|
Cisco static configuration
![[nz]](/s/countries/nz.gif) Shadow Hawkins on Monday, 22 April 2013 21:12:28
Hello all,
My router is a Cisco 887VA connected via a VDSL2 service. The configuration is pasted below. When pinging from the router's CLI: I can ping the local IPV6 address, but not the remote IPV6 address or any other.
ip192-168-0-254#ping 2001:4428:200:127::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4428:200:127::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ip192-168-0-254#
The router has full conectivity and the tunnel's remote IPV4 address is pingable.
Diagnostics:
ip192-168-0-254#show ip interface Tunnel 1
Tunnel1 is up, line protocol is up
Internet protocol processing disabled
ip192-168-0-254#
ip192-168-0-254#show ipv6 interface Tunnel 1
Tunnel1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C0A8:FE
No Virtual link-local address(es):
Description: 6in4 tunnel to SixXS
Global unicast address(es):
2001:4428:200:127::2, subnet is 2001:4428:200:127::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FFA8:FE
MTU is 1472 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
ip192-168-0-254#
ip192-168-0-254#show start
Using 3685 out of 262136 bytes
!
! Last configuration change at 23:44:43 NZST Mon Apr 22 2013 by mhallager
! NVRAM config last updated at 23:44:45 NZST Mon Apr 22 2013 by mhallager
! NVRAM config last updated at 23:44:45 NZST Mon Apr 22 2013 by mhallager
version 15.2
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ip192-168-0-254
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 REMOVED
!
no aaa new-model
memory-size iomem 10
clock timezone NZST 12 0
clock summer-time NZDT recurring last Sun Sep 2:00 1 Sun Apr 3:00
!
!
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.99
!
ip dhcp pool DHCP-LAN
network 192.168.0.0 255.255.255.0
dns-server 202.89.44.1
default-router 192.168.0.254
lease 0 3
!
!
no ip bootp server
ip domain name localnet
ip host ip192-168-0-254 192.168.0.254
ip name-server 202.89.44.1
ip name-server 202.89.44.2
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
license udi pid CISCO887VA-K9 sn REMOVED
!
!
username REMOVED
!
!
!
!
!
controller VDSL 0
!
ip ssh version 2
!
class-map match-all voip_qos
match access-group 100
!
policy-map voip_policy
class voip_qos
priority 256
class class-default
fair-queue
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
description 6in4 tunnel to SixXS
no ip address
ip tcp adjust-mss 1420
ipv6 address 2001:4428:200:127::2/64
ipv6 enable
tunnel source Vlan1
tunnel mode ipv6ip
tunnel destination 202.21.136.122
!
interface Null0
no ip unreachables
!
interface Ethernet0
no ip address
!
interface Ethernet0.10
encapsulation dot1Q 10
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
bandwidth 1000
ip address negotiated
ip access-group filter_incoming in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1300
dialer pool 1
dialer-group 1
ppp pap sent-username REMOVED
service-policy output voip_policy
!
no ip classless
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended filter_incoming
permit 41 host 202.21.136.122 host 123.100.83.124
deny tcp any any range 135 139
deny tcp any any eq 445
deny tcp any any eq 502
permit ip any any
ip access-list extended terminal_access
REMOVED
deny tcp any any
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 REMOVED
no cdp run
ipv6 route ::/0 Tunnel1
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
login
line vty 0 4
access-class terminal_access in
exec-timeout 0 0
logging synchronous
login local
transport input ssh
!
ntp server nz.pool.ntp.org
!
end
ip192-168-0-254#
Cisco static configuration
Check your Live Tunnel Status, it shows that the PoP has been trying to ping your endpoint over IPv6 but it never received any return packet.
IPv6 is enabled, link-local address is FE80::C0A8:FE
And the hostname "ip192-168-0-254" indicate that you have a RFC1918 address, that is, your host is behind a NAT. Did you properly forward protocol-41 to this internal host on the NAT box?
permit 41 host 202.21.136.122 host 123.100.83.124
There you are only accepting packets from the PoP toward your configured endpoint; but you are not accepting any packets toward your RFC1918 address, which would block any incoming packets that are properly NATted.
Another thing is that you have configured your tunnel to an MTU of 1472. You will also have to specify this in the webinterface if that is really the MTU that you want as per default tunnels are configured to an MTU of 1280. See the FAQ for more details.
Cisco static configuration
Shadow Hawkins on Monday, 22 April 2013 22:13:06
Jeroen Massar wrote:
And the hostname "ip192-168-0-254" indicate that you have a RFC1918 address, that is, your host is behind a NAT. Did you properly forward protocol-41 to this internal host on the NAT box?
I am pinging from the router itself so the issue of NAT should not apply yet?
Another thing is that you have configured your tunnel to an MTU of 1472. You will also have to specify this in the webinterface if that is really the MTU that you want as per default tunnels are configured to an MTU of 1280. See the FAQ for more details.
This is based on what I have been advised to set because it's a VDSL2 connection. I have set the MTU to 1472 in the SixXS web interface. Is there any further configurations I should make in regards to this?
Cisco static configuration
Shadow Hawkins on Tuesday, 23 April 2013 04:15:31
Update - I have now fixed the issue with pinging the remote end tunnel IPV6 address. This was fixed by changing the source interface in the tunnel configuration to the WAN interface (Dialer0). The ping test was done at the router's CLI.
However, the suggested tests on the Sixxs Cisco Wiki page do not work:
ip192-168-0-254#ping 2a00:1450:400b:c00::63
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:1450:400B:C00::63, timeout is 2 seconds:
AAAAA
Success rate is 0 percent (0/5)
I have never seen this response before. What does it mean?
ip192-168-0-254#ping 2a00:12:34:54::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:12:34:54::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ip192-168-0-254#
Cisco static configuration
Shadow Hawkins on Tuesday, 23 April 2013 09:04:03
Please disregard the above post. Other IPV6 address are contactable.
Google Public DNS:
2001:4860:4860::8888
2001:4860:4860::8844
https://developers.google.com/speed/public-dns/docs/using
|
![[ch]](/s/countries/ch.gif)
on Monday, 22 April 2013 21:29:51
Posting is only allowed when you are