dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
75

whfsdude
Premium Member
join:2003-04-05
Washington, DC

2 recommendations

whfsdude to cp

Premium Member

to cp

Re: [IPv6] DHCP on Cisco 881 IPv6

I think you need to allow dhcp6 w/o a stateful rule on your wan-in ACL which is udp.

Edit: corrected ports.

permit udp any eq 546 any eq 547

cp
Premium Member
join:2004-05-14
Wheaton, IL

1 recommendation

cp

Premium Member

That did the trick! Thanks whfsdude!

Below is most of my config for my 881 in case anyone is interested. Working really well so far.



router01#sh run
Building configuration...

Current configuration : 4464 bytes
!
version 15.2
!
boot-start-marker
boot system flash c880data-universalk9-mz.152-3.T.bin
boot-end-marker
!
no aaa new-model
!
!
!
ip dhcp excluded-address 172.20.1.0 172.20.1.99
ip dhcp excluded-address 172.20.1.150 172.20.1.255
!
ip dhcp pool pool172
import all
network 172.20.1.0 255.255.255.0
default-router 172.20.1.1
dns-server 208.67.222.222 208.67.220.220
!
!
ip domain name router.local
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 inspect name traffic tcp
ipv6 inspect name traffic udp
ipv6 inspect name traffic icmp
ipv6 dhcp pool poolv6
dns-server 2620:0:CCC::2
dns-server 2620:0:CCD::2
!
!
!
controller Cellular 0
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
switchport mode trunk
no ip address
!
interface FastEthernet2
switchport mode trunk
no ip address
!
interface FastEthernet3
switchport mode trunk
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address autoconfig default
ipv6 enable
ipv6 dhcp client pd comcast-ipv6
ipv6 traffic-filter wan-in in
ipv6 traffic-filter wan-out out
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
ip address 172.20.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ipv6 address comcast-ipv6 ::/64 eui-64
ipv6 nd other-config-flag
ipv6 dhcp server poolv6
!
!
ip nat inside source list 23 interface FastEthernet4 overload
!
access-list 23 permit 172.20.1.0 0.0.0.255
no cdp run
!
!
ipv6 access-list wan-in
permit icmp any any
evaluate reflectout
permit udp any any eq 546
permit udp any any eq 547
!
ipv6 access-list wan-out
permit icmp any any
permit tcp any any reflect reflectout
permit udp any any reflect reflectout
!
!
end


NetDog
Premium Member
join:2002-03-04
Hollywood, FL

NetDog to whfsdude

Premium Member

to whfsdude
said by whfsdude:

I think you need to allow dhcp6 w/o a stateful rule on your wan-in ACL which is udp.

Edit: corrected ports.

permit udp any eq 546 any eq 547

Thanks for the info I was going to pull my router tonight and get him what I needed to allow.. I will still look but I think that was it.

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude

Premium Member

said by NetDog:

Thanks for the info I was going to pull my router tonight and get him what I needed to allow.. I will still look but I think that was it.

When you lab it out tonight, try without port 547. It is likely not needed but I wasn't sure enough so I went with both to eliminate confusion.

cp
Premium Member
join:2004-05-14
Wheaton, IL

cp

Premium Member

Because 547 is technically caught by the stateful out rules?

whfsdude
Premium Member
join:2003-04-05
Washington, DC

whfsdude

Premium Member

said by cp:

Because 547 is technically caught by the stateful out rules?

Yup! At least that's my thought.

cp
Premium Member
join:2004-05-14
Wheaton, IL

1 recommendation

cp

Premium Member

It appears to be working without 547