems. tne. and/or ils affiliates in Ihe U.S. and other countries. A lis\ing 01 Cisco's Irademarks can be lound al
w'I/W_cisco.com/go/tradomarks. Third party tradomarks mcntioncd aro Ihe property 01 thoir rospoctivo owners. Tho uso 01 tho word paflner daos no! imply a
partnership relationship between Cisco and any other company. (1005R)

IlISCLJ\IMER WARRANTY: TI liS CONTENT IS BEINO PROVIIlED "J\S IS." CISCO MAKES J\ND YOU RECEIVE NO WJ\RRJ\NTIES IN
CONNECTlON WITH TIIE CONTENT PROVIDEIlIIEREUNDER. EXPRESS, IMPLlEIl, STJ\TUTORY OR IN ANY OTIIER PROVISION al'
TI liS CONTENT OR COMMUNICATION BETWEEN CISCO J\ND YOU. CISCO SPECIFICJ\LLY IlISCLAIMS ALL IMPLlEIl
WARRANTlES, INCLUDING WARR,\NTIES 01' MERCHJ\NTJ\BILlTY, NON-INFRINGEMENT J\ND FITNESS lOOR J\ PARTICULJ\R
PURPOSE. OR /\RISING FRO¡\,I/\ COURSE OF DE/\LlNG, US/\(lE OR TRADE PR/\CTICE. This Icarning product nm)' cOlltain early rclcasc
contcnt, .md whilc Cisco bclic\'cs il lo bc accuratc, illhlls slll~jcct lo Ihe discJaimcr abolle.

Lab Guid. © 2010 Cisco and/or its affiliates. AII rights reserved.
 Table of Contents
Lab Guide 1
Overview 1
Outline 1
Lab 2-1: Enabling IPv6 on Hosts 2
Activity Objective 2
Visual Objective 2
Required Resources 3
Command List 3
Job Aids 4
Task 1: Configure IPv4 Addressing and Routing on a PC 6
Task 2: Configure IPv6 Addressing and Routing on a Router 9
Task 3: Configure 8tatic IPv6 Addressing and Routing on a PC That Runs the Windows XP
Operating 8ystem 10
Task 4: Configure 8tatic IPv6 Addressing and Routing on a PC That Runs the Windows 7
Operating 8ystem 11
Task 5: Configure 8tatic IPv6 Addressing and Routing on a PC That Runs the Linux Operating
8ystem 13
Lab 2-2: Using Neighbor Discovery 15
Activity Objective 15
Visual Objective 15
Required Resources 15
Command List 16
Job Aids 17
Task 1: Configure Router Advertisements 17
Task 2: Renumber the Local Network 19
Lab 3-1 : Using Prefix Delegation 21
Activity Objective 21
Visual Objective 21
Required Resources 21
Command List 22
Job Aids 23
Task 1: Configure a Prefix Delegation 8erver and Client 24
Task 2 (Optional): Configure a Non-Prefix Delegation DHCPv6 8erver 28
Lab 4-1: Routing with 08PFv3 30
Activity Objective 30
Visual Objective 30
Required Resources 30
Command List 31
Job Aids 31
Task 1: Configure 08PF 33
Task 2: 8ummarize Route Announcements 39
Lab 4-2: Routing with 18-18 41
Activity Objective 41
Visual Objective 41
Required Resources 41
Command List 42
Job Aids 43
Task 1: Configure 18-18 for IPv6 Routing 44
Task 2: Configure 18-18 8ummarization for IPv6 Routing 47
Task 3: Add IPv4 18-18 Route Exchange 47
Lab 4-3: Routing with EIGRP 49
Activity Objective 49
Visual Objective 49
Required Resources 49
Command List 50
Job Aids 51
Task 1: Configure EIGRP for IPv6 Routing 52
Task 2: Configuring EIGRP for IPv6 8ummarization 54
 Lab 4-4: Routing with BGP and MP-BGP 57
Activity Objective 57
Visual Objective 57
Required Resources 57
Command List 58
Job Aids 59
Task 1: Configure IBGP for IPv6 61
Task 2: Configure EBGP for IPv6 64
Task 3: Configure IPv6 Prefix Filtering in BGP 68
Lab 5-1: Multicasting 69
Activity Objective 69
Visual Objective 69
Required Resources 69
Command List 70
Job Aids 71
Task 1: Configure Multicast by Using Static RPs 72
Task 2: Configure Source-Tree Mullicast 74
Task 3: Configure Embedded RPs 75
Lab 6-1: Implementing Tunnels for IPv6 77
Activity Objective 77
Visual Objective 77
Required Resources 77
Command List 78
Job Aids 79
Task 1: Configure a Static IPv6-in-IPv4 Tunnel 81
Task 2: Implement Basic ISATAP 82
Task 3: Implement ISATAP on a Router 85
Task 4: Integrate ISATAP Between a PC and a Router 86
Lab 7-1: Configuring Advanced ACLs 89
Activity Objective 89
Visual Objective 89
Required Resources 89
Command List 90
Job Aids 91
Task 1: Configure a Standard ACL for IPv6 (Layer 3 Address Filtering) 92
Task 2: Configure an Extended ACL for IPv6 (Layer 3 and Layer 4 Filtering) 94
Task 3: Configure a Reflexive ACL for IPv6 96
Task 4: Configure an Extended ACL for IPv6 (Extension Header Matching) 98
Task 5: Control Inbound IPv6 Access to a Router 101
Lab 7-2: Implementing IPsec and IKE 102
Activity Objective 102
Visual Objective 102
Required Resources 102
Command List 103
Job Aids 104
Task 1: Configure IPsec 106
Lab 7-3: Configuring Cisco lOS Firewall 110
Activity Objective 110
Visual Objective 110
Required Resources 110
Command List 111
Job Aids 112
Task 1: Configure Cisco lOS Stateful Packet Inspection 114
Task 2: Implement Stateless Packet Filtering 115

ii IPv6 Fundamentals, Oesign, and Oeployment (IP6FO) v3.0 © 2010 Cisco Systems, Ine.
 Lab 9-1: Configuring 6PE and 6VPE 117
Activity Objective 117
Visual Objective 118
Required Resources 118
Command List 119
Job Aids 120
Task 1: Enable IPv6 Routing and Configuring of IPv6 Addressing on PE-CE Links 123
Task 2: Configure IPv6 Routing Between PE Routers and CE Routers 123
Task 3: Configure MP-IBGP and Route Redistribution to Exchange IPv6 Routes Between PE
Routers 124
Task 4: Configure 6VPE on 8ervice Provider Edge Routers 128
AnswerKey 130
Lab 2-1 Answer Key: Enabling IPv6 on Hosts 130
Lab 2-2 Answer Key: Using Neighbor Discovery 132
Lab 3-1 Answer Key: Using Prefix Delegation 133
Lab 4-1 Answer Key: Routing with 08PFv3 134
Lab 4-2 Answer Key: Routing with 18-18 134
Lab 4-3 Answer Key: Routing with EIGRP 136
Lab 4-4 Answer Key: Routing with BGP and MP-BGP 137
Lab 5-1 Answer Key: Multicasting 138
Lab 6-1 Answer Key: Implementing Tunnels for IPv6 140
Lab 7-1 Answer Key: Configuring Advanced ACLs 141
Lab 7-2 Answer Key: Implementing IPsec and IKE 144
Lab 7-3 Answer Key: Configuring Cisco 108 Firewall 145
Lab 9-1 Answer Key: Configuring 6PE and 6VPE 147

© 2010 Cisco Systems, lnc. IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 m
iv IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 IP6FD I

Lab Guide

Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.

Outline
This guide includes these activities:
• Lab 2-1: Enabling IPv6 on Hosts
• Lab 2-2: Using Neighbor Discovery
• Lab 3-1: Using Prefix Delegation
• Lab 4-1: Routing with OSPFv3
• Lab 4-2: Routing with IS-IS
• Lab 4-3: Routing with EIGRP
• Lab 4-4: Routing with BGP and MP-BGP
• Lab 5-1: Multicasting
• Lab 6-1: Implementing Tunnels for IPv6
• Lab 7-1 : Configuring Advanced ACLs
• Lab 7-2: Implementing IPsec and IKE
• Lab 7-3: Configuring Cisco lOS Firewall
• Lab 9-1: Configuring 6PE and 6VPE
• Answer Key
Lab 2-1: Enabling IPv6 on Hosts
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will enable basic IPv6 connectivily on PCs that are running Windows XI',
Windows 7, and Linux, and on a Cisco lOS route ... After completing this activity, you will be
able to meet these objectives:
• Configure IPv4 acldressing and routing on a PC
• Configure IPv6 adclressing and routing on a router
• Configure static IPv6 addressing al1(l routing on a PC that uses the Windows XI' operating
system
• Configure slatic IPv6 addressing and routing on a PC that uses the Windows 7 operating
system
• Configure static IPv6 addressing ancl routing on a PC that uses the Linux operating system

Visual Objective
The figure illustrates what you \ViII accomplish in this activity.
all Id && _ 2
Visual Objective for Lab 2-1: Enabling
IPv6 on Hosts

The lab environll1ent is set up so that IPv4 is already configured on router RI. Configure
Windows XI' on PC 1 for IPv4 so thal you can use Telnet to connect to Ihe router.

2 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Required Resources
The table lists the resollrces and eqllipment that are reqllired to complete this activity,

Required Resources

; Device Name Devicé Rolé In the laboratory ,

R1 WAN access router for PC1; used as a default

gateway for IPv4 and IPv6 traffic

PC1 End user with applications that require both IPv4

and IPv6 support by the Windows XP operating
system and the network - - -

PC2 End user with applications that require both IPv4

and IPv6 support by the Windows 7 operating
system and the network

PC3 End user with applications that require both IPv4

and IPv6 support by the Linux operating system
and the network -

Note Each PC uses two NICs, The first card , named MGMT, is used far management purposes
and for accessing the PC via Microsoft Terminal Services (do not modify this interface), The
second ca rd, named LAB, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity,

Command List
The table describes the commands tha! are lIsed in this activity,

Cisco lOS Software Commands

Command Description

ipv6 address prefix Configures a static IP addres s on an interface

ipv6 enable Enables an interface for IPv6

ipv6 nd ra suppress Suppresses IPv6 router advertisement

transmissions on a LAN fterface
(",~o.n\' o ~a\. \ ~ ' ( ipv6 unicast-routing)1 Enables IPv6 routing / \ ..\,J: I~ \?\J ~
\r.- ,"~
show ip interface brief Shows brief IPv4 interface information

show ip route Shows the IPv4 routing table

show ipv6 interface brief Shows brief IPv6 interface information

show ipv6 route Shows the IPv6 routing table

Microsoft Windows PC Commands

Command Description

netsh interface ip set address Configures the IPv4 address, mask, and default
int Dame static ip_addr net_mask gateway to the interface named inLname
def_gw 1
netsh interface ipv6 add address"'" Adds an IPv6 address to an interface on Microsoft
_, '\~, Windows XP
y<.l ~o~' ',Gil!>',' '\:','f.I("

© 2010 Cisco Systems, Ine. lab Guide 3

 Command Description

netsh interface ipv6 add route Adds a route for a specified prefix

netsh interface ipv6 show Displays Windows XP interfaces

interface [intf]
ping Enters the ping command from Windows XP

ping6 Enters the ping6 command from Windows XP

Note You can get detailed help if you type a question mark at the end of the netsh commands; for
example, netsh interface ipv6 add address ?

Linux PC Commands

Command Description

ifconfig Displays all network interface information that has

be en configured

ifconfig interface IPv4-address Sets the IPv4 address on an interface on Linux

netmask netmask {up I down}
ifconfig interface {add I del} Adds or deletes an IPv6 address to an interface
IPv6-address/prefix on Linux

ping Enters the ping command

ping6 Enters the ping6 command

Job Aids
These Job aids are available to help you complete the lab activity:
• The instructor will provide you \Vitil yOllf pod number and otiler pod-access information.
Log this information in the table.

Pod-Access Information

Parameter Value

Your pod number

Username on router Rl -
Password on router Rl -

Username on pel student

Password on pel lab

Username on pe2 administrator

Password on pe2 admin

Username on pe3 root

Password on pe3 lab

Note Router R1 is preconfigured to allow access without any credentials. Any Telnet session or
console access will automatically give you access to privileged mode.

4 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 11 The table illustrates the IPv4 and IPv6 addressing scheme that is lIsed in this lab exercise.

Pod Addressing

Device Interface IPv4 Address and IPv6 Address and

Mask Mask

R1 FastEthernet % 192.168.1.1124 2001 :db9:1:1 ::1/64

PC1 LAS 192.168.1.2/24 2001 :db9:1:1 ::1/64

PC2 LAS 192.168.1.3/24 2001 :db9:1:1 ::e/64

PC3 LAS 192.168.1.4/24 2001 :db9:1:1 ::d/64

© 2010 Cisco Systems, Ine. Lab Guide 5

Task 1: Configure IPv4 Addressing and Routing on a PC
In this task. you will configure your PC with lhe necessary IPv4 configuration informalion to
establish connectivity in lhe lab topology.

Activity Procedure
Complete lhese steps:
Step 1 Connecl to PC I and log in by using the username and password as specified in the
Job Aids section. Click Start, choose Connect To, and then choose Show AH
COllncctions.

\;;;;;~;;;kC~~;;;;ti~~; . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ;. . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i~J¡ ~ Go
-u " " . . , . , ;
Type
N. Status

@ Cre<.'ll'..' a roeNI

º r.onnedion
S",t up <J hor'le O! Sffi,;,!!
offiee r~twcrk
I .
¿MGMT
~,4lAB
lAN or High-Speed InI;er."
LAN or High-Speed Inter .• ,

~ Change Wíndow~
Fil ew.'.:!1 $et.ting~·

5eeAIso

Step 2 Right-click the LAB connection and choose Propertics.

6 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3 . 0 © 201 OCisco Systems, Inc.
 L •.....••••••..•.....................................••...•....1
I Configu!e... j
This c.Qnnection uses ¡he fol1owing ¡tems:
.............................................•.•....•...................,.,.,."

L-~I=n=st=all~···~~1 L[_ _ ~U~n~in~s~ta~II__~1 IL~~P~!o~p~el~tie~s__~

oescription'
Allows your computer to access resources on a Microsoft
network,

~ Sho~ icon in notification area when connected

O Notify me when thi. connection has limited 01 no connec!ivity

OK II Cancel

Step 3 Highlight Internet Protocol (Tep/IP) and click Properties. Statically configure
IPv4 addressing by using these parameters:
• IP address: 192.168.1.2
• Subnet mask: 255.255.255.0
• Default gateway: 192.168.1.1

© 2010 Cisco Systems, Ine. Lab Guide 7

 You can get IP settings assigned autornatically if your network supports
this capability. Otherwise, you need to ask }lour network administratar far
Ihe appropriale IP sellings.

o Qblain an IP address aulomalieally

e Ufe Ihe lollowing IP address: . -........-.. . . . . . . . . . . . . . . . . . . . .¡
!P address: [fl192--------- . 168. 1 . 2
••..•..•........... _...........................................]
Sllbnel mask: [.·.·_m·255.255.255. o
. . ---.------ IJ
__ m._ .•.M....... ··M •••• M.M.MM.M·_· ___ m_·_m
llelaull galeway: 0:192.168.
_-------
•.
1 . 1

e Us~ Ihe lollo.,ing DNS server addresses:

Erelerred DNS server:

álternate DNS server:

I Advanced: .. II
I
r:ÚKmm~ I Cancel

Note The steps show a eommon end user approach lo complele Ihis lask. An allernalive melhod
is lo exeeule Ihe nelsh inl ip sel address LAS slatic 192.168.1.2 255.255.255.0
192.168.1.11 eLl command in Ihe Windows XP command·prompl window.

Activity Verification
You have compleled Ihis lask when you attain Ihese resulls:
• On PC 1, highlighl the LAB interface in the Nelwork Connections window and look in the
left-hand pane under Details. You should see your completed interface COIlfi,,,,

................................ 1\Il G,
N!l(M
.,. ,. ~:.~~.~r. f.~fl-S,:u:':ed ll)f,emrl
tAN l'.>t H(j\·.'5~1 trtl\'!t.",
tAa lf>tl 01 H\t..sr~ooll"tt'!r",
üit~(:t· Ht;h,~ tnte'oot
(Of("~;±;:d
i¡'b1ti6f"; AS'i*t*~AM!)
:!\:l~t Ad,:ttit:'r

8 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Note An allernalive way lo accornplish Ihis slep is by execuling Ihe ipconfig or ne!sh in! ip show
address commands in the Windows XP command-prompt window.

11 Ping the IPv4 address ofRI. The ping should be successful.

C:\>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 tirne=lms TTL=255

Reply fraro 192.168.1.1: bytes=32 tirne=lms TTL=255
Reply fraro 192.168.1.1: bytes=32 time=lrns TTL=255
Reply fraro 192.168.1.1: bytes=32 time=lms TTL=255

ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = O (0% loss),
Approximate round trip times in milli-seconds:
Mínimum = lms, Maxirnum = lms, Average = lms

Task 2: Configure IPv6 Addressing and Routing on a Router

In this task, youlVill configure IPv6 addressing and related parameters on the router.

Note You can connect directly to the console por! 01 the rauter by clicking the rauter icon, or you
can use Telnet and connect Irom your remate desktop session. In either case, you do not
need any account (username and password) to have lull access to enable mode.

Activity Procedure
Complete these steps:
Step 1 On R 1, verify the I Pv4 interfaces. Your output should match the lab topology.
Step 2 Verify the IPv4 routing table.
Step 3 Verify the IPv6 status ofthe interfaces and routing table. Nothing should be
assigned at this point.
Step4 Enable IPv6 lInicast routing in global configllration mode.
Step 5 Enable IPv6 on the FastEthernet O/O interface.
Step 6 Disable neighbor discovery rauter advertisements on the FastEthernet O/O interface.
Step 7 Configure an IPv6 address on the FastElhernet O/O interface. Use the address that is
listed in the Job Aids section.

Activity Verification
You have completed this task when you attain this result:
11 On RI. again verify the IPv6 status oflhe interfaces and rauting table. YoulVill see both
the netlVork (/64) and the host (/128) addresses lhat are assigned to the FastEthernet O/O
interface.
Rl#show ipv6 interface brief
FastEthernetO/O [up/up]
FE80::217:59FF:FE03:19B8
2001:DB9:1:1::1

© 2010 Cisco Systems, Ine. Lab Guide 9

 FastEthernetO/l [actministratively down/down]
SerialO/O/O [administratively down/down]
SerialO/1I0 [administratively down/down]
SerialO/l/l [administratively down/down]

Rl#show ipv6 route

IPv6 Routing Table - 4 entries
Codes: e - Connected, L - Local, S - static, R - RIP, B - BGP
U - Per-user Sta tic route
11 - ISIS LI, 12 - ISIS L2, IA - ISIS interarea, I8 - ISIS surnmary
O - OSPF intra, OI - OSPF ínter, OEI - QSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
e 2001:DB9:1:1::/64 [O/O]
vía ::, FastEthernetO/O
L 2001:DB9:1:1::1/12S [O/O]
vía ::, FastEthernetO/O
L FESO::/IO [O/O]
vía ::, Nulla
L FFOO::/S [O/O]
vía ::, NullO

Task 3: Configure Static IPv6 Addressing and Routing on a PC

That Runs the Windows XP Operating System
In this task, you will contigure a static IPv6 address on your Pe.

Activity Procedure
Complete these steps:
Step 1 Connect to PC I and open a command-prompt window. Verify the list of interfaces.
Step 2 Use the number in lhe Idx column and the LAB interface row from the output ofthe
previous step to verify the detailed status of the LAB interface. The Idx can be
reviewed from the I P address output.
IP Address • • • • . • • . • • • • : feSO::20c:29ff:fed3:7beO%5
Step 3 Add a static I Pv6 address to the LAB interface. Obtain the address fr0111 the Job
Aids section.
Step4 Add a static default II'v6 route to point to router R 1.

Activity Verification
You have completed this lask when yOll altaill these reslllts:
• On PC l. agaill verify the IPv6 status oflhe LAB interface.

C:\>netsh interface ipv6 show interface 5

Querying active state ...

Interface 5: LAB

Addr Type DAD State Valid Life Pref. Life Address

--------- ---------- ------------ ------------ -----------------------------
Hanual Preferred infinite infinite 2001:db9:1:1::f
Link Preferred infinite infinite feSO::20c:29ff:fe3b:aeSd

Connection Name LAB

GUID {EFOD655A-2F4E-4FF2-ASSF-DED2AFB56DS4}
state Connected

10 IPv6 Fundamenlals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Syslems, Inc.
 Metric o
Link lolTU 1500 bytes
True Link MTU 1500 bytes
Current Hop Limit 64
Reachable Time 32s
Base Reachable Time 30s
Retransmission Interval ls
DAD Transmits 1
DNS Suffix
Firewall disabled
Site Prefix Length 48 bits
Zone ID for Link S
Zone ID for site 1
Uses Neighbor Discovery Yes
Sends Router Advertisements No
Forwards Packets No
Link-Layer Address 00-Oc-29-3b-ae-8d

• Review the IPv6 I'ollting table.

C:\>netsh interface ipv6 show routes
Querying active state ...

Publish Type Het Prefix Idx Gateway/lnterface Name

no Manual o : : /0 5 2001:db9:1:1::1

• Test the IPv6 connectivity to 1'0lltel' R l.

C:\>ping6 2001:db9:1:1::1 /

Pinging 2001:db9:1:1::1
from 2001:db9:1:1::f with 32 bytes of data:

Reply from 2001:db9:1:1::1: bytes=32 time=6ms

Reply fram 2001:db9:1:1::1: bytes=32 time<lrns
Rep1y from 2001:db9:1:1::1: bytes=32 tirne<lms
Rep1y from 2001:db9:1:1::1: bytes=32 tirne<lrns

Ping statistics for 2001:db9:1:1::1:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Appraximate round trip times in milli-seconds:
Minimum = Orns, Maximum = 6ms, Average = lms

• On R 1, test the IPv6 connectivity to PC 1.

Rl#ping ipv6 2001:db9:1:1::f

Type escape sequence to aborto

Sending 5, lOO-byte ICMP Echos to 2001:DB9:1:1::F, timeout is 2 seconds:
!!!! !
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms

Task 4: Configure Static IPv6 Addressing and Routing on a PC

That Runs the WJndows 7 Operating System
In this task, yOll \ViII configure a static IPv6 addl'ess on yOlll' PC.

© 2010 Cisco Systems, lnc. lab Guide 11

Activity Procedure
Complete these steps:
Step 1 Connect to PC2 and log in by IIsing the IIsername and password that are specified in
lhe Job Aids section. Click Start, choose Control Panel, and then choose View
Network Status and Tasks lindel' Network and Internet.

·¡~QE;~~,;¡p;;¡~~~!:¡f'.í~5':;'~~i~'tf.f'~"'~::ITX!llJ~;~.m,~~:::::~..... ~.:.,:~! i ••.•••i ••

Cor.t!oIP<'l'lclH~ Vlew yllur b.uk nebrork ¡nCotmlltion "'00 ,et up connectlons

CI~e ao.l~.,.,. ~~ttir,r;¡~

c~ ""v~ed sh~Wl? 5ett",~$

..'
.-.;
foki,\~netWOfI<5 Internet

,
j A<;Cf'$~ t,'Pe: No Inttmet MCez
¡ Coonectloni: :¡¡ tAO

~ uoldentlfled netwo.k 1A<:.ceS$ t'(p!li No Internet oI!Ccess

. . . . . l'\.Jbt(/letwork !, Conoections: 'Í$ MGI~T

'~"i' Set up a n~w corne<!j()n 01 ~twoll;

-... ~ sct Up" wreless, bt~, dJI·lJP, .'Idho<::, or vtN comectlon; or $ti: Up <I.OIteror ilCCel'S pont •

• ~ Conned to a netw«k
... COI1I'I!lct orrecOl"W"ll'Cttoal'heless, I'ked, dIal·up, or VPtl networkeor.r.e<:tlon.
I
~~ choose hcrMQ!'Oup ¿.nd shafllY,l ~k>rt$
Il 5eealso At:cess ftes <'lfl<I pthtefs Ioc~ed on other netl'lorkcOl'l>pOJ:efS, or chang:! SMrnq scttlngs.
t HOIl-.«i,úUíI
lroub!eshoot pr~
1:,. Intcm~t 0p!oos Dill9f'\O'$c .and rep.w OOVlol'k ptoblems, er gct trO\lboles.'loottog InfCfm&Ion.
!\ WindowsF.~.'Mll

L.
Step 2 Choose the network connection named LAB and click I'roperties. Highlight
Internet I'rotocol VCl'sion 6 (TCI'/Il'v6)'and click I'l'opel'ties. Then enter
inforl1lation according to lhe table in the Job Aids section.

", -',,""',

i: Vou cán get lFiv6 seUlnt;)s ássjgn~d automatiéáHy if yóuÍ' network supports'Úlis,éapability.,::,;>:
Otherwise) you need to ask your network administrator for the appropriate IPv6 settings.'

.. \';, ................
r:'ObtaJn an IPv6 'address áutómaticaH'Í
r- r. Use the fo1!owing lP'I6 address: .'-'--~.~--_._~----'C'-~~. '~~~1
:
ÍPv6 address': 12001:db9:1:1::e I ¡
Subnet prefix length: 164 ' '1
L~~~~~~~~::~~ .._.:....:..c._.l~~~~~L~:~. •.•• ...:.'-~.;•. .:. .:.:...... ",, :",-,. _J... 1I
,(¡f,j"::; áddr'3:.... ¿uli".'' '".'. '•:a• "" ,',: ;' ,', " ;,)' , ,.
>:.";>:",". >:>',' ,:',',::<
r-t." Use the followino DNS server addresses:m"."_.:...·,,~~~. __..•_~~."'.,,-,-,....,,_._'.,~-~._.•_.~~,,":,_~M""'';'":;',"~~~
j " ',' ~ ',,;' ,'" ";0', ,', ,.< ..>.<:.;"",/,\<>">,,,,',"'<:<l
Preferréd DN5 server: '1 ' 1
, ,
j", t~~~:aEe~~~~~j~~___.__'_ ~:':"::"::"",:"":",_,"~~,::.:::.:..:~-,-,:~:'.:...~'.:.~~,::''':~...2.::::::L.:.,,-;_,,,.,}',~..:.'~';,...J~
'"',_ . _', ,, __ 'o, . '" __ "" ,,'" ',' . ,",'" ',_,,,"'''' ",'Ay'''
I
1
1
...:.-~~~~~~~~~==~~'
¡cáncer.l!

12 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Activity Verification
YOl! have completed this task when yOl! attain this result:
• Test Ihe IPv6 connectivity to router R l.
C:\>ping 2001:db9:1:1::1

Pinging 2001:db9:1:1::1 with 32 bytes of data:

Reply frorn 2001:db9:1:1::1: tirne=17rns
Reply frorn 2001:db9:1:1::1: tirne=lrns
Reply frorn 2001:db9:1:1::1: tirne=lrns
Reply frorn 2001:db9:1:1::1: tirne=lrns

Ping statistics for 2001:db9:1:1::1:

~¡;:'1iRl{gs:ti~§:~nf$\''f:l;~¡')Yíl:~E¡¡~1e,4j;''f;II;X;<:íeg"¿1~;j':q (¡IQ:¡;(¡;¡'t'ls~J~
Approximate round trip times in milli-seconds:
Mínimum = 1ms, Maxirnum = 17ms, Average = 5ms

Task 5: Configure Static IPv6 Addressing and Routing on a PC

That Runs the Linux Operating System
In this task, you will configure a static IPv6 address on your pc.
Activity Procedure
Complete these steps:
Step 1 Connect to PC3 and log in by using the username and password that are specified in
the Job Aids section. You willuse CL!.
Step 2 Review the current network interface configllration.
Step 3 Add IPv4 and IPv6 addresses to network interface eth l. Review the Job Aids section
for address information.

Activity Verification
You have completed this task when you attain these reslllts:
• Examine the network interface configuration:
[root@PC3 -j# ifconfig
ethO Link encap:Ethernet HWaddr OO:OC:29:Al:62:F3
inet addr:192.168.250.13 Bcast:192.168.250.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fea1:62f3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:lSOO Metric:l
RX packets:276 errors;O dropped:O overruns:O frame:O
TX packets:219 errors:O dropped:O overruns:O carrier:O
collisions:O txqueuelen:l000
RX bytes:17079 (16.6 KiB) TX bytes:17853 (17.4 KiB)
Interrupt:177 Base address:Ox1400

eth1 Link encap:Ethernet HNaddr 00:OC:29:A1:62:FD

!lJ).éP'¡¡cl~r¡i§ 2'11 6¡j';··r:r.li3a~t¡ r92!T6~lE2S'~Z;H¡¡ski1~5J2$~1'i2~5)¡:O
iin~t.¡;a,dd~!f,e§O::20c ¡ 29ft: feal: 6~:Éd/p4~Cópeí 'qinJ<
;;'n"i,6á8.dr f.;2pO l:db9: 1 :í::d/i;4ScópH1l6ba~ .. ...
UP BROADCAST RUNNING HULTICAST HTU:1500 Metric:1
RX packets:12 errors:O dropped:O overruns:O frame:O
TX packets:54 errors:O dropped:O overruns:O carrier:O
collisions:O txqueuelen:l000
RX bytes:4104 (4.0 KiB) TX bytes:12054 (11.7 KiB)
Interrupt:185 Base address:Ox1480

© 2010 Cisco Systems, Inc. Lab Guide 13

 lo Link encap:Local Loopback
inet addr.127.0.0.1 Mask.255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU.16436 Metric.l
RX packets:8 errors:O dropped:O overruns:O frame:O
TX packets:8 errors:O dropped:O overruns:O carrier:O
collisions:O txqueuelen:O
RX bytes.560 (560.0 b) TX bytes.560 (560.0 b)

• Test the IPv4 connectivity to muter R l.

[root@PC3 -J# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=l ttl=255 time=6.65 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=I.22 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=I.23 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=255 time=l. 46 ms

--- 192.168.1.1 ping statistics ---

4l;>ábkét:il.tfánsinIÜé.d;'¡lfEicélvEid,;))%,!pábk~¡Y!dSsl;;t.i-rtie; 3.0Mm~'
;:tt..Ill.i-n~aY9Zll\íl."LJllª~if;!i;";t,~?g~lg:H1Z§:i¡[[1:.~t~11ª:{ii\~
• Test the 1Pv6 connectivity to muter R l.
[root@PC3 -J# ping6 2001:db9:1:1::1
PING 2001:db9:1:1::1(2001:db9:1:1::1) 56 data bytes
64 bytes from 2001:db9:1:1::1: icmp_seq=O ttl=64 time=22.0 ms
64 bytes frorn 2001:db9:1:1::1: icmp_seq=1 ttl=64 time=I.24 ms
64 bytes from 2001:db9:1:1::1: icmp_seq=2 ttl=64 time=0.958 ms
64 bytes from 2001:db9:1:1::1: icmp_seq=3 ttl=64 time=I.08 ms

--- 2001:db9:1:1::1 ping statistics ---

4pac. kets .. transmi ttédir féceliT"d,o%'packet;yósii;)l:line3ol.sms
." • ,_ "" , " ,,," ,__ ",',' ,,', " •• _ ,,,n ""'",, n" '" ,

í't: tmlii/ a;:'9{IIlai/¡itdeir~Y(),§ SS?~ •.3. 4.º1?g;~Jlil??9,~08~:íiis.';pIp~;;2,

14 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Lab 2-2: Using Neighbor Discovery
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity. you will configure router advertisements and ac(just parameters that are
associated with neighbor discovery. After completing this activity, you will be able to meet
these objectives:
• Configure a muter to send router advertisements
• Renumber a localnetwork

Visual Objective
The figure illustrates what you \ViII accomplish in this activity.
ula ! A I l' 2 I_al 1IIIIIIIII.!!III 11 11 aliJlsu
Visual Objective for Lab 2~2: Using
Neighbor Discovery

Required Resources
The table lists the resources and equipment that are required to complete this activity.

Required Resources
.
Device Name Device Role in the Laboratory

R1 WAN access router lor PC1; used as a delault

gateway lor IPv4 and IPv6 traffic

PC1 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

© 2010 Cisco Systems, Ine. Lab Guide 15

 Note The PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAS, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Cornrnand List
The lable describes Ihe commanc\ s thal are lIsed in this activity.

Cisco lOS Software Commands

Command \f\l\¡ """f\\(.u~- ,o~""""""i Oescriplion

debug ipv6 nd Displays debug messages far IPv6 tCMP

neighbor discovery transactions

ipv6 address ipv6-address Configures an IPv6 address on an interface J

ipv6 nd prefix ipv6- ;; Configures an IPv6 prefix 9dvertisement; allows

prefix/prefix-1ength [valid- control over the individual parameters per pre~
lifetime preferred-lifetime] 'o \0
' N (" >0'"
ipv6 nd ra interval maximum-secs Configures the interval between IPv6 router
advertisement transmissions on an interface

ipv6 nd ra suppress Suppresses IPv6 router advertisemenl

Iransmissions on a LAN interface

ping ipv6 ipv6-address Diagnoses basic nelwork connectivity when using

IPv6

undebug a11 Disables all debugging processes

Windows PC Commands

Command Description

netsh interface ipv6 add address Assigns IPv6 address to an interface

interface ipv6-address
~ netsh interface ipv6 delete Removes an IPv6 address from a given interface
address interface ipv6-address
"
netsh interface ipv6 show Displays interface configuration information
interface [interface]

16 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Job Aids
These Job aids are available to help you complete the lab activity:
• The instructor \Viii provide you with your pod number and other pod-access information.
Log this information in the table.

Pod-Access Information

· Para meter Value '.

Your pod number

Username on router Rl
Password on router Rl
Username on PCl student

Password on PCl lab

Note Router R1 is preconfigured to allow access without any credentials. Any Telnet session or
console access will automatically give you access to privileged mode.

• The table illustrates the IPv4 and IPv6 addressing scheme that is used in this lab exercise.

Pod Addressing

Device Inteñace IPv4 Address and IPv6 Address and

. Mask Mask .

R1 FastEthernet 0/0 192.168.1.1124 2001 :db9:1:1 ::1164

2001 :db9:1 :1001 ::1164

PC1 LAB 192.168.1.2124 2001 :db9:1:1 ::f164

2001 :db9:1:1 001 ::f164

Task 1: Configure Router Advertisements

In this task. you will configure router Rito start sending router advertisements and to allow the
client PCI to learn its IPv6 address dynamically.

Activity Procedure
Complete these steps:
Step 1 Connect to PC I and log in by using the credentials that are listed in the Job Aids
section. Verify the statically configured IPv6 address.
Step 2 Open (he command prompt and remove the static IPv6 address from your PC (use
the LAB interface index and the s(atic prefix).
Step 3 On R 1, enable the debugging of IPv6 neighbor discovery events.
Step 4 On the FastEthernet O/O interface. configure rauter advertisements by using the
prefix that is assigned to the LAN (refer to the Job Aids section). Because infinite
lifetimes are not desired, use 5 minutes (312.0 s5'conds) for the lifetimes (both
preferred and val id).
Step 5 Also set the advertisement interval to 30 seconds.

© 2010 Cisco Systems, [ne. lab Guide 17

 Step 6 Stop suppressing the router adveltisements, which were disabled in the initial
con hgllrat¡¡¡¡¡:-

Activity Verification
YOll have completed this task when yOll attain these results:
• On R 1, observe the debllgging Olltput afler enabling router adverlisements.
04:10:47: ICMPv6-ND: Request to send RA for FE80::217:59FF:FE26:3FEO
04:10:47: IC~IPv6-ND: Sending RA from FE80::217:59FF:FE26:3FEO to FF02::1 on
FastEthernetO/O
04:10:47: ICMPv6-ND: MTU = 1500
04:10:47: ICMPv6-ND: prefix = 2001:DB9:1:1::/64 onlink autoconfig
04:10:47: ICMPv6-ND: 300/300 (valid/preferred)

• On PCI. verilY thal anlPv6 address was alltomatically assigned to the PC with the pretix
thal yOll configurecl. Note that Ihe previollsly configllred static and link-local addresses are
still present and val id.
C:\>netsh interface ipv6 show interface 5
Querying active state ...

Interface 5: LAB

Addr Type DAD State Valid Life pref. Life Address

---------- ----------- ----------- -----------------------------
Temporary Preferred 4m56s 4m56s 2001:db9:1:1:e973:b32c:a8ff:la3b
Public Preferred 4m56s 4m56s 2001:db9:1:1:20c:29ff:feeO:651d
Link Preferred infinite infinite fe80::20c:29ff:feeO:651d

Connection Name LAB

GUID {EFOD655A-2F4E-4FF2-A88F-DED2AFB56D84}
state Connected
Metric O
Link MTU 1500 bytes
True Link MTU 1500 bytes
Current Hop Limit 64
Reachable Time 31s
Base Reachable Time 30s
Retransmission Interval ls
DAD Transmits 1
DNS Suffix
Firewall disabled
site Prefix Length 48 bits
Zone ID for Link 5
Zone ID for site 1
Uses Neighbor Oiscovery Yes
Sends Router Advertisements No
Forwards Packets No
Link-Layer Address 00-Oc-29-eO-65-1d

Note II you want to turn off Ihe temporary address type (the delault behavior), apply the netsh
interface ipv6 set privacy state=disabled command belore a new IPv6 address is
assignedtoyourPC. -4-.\. t-\"fl...... \? '" \ ... \~~'-{'c..¡.,.

18 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 11 Verify connectivity frol11 RIto pe I by lIsing the newly assigned IPv6 alltoconfigured
address ofthe Pe.

R1#ping ipv6 2001:db9:1:1:20c:29ff:feeO:651d

Type escape sequence to aborto

Sending 5, lOO-byte ICMP Echos to
2001:DB9:1:1:20C:29FF:FEEO:651D, timeout is 2 seconds:
!! ! !!
Success rate is 100 percent (5/5), round-trip min/avg/rnax =
0/1/4 rns

Task 2: Renumber the Local Network

In this task, you will reconfigure router advertisements to add addresses and adjust prefix
parameters (va lid and preferred lifetimes).

Activity Procedure
Complete these steps:
Slep 1 On R 1, configure an additional address of the FastEthernet 0/0 interface by using the
new global prefix that is assigned to your pod: 2001 :db9: 1:1001 ::1I64.
Step 2 Configure router advertisements by using the new 164 prefix that is identified for
your podo Use 5 minutes (300 seconds) for both preferred and valid lifetimes.
Step 3 Modify the neighbor advertisements for the original prefix that is advertised, by
setting the preferred lifetime to zero.

Activity Verification
YOll have completed this task when you attain these results:
11 Verify that PC 1 now deprecates the use ofthe former prefix and prefers the new one.
C:\>netsh interface ipv6 show interface 5
Querying active state ...

Interface 5: LAB

Addr Type DAD state Valid Life Pref. Life Address

Temporary Preferred 4rn4Bs 4m4Bs 2001:db9:1:1001:e973:b32c:aBff:1a3b

:P¡¡¡:;j.I9j"¡0fN;1'\,~~é.~Fe~.);!}l¡:~;¡\JJm4ás j;TiEfil;;;e¡'4ffi48S"'20.5TtaB9ffTToO·F!í.00'129.lfTfééor6S}Ci
Temporary Deprecated 4rn4Bs···· "Os '2001:db9:1:i:e973,'b32'c:aBff:ia3b' ....
s
F~b'f~ª:;fi;~}~?:J~::{:~'ei?F~C'~'~'e.,'(rt~1~¿~:'4m4'8-S ,~:::i;~r;~¡~";<::?¿'\, ~i:iÓ Y:;:fo ,ó"f)ilfí?M~'riTl)'~o.cT2~'f'f(f~'elfn{51(i
Link Preferred infinite infinite feBO: :20c:29ff':fe'eO:'6Sici '~.''' .....

Connection Name LAB

GUID {EFOD655A-2F4E-4FF2-AB8F-DED2AFB56DB4}
State Connected
Metric O
Link MTU 1500 bytes
True Link MTU 1500 bytes
Current Hop Limit 64
Reachable Time 31s
Base Reachable Time 30s
Retransmission Interval 1s
DAD Transmits 1
DNS Suffix
Firewall disab1ed

© 2010 Cisco Systems, Ine. Lab Guide 19

 Site Prefix Length 48 bits
Zone ID for Link 5
Zone ID for Site 1
Uses Neighbor Discovery Yes
Sends Router Advertisements No
Forwards Packets No
Link-Layer Address 00-Oc-29-eO-6S-ld

• On R 1, verify conneclivily lo PC 1 by lIsing (he new alltoconfiglll'ed address of PC l.

Rl#ping ipv6 2001:db9:1:1001:20c:29ff:feeO:651d

Type escape sequence to aborto

Sending 5, lOO-byte ICMP Echos to 200l:DB9:l:l00l:20C:29FF:FEEO:6SlD, timeout
is 2 seconds:
:,1 i" i !' 'i)
Success rate is 100 percent (5/5), round-trip min/avg/max 0/1/4 ms

20 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Lab 3-1: Using Prefix Delegation
Complete this lab aetivity to practice what you learned in the related module.

Activity Objective
In this aetivity, you \ViII configure a DI-ICPv6 server to delegate a prefix to a DHCPv6 elient.
After eompleting this aetivity. you \Viii be able to meet these objeetives:
• Configure the prefix delegation server and elient
• Configure a non-prefix delegation DHCPv6 server

Visual Objective
The figure illustrales whal you \ViII aecomplish in Ihis aetivity.
_11l1li111 ;==11111&&22. ¡R U.¡!ti ]!!lJl ¡¡¡ái M121 Uf I111I
Visual Objective for Lab 3~1 :
Using Prefix Delegation

DHCPv6 Prefix

\?.3

Required Resources
The table lisIs Ihe resources and equipment that are required lo complete this activity.

Required Resources

Device Name Devlce Role in the Laboratory

Rl WAN access rauler in Sile 1; used as the delault

gateway lor IPv4 and IPv6 traffic

R2 WAN access router in Site 2; used as delault

gateway lor IPv4 and IPv6 traffic

pe1 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

© 2010 Cisco Systems, Ine. Lab Guide 21

 Device Name Device Role in the Laboratory

PC2 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

Note Each PC uses two NICs. The first card, named MGMT, is used lar management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAB, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Cornrnand List
The table describes the commands that are lIsed in this activity.

Cisco 105 Software Commands

Cornrnand Description
•
ipv6 dhcp client pd name Enables DHCP lar the IPv6 clíent process and
enables a request lor prefix delegation thraugh a
specified interface

ipv6 dhcp pool name Configures DHCP lor IPv6 server conliguration-
inlormation pool and enters DHCP lor IPv6 pool
configuration mode

ipv6 dhcp server name • Enables DHCP lor IPv6 service on an interface

ipv6 local pool name prefix Configures a locallPv6 prefix pool

prefix-length

ipv6 nd other-config-flag Sets the "other statelul configuration" flag in IPv6

router advertisemenls and indicates lo the
aUached hosts how they can obtain
\~0' "Ú autoconfiguration information other than
addresses (dns-server inlarmation)

ipv6 route Establishes static IPv6 rautes

prefix-delegation Specilies a manually configured numeric prefix to

be delegated to a specified clíent and (optionally)
a specilied identity association lor prefix
delegation (IAPD) lor that client

show ipv6 dhcp Displays the DUID on a specilied device

show ipv6 dhcp binding Displays automatic clíent bindings lram DHCP lor
the IPv6 server binding table

show ipv6 dhcp pool Displays DHCP lor IPv6 configuration pool
information

show ipv6 interface Displays the usability status 01 interfaces that are
configured lor IPv6

Windows PC Commands

Cornmand Description

netsh interface ipv6 renew Renews the configuration 01 one or all interfaces
[intfName]

22 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Command Description

netsh interface ipv6 show Displays a list 01 interfaces or details for a specific
interface [ifix] interface

Job Aids
These job aicls are available to help you complete the lab activity:
• The instructor will provicle you with your pocl number and other pod-access infol'lnation.
Log this infol'lnation in the table.

Pod-Access Information

- Parameter Value

Your pod number

Username on router Rl -
Password on router Rl -
Username on router R2 -
password on router R2 -

Username on PCl student

Password on PCl lab

Username on PC2 student

Password on PC2 lab

Note Routers R1 and R2 are preconligured to allow access without any credentials. Any Telnet
session or console access will automatically give you access to privileged mode.

• The table illustrates the IPv4 and IPv6 adclressing scheme that is used in this lab exercise.

Pod Addressing
- --
Device Interface IPv4 Address and IPv6 Address and
Mask - -
Mask . -.
R1 FastEthernet % 192.168.1.1/24 2001 :db9:1:1 ::1/64

\u. "2.\'Ó'C." R1 Serial 0/0/0.1 192.168.101.1/30 2001 :db9:1:a::1/64

"'-, \ ~l.\\) . l . \ R2 FastEthernet O/O 192.168.2.1/24 2001 :db9:1:2::1/64

R2 Serial 0/0/0.1 192.168.101.2/30 2001 :db9:1 :a::2/64 / '

PC1 LAB 192.168.1.2/24 2001 :db9:1:1 ::f/64

PC2 LAB 192.168.2.2/24 I 2001 :db9:1 :2::1%4 ,/

• A Frame Relay PVC IS usecl 111 Ihe lab lo IIllerconnecl Ihe (\VO slles.

Frame Relay PVC Details

Source Device OLCI Peer Oevlce OLCI --

R1 111 R2 111

© 2010 Cisco Systems, Ine. Lab Guide 23

Task 1: Configure a Prefix Delegation Server and Client
In this task, youwill contigure muter RI to be a prefix delegalion server, You will also
configure router R2 lo be a prefix delegation client and (optionally) a Dl-ICPv6 server for the
local LAN in Site 2.

Activity Procedure
Complete these steps:
Step 1 On RI, configure a locallPv6 prefix pool.
Step 2 O'eate a Dl-ICPv6 poolnamed GlobalDHCP for the prefix delegalion server by
using Ihe paramelers Ihat are lisled in Ihe table.

Prefix Delegation Server Parameters

Parameter Value

Prefix for delegation to router 2001 :db9: 1:2::/64

R2
Domain name example.com

DNS server address 2001 :db9:1:1 ::abba

Step 3 Configure Ihe Serial 0/0/0.1 interface to acl as a DHCPv6 prefix delegation server.
Step4 On R2, configure Ihe Serial 0/0/0.1 interface as a preflx delegalion client. The
inlerface must be inslructed lo use DHCPv6 preflx delegation to obtain a prefix, and
youl1lusl also give the prefix a logicalname (Site2Prefix).
Step 5 Configure Ihe FaslElhernel % interface wilh IPv6 addresses Ihal are learned from
the DHCPv6 server. Conslruct both a manually configured address (:: 1) and an
auloconfigured address. Use the previously defined name Sile2Prefix lo refer lo Ihe
DHCPv6 client Ihat you configured on interface Serial 0/0/0.1.
Step6 On FastElhernel O/O, send router adverlisements and sel Ihe va lid lifelime lo 1200
and Ihe preferred lifetime lo 600.
In a typical deployment. the DHCPv6 client router will, upon receiving a prefix, configure local
interfaces wilh new addresses and possibly send router advel1isements lo clients that are
downstream so Ihal Ihey can configure IPv6 addresses.

Activity Verification
You have compleled this task when yOll alta in these results:
• On R2, review the prefix delegation client interface status. The FastEthernet O/O interface
has taken the network address from the DHCPv6 server-supplied prefix.
R2#show ipv6 interface brief
FastEthernetO/O [up/up]
FE80::217:59FF:FE26:3E78
2001:DB9:1:2: :1
2001:DB9:1:2:217:59FF:FE26:3E78
FastEthernetO/1 [administratively down/down]
SerialO/O/O [up/uP]
SerialO/0/0.1 [up/up]
FE80::217:59FF:FE26:3E78

24 IPv6 Fundamenlals, Design, and Deploymenl (IP6FD) v3.0 © 201 OCisco Systems, Ine.
 2001:DB9:1:A: :2
SerialO/1/0 [administratively down/down]
SerialO/1/1 [administratively down/down]

• Verify the status ofthe DHCPv6 prefix delegation interface.

R2#show ipv6 dhcp interface
SerialO/0/0.1 is in client mode
State is OPEN
Renew wi11 be sent in 3d11h
List of known servers:
Reachable via address: 2001:DB9:1:A::1
DUID: 00030001001759263FEO
Preference: O
Configuration parameters:
lA PD: lA ID Ox00100001, T1 302400, T2 483840
Prefix: 2001:0B9:1:2::/64
preferred lifetime 604800, valid lifetime 2592000
expires at Oct 03 2007 12:30 PM (2591942 seconds)
ONS server: 2001:0B9:1:1::ABBA
Domain name: example.com
Prefix name: site2Prefix
Rapid-Cornmit: disabled

• On R 1, review the DCHPv6 prefix delegation status. Now that the client has l11ade a prefix
request, the delegated prefix shollld be Iisted.
R1#show ipv6 dhcp binding
Client: 2001:DB9:1:A::2 (SerialO/0/0.1)
DUID: 00030001001759263E78
lA PO: lA lO Ox00100001, T1 302400, T2 483840
Prefix: 2001:DB9:1:2::/64
preferred lifetime 604800, valid lifetime 2592000
expires at Oct 03 2007 12:33 PM (2591815 seconds)

• On pe2, check the LAB interface for the new address, and verify that the PC has
autoconfigllred an IPv6 address frol11 the advertised prefix.
C:\>netsh interface ipv6 show interface
Querying active state ...

Idx Met MTU state Name

------------
6 2 1280 Oisconnected Teredo Tunneling Pseudo-Interface
5 O 1500 Connected LAB
4 O 1500 Connected MmlT
3 1 1280 connected 6to4 Pseudo-Interface
2 1 1280 Connected Automatic Tunneling Pseudo-Interface
1 O 1500 connected Loopback PseudO-Interface

C:\>netsh interface ipv6 show interface 5

Querying active state. ,.

Interface 5: LAB

© 2010 Cisco Systems, Ine. Lab Guíde 25

 Addr Type DAD State Valid Life Fref. Life Address

Temporary Freferred 6d23h53m37s 23h50m50s

2001:db9:1:2:80c7:3586:eead:fd9
Public Preferred 29d23h59m42s 6d23h59m42s 2001:db9:1:2:20c:29ff:feb8:451
Link Freferred infinite infinite fe80::20c:29ff:feb8:451

Connection Name LAB

GUID {EFOD655A-2F4E-4FF2-A88F-DED2AFB56D84}
State Connected
Metric O
Link MTU 1500 bytes
True Link MTU 1500 bytes
Current Hop Limit 64
Reachable Time 26s
Base Reachable Time 30s
Retransmission Interval 1s
DAD Transmits 1
DNS Suffix
Firewall disabled
site Prefix Length 48 bits
Zone ID for Link 5
Zone ID for site 1
Uses Neighbor Discovery Yes
sends Router Advertisements No
Forwards Packets No
Link-Layer Address 00-Oc-29-b8-04-51

Note II Ihe Windows XP machine had a DHCPv6 clienl, Ihe rouler advertisemenl would inslrucl
Ihe PC lo solicil lor olher configuralion inlormalion from a DHCPv6 server (nol a DHCPv6
prefix delegalion server).

• Verify Ihe reachabilily of PC2 from PC 1. Use Ihe dynamically assigned address.
c:\>ping6 2001:db9:1:2:20c:29ff:feb8:451

Pinging 2001:db9:1:2:20c:29ff:feb8:451
from 2001:db9:1:1:49al:d5a9:54bl:8702 with 32 bytes of data:

Reply from 2001:db9:1:2:20c:29ff:feb8:451: bytes=32 time=58ms

Reply from 2001:db9:1:2:20c:29ff:feb8:451: bytes=32 time=48ms
Reply from 2001:db9:1:2:20c:29ff:feb8:451: bytes=32 time=48ms
Reply from 2001:db9:1:2:20c:29ff:feb8:451: bytes=32 time=58ms

Ping statistics for 2001:db9:1:2:20c:29ff:feb8:451:

Packets: Sent 4, Received = 4, Lost = O (0% loss),
Approximate round trip times in milli-seconds:
Mínimum = 48ms, Maximum = 58ms, Average = 53ms

Note Stalic roules have been preconfigured lo enable Ihe reachabilily belween Ihe Iwo siles.

• Verify Ihe path fl"Om PC I lo PC2. Use Ihe dynamically assigned address.
c:\>tracert6 2001:db9:1:2:20c:29ff:feb8:451

Tracing route to 2001:db9:1:2:20c:29ff:feb8:451

26 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 from 2001:db9:1:1:49al:d5a9:54bl:8702 over a maximum of 30
hops:

1 1 rns 1 rns 1 rns 2001: db9: 1: 1: : 1

2 75 rns 75 rns 75 rns 2001:db9:1:a::2
3 64 ms 64 rns 64 ms
2001:db9:1:2:20c:29ff:feb8:451

Trace complete.

• Optiol1ally. yOll may el1able DHCPv6 debllggil1g 011 R I ancl R2.

Rl#debug ipv6 dhcp
IPv6 DHCP debugging is on
R1#
01:09:58: IPv6 DHCP: Received RELEASE fram 2001:DB9:1:A::2 on SerialO/O/O.l
01:09:58: IPv6 DHCP: Freeing prefix 2001:DB9:1:2::/64 to pool GlobalDHCP
01:09:58: IPv6 DHCP: Freeing IA_PD 00110001 froro binding for 2001:DB9:1:A::2
01:09:58: IPv6 DHCP: Freeing binding for 2001:DB9:1:A::2 frarn pool GlobalDHCP
01:09:58: IPv6 DHCP: Sending REPLY to 2001:DB9:1:A::2 on SerialO/0/0.1
01:10:00: IPv6 DHCP: Received SOLICIT froro 2001:DB9:1:A::2 on SerialO/0/0.1
01:10:00: IPv6 DHCP: Sending ADVERTISE to 2001:DB9:1:A::2 on SerialO/0/0.1
01:10:01: IPv6 DHCP: Received REQUEST froro 2001:DB9:1:A::2 on serialO/0/0.1
01:10:01: IPv6 DHCP: creating binding for 2001:DB9:1:A::2 in pool GlobalDHCP
01:10:01: IPv6 DHCP: Allocating IA_PD 00110001 in binding for 2001:DB9:1:A::2
01:10:01: IPv6 DHCP: Allocating prefix 2001:0B9:1:2::/64 in bincting for
2001:DB9:1:A::2, IAID 00110001
01:10:01: IPv6 DHCP: Sending REPLY to 2001:DB9:1:A::2 on Seria10/0/0.1

R2#debug ipv6 dhcp

IPv6 DHCP debugging is on

• Trigger a l1ew DHCP reservatiol1 011 R2.

R2#clear ipv6 dhcp client serialO/O/O.l
R2#
01:09:53: IPv6 DHCP: Removing prefix 2001:0B9:1:2::/64 fram site2Prefix
01:09:53: IPv6 DHCP: Unconfiguring DNS server 2001:DB9:1:1::ABBA
01:09:53: IPv6 DHCP: Unconfiguring doma in name example.com
01:09:53: IPv6 DHCP: Sending RELEASE to FF02::1:2 on Serial0/0/0.1
01:09:53: IPv6 DHCP: DHCPv6 changes state from OPEN to RELEASE (SHUTDOWN) on
SerialO/0/0.1
01:09:53: IPv6 DHCP: Received REPLY froro 2001:DB9:1:A::1 on Seria10/0/0.1
01:09:53: IPv6 DHCP: DHCPv6 changes state from RELEASE to IDLE
(REPLY_RECEIVED) on SerialO/0/0.1
01:09:54: IPv6 DHCP: DHCPv6 changes state from IDLE to SOLICIT (START) on
SerialO/0/0.1
01:09:55: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on SerialO/0/0.1
01:09:55: IPv6 DHCP: Received ADVERTISE froro 2001:DB9:1:A::l on SerialO/O/0.1
01:09:55: IPv6 DHCP: Adding server 2001:DB9:1:A::l
01:09:56: IPv6 DHCP: Sending REQUEST to FF02::1:2 on SerialO/0/0.1
01:09:56: IPv6 DHCP: DHCPv6 changes state froro SOLICIT to REQUEST
(ADVERTISE_RECEIVED) on Serial0/0/0.1
01:09:56: IPv6 DHCP: Received REPLY froro 2001:DB9:1:A::1 on SerialO/O/O.l
01:09:56: IPv6 DHCP: Processing options
01:09:56: IPv6 DHCP: Adding prefix 2001:DB9:1:2::/64 to Site2Prefix
01:09:56: IPv6 DHCP: TI set to expire in 302400 seconds
01:09:56: IPv6 DHCP: T2 set to expire in 483840 seconds
01:09:56: IPv6 DHCP: Configuring DNS server 2001:DB9:1:1::ABBA
01:09:56: IPv6 DHCP: Configuring domain name example.com
01:09:56: IPv6 DHCP: DHCPv6 changes state from REQUEST to OPEN
(REPLY_RECEIVED) on SerialO/0/0.1

© 2010 Cisco Systems, Inc. Lab Guide 27

Task 2 (Optional): Configure a Non-Prefix Delegation DHCPv6
Server
DHCPv6 prefix delegation client routers often run, in turn, as DHCPv6 stateless servers for
downstream devices. In this task, lhe client router \Viii provide thal function.

Note The Windows XP client does not have a DHCPv6 clienl. Therefore. your PC will not actually
make any requests to your rauter.

Activity Procedure
Complete these steps:
Step 1 On R2, configure a DI-ICPv6 server pool named SITE2 by using the parameters that
are listed in the table.

DHCPv6 Server Pool Parameters

Parameter Value

Domain name site2.example.com

DNS server address 2001 :db9:1 :2::beef

Step 2 Configure the FastEthernet O/O interface as a DI-ICPv6 stateless server. Send the
olher configuration information flag in the router advertisement.

Activity Verification
You have completed this task when you attain these results:
• On R2, examine the DI-ICPv6 server running on the FastEthernet O/O interJilce. With no
DI-ICPv6 client on your PC, there should be no active clients.
R2#show ipv6 dhcp pool
DHCPv6 pool: GlobalDHCP
DNS server: 2001:DB9:1:2::BEEF
Domain name: site2.example.com
Active clients: O

• Veril)< that the interface is in DHCPv6 server mode.

R2#show ipv6 dhcp interface
FastEthernetO/O is in server mode
Using pool: DOWNSTREAM
Preference value: O
Hint freID client: ignored
Rapid-Cornmit: disabled
FastEthernetO/l is in client mode
state is OPEN
Renew will be sent in 3dl1h
List of known servers:
Reachable via address: 2001:DB8:FFFF::l
Duro: 0003000100I6C8768B08
Preference: o
Configuration parameters:
lA PO: lA ID OxOOOSOOOI, TI 302400, T2 483840
Prefix: 2001:0B8:E02::/48
preferred lifetime 604800, valid lifetime 2592000
expires at Jun 26 2007 05:31 PM (2591545 seconds)
DNS server: 2001:DB8:E88::ABBA

28 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. tne.
 Domain name: example.com
Prefix name: DHCP-PREFIX
Rapid-Cornmit: disabled

© 2010 Cisco Systems, Inc. Lab Guide 29

lab 4-1: Routing with OSPFv3
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure, operate, and monitor an OSPF routing environment. You
will configure the protocol and examine detailed infonnation about how it works. After
compleling this activity, you will be able to mee! these objectives:
• Configure OSPF
• SUlllll1arize route annOllllcements

Visual Objective
The figure illustrales what you will accomplish in this activity.
2 h
Visual Objective for Lab 4-1 :
Routing with OSPFv3

Required Resources
The table lists the resources and equipment that are required lo complete this activity.

Required Resources

Device Name Device Role in the Laboratory

R1 WAN aeeess router in the Central Site; used as the default gateway for IPv4 and
IPv6 traflie

R2 WAN aeeess router in the Remote Site; used as default gateway for IPv4 and
IPv6 traffie

PC1 End user with applieations that require both IPv4 and IPv6 support by the
operating system and the network

30 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Device Name Device Role in the Laboratory

PC2 End user with applications that require both IPv4 and IPv6 support by the
operating system and the network

Note Each PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAS, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.
~ ..

Cornrnand List
The lable describes Ihe commands that are used in Ihis aclivity.

Cisco 105 Software Commands

;.
Command Descrlption . .

area area-id range ípv6 -prefíx Configures raute summarization at an area

jprefíx-length boundary.

clear ipv6 ospf Clears the OSPF state, based on the OSPF
routing process ID

debug ipv6 ospf Displays important OSPFv3 events for IPv6

ipv6 ospf process-id area area-id Enables OSPF for IPv6 on an interface

ipv6 router ospf Enables OSPF router configuration mode

log-adjacency-changes [detail] Configures the router to send a syslog message

when an OSPF neighbor goes up or down

rout.er-id ip-address Uses a fixed router ID

show ipv6 interface [brief] Displays the brief usability status of interfaces that
are configured for IPv6

show ipv6 ospf Displays information about OSPF routing

processes

show ipv6 route Displays the current contents of the IPv6 routing
table

Windows PC Commands

. Command Description

ping6 Sends pings from Windows XP

tracert6 Discovers and displays the path that a packet

takes through the network

Job Aids
These job aids are available lo help you complete Ihe lab aclivity:
• The instruclor will provide you lVith your pod number and olher pod-access informalion.
Lag this informalion in the table.

© 2010 Cisco Systems, lnc. Lab Guide 31

 Pod-Access Information

Para meter Value

Your pod number

Username on router Rl -
Password on router Rl -

Username on router R2 -

Password on router R2 -

Username on PCl student

Password on PCl lab

Username on PC2 student

Password on PC2 lab

Note Routers Rl and R2 are preconfigured to allow access without any credentials. Any Telnet
session or console access will automatically give you access lo privileged mode.

• The table illllstrates Ihe IPv4 and IPv6 addressing scheme that is lIsed in this lab exercise.

Pod Addressing

Device Interface IPv4 Address and IPv6 Address and

Mask Mask

Rl FastEthernelOIO 192.168.1.1124 2001:db9:1:1::1164 '

Rl Serial 01010.1 192.168.101.1130 2001 :db9:1 :a::1164

Rl Loopback 1 Unassigned 2001 :db9:1 :100::1164

Rl Loopback 2 Unassigned 2001 :db9:1 :200::1164

R2 FastEthernet 010 192.168.2.1124 2001 :db9:2:1 ::1164

R2 Serial 01010.1 192.168.101.2130 2001 :db9:1 :a::2164

R2 Loopback 1 Unassigned 2001 :db9:2:100::1164

R2 Loopback2 Unassigned 2001 :db9:2:200::1164

PCl LAB 192.168.1.2124 2001 :db9:1:1 ::fI64

PC2 LAB 192.168.2.2124 2001 :db9:2:1 ::f164

• A Frame Relay PVC is lIsed in the lab to interconnect the two sites.

Frame Relay PVC Details

Source Device DLCI Peer Device DLCI

Rl 111 R2 111

32 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Task 1: Configure OSPF
OSPF is a lil1k-state protocol that is used inside an AS. Vou \ViII configure OSPF to exchange
l'Outes between the Central Site and the Remote Site.

Activity Procedure
Complete this step:
Step 1 Configure OSPF on l'Outers R I and R2 by using the parameters that are listed in the
table. Enable OSPFv3 for IPv6.

OSPF Parameters
.
Para meter .. R1 R2
Process ID 1 1
Router ID 192.168.1.1 192.168.2.1
Area O FastEthernet 010 -
Loopback 1
Loopback 2
Area 1 Serial 0/0/0.1 FastEthernet 010
Serial 0/0/0.1
Loopback 1
Loopback 2

Activity Verification
Vou have completed this task \Vhel1 you atlain these results:
• 011 R 1, review the OSPF process details. The output should show router R 1 as al1 "area
border router" beca use two areas are configured.
R1#show ipv6 ospf
Routing Process "ospfv3 1" with ID 192.168.1.1
It is an are a border router
SPF schedule delay 5 secs, Hold time between two SPFS 10 secs
Mínimum LSA interval 5 secs. Mínimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 rosees
Number of external LSA O. Checksum Sum OxOOOOOO
Number of areas in this router is 2. 2 normal O stub O nssa
Reference bandwidth unit is 100 mbps
Area BACKBONE(O) (Inactive)
Number of interfaces in this area is 3
SPF algorithm executed 4 times
Number of LSA 9. Checksum Sum Ox0489CE
Number of DCbitless LSA O
Number of indication LSA O
Number of DoNotAge LSA O
Flood list length O
Area 1

© 2010 Cisco Systems, Ine. Lab Guide 33

 Number of interfaces in this area is 1
SPF algorithm executed 3 times
Number of LSA 9. Checksum Sum Ox03ADD4
Number of DCbitless LSA O
Number of indication LSA O
Number of DoNotAge LSA O
Flood list length O

• On R2, review the OSPF process details. The Olltpllt shollld show router R2 as a reglllar
intra-area rOllter becallse all interfaces are in Ihe same area (Area 1).
R2#show ipv6 ospf
Routing Process "ospfv3 1" with ID 192.168.2.1
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA O. Checksum Sum OxOOOOOO
Number of areas in this router is 1. 1 normal O stub O nssa
Reference bandwidth unit is 100 mbps
Area 1
Number of interfaces in this area is 4
SPF algorithm executed 2 times
Number of LSA 12. Checksum Sum Ox0461FA
Number of DCbitless LSA O
Number of indication LSA O
Number of DoNotAge LSA O
Flood list length O

• On RI, condllct a more detailed review ofthe OSPF configllration for IPv6.
R1#show ipv6 ospf interface
Loopback2 is up, line protocol is up
Link Local Address FEBO::217:59FF:FE03:19B8, Interface ID 19
Area O, Process ID 1, Instance ID O, Router ID 192.168.1.1
Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
Loopback1 is up, line protocol is up
Link Local Address FE80::217:59FF:FE03:19B8, Interface ID 18
Area O, Process ID 1, Instance ID O, Router ID 192.168.1.1
Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
FastEthernetO/O is up, line protocol is up
Link Local Address FE80::217:59FF:FE03:19B8, Interface ID 4
Area O, Process ID 1, Instance ID O, Router ID 192.168.1.1
Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 192.168.1.1, local address FE80::217:59FF:FE03:19B8
No backup designated router on this network
Timer intervals configured, HelIo 10, Dead 40, Wait 40, Retransmit 5
HelIo due in 00:00:07
Index 1/1/1, f100d queue length O
Next OxO(O)/OxO(O)/OxO(O)
Last flood scan length is O, maximum is O
Last flood scan time is O msec, roaximum is O rosee
Neighbor Count is O, Adjacent neighbor count is O

34 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Suppress helIo for O neighbor(s)
serialO/O/O.l is up, line protocol is up
Link Local Address FE80::217:59FF:FE03:19B8, Interface ID 17
Area 1, Process ID 1, Instance ID O, Router ID 192.168.1.1
Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, HelIo 10, Dead 40, Wait 40, Retransmit 5
HelIo due in 00:00:05
Index 1/1/2, flood queue length O
Next OxO(O)/OxO(O)/OxO(O)
Last flood sean length is 1, maxirnum is 1
Last flood sean time is O msee, maximum is O rosee
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.2.1
Suppress helIo fer O neighbor(s)

• Review the contents ofthe IPv6 muting table on R I and R2. You willnotice that R I sees
all R2 mutes as intm-area (O) mutes, whereas R2 sees all R I mutes as interarea (01)
mutes.
Rl#show ipv6 route
IPv6 Routing Table - 13 entries
Codes: e - Connected, L - Local, S - Static, R - RTP, B - BGP
U - Per-user static route
11 - ISIS L1, 12 - ISIS L2, lA - ISIS interarea, IS - ISIS surnmary
O - OSPF intra, 01 - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
e 2001:0B9:1:1::/64 [O/OJ
via ::, FastEthernetO/O
L 2001:0B9:1:1::1/128 [O/OJ
via ::, FastEthernetO/O
e 2001:0B9:1:A::/64 [O/OJ
via ::, SerialO/O/O.1
L 2001:0B9:1:A::1/128 [O/OJ
via ::, SerialO/O/O.1
e 2001:0B9:1:100::/64 [O/OJ
via ::, Loopback1
L 2001:0B9:1:100::1/128 [O/OJ
via ::, Loopback1
e 2001:0B9:1:200::/64 [O/OJ
via ::, Loopback2
L 2001:DB9:1:200::1/128 [O/OJ
via ::, Loopback2
o 2001:0B9:2:1::/64 [110/65J
via FE80::217:59FF:FE55:2108, serial0/0/0.1
o 2001:0B9:2:100::1/128 [110/64J
via FE80::217:59FF:FE55:2108, Serial0/0/0.1
o 2001:0B9:2:200::1/128 [110/64J
via FE80::217:59FF:FE55:2108, Serial0/0/0.1
L FE80::/10 [O/OJ
via ::, NullO
L FFOO::/8 [O/OJ
via ::, NullO

R2#show ipv6 route

IPv6 Routing Table - 13 entries
Codes: C - Connected, L - Local, S - static, R - RIP, B - BGP
U - Per-user Sta tic route
11 - ISIS L1, 12 - ISIS L2, lA - ISIS interarea, IS - ISIS surnmary
O - OSPF intra, 01 - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
01 2001:DB9:1:1::/64 [110/65J
via FE80::217:59FF:FE03:19B8, Serial0/0/0.l
e 2001:0B9:1:A::/64 [O/OJ

© 2010 Cisco Systems, Inc. Lab Guide 35

 via .. , SerialO/0/0.1
L 2001:0B9:1:A::2/128 [O/O]
via ::, SerialO/O/O.l
al 2001:0B9:1:100::1/128 [110/64]
via FE80::217:59FF:FE03:19B8, SerialO/0/0.1
al 2001:0B9:1:200::1/128 [110/64]
via FE80::217:59FF:FE03:19B8, SerialO/0/0.1
e 2001:0B9:2:1::/64 [O/O]
via ::, FastEthernetO/O
L 2001:0B9:2:1::1/128 [O/O]
via ::, FastEthernetO/O
e 2001:0B9:2:100::/64 [O/O]
via ::, Loopbackl
L 2001:0B9:2:100::1/128 [O/O]
via !!, Loopback1
e 2001:0B9:2:200::/64 [O/O]
via ::, Loopback2
L 2001:0B9:2:200::1/128 [O/O]
via ::, Loopback2
L FE80::/10 [O/O]
via ::, NullO
L FFOO::/8 [O/O]
via ::, NullO

• Review Ihe OSPF neighbor relationships on RI and R2.

R1#show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID

Interface
192.168.2.1 1 FULL/ 00:00:35 17
SerialO/0/0.1

R2#show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID

Interface
192.168.1.1 1 FULL/ 00:00:37 17
SerialO/0/0.1

• Check the OSPF neighbor details on RI and R2.

Rl#show ipv6 ospf neighbor detail serial 0/0/0.1
Neighbor 192.168.2.1
In the area 1 vía interface SerialO/0/0.1
Neighbor~ interface-id 17, link-local address FE80::217:59FF:FE55:2108
Neighbor priority is 1, state is FULL, 6 state changes
Options is Ox46650FB1
Dead timer due in 00:00:36
Neighbor is up for 00:10:01
Index 1/1/1, retransmission queue length O, number of retransmission 1
First OxO(O)/OxO(O)/OxO(O) Next OxO(O)/OxO(O)/OxO(O)
Last retransmission sean length is 1, maximum is 1
Last retransmission sean time is O msec, maximum is O mse
R2#show ipv6 ospf neighbor detail serial 0/0/0.1
Neighbor 192.168.1.1
In the are a 1 via interface SerialO/0/0.1
Neighbor: interface-id 17, link-local address FE80::217:59FF:FE03:19B8
Neighbor priority is 1, state is FULL, 6 state changes
Options is Ox480120AD
Dead timer due in 00:00:32
Neighbor is up for 00:10:27
Index 1/1/1, retransmission queue length O, number of retransmission O

36 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
 First OxO(O)/OxO(O)/OxO(O) Next OxO(O)/OxO(O)/OxO(O)
Last retransmission sean length is O, rnaxirnum is O
Last retransmission sean time is O msee, maxirnum is O msee

• On PC 1, test IPv6 reachability of PC2 (use IPv6 address 200 l :db9:2: l ::1).
C:\>ping62001:db9:2:1::f

pinging 2001:db9:2:1::f
frem 2001:db9:1:1:eca9:fdd6:6a6e:9b42 with 32 bytes ef data:

Reply from 2001:db9:2:1::f: bytes=32 time=61ms

Reply from 2001:db9:2:1::f: bytes=32 time=4Bms
Reply fraro 2001:db9:2:1: :f: bytes=32 time=48ms
Reply from 2001:db9:2:1::f: bytes=32 time=48ms

Ping statistics for 2001:db9:2:1::f:

Packets: Sent = 4, Received = 4, Lost = O (0% loss),
Approximate round trip times in rnilli-seconds:
Mínimum = 48ms, Maximurn = 61ms, Average = Slms

• Verify the IPv6 path between pe l and PC2.

C:\>tracert62001:db9:2:1::f

Tracing route to 2001:db9:2:1::f

from 2001:db9:1:1:eca9:fdd6:6a6e:9b42 over a maximum of 30
hops:

1 1 ms 1 ms 1 ms 2001:db9:1:1::1
2 75 ms 75 ms 75 ms 2001:db9:1:a::2
3 64 ms 64 ms 64 ms 2001:db9:2:1::f

Trace complete.

• OSPF neighbors send helio messages at intervals to keep track of active neighbors. Display
the exchange of OSPF helio messages.
R1#debug ipv6 ospf helIo
OSPFv3 helIo events debugging is on
R1#
02:45:54: OSPFv3: Rcv helIo froro 192.168.2.1 area 1 froro Seria10/0/0.1
FE80::217:59FF:FE55:2108 interface ID 17
02:45:54: OSPFv3: End of helIo processing
R1#
02:46:04: OSPFv3: Rcv helIo froro 192.168.2.1 area 1 froro Seria10/0/0.1
FE80::217:59FF:FE55:2108 interface ID 17
02:46:04: OSPFv3: End of helIo processing

• OSPF neighbors also exchange LSAs and other information whenever the state ofthe
network topology changes. Trigger the re-establishment of OSPF neighbor relationships.
Rl#debug ipv6 ospf events
OSPFv3 events debugging is on

Rl#clear ipv6 ospf process

© 2010 Cisco Systems, Inc. Lab Guide 37

 Reset ALL OSPF processes? [no]: y'~~

02:47:16: OSPFv3: Flushing External Links

02:47:16: OSPFv3: Flushing Link states in are a O
02:47:16: Insert LSA O adv_rtr 192.168.1.1, type Ox2001 in maxage
02:47:16: Insert LSA O adv_rtr 192.168.1.1, type Ox2003 in maxage
02:47:16: Insert LSA 1 adv_rtr 192.168.1.1, type Ox2003 in maxage
02:47:16: Insert LSA 2 adv rtr 192.168.1.1, type Ox2003 in maxage
02:47:16: Insert LSA 3 adv_rtr 192.168.1.1, type Ox2003 in maxage
02:47:16: Insert LSA 19 adv_rtr 192.168.1.1, type Ox8 in maxage
02:47:16: Insert LSA 18 adv_rtr 192.168.1.1, type Ox8 in maxage
02:47:16: Insert LSA 4 adv_rtr 192.168.1.1, type Ox8 in maxage
02:47:16: Insert LSA O adv_rtr 192.168.1.1, type Ox2009 in maxage
02:47:16: OSPFv3: Interface Loopback2 going Down
02:47:16: OSPFv3: Interface Loopback1 going Down
02:47:16: OSPFv3: Interface FastEthernetO/O going Down
02:47:16: OSPFv3: Neighbor change Event on interface FastEthernetO/O
02:47:16: OSPFv3: DR/BDR election on FastEthernetO/O
02:47:16:
R1# OSPFv3: Elect BDR 0.0.0.0
02:47:16: OSPFv3: Elect DR 0.0.0.0
02:47:16: OSPFv3: Elect BDR 0.0.0.0
02:47:16: OSPFv3: Elect DR 0.0.0.0
02:47:16: DR: none BOR: none
02:47:16: OSPFv3: Flush network LSA irnmediately
02:47:16: OSPFv3: Remember old DR 192.168.1.1 (id)
02:47:16: OSPFv3: Flushing Link states in area 1
02:47:16: Insert LSA O adv_rtr 192.168.1.1, type Ox2001 in maxage
02:47:16: Insert LSA O adv_rtr 192.168.1.1, type Ox2003 in maxage
02:47:16: Insert LSA 1 adv rtr 192.168.1.1, type Ox2003 in maxage
02:47:16: Insert LSA 2 adv_rtr 192.168.1.1, type Ox2003 in maxage
02:47:16: Insert LSA 17 adv_rtr 192.168.1.1, type Ox8 in maxage
02:47:16: Insert LSA O adv_rtr 192.168.1.1, type Ox2009 in maxage
02:47:16: OSPFv3: Interface SerialO/0/0.1 going Down
02:47:16: OSPFv3: 192.168.2.1 address FE80::217:S9FF:FESS:2108 on
SeriaI0/0/0.1 is dead, state DOWN
02:47:16: %OSPFv3-S-ADJCHG: Process 1, Nbr 192.168.2.1 on SeriaI0/0/0.1 from
FULL to DOWN, Neighbor Down: Interface down or detached
02:47:16: OSPFv3: Interface Loopback2 going Up
02:47:16: OSPFv3: Interface Loopback1 going Up
02:47:16: OSPFv3: Interface FastEthernetO/O going Up
02:47:16: OSPFv3: Interface SerialO/0/0.1 going Up
R1#
02: ,¡ iT24 ¡ÓSliF;J:ji .RcV'ílélio·· froril J§2:I!5ií.7jJ,'t¡,¡r§'~:;I:~r:§mj ~~r:IaI(jZºZª:~
FE80::217:S9FF:FESS:2108 interface ID 17
02:47:24: OSPFv3: 2 Way Cornmunication to 192.168.2.1 on SeriaI0/0/0.1, state
2WAY
02:47:24: OSPFv3: Send DBD to 192.168.2.1 on SerialO/0/0.1 seq Ox1363 opt
Ox0013 flag Ox7 len 28
02:47:24: OSPFv3: End of helIo processing
02:47:24: OSPFv3: Rcv DBD from 192.168.2.1 on serialO/0/0.1 seq Ox23AD opt
Ox0013 flag Ox7 len 28 mtu 1500 state EXSTART
02:47:24: OSPFv3: NBR Negotiation Done. We are the SLAVE
02:47:24: OSPFv3: Send DBD to 192.168.2.1 on SerialO/0/0.1 seq Ox23AD opt
Ox0013 flag Ox2 len 88
R1#
02:47:24: OSPFv3: Rcv DBD from 192.168.2.1 on serialO/0/0.1 seq Ox23AE opt
Ox0013 flag Ox3 len 88 mtu 1500 state EXCHANGE
02:47:24: OSPFv3: Send DBD to 192.168.2.1 on SerialO/0/0.1 seq Ox23AE opt
Ox0013 flag OxO len 28
02:47:24: OSPFv3: Database request to 192.168.2.1
02:47:24: OSPFv3: sent LS REQ packet to FE80::217:S9FF:FESS:2108, length 36
02:47:25: OSPFv3: Rcv DBD from 192.168.2.1 on serialO/0/0.1 seq Ox23AF opt
Ox0013 flag Ox1 len 28 mtu 1500 state EXCHANGE
02:47:25: OSPFv3: Exchange Done with 192.168.2.1 on SeriaI0/0/0.1
02:47:2S: OSPFv3: Send DBD to 192.168.2.1 on SerialO/0/0.1 seg Ox23AF opt
Ox0013 flag OxO len 28
02:47:25: OSPFv3: Synchronized with 192.168.2.1 on seriaI0/0/0.1, state FULL

38 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 R1#
p2;¡'¡7~~5¡r%OS~Fy3¡;~;:K1íJc¡¡G;proC!¡;ss .I¡Ñb;: ·19 2.\168i2rl'¡;¡:¡;s1;1?i~íOZOZo'i!!:f¡;tli1l
e.
LOAD iíí<;; "H,'l;:¡¡"f.)¡. ±;"ácj:t'¡ g •Dqh
R1#
02:47:34: OSPFv3: Rcv helIo frero 192.168.2.1 area 1 from SerialOIO/O.l
FE80::217:59FF:FE55:2108 interface ID 17
02:47:34: OSPFv3: End of helIo processing

• Disable all debugging by using Ihe undebug 311 command.

R1#undebug all
All possible debugging has been turned off

Task 2: Summarize Route Announcements

OSPF supports route summarizalion: the abilily to consolidate the routing information of
multiple networks (which would result in multiple small route en tries) into ne or a few larger
prefixes. In this task, you will summarize route annollncements.

Activity Procedure
Complete Ihis step:
Step 1 Configure summarization ofthe address space ofthe Central Site towards other
areas. Create a summary 200 I :db9: I ::/48 in Area O.

Activity Verification
You have completed this task when you atlain these results:
• Review the contents ofthe IPv6 routing table on R2 to determine whether only the
summary is advertised by Area O (R 1).
R2#show ipv6 route
IPv6 Routing Table - 11 entries
Codes: e - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
11 - I8IS LI, 12 - I8IS L2, IA - I8IS interarea, 18 - I8IS surnmary
O - OSPF intra, 01 - QSPF ínter, GEl - OSPF ext 1, OE2 - OSFF ext 2
ON! - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O - EIGRP, EX - EIGRP external
!5f;1112 o.oTloB9'.l.l'¡'148:[ 1.1ó/651
via FE80::217:59FF:FE03:19B8, SeriaI0/0/0.1
e 2001:0B9:1:A::/64 [o/O]
via ::, SerialO/O/O.l
L 2001:DB9:1:A::2/128 [o/O]
via ::, SerialO/O/O.l
e 2001:DB9:2:1::/64 [o/O]
via ::, FastEthernetO/O
L 2001:0B9:2:1::1/128 [o/O]
via ::, FastEthernetO/O
e 2001:DB9:2:100::/64 [o/O]
via ::, Loopbackl
L 2001:0B9:2:100::1/128 [o/O]
via ::, Loopbackl
e 2001:DB9:2:200::/64 [o/O]
via ..
, Loopback2
L 2001:DB9:2:200::1/128 [o/O]
via :: , Loopback2
L FE80::/10 [o/O]
via :: , NullO
L FFOO::/8 [o/O]
via ..
, NullO

Rl#show ipv6 route

© 2010 Cisco Systems, Inc. lab Guide 39

 IPv6 Routing Table - 14 entries
codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Sta tic route
I1 - ISIS L1, I2 - ISIS L2, lA - ISIS interarea, IS - ISIS surnmary
O - OSPF intra, OI - DSPF inter, DEl - OSPF ext 1, DE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
P: {2601:DB9:1 ::/4.tl!t.ÍJo/QT
\tia uj.Núll0.
< •.. rest'of the output ornitted ... >

Note II one 01 the loopback interfaces is removed, the summary conliguration prevents any
change to the OSPF routes that are announced. Also notice that a /48 route is set to Null lar
the loopback networks 01 your podo

Note In OSPFv3, the router uses the 32-bit IPv4 address to select the router ID lor an OSPF
process. II an IPv4 address exists when OSPFv3 is enabled on an interface, then that IPv4
address is used lor the router ID. II more than one IPv4 address is available, a router ID is
chosen using the same rules as lar OSPF version 2.

40 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Lab 4-2: Routing with 18-18
Complete this lab activity to practice what you leal'lled in the related module.

Activity Objective
In this activity. you will reconfigure the lab environment for IS-IS and examine the operation of
the protocol. Afier completing this activity, you will be able lo meet these objectives:
• Configure IS-IS for IPv6 routing
• Configure IS-IS summarization for IPv6 routing
• Add IPv4 IS-IS route exchange

Visual Objective
The figure illustrates what you will accomplish in this activity.
11 ! ';2 • ::aiiaza i2i • iiEJi::UZ 2 za lA
Visual Objective for lab 4~2:
Routing with IS~IS

Required Resources
The table lists the resources and equipment that are required to complete this activity:

Required Resources

· Device Name Device Role in the Laboratory

R1 WAN access router in the Central Site; used as delault gateway lor IPv4 and IPv6
traffic

R2 WAN access router in the Remote Site; used as delault gateway lor IPv4 and IPv6
traffic

PC1 End user with applications that require both IPv4 and IPv6 support by the operating
system and the network

© 2010 Cisco Systems, Ine. Lab Guide 41

 Device Name Device Role in the Laboratory

PC2 End user with applications that require both IPv4 and IPv6 support by the operating
system and the network

Note Each PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAB, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Command List
The table describes the commands thal are lIsed in lhis activity.

Cisco 105 Software Commands

Command Description

address-family ipv6 Enters the IPv6 address lamily subconfiguration mode

debug isis update-packets Displays various sequence number PDUs and link-
state packets that are detected by a router

ipv6 router isis area-name Configures an IS-IS routing process for IPv6 on an
interface and alta ches an area designator to the
routing process

isis circuit-t.ype [level-l I Configures the type 01 adjacency

level-1-2 I level-2-only]

is-type [level-l I levell-2 I Sets an intermediate system level lor this routing
level-2-only] process

metric-style wide Configures IS-IS so that it generates and accepts only

new-style type, length, and value objects (TLVs)

net. network Configures an OSI network lor the system

passive-interface interface Suppresses routing updates on an interface

redist.ribut.e isis level-2 int.a Configures controlled route-Ieaking from Level 2 into
level-l distribute-list Level1
IPv6ACL

router isis [area-tag] Enables the IS-IS routing protocol and specifies an IS-
IS process

show ip interface [brief] Displays the usability status of interfaces that are
configured for IP

show ip protocols Displays the parameters and current state of the active
routing-protocol process

show ip rout.e Displays the current state 01 the routing table

show ipv6 int.erface [brief] Displays the usability status 01 interfaces that are
configured far IPv6

sho'W ipv6 prot.ocols [surnmary] Displays the parameters and current state 01 the active
IPv6 routing-protocol processes

sho'W ipv6 route Displays the current contents 01 the IPv6 routing table

surnmary-prefix prefix level-l Configures a summary prefix in Level 1

42 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Windows PC Commands
..
Command . Description ..

ping6 Sends pings from Windows XP

tracert6 Discovers and displays lhe palh lhal a packel lakes lhrough lhe nelwork

Job Aids
These Job aids are available to help you complete the lab activity:
• The instructor will provide you with your pod number and other pod-access information.
Log this infol111ation in the table.

Pod-Access Information

, Parameter . Value ..

Your pod number

Username on router Rl -

Password on router Rl -
Username on router RZ -
Password on router RZ -

Usernarne on PCl student

Password on PCl lab

Username on pcz student

Password on pcz lab

Note Routers R1 and R2 are preconfigured!o allow access without any creden!ials. Any Telne!
session or console access will automatically give you access to privileged mode.

• The table iIIustrates the IPv4 and IPv6 addressing scheme that is used in this lab exercise.

Pod Addressing

Device Interface IPv4 Address and Mask IPv6 Address and Mask

R1 FastE!hernet % 192.168.1.1/24 2001:db9:1:1 ::1/64

R1 Serial 0/0/0.1 192.168.101.1/30 2001 :db9: 1:a:: 1/64

R1 Loopback 1 Unassigned 2001 :db9:1 :100::1/64

R1 Loopback 2 Unassigned 2001:db9:1 :200::1/64

R2 FastEthernelO/O 192.168.2.1/24 2001 :db9:2:1 ::1164

R2 Serial 0/0/0.1 192.168.101.2/30 2001 :db9:1 :a::2/64

R2 Loopback 1 Unassigned 2001 :db9:2:100::1/64

R2 Loopback 2 Unassigned 2001 :db9:2:200::1/64

PC1 LAB 192.168.1.2/24 2001 :db9:1:1 ::1/64

PC2 LAB 192.168.2.2/24 2001 :db9:2:1 ::1/64

© 2010 Cisco Systems, Ine. Lab Guide 43

 • A Frame Relay PVC is used in the lab to interconnect the two sites.

Frame Relay PVC Details

Source Device OLCI Peer Device OLel

R1 111 R2 111

Task 1: Configure 15-15 for IPv6 Routing

In this task, you will configure IS-IS for IPv6.

Note In this task, only IPv6 is configured. IPv4 will be added later.

Activity Procedure
Complete these steps:
Step 1 On routers R I and R2, configure IS-IS for IPv6 by using the parameters that are
listed in the table.

IS-IS Parameters

Parameter R1 R2
OSI Network 49.0002.1001.2001.3001.00 49.0002.1002.2002.3002.00
Router IS Type Levels 1 and 2 Level1 only
IS-IS-Enabled FastEthernet O/O FastEthernet O/O
Interfaces Serial 0/0/0.1 Serial 0/0/0.1
IS-IS Metric Type Wide Wide
IS-IS Metric on 11 11
FastEthernet 010
18-18 Metric on 21 21
Serial 01010.1
IS-IS Level-2-0nly FastEthernet O/O -
Interfaces Loopback 1
Loopback 2
IS-IS Level-1 Serial 0/0/0.1 FastEthernet O/O
Interfaces Senal 0/0/0.1
Loopback 1
Loopback 2
Passive Interfaces Loopback 1 Loopback 1
Loopback2 Loopback 2
Step 2 Enable IPv6 route leaking from Level 2 into Level l on router R l. You should do
that by using the redistribute command in the IPv6 address family within the IS-IS
configuration mode. Use the pl'econfigured IPv6 ACL that is named PermitAII to
leak all routes from Level 2 into Level 1.

Activity Verification
You have completed this task when you at!ain these results:
• On rOllter RI, examine the IS-IS neighbol' relationship with router R2.

44 IPv6 Fundamentals, Oesign, and Oeployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 /
Rl#show isis neighbors;/

System Id Type Interface IP Address state Holdtime Circuit Id

R2 L1 SeO/0/0.1/ UP! 24/ 00

• Review the IPv6 routing table for IS-IS routes on both routers. Router R I will see routes
from the Remote Site as intra-area (11) routes becuuse R I is u member ofthe sume level
(Level 1) as the originating router R2. Router R2 will see the leaked Level 2 routes from
the Central Site as interarea (lA) mutes because R2 is a Level I-only router.
Rl#show ipv6 route
IPv6 Routing Table - 13 entries
Codes: e - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user static route
11 - I8IS Ll, I2 - I8IS L2, IA - ISIS interarea, r8 - I8IS surnmary
O - 08PF intra, 01 - OSPF ínter, OEI - OSPF ext 1, OE2 - OSPF ext 2
ON! - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
e 2001:0B9:1:1::/64 [O/OJ
via ::, FastEthernetO/O
L 2001:0B9:1:1::1/128 [O/OJ
vía ::, FastEthernetO/O
e 2001:0B9:1:A::/64 [O/OJ
via ::, SerialO/O/O.l
L 2001:0B9:1:A::1/128 [O/OJ
vía ::, serialO/O/O.1
e 2001:0B9:1:100::/64 [O/OJ
vía ::, Loopbackl
L 2001:0B9:1:100::1/128 [O/OJ
via ::, Loopbackl
e 2001:0B9:1:200::/64 [O/OJ
via ::, Loopback2
L 2001:0B9:1:200::1/128 [O/OJ
vía ::, Loopback2 I

;~,ni¡¡Z?¡¡6Tri5B9Tg;rrI:¡Z:~~miT5?2QI
vía FE80::216:C8FF:FE5E:FB30, SerialO/O/O.l
ifI'cpr:;¡oÓTioB9T:nloo'rr[g¡¡"iCiIs/i oT
. .' via FE80: :2Í6:C8FF:FESE:FB30, Seria10/0/0.1
!f1;i;il\2¡¡oT!'i5¡¡9r2J2¡¡¡¡J:r2~4.:TIr~71oí:
via FE80::216:C8FF:FESE:FB30, Seria10/0/0.1
L FE80::/10 [O/OJ
vía :: I NullO
L FFOO::/8 [O/OJ
vía ::, NullO

R2#show ipv6 route

IPv6 Routing Table - 13 entries
Codes: e - Connected, L - Local, S - static, R - RIP, B - BGP
U - Per-user static route
11 - ISIS LIt 12 - ISIS L2, lA - ISIS interarea, 18 - ISIS surnmary
O - OSPF intra, 01 - QSPF ínter, OE! - OSPF ext 1, OE2 - OSPF ext 2
ON! - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
1.f¡iJ~20Ó·r'i5B§}:1:~r¡'l'7,~·41i![;ri572 Ój¡
via FE80::217:S9FF:FE03:19B8, SerialO/0/0.1
C 2001:0B9:1:A::/64 [O/OJ
vía ::, SerialO/O/O.l
L 2001:0B9:1:A::2/128 [O/OJ
vía ::, serialO/O/O.l
i~A! {2oíírlOBli!cI!'lpQIf!}64!fi 1s1i6};
via FE80::217:S9FF:FE03:19B8, Seria10/0/0.1
ff1r,¡r: 200J 'iT:jB~I';fC¡;2¡¡Q¡;1'76J:¡Tn51JbT
via FE80: :217:S9FF:FE03:19B8, seria10/0/0.1
e 2001:0B9:2:1::/64 [O/OJ
vía ::, FastEthernetO/O
L 2001:0B9:2:1::1/128 [O/OJ

© 2010 Cisco Systems, Inc. Lab Guido 45

 via .. , FastEthernetO/O
C 2001:0B9:2:100::/64 [O/O]
via ::, Loopbackl
L 2001:0B9:2:100::1/128 [O/O]
via ::, Loopbackl
C 2001:0B9:2:200::/64 [O/O]
via ::, Loopback2
L 2001:0B9:2:200::1/128 [O/O]
via ::, Loopback2
L FE80::/10 [O/O]
via ::, NullO
L FFOO::/8 [O/O]
via ::, NullO

• Verify the IS-IS topologies on both routers. R 1 lists information for both topologies, even
though only one link is in Level l.
Rl#show isis ipv6 topolog~

IS-IS paths to level-l routers

System Id Metric Next-Hop Interface SNPA
R1
R2 10 R2 SeO/0/0.1 OLC1 111

1S-1S paths to 1evel-2 routers

System Id Metric Next-Hop Interface SNPA
R1

R2#show isis ipv6 topology

1S-1S paths to leve1-1 reuters

System Id Metric Next-Hop Interface SNPA
R1 10 R1 SeO/0/0.1 OLC1 111
R2

1S-1S paths to level-2 routers

System Id Metric Next-Hop Interface SNPA
R2

• On pel. test IPv6 reachability of pe2 (use IPv6 address 2001 :db9:2: 1::t).
C:\>ping62001:db9:2:1::f

Pinging 2001:db9:2:1::f
froro 2001:db9:1:1:cd5b:41a7:7590:97ae with 32 bytes of data:

Reply from 2 OO1: db9 : 2 : 1 : : f : bytes~32 time=62ms

Reply frem 2001:db9:2: 1: :f: bytes~32 time=48ms
Reply from 2001:db9:2:1::f: bytes~32 time=48ms
Reply frem 2001:db9:2:1::f: bytes~32 time=96ms

Ping statistics fer 2001:db9:2:1::f:

Packets: Sent = 4, Received = 4, Lost = O (0% 105S),
Approximate round trip times in mi11i-seconds:
Minimum = 48ms, Maximum = 96ms, Average = 63ms

• Verify the IPv6 path between pe 1 and pe2.

C:\>tracert62001:db9:2:1::f

Tracing route to 2001:db9:2:1::f

froro 2001:db9:1:1:cd5b:41a7:7590:97ae over a maximum of 30
hops:

46 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 1 1 ros 1 ros <1 ros 2001:db9:1:1::1
2 75 ros 75 ros 75 rns 2001:db9:1:a::2
3 64 ros 64 ros 64 rns 2001:db9:2:1::f

Trace complete.

Task 2: Configure 15-15 5ummarization for IPv6 Routing

In this lask, you willminimize lhe amount of routing information that is propagated from the
Central Site to the Remote Site.

Activity Procedure
Complete this step:
Step 1 On router R 1, configure summarization of Level I prefixes to 200 I :db9: I ::/48 by
using the surnrnary-prefix command in the IPv6 address family subconfiguration
mode ofthe IS-IS process.

Activity Verification
You have completed this task when you altain this result:
• Review lhe IPv6 routing table for IS-IS routes on router R2 again. This time, you should
see only one IS-IS route-the summary.
R2#show ipv6 route
IPv6 Routing Table - 11 entries
Codes: e - Connected, L - Local, S - Static, R - RIF, B - BGP
U - Per-user static route
Il - I8IS Ll, I2 - I8IS L2, lA - I8IS interarea, 18 - I8IS surnmary
O - OSPF intra, 01 - OSPF ínter, OE! - OSPF ext 1, OE2 - 08PF ext 2
ON! - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
IA 2001:0B9:1::/48 [115/10]
via FE80::217:s9FF:FE03:19B8, Seria10/0/0.1
e 2001:0B9:1:A::/64 [O/O]
vía ::, SerialO/O/O.l
L 2001:0B9:1:A::2/128 [O/O]
vía ::, SerialO/O/O.l
e 2001:0B9:2:1::/64 [O/O]
vía ::, FastEthernetO/O
L 2001:0B9:2:1::1/128 [O/O]
vía ::, FastEthernetO/O
e 2001:0B9:2:100::/64 [O/O]
vía ::, Loopbackl
L 2001:0B9:2:100::1/128 [O/O]
vía ::, Loopbackl
e 2001:0B9:2:200::/64 [O/O]
vía ::, Loopback2
L 2001:0B9:2:200::1/128 [O/O]
vía ::, Loopback2
L FE80::/10 [O/O]
via ::, NullO
L FFOO::/8 [O/O]
via ::, NullO

Task 3: Add IPv4 15-15 Route Exchange

IS-IS is a 1l1ultiprotocol rOllting protocol and can be used for IPv4 and IPv6 rOllting
concllrrent1y. This ability is a strength oflS-IS over OSPF (where OSPFv2 for IPv4 alld
OSPFv3 for IPv6 are completely indepelldellt). In this task, you will add [Pv4 rOllting to the
existillg IS-[S process.

© 2010 Cisco Systems, Ine. lab Guide 47

Activity Procedure
Complete this step:
51ep 1 On routers R I and R2, enable IS-IS for I Pv4 on interfaces FastEthernet O/O and
Serial 0/0/0.1.

Activity Verification
You have completed this task when you attain this resul!:
• Review the IPv4 routing table for IS-IS routes on both routers. Rouler R I \Viii see the LAN
route oflhe Remate Site as an intm-area (11) route beca use R I is a member ofthe same
level (Level 1) as the originating router R2. Router R2 \ViII still see the RIP route because
IS-IS, by default, does not leak Level 2 routes into Level-I. You would need to enable
route leaking from Level 2 into Level 1, as you did for IPv6.
Rl#show ip route
Codes: e - connected, S - static, R - RIF, M - rnobile, B - BGP
D - EIGRP, EX - EIGRP external, o - OSPF, IA - OSPF ínter are a
NI - 08PF NSSA external type 1, N2 - OSPF NSSA external type 2
El - 08PF external type 1, E2 - OSPF external type 2
i - IS-IS, su - lS-I8 summary, Ll - lS-18 level-l, L2 - lS-18 level-2
ia - lS-18 ínter area, * - candidate default, U - per-user static route
o - ODR, P - periodic dm.¡nloaded static route

Gateway of last resort is not set

192.168.1.0 255.255.255.0 is directly connected, FastEthernetO/O

192.168;2. Ó .2.55.255 .255 .Ót1151¡jOí;"ia192¡:16¡mÓr,i~yiZ~e±'i¡¡illZ¡¡loi~
192.168.101.0 255.255:255.252 is subnetted, 1 subnet~···' .'.~. ,. . .
e 192.168.101.0 is directly connected, SerialO/OfO.1

R2#show ip route
Codes: e - connected, S - static, R - RIP, M - rnobile, B - BGP
D - EIGRP, EX - EIGRP external, o - OSPF, lA - OSPF ínter area
NI - QSPF NSSA external type 1, N2 - OSPF NSSA external type 2
El - QSPF external type 1, E2 - OSPF external type 2
i - lS-lS, su - lS-18 surnmary, Ll - lS-18 level-Ir L2 - lS-18 level-Z
ia - lS-18 ínter area, * - candidate default, U - per-user static route
o - ODR, P - periodíc downloaded sta tic route

Gateway of last resort is not set

kijé, 192:16á,T;o:25S;:íS5, 255\ Ó

'[i20Íljv{ai92.168.101.1, 00:00:26, SerialOl010.1
e 192.168.2.0 255.255.255.0 is directly connected, FastEthernetO/O
192.168.101.0 255.255.255.252 is subnetted, 1 subnets
e 192.168.101.0 is directly connected, SerialO/O/O.l

48 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Lab 4-3: Routing with EIGRP
Complete this lab activity to practice what you leal'l1ed in the related module.

Activity Objective
In this activity, you will reconfigure the lab enVir011l11ent for EIGRP and examine the operation
ofthe protocol. Afier completing this activity, you will be able to meet these objectives:
• Configure EIGRP for IPv6 l'Outing
• Configure EIGRP for IPv6 summarization

Visual Objective
The figure illustrates what you will accomplish in this activity.
AS 1&1
Visual Objective fer Lab 4~3:
Reuting with EIGRP

Required Resources
The table Iists the resources and equipment that are required to complete this activity.

Required Resources

Device Name Device Role in the laboratory

R1 WAN access rauter in the Central Site; used as

the delault gateway lor IPv4 and IPv6 traffic

R2 WAN access rauter in the Remate Site; used as

the delault gateway lar IPv4 and IPv6 traffic

PC1 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

© 2010 Cisco Systems, Ine. lab Guide 49

 Device Name Device Role in the Laboratory

PC2 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

Note Each PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAS, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Command List
The table describes the commands that are lIsed in this activity.

Cisco lOS Software Commands

Command Description

eigrp router-id router-id Configures a static router ID for an EIGRP

process

ipv6 eigrp AS Enables an IPv6 EIGRP routing process on an

interface

ipv6 router eigrp AS Configures an IPv6 EIGRP routing process

ipv6 surnmary-address eigrp AS Summarizes IPv6 EIGRP updates that are sent
prefix out of an interface

no shutdown Enables an IPv6 EIGRP process

passive-interface Disables EIGRP on an interface but inserts the

interface network into the EIGRP topology table

show ipv6 eigrp interfaces Displays the EIGRP interface status

show ipv6 eigrp neighbors Displays the EIGRP neighbor relationships

show ipv6 eigrp topology Displays the EIGRP database

show ipv6 route Displays the current contents 01 the IPv6 routing
table

Windows PC Commands

Command Description

ping6 Sends pings from Windows XP

tracert6 Discovers and displays the path that a packet

takes through the network

50 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Job Aids
These Job aids are available to help you complete the lab activity:
• The instructor \Viii provide you with your pod number and other pod-access information.
Log this information in the table.

Pod-Access Information
. .
Parameter Value

Your pod number

Username on router Rl -

Password on router Rl -
Usernarne on router R2 -

Password on router R2 -

Username on pel student

Password on pel lab

Username on pe2 studen!

Password on pe2 lab

Note Routers R1 and R2 are preeonfigured!o allow access wi!hout any ereden!ials. Any Telne!
session or console access will automatically give you access to privileged moda.

• The !able illustrates the IPv4 and IPv6 addressing scheme that is used in this lab exercise.

Pod Addressing

Device Interface IPv4 Address and Mask IPv6 Address and Mask

R1 Fas!Etherne! % 192.168.1.1/24 2001 :db9:1 :1::1/64

R1 Serial 0/0/0.1 192.168.101.1/30 2001 :db9:1 :a::1/64

R1 Loopback 1 Unassigned 2001 :db9:1 :100::1/64

R1 Loopback 2 Unassigned 2001 :db9:1 :200::1/64

R2 Fas!Etherne! O/O 192.168.2.1/24 2001 :db9:2:1 ::1/64

R2 Serial 0/0/0.1 192.168.101.2/30 2001 :db9:1 :a::2/64

R2 Loopbaek 1 Unassigned 2001 :db9:2:100::1/64

R2 Loopbaek 2 Unassigned 2001 :db9:2:200::1/64

PC1 LAB 192.168.1.2/24 2001 :db9: 1: 1::1/64

PC2 LAB 192.168.2.2/24 2001 :db9:2: 1::1/64

• A Frame Relay PVC is used in Ihe lab to interconnect Ihe l\Vo sites.

Frame Relay PVC Details

. .
• Souree Oeviee OLCI .. Peer Oeviee OLCI .

R1 111 R2 111

© 201 oCisco Systems, Inc. Lab Guide 51

Task 1: Configure EIGRP for IPv6 Routing
In this task, you will configure EIGRP for IPv6.

Activity Procedure
Complete these steps:
Step 1 Configure EIGRP 10r IPv6 on routers R I and R2 by using the parameters that are
listed in the table.

EIGRP Parameters

Parameter R1 R2

EIGRP AS 1 1

EIGRP-Enabled FastEthernet 0/0 FastEthernet 0/0

Interfaces Serial 0/0/0.1 Serial 0/0/0.1

Passive Interfaces Loopback 1 Loopback 1

Loopback 2 Loopback 2

Router ID 192.168.1.1 192.168.2.1

Step 2 Enable the IPv6 EIGRP process.

Activity Verification
YOll have completed this task when you atlain these results:
• On router R 1, examine the EIGRP interface status. You will see that only one EIGRP
neighbor is available via the Serial 0/010.1 interface.
Rl#show ipv6 eigrp interfaces
IPv6-EIGRP interfaces for process 1

xrnit Queue Mean pacing Time Multicast Pending

Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
FaO/O O O/O O 0/10 O O
:s¡'Q.l6Z9:r, ªj O/O 676 0/15 3351 O

• Examine the EIGRP neighbor relationship \Vith router R2.

Rl#show ipv6 eigrp neighbors
IPv6-EIGRP neighbors for process 1
H Address Interface Hold uptime SRTT RTO Q

• Examine the EIGRP topology table. You should see all routes: local and remote, includillg
those that you might not see in the routing table because static and connected routes take
precedellce (two LANs, fOllr loopbacks, and the point-to-point link).
Rl#show ipv6 eigrp topology
IPv6-EIGRP Topology Table for AS(1)/ID(192.168.1.1)

Codes: P - passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply status, s - sia status

P 2001:DB9:1:A::/64, 1 successors, FD is 2169856

via connected, SerialO/O/O.1
P 2001:DB9:1:1::/64, 1 successors, FD is 28160
via connected, FastEthernetO/O

52 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 P 2001:0B9:1:200::/64, 1 successors, FO is 128256
vía Connected, Loopback2
P 2001:089:1:100::/64, 1 successors, FD is 128256
vía connected, Loopbackl
P 2001:089:2:200::/64, 1 successors, FD is 2297856
via FE80::217:59FF:FE55:2108 (2297856/128256), SerialO/0/0.1
P 2001:0B9:2:100::/64, 1 successors, FO is 2297856
via FE80::217:59FF:FE55:2108 (2297856/128256), SerialO/0/0.1
P 2001:089:2:1::/64, 1 successors, FD is 2172416
via FE80::217:59FF:FE55:2108 (2172416/28160), Seria10/0/0.1

• Review Ihe IPv6 routil1g table for EIGRP routes 011 both rOllters. You should see three
EIGRP routes (the remote LAN al1d t\Vo loopbacks) 011 each rOllte ...
Rl#show ipv6 route
IPv6 Routing Table - 13 entries
Codes: e - Connected, L - Local, S - static, R - RIP, B - BGP
U - Per-user static route
Il - ISIS LIt 12 - ISIS L2, lA - ISIS interarea, 18 - ISIS summary
O - OSPF intra, 01 - OSPF ínter, DEI - OSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
e 2001:0B9:1:1::/64 [O/OJ
vía ::, FastEthernetO/O
L 2001:0B9:1:1::1/128 [O/OJ
vía ::, FastEthernetO/O
e 2001:0B9:1:A::/64 [O/OJ
vía ::, SerialO/O/O.l
L 2001:0B9:1:A::1/128 [O/OJ
vía ::, serialO/O/O.l
e 2001:0B9:1:100::/64 [O/OJ
via ::, Loopbackl
L 2001:0B9:1:100::1/128 [O/OJ
via ::, Loopbackl
e 2001:0B9:1:200::/64 [O/OJ
via ::, Loopback2
L 2001:0B9:1:200::1/128 [O/OJ
via ::, Loopback2
o 2001:0B9:2:1::/64 [90/2172416J
via FE80::217:59FF:FE55:2108, SerialO/0/0.1
o 2001:0B9:2:100::/64 [90/2297856J
via FE80::217:59FF:FE55:2108, SerialO/0/0.1
o 2001:0B9:2:200::/64 [90/2297856J
via FE80::217:59FF:FE55:2108, SerialO/0/0.1
L FE80::/10 [O/OJ
via ::, NullO
L FFOO::/8 [O/OJ
via ::, NullO

R2#show ipv6 route

IPv6 Routing Table - 13 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Sta tic route
II - ISIS Ll, 12 - ISIS L2, lA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OEI - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O - EIGRP, EX - EIGRP external
O 2001:0B9:1:1::/64 [90/2172416J
via FE80::217:59FF:FE03:19B8, SerialO/0/0.1
e 2001:0B9:1:A::/64 [O/OJ
via ::, Seriala/a/a.l
L 2001:0B9:1:A::2/128 [O/OJ
via ::, SerialO/O/O.1
o 2001:0B9:1:100::/64 [90/2297856J
via FE80::217:59FF:FE03:19B8, SerialO/0/0.1
O 2001:0B9:1:200::/64 [90/2297856J

© 2010 Cisco Systems, Inc. Lab Guide 53

 via FE80::217:59FF:FE03:19B8, serialO/0/0.1
e 2001:0B9:2:1: :/64 [O/O]
via !!, FastEthernetO/O
L 2001:0B9:2:1::1/128 [O/O]
vía ::, FastEthernetO/O
e 2001:0B9:2:100::/64 [O/O]
via ::, Loopbackl
L 2001:0B9:2:100::1/128 [O/O]
vía ::, Loopbackl
e 2001:0B9:2:200::/64 [O/O]
via ::, Loopback2
L 2001:0B9:2:200::1/128 [O/O]
vía ::, Loopback2
L FE80::/10 [O/O]
vía !!, NullO
L FFOO::/8 [O/O]
vía ::, NullO

• 011 PC l. test the reachabi lity of PC2 (use IPv6 address 2001 :db9:2: 1::1).
C:\>ping6 2001:db9:2:1::f

Pinging 2001:db9:2:1::f
froro 2001:db9:1:1:b58d:9537:c8b6:ddcb with 32 bytes of data:

Rep1y fraro 2001:db9:2:1::f: bytes=32 tiroe=51ros

Rep1y fraro 2001:db9:2:1::f: bytes=32 tiroe=52ros
Rep1y fram 2001:db9:2:1::f: bytes=32 tiroe=48ros
Rep1y froro 2001:db9:2:1::f: bytes=32 tiroe=48ros

Ping statistics for 2001:db9:2:1::f:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in rnilli-seconds:
Mínimum = 48ms, Maxirnurn = 52ms, Average = 49ms

• Review the path betweel1 PC 1 al1d PC2 (use 1Pv6 address 2001 :db9:2: 1::1).
C:\>tracert62001:db9:2:1::f

Tracing route to 2001:db9:2:1::f over a roaxirouro of 30 hops

1 1 ros <1 ms <1 ros 2001:db9:1:1::1

2 75 ros 75 ros 75 ros 2001:db9:1:a::2
3 64 ros 63 ros 82 ros 2001:db9:2:1::f

Trace complete.

Task 2: Configuring EIGRP for IPv6 Summarization

111 this task. you \ViII optimize IPv6 EIGRP to sel1d ol1ly a summary fmm the Cel1tral Sile to Ihe
Remote Site ane! vice versa.

Activity Procedure
Complete these steps:
Step 1 011 R 1, create al1 EIGRP sUl11mary 2001 :db9: 1::/48011 il1terface Serial 0/0/0.1 to
propagate ol1ly ol1e suml11ary mute il1stead ofthree 1110re-specific mutes.

54 IPv6 Fundamentals, Design, and Deployment (lP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Step 2 On R2, create an EIGRP summary 2001 :db9:2::/48 011 interface Serial 0/0/0.1 to
propagate only one summary J'Oute instead ofthree more-specific J'Outes.

Activity Verification
y ou have completed th is task when you atta in th is result:
• Review Ihe IPv6 routing table for EIGRP J'Outes on both routers. You should see only one
EIGRP-Iea1'11ed remote route-the summary-on each router. You will also see an E1GRP
J'Oute for the local summary: this J'Oute points to the Null interface, to drop packets for
unavailable, more-specific prefixes.
Rl#show ipv6 route
IPv6 Routing Table - 12 entries
codes: e - connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Sta tic route
11 - ISIS Ll, 12 - ISIS L2, lA - ISIS interarea, 18 - ISIS surnmary
O - OSPF intra, DI - OSPF ínter, OE! - OSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O - EIGRP, EX - EIGRP external
O 2001:0B9:1::/48 [5/28160]
vía ::, NullQ
e 2001:0B9:1:1::/64 [O/O]
vía ::, FastEthernetO/O
L 2001:0B9:1:1::1/128 [O/O]
vía ::, FastEthernetO/O
e 2001:0B9:1:A::/64 [O/O]
vía ::, SerialO/O/O.1
L 2001:0B9:1:A::1/128 [O/O]
vía ::, SerialO/O/O.l
e 2001:0B9:1:100::/64 [O/O]
vía ::, Loopbackl
L 2001:0B9:1:100::1/128 [O/O]
vía ::, Loopbackl
e 2001:0B9:1:200::/64 [O/O]
vía ::, Loopback2
L 2001:0B9:1:200::1/128 [O/O]
vía ::, Loopback2
O 2001:0B9:2::/48 [90/2172416]
via FE80::217:59FF:FE55:2108, SerialO/0/0.1
L FE80::/10 [O/O]
vía ::, NulIa
L FFOO::/8 [O/O]
vía ::, NullO

R2#show ipv6 route

IPv6 Routing Table - 12 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, lA - ISIS intérarea, IS - ISIS surnmary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O - EIGRP, EX - EIGRP external
O 2001:0B9:1::/48 [90/2172416]
via FE80::217:59FF:FE03:19B8, SerialO/0/0.1
e 2001:0B9:1:A::/64 [O/O]
via ::, SerialO/0/0.1
L 2001:0B9:1:A::2/128 [O/O]
via ::, serialO/0/0.1
O 2001:0B9:2::/48 [5/28160]
via ::, NullO
e 2001:0B9:2:1::/64 [O/O]
via ::, FastEthernetO/O
L 2001:0B9:2:1::1/128 [O/O]
via ::, FastEthernetO/O
e 2001:0B9:2:100::/64 [O/O]

© 2010 Cisco Systems, Inc. lab Guide 55

 via ::, Loopbackl
L 2001:0B9:2:100::1/128 [O/O]
via ::, Loopbackl
e 2001:0B9:2:200::/64 [o/O]
via ::, Loopback2
L 2001:0B9:2:200::1/128 [o/O]
via ::, Loopback2
L FE80::/10 [o/O]
via ::, NullO
L FFOO::/8 [o/O]
via ::, NullO

56 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
lab 4-4: Routing with BGP and MP-BGP
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, yOll will configure IBGP ancl EBGP for IPv6. BGP is used for inter-AS route
propagatiol1 throughout the Internet ancl within large enterprise and ISP networks. IBGP is usecl
between different parts ofthe same AS, and EBGP is used between AS networks. Afier
completing this activity, you will be able to meet these objectives:
• Configure IBGP for IPv6
• Configure EBGP for IPv6
• Configure IPv6 prefix filtering in BGP

Visual Objective
The figure illustrates what you will accomplish in this activity.
iii 12&2 J& & 1i!!b\\iJill &LE iJL ¡ 2::: 1111111&
Visual Objective for lab 4-4:
Routing with BGP and MP-BGP

Required Resources
The table lists the resources and equipment that are required to complete this activity.

Required Resources
••
Device Name Device Role in the Laboratory

R1 WAN access router in the Central Site; used as

delault gateway lor IPv4 and IPv6 traffic

R2 WAN access router in the Remote Site; used as

delault gateway lor IPv4 and IPv6 traffic

© 2010 Cisco Systems, lne. Lab Guide 57

 Device Name Device Role in the Laboratory

ISP An ISP rauter that connects end customers

PC1 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

PC2 End user with applications that require both IPv4

and IPv6 support by its operating system and the
network

SelVer Server on the Internet

Note Each PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAB, is connected to Ihe lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Command List
The table describes the commands that are llsed in this activity.

Cisco lOS Software Commands

Command Description

address-family ipv6 Enters address family configuration mode for IPv6

bgp router-id Configures a fixed router ID for a BGP-speaking

router

ipv6 address ipv6-address link- Configures an IPv6 link-local address far an

local interface, and enables IPv6 processing on the
interface

ipv6 prefix-list Creates an enlry in an IPv6 prefix list

neighbor IP activate Enables IPv6 exchange wilh Ihe peer, when used
in the IPv6 address family

neighbor IP prefix-list PFL {in I Applies a prefix list far inbound or outbound
out} filtering of BGP updates

neighbor IP remate-as AS Defines a BGP neighbar

neighbor IP update-source intE Sources a BGP session from the specified

inlerface

no bgp default ipv4-unicast Disables the IPv4 unicasl address family on all
neighbors

route-map name {permit I deny} Defines Ihe conditions for redistributing rautes
seq from one routing protocol ¡nta another, and
match condition [condi tion] * enables policy routing or filtering routes

[match condition [condi tion] *]

route-map name {permit I deny} Sets Ihe origin code within BGP updates
seq
set origin {egp I igp I
incomplete}
router bgp Configures the BGP routing process

router bgp AS Starts Ihe BGP process

58 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 ... . . ..
·Command Description .

show bgp ipv6 Displays entries in the IPv6 BGP routing table

show ipv6 interface Displays the usability status 01 interfaces that are
conligured lor IPv6

show ipv6 route Displays the current content 01 the IPv6 routing
table

Windows PC Commands
.
Command
. ....
Description
..

ping6 Sends pings lrom Windows XP client

tracert6 Discovers and displays the path tha! a packet

takes through the network

Job Aids
These job aids are available to help yOll complete the lab activity:
• The instrllctor \ViII provide yOll with yOllr pod nllmber and other pod-access information.
Log this information in the table.

Pod-Access Information

Parameter . .. Value ..

Your pod number

Username on router Rl -
Password on router Rl -

Username on router R2 -

Password on router R2 -
Usernarne on ISP -

password on ISP -
Username on pel student

Fassword on pel lab

Username on pe2 student

Password on pe2 lab

Username on Server student

Password on Server lab

Note Routers R1. R2. and ISP are preconligured to allow access without any credentials. Any
T elnet session or console access will automatically give you access to privileged mode.

© 2010 Cisco Systems, ¡ne. Lab Guide 59

 • The table illustrales Ihe IPv4 and IPv6 addressing scheme tha! is used in this lab exercise.

Pod Addressing

Device Interface IPv4 Address and IPv6 Address and

Mask Mask

Rl FastEthernet 010 192.168.1.1/24 2001 :db9:1:1 ::1/64

Rl Serial 010/0.1 192.168.101.1/30 2001 :db9:1 :a::1/64

R1 Serial 0/010.2 Unassigned 2001 :db9:1 :300::2/64

R1 Loopback 1 Unassigned 2001 :db9:1:1 00::1/64

R1 Loopback 2 Unassigned 2001 :db9:1:200::1/64

R2 FastEthernet O/O 192.168.2.1/24 2001 :db9:2:1 ::1164

R2 Serial 01010.1 192.168.101.2/30 2001 :db9:1:a::2/64

R2 Loopback 1 Unassigned 2001 :db9:2: 100:: 1/64

R2 Loopback 2 Unassigned 2001 :db9:2:200::1/64

ISP FastEthernet O/O 192.168.3.1/24 2001 :db9:10:1 ::1/64

ISP Serial 0/010.2 Unassigned 2001 :db9:1 :300::1/64

PC1 LAS 192.168.1.2/24 2001 :db9:1:1 ::1/64

PC2 LAS 192.168.2.2/24 2001 :db9:2:1 ::1/64

Server LAS 192.168.3.2/24 2001 :db9:10:1 ::1/64

• A Frame Relay "ve is lIsed in the lab to interconnecl the two sites.
Frame Relay PVC Details

Source Device OLCI Peer Device OLCI

Rl 111 R2 111

R1 222 ISP 222

60 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Task 1: Configure IBGP for IPv6
In this task, you \ViII enable BOl' to exchange II'v6 routing information bet\Veen t\Vo sites that
belong to AS 6500 l. The t\Vo !'Outers R I and R2 have been preconfigured with loopback
addresses, which are exchanged by using OSI'Fv3. These two loopbacks will be used to
establish an IBOI' session between the t\Vo routers.

Activity Procedure
Complete this step:
Step 1 Configure IBOI' bet\Veen R I and R2 by using the paral11eters that are listed in the
table.

IBGP Parameters
.
Paral11eter R1 R2

AS 65001 65001
IPv4 Propagation No No
(enabled by default)
IPv6 Propagation Yes Yes
(disabled by default)
Source Address Loopback 1 Loopback 1
Redistribute into BGP • Connecled IPv6 raules • Connecled IPv6 raules
• Sel origin lo IGP • Sel origin lo IGP

Activity Verification
You have completed this task when you altain these results:
• On R l. revie\V the status of IBOI' sessions. A number in the State/l'fxRcd column indicates
an established BOl' session.
Rl#show ip bgp ipv6 unicast sumrnary
BGP router identifier 192.168.101.1, local AS number 65001
BGP table version is 14, main routing table version 14
7 network entries using 1043 bytes of memory
8 path entries using 608 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
O BGP route-map cache entries using O bytes of memory
O BGP filter-list cache entries using O bytes of memory
BGP using 2023 total bytes of memory
BGP aetivity 10/3 prefixes, 12/4 paths, sean interval 60 sees

Neighbor V AS MsgRevd MsgSent Tb1ver InQ outQ Up/Down state/pfxRcd

~OciTH)B1j:.2l"icion );
4 65001 16 16 14 O O 00:00:20 ~

• Review the details ofthe established IBOI' session on Rl.

R1#show ip bgp ipv6 unicast neighbors 2001:db9:2:100::1
BGP neighbor is 2001: DB9: 2: 10 O: : 1, ;t'eljl6t~?~l\.SI:6?5Q9íT;!r;lnt~f;liil''I;
¡i:rí'íl<
BGP version 4, remote router ID 192.168.101.2
BGP state = 'EstaoIrsl1éCí, up for 00:01:28
Last read 00:00:28, last write 00:00:28, hold time is 180,
keepalive interval is 60 seconds
Neighbor capabilities:

© 2010 Cisco Syslems, Inc. Lab Guide 61

 Route refresh: advertised and received(old & new)
Addréss'.fami!Y.,.f~vii7ÍJnlbas~!~\aéHT~1::tI§¡'~';á¡¡d.:Fi'lQ\e.i,!:~Cí
< ••• rest of the output omitted ••• >

• Review Ihe conlents oflhe BGr lable for IPv6 on R 1.

Rl#show ip bgp ipv6 unicast
BGP table version is 14, local router ID is 192.168.101.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next HOp Metric LocPrf Weight Path

*> 2001:DB9:1:1::/64
* i2001:DB9:1:A::/64
·.
2001:0B9:2:100::1
O
O 100
32768
O
i
i
*> ·. O 32768 i
*> 2001:0B9:1:100::/64 ·. O 32768 i
*> 2001:0B9:1:200::/64
*>i.2IÍÓ.i,DS9 ,:J:l I:! ií{
·2001:0B9:2:100::1
. O
O 100
32768
O
i
i
*>i2001:0B9:2:100::/64 2001:DB9:2:100::1 O 100 O i
*>i2001:0B9:2:200::/64 2001:DB9:2:100::1 O 100 O i

• Review lhe contenl oflhe IPv6 rOllling table on RI. Look for Ihe availabilily oflhe remole
LAN. Make Ihe same review on R2.
Rl#show ipv6 route
IPv6 Routing Table - 14 entries
Codes: e - connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Sta tic raute
Il - ISIS LI, I2 - I8IS L2, lA - I8IS interarea, 18 - I8IS surnmary
O - OSPF intra, OI - OSPF ínter, OEl - OSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
C 2001:DB9:1:1::/64 [O/O]
via ::, FastEthernetO/O
L 2001:DB9:1:1::1/128 [O/O]
via ::, FastEthernetO/O
C 2001:0B9:1:A::/64 [O/O]
via ::, SerialO/O/O.l
L 2001:DB9:1:A::1/128 [O/O]
via ::, SerialO/O/O.l
C 2001:0B9:1:100::/64 [O/O]
via ::, Loopbackl
L 2001:0B9:1:100::1/128 [O/O]
via ::, Loopbackl
C 2001:0B9:1:200::/64 [O/O]
via ::, Loopback2
L 2001:0B9:1:200::1/128 [O/O]
via ::, Loopback2
B ~pói;bB9¡2;I:W64, [200/0]
via 2001:0B9:2:100::1
B 2001:DB9:2:100::/64 [200/0]
via 2001:DB9:2:100::1
O 2001:DB9:2:100::1/128 [110/64]
via FE80::216:C8FF:FESE:FC20, SerialO/0/0.1
B 2001:0B9:2:200::/64 [200/0]
via 2001:0B9:2:100::1
L FE80::/10 [O/O]
via ::, NullO
L FFOO::/8 [O/O]
via ::, NullO

62 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 • Optionally, youmight \Vant to monitor the process ofBGP session setup and update
exchange. Enable the debugging of BOP events for lhe IPvG address family and clear the
BOP sessions. BOP routing information is not exchanged for a stable network; only routing
updates are sen!. On your router, turn on debugging (capture the console output as needed)
and start BOP debugging.
Rl#debug bgp ipv6 unicast

Rl#debug bgp ipv6 unicast updates

BGP debugging is en fer address family: IPv6 Unicast

Note Cisco lOS Software might crash ir you turn on debugging and clear the IBGP process on the
same rauter. Far that reason, use R2 to clear the IBGP pracess, and then observe debug
output on R1.

• Clear Ihe IBOP process on R2.

R2#clear bgp ipv6 unicast *

R1#
03:13:19: BGP: 2001:0B9:2:100::1 remate clase, state CLOSEWAIT
03:13:19: BGP: 2001:DB9:2:100::1 -reset the session
03:13:19: BGP(l): no valid path for 2001:0B9:2:1::/64
03:13:19: BGP(l): no va1id path for 2001:0B9:2:100::/64
03:13:19: BGP(l): no valid path for 2001:0B9:2:200::/64
03:13:19: BGPNSF state: 2001:0B9:2:100::1 went frero nsf_not active to
nsf_not_active
03:13:19: BGP: 2001:0B9:2:100::1 went from Established to Idle
03:13:19: %BGP-S-ADJCHANGE: neighbor 2001:0B9:2:100::1 Do,.¡n Peer closed the
session
03:13:19: BGP: 2001:0B9:2:100::1 closing
03:13:19: BGP(l): nettable_walker 2001:0B9:2:1::/64 no best path
03:13:19: BGP(l): nettab1e_walker 2001:0B9:2:100::/64 no best path
03:13:19: BGP(l): nettable_walker 2001:0B9:2:200::/64 no best path
03:13:20: BGP: 2001:0B9:2:100::1 passive open to 2001:0B9:1:100::1
03:13:20: BGP: 2001:0B9:2:100::1 went from Idle to Connect
03:13:20: BGP: 2001:DB9:2:100::1 rcv message type 1, length (excl. header) 26
03:13:20: BGP: 2001:DB9:2:100::1 rcv OPEN, version 4, holdtime 180 seconds
03:13:20: BGP: 2001:DB9:2:100::1 went from Connect to OpenSent
03:13:20: BGP: 2001:DB9:2:100::1 sending OPEN, version 4, my as: 65001,
holdtime 180 seconds
03:13:20: BGP: 2001:0B9:2:100::1 rcv OPEN w/ OPTION parameter len: 16
03:13:20: BGP: 2001:0B9:2:100::1 rcvd OPEN w/ optional parameter type 2
(Capability) len 6
03:13:20: BGP: 2001:0B9:2:100::1 OPEN has CAPABILITY code: 1, length 4
03: 13: 20: BGP: 2001: OB9: 2: 100:: 1 OPEN has ¡;¡¡;EX¡j),ZC¡¡¡;"rfot;Ca'f;¡;7s'il3¡:r1Y!i~7;t
03: 13: 20: BGP: 2001: OB9: 2: 100:: 1 rcvd OPEN w7 opÚon'a:ipar;'meter type"2
(Capability) len 2
03:13:20: BGP: 2001:0B9:2:100::1 OPEN has CAPABILITY code: 128, length O
03: 13 :20: BGP: 2001: OB9: 2: 100:: 1 OPEN has j\i5jj'i'1l'friE~riE¡¡Jfi;C'~R~i')TI11Oyt9iH] for
all address-families
03:13:20: BGP: 2001:0B9:2:100::1 rcvd OPEN w/ optional parameter type 2
(Capability) len 2
03:13:20: BGP: 2001:0B9:2:100::1 OPEN has CAPABILITY code: 2, length O
03:13:20: BGP: 2001:0B9:2:100::1 OPEN has ji.\:lR~E;"riEF¡¡]¡liíl'pc:~p~i)~:t~:¡¡yrll¡¡~i)¡ for
all address-families
03:13:20: BGP: 2001:0B9:2:100::1 rcvd OPEN w/ remote AS 65001
03:13:20: BGP: 2001:DB9:2:100::1 went from OpenSent to OpenConfirm
03:13:20: BGP: 2001:0B9:2:100::1 send message type 1, length (incl. header) 45
03:13:20: BGP: 2001:DB9:2:100::1 went from OpenConfirm to Established
'(j~jiI~.!~p¡}¡¡!nj'§P3i'5[i¡.P;i[CiíjÜ~G.E'!r[er:glf!l0'r¡~2O:0~¡j5B9:2Iioo:l¡:l,;¿*yp

© 2010 Cisco Systems, Inc. Lab Guide 63

 03:13:20: BGP(l): 2001:0B9:2:100::1 send UPOATE (format) 2001:0B9:1:200::/64,
next 2001:DB9:1:100::1, rnetric O, path Local
03:13:20: BGP(l): 2001:0B9:2:100::1 send UPOATE (prepend, chgflags: OxO)
2001:DB9:1:100::/64, next 2001:DB9:1:100::1, metric O, path Local
03:13:20: BGP(l): 2001:0B9:2:100::1 send UPOATE (prepend, chgf1ags: OxO)
2001:DB9:1:A:~/64, next 2001:0B9:1:100::1, metric O, path Local
03:13:20: BGP(1): 2001:0B9:2:100::1 send UPOATE (prepend, chgflags: OxO)
2001:DB9:1:1::/64, next 2001:DB9:1:100::1, metric O, path Local
03:13:46: BGP(l): 2001:0B9:2:100::1 rcvd20Ór:¡jB~:2~2()()¡:1¡¡4
03: 13: 46: BGP( 1): 2001: OB9: 2: 100:: 1 \:évd2001 :PJ39'2,;10Ó! (/6.1'
03:13:46: BGP(l): 2001:0B9:2:100::1 rcvd~OOl:Pl%9:2:~::¡~f'"
03:13:46: BGP(l): 2001:0B9:2:100::1 ~<ivd2bÓJ!D,B~,J:¡:;(íi~l¡:

Rl#undebug all
All possible debugging has be en turned off

• On PC 1, test the reachability of PC2 (use IPv6 address 2001 :db9:2: 1::1).
C:\>ping62001:db9:2:1::f

Pinging 2001:db9:2:1::f
from 2001:db9:1:1:74cO:aOce:56f4:6cdf with 32 bytes of data:

Rep1y fraro 2001:db9:2:1::f: bytes=32 time=59ms

Rep1y from 2001:db9:2:1,:f: bytes=32 time=48ms
Rep1y fraro 2001:db9:2:1::f: bytes=32 tirne=48ms
Rep1y fraro 2001:db9:2,1::f: bytes=32 time=48ms

Ping statistics for 2001:db9:2:1::f:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approxirnate round trip times in milli-seconds:
Mínimum = 48ms, Maximum = 59ms, Average = SOms

• Review the path between PC 1 and PC2 (use 1Pv6 address 2001 :db9:2: 1::1).
C:\>tracert62001:db9:2:1::f

Tracing route to 2001:db9:2,1::f

from 2001:db9:1:1:74cO:aOce:56f4:6cdf over a maximum of 30
hops:

1 1 ms 1 ms 1 ms 2001,db9:1:1::1
2 75 ms 77 ms 75 ms 2001:db9:1:a::2
3 64 ms 64 ms 65 ms 2001:db9:2:1::f

Trace complete.

• Disable all debugging on router R l.

Task 2: Configure EBGP for IPv6

In this task, you will configure EBGP for IPv6 towards router ¡SP.

64 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. Inc.
Activity Procedure
Complete this step:
Step 1 On R 1, configure an EBOP for IPv6 with router ISP. Use the BOP parameters thal
are listed in the lable. (Rouler ISP has been preconfigured.)

EBGP Parameters

Parameter . R1 . ISP

AS 65001 64512
IPv4 Propagation No No
(enabled by default)
IPv6 Propagation Yes Yes
(disabled by default)
Source Address Serial 0/0/0.2 Serial 010/0.1

Outbound Routes Sel nexl hop lo Loopback 1 Set nexl hop lo FaslElhernet
0/0

Activíty Verífícatíon
You have completed this task when you atlain these )'esults:
• On RI, review Ihe status ofthe BOP sessions. You should now have two functional
sessions, each receiving a few updates.
Rl#show bgp ipv6 unicast surnmary
BGP router identifier 192.168.101.1, local AS number 65001
BGP table version is 18, main routing table version 18
17 network entries using 2652 bytes of memory
19 path entries using 1444 bytes of memory
4/3 BGP path/bestpath attribute entries using 672 bytes of rnemory
1 BGP AS-PATH entries using 24 bytes of memory
O BGP route-map cache entries using O bytes of memory
O BGP filter-list cache entries using O bytes of memory
Bitfield cache entries: current 3 (at peak 3) using 96 bytes of memory
BGP using 4888 total bytes of memory
BGP activity 17/0 prefixes, 19/0 paths, sean interval 60 secs

Neighbor V AS HsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

~96r:5B~JFilOOfzn;:;4r:645i2'¿:\~Z?" 1 i" '1' .\?la ¡(¡~¡'i'''T8'¡~i::;~'::}~~~io;'¡aQ¡Í,f¡T~8'¡!lv:g!:?¡tilJ9
2001:0B9:2:100::14 65001 285 286 18 O O 04:44:30 4

• Determine which prefixes are being received from muter ISP.

R1#show bgp ipv6 unicast neighbors 2001:db9:1:300::1 routes
BGP table version is 18, local router ID is 192.168.101.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* 2001:0B9:1:300::/64
*> 2001:0B9:10:1::/64
*> 2001:0B9:11:100::/64
*> 2001:0B9:12:100::/64
*> 2001:0B9:13:100::/64
*> 2001:0B9:14:100::/64
*> 2001:0B9:15:100::/64
*> 2001:0B9:16:100::/64
*> 2001:0B9:17:100::/64
*> 2001:0B9:18:100::/64
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
2001:0B9:1:300::1
O O 64512 i
O O 64512 i
O O 64512 i
O O 64512 i
O O 64512 i
O O 64512 i
O O 64512 i
O O 64512 i
O O 64512 i
O O 64512 i

© 2010 Cisco Systems, [ne. Lab Guide 65

 Total number of prefixes 10

• Determine which prefixes are being sent to the Isr.

R1#show bgp ipv6 unicast neighbors 2001:db9:1:300::1 advertised-routes
BGP table version is 18, local router ID is 192.168.101.1
status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 2001:0B9:1:1::/64 ·. O 32768 i
*> 2001:0B9:1:A::/64 ·. O 32768 i
*> 2001:0B9:1:100::/64 ·. O 32768 i
*> 2001:0B9:1:200::/64 ·. O 32768 i
*> 2001:0B9:1:300::/64
*>i2001:0B9:2:1::/64
·.
2001:0B9:2:100::1
O
O 100
32768
O
i
i
*>i2001:0B9:2:100::/64 2001:0B9:2:100::1 O 100 O i
*>i2001:0B9:2:200::/64 2001:0B9:2:100::1 O 100 O i

Total number of prefixes 8

• Review the !"Otlting table on R l. Look for the presence oflhe rOtlte for accessing Server at
200 I :cIb9: I O: I ::f. Also make sure that the !"Otltes point to a val id next-hop interface and not
to Ntlll.
R1#
IPv6 Routing Table - Default - 24 entríes
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS Ll
I2 - 18IS L2, lA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ONI - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2001:0B9:1:1::/64 [O/OJ
vía FastEthernetO/O, directly connected
L 2001:0B9:1:1::1/128 [O/OJ
vía FastEthernetO/O, receíve
C 2001:0B9:1:A::/64 [O/OJ
via SerialO/O/O.1, directly connected
L 2001:0B9:1:A::1/128 [O/OJ
via SerialO/O/O.l, receive
C 2001:0B9:1:100::/64 [O/OJ
via Loopback1, directly connected
L 2001:0B9:1:100::1/128 [O/OJ
via Loopbackl, receive
C 2001:0B9:1:200::/64 [O/OJ
via Loopback2, directly connected
L 2001:0B9:1:200::1/128 [O/OJ
via Loopback2, receive
C 2001:0B9:1:300::/64 [O/O]
vía SeriaI0/O/0.2, directly connected
L 2001:0B9:1:300::2/128 [O/OJ
vía seríalO/O/0.2, receive
B 2001:0B9:2:1::/64 [200/0J
via 2001:0B9:2:100::1
B 2001:0B9:2:100::/64 [200/0J
via 2001:0B9:2:100::1
O 2001:0B9:2:100::1/128 [110/64]
via FE80::216:C8FF:FE76:8B38, SerialO/0/0.1
B 2001:0B9:2:200::/64 [200/0J
via 2001:0B9:2:100::1
B 2001:0B9:10:1::/64 [20/0J
via FE80::1, SerialO/0/0.2
B 2001:0B9:11:100::/64 [20/0J
vía FE80::1, SerialO/0/O.2

66 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc.
 B 2001:DB9:12:100::/64 [20/0J
vía FE80: :1, Sería10/0/0.2
B 2001:0B9:13:100::/64 [20/0]
vía FEBO::l, SerialO/O/O.2
B 2001:0B9:14:100::/64 [20/0]
via FESO::!, SerialO/O/O.2
B 2001:0B9:15:100::/64 [20/0]
vía FE80::1, Sería10/0/0.2
B 2001:0B9:16:100::/64 [20/0]
via FEBO::l, SerialO/O/O.2
B 2001:0B9:17:100::/64 [20/0]
vía FE80::1, Sería10/0/0.2
B 2001:0B9:18:100::/64 [20/0]
vía FESO::!, serialO/O/O.2
L FFOO::/8 [O/O]
vía NullO, receive

• On pe 1, test the reachability of Server (use IPv6 address 200 I :db9: I O: I ::1).
C:\>píng6 2001:db9:10:1::f

Píngíng 2001:db9:10:1::f
from 2001:db9:1:1:c895:dge4:555c:904 with 32 bytes of data:

Reply from 2001:db9:10:1::f: bytes=32 time=58ms

Reply from 2001:db9:10:1::f: bytes=32 time=48ms
Reply fraro 2001:db9:10:1::f: bytes=32 time=48ms
Reply fraro 2001:db9:10:1::f: bytes=32 time=98ms

Ping statistics for 2001:db9:10:1::f:

Packets: Sent = 4, Received = 4, Lost = O (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maxirnum = 98ms, Average = 63ms

• Review lhe palh between pe I and Server (use IPv6 address 200 I :db9: 10: I ::1).
C:\>tracert62001:db9:10:1::f

Tracing route to 2001:db9:10:1::f

from 2001:db9:1:1::f over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 2001:db9:1:1::1
2 75 ms 75 ms 75 ms 2001:db9:1:300::1
3 63 ms 63 ms 63 ms 2001:db9:10:1::f

Trace complete.

© 2010 Cisco Systems, Ine. Lab Guide 67

Task 3: Configure IPv6 Prefix Filtering in BGP
In Ihis task, you \ViII configure prefix filtering of incoming EBGP updates from router ISP.

Activity Procedure
Complete these steps:
Step 1 On R 1, create an IPv6 prefix lisl named PFL that denies IPv6 prefixes
2001 :db9: 14::/48,200 I :db9: 15::/48,200 I :db9: 16::/48, and 2001 :db9: 17::/48. AII
other updates should be permitted.
Step2 Apply the prefix lisl PFL to incoming EBGP updales from router ISP.

Activity Verification
You have completed this task when you attain these results:
• On RI, review the routes that are receivecI from router ISP. You should still see the prefixes
thal are denied by the prefix list because you have nol yet triggered Ihe resending of
upcIates.
Rl#show bgp ipv6 unicast neighbors 2001:db9:1:300::1 routes
BGP table version is 15, local router ID is 192.168.101.1
status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 2001:0B9:1:300::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:10:1::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:11:100::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:12:100::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:13:100::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:14:100::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:15:100::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:16:100::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:17:100::/64 2001:0B9:1:300::1 O O 64512 ?
*> 2001:0B9:18:100::/64 2001:0B9:1:300::1 O O 64512 ?

Total number of prefixes 10

• Clear Ihe EBGP session with router ISP by sending a route refresh (that is, inbound soft
clearing).
R1#clear ip bgp ipv6 unicast 64512 in
• Recheck Ihe routes that are received from router ISP. The prefixes that are denied by Ihe
prefix lisl should nol be seen anymore.
Rl#show bgp ipv6 unicast neighbors 2001:db9:1:300::1 routes
BGP table version is 16, local router ID is 192.168.101.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next HOp Metric LocPrf weight Path

* 2001:0B9:1:300::/64
*> 2001:0B9:10:1::/64
*> 2001:0B9:11:100::/64
*> 2001:0B9:12:100::/64
*> 2001:0B9:13:100::/64
*> 2001:0B9:18:100::/64
2001:0B9:1:300::1 O O 64512 ?
2001:0B9:1:300::1 O O 64512 ?
2001:0B9:1:300::1 O O 64512 ?
2001:0B9:1:300::1 O O 64512 ?
2001:0B9:1:300::1 O O 64512 ?
2001:0B9:1:300::1 O O 64512 ?

Total number of prefixes 6

68 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Lab 5-1: Multicasting
Complete this lab activity to practice what you leamed in the related module.

Activity Objective
In this activity, you will lea m the important differences between multicast in IPv6 and IPv4.
Static RP assignment will still be common-and supported-but the large IPv6 multicast
address space enables other solutions. Embedded RP allows the RP address to be encoded in
the multicast destination itself. Both types of multicast, as well as shared tree configurations
and source-tree configurations, are demonstrated in this lab. After completing this activity, you
will be able to meet these objectives:
• Configure multicast by using static RPs
• Configure source-tree multicast
• Configure embedded RPs

Visual Objective
Tile figure illustrates what you \ViII accomplish in this activi!y.
fu ti 2 lEE
"
j

Visual Objective for Lab 5-1: Multicasting

Required Resources
The table lists the resources and equipment tha! are required to complete this activity.

Required Resources

Device Name Device Role in the Laboratory

R1 WAN aeeess router in Site 1; used as delault

gateway lor IPv4 and IPv6 traffie

© 2010 Cisco Systems, Ine. Lab Guide 69

 Device Name Device Role in the Laboratory

R2 WAN access router in Site 2; used as default

gateway for IPv4 and IPv6 traffic

R3 WAN access router in Site 3; used as default

gateway for IPv4 and IPv6 traffic

PC1 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

PC2 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

PC3 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

Note Each PC uses two NICs. The first card, named MGMT, is used far management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAS, is connected to the lab network and will be used in the lab activity
far IPv4 and IPv6 connectivity.

Command List
The table describes the commands that are lIsed in this activity.

Cisco 105 Software Commands

Command Description

ipv6 multicast-routing Enables mullicast routing, using PIM and MLD, on

alllPv6-enabled interfaces of the router, and
enables mullicast forwarding

ipv6 pim rp-address Configures the address of a PIM RP for a

particular group range

ipv6 pim spt-threshold infinity Configures when a PIM leaf router joins the SPT
for the specified groups

show ipv6 mld groups Displays the multicast groups that are directly
connected to the router and that were learned
through MLD

show ipv6 mld interface Displays multicast-related information about an

interface

show ipv6 mld traffic Displays the MLD traflic counters

show ipv6 pim group-map Displays an IPv6 mullicast group mapping table

show ipv6 pim topology Displays PIM topology table information for a
specific group ar all groups

show ipv6 pirn traffic Displays the PIM traflic counters

show ipv6 pim tunnel Displays information about the PIM register
encapsulation and de-encapsulation tunnels on
an interface

70 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Windows PC Commands
. .
· Commánd ... Description

ipconfig Displays IP information for hosts that run

WindowsXP

ping ipv4-address - t Verifies IPv4 connectivity; continual testing by

using parameter-t

ping6 ipv6-address - t Verifies IPv6 connectivity; continual testing by

using para meter -t

Job Aids
These Job aids are available to help you complete the lab activity:
• The instructor will provicle you with your pod number and other pod-access information.
Log Ihis information in the table.

Pod-Access Information

Parameter . • . .... Value .. •

Your pod number

Username on router Rl -
Password on router Rl -
Username on router R2 -
Password on router R2 -
Username on router R3 -

Password on router R3 -

Username on pel student

Password on pel lab

Username on pe2 student

Password on pe2 lab

Usernarne on pe3 student

Password on pe3 lab

Note Routers R 1, R2, and R3 are preconfigured lo allow access without any credentials. Any
Telnet session or console access will automatically give you access lo privileged mode.

• The table i1ll1strates the IPv4 ancllPv6 adclressing scheme that is lIsed in this lab exercise.

Pod Addressing

Device Interface IPv4 Address and IPv6 Address and

Mask . Mask ..

R1 FastEthernet 0/0 192.168.1.1/24 2001 :db9:1:1 ::1/64

R1 Serial 0/0/0.1 192.168.101.1/30 2001 :db9:1 :a::1/64

R1 Serial 0/0/0.2 192.168.101.5/30 2001 :db9:1 :b::1/64

© 2010 Cisco Systems, Ine. lab Guide 71

 Device Interface IPv4 Address and IPv6 Address and
Mask Mask

R1 Loopback 1 Unassigned 2001 :db9:1 :100::1/64

R1 Loopbaek 2 Unassigned 2001 :db9:1 :200::1/64

R2 FastEthernet 0/0 192.168.2.1/24 2001 :db9:2:1 ::1/64

R2 Serial 0/0/0.1 192.168.101.2/30 2001 :db9:1 :a::2/64

R2 Loopbaek 1 Unassigned 2001 :db9:2:100::1/64

R2 Loopbaek 2 Unassigned 2001 :db9:2:200::1/64

R3 FastEthernet O/O 192.168.3.1/24 2001 :db9:3:1 ::1/64

R3 Serial 0/0/0.1 192.168.101.6/30 2001 :db9:1 :b::2/64

R3 Loopbaek 1 Unassigned 2001 :db9:3:100::1/64

R3 Loopbaek 2 Unassigned 2001 :db9:3:200::1/64
PC1 LAS 192.168.1.2/24 2001 :db9:1:1 ::1/64
PC2 LAS 192.168.2.2/24 2001 :db9:2:1 ::1/64
PC3 LAS 192.168.3.2/24 2001 :db9:3:1 ::1/64

• A Frame Relay PVC is used in Ihe lab lO inlerconnecl the two sites.

Frame Relay PVC Details

Source Device OLCI Peer Oeviee OLCI

R1 111 R2 111

R1 222 R3 222

Task 1: Configure Multicast by Using Static RPs

This lask willuse static RP multicast, in which Ihe RP is manually configured on all designated
routers in Ihe environment. In this case, you willuse only Ihe shared tree.

Activity Procedure
Complete these sleps:
Step 1 Enable IPv6 multicast rouling on routers RI, R2, and R3.
Step 2 Configure all routers 10 remain on the shared tree and to route mullicast traffic.

Note The Cisco router must be enabled to route IPv6 traffie lar unieast traffie in general; the router
must be explicitly eonfigured to route mullieast traffie. In addition, by delault, the Cisco PIM
implementation allows the last-hop designated router (the router with atlaehed listeners) to
move immediately to Ihe souree tree, alter loeating the souree via the RP.

Step 3 Static RP requires manual configuration ofthe RP location on all designated routers.
The RP for all slreams will be the FastEthernet 010 interface on router R l. Configure
the RP address on routers R 1, R2, and R3.
Step4 Cisco routers construct a P1M tunnel immediately upon configuration ofthe RP.
Review the PIM tunnel stale on each router.

72 IPv6 Fundamentals, Oesign, and Oeployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Step 5 Also I'eview lhe PIM topology 011 R 1. The topology should be empty beca use thel'e
are 110 senders or receivers.
Step6 On PC 1, open a cOl11mand prompt and start a continuous ping to the multicast
address ff15:: 15. Use the ping6 ff15::15 -t command, which will simulate a stream
source al the mullicast adclress ff15:: 15.

Note Videos cannot be mullicast in this type 01 lab beca use 01 inlrastructure constraints. A simple
IPv6 ping will successlully replace the need lar video streams. At the moment, there is no
receiver, so the mullicast echo requests will go unanswered.

Step 7 Review the PIM topology on R I again.

Step 8 On PC2, start the VLC media player and prepare lo receive the desired stream.

... . 111 11

: xl. 00 .
~~ ~~I

Step9 In lhe VLC media player. choose File> Opcn Nctwork Stream. In lhe dialog box,
choase UDP/RTP Multicast. and enter the multicast address ff15::15. Click OK.
PC2 will issue an MLD join to start receiving the stream.

OUDP!RTP

0lIDP¡Fi,!p Ivlultita,st 1234

O HTTPfHTTPS!FTP!MMS

ORTSP

o Al!ów t!mesh1ftlng
L______..______.. _ _. __._..._. __.•.._ •.___.__..____._.__.
Ad\'anced,opt.loh:S

O stream/sav;.':e : :~L: ~::~:. . . . . . . . . . . .O,=:.c.:.a:.:,h.••i.n....g~..•..••...l.c:>:~:".:.í.::.:::.:.c:c:::::.:.:.:!.•.................•.....,..•.,

Step 10 You should also start receiving replies to your multicas! ping after at least one
receiver is active. Ifyou review the command prompt window with the con!inuous
ping on PC 1, you should now see ICMP replies from PC2.
Step 11 Review the PIM lopology on R 1 again.
Step 12 Also review the PIM topology on R2.
Step 13 On router R2, display lhe multicast addresses for which the router has received
MLD Joins, 01' receivers, sigllaling an illterest in a particular Illulticast stream.

© 2010 Cisco Systems, Ine, Lab Guide 73

 Step 14 Stalt anolher VLC player on PC3 and cOllllect to the same UDP/RTP Multicast
address (ff15:: 15).

Activity Verification
You have completed this task when you attaill Ihis resul!:
• Ifyou recheck the PIM topology 011 router R 1, you should see two interfaces that are
associated with receivers.
Rl#show ipv6 pim topology
IP PIM Multicast Topology Table
Entry state: (*/S,G)[RPT/SPT] Protocol uptirne rnfo
Entry flags: KAT - Keep Alive Timer, AA - Assume Alive, PA - Probe Alive,
RA - Really Alive, LH - Last Hop, DSS - Don't Signal Sources,
RR - Register Received, SR - Sending Registers, E - MSDP External,
DCC - Don't Check Connected
Interface state: Name, Uptime, Fwd, Info
Interface flags: LI - Local Interest, LO - Local Disinterest,
Ir - Internal Interest, ID - Internal Disinterest,
LH - Last Hop, AS - Assert, AB - Admin Boundary

(*,FF1S::1S)
SM UP: 00:01:26 JP: Join(never) Flags:
RP: 2001:0B9:1:1::1*
RPF: Tunne12,2001:DB9:1:1::1*
SerialO/0/0.2 00:00:03 fwd Join(00:03:25)
SerialO/0/0.1 00:01:26 fwd Join(00:03:03)

(2001:0B9:1:1:9SBO:96E2:4C72:69C6,FF1S::1S)
SM SPT UP: 00:02:18 Jp: Join(never) Flags: KAT(OO:Ol:ll) RA RR
RPF: FastEthernetO/0,2001:0B9:1:1:9SBO:96E2:4C72:69C6*
No interfaces in irnmediate olist

Task 2: Configure Source-Tree Multicast

Mullicast traffic can travel on the shared Iree (sourced at Ihe designated RP), 01' the last-hop
designated rouler can obtain the stream directly from the first-hop designated router (near the
sender) via a PIM join. When the stream is initially received via the shared tree, and when the
designated router learns the source router location, Ihe designated router can build a source tree
d irectly to that source.

Activity Procedure
Complete these steps:
Step 1 During the initial PIM configuration, you set a parameter that caused Ihe Cisco
router to use only the shared tree-never to try to build a source tree. Remove that
statement on all routers.
Step 2 Clear Ihe current PIM topology. After a short interruption, both streams should
continue to run. If not, reopen the streams in the VLC viewers on PC2 and PC3.

Activity Verification
You have completed this task when you atlain this result:
• On router R 1, wait for a moment for the multicast topology to converge, and then examine
the PIM topology.
Rl#show ipv6 pim topology
IP PIM Multicast Topology Table
Entry state: (*/S,G}[RPT/SPT] Protocol uptime rnfo
Entry flags: KAT - Keep Alive Timer, AA - Assume Alive, PA - Probe Alive,
RA - Really Alive, LH - Last Hop, DSS - Don't Signal Sources,
RR - Register Received, SR - Sending Registers, E - MSDP Externa!,

74 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
 DCC - Don't Check Connected
Interface state: Name, uptime, Fwd, lnfo
Interface flags: LI - Local Interest, LO - Local Disinterest,
11 - Internal Interest, ID - Internal Disinterest,
LH - Last Hop, AS - Assert, AB - Admin Boundary

(*,FF1S::1S)
SM UP: 00:01:37 JP: Join(never) F1ags:
RP: 2001:DB9:1:1::1*
RPF: Tunne12,2001:DB9:1:1::1*
Seria10/0/0.2 00:01:17 fwd Join(00:03:12)
SerialO/0/0.1 00:01:37 fwd Join(00:02:S2)

(2001:DB9:1:1:9SBD:96E2:4C72:69C6,FF1S::1S)
SM SPT UP: 00:02:03 JP: Join(never) Flags: KAT(00:01:26) RA RR
RPF: FastEthernetO/0,2001:DB9:1:1:9SBD:96E2:4C72:69C6*
SerialO/0/0.2 00:01:17 fwd Join(00:03:12)
Seria10/0/0.1 00:01:17 fwd Join(00:03:12)

Note Notice that a source tree is now built for the stream. The listed source tree carries the tag
SPT. The original shared·tree topology is also still in the PIM table.

Task 3: Configure Embedded RPs

Manual confíguration of RPs within a multicast environment requires ongoing administration,
beca use each designated router must be reconfigured ifthe RP moves. IPv6 supports a concept
called embedded RP, which allows the IPv6 address ofthe RP to be encoded within the
multicast address destination.

Activity Procedure
Complete these steps:
Step 1 On PCI, stop the multicast source by using the <Ctrl>+<C> key combination in the
command prompt with the continuous pingo
Step 2 On PC2 and PC3, stop the receivers by closing the VLC application.
Step 3 On all routers, remove the existing static RP and put back the router restriction to
always stay on the shared multicast tree (never building the source tree).
Step4 On all routers, verify that the PIM topology is empty by clearing il.
Step 5 On RI, configure the RP in an embedded RP deployment to act as an RP for a
specific multicast range. Use group range me: 140:200 I :db9: 1: I ::/96.

Note Depending on the security needs of the site, this step can be done in a restrictive fashion
(an RP can be set up to act only as the RP for a single multicast address) or a more open
fashion (act as the RP for any embedded mullicast address). The configuration is required to
avoid a situation in which a multicast stream uses an unapproved or under-capable RP.

Note Embedded RP configuration is performed only on rauter R1; other rauters determine the RP
from the group prefix.

Step 6 On PC 1, start a continuous ping that uses the f17e: 140:200 I :db9: 1: 1:: address.
Step 7 On PC2, use the VLC media player to receive the previous multicast group. You
should start receiving ICMP replies on PC l.

© 2010 Cisco Systems, [ne. lab Guide 75

Activity Verification
You have completed this task when you attain these results:
• You should start receiving replies to your multicast ping afier at least one receiver is active.
If you review the command prompt window with the continuous ping on PC 1, you should
now see ICMP replies from PC2.
< ... part of the output omitted ... >
Reguest timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply fram ~odf: dh9T2ri!d4d¡¡~'39¡¡a:4¡¡:i8:'9T'f¡¡: bytes~32 time~54ms
Reply fram 200l:db9:2:l:d4da:3gea:4a38:9lf8: bytes~32 time~48ms
Reply fram 200l:db9:2:l:d4da:3gea:4a38:9lf8: bytes~32 time~48ms
Reply fram 200l:db9:2:l:d4da:3gea:4a38:9lf8: bytes~32 time~48ms
Reply fram 200l:db9:2:l:d4da:3gea:4a38:9lf8: bytes~32 time~48ms

• On RI, verify the multicast topology.

Rl#show ipv6 pim topology
IP PIM Multícast Topology Table
Entry state: (*/S,G)[RPT/SPT] ProtoGol Uptirne Info
Entry flags: KAT - Keep Alive Timer, AA - Assume Alive, PA - Probe Alive,
RA - Really Alive, LH - Last Hop, DSS - Don't Signal Sources,
RR - Register Received, SR - Sending Registers, E - MSDP External,
DCC - Don't Check Connected
Interface state: Name, Uptime, Fwd, Info
Interface flags: LI - Local Interest, LO - Local Disinterest,
II - Internal Interest, ID - Internal Disinterest,
LH - Last HOp, AS - Assert, AB - Admin Boundary

(*, FF7E iI4ó :2.601 ¡!lÍl9 :1.'·EiT

SM UP: 00:00:46 JP: Jain(never) Flags:
RP: 200l:DB9:l:l::l*
RPF: Tunne12,2001:DB9:1:1::1*
fl",r 1
i,áiO ti I O<.1/ 22 .,0 O: 06 :, ~6}flt~ .:;¡"j.,11 (00. ¡i:j2JAªj!
(200l:DB9:l:l:95BD:96E2:4C72:69C6,FF7E:140:200l:DB9:1:1::)
SM SPT UP: 00:01:20 JP: Jain(never) Flags: KAT(00:02:09) RA RR
RPF: FastEthernetO/O,200l:DB9:l:l:95BD:96E2:4C72:69C6*
No interfaces in irnmediate olist

• On R2, view the joined Iisteners that use embedded RP addresses.

R2#show ipv6 mld groups
MLD Connected Group l-lembership
Group Address Interface uptime Expires
FF7E :,1,40 :~PQ1¡PEi~!bi: : FastEthernetO/O 00:02:49 00:02:21

76 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3,0 © 2010 Cisco Systems, Inc.
 Lab 6-1: Implementing Tunnels for IPv6
Complete this lah activity to practice \Vhat you leamed in the related module.

Activity Objective
In this activity, you \Viii configure static and automatic IPv6-based tunneling. Afler completing
thi s activity, you will be able to meet these objectives:
• Configure a static IPv6-in-IPv4 lunnel
• Implel1lent host-only ISA TAP lo allow dual-slack hosts lo exchange IPv6 packets in IPv4
aulomatic lunnels
• Implement ISATAP on a rouler
• Inlegrale Ihe ISATAP hosl and router il1lplemenlalions lo allow the hosls lo configure a
global scope address and lo reach bolh ISA TAP and non-I SA TAP nodes

Visual Objective
The figure illustrales whal you \ViII accomplish in this activily.

Visual Objective for lab 6-1:

Implementing Tunnels for IPv6

~.
\ ...\

~
~ ,,\. I.,(W,
f"'- ~\\ <-00' . ~
Q,P

L)\f''JIJ..~~\ .. , _. -

Remote Site 2 Remote Site 3

<-' .. " •.•• " .•.•• '" .,.,.;., .

Required Resources
The lable lisIs lile resources and equipmcnt Ihal are required lo complete Ihis activity:

Required Resources

De vice Name Device Role in the Laboratory

R1 WAN aeeess rouler in Sile 1; used as defaull galeway for IPv4

and IPv6 Iraffie

© 2010 Cisco Systems, Ine. Lab Guide 77

 Device Name Device Role in the Laboratory

R2 WAN access rauter in Site 2; used as default gateway for IPv4

and IPv6 traffic

R3 WAN access rauter in Site 3; used as default gateway for IPv4

and IPv6 traffic

PC1 End user with applications that require both IPv4 and IPv6 support
by the operating system and the network

PC2 End user with applications that require both IPv4 and IPv6 support
by the operating system and the network

PC3 End user with applications that require both IPv4 and IPv6 support
by the operating system and the network

Note Each PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAB, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Command List
The table describes the commands that are used in this activity.

Cisco 105 Software Commands

Command Descriplion

interface tunnel intf Configures a logical interface; accesses a lagical

subinterface

ipv6 address prefix Configures an IPv6 address on an interface

ipv6 rip name enable Enables a named IPv6 RIP process on an

interface

ipv6 nd ra suppress Suppresses IPv6 rauter advertisement

transmissions on a LAN interface

show ipv6 interface brief Displays brief state of the selected interface
interface

show ipv6 rout:.e Displays the IPv6 rauting table

tunnel destination address Specifies the destination address for a tunnel

interface

tunnel mode ipv6ip [6t04 I Specifies IPv6 tunneling that encapsulates IPv6
isatap] packets within IPv4 packets for transmission

tunoel source {intf I address} Sets the source address for a tunnel interface

Windows PC Commands

Command Description

netsh interface ipv6 ISATAP set Sets the IPv61SATAP rauter address
router address ,,--,,,,\,,,,,~

netsh interface ipv6 ISATAP set Sets the IPv61SATAP rauter advertisement
router interval=interval interval (in minutes)

78 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Command Description

netsh interface ipv6 ISATAP set Enables IPv6 ISATAP tunneling

state enable
netsh interface ipv6 isatap show Verifies the state 01 the ISATAP on the pe
state

netsh interface ipv6 renew Renews the active IPv6 parameters, according to
the current configuration

netsh interface ipv6 show address Verilies global scope address across the ISATAP
int-number link

netsh interface ipv6 show Displays current interface configuration

interface [ idx-nwnber)
ping6 ipv6-address%int-number
Diagnoses IPv6; uses the %int-number parameter
to indicate that the packet should be sent out a
specilic interface number (the ISATAP interface),
beca use a link-local address (that is, le::) is used

tracert ipv4-addresB Verifies the path to the specilied IPv4 address

tracert6 ipv6-address Verifies the path to the specilied IPv6 address

Job Aidsl
These Job aids are available to help you complete the lab activity:
• The instructor \Viii provide you \Vith your pod number and other pod-access infonnation.
Lag this information in this table.

Pod-Access Information
.
Parameter Value

Your pod number

Username on router Rl -

Password on router Rl -
Username on router R2 -
Password on router R2 -
Usernarne on router R3 -

Password on router R3 -

Usernarne on PCl student

Password on PCl lab

Username on PC2 student

Password on PC2 lab

Username on PC3 student

Password on PC3 lab

Note Routers R1, R2, and R3 are preconligured to allow access without any credentials. Any
Telnet session or console access will automatically give you access to privileged mode.

• The table illustrates the IPv4 and IPv6 addressing scheme that is used in this lab exercise.

© 2010 Cisco Systems, Ine. Lab Guide 79

 Pod Addressing

Device Interface IPv4 Address and IPv6 Address and

Mask Mask

R1 FastEthernet O/O 192.168.1.1/24 2001 :db9:1:1 ::1/64

R1 Serial 0/0/0.1 192.168.101.1/30 Unassigned

R1 Serial 0/0/0.2 192.168.101.5/30 Unassigned

R1 Loopback 1 Unassigned 2001 :db9:1:100::1/64

R1 Loopback 2 Unassigned 2001 :db9:1:200::1/64

R2 FastEthernet O/O 192.168.2.1/24 2001 :db9:2:1 ::1/64

R2 Serial 0/0/0.1 192.168.101.2/30 Unassigned

R2 Loopback 1 Unassigned 2001 :db9:2:100::1/64

R2 Loopback 2 Unassigned 2001 :db9:2:200::1/64

R3 FastEthernet O/O 192.168.3.1/24 Unassigned

R3 Serial 0/0/0.1 192.168.101.6/30 Unassigned

PC1 LAS 192.168.1.2/24 2001 :db9:1:1 ::1/64

PC2 LAS 192.168.2.2/24 2001 :db9:2:1 ::1/64

PC3 LAS 192.168.3.2/24 2001 :db9:3:1 ::1/64

• A Frallle ReJay PVC is used in the Jab to interconnect the two sites.

Frame ReJay PVC Details

Source Device OLCI Peer Device OLCI

Rl 111 R2 111

Rl 222 R3 222

80 IPv6 Fundamentals, Oesign, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Inc.
Task 1: Configure a Static IPv6-in-IPv4 Tunnel
In this task, you will create an IPv6-in-IPv4 static tunnel between Ihe two sites because the
WAN that interconnects them supports only I Pv4.

Activity Procedure
Complete these steps:
Slep 1 Review Ihe contents ofthe IPv6 routing table on R l. There should be no RIP route
because there is no IPv6 connectivity across the WAN.
Slep 2 Configure a static IPv6-in-IPv41l111l1el between routers R I and R2 by using the
parameters thal are listed in the table.

Static IPv6-in-IPv4 Tunnel Parameters

. .. .
Parameler •• R1 R2 ..

Interface Tunnel900 Tunnel900

Tunnel Mode IPv6-in-IPv4 IPv6-in-IPv4

IPv6 Address 2001 :db9:1 :a::1/64 2001 :db9:1 :a::2/64

Tunnel Source Serial 0/0/0.1 Serial 0/0/0.1

Tunnel Destination 192.168.101.2 192.168.101.1

Slep 3 Also enable IPv6 RIP on the lunnel inlerface on bolh roulers. Use the preconfigured
RIPI RIP process.

Activity Verification
You have completed Ihis task when you altain Ihese resulls:
• Review Ihe conlenls oflhe IPv6 rouling lable on R l. This lime. you should see some
rouling infol"lnation thal is learned via RI P Ihrough Ihe lunnel interface.
Rl#show ipv6 route
IPv6 Routing Table - 13 entries
Codes: e - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user static raute
TI - ISIS LI, 12 - ISIS L2, lA - ISIS interarea, r8 - ISIS surnmary
O - OSPF intra, DI - OSPF ínter, OEl - OSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O - EIGRP, EX - EIGRP external
C 2001:0B9:1:1::/64 [O/OJ
vía ::, FastEthernetO/O
L 2001:0B9:1:1::1/128 [O/OJ
vía ::, FastEthernetO/O
C 2001:0B9:1:A::/64 [O/OJ
vía ::, Tunne1900
L 2001:0B9:1:A::1/128 [O/OJ
vía ::, Tunne1900
C 2001:0B9:1:100::/64 [O/OJ
vía ::, Loopbackl
L 2001:0B9:1:100::1/128 [O/OJ
via ::, Loopbackl
C 2001:0B9:1:200::/64 [O/OJ
via ::, Loopback2
L 2001:0B9:1:200::1/128 [O/OJ
via ::, Loopback2
lli¡~~¡2IiQi:.5B9::rn rWif4Tíí2o,/z]'
'-';'ia FEÍlO::COA8:6502, Íl'.úl1he'F¡¡O¡¡:
¡¡;ii*~1}:2"p(j.lrDjí9¡F?!;J(jI!Jli7,'6'4Tr?0'7 ií' ., .,.-
© 2010 Cisco Systems, Ine. Lab Guide 81
 vía FE80: :CO~8:6502,TU¡¡hél.9Óo;
JI; 2001: DB9 ,): 2.00:: 164. [i,20/~f
vía FE80::COA8:6502, Túnne1.9Óo;
L FE80::/10 [ O / O ] " ...
via :!, NullO
L FFOO::/8 [O/O]
via .. , NullO

Note There is no IPv6 support on the LAN in the Remote Site. For this reason, test connectivity
only to the Loopback addresses on rauter R2.

• On PC 1, lestthe IPv6 reachability of PC2 (use I Pv6 address 200 I :db9:2: I ::1).
C:\>ping6 2001:db9:2:1::f

Pinging 2001:db9:2:1::f
from 2001:db9:1:1:542:9588:8a17:3fe4 with 32 bytes of data:

Reply from 2001:db9:2:1: :f: bytes=32 time=70ms

Reply fraro 2001:db9:2:1::f: bytes=32 time=59ms
Reply from 2001:db9:2:1::f: bytes=32 time=69ms
Reply fraro 2001:db9:2:1::f: bytes=32 time=59ms

Ping statistics for 2001:db9:2:1::f:

Packets: Sent = 4, Received = 4, Lost = O (0% loss),
Approximate round trip times in milli-seconds:
Mínimum = 59ms, Maximum = 70ms, Average = 64ms

• Verify the IPv6 path between PC I and PC2.

C:\>tracert62001:db9:2:1::f

Tracing route to 2001:db9:2:1::f

from 2001:db9:1:1:542:9588:8a17:3fe4 over a maximum of 30
hops:

1 1 ms 1 ms 1 ms 2001:db9:1:1::1
2 86 ms 86 ms 86 ms 2001:db9:1:a::2
3 75 ms 75 ms 75 ms 2001:db9:2:1::f

Trace complete.

Task 2: Implement Basic ISATAP

In this task, youwi11 implement basic ISATAP functionality on PC3, which is connected to a
WAN access !"Outer thal has no IPv6 capability.

Activity Procedure
Complete this step:
Step 1 Enable ISA TAP on a11 three PCS.

82 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Activity Verification
You have completed this task when you atlain these results:
• Verify Ihat ISATAP is enabled on all PCs.
c:\> netsh interface ipv6 isatap show state /
ISATAP State : enabled

• Identify the Idx vallle for the ISA TAP interface (AlItomatic TlInneling Pseudo-Interface)
on each PC.
C:\>netsh interface ipv6 show interface
Querying active state ...

Idx Met MTU state Narne

,~

6 2 1280 Disconnected Teredo Tunneling Pseudo-Interface

5 O 1500 Connected LAB
4 O 1500 Connected f'.lGMT
3 1 1280 Connected 6to4 Pseudo-Interface
~~:;r¡;;~:07t:~,y,::\)t\;\j ,121fQ"< H:!o'iiñ'ecfEe'd;~0;rg?g~~~:í::AU~omatrc' ,',:'ifuhne;I¡:flg':;)~~:~'~'lIaq!f~I'~'~~t41~~~
1 O 1500 Connected Loopback Pseudo-Interface

• Take a deeper look al yOllr ISATAP interface configllration on each PC.

C:\>netsh interface ipv6 show interface 2
Querying active state ...

Interface 2: Automatic Tunneling Pseudo-Interface

Addr Type DAD State Valid Life Pref. Life Address

Link Preferred infinite infinite fe80::5efe:192.168.250.13

Link Preferred infinite in f ini te ¡fe~q¡):§~f¡¡J~9:2:~:(~it:~Tí

Cennection Name Aúf.om"át-l8"""Ttinneiint{ í>I~lIabtt]r~ér7taE~

GUID ¡4BF~E3FC-EC30-E50E-F1A 7-71172AEEE3AE}
State ~9n:necFteéÍ
Metric 1
Link l>lTU 1280 bytes
True Link MTU 65515 bytes
Current Hep Limit 128
Reachable Time 41s
Base Reachable Time 305
Retransmission Interval 15
DAD Transmits O
DNS Suffix
Firewall disabled
Site Prefix Length '4ílBits
Zone ID fer Link 2
Zone ID fer site 1
Uses Neighbor Discovery No
Sends Reuter Advertisements No
Fen.¡ards Packets No
Link-Layer Address :6 {'ff: ~cr~ 'ij
Remete Link-Layer Address :0 •.'0, o, d
• Verify that ISATAP 1V0rks, by sending a ping from PCJ to the ISATAP address ofPCI in
the Central Site l.
C:\>ping6 fe80::5efe:192.168.1.2%2

Pinging fe80::5efe:192.168.1.2%2

© 2010 Cisco Systems, lnc. Lab Guide 83

 from fe80::5efe:192.168.3.2%2 with 32 bytes of data:

Request timed out.

Reply from fe80::5efe:192.168.1.2%2: bytes=32 time=65ms
Reply from fe80::5efe:192.168.1.2%2: bytes=32 time=57ms
Reply from fe80::5efe:192.168.1.2%2: bytes=32 time=57ms

Ping statistics for fe80::5efe:192.168.1.2%2:

Packets: Sent = 4, Received = 3, Lost = 1 (25% 10ss),
Approximate round trip times in milli-seconds:
Mínimum = 57ms, Maximurn = 65ms, Average = 59ms

Nole The IPv6 address fe80::5efe:192:168:1:2 is equivalenl lo complelely hexadecimal

fe80::5efe:cOa8:0102 (OxCO=192, OxA8=168, Ox01=1, Ox02=2). The addition of"%2"
indicates that the packet should be sent out interface number 2, which is the ISATAP
interface. This addition is needed beca use a link-local address (Ihat is, fe::) is used.

• Verify that ISATAP also works between PC3 and the other remote site (pe2).
C:\>ping6 fe80::5efe:192.168.2.2%2

Pinging fe80::5efe:192.168.2.2%2
from fe80::5efe:192.168.3.2%2 with 32 bytes of data:

Request timed out.

Reply from fe80::5efe:192.168.2.2%2: bytes=32 time=120ms
Reply from fe80::5efe:192.168.2.2%2: bytes=32 time=113ms
Reply from fe80::5efe:192.168.2.2%2: bytes=32 time=113ms

Ping statistics for fe80::5efe:192.168.2.2%2:

Packets: Sent = 4, Received = 3, Lost = 1 (25% 10ss),
Approximate round trip times in milli-seconds:
Mínimum = 113ms, Maximurn = 120ms, Average = 115ms

• Althollgh ¡here are several hops between PC3 and PC2, yOll should see only one hop when
lIsing ISATAP. Use IPv6 tracerollle from PC3 lo PC2 lo confinn.
C:\>tracert6 fe80::5efe:192.168.2.2%2

Tracing route to fe80::5efe:192.168.2.2%2

from fe80::5efe:192.168.3.2%2 over a maximum of 30 hops:

1 146 ms 145 ms 146 ms fe80::5efe:192.168.2.2%2

Trace complete.

• YOll may also lIse lracerollle lo the IPv4 address ofPC2.

C:\>tracert 192.168.2.2

Tracing route to v4-pod2-pc [192.168.2.2]

84 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, loe,
 over a maximum of 30 hops:

1 3 ms 1 ms 1 ms v4-pod3-r-i [192.168.3.1]
2 44 ms 43 ms 44 ms 192.168.101.5
3 86 ms 86 ms 105 ms 192.168.101.2
4 107 ms 104 ms 104 ms v4-pod2-pc [192.168.2.2]

Trace complete.

Task 3: Implement ISATAP on a Router

In this task. you will enable the ISA TAP rouler. whieh will pravide rauter adveltisemenls lo
ISATAP hosls. Doing so willmake it possible lo reaeh any IPv6 nade in the lab environmenl
(nol just other ISA TAP hosts) via the I Pv6 global seope address.

Activity Procedure
Complete Ihese steps:
Step 1 6n RD. ereale Ihe ISA TAP interface named tllnnel800, and sel Ihe lunnel SOllrce lo
be the FastEthernel O/O interface. The address fram this interface \Viii fon11 the low-
arder 32 bils ofthe ISATAP link-local address on the router.
Step 2 Set the lunnel mode to IPv6-in-IPv4 tllnneling using ISATAP.
Step 3 Configure the ISATAP interface with anlPv6 address Ihat uses Ihe
2001 :db9: I :bea::/64 forma!. This format \ViII also specify the ISATAP prefix to
advertise. .
Step 4 Disable router adveltisement suppression.
Step 5 Slarl IPv6 RIP on the ISATAP interface by using the preconfigured RIPI RIP
pracess.

Activity Verification
You have completed this task when you altain these I'esults:
• On R 1, examine the TlInnel800 interface. j
R1#show ipv6 interface brief tunne18001
Tunne1800 [Up/up]
FE80: :5EFE:COAS!Ió'¡;
2001: DB9: 1: BEA: O: 5EFE :¡:;5j).sXJ.o'¡;

• On R2, examine the I Pv6 rouling lable. You should see Ihe ISA TAP lunnel prefix [mm R 1,
which is reachable throllgh the normaIIPv6-in-IPv4 tunnel.
R2#show ipv6 route
IPv6 Routing Table - 14 entries
Codes: e - Connected, L - Local, S - static, R - RIP, B - BGP
U - Per-user static route
Il - ISIS LI, 12 - ISIS L2, lA - ISIS interarea, 18 - ISIS surnmary
O - OSPF intra, DI - OSPF inter, DEI - OSPF ext 1, OE2 - OSPF ext 2
ON! - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
R 2001:0B9:1:1::/64 [120/2]
via FEBO::COA8:6501, Tunne1900
e 2001:0B9:1:A::/64 [O/O]
via ::, Tunne1900
L 2001:0B9:1:A::2/128 [O/O]

© 2010 Cisco Systems, Inc. lab Guide 85

 via .. , Tunne1900
R 2001:DB9:1:100::/64 [120/2J
via FE80::COA8:6501, Tunne1900
R 2001:DB9:1:200::/64 [120/2J
via FE80::COA8:6501, Tunne1900
R 1~¡{2boIiI)B9¡1'BEA:.,/64 ¡}2M2J;
vía FE80: :COA8:6501, T\,lrth!,l!IdÓ
C 2001:DB9:2:1::/64 [ % i .•....
via ::, FastEthernetO/O
L 2001:DB9:2:1::1/128 [O/OJ
via ::, FastEthernetO/O
C 2001:DB9:2:100::/64 [O/OJ
via ::, Loopbackl
L 2001:DB9:2:100::1/128 [O/OJ
vía ::, Loopbackl
C 2001:DB9:2:200::/64 [O/OJ
via ::, Loopback2
L 2001:DB9:2:200::1/128 [O/OJ
via ::, Loopback2
L FE80::/10 [O/OJ
via ::, NullO
L FFOO::/8 [O/OJ
via ::, NullO

Task 4: Integrate ISATAP Between a pe and a Router

In th is task, you wi II configure a PC to use a router as an ISA T AP gateway, to provide
complete IPv6 connectivity.

Activity Procedure
Complete these steps:
Step 1 Configure PC3 to use the ISA T AP router R I .
Step 2 Send router solicitations once a minute.
Step3 Renew the I Pv6 configuration.

Activity Verification
Vou have completed !his task when you atlain these results:
• Verify that PC3 has autoconfigured a global scope address across the ISATAP link.
c:\>netsh interface ipv6 show address 2
Querying active state •..

Interface 2: Automatic Tunneling pseudo-Interface

Unicast Address '2001 ¡ db9\l;\b§~\R.j~jlíj¡i!i:ilI!í~;\l.~~¡jj~

Type Public
DAD State Preferred
Valid lifetime 29d23h59m56s
Preferred lifetime: 6d23h59m56s
Scope Global
Prefix Origin Router Advertisement
Suffix Origin Link-Layer Address

Unicast Address fe80::5efe:192.168.250.13

86 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Sys!ems, Ine.
 Type Link
DAD State Preferred
Valid lifetime infinite
Preferred lifetime: infinite
Scope Link
Prefix Origin Well-knm.¡n
Suffix Origin Link-Layer Address

Unicast Address fe80::5efe:192.168.3.2

Type Link
DAD State Preferred
Valid lifetime infinite
Preferred lifetime: infinite
Scope Link
Prefix Origin Well-known
Suffix Origin Link-Layer Address
No entries were found.

Note The number "2" reflects the Idx value for the ISATAP (Automatic Tunneling Pseudo-
Interface) interface. You should have obtained this number in one of the earlier tasks.

• Send a ping from PC3 to PC2 by using the public IPv6 address ofPC2 (that is,
2001 :db9:2: I ::t).
C:\>ping62001:db9:2:1::f

Pinging 2001:db9:2:1: :f with 32 bytes of data:

Reply from 2001:db9:2:1: :f: time=1l6ms

Reply fraro 2001:db9:2:1::f: time=1l5ms
Reply fram 2001:db9:2:1::f: time=1l5ms
Reply from 2001:db9:2:1::f: time=1l5ms

Ping statistics for 2001:db9:2:1::f:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in milli-seconds:
Mínimum = 115ms, Maxirnum = 116ms, Average = 115ms

• Also use IPv6 traceroute from PC3 to PC2. to confirm that the ISATAP tunnel is used
between PC3 and R I (that is, R3 should not show up in the traceroute output).
C:\>tracert6 2001:db9:2:1::f
Tracing route to 2001:db9;2:1::f over a maximum of 30 hops

1 86 ros 85 ros 85 ros 2001:db9:1:bea:O:5efe:192.168.1.1

2 170 ros 171 ros 171 ros 2001:db9:1:a: :2
3 148 ros 147 ros 146 ros 2001:db9:2:1: :f

Trace complete.

• To confirm that one less hop is displayed, you may also use the IPv4 traceroute, for
comparison.

© 2010 Cisco Systems, Ine. Lab Guide 87

 C:\>tracert 192.168.2.2

Tracing route to v4-pod2-pc [192.168.2.2]

over a maximum of 30 hops:

1 1 ms 1 ms <1 ms v4-pod3-r-i [192.168.3.1]

2 44 ms 43 ms 44 ms 192.168.101.5
3 83 ms 86 ms 86 ms 192.168.101.2
4 107 ms 104 ms 104 ms v4-pod2-pc [192.168.2.2]

Trace complete.

88 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
Lab 7-1: Configuring Advanced ACLs
Complete this lab activity to practice what you leal'l1ed in the related module.

Activity Objective
In this activity, you \Viii configlll'e various types of ACLs, lo achieve the desired filtering
objectives. After completing this activity, you will be able to meet these objectives:
• Create and apply a standard ACL (matching on source and destination addresses only)
• Creale and apply an extended ACL (matching on addresses, ports, and other packet
in formalion)
• O'eate and apply a reflexive ACL (matching on outgoing packets and creating dynamic
inbound rules)
• Create and apply an extended ACL (matching on IPv6 extension headers)
• Create and apply an ACL to control inbound Irv6 access to a router

Visual Objective
The figure illustrates what you \ViII accomplish in this activity.
,tE iiil Ji tE .! •
su ¿¡ .l &12 ti i& ¡¡¡¡ iJ Ud La I¡¡¡ .tELa
Visual Objective for Lab 7-1 :
Configuring Advanced ACLs

Required Resources
The table lists the resources and equipment that are required lo complete Ihis aclivity.

Required Resources

Device Name Device Role in the Laboratory

R1 WAN access router in the Central Site; used as

delault gateway lor IPv4 and IPv6 traffie

© 2010 Cisco Systems, rne. Lab Guide 89

 Device Name Device Role in the Laboratory

R2 WAN aeeess router in the Remote Site; used as

default gateway for IPv4 and IPv6 traffie

PC1 End user with appliealions that require both IPv4

and IPv6 support by the operating system and the
network

PC2 End user with applieations that require both IPv4

and IPv6 support by the operating system and the
network

Note Eaeh PC uses two NICs. The first card, named MGMT, is used for management purposes
and aceessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAB, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Command List
The table describes the commands tha! are used in this activity.

Cisco 105 Software Commands

Command Description

clear ipv6 access-list [ACL-ID] Resets the IPv6 aecess-list match eounters

ipv6 access-class ACL-ID Applies restrietions to vty capabilities

ipv6 access-list ACL-ID filter- Creates an IPv6 ACL on Cisco lOS devices
rules
ipv6 traffic-filter ACL-ID [in I Applies an IPv6 ACL to an interface
out]
line vty O 4 Seleets inbound vty eonneclions (such as an
interface on which to apply aeeess restrietions)

show ipv6 access-list Shows existing IPv6 ACLs

show ipv6 interface brief Shows briel IPv6 interface inlormation

Windows PC Commands

Command Description

netsh interface ipv6 show Displays Windows XP interfaces

interface [interface]
ping6 IPv6-address Sends pings from Windows XP by using an
[-r] optional rouling header

te1net ip-address Uses T elnet lrom Windows XP

90 IPv6 Fundamentals, Design, and Oeployment (IP6FO) v3.0 © 2010 Cisco Systems, Ine.
Job Aids
These Job aids are available to help you complete the lab activity:
• The instructor will provide you with your pod number and other pod-access infonnation.
Log Ihis information in this table.

Pod-Access Information

Parameter Value

Your pod number

Username on router Rl -
Password on router Rl -
Username on router R2 -

Password on router R2 -
Username on pel student

Password on pel lab

Username on pe2 student

Password on pe2 lab

Note Routers R1 and R2 are preconfigured to allow access without any credentials. Any Telnet
session or con sol e access will automatically give you access to privileged mode.

• The table illuslrales Ihe IPv4 and IPv6 addressing scheme thal is used in this lab exercise.

Pod Addressing

Device .. Interface IPv4 Address and Mask IPv6 Address .and Mask ..

R1 FastEthernet % 192.168.1.1/24 ( 2001 :db9:1:1 ::1/64'

R1 Serial 0/0/0.1 192.168.101.1/30/ 2001 :db9:1 :a::1/64

R1 Loopback 1 Unassigned 2001 :db9:1 :100::1/64

R1 Loopback2 Unassigned 2001 :db9:1 :200::1/64

R2 FastEthernet O/O 192.168.2.1/24 2001 :db9:2:1 ::1/64

R2 Serial 0/0/0.1 192.168.101.2/30 2001 :db9:1 :a::2/64

R2 Loopback 1 Unassigned 2001 :db9:2:100::1/64

R2 Loopback 2 Unassigned 2001 :db9:2:200::1/64

PC1 LAB 192.168.1.2/24 2001 :db9:1:1 ::1/64

PC2 LAB 192.168.2.2/24 2001 :db9:2:1 ::1/64

• A Frame Relay PVC is used in the lab to interconnect the two sites.

Frame Relay PVC Details

. . .
- Source Device OLCI Peer Oevlce OLCI.
•

R1 111 R2 111

© 2010 Cisco Systems, Ine. Lab Guide 91

Task 1: Configure a Standard ACL for IPv6 (Layer 3 Address
Filtering)
Traffic through the muter can be controlled by using a standard ACL, which filters traffic only
according to 11' source and destination addresses-no other packet parameters are examined. In
this task, you will explicitly permit traftic between some endpoints while denying all other
traftic.

Activity Procedure
Complete these steps:
Step 1 Check the reachability of R 1 interfaces from PC l. Ping the following addresses (all
addresses shollld be reachable):
• FastEthernet 010
• Loopback 1
• Loopback 2
• Serial 01010.1
Step 2 On RI, create a standard IPv6 ACL that is named LANin and that allows access
'_fu"'i'h __',<~

only to Loopbacl<J and Loopba,,~ 2 from PC l.

Note Do not use an explieit deny statement. but let the implieit deny all ACL entry block other
tralfie. Remember, there are al so new implieit allow neighbor discovery statements befare
the implieit deny all.

Step 3 Apply the new LANin lPv6 ACL in Ihe inbound direction on interface FastEthernet
010. -

Activity Verification
You have completed this task when you altain these results:
• On PC 1, repeat the ping tests to all interfaces of R 1:
FastEthernet 010
Loopback I
Loopback 2
Serial 01010.1
This time, only pings to interfaces Loopback 1 and Loopback 2 should sllcceed.
C:\>ping 2001:db9:1:1::1

Pinging 2001:db9:1:1::1 with 32 bytes of data:

DésHnatI8n·~p:r8f.o6oiiínrea6I:ia8ie<:1
j:í"';f..i.haHon prof.6ii8.iiunr:eiiiiha8fe:!
Des\:i.Uá.H6.U í?r~t6ª61'~Su¡'¡i::ea8hatí1E!~!
l?~1'! t~l.)ªfi9ilpí:()fqª9hi;)J.li,í:!'.~@ªí?~~jl

Ping statistics for 2001:db9:1:1::1:

Packets: Sent = 4, Received = O, Lost =4 (100% 10ss),

92 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. Ine.
 C:\>ping 2001:db9:1:100::1

Pinging 2001:db9:1:100::1 with 32 bytes of data:

Rep1y fraro 2001:db9:1:100::1: time=lms

Rep1y fraro 2001:db9:1:100::1: time=lms
Rep1y from 2001:db9:1:100::1: time<lms
Rep1y froro 2001:db9:1:100::1: time=lms

Ping statistics for 2001:db9:1:100::1:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in milli-seconds:
Mínimum = Oms, Maxirnum = lms, Average = Oros

C:\>ping 2001:db9:1:200::1

Pinging 2001:db9:1:200::1 with 32 bytes of data:

Rep1y froro 2001:db9:1:200::1: time=lms

Rep1y froro 2001:db9:1:200::1: time<lrns
Reply froro 2001:db9:1:200::1: time<lrns
Rep1y fraro 2001:db9:1:200::1: tiroe<lms

Ping statistics for 2001:db9:1:200::1:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in milli-seconds:
Mínimum = Oros, Maximurn = lms, Average = Oros

C:\>ping 2001:db9:1:a::l

Pinging 2001:db9:1:a::1 with 32 bytes of data:

R~:§~rn~;~+§fi~1Y)~9~~dª'p:r{~~&~l¡~~~qn3:'~I:~7~j
p'~~'~,!11:á~~~9~,Z~;P:t:~§~t?'cq:~,;j;r.1g~r:7~Ji:GK~~~~:tl
í5ea~J;ílatT~oilTprpt9ci5Ii;'GnlZeaql1aBlé11
!l~§§:míl,1';roii';:pl9~99qIit~P:f~a9hai31.~'.:·

ping statistics for 2001:db9:1:a::1:

Packets: Sent = 4, Received = O, Lost = 4 (100% 10ss),

• O" R 1. review the ACL statistics.

Rl#show access-lists
IPv6 access list LANin
permit ipv6 host 2001:DB9:1:1::F host 2001:DB9:1:100::1 d~:?iJna:~:cR~ª) sequence
10
permit ipv6 host 2001:DB9: 1: 1::F host 2001:DB9: 1:200:: 1 (r~;~¡"iJi~1?:R~s:) seguence
20

© 2010 Cisco Systems, Inc. Lab Guide 93

 Note An explicit deny al the end 01 the ACL is needed lo callect Ihe slatistics 01 denied packets.

Task 2: Configure an Extended ACL for IPv6 (Layer 3 and Layer

4 Filtering)
An extended ACL allows for deeper inspection of packets at the interface on which the ACL is
applied. In this task, yOll will inspect Layer 4 (TCP/UDP pOIts and ICMP messages) as well as
Layer 3 (IPv6 addresses and protocolnumbers) attributes.

Activity Procedure
Complete these steps:
Step 1 Test connectivity fmm PC 1 to the Loopback 1 interf.1ce on R 1 for two Tep services:
• Use IPv6 Telne! to connect to router RI.
• Use a web bro\Vser to connect to the SDM on RI. Use the
http://[2001 :db9: 1: 100:: 1] URL.

Note IPv6 addresses that are used in URLs should be endosed in brackets.

Note No users are conligured on router R 1, which means Ihat the authenlication will lail.

User name:

Passwo,d:

OK 1_"_'...-.-..:........

94 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Step 2 On R 1, create a new IPv6 ACL that is named LANin2 and that implements the
following policy:
• Allow Telnet access from PCI to the Loopback I address ofrollter RI.
• Permit allneighbor-solicitation ICMP messages (nd-ns).
• Permit allneighbor-advertisement ICMI' messages (nd-na).
• Explicitly deny all other traffic. (Use seqllence nllmber 1000 for this entry.)

Note ICMP neighbor solicitation and advertisement messages are required for resolving link-Iayer
addresses on a LAN. An implicit deny statement at the end of an ACL permits neighbor
discovery messages by defaul!. An explicit deny statement at the end of an ACL requires
these messages to be permitted.

Step 3 Replace the previolls inbollndlPv6 ACL on the FastEthernet 010 interface with the
new LANin2 ACL.

Actívity Verification
YOll have completed this task when yOll atta in these reslllts:
• Retest connectivity fmm PC 1 to the Loopback 1 interface on R I for the two TCP services:
Use IPv6 Telnet to connect to R l. The connection shollld still be sllccessflll.
C:\>telnet 2001:db9:1:100::1
Connecting To 2001:db9:1:100::1 •..
Rl#
Rl# exit

Connection to host lost.

© 2010 Cisco Systems, Inc. Lab Guide 95

 Use a web browser lo eonneel lo Ihe SDM on R l. Use URL
hllp://[2001 :db9: 1: 100:: 1]. SDM eonneelivily should no longer \York beeause il is
not speeifieally permitted. You may alternalively use the Telnel applieation lO try to
eonneet lo porl 80.

'o' Internet Explorer cannot display the webpage

f,l·:·st !lLely .:¿¡u:;~s:

,. y.)!j ar·,; not c·mn":.-:t~(i to tl1f, Int~ne-t .
• Tb.: w-::t:-slt". 1$ en<:oU'1tenng prob!·!:tns .
• Thl)r.;: rnllJhl tJI, a lYf.'ing ;;fmr In I.h.) addre<;;s.

• On R 1, review the ACL statislies.

Rl#show access-lists
IPv6 aooess list LANín
permit ipv6 host 2001:0B9:1:1::F host 2001:0B9:1:100::1 (206 matches)
sequence 10
permit ipv6 host 2001:0B9:1:1::F host 2001:0B9:1:200::1 (4 matches)
seguence 20
;tR;\f6.:·acfce!i~r"I1~t·.·:tA~IE2'
permit tcp host 2001:0B9:1:1::F host 2001:0B9:1:100::1 eq telnet ti~,"l
fu~:t,ªhiÚi) sequence 10
permit icmp any any nd-ns (2 matches) sequence 20
perrnit icmp any any nd-na (2 rnatches) sequence 30
deny ipv6 any any (~-,.:;·:m~t9~~:~~§) sequence 1000

Note An explicit deny al Ihe end ollhe new ACL allows you lo also see Ihe slatislics aboul denied
packels.

Task 3: Configure a Reflexive ACL for IPv6

A reflexive ACL provides for dynamieally opening relurn palhs throllgh the ACL, based on
initiating traffie. You willuse Ihis feature to allow all retllrn traffie to PC 1 when a session is
initialed lO the remote router R2. AII other inbound traffie on the WAN interface shollld be
dcnied.

96 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Syslems, Inc.
Activity Procedure
Complete these steps:
Step 1 On R 1, add an entry to the existing IPv6 ACL that is applied to interface
FastEthernet 0/0 in the inbound direction, to allow Telnet connections from PC I to
the WAN interface of remote router R2. Make sure that you add this entry before the
explicit deny statement. Use Ihe reneet keyword to indicate Ihal Ihese sessions
should be permitted in Ihe reverse direction.
Step 2 Create a new IPv6 ACL, named WANin, that evaluates the rellection ACL enlly that
is described in Ihe previalls step. Use Ihe same name that yOll lIsed with the rellect
option in the previolls step. Deny aH other traffic. Apply this ACL in Ihe inbollnd
direction on the Serial 0/0/0.1 interface af R l.

Activity Verification
YOll have completed this task when yOll atlain these reslllts:
• On RI, clear IPv6 ACLcollnters.
• Connecl via Telnet from PC 1 to Ihe W AN interface of R2. Leave Ihe Telnel session open.
C:\>telnet 2001:db9:1:a::2
Connecting To 2001:db9:1:a::2 ...

R2#show version
Cisco ros Software, 2800 Software (C2BOONM-ADVIPSERVICESK9-M), version
12.4(6)T, RELEASE SOFTWARE (fel)
Technical Support: http://www.cisco.com/techsupport
Copyright (e) 1986-2006 by cisco Systems, Ine.
compiled wed 22-Feb-06 22:54 by coai

ROM: System Bootstrap, Version 12.4(lr) [hqluong Ir], RELEASE SOFTWARE (fel)

R2 uptime is 1 hour, 34 minutes

System returned to ROM by re load at 09:44:02 UTC Tue Sep 11 2007
System restarted at 09:46:00 UTC Tue Sep 11 2007
System image file is "flash:c2800nm-advipservicesk9-mz.124-6.T.bin"

This product contains cryptographic features and is subject to united

states and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product irnmediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.eiseo.eom/wwl/export/erypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

[email protected].

cisco 2811 (revision 53.50) with 249856K/12288K bytes of memory.

Processor board ID FCZI01072DO
2 FastEthernet interfaces
3 Serial(sync/async) interfaces
1 virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompaetFlash (Read/Write)

Configuration register is Ox2041 (will be Ox2002 at next reload)

© 2010 Cisco Systems, Inc. lab Guide 97

 • Review ACL statistics on R l.
R1#show access-lists
IPv6 access list LANin2
permit tcp host 2001:DB9:1:1::F host 2001:DB9:1:100::1 eq telnet sequence
10
permit tcp host 2001:DB9:1:1::F host 2001:DB9:1:A::2 eq telnet reflect REF
(17 matches) sequence 15
permit icmp any any nd-ns sequence 20
permit icmp any any nd-na (l match) sequence 30
deny ipv6 any any sequence 1000
IPv6 aocess list REF (reflexive) (per-user)
permit tcp host 2001:DB9:1:A::2 eq te1net host 2001:DB9:1:1::F eq 1031
timeout 300 (16 matahes) (time 1eft 233) sequence 4
IPv6 aocess list WANin
evaluate REF sequence 10
deny ipv6 any any (4 matahes) sequence 20

Task 4: Configure an Extended ACL for IPv6 (Extension Header

Matching)
I Pv6 extension header fields are visible to Cisco extended ACLs. and tramc can be filtered
based on header field values. In this task, you \ViII filter tramc that uses the routing extension
header.

Activity Procedure
Complete this step:
Step 1 On R 1, add the following entries to the existing IPv6 ACL that is used inbound on
the FastEthernet 0/0 interface. Add the en tries before the explicit deny statement at
the end.
• Deny IPv6 packets with the routing extension header.
• Pennit ICMP packets [rom PCI to the FastEthernet 0/0 interface on RI.

Activity Verification
You have completed this task when you a!tain these results:
• Start the Wireshark application on PC l. Find the application by using the menu entry Start
> Al! Prograllls > Wireshark > W¡"eshark.
• Choose Capture> Interfaces and c1ick Start in the line that indicates the LAB interface
(IP address 192.168.1.2).

98 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 • mVMe, Acce!eratedAl<Kl PCtlet Adaptet (Mlcrosolt'~ ?.ac~ SChedu!er) 192.166 ..250.11 156 '9

• Send a ping fmm PC I to the FastEthernet O/O interface of R 1. The ping should be
successful. You should also see four ICMP echo requests and four ICMP echo replies in the
Wireshark capture windo\V, as shown in the previous figure.
C:\>ping62001:db9:1:1::1

pinging 2001:db9:1:1::1
from 2001:db9:1:1::f with 32 bytes of data:

Rep1y fram 2001:db9:1:1::1: bytes=32 time=5ms

Rep1y from 2001:db9:1:1::1: bytes=32 time=lros
Rep1y from 2001:db9:1:1::1: bytes=32 time=lros
Rep1y from 2001:db9:1:1::1: bytes=32 tirne=lms

ping statistics for 2001:db9:1:1::1:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in mi11i-seconds:
Minimum = lros, Maximum = 5ms, Average = 2rns

• Send another ping fmm PC I to Ihe FastEthernet O/O interface of R 1, this time using the -r
oplion, which adds the routing header lo Ihe lPv6 packets. The ping should be
unsuccessful. You should also see four new lCMP echo requests and four lCMP
unreachable replies in the Wireshark capture window, as shown in the following figure.
C:\>ping6 2001:db9:1:1::1 -r

Pinging 2001:db9:1:1::1
from 2001:db9:1:1::f with 32 bytes of data:

Rep1y from 2001:db9:1:1::1: Cornmunication prohibited,

Rep1y from 2001:db9:1:1::1: Cornmunication prohibited.

© 2010 Cisco Systems, Inc. Lab Guide 99

 Rep1y from 2001:db9:1:1::1: Communication prohibited.
Rep1y from 2001:db9:1:1::1: Communication prohibited.

Ping statistics for 2001:db9:1:1::1:

Packets: Sent = 4, Received = O, Lost 4 (100% 10ss),

Note Use the ping6 command instead 01 the regular ping command, which wiIJ display additional
inlormation why the ping was not successlu!.

\li("í\íí¡¡¡~ E>C;;¡~ -.",

E.tl~~ I
tJo .• Time Soorce - Ot!~tmtion Pr(ll;OXol lnfo
1. Q.oooooo iÓ01-:db9:i:l: :-f 2001 :db9:1 :1::1
20.001252 2001:db9:1:1::1 2001:db9:1:1::f
30.994550 2001:db9:1:1::f 2001:db9:1:1::1
<1 0.995529 2001:db9:1:1::1 2001 :db9:1:1: :f
51.993589 2001:db9:1:1::f 2001:db9:1:1::1
6 1.994477 2001 :db9:1:1::1 2001:db9:1:1::f
72.994338 2001:db9 :1:1::f 2001 :db9:1 :1: :
8 2. :db9:

ICMPv6 request
ICMPv6 unreachable (ACkninisHnively prohibited:
ICMPvt;; Echo request
ICMPv6 unreachable (Atininistratively prohibited:
ICMPv6 Echo request
ICMPv6 Unreachable (Ao:tninisuatively prohibited: ,

~rn""._",:88:~9 (OO:Oc:29:0c:S8:~9). Ost: cisco_03:1S:f8 (00:17:59:0::::18:f8)

Length: 2 (24 bytes)

Type: O
Segnents le1't: 1
address O: 20Ql:db9:1:1::1'
, Internet Control Message protocol v6

Note II you select one 01 the echo requests just belore an unreachable reply, you should see that
the IPv6 packet has a routing header that should be denied by your ACL, hence the
unreachable reply.

• Choose Capture> Iuterfaces and then click Stop. Close the Wireshark capture window
and close Wireshark application.

100 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Task 5: Controllnbound IPv6 Access to a Router
Telnet access to the router itself can be controlled fOl' IPv6 like it can be for IPv4. using an
access class on a range ofvty lines. In this task, you will create an ACL to control inbounc1
Telnet access to router R2.

Activity Procedure
Complete these steps:
Step 1 Connect via Telnet from PC I to the Serial 0/0/0.1 interface of R2. This Telnet
session should succeec1.
C:\>telnet 2001:db9:1:a::2
Connecting To 2001:db9:1:a::2",
R2#
R2# exit

Step 2 Connect via Telnet from PC2 to the FastEthernet 0/0 interface of R2. This Telnet
session shoulc1 succeed.
C:\>telnet 2001:db9:2:1::1
Connecting To 2001:db9:2:1::1 •••
R2#
R2# exit

Step 3 On R2, create an IPv6 ACL that is named VTV anc1 that allows only remote
adm in istration from PC l. Remote Telnet sessions can use any interface address of
router R2.
Step 4 Apply the VTY IPv6 ACL as an access class to the 0--4 range ofvty.

Activity Verification
You have completed this task when you alta in these ('esults:
• Connect again via Telnet from PC I to the Serial 0/0/0.1 interface of R2. This Telnet
session should succeed.
C:\>telnet 2001:db9:1:a::2
Connecting To 2001:db9:1:a::2 •.•
R2#
R2# exit

• Connect again via Telnet from PC2 to the FastEthernet 0/0 interface ofR2. This Telnet
session should fai!.
C:\>telnet 2001:db9:2:1::1
Connecting To 2001:db9:2:1::1 ••• Could not open connection to
the host, on port 23: Connect failed

© 2010 Cisco Systems, Ine. lab Guide 101

lab 7-2: Implementing IPsec and IKE
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity. you willuse cryptography (IPsec) to secure communication between two sites.
After completing this activity. you will be able to meet this o~jective:
• Secure communications between routers by using IPsec

Visual Objective
The figure illustrates what you \ViII accomplish in this activity.
¡¡
Visual Objective for Lab 7-2:
Implementing IPsec and IKE

Required Resources
The table lists the resources and equipment that are required to complete this activity.

Required Resources

Device Name Device Role in the Laboratory

R1 WAN aeeess rauter in the Central Site; used as

delault gateway lar IPv4 and IPv6 traffie

R2 WAN aeeess rauter in the Remate Site; used as

delault gateway lor IPv4 and IPv6 traffie

PC1 End user with applieations that require both IPv4

and IPv6 support by the operating system and the
network

PC2 End user with applieations that require both IPv4

and IPv6 support by the operating system and the
network

102 IPv6 Fundamenlals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Note Each PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do nol modify lhis interface). The
second card, named LAB, is connected to the lab network and will be used in the lab activity
for IPv4 and IPv6 connectivity.

Cornrnand List
The table describes the commands that are used in this activity.

Cisco 105 Software Commands

: Command . Description .' ..

authentication pre-share Configures the authentication method by using
pre-shared keys for an IKE policy

crypto ipsec transform-set Defines a transform set (a combination of security

transform-set-name transforml protocols and algorithms)
[transform2 [ trans form3))

crypto isakmp key keystríng Configures a pre-shared IKE authentication key

address peer-addresB

crypto isakmp policy príoríty- Defines an IKE policy and assigns a priority to the
nwnber policy

encryption [des I 3des I aes [128 Specifies the encryption algorithm within an IKE
I 192 I 256)) policy

group {1 I 2 I 5} Specifies the Diffie-Hellman group identifier within

an IKE policy

hash {md5 I sha-1} Selects a hash function to use within an IKE

policy

interface tunnel ínft Static VTI that uses IPv6 for payload and
tunnel mode ipsec ipv6 transport

ipv6 rip proaess enable Enables IPv6 RIP on an interface

ipv6 router rip process Configures an IPv6 RIP process

lifetime secands Specifies the lifetime of IKE sessions within an

IKE policy

mode {transport I tunnel} Selects the IPsec mode within a transform set;
tunnel mode is the default

show crypto ipsec sa Shows Phase 1 SAs and proxy, encapsulation,

encryption, de-encapsulation, and decryption
information

show crypto isakmp sa Lists IKE sessions and their main parameters

show ipv6 route Displays IPv6 routing table

tunnel destination address Specifies the destination address for tunnel

packets

tunnel protection ipsec profile Selects an IPsec profile to use for protecting the
profile VTI

tunnel source {íntf I address} Specifies the source address for tunnel packels

© 2010 Cisco Systems, Inc. Lab Guide 103

 Windows PC Commands

Command Deseription

ping6 ipv6-address Diagnoses IPv6 eonneetivity

tracert6 ipv6-address Verifies path to the specifie IPv6 address

Job Aids
These Job aids are available lo help you complete the lab activity:

• The instructor \ViII provide you with your pod number and other pod-access infol"lnation.
Log this information in lhis table.

Pod-Access Information

Parameter Value

Your pod number

Usernarne on router Rl -
Password on router Rl -
Usernarne on router RZ -
Password on router R2 -

Username on PCl student

Password on PCl lab
Username on PCZ student

Password on PCZ lab

Note Routers R1 and R2 are preeonfigured to allow aeeess without any eredentials. Any Telne!
session or console access will automatically give you access to the privileged mode.

104 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 • The table iIIustrates the IPv4 and IPv6 addressing scheme that is used in this lab exercise.

Pod Addressing

, Device Interface IPv4 Address and IPv6 Address and

Mask Mask . .,
R1 FastEthernet % 192.168.1.1/24 2001 :db9:1:1 ::1/64

R1 Serial 0/0/0.1 192.168.101.1/30 2001 :db9:1 :a::1/64

R1 Loopback 1 Unassigned 2001 :db9:1 :100::1/64

R1 Loopback2 Unassigned 2001 :db9:1 :200::1/64

R2 FastEthernet 010 192.168.2.1/24 2001 :db9:2:1 ::1/64

R2 Serial 0/0/0.1 192.168.101.2/30 2001 :db9:1 :a::2/64

R2 Loopback 1 Unassigned 2001 :db9:2:100::1/64

R2 Loopback 2 Unassigned 2001 :db9:2:200::1/64

PC1 LAS 192.168.1.2/24 2001 :db9:1:1 ::1/64

PC2 LAS 192.168.2.2/24 2001 :db9:2:1 ::1/64

• A Frame Relay PVC is lIsed in Ihe lab lo inlerconnect the t\Vo sites.

Frame Relay PVC Details

Saurce Oevice OLel Peer Oevice , OLel

'~.
R1 111 R2 111

© 2010 Cisco Systems, lnc. lab Guíde 105

Task 1: Configure IPsec
In Ihis lask, you \ViII configure an IPsec lunnel lo prolecl lraffic between a pair of remote sites
across an unlrusled transport network.

Activity Procedure
Complete these steps:
Step 1 Configure an IKE policy on R I and R2. Use the parameters that are listed in the
table.

IKE Policy Parameters

Parameter Value

Encryption AES using 256-bit keys

Hash SHA-1

Authentication Pre-shared key

Diffie-Hellman Group 5
Lifetime 1 hr

Step 2 Define a pre-shared key, named tOpSeCrEt, lo authenticale IKE peers on WAN
acIdresses (thal is, 200 I :cIb9: I ca:: I on R2 and 200 I :db9: I :a::2 on R 1). Make sure
Ihal you use Ihe same key on bolh routers.
Step 3 Configure an IPsec transfonn sel named TS. Use the paramelers Ihat are lisled in Ihe
lable.

IPsec Transform Set Parameters

Parameter Value

Protocol ESP for encryplion and authentication

Encryption AES using 256-bit keys

Authentication and Integrity SHA-1

Mode Tunnel

Lifetime 1 hr

Step4 Configure an IPsec profile named IP. Use the TS IPsec transform se!:.
Step 5 Configure a slalic VTI. Use the parameters Ihat are listed in the table.

106 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Static VTI Parameters

Parameter Rl R2
IPv6 Address 2001:db9:3:1 ::1/64 2001 :db9:3: 1 ::2/64

Tunnel Source Serial 0/0/0.1 Serial 0/0/0.1

Tunnel Destination 2001 :db9:1 :a::2 2001 :db9:1 :a::1

Tunnel Mode IPseelPv6 IPsee IPv6

Tunnel Protection IP IPsee profile IP IPsee profile

Step 6 Create an IPv6 RIP routing process that is named RIPI on both routers.
Step 7 Enable IPv6 RI P on the following interfaces:
• FastEthernet %
• Loopback I
• Loopback 2
• IPsec tunnel

Activity Verification
You have completed this task when you attain these "esults:
• IPv6 RIP should trigger the establishment ofthe IKE session and IPsec SAs. Verify the
status oflKE on either router. You should see an IKE session in the QM IDLE state that
indicates that the session has reached the Quick Mode phase and is currently id le.
Rl#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status

IPv6 Crypto ISAKMP SA

ctst: 200l:DB9:l:A::l
src: 200l:DB9:l:A::2
state: Q~I_IDLE conn-id: 1001 slot: o status: ACTIVE
~ ..
• Verify the status of IPsec SAs on either !'Outer. The encryption and decryption statistics
should be non-zero, indicating that packets are being sent and received through the IPsec
SAs.
Rl#show crypto ipsec sa

interface: TunnelO
Crypto map tag: TunnelO-heact-O, local actctr 200l:DB9:l:A::l

protected vrf: (none)

local ictent (actctr/mask/prot/port): (::/0/0/0)
remote ictent (actctr/mask/prot/port): (::/0/0/0)
current_peer 2001:DB9:1:A::2 port 500
PER_~I~ I f~El9s=_{~rigin_-:-i~,-~:1_,,)
wpgs,;i~~c1ip§r:,4 ~E.l~pkt's:·<;I\crJ'PtT;'\~6;¡i#pkt~(¡iIIg~Sl;:ll~46'
li'píd:s:iaéqáp~I:.j5r::l'tpkt~.'··décrypt!····4?;··:.#pkts~erify;;4~
#pkts compressed: 0 1 #pkts decompressed: O
#pkts not compressed: O, #pkts compro failed: O
#pkts not decompressed: O, #pkts decompress failed: O
#send errors O, #recv errors O

local crypto enctpt.: 200l:DB9:l:A::l,

remote crypto endpt.: 2001:DB9:1:A::2
path mtu 1514, ip mtu 1514

© 2010 Cisco Systems, Inc, lab Guide 107

 current outbound spi: Ox9F912D40(2677091648)

inbound esp sas:

spi: Ox8D589EA4(2371395236)
transform: esp-256-aes esp-sha-hmac
in use settings ={Tunnel, }
cerrn id: 1, flow_id: SW:l, crypto map: TunnelO-head-O
sa tirning: rernaining key.lifetirne (k/sec): (4459693/2735)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: Ox9F912D40(2677091648)
transferm: esp-256-aes esp-sha-hmac
in use settings ={Tunnel, }
carrn id: 2, flow_id: SW:2, crypto map: TunnelO-head-O
sa timing: remaining key lifetime (k/sec): (4459694/2733)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

outbound ah sas:

outbound pcp sas:

• Review the routing table on RI. You should see three routes frol11 R2 that are reachable
through the tunnel interface.
Rl#show ipv6 route
IPv6 Routing Table - 15 entries
Codes: e - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Statíc route
II - lSlS Ll, l2 - lSlS L2, lA - lSlS ínterarea, lS - lSlS surnmary
O - OSPF íntra, Ol - OSPF ínter, OEl - OSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O - ElGRP, EX - ElGRP external
e 2001:0B9:1:1::/64 [O/OJ
vía ::, FastEthernetO/O
L 2001:0B9:1:1::1/128 [O/OJ
via ::, FastEthernetO/O
e 2001:0B9:1:A::/64 [O/OJ
vía ::, seríalO/O/O.l
L 2001:0B9:1:A::1/128 [O/OJ
vía ::, SeríalO/O/O.l
e 2001:0B9:1:100::/64 [O/OJ
vía ::, Loopbackl
L 2001:0B9:1:100::1/128 [O/OJ
vía ::, Loopbackl
e 2001:0B9:1:200::/64 [O/OJ
vía ::, Loopback2
L 2001:DB9:1:200::1/128 [O/OJ
vía ::, Loopback2
R h;,200iíDB9¡2l1'N.6~'\[:l.2()l2j
via FEBO: :216:CBFF:FESE:FC20, ~P:,~'fí~~q
R ~t:'2ooi¡J)B9 :2':10Ó¡J:¡64~(1¿O?2.]
vía FEBO: :216:CBFF:FESE:FC20, g;HljJ:I~Jq
íi" ü{i.2úoi ¡ Í)B~:2:2Óó;:j~~,[12072ji
vía FEBO: :216:C8FF:FESE:FC20, ~~.ri,~~J,9,
e 2001:0B9:3:1:,/64 [O/OJ
via ::, TunnelO
L 2001:0B9:3:1::1/128 [O/OJ
via ::, TunnelO
L FE80::/10 [O/OJ

108 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 vía .. , NullO
L FFOO::/8 [O/OJ
vía ::, NullO

• On pe 1, test the reachability of pe2 (use IPv6 address 200 I :db9:2: I ::1).
C:\>ping62001:db9:2:1::f

Pinging 2001:db9:2:1::f
from 2001:db9:1:1:70ec:733:bf25:fedc with 32 bytes of data:

Rep1y from 2001:db9:2:1::f: bytes=32 time=108ms

Rep1y fram 2001:db9:2:1::f: bytes=32 time=99ms
Rep1y fram 2001:db9:2:1::f: bytes=32 time=98ms
Rep1y fraro 2001:db9:2:1::f: bytes=32 time=98ms

Ping statistics for 2001:db9:2:1::f:

Packets: Sent = 4, Received = 4, Lost = O (O% 10ss),
Appraximate raund trip times in milli-seconds:
Mínimum = 98ms, Maximum = 108ms, Average = 100ms

• Review the IPv6 path between pe I and pe2.

C:\>tracert62001:db9:2:1::f

Tracing route to 2001:db9:2:1::f

from 2001:db9:1:1:70ec:733:bf25:fedc over a maximum of 30
hops:

1 1 ms 1 ms <1 ms 2001:db9:1:1::1
2 126 ms 127 ms 126 ms 2001:db9:3:1::2
3 115 ms 115 ms 115 ms 2001:db9:2:1::f

Trace complete.

© 2010 Cisco Systems, Inc. Lab Guide 109

Lab 7-3: Configuring Cisco 105 Firewall
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In Ihis activity, you will configure Cisco lOS Firewall for IPv6. After completing this activity,
you will be able (o meet these objectives:
• Configure Cisco lOS Firewall to use stateful packet inspection for IPv6
• Configure Cisco lOS Firewall to use packet filtering for IPv6

Visual Objective
The figure illustrates \Vhat you \Viii accomplish in this activity.

Visual Objective for Lab 7-3:

Configuring Cisco lOS Firewall

Central Site 1

Remote Site 2 Remote Site 3

. "';~ ,.

Required Resources
The table lists the resources and equipmellt that are required to complete this activity.

Required Resources

Oeviee Name Device Role in the laboratory

R1 WAN access router in Central Site 1; used as

default gateway for IPv4 and IPv6 traflic

R2 WAN access router in Remate Site 2; used as

default gateway for IPv4 and IPv6 traffic

R3 WAN access router in Remate Site 3; used as

default gateway for IPv4 and IPv6 traffic

110 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 , Device Name , Device Role in the Laboratory
PC1 End user with applications that require both IPv4
and IPv6 support by the operating system and the
network

PC2 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

PC3 End user with applications that require both IPv4

and IPv6 support by the operating system and the
network

Note Each PC uses two NICs. The first card, named MGMT, is used for management purposes
and accessing the PC via Microsoft Terminal Services (do not modify this interface). The
second card, named LAB, is connected to the lab network and is used in the lab activity for
IPv4 and IPv6 connectivity.

Command List
The table describes the commands that are used in this activity.

Cisco 105 Software Commands

,

Command ,
Description , , ,

ipv6 access-list name Configures an IPv6 address on an interface

ipv6 inspect audit-trail Turns on CBAC audit trail messages

ipv6 inspect inspectíon-name {in Applies a set of inspection rules to an interface

I out}
ipv6 inspect name inspection-name Defines a set of IPv6 inspection rules
[protocol]
ipv6 traffic-filter Enables IPv6 traffic filtering on an interface

show ipv6 inspect {name Displays CBAC configuration and session

inspection-name I config I information
interfaces I session [detail] I
all}

Windows PC Commands

Command Description ,

netstat Displays network connections

ping6 ipv6-address%int-number Diagnoses IPv6; uses the %inf-number parameter

to indicate that the packet should be sent out
specilic interface number (the ISATAP interface),
beca use a link-local address (that is, fe::) is used

tracert6 ipv6-address Verifies the path to the specified IPv6 address

© 2010 Cisco Systems, Ine. lab Guide 111

Job Aids
These job aids are available to help you complete the lab activity:
• The instructor will provide you with your pod number and other pod-access information.
Log this inFormation in Ihis table.

Pod-Access Information

Parameter Value

Yeur ped number

Username en router Rl -

Password en router Rl -
Username en router R2 -
Password en router R2 -
Username en router R3 -
Password en router R3 -
Usernarne en PCl student

Password en PCl lab

Username en PC2 student

Password en PC2 lab

Username en PC3 sludent

Password en PC3 lab

Note Routers R1, R2, and R3 are preconfigured to allow access without any credentials. Any
T elnet session or console access will automatically give you access to privileged mode.

• The table iIIustrates the IPv4 and IPv6 addressing scheme that is used in this lab exercise.

Pod Addressing

Device Interface IPv4 Address and IPv6 Address and

Mask Mask

R1 FastEthernet 010 192.168.1.1/24 2001 :db9:1:1 ::1/64

R1 Serial 0/010.1 192.168.101.1/30 2001 :db9:1 :a::1/64

R1 Serial 0/0/0.2 192.168.101.5/30 2001 :db9:1 :b::2/64

R1 Loopback 1 Unassigned 2001 :db9:1 :100::1/64

R1 Loopback 2 Unassigned 2001 :db9:1 :200::1/64

R2 FastEthernet 010 192.168.2.1/24 2001 :db9:2:1 ::1/64

R2 Serial 01010.1 192.168.101.2/30 2001 :db9:1 :a::2/64

R2 Loopback 1 Unassigned 2001 :db9:2:100::1/64

R2 Loopback 2 Unassigned 2001 :db9:2:200::1/64

R3 FastEthernet 010 192.168.3.1/24 2001 :db9:3:1 ::1/64

112 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 Oevice Interface IPv4 Address and IPv6 Address and
Mask Mask

R3 Serial 0/0/0.1 192.168.101.6/30 2001 :db9:1 :b::1/64

PC1 LAS 192.168.1.2/24 2001 :db9: 1:1 ::1/64

PC2 LAS 192.168.2.2/24 2001 :db9:2:1 ::1/64

PC3 LAS 192.168.3.2/24 2001 :db9:3:1 ::1/64

• A Frame Relay PVC is lIsed ill the lab to illtercollllect the t\Vo sites.

Frame Relay PVC Details

Source Device OLCI Peer Device OLCI

R1 111 R2 111

R1 222 R3 222

© 2010 Cisco Systems, !ne. Lab Guide 113

Task 1: Configure Cisco 105 Stateful Packet Inspection
The Cisco lOS Firewall provides stateful packet inspection orTCp, UDp, ICMPv6, and FTp
sessions. With this feature, Cisco lOS Firewall is aware of communication paths and can watch
traffic streams end to end, so it can identify which stage a connection is in. In this task, you will
configure Cisco lOS Stateful Packet lnspection on R2.

Activity Procedure
Complete these steps:
Step 1 Confirm that you can reach both PC I and PC2 from PC3 by sending pings to their
IPv6 addresses.
Step 2 Configure packet inspection for TCp, UDP, and ICMp on R2.
Step 3 Configure an ACL that denies all traffic.
Step4 Apply packet inspection on the W AN interface for outbound packets towards
Remote Site l. Packets leaving Remote Site 2 will be subject to packet inspection.
Step 5 Apply the configured ACL on the WAN interface that comes from Remote Site 3.
Packets that come in from Remote Site 1 will be blocked, unless they belong to a
session that is established from Remote Site 2. This configuration permits retu\'l1
traffie that originates at Remote Site 2 and blocks all other traffic flows.

Activity Verification
You have completed this task when you a!tain these results:
• On PC3, make an extended ping to PC J.
C:\>ping -n 1000 2001:db9:1:1::f

Pinging 2001:db9:1:1::f with 32 bytes af data:

Reply fraro 2001:db9:1:b: :2: Cornmunication prohibited.

Reply frarn 2001:db9:1:b::2: Cornmunication prahibited.
Reply fraro 2001:db9:1:b::2: Cornrnunication prahibited.
Reply fraro 2001 :db9: 1 :b:: 2: Cornrnunication prahibited.
Reply fraro 2001:db9:1:b: :2: Conununication prahibited.

• On PC2, make an extended ping to PC3.

C:\>ping6 -n 1000 2001:db9:3:1:20c:29ff:fea1:62fd

pinging 2001:db9:3:1:20c:29ff:fea1:62fd
fram 2001:db9:1:1:e144:c057:f530:d491 with 32 bytes af data:

Reply fraro 2001:db9:3:1:20c:29ff:fea1:62fd: bytes=32 time=47ms

Reply fram 2001:db9:3:1:20c:29ff:fea1:62fd: bytes=32 time=47ms
Reply fraro 2001:db9:3:1:20c:29ff:feal:62fd: bytes=32 time=47ms
Reply fraro 2001:db9:3:1:20c:29ff:feal:62fd: bytes=32 time=47ms

Note Sinee the above address is eui-64 IPv6 address, please verify the correct IPv6 address on
PC3 befare the ping test.

114 IPv6 Fundamentals, Design, and Deplayment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 • On R2, review the established IPv6 inspect session for leMP.
R2#show ipv6 inspect sessions
Established Sessions
Session 4807C8D4
(2001:DB9:1:1:E144:C057:F530:D491:0)=>(2001:DB9:3:1::1:0) !il'NB
¡~i~f§i!ioPFJi\

• Determine which TCP ports are in LlSTENING state on PC3, by using the netstat
command.
C:\>netstat -an I find /i "LISTENING"
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP [ :: ]o 135 [::]:0 LISTENING

• On R2, enable the inspect audit tmil so that you can examine established sessions.
• Prom PC2, establish and then close a Telnet session to one ofthe pOl'ts that you found on
PC3, and observe the output on R2.
R2(config)#
03:34:57: %IPV6_FW-6-SESS_AUDIT_TRAIL: tcp session initiator
(2001:DB9:2:1:8051:
AF95:80B4:E6A:I026) sent 209 bytes -- responder
(2001:DB9:3:1:29D4:7DC1:7600:18A
7:135) sent O bytes SIS_OPEN

Task 2: Implement Stateless Packet Filtering

Stateless firewalls watch network trame and restrict 01' block packets according to source and
destination addresses 01' other static values. They are not aware oftraffic patterns 01' data 1l0ws.
In this task. you will implement stateless packet filtering by using an ACL.

Activity Procedure
Complete these steps:
Step 1 On R 1, configure an ACL that pennits ICMP trame to Remote Site 3 and denies all
other trame.
Step 2 Configure an ACL that permits ICMP trame and denies all other traffic in the
opposite direction.
Step 3 Apply both ACLs to the WAN interface On R l. By doing so, you permit ICMP
trame to 1l0w between Sites I and 3.

Note You must permit ICMP traffic in both directions; without using packet inspection. the Cisco
lOS Firewall is unaware 01 data flows between sites.

Step 4 Confirmreachability between PCI and PC3.

Activity Verification
You have completed this task when yOll atta in these I'eslllts:
• From PCI, by to send a ping to PC3.
c:\>ping6 2001:db9:3:1:b5cb:b5a3:85ab:a6c5

Pinging 2001:db9:3:1:b5cb:b5a3:85ab:a6c5
froID 2001:db9:1:1:8051:af95:8084:e6a with 32 bytes of data:

© 2010 Cisco Systems, Ine. Lab Guide 115

 Reply fram 2001:db9:3:1:bScb:bSa3:8Sab:a6cS: bytes=32 time=48ms
Reply fram 2001:db9:3:1:bScb:bSa3:8Sab:a6cS: bytes=32 time=47ms
Reply fram 2001:db9:3:1:bScb:bsa3:8Sab:a6cS: bytes=32 time=48ms
Reply fram 2001:db9:3:1:bScb:bSa3:8Sab:a6cS: bytes=32 time=48ms

ping statistics far 2001:db9:3:1:bScb:bSa3:8Sab:a6cS:

Packets: sent = 4, Received = 4, Lost = O (0% 1055),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maxirnum = 48ms, Average =

• On RI, deny all ineoming traffie fmm Remote Site 3. Withollt paeket inspeetion, retllrning
trame from Remote Site 3 \Viii be denied.
• Try to send a ping fmm PC I to PC3.
c:\>ping6 2001:db9:3:1:bScb:bSa3:8Sab:a6cS

Pinging 2001:db9:3:1:b5cb:b5a3:85ab:a6c5
frorn 2001:db9:1:1:8051:af95:8084:e6a with 32 bytes of data:

Request tirned out.

Request tirned out.
Request timed out.
Request timed out.

Ping statistics for 2001:db9:3:1:b5cb:bSa3:85ab:a6c5:

Packets: Sent = 4, Received = O, Lost = 4 (100% 10ss),

116 IPv6 Fundamenlals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
lab 9-1: Configuring 6PE and 6VPE
Complete this lab activity to practice what you learned in the related module.

Activity Objective
Service providers that ha ve MPLS infrastructures in place are often asked to add IPv6 services
to a list of already deployed fea tu res. such as MPLS VPNs. MPLS TE, and MPLS QoS.
Although numerous scenarios are possible, Cisco 6PE Router over MPLS has emerged as the
most promising transition mechanism. The technology is like MPLS VPN in that 6PE devices
peer together and exchange IPv6 prefixes and labels by using MP-BGP.
In this activity, you run a service provider network providing the Internet connectivity to
customers. You want to extencl your services by allowing IPv6 domains (CE routers A2v6 and
A3v6) to communicate with each other over an existing MPLS IPv4 coreo Your choice is a 6PE
solution beca use this implementation requires no backbone infrastructure upgrades and no
reconfiguration of core routers. Forwarding is based on labels rather than on the IP header, and
the PE routers being transformed in(o dual-stack routers.

Note Unlike an MPLS VPN, a 6PE solution supports only one instanee 01 IPv6 on eaeh router that
uses a global routing table.

The lab conc1udes with an optional task (hat requires connectivity fromlPv6 domains to the
outside world. Because no direct IPv6 connectivity is available, you will configure a 6t04
tunnel to gl'ant access by tunneling IPv6 datagrams over the IPv4-based Internet network.
In (his activity, you will configure an MPLS VPN network that interconnects IPv6 CE routers
and provides access to the outside network. After completing this activity, you will be able to
meet these objectives:
• Configure IPv6 routing between PE and CE routers
• Configure MP-IBGP to simultaneously runlPv6 with IPv4
• Determine how labels are assigned and propagated across the MPLS backbone
• Analyze the Cisco 6PE forwarding plane
• Configure 6VPE on PE routers
t

© 2010 Cisco Systems, Ine. Lab Guide 117

Visual Objective
The figure illustrales what you will accomplish in this activity.
2
Visual Objective for Lab 9-1:
Configuring 6PE and 6VPE

I RR = Roule reneclor I

Note For the IPv4 CE router (A 1v4), access to the Internet is already implemented with static
routes for packet propagation between the customer VPN and the globallP routing table
(route leaking on the router PE1).

Required Resources
The table lists Ihe resources and equipmenl Ihat are required lo complete this activity.

Required Resources

Device Name Device Role in the Laboratory

A1v4 CE router that runs IPv4

A2v6 CE router that runs IPv6

A3v6 CE router that runs IPv6

PE1 PE router

PE2 PE router
PE3 PE router

P P router

ISPv4 ISP router that runs IPv4

ISPv6 ISP router that runs IPv6

118 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
 Command List
The table describes the commands that are llsed in this activity.

Cisco 105 Software Commands

Command Description

address-family ipv6 (unicast] Specilies the IPv6 address lamily, and enters
address lamily conliguration mode

address-family ipv6 [vrf vrf- Enters address lamily conliguration mode lor
name] [unicast I multicast I configuring
vpnv6]

ipv6 address ipv6-prefix/prefix- Specifies an IPv6 network that is assigned to the

length (eui-64] interface, and enables IPv6 processing on the
interface

ipv6 cef Enables Cisco Express Forwarding lor IPv6

globally on the router

ipv6 enable Automatically configures an IPv6 link-local

address, which can be used only to communicate
with nodes on the same link, on the interface, and
enables the interface for IPv6 processing

ipv6 rip name enable Enables the specilied IPv6 RIP routing process
on an inteTiace

ipv6 rip word default-information Originates the IPv6 delault route (::10) into the
{only I originate} specilied RIP routing process, and ineludes the
delault route in router updates that are sent out 01
the specified interface

ipv6 route ipv6-prefix/prefix- Specifies an IPv6 static route

'.~
length {ipv6-address I interface-
type interface-number (ipv6-
address]}

ipv6 router rip name Conligures an IPv6 RIP routing process, and
enters router configuration mode lor the IPv6 RIP
routing process

ipv6 unicast-routing Enables the forwarding 01 IPv6 unicast datagrams

neighbor ipv4-address actívate Enables the neighbor to exchange prefixes for the
IPv6 address family with the local router

neighbor ipv4-address route- Specifies a route-reflector client

reflector-client
neighbor ípv4-address send-label Advertises the capability 01 the router to send
MPLS la beis with BGP routes

rd route-distinguisher Specilies a route distinguisher

redistribute protocol [process- Redistributes routes Irom one routing domain into
id] {level-l I level-1-2 I level- another routing domain
2} [AS-number] (metric {metric-
value I transparent}] (metric-
type type-value] (match {internal
I externa! 1 I externa! 2} 1 [tag
tag-value] (route-map map-tag]
(subnets] (nssa-only]

route-target {import I export I Creates a route-target extended community for a

both} route-target-ext-community VRF instance

© 2010 Cisco Systems, Inc. Lab Guide 119

 Cornrnand Description

show bgp ipv6 Displays the current contents of the IPv6 BGP
table
show bgp ipv6 labels Displays the LlB, populated by BGP

show bgp vpnv6 unicast Displays VPN entries in a BGP table

show ip bgp neighbors ípv4- Displays the capabilities of the BGP peer, among
address other information

show ipv6 cef Displays entries in the IPv6 FIB

show ipv6 interface Displays the usability status of interfaces that are
configured for IPv6

show ipv6 route Displays the current contents of the IPv6 routing
table

show mpls forwarding-table Displays the contents of the MPLS LFIB

traceroute Traces packet routes through the network

tunnel mode ipv6ip 6to4 Specifies an IPv6 automatic tunnel, using a 6t04
address

tunnel source ínterrace-type Specifies the source interface type and number
ínterrace-number for the tunnel interface

vrf definition vrr-name Configures a VRF routing table instance

vrf forwarding vrr-name Associates a VRF instance with an interface or

subinterface

Job Aids
These job aids are available to help yOll complete the lab activity:
• The instructor will provide you with your pod number and other pod-access information.
Log this infonnation in this table.

Pod-Access Information

Parameter Value

Your pod number

Usernarne on router Alv4 -

Password on router Alv4 -

Username on router A2v6 -

Password on router A2v6 -

Username on router A3v6 -

Password on router A3v6 -

Usernarne on router PEl -
Password on router PEl -
Username on router PE2 -
Password on router PE2 -

Username on router PE3 -

120 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 .... .
Parameter . . . .... Value . .. . . .

Password on router PE3 -

Username on router P -
Password on router P -
Usernarne on router ISPv4 -

Password on router ISPv4 -

Username on router ISPv6 -
Password on router ISPv6 -

Note AII routers are preconfrgured to allow access without any credentials. Any Telnet session or
console access will automatically give you access to privileged mode.

• The table illustrates the IPv4 and IPv6 addressing scheme that is used in this lab exercise.

Pod Addressing
. .
.Device . Interface IPv4 Address and IPv6 Address and
.
Mask Mask .. .

A1v4 Serial 0/0.1 150.1.31.2/30 Unassigned

A1v4 Loopback O 201.1.1.1/28 Unassigned

A2v6 Serial 0/0.1 Unassigned fecO:0:aOOO:1 ::2/64

A2v6 Loopback O Unassigned 2001 :db9:a2::1/64

A3v6 Serial 0/0.1 Unassigned fecO:0:aOOO:2::2/64

A3v6 Loopback O Unassigned 2001 :db9:a3::1/64

PE1 Serial 0/0.1 192.168.3.13/30 Unassigned

PE1 Serial 0/0.2 Unassigned fecO:0:aOOO:1 ::1/64

PE1 Serial 0/0.3 150.1.31.1/30 Unassigned

PE1 Loopback O 192.168.3.1/32 Unassigned

PE2 Serial 0/0.1 192.168.3.17/30 Unassigned

PE2 Serial 0/0.2 Unassigned fecO:0:aOOO:2:: 1/64

PE2 Loopback O 192.168.3.2/32 Unassigned

PE3 Serial 0/0.1 192.168.3.21/30 Unassigned

PE3 Serial 0/0.2 192.168.20.1/30 Unassigned

PE3 Loopback O 192.168.3.3/32 Unassigned

P Serial 0/0.1 192.168.3.14/30 Unassigned

P Serial 0/0.2 192.168.3.18/30 Unassigned

P Serial 0/0.3 192.168.3.22/30 Unassigned

P Loopback O 192.168.3.5/32 Unassigned

ISPv4 Serial 0/0.1 192.168.20.2/30 Unassigned

© 2010 Cisco Systems, Ine. lab Guide 121

 Device Interface IPv4 Address and IPv6 Address and
Mask Mask

ISPv4 Serial 0/0.2 192.168.20.5/30 Unassigned

ISPv4 Loopback O 192.20.11.1/24 Unassigned

ISPv6 Serial 0/0.1 192.168.20.6/30 2002:cOa8:1406::1 :/12

8

ISPv6 Loopback O Unassigned 3eee:aOOO:aOOO:a:a:a:

a:a/128

122 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc.
Task 1: Enable IPv6 Routing and Configuring of IPv6
Addressing on PE-CE Links
IPv6 routing is disabled by default in Cisco lOS Software. In this task, you will first enable the
forwarding of IPv6 trafrie globally on the router and then assign IPv6 addresses to individual
interfaces.

Activity Procedure
Complete these steps:
Step 1 Enable the forwarding of IPv6 unicas! datagrams on Ihe CE routers (A2v6 and
A3v6) and on the PE routers (PE I and PE2) by using the ipv6 unicast-routing
eommand.
Step 2 Assign the interfaces Ihat connect the PE and CE routers \Vith the site-IocallPv6
addresses and the CE loopbacks with the globallPv6 addresses. Use the ipv6
address command with Ihe parameters that are listed in the table.

IPv6 Parameters
. Para meter . Value .

PEl A2v6 lecO:O:aOOO: 1:: 1/64

PE2 A3v6 lecO:0:aOOO:2::1/64
Loopback O on A2v6 2001:db9:a2::1/64

Loopback O on A3v6 2001 :db9:a3::1/64

Activity Verification
You have completed this task when you altain these "esults:
• Use the sito\\' interfaces command to verify that the correct 11' addresses have been
assigned to the interfaces.

Task 2: Configure IPv6 Routing Between PE Routers and CE

Routers
In this task, you \ViII establish the PE-CE routing by using RIP for IPv6. The process must be
created tirst and then enabled on a particular IPv6 interface.

Activity Procedure
Complete these steps:
Step 1 Configure the IPv6 RIP routing process 011 the routers A2v6, A3v6, PEI, and PE2
by using the ipv6 router .-ip !Jame command.
Step 2 Start running the speeified IPv6 RIP routing process on IPv6 interfaces by using the
ipv6 rip !"/I/le enable command.
Step 3 Also configure the PE routers by using the ipv6 rip /llIme defanlt-information
command to announce the IPv6 default route (::/0) in router updates that are sent on
the PE-CE links.

© 2010 Cisco Systems, [ne. Lab Guide 123

Activity Verification
You have completed this task when you attain this result:
• VeriFy Ihe content oflhe IPv6 rOllling table by using the show ipv6 .-oute command. The
sample outputs are shown.
A2v6#show ipv6 route
IPv6 Routing Table - Default - 6 entries
Codes: e - Connected, L - Local, S - static, U - Per-user Static raute
B - BGP, M - MIPv6, R - RIP, Il - I8IS Ll
I2 - I8IS L2, lA - I8IS interarea, 18 - I8IS surnmary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, DI - OSPF rnter, DEI - 08PF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
ji:C:¡\/d[12Ó/2J
via FE80::216:C8FF:FE76:8E60, SerialO/0/0.1
C 2001:DB9:A2::/64 [O/O]
vía LoopbackO, directly connected
L 2001:DB9:A2:::1/128 [O/O]
vía LoopbackO, receive
C FECO:0:AOOO:1::/64 [O/O]
vía SerialO/O/O.l, directly connected
L FECO:0:AOOO:1::2/128 [O/O]
vía SerialO/OJO.l, receive
L FFOO::/8 [O/O]
vía NullO, receive

The previous oulput displays the IPv6 rOllting table on the router A2v6, with the local l'Outes
and the deFault l'Oute ::/0 received from the l'Outer PE 1.
PEl#show ipv6 raute
IPv6 Routing Table - Default - 5 entries
Cades: e - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, 11 - ISIS L1
12 - ISIS L2, lA - ISIS interarea, IS - ISIS surnmary, O - EIGRP
EX - EIGRP external
O - OSPF Intra, 01 - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2001:DB9:A2::/64 [120/2]
via FE80::216:C8FF:FE76:8C40, Seria10/0/0.2
B 2001:DB9:A3::/64 [200/2]
via 192.168.3.2%Default-IP-Routing-Table, indirectly connected
C FECO:0:AOOO:1::/64 [O/O]
via SerialO/O/O.2, directly connected
L FECO:0:AOOO:1::1/128 [O/O]
via SerialO/O/O.2, receive
L FFOO::/8 [O/O]
via NuIIO, receive

The previous output displays the IPv6 routing tables 011 Ihe router PE l. with Ihe local
routes and the l'Oute200 I :db9:a2::/64 received from attached CE routers.

Task 3: Configure MP-IBGP and Route Redistribution to

Exchange IPv6 Routes Between PE Routers
In this task, you will configure border 6PE routers to exchange IPv6 l'Outing information across
the router PE3. Because PE3 \ViII become a BGP l'Oute reflector, you l1eed to el1able IPv6
rouling on PE3 and configure border roulers as route reflector clients.

Note The 6PE solution uses the existing BGP IPv4, enhaneed to convey IPv6 prefixes. The
enhancements to MP-BGP inelude support for an IPv6 address family, IPv6 NLRI, the IPv6
next-hop atlribute addresses, and labels.

124 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Activity Procedure
Complete these steps:
Step 1 Enable support for I Pv6 unicast routing on the router PE3.
Step 2 Turn on Cisco Express Forwarding for IPv6 switching on all PE routers by using the
~
ipv6 cef command.
Step 3 Activate the exchange oflPv6 rautes in MP-IBGP between the routers PEl and PE3
'".,
and between the rauters PE2 and PE3 by using the neighbor ip1'4-address activa te
command. Youmust apply this command in the appropriate IPv6 address family
"-
configuration mode.

Note There is no need to di sable synchronization in the IPv6 address family configuration mode,
"-' beca use synchronization is disabled by detaul\.

'-
Step 4 After the activation ofthe IPv6 MP-IBGP session. youmust configure the PE
rauters to associate IPv6 updates with aggregate labels. by using the neighbor ip1'4-
'-o
addres.\" send-IabeI command within the address family configuration.
Step 5 Declare the rauters PEI and PE2 to be IPv6 route reflector clients ofthe router PE3.
Step 6 On the routers PE I and PE2. redistribute IGP rautes into MP-IBGP by using the
redistribnte command within the IPv6 address family configuration.

Activity Verification
You have completed this task when you atlain these "esults:
• Verify that the PE routers agreed on exchanging IPv6 prefixes along with the labels, by
using the sho,," bgp ipv6 neighbors command. Because a new capability IPv6+ label is
added, the labelmust appear in the list of capabilities that is returned by this command. as
shown in output.
PE3#show bgp ipv6 unicast neighbors 192.168.3.1
BGP neighbor is 192.168.3.1, remote AS 3, internal link
BGP version 4, remote router ID 192.168.3.1
BGP state = Established, up for 00:01:16
Last read 00:00:29, last write 00:00:29, hold time i5 180, keepalive
interval i5 60 seconds
Neighbor capabilities:
Raute refresh: advertised and received(new)
New ASN Capability: advertised and received

~~'~::~~~:1'~,~r!~~~[~~~~~f:~t'~1i;,lIe~'~'~~'~;~~~'.~_a~,~~~'~:~~l~4
Message statistics:
InQ depth is O
OutQ depth is O

Sent Rcvd
Opens: 3 3
Notifications: O O
,-. Updates: 6 3
Keepalives: 67 67
Route Refresh: O O
Total: 76 73
Default minimum time between advertisement runs is O seconds
.~

For address family: IPv6 Unicast

BGP table version 5, neighbor version 5/0
Output queue size : O
Index 2, Offset O, l-lask Ox4
!r2~~~;i~,~~;~~9:E8E;}~gl~~!p~

© 2010 Cisco Systems, Ine. Lab Guide 125

 2 update-group member
~ehding,;:'~ríéff::<:~:& L~be'~
< ••. rest ef the eutput omitted ... >

• After establishing MP-IBGP sessions, the IPv6 prefixes are exchanged between the PE
routers, as shown in lhe output ofthe show bgp ipv6 IInicast command.
PE1#show bgp ipv6 unicast
BGP table version is 3, local router ID is 192.168.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin cedes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 2001:DB9:A2::/64 .. 2 32768 ?
*>i2001:DB9:A3::/64 ::FFFF:192.168.3.2 2 100 O ?

The globallPv6 routing table on the router PEI contains the locally originated route from
the atlached CE router (200 I :db9:a2::/64) and lhe route from the distant CE router
(2001:db9:a3::/64), which is reflected by the route reflector PE3.

Note The next-hop address ffff:192.168.3.2 is derived from the IPv4 address 01 (he originator and
willlater be used to determine the LSP path lor the destination.

• Verify ho\V the route from Ihe distant CE sile is stored in the routing table. The following
output ofthe show ipv6 route2001:db9:a3::/64 command details Ihe ent.y wilh the MPLS
Reqllired keyword, which denotes the Cisco 6PE origin ofthe route (output).
PE1#show ipv6 route 2001:db9:a3::/64
Routing entry for 2001:DB9:A3::/64
Known via "bgp 3", distance 200, metric 2, type internal
Route count is 1/1, share count o
Routing paths:
192.168.3.2%Default-IP-Routing-Table indirectly connected
MPLS¡Réqufi:et!
Last updated 00:12:49 ago

• Continue with lhe inspection oflhe MP-BGP labels that are assigned to IPv6 routes. The
show bgp ipv6 unicast labels command on lhe router PE 1 produced output, in which you
can see pairs ofincoming and outgoing labels that are assigned like they are for VPNv4
routes. The locally originated route has no oUlgoing label and the route that is received
from Ihe remote PE sile is associated with no incoming labe\.
PEl#show bgp ipv6 unicast labels
Network Next HOp In 1abe1/0ut label
2001:DB9:A2::/64 .• 22/nolabel
2001:DB9:A3::/64 ::FFFF:192.168.3.2 nolabel/22

• As is mentioned in the previous step, the 6PE method uses an I Pv4 compatible next-hop
address (ffff: 192. 168.3.2) to determine the end-to-end LSP across the IPv4 network. To
declare Ihe LSP palh operational, the 1Pv4 address must be reachable and associated with
an LDP label that is received from the downstream router. This information can easily be
verified by inspecting the LFI B table, by using the show mpls forwarding-table command
lofind a malching IPv4 nexl-hop label for the IPv6 routes that are originaled by the rouler
PE2 (output).
PE1#show mpls forwarding-table
Local outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or ve or Tunnel Id Switched interface
16 No Label 201.1.1.0/28 O SeO/0/0.3 point2point
17 pop Label 192.168.3.5/32 O SeO/0/0.1 point2point
18 16 192.168.3.3/32 O seO/0/0.1 point2point

126 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 19 17 192 .168.3.2/32 o SeO/0/0.1 point2point
20 Pop Label 192 .168.3.20/30 O SeO/0/0.1 point2point
21 Pop Label 192 .168.3.16/30 O SeO/0/0.1 point2point
22 No Label 2001:DB9:A2::/64 O SeO/0/0.2 point2point

In the presented case, PE 1 is the ingress 6PE that generates the aggregate label for the local
route and has a label to reaeh the BOP next hop (192.168.3.2).

Note Because the number of the IPv6 labels that are allocated by the 6PE router is limited,
several prefixes may be assigned the same label. To avoid confusion when forwarding IPv6
datagrams back to the atlached CE routers, the type of the label is aggregate, resulting in
complete L3 IPv6 lookup.

• The MPLS label stack is stored in the Cisco ExpI'ess Forwarding cache. Use the show ipv6
cef c01l1mand to inspect the label switching operations for the prefix 2001 :db9:a3 ::/64, as
shown in the outpu!.
PEl#show ipv6 cef 2001:db9:a3::/64
2001:DB9:A3::/64
nexthop 192.168.3.14 serialO/0/0.1 labe1 ['E',?z
The output reveals that the LSP path to the A3v6 IPv6 route is determined by the label
stack that is eomposed ofthe MP-BOP IPv61abel (22) and the LOP label (17).

Note The values of the la beis are not exact, being independently assigned by the LDP and BGP
processes.

• With the end-to-end LSP path being established. you can now execute the traceroute ipv6
command and verify the eonnectivity between the CE routers, as shown in the OlltpU!. The
IPv6 host addresses that are used in the following test were obtained by using the show
ipv6 interface command.
A3v6#traceroute ipv6

Target IPv6 address: 2001:DB9:A2::1

Source address: 2001:DB9:A3::1
Insert source routing header? [no]:
Numeric display? [no]:
Tímeout in seconds {3]:
Probe eount [3]:
.~.
Mínimum Time to Live [1]:
Maximum Time to Live (3D]:
Priority [O]:
Port Number [O]:
Type escape sequence to aborto
Tracing the route to 2001:DB9:A2::1

1 FECO:O:AOOO:2::1 44 msee 44 rosee 40 msee

2 ::FFFF:192.168.3.18 [MPLS: Labels 18/22 Exp O] 340 rosee 340 rosee 340 rosee
3 FECO:0:AOOO:1::1 [MPLS: Label 22 Exp O] 200 rosee 204 rosee 200 rosee
4 FECO:O:AOOO:l::2 176 msee 184 rosee 172 msee

Note When tracing the path by using the traceroute command, the P router eannot respond with
an ICMP reply because it is not configured for IPv6 routing.

• Verify that your 6PE configuration did not interfere with the initial MPLS VPN setup, by
tracing the IPv4 path ti'om Al v4 to IP address 192.20.11.1, which resides 011 the router
1PSv4 (outpllt).
Alv4#traceroute
Protoeol [ip 1 :

© 2010 Cisco Systems, Ine. Lab Guide 127

 Target IP address: 192.20.11.1
Source address: 201.1.1.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434J:
Loose, strict, Record, Timestamp, Verbose[none]:
Type escape sequence to aborto
Tracing the route to 192.20.11.1

1 150.1.31.1 96 msee 100 rosee 100 msee

2 192.168.3.14 [MPLS: Label 16 Exp OJ 200 msee 200 msee 204 msee
3 192.168.3.21 84 msee 84 msee 84 rosee
4 192.168.20.2 108 msee * 108 rnsee

Task 4: Configure 6VPE on Service Provider Edge Routers

6VPE is very much like a regular IPv4 MPLS-VPN provider edge, with an addition orIPv6
support within Virtual Routing and Forwarding (VRF). In this task, you will configure VRF
routing on PE routers to establish a VPN connection between CE routers.

Activity Procedure
Complete these steps:
Step 1 On PI and P2 routers, configure one VRF called CustomerA. Set up the import and
expolt properties. These are used for filtering the import and export process. Also,
enable IPv6 address family for this VRF by using address-family ipv6 command.
Step 2 Establish BGP neighbor adjacency between PE I and PE2 routers with adding a new
entry to the BGP neighbor table under router bgp process.
Step 3 Using neighbor lP-address activa te under address-family vpnv6 command
activate the neighbors and send the community attribute to a BGP neighbor.
Step4 Using redistribllte under the address-family ipv6 vrf command, configure
redistribution of static routes for the created VRF.
Step 5 Disable automatic summarization and synchrol1ization under address-family ipv6
"rf.
Step 6 Configure the forwarding details for the interfaces that are connected to customer
routers A2v6 and A3v6 using vrf fonvarding command and remember to set up the
IP address orthe interface after doing this. The minimum configuration for this lab
is to redistribute static routes towards both customer sites.
Step 7 On PE 1, configure a static route towards A2v6 for the newly created VRF using
ipv6 rOllte vrf command. Do the same for A3v6 router on PE2. Vou have
completed this step once you are able to ping LoopbackO interfaces of A2v6 and
A3v6 from PEI and PE2 respectively using the newly created VRF.
PEl#ping vrf CustomerA 2001:db9:a2::1

Type escape sequence to aborto

Sending 5, lOO-byte ICMP Echos to 2001:DB9:A2::1, timeout is 2 seconds:
! ! ! ! !

PEl#ping vrf CustomerA 2001:db9:a3::1

Type escape sequence to aborto

128 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Inc.
 Sending 5, lOO-byte ICMP Echos to 2001:DB9:A3::1, timeout is 2 seconds:
! ! ! ! !
~iícqei3s'r¡¡Je1;11's~¡r.¡j'~pélf6e¡¡'8'':'{5/?r~)r'rbun<i.::rrlp';rnnl}a'Y'gl¡¡¡il'~:~¡¡¡I:¡:2Z:f'j?~~J.6Y1í\§

Step 8 On CE l'Outers A2v6 and A3v6 configlll'e t\Vo static l'Outes on each. One static l'Oute
points to adjacent PE l'Outer. the other to remate CE l'Outer. You need to do this,
since RIP will be disabled on PE routers as soon as you enable VRF forwarding on
that interface.

Note Far the purpose 01 this ¡abo yau will use static routing on CE routers.

Activity Verification
YOll have completed this !ask \Vhen you attain these results:
• Verify tha! BOP neighbor adjacency is established between PE I and PE2 using show bgp
vpnv6 vrf comllland.
PE2#show bgp vpnv6 unicast al!
BGP table version is 11, local router ID is 192.168.3.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
\ .. ~ ,
Network Next Hop Metric LocPrf weight Path
Route Distinguisher: 100:110 (defau1t for vrf CustomerA)
*>3.c:rO(jI'¡¡B~':'A21;¡76~ ::FFFF:192.168.3.1 O 100 O ?
*> 2001:DB9:A3::/64 O 32768 ?
*>[FEco:q;¡¡:6oQ:¡r¡¡¡16~ ::FFFF:192.168.3.1 O 100 O ?
*> FECO:0:AOOO:2::/64 •• o 32768 ?

• Verify that the static l'Outes for both cllstomer sites have been reclistribllted with BOP. Do
this using show ipv6 rOll!e vrf command.
PE2#show ipv6 route vrf CustomerA
IPv6 Routing Table - CustomerA - 6 entries
Codes: C - Connected, L - Local, S - static, U - Per-user static route
B - BGP, M - HIPv6, R - RIP, 11 - ISIS LI
I2 - ISIS L2, lA - ISIS interarea, IS - ISIS surnmary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, 01 - OSPF Inter, OEI - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
B 2001:DB9:A2::/64 [200/0J
via 192.168.3.I%Default-IP-Routing-Table, indirectly connected
s 2001:DB9:A3::/64 [1/0J
via SerialO/0/0.2, directly connected
B FECO:0:AOOO:1::/64 [200/0J
via 192.168.3.I%Default-IP-Routing-Table, indirectly connected
C FECO:0:AOOO:2::/64 [O/OJ
via SerialO/0/0.2, directly connected
L FECO:0:AOOO:2::10/128 [O/OJ
via SerialO/0/0.2, receive
L FFOO: :/8 [O/OJ
via NullO, receive

• Finally. try pinging LoopbackO interfaces froll1 one CE router to another. Ping should be
sllccessflll as shown in the output.
A2v6#ping 2001:db9:a3::1

Type escape sequence to aborto

Sending 5, lOO-byte ICHP Echos to 2001:DB9:A3::I, timeout is 2 seconds:
! ! ! ! !
Success rate is 100 percent (5/5), round-trip min/avg/max = 228/228/232 ms

© 2010 Cisco Systems, Ine. Lab Guide 129

Answer Key
The correct answers and expected sollltions for the activities that are described in this gllide
appear here.

Lab 2-1 Answer Key: Enabling IPv6 on Hosts

When yOll complete this activity, yOllr configllrations will be like (he reslllts here, with
differences (hat are specific to yOllr device or workgrollp:

Task 1: Configure IPv4 Addressing and Routing on a PC

This task is procedllral. Follow (he procedllre in the lab task step by step lo achieve the desired
sollltion.

Task 2: Configure IPv6 Addressing and Routing on a Router

These OlltplltS can be observed on rOllter R I :
Rl#show ip interface brief
Interface IP-Address OK? ~Iethod Status Protecol
FastEthernetO/O 192.168.1.1 YES manual up up
FastEthernetO/l unassigned YES unset administratively down down
SerialO/O/O unassigned YES unset actministratively down down
SerialO/1/0 unassigned YES unset administratively down down
SerialO/1/1 unassigned YES unset actministratively down down

Rl#show ip route
Codes: e - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, o - OSPF, lA - OSPF ínter are a
NI - OSPF NSSA externa! type 1, N2 - OSPF NSSA external type 2
El - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - 18-18 surnrnary, Ll - IS-IS level-l, L2 - IS-IS level-2
ia - IS-I8 inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded sta tic route

Gateway of last resort is not set

C 192.168.1.0 255.255.255.0 is directly connected, FastEthernetO/O

Rl#show ipv6 interface brief

FastEthernetO/O ¡Up/up]
FastEthernetO/l [adrninistratively down/down]
SerialO/O/O (adrninistratively down/down]
SerialO/1/0 [administratively down/down]
SerialO/1/1 [administratively down/down]

Rl#show ipv6 route

IPv6 Routing Table - O entries
Codes: C - Connected, L - Local, 8 - Static, R - RIP, B - BGP
U - Per-user Sta tic route
11 - ISIS Ll, 12 - 18IS L2, lA - 1818 interarea, IS - 18IS summary
O - OSPF intra, 01 - OSPF inter, OE! - OSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF N8SA ext 1, ON2 - OSPF N88A ext 2
D - EIGRP, EX - EIGRP external

These commal1c1s l1eed lo be entered 011 rOlller R 1:

ipv6 unicast-routing
interface fastethernetO/O

130 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc,
 ipv6 enable
ipv6 nd ra suppress
ipv6 address 2001:db9:1:1::1/64

Task 3: Configure Static IPv6 Addressing and Routing on a PC Running the

Windows XP Operating System
These outputs can be observed on PC 1:
C:\>netsh interface ipv6 show interface
Querying active state ...

Idx Met MTU state Name

------------
6 2 1280 Disconnected Teredo Tunneling Pseudo-Interface
5 O 1500 Connected LAB
4 O 1500 connected MGMT
3 1 1280 Connected 6to4 Pseudo-Interface
2 1 1280 Connected Automatic Tunneling Pseudo-Interface
1 O 1500 Connected Loopback Pseudo-Interface

C:\>netsh interface ipv6 show interface 5

Querying active state ...

Interface 5: LAB

Addr Type DAD state Valid Life Pref. Life Address

Link Preferred infinite infinite fe80::20c:29ff:fe3b:aeBd

Connection Name LAB

GUID {EFOD655A-2F4E-4FF2-A88F-DED2AFB56D84}
state Connected
Metric O
Link MTU 1500 bytes
True Link MTU 1500 bytes
Current Hop Limit 64
Reachable Time 32s
Base Reachable Time 30s
Retransmission Interval 1s
DAD Transmits 1
DNS Suffix
Firewall disabled
Site Prefix Length 48 bits
Zone ID for Link 5
Zone ID for Site 1
Uses Neighbor Discovery Yes
Sends Router Advertisernents No
Forwards Packets No
Link-Layer Address OO-Oc-29-3b-ae-8d

These cOl11l11ands need to be entered on PC 1:

netsh interface ipv6 add address 5 2001:db9:1:1::f
netsh interface ipv6 add route ::/0 52001:db9:1:1::1

Task 4: Configure Static IPv6 Addressing and Routing on a PC Running the

Windows 7 Operating System
No cOl11l11ands need to be entered. Finish this lab by following the detailed lab description for
this task.

© 2010 Cisco Systems, Inc. Lab Guide 131

Task 5: Configure Static IPv6 Addressing and Routing on a PC Running the Linux
Operating System
These Olltpllts cal1 be observed 011 router pe3:
[root@cnrl -]# ifconfig
ethO Link encap:Ethernet HWaddr 00:OC:29:Al:62:F3
inet addr:192.168.250.13 Bcast:192.168.250.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fea1:62f3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1378 errors:Q dropped:O overruns:O frame:O
TX packets:889 errors:O dropped:O overruns:O carrier:O
collisions:O txqueuelen:lOOO
RX bytes:84599 (82.6 KiB) TX bytes:72025 (70.3 KiB)
Interrupt:177 Base address:Ox1400

ethl Link encap:Ethernet Hwaddr OO:OC:29:Al:62:FD

inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:db9:1:1:20c:29ff:fea1:62fd/64 Scope:Global
inet6 addr: fe80::20c:29ff:fea1:62fd/64 Scope:Link
inet6 addr: 2001:db9:1:1::d/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:lSOO Metric:l
RX packets:364 errors:Q dropped:O overruns:O frame:O
TX packets:276 errors:D dropped:O overruns:O carrier:O
collisions:O txqueuelen:l000
RX bytes:34868 (34.0 KiB) TX bytes:37289 (36.4 KiB)
Interrupt:185 Base address:Ox1480

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:39 errors:O dropped:O overruns:O frame:O
TX packets:39 errors:O dropped:O overruns:O carrier:Of
collisions:O txqueuelen:O
RX bytes:4356 (4.2 KiB) TX bytes:4356 (4.2 KiB)

These commands need to be entered on PC3:

[root@PC3]# ifconfig eth1 192.168.1.4 netmask 255.255.255.0 up
[root@cnr1 -]# ifconfig eth1 add 2001:db9:1:1::d/64

lab 2-2 Answer Key: Using Neighbor Discovery

When you complete this activity, your configurations \ViII be like the reslllts here, \Vith
differences that are specific to your device 01' workgroup:

Task 1: Configure Router Advertisements

These Olltputs can be observed 011 router PC I :
C:\>netsh interface ipv6 show interface 5
Querying active state ...

Interface 5: LAB

Addr Type DAD State valid Life Pref. Life Address

--------- ---------- ------------ ------------ -----------------------------
Manual Preferred infinite infinite 2001:db9:1:1::f
Link Preferred infinite infinite fe80::20c:29ff:fe93:6771

Connection Name LAB

GUIO {EFOD655A-2F4E-4FF2-A88F-DED2AFB56D84}
State Connected
Metric O

132 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Link MTU 1500 bytes
True Link MTU 1500 bytes
Current Hop Limit 128
Reachable Time 22s
Base Reachable Time 30s
Retransmission Interval 1s
DAD Transmits 1
DNS Suffix
Firewall disabled
site Prefix Length 48 bits
Zone ID fer Link 5
Zone ID for site 1
Uses Neighbor Discovery Yes
Sends Router Advertisernents No
Forwards Packets No
Link-Layer Address 00-Oc-29-93-67-71
This command needs to be entered on pe 1:
netsh interface ipv6 delete address 52001:db9:1:1::f

These commands need to be entered on router R 1:

debug ipv6 nd
interface fastethernetO/O
ipv6 nd prefix 2001:db9:1:1::/64 300 300
ipv6 nd ra interval 30
no ipv6 nd ra suppress

Task 2: Renumber the Local Network

These commands need to be entered on router R 1:
interface fastethernetO/O
ipv6 address 200l:db9:1:l00l::l/64
ipv6 nd prefix 200l:db9:l:l00l::/64 300 300
ipv6 nd prefix 200l:db9:l:l::/64 300 O

Lab 3-1 Answer Key: Using Prefix Delegation

When you complete this activity, your configurations \ViII be like the reslllts here, \Vith
differences that are specific to yOllr device or workgrollp:

Task 1: Configure a Prefix Delegation Server and Client

These commands need to be entered on router R 1:
ipv6 local pool pooll 200l:db9:l:2::/64 64
ipv6 dhcp pool GlobalDHCP
prefix-delegation pool pooll
domain-name example.com
dns-server 200l:db9:l:l::abba
interface serialO/O/O.l
ipv6 dhcp server GlobalDHCP

These commands need to be entered on router R2:

interface serialO/O/O.l
ipv6 dhcp client pd Site2Prefix
interface fastethernetO/O
ipv6 address Site2Prefix 0::1/64
ipv6 address Site2Prefix 0::/64 eui-64

© 2010 Cisco Systems, Ine. lab Guide 133

 ipv6 nd prefix default 1200 600

Task 2 (Optional): Configure a Non-Prefix Delegation DHCPv6 Server

These commands need lo be entered on rOlller R2:
ipv6 dhcp pool SITE2
dornain-narne site2.example.com
dns-server 2001:db9:1:2::beef
interface fastethernetO/O
ipv6 dhcp server SITE2
ipv6 nd other-config-flag

Lab 4-1 Answer Key: Routing with 05PFv3

When you complete this activity, yo ur configuralions \ViII be like the reslllls here, with
differcnces that are spec ific to your device or workgrollp:

Task 1: Configure OSPF

Thesc commands need lo be el~Olu:ollteI'-R 1:

ipv6 router ospf 1 \ ~ "' ....)

( Q<:)\'iT~ I o..,)ov'" , ~(.() ""
router-id 1~3.,"J.68 .1.-1 \,>" \ "''''''
interface loopbackl /"
ipv6 ospf 1 aEea O
interface loopback2
ipv6 ospf 1 are a O
interface fastethernetO/O /
ipv6 ospf 1 are a O
interface serialO/0/0.1 point-to-point
ipv6 ospf 1 area 1 _ .

These commands need lo be entered 011 router R2:

ipv6 router ospf 1
router-id 192.168.2 ~ 1
interface loopback1
ipv6 ospf 1 are a 1
interface loopback2
ipv6 ospf 1 are a 1
interface fastethernetO/O /
ipv6 ospf 1 are a 1
interface serialO/0/0.1 point-to-point
ipv6 ospf 1 area 1~

Task 2: Summarize Route Announcements

These commands need to be entered on rOllter R I :
ipv6 router ospf 1 ~
area O range 2001:db9:1:: ~8)

Lab 4-2 Answer Key: Routing with 15-15

When yOll complete this activity, your configurations will be like Ihe reslllts here, with
differcnces that are spec ific to yOllr device or \Vorkgrollp:

134 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.

I
\.J Task 1: Configure 15-15 for IPv6 Routing
Tllese commal1ds l1eed lo be el1lered 011 router R 1:
•. I ~ Ivr. U) -
router 1515 I
net 1J ~ 002 .1001. 2001. 3001. 00
interface fastethernetO / 0 7
ipv6 router isis
interface serialO/0/0.1 point-to-point
ipv6 router isis
router isis
metric-style wide
interface fastethernetO/O /
isis ipv6 rnetric 11
interface serialO/0/0.1 point-to-point
v isis ipv6 rnetric 21
interface fastethernetO/o~
isis circuit-type level-2-only
interface loopback 1
isis circuit-type level-2-only
interface loopback2
isis circuit-type level-2-only
interface serialO /0/ 0.1 point-to-point
isis circuit-type level-l
router isis
u passive-interface loopback1
passive-interface loopback2
address-family ipv6
redistribute isis level-2 into level-1 distribute-list
PermitAll
Tllese commal1ds l1eed to be el1tered 011 router R2:
router isis
net 49.0002.1002.2002.3002.00
interface fastethernetO/O
ipv6 router isis
interface serialO / 0 / 0.1 point-to-point
ipv6 router isis
router isis
metric-style wide
interface fastethernetO /O
isis ipv6 metric 11
interface serialO/0/0.1 point-to-point
isis ipv6 metric 21
interface fastethernetO/O
isis circuit-type level-1
interface serialO/0/0.1 point-to-point
isis circuit-type level-1
interface loopback1
isis circuit- type level-1

© 2010 Cisco Systems, lnc. lab Guide 135

 interface loopback2
isis circuit-type level-1
router isis
passive-interface loopback1
passive-interface loopback2

Task 2: Configure 15-15 Summarization for IPv6 Routing

These commands need to be entered on rOllter R 1:
router isis
address-family ipv6
summary-prefix 2001:db9:1::/48 level-1

Task 3: Add IPv4 15-15 Route Exchange

These commands need to be entered on rOllter R 1:
interface fastethernetO/O
ip router isis
interface serialO/0/0.1 point-to-point
ip router isis
These commands need to be entered on rollter R2:
interface fastethernetO/O
ip router isis
interface serialO/0/0.1 point-to-point
ip router isis
router isis
redistribute isis ip level-2 into level-1 distribute-list 101
access-list 101 permit ip any any

Lab 4-3 Answer Key: Routing with EIGRP

When yOll complete this activity, yOllr configllrations will be like the reslllts here, with
differences that are specific to yOllr device or workgrollp:

Task 1: Configuring EIGRP for IPv6 Routing

These commands need to be entered on rOllter R 1:
interface fastethernetO/O
ipv6 eigrp 1
interface serialO/0/0.1 point-to-point
ipv6 eigrp 1
ipv6 router eigrp 1
router-id 192.168.1.1
passive-interface Loopback1
passive-interface Loopback2
no shutdown
These commands need (o be entered on rollter R2:
interface fastethernetO/O
ipv6 eigrp 1
interface serialO/0/O.1 point-to-point
ipv6 eigrp 1

136 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 ipv6 router eigrp 1
router-id 192.168.2.1
passive-interface Loopback1
passive-interface Loopback2
no shutdown

Task 2: Configuring EIGRP for IPv6 Summarization

These commands need lo be el1lered on rOllter R 1:
interf ace seria10/0/0.1 point-to-point
ipv6 surnmary-address eigrp 1 2001:db9:1::/48
These commal1ds need lo be el1tered 011 rOlller R2:
interface serialO/0/0.1 point-to-point
ipv6 surnmary-address eigrp 1 2001:db9:2::/48

lab 4-4 Answer Key: Routing with BGP and MP-BGP

Whel1 you complele this aClivily. your configuraliol1s \ViII be like Ihe resulls here, with
differel1ces Ihal are specific lo your device 01' workgroup:

Task 1: Configure IBGP for IPv6

These comlllal1ds l1eed to be el1tered 011 rouler R 1:
route-map SetOrigin permit 10
set .ru:i.g,in igp " ,\ .",\:. "
",\.\~\lt-"'" >..>'0-'" 1, '
- ~CO"'\::. )~ e<"\':)\,,\4 ~
router bgp 65001 .' ~c, \>
no bgp default ipv4-unicast
neighbor 2001:db9:2:100::1 remote-as 65001
neighbor 2001:db9:2:100::1 update-source Loopback1
address-family ipv6
neighbor 2001:db9:2:100::1 activate
redistribute connected route-map SetOrigin ~
These c01111llal1ds l1eed lo be el1tered 011 rouler R2:
route-map SetOrigin perrnit 10
set origin igp
router bgp 65001
no bgp default ipv4-unicast
neighbor 2001:db9:1:100::1 remote-as 65001
neighbor 2001:db9:1:100::1 update-source Loopback1
address-family ipv6
neighbor 2001:db9 :1 :100 ::1 activate
redistribute connected route-rnap SetOrigin

Task 2: Configure EBGP for IPv6

These cOllllllal1ds l1eed lo be el1lered 0 11 rouler R 1:
route-map SetNH permit 10
set ipv6 next-hop 2001:db9:1:100::1
router bgp 65001
neighbor 2001:db9:1:300::1 remote-as 64512
neighbor 2001:db9:1:300::1 update-source SerialO/0/0.2

© 2010 Cisco Syslems, Ine. Lab Guide 137

 address-family ipv6
neighbor 2001:db9:1:300::1 activate
neighbor 2001:db9:1:300::1 route-map SetNH out

Task 3: Configure IPv6 Prefix Filtering in BGP

These commal1ds l1eed to be el1tered 011 router R 1:
ipv6 prefix-list PFL seq 5 deny 2001:db9:14::/46 le 128
ipv6 prefix-list PFL seq 10 permit ::/0 le 128
router bgp 65001
address-family ipv6
neighbor 2001:db9:1:300::1 prefix-list PFL in

lab 5-1 Answer Key: Multicasting

When you complete this activity, your configlll'ations will be like the results here, with
differences that are specific to your device or workgroup:

Task 1: Configure Multicast Using Static RPs

These commands need to be entered on routers R 1, R2, and R3:
ipv6 multicast-routing
ipv6 pim spt-threshold infinity
ipv6 pim rp-address 2001:db9:1:1::1
These outputs can be observed on router R l :
R1#show ipv6 pim tunnel
TunnelO*
Type PIM Encap
RP Embedded RP Tunnel
Source: 2001:DB9:1:B::1
Tunnell*
Type PIM Encap
RP 2001:DB9:1:1::1*
Source: 2001:DB9:1:B::1
Tunne12*
Type PIM Decap
RP 2001:DB9:1:1::1*
Source:

R1#show ipv6 pim topology

No PIM topology table entries found.
These outputs can be observed on rotlter pe 1:
C:\>ping6 ff15::15 -t

Pinging ff15::15
from 2001:db9:1:1:2073:91dO:d870:7e61 with 32 bytes of data:

Request timed out.

Request timed out.

138 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 Request timed out.
Request timed out.
Request timed out.
< ••• rest of the output omitted •.• >
These outputs can be obsel'ved on I'outel' R 1:
Rl#show ipv6 pim topology
IP PIM Multicast Topology Table
Entry state: (*/S,G)[RPT/SPT] Protocol Uptime rnfo
Entry flags: KAT - Keep Alive Timer, AA - Assume Aliv8, PA - Probe Alive,
RA - Really Alive, LH - Last Hop, DSS - Don't Signal Sources,
RR - Register Received, SR - Sending Registers, E - MSDP External,
DCC - Don't Check Connected
Interface state: Name, uptime, Fwd, lnfo
Interface flags: LI - Local Interest, LO - Local Disinterest,
II - Internal Interest, ID - Internal Disinterest,
LH - Last Hop, AS - Assert, AB - Admin Boundary

(2001:DB9:1:1:2073:91DO:DS70:7E61,FF15::15)
SM SPT UP: 00:01:09 JP: Null(never) Flags: KAT(00:02:19) RA RR
RPF: FastEthernetO/0,2001:DB9:1:1:2073:91DO:DS70:7E61*
No interfaces in irnrnediate olist

< ... part of the output omitted ... >

Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 2001:db9:2:1:d4da:3gea:4a3S:91fS: bytes~32 time=54ms
Rep1y froro 2001:db9:2:1:d4da:3gea:4a3S:91fS: bytes~32 tiroe=48ms
Reply from 2001:db9:2:1:d4da:3gea:4a3S:91fS: bytes~32 time=48ms
,~

Reply from 2001:db9:2:1:d4da:3gea:4a3S:91fS: bytes~32 time=48ms

Rep1y from 2001:db9:2:1:d4da:3gea:4a3S:91fS: bytes~32 time=48ms

Rl#show ipv6 pim topology

IP PIM Multicast Topology Table
Entry state: (*/S,G)[RPT/SPT] Protocol uptime Info
Entry flags: KAT - Keep Alive Timer, AA - Assume Alive, PA - Probe Alive,
RA - Really Alive, LH - Last Hop, DSS - Oon't Signal Sources,
RR - Register Received, SR - Sending Registers, E - MSDP External,
DCC - Don't Check Connected
Interface state: Name, uptime, Fwd, Info
Interface flags! LI - Local Interest, LO - Local Disinterest,
11 - Internal Interest, ID - Internal Disinterest,
LH - Last Hop, AS - Assert, AB - Admin Boundary

(*,FF15::15)
SM UP: 00:02:12 JP: Join(never) Flags:
RP: 2001:DB9:1:1::1*
RPF: Tunne12,2001:DB9:1:1::1*
SerialO/0/0.1 00:02:12 f\<d Join(00:03:1S)

(2001:DB9:1:1:2073:91DO:DS70:7E61,FF15::15)
SM SPT UP: 00:05:43 JP: Join(never) Flags: KAT(00:01:20) RA RR
RPF: FastEthernetO/0,2001:DB9:1:1:2073:91DO:DS70:7E61*
No interfaces in irnmediate olist

These outputs can be observed on router R2:

R2#show ipv6 pim topology
IP PII1 l1ulticast Topology Table
Entry state: (*/S,G)[RPT/SPT] Protocol uptime Info
Entry flags: KAT - Keep Alive Timer, AA - Assume Alive, PA - Probe Alive,
RA - Really Alive, LH - Last Hop, OSS - Don't Signal Sources,

© 2010 Cisco Systems, [ne. lab Guide 139

 RR - Register Received, SR - Sending Registers, E - MSOP External,
OCC - Oon't Check Connected
Interface state: Narne, Uptime, Fwd, Info
Interface flags: LI - Local lnterest, LO - Local Oisinterest,
II - Internal Interest, ID - Internal oisinterest,
LH - Last Hop, AS - Assert, AB - Adrnin Boundary

(*,FFI5::15)
SM UP: 00:02:45 JP: Join(00:00:05) Flags: LH OSS
RP: 2001:0B9:1:1::1
RPF: SerialO/0/0.l,FE80::217:59FF:FE03:19B8
FastEthernetO/O 00:02:45 fwd LI LH

R2#show ipv6 rnld groups

MLD Connected Group Membership
Group Address Interface uptirne Expires
FFl5: :15 FastEthernetO/O 00:04:52 00:02:32

Task 2: Configure Source-Tree Multicast

These commands need to be entered on routers R 1, R2, and R3:
no ipv6 pim spt-threshold infinity

These commands need to be entered on router R 1:

clear ipv6 pim topology

Task 3: Configure Embedded RPs

These commands need to be entered on routers R 1, R2, and R3:
no ipv6 pim rp-address 2001:db9:1:1::1
ipv6 pim spt-threshold infinity
clear ipv6 pim topology

Th is output can be observed on router R 1:

Rl#show ipv6 pim topology
No PIM topology table entries found.
These commands need to be entered on router R 1:
ipv6 access-list ERP
permit ipv6 any ff7e:140:2001:db9:1:1::/96
ipv6 pim rp-address 200l:db9:1:1::1 ERP

Lab 6-1 Answer Key: Implementing Tunnels for IPv6

When you complete this activity, your configurations \Viii be like the results here, \Vith
differences that are specific to your device or workgroup:

Task 1: Configure a Static IPv6-in-IPv4 Tunnel

These outputs can be observed on router R 1:
R1#show ipv6 route
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - static, R - RIP, B - BGP
U - Per-user sta tic route
I1 - ISIS LI, 12 - ISIS L2, lA - ISIS interarea, IS - ISIS surnmary
O - OSPF intra, OI - OSPF ínter, OEI - OSPF ext 1, OE2 - OSPF ext 2
ONl - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
e 2001:0B9:1:1::/64 [O/O]
via ::, FastEthernetO/O

140 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 L 2001:DB9:1:1::1/128 [O/O]
/
vía ::, FastEthernetO/O /
e 2001:DB9:1:100::/64 [O/O]
vía ::, Loopbackl
L 2001:0B9:1:100::1/128 [O/O]
vía ::, Loopbackl
e 2001:0B9:1:200::/64 [O/O]
vía ::, Loopback2
L 2001:0B9:1:200::1/128 [O/O]
vía ::, Loopback2'
L FE80::/10 [O/O]
vía ::, NullO r
L FFOO::/8 [O/O]
via ::, NullO

These commands need to be entered on router R 1:

interface tunne1900 1
tunnel rnode ipv6ip
ipv6 address 2001:db9:1:a::1/64 I
tunnel source serialO/0/0.1 /
tunnel destination 192.168.101.2 /
ipv6 rip RIP1 enable/
These commands need to be entered on router R2:
interface tunne1900
tunnel rnode ipv6ip
ipv6 address 2001:db9:1:a::2/64
tunnel source serialO/0/0.1 /
tunnel destination 192.168.101.1
ipv6 rip RIP1 enable

Task 2: Implement Basic ISATAP

This command needs lo be entered on routers pe 1, PC2, and pe3: ~,,~

netsh interface ipv6 isatap set state enable /

Task 3: Implement ISATAP on a Router

These commands need to be entered on router R 1:
interface tunne1800
tunnel source fastethernetO/O
tunnel rnode ipv6ip isatap
ipv6 address 2001:db9:1:bea::/64 eui-64
no ipv6 nd ra suppress
ipv6 rip RIP1 enable

Task 4: Integrate ISATAP Between a pe and a Router

These commands need to be entered on router pe3:
netsh interface ipv6 isatap set router 192.168.1.1
netsh interface ipv6 isatap set router interval=1
netsh interface ipv6 renew

Lab 7-1 Answer Key: Configuring Advanced ACLs

When you complete Ihis activity, yOlll' configlll'ations will be Iike the results here, with
differences that are specific lo your device or workgroup:

© 2010 Cisco Systems, Ine. Lab Guide 141

Task 1: Configure a Standard ACL for IPv6 (Layer 3 Address Filtering)
These Olllpllts can be observed on muter pe I :
C:\>ping 2001:db9:1:1::1

Pinging 2001:db9:1:1: :1 with 32 bytes of data:

Rep1y fraro 2001:db9:1:1::1: tirne=lms

Rep1y fraro 2001:db9:1:1::1: tirne<lms
Rep1y fraro 2001:db9:1:1::1: time<lrns
Rep1y fraro 2001:db9:1:1::1: time=lms

Ping statistics for 2001:db9:1:1::1:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in milli-seconds:
Mínimum = Oros, Maximurn = lms, Average = Oros

C:\>ping 2001:db9:1:100::1

Pinging 2001:db9:1:100::1 with 32 bytes of data:

Rep1y fraID 2001:db9:1:100::1: time<lms

Rep1y from 2001:db9:1:100::1: time<lms
Rep1y fraID 2001:db9:1:100::1: time<lms
Rep1y from 2001:db9:1:100::1: time<lms

Ping statistics for 2001:db9:1:100::1:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in rnilli-seconds:
Mínimum = Oros, Maximum = Oros, Average = Oros

C:\>ping 2001:db9:1:200::1

Pinging 2001:db9:1:200::1 with 32 bytes of data:

Rep1y from 2001:db9:1:200::1: time=lms

Rep1y fraro 2001:db9:1:200::1: time<lms
Rep1y fraID 2001:db9:1:200::1: tirne<lms
Rep1y from 2001:db9:1:200::1: time<lms

ping statistics for 2001:db9:1:200::1:

Packets: Sent = 4, Received = 4, Lost = O (0% 10ss),
Approximate round trip times in rnilli-seconds:
Mínimum = Oros, Maximum = lms, Average = Oros

C:\>ping 2001:db9:1:a::1

142 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc.
 Pinging 2001:db9:1:a::l with 32 bytes of data:

Reply fram 200l:db9:l:a::l: time=lms

Reply fraro 200l:db9:l:a::l: time<lms
Reply fraro 200l:db9:l:a::l: time<lms
Reply fraro 200l:db9:l:a: :1: time<lms

Ping statistics for 200l:db9:l:a::l:

Packets: Sent = 4, Received = 4, Lost = o (0% loss),
Approxirnate round trip times in milli-seconds:
Mínimum = Oms, Maximum = lms, Average = Orns
These cOlll1ll3nds need to be entered on "ollter R 1:
ipv6 access-list LANin
permit ipv6 host 200l:db9:l:l::f host 200l:db9:l:l00::l
permit ipv6 host 200l:db9:l:l::f host 200l:db9:l:200::l
interface fastethernetO/O
ipv6 traffic-filter LANin in

Task 2: Configure an Extended ACL for IPv6 (Layer 3 and Layer 4 Filtering)
These Olltpllts can be observed on rOllter pe 1:
C:\>telnet 2001:db9:1:100::l
Connecting To 200l:db9:l:l00::l •..
Rl#
Rl# exit

Connection to host lost.

These cOllllllands need to be entered on rOllter R 1:
ipv6 access-list LANin2
permit tcp host 2001:db9:1:1::f host 2001:db9:1:100::l eq telnet
permit icmp any any nd-ns
perrnit icmp any any nd-na
sequence 1000 deny ipv6 any any
interface fastethernetO/O
ipv6 traffic-filter LANin2 in

Task 3: Configure a Reflexive ACL for IPv6

These cOllllllands need to be entered on rollter R 1:
ipv6 access-list LANin2
sequence 15 permit tcp host 2001:db9:1:1::f host 2001:db9:1:a::2 eq telnet
reflect REF
sequence 20 deny ipv6 any any
ipv6 access-list WANin
evaluate REF
deny ipv6 any any
interface serialO/O/O.l
ipv6 traffic-filter WANin in

Task 4: Configure an Extended ACL for IPv6 (Extension Header Matching)

These commancls need to be entered on !'Outer R 1:
ipv6 access-list LANin2
sequence 40 deny ipv6 any any routing
sequence 50 permit icmp host 2001:db9:1:1::f host 2001:db9:1:1::1

© 2010 Cisco Systems, !nc. lab Guide 143

Task 5: Controllnbound IPv6 Access to a Router
These cOll1ll1ands need to be enlered on router R2:
ipv6 access-list VTY
permit ipv6 host 200l:db9:l:l::f any
line vty O 4
ipv6 access-class VTY in

lab 7-2 Answer Key: Implementing IPsec and IKE

When you complete this activily, your configurations will be like the results here, wilh
differences that are speciftc lo your device 01' workgroup:

Task 1: Configure IPsec

These cOll1ll1ands need to be entered on router RI:
crypto isakmp policy 10
encryption aes 256
hash sha
authentication pre-share
group 5
lifetime 3600
crypto isakmp key O tOpSeCrEt address ipv6 200l:db9:1:a::2/l28
crypto ipsec transform-set TS esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec profile IP
set transform-set TS
interface tunnelO
ipv6 address 200l:db9:3:l::l/64
tunnel source SerialO/O/O.l
tunnel destination 200l:db9:l:a::2
tunnel mode ipsec ipv6
tunnel protection ipsec profile IP
ipv6 router rip RIPl
interface fastethernetO/O
ipv6 rip RIPl enable
interface loopbackl
ipv6 rip RIPl enable
interface loopback2
ipv6 rip RIPl enable
interface tunnelO
ipv6 rip RIPl enable
These cOll1ll1al1ds l1eed to be entered 011 muler R2:
crypto isakmp policy 10
encryption aes 256
hash sha
authentication pre-share
group 5
lifetime 3600
crypto isakmp key O tOpSeCrEt address ipv6 200l:db9:1:a::l/128

144 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
 crypto ipsec transforrn-set TS esp-aes 256 esp-sha-hrnac
rnode tunnel
crypto ipsec profile IP
set transforrn-set TS
interface tunnelO
ipv6 address 2001:db9:3:1::2/64
tunnel source SerialO/O/O.l
tunnel destination 2001:db9:1:a::l
tunnel rnode ipsec ipv6
tunnel protection ipsec profile IP
ipv6 router rip RIPl
interface fastethernetO/O
ipv6 rip RIPl enable
interface loopbackl
ipv6 rip RIPl enable
interface loopback2
ipv6 rip RIPl enable
interface tunnelO
ipv6 rip RIPl enable

Lab 7-3 Answer Key: Configuring Cisco lOS Firewall

When you complete this activity, your configurations will be like the results here, with
differences that are specific to yOllr device 01' workgroup:

Task 1: Configure Cisco 105 Stateful Packet Inspection

These commands need to be entered on muter R2:
ipv6 inspect name internet tcp
ipv6 inspect name internet icmp
ipv6 inspect name internet udp
ipv6 access-list internet
deny any any
interface SerialO/O/O.l point-to-point
ipv6 inspect internet out
ipv6 traffic-filter internet in
These outputs can be observed 011 rouler PC2:
C:\>ping -n 1000 200l:db9:l:l::f

pinging 200l:db9:l:l::f with 32 bytes of data:

Reply froro 200l:db9:3:l: :f: tirne=48ms

Reply fraro 200l:db9:3:l: :f: time=48ms
Reply froID 2001:db9:3:1: :f: time=48rns
Reply from 2001:db9:3:1: :f: time=4Bms
Reply fraro 2 OO1 : db9 : 3 : 1: : f: time=48ms

R2#show ipv6 inspect sessions

Established Sessions
Session 4807C8D4 (2001:DB9:3:1:99A3:26CF:BB14:BB3E:0)=>(2001:DB9:2:1::F:0)
icmp SIS_OPEN

These outputs cal1 be observed 011 router PC3:

C:\>netstat -an I find /i "LISTENING"

© 2010 Cisco Systems, Ine. Lab Guide 145

 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP [::]:135 [::]:0 LISTENING O
These COllllllands need lo be enlered on rauter R2:
ipv6 inspect audit-trail

These cOllllllands need to be enlered on pe I :

C:\>telnet 2001:db9:3:1:29d4:7dc1:7600:18a7 135

Task 2: Implement Stateless Packet Filtering

These cOllll1lands need lo be enlered on R 1:
ipv6 access-list to_internet
permit icmp host 2001:db9:1:1::f 2001:db9:3:1::/64
deny any any
ipv6 access-list frOffi_internet
permit icmp host 2001:db9:3:1::f 2001:db9:1:1::/64
deny any any

These outpuls can be observed on rauler pe I :

C:\>ping6 2001:db9:3:1:bScb:bSa3:8Sab:a6cS

pinging 2001:db9:3:1:b5cb:b5a3:85ab:a6c5
froro 2001:db9:1:1:8051:af95:8084:e6a with 32 bytes of data:

Rep1y frero 2001:db9:3:1:b5cb:b5a3:85ab:a6c5: bytes=32 tirne=48ms

Rep1y fraro 2001:db9:3:1:b5cb:b5a3:85ab:a6c5: bytes=32 time=47ms
Reply freID 2001:db9:3:1:b5cb:b5a3:85ab:a6c5: bytes=32 time=48ms
Rep1y fraro 2001:db9:3:1:b5cb:b5a3:85ab:a6c5: bytes=32 time=48ms

ping statistics for 2001:db9:3:1:bScb:b5a3:85ab:a6c5:

Packets: Sent = 4, Received = 4, Lost = O (0% 1055),
Approximate round trip times in milli-seconds:
Mínimum = 47ms, Maximum = 48ms, Average

These cOl1l11l3nds need lo be enlered on R 1:

ipv6 access-list frorn_internet
no sequence 10
These outpuls can be observed on rauler pe I :
C:\>ping6 2001:db9:3:1:bScb:bSa3:8Sab:a6cS

Pinging 2001:db9:3:1:b5cb:b5a3:85ab:a6c5
from 2001:db9:1:1:8051:af95:8084:e6a with 32 bytes of data:

Request tirned out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2001:db9:3:1:b5cb:b5a3:85ab:a6c5:

Packets: Sent = 4, Received = O, Lost = 4 (100% loss),

146 IPv6 Fundamenlals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, lne.
Lab 9-1 Answer Key: Configuring 6PE and 6VPE
Whel1 you cOlllplele Ihis aclivily, your cOl1figuraliol1s will be like Ihe resulls here, wilh
differel1ces Ihal are specific lo your device 01' workgroup:

Task 1: Enable IPv6 Routing and Configuring of IPv6 Addressing on PE-CE Links
These cOllllllal1ds l1eed lo be el1lered 011 rouler A2v6:
ipv6 unicast-routing
interface loopback O
ipv6 address 2001:db9:a2::1/64
interface serial 0/0/0.1 point-to-point
ipv6 address fecO:0:aOOO:1::2/64
These cOllllllands need lo be enlered on rouler A3v6:
ipv6 unicast-routing
interface loopback O
ipv6 address2001:db9:a3::1/64
interface serial 0/0/0.1 point-to-point
ipv6 address fecO:0:aOOO:2::2/64
These cOllllllands need lo be enlered on rouler PE 1:
ipv6 unicast-routing
interface serial 0/0/0.2 point-to-point
ipv6 address fecO:0:aOOO:1::1/64
These cOllllllands need lo be enlered on rouler PE2:
ipv6 unicast-routing
interface serial 0/0/0.2 point-to-point
ipv6 address fecO:0:aOOO:2::1/64

Task 2: Configure IPv6 Routing Between PE Routers and CE Routers

These cOllll11ands need lo be enlered on roulers A2v6 al1d A3v6:
ipv6 router rip RIP
interface loopback O
ipv6 rip RIP enable
interface serial 0/0/0.1 point-to-point
ipv6 rip RIP enable
These cOllll11ands need to be entered 011 routers PE I and PE2:
ipv6 router rip RIP
interface serial 0/0/0.2 point-to-point
ipv6 rip RIP enable
ipv6 rip RIP default-information originate

Task 3: Configure MP-IBGP and Route Redistribution to Exchange IPv6 Routes

Between PE Routers
These cOllll11ands need lo be entered 011 rOllters PE I and PE2:
ipv6 cef
router bgp 3
address-family ipv6

© 2010 Cisco Systems, Ine. Lab Guide 147

 neighbor 192.168.3.3 activate
neighbor 192.168.3.3 send-label
redistribute rip RIP
These commands need lo be enlered on rouler PE3:
ipv6 unicast-routing
ipv6 cef
router bgp 3
address-family ipv6
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 route-reflector-client
neighbor 192.168.3.1 send-label
neighbor 192 .168.3.2 actívate
neighbor 192.168.3.2 route-reflector-client
neighbor 192.168.3.2 send-label

Task 4: Configure 6VPE on Service Provider Edge Routers

These commands need lo be enlered on rouler PE 1:
vrf definition CustomerA
rd 100:110
route-target export 100:1000
route-target import 100:1000
address-family ipv6
exit-address-family
interface SerialO/0/0.2 point-to-point
vrf forwarding CustomerA
ipv6 address fecO:0:aOOO:1::10/64
router bgp 3
neighbor 192.168.3.2 remote-as 3
neighbor 192.168.3.2 update-source LoopbackO
address-family vpnv6
neighbor 192.168.3.2 activate
neighbor 192.168.3.2 send-cornmunity both
exit-address-family
address-family ipv6 vrf CustomerA
redistribute connected
redistribute static
no synchronization
exit-address-family
ipv6 route vrf CustomerA 2001:db9:a2::/64 SerialO/0/0.2
These commands need lo be enlered on rouler PE2:
vrf definition CustomerA
rd 100:110
route-target export 100:1000
route-target import 100:1000
address-family ipv6
exit-address-family
interface serialO/0/0.2 point-to-point

148 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
 vrf forwarding CustomerA
ipv6 address fecO:O:aOOO:2::10/64
router bgp 3
neighbor 192.168.3.1 remote-as 3
neighbor 192.168.3.1 update-source LoopbackO
address-family vpnv6
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 send-cornmunity both
exit-address-family
address-family ipv6 vrf CustomerA
redistribute connected
redistribute static
no synchronization
exit-address-family
ipv6 route vrf CustomerA 2001:db9:a3::/64 SerialO/O/O.2
These c0111111ands need to be entered on router A2v6:
ipv6 route 2001:db9:a3::/64 SerialO/O/O.1
ipv6 route fecO:O:aOOO:2::/64 SerialO/O/O.1
These c0111111ands need to be entered on router A3v6:
ipv6 route 2001:db9:a2::/64 SerialO/O/O.1
ipv6 route fecO:O:aOOO:1::/64 SerialO/O/O.1

© 2010 Cisco Systems, Ine. Lab Guide 149

150 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc.