Friday, February 21, 2020

Cisco DHCPv6 Server Configuration

In this tutorial we’ll take a look at DHCPv6 so we can automatically assign IPv6 addresses to our hosts. The functionality of DHCPv6 is the same as DHCP for IPv4 but there are some differences. First of all, DHCPv6 supports two different methods:
  • Stateful configuration
  • Stateless configuration (also known as SLAAC…StateLess AutoConfiguration)
The stateful version of DHCPv6 is pretty much the same as for IPv4. Our DHCPv6 server will assign IPv6 addresses to all DHCPv6 clients and it will keep track of the bindings. In short, the DHCPv6 servers knows exactly what IPv6 address has been assigned to what host.
Stateless works a bit different…the DHCPv6 server does not assign IPv6 addresses to the DHCPv6 clients, this is done through autoconfiguration. The DHCPv6 server is only used to assign information that autoconfiguration doesn’t….stuff like a domain-name, multiple DNS servers and all the other options that DHCP has to offer.
The other difference is the number of messages that DHCPv6 uses:
  • Normal: 4 messages called solicit, advertise, request and reply.
  • Rapid: 2 messages, only solicit and reply.
By default it uses normal mode, if you want the rapid mode you have to enable it on both the DHCPv6 server and client.
You might be wondering why there is a normal and rapid mode, so did I…RFC 4039 says that the rapid mode is useful in “high mobility” networks where clients come and go often. The overhead of 4 messages might not be required so 2 messages is enough to do the job. If you have multiple DHCPv6 servers (for redundancy) then you need to use the normal mode (4 messages). Seeing the advantage of both modes might be fun for a tutorial in the future, for now…let’s start with the basics and configure our DHCPv6 server!

DHCPv6 Server Configuration

To demonstrate DHCPv6 I will use the following topology:
DHCPv6 Server Stateful Stateless Example
Our DHCPv6 router has two interfaces, the one connected to R1 will be used for stateful DHCPv6 and the interface connected to R2 will be used for stateless. You can also see the prefixes that I will use.
Before you can do anything with IPv6, make sure that unicast routing is enabled:
DHCPV6(config)#ipv6 unicast-routing
Now we can configure the DHCPv6 pools…

DHCPv6 Stateful Configuration

Let’s configure the stateful pool, it is similar to doing this for IPv4:
DHCPV6(config)#ipv6 dhcp pool STATEFUL
DHCPV6(config-dhcpv6)#address prefix 2001:1111:1111:1111::/64
DHCPV6(config-dhcpv6)#dns-server 2001:4860:4860::8888
DHCPV6(config-dhcpv6)#domain-name NETWORKLESSONS.LOCAL
The pool is called “STATEFUL” and besides the prefix I configured a DNS server (that’s google DNS) and a domain name. To activate this, we have to make some changes to the interface:
DHCPV6(config)#interface FastEthernet 0/0
DHCPV6(config-if)#ipv6 address 2001:1111:1111:1111::1/64
DHCPV6(config-if)#ipv6 dhcp server STATEFUL
DHCPV6(config-if)#ipv6 nd managed-config-flag
DHCPV6(config-if)#ipv6 nd prefix 2001:1111:1111:1111::/64 14400 14400 no-autoconfig
On the interface you have to add the ipv6 dhcp server command and tell it what pool it has to use. The ipv6 nd managed-config-flag sets a flag in the router advertisement that tells the hosts that they could use DHCPv6. The last command that ends with no-autoconfig tells the hosts not to use stateless configuration.
That’s all we have to do on the DHCPv6 server, let’s move on to the stateless configuration.

DHCPv6 Stateless Configuration

First we’ll make a pool:
DHCPV6(config)#ipv6 dhcp pool STATELESS
DHCPV6(config-dhcpv6)#dns-server 2001:4860:4860::8888
DHCPV6(config-dhcpv6)#domain-name NETWORKLESSONS.LOCAL
As you can see I didn’t configure a prefix…I don’t have to since autoconfiguration will be used by the client to fetch the prefix. Let’s enable it on the interface:
DHCPV6(config)#interface FastEthernet 0/1
DHCPV6(config-if)#ipv6 address 2001:2222:2222:2222::2/64
DHCPV6(config-if)#ipv6 dhcp server STATELESS
DHCPV6(config-if)#ipv6 nd other-config-flag
We use the same command to activate the pool on the interface but there is one extra item. The ipv6 nd other-config-flag is required as it will inform clients through RA (Router Advertisement) messages that they have to use DHCPv6 to receive extra information like the domain name and DNS server after they used autoconfiguration.
That’s all we have to do on the server, you can view the DHCPv6 pools like this if you want:
DHCPV6#show ipv6 dhcp pool 
DHCPv6 pool: STATEFUL
  Address allocation prefix: 2001:1111:1111:1111::/64 valid 172800 preferred 86400 (0 in use, 0 conflicts)
  DNS server: 2001:4860:4860::8888
  Domain name: NETWORKLESSONS.LOCAL
  Active clients: 0
DHCPv6 pool: STATELESS
  DNS server: 2001:4860:4860::8888
  Domain name: NETWORKLESSONS.LOCAL
  Active clients: 0
You can see both pools, our stateful pool with the prefix and the stateless pool without. Before I configure the clients, I will enable a debug so we can see some of the messages in realtime:
DHCPV6#debug ipv6 dhcp 
   IPv6 DHCP debugging is on
Let’s configure the clients now…

DHCPv6 Client Configuration

R1 will be the stateful client and R2 is the stateless client, let’s do R1 first…

DHCPv6 Stateful Client Configuration

There are two things that we have to do, first you need to enable IPv6 on the interface and secondly, tell it to get an IPv6 address through DHCP:
R1(config)#interface FastEthernet 0/0
R1(config-if)#ipv6 enable 
R1(config-if)#ipv6 address dhcp
Let’s see if it has an IPv6 address:
R1#show ipv6 interface brief
FastEthernet0/0            [up/up]
    FE80::21D:A1FF:FE8B:36D0
    2001:1111:1111:1111:255A:E159:32AF:5E42
That’s looking good, you can see that it has an IPv6 address with the 2001:1111:1111:1111::/64 prefix. There’s another nice command that shows us what else we received:
R1#show ipv6 dhcp interface FastEthernet 0/0
FastEthernet0/0 is in client mode
  Prefix State is IDLE
  Address State is OPEN
  Renew for address will be sent in 11:59:10
  List of known servers:
    Reachable via address: FE80::216:C7FF:FEBE:EC8
    DUID: 000300010016C7BE0EC8
    Preference: 0
    Configuration parameters:
      IA NA: IA ID 0x00030001, T1 43200, T2 69120
        Address: 2001:1111:1111:1111:255A:E159:32AF:5E42/128
                preferred lifetime 86400, valid lifetime 172800
                expires at Jul 19 2014 08:30 PM (172750 seconds)
      DNS server: 2001:4860:4860::8888
      Domain name: NETWORKLESSONS.LOCAL
      Information refresh time: 0
  Prefix Rapid-Commit: disabled
  Address Rapid-Commit: disabled
The show ipv6 dhcp interface command shows us what DNS and domain information we received, this is looking good. Meanwhile you can see this on the server:
DHCPV6#
IPv6 DHCP: Received SOLICIT from FE80::21D:A1FF:FE8B:36D0 on FastEthernet0/0
IPv6 DHCP: Using interface pool STATEFUL
IPv6 DHCP: Creating binding for FE80::21D:A1FF:FE8B:36D0 in pool STATEFUL
IPv6 DHCP: Binding for IA_NA 00030001 not found
IPv6 DHCP: Allocating IA_NA 00030001 in binding for FE80::21D:A1FF:FE8B:36D0
IPv6 DHCP: Looking up pool 2001:1111:1111:1111::/64 entry with username '00030001001DA18B36D000030001'
IPv6 DHCP: Poolentry for user not found
IPv6 DHCP: Allocated new address 2001:1111:1111:1111:255A:E159:32AF:5E42
IPv6 DHCP: Allocating address 2001:1111:1111:1111:255A:E159:32AF:5E42 in binding for FE80::21D:A1FF:FE8B:36D0, IAID 00030001
IPv6 DHCP: Updating binding address entry for address 2001:1111:1111:1111:255A:E159:32AF:5E42
IPv6 DHCP: Setting timer on 2001:1111:1111:1111:255A:E159:32AF:5E42 for 60 seconds
IPv6 DHCP: Source Address from SAS FE80::216:C7FF:FEBE:EC8

IPv6 DHCP: Sending ADVERTISE to FE80::21D:A1FF:FE8B:36D0 on FastEthernet0/0
IPv6 DHCP: Received REQUEST from FE80::21D:A1FF:FE8B:36D0 on FastEthernet0/0
IPv6 DHCP: Using interface pool STATEFUL
IPv6 DHCP: Looking up pool 2001:1111:1111:1111::/64 entry with username '00030001001DA18B36D000030001'
IPv6 DHCP: Poolentry for user found
IPv6 DHCP: Found address 2001:1111:1111:1111:255A:E159:32AF:5E42 in binding for FE80::21D:A1FF:FE8B:36D0, IAID 00030001
IPv6 DHCP: Updating binding address entry for address 2001:1111:1111:1111:255A:E159:32AF:5E42
IPv6 DHCP: Setting timer on 2001:1111:1111:1111:255A:E159:32AF:5E42 for 172800 seconds
IPv6 DHCP: Source Address from SAS FE80::216:C7FF:FEBE:EC8
IPv6 DHCP: Sending REPLY to FE80::21D:A1FF:FE8B:36D0 on FastEthernet0/0
Above you can see the 4 messages (solicit, advertise, request and reply) because we are using normal mode. Let’s switch the server and client to rapid mode so you can see the difference:
DHCPV6(config)#interface FastEthernet 0/0
DHCPV6(config-if)#ipv6 dhcp server STATEFUL rapid-commit
We have to change this on the interface level, same for the client:
R1(config)#interface FastEthernet 0/0
R1(config-if)#ipv6 address dhcp rapid-commit
This is what the debug looks like now:
DHCPV6#
IPv6 DHCP: Received SOLICIT from FE80::21D:A1FF:FE8B:36D0 on FastEthernet0/0
IPv6 DHCP: Using interface pool STATEFUL
IPv6 DHCP: Creating binding for FE80::21D:A1FF:FE8B:36D0 in pool STATEFUL
IPv6 DHCP: Allocating IA_NA 00030001 in binding for FE80::21D:A1FF:FE8B:36D0
IPv6 DHCP: Looking up pool 2001:1111:1111:1111::/64 entry with username '00030001001DA18B36D000030001'
IPv6 DHCP: Poolentry for user not found
IPv6 DHCP: Allocated new address 2001:1111:1111:1111:5D5B:C84C:9648:9D1F
IPv6 DHCP: Allocating address 2001:1111:1111:1111:5D5B:C84C:9648:9D1F in binding for FE80::21D:A1FF:FE8B:36D0, IAID 00030001
IPv6 DHCP: Updating binding address entry for address 2001:1111:1111:1111:5D5B:C84C:9648:9D1F
IPv6 DHCP: Setting timer on 2001:1111:1111:1111:5D5B:C84C:9648:9D1F for 172800 seconds
IPv6 DHCP: Source Address from SAS FE80::216:C7FF:FEBE:EC8
IPv6 DHCP: Sending REPLY to FE80::21D:A1FF:FE8B:36D0 on FastEthernet0/0
2 messages instead of 4, that’s it…you now have seen the difference between normal and rapid mode. Let’s move on to the stateless client!

DHCPv6 Stateless Client Configuration

We already prepared the server so it’s just the client, this is what we do on R2:
R2(config)#interface FastEthernet 0/0
R2(config-if)#ipv6 enable
R2(config-if)#ipv6 address autoconfig
This time I have to use the ipv6 address autoconfig command since we use autoconfiguration to get an IPv6 address. Let’s see if that worked:
R2#show ipv6 interface brief
FastEthernet0/0            [up/up]
    FE80::217:5AFF:FEED:7AF1
    2001:2222:2222:2222:217:5AFF:FEED:7AF1
Great, we received an address. This is what the debug on the server looks like:
DHCPV6#
IPv6 DHCP: Add routes, pool STATELESS, idb FastEthernet0/1
IPv6 DHCP: Received INFORMATION-REQUEST from FE80::217:5AFF:FEED:7AF1 on FastEthernet0/1
IPv6 DHCP: Using interface pool STATELESS
IPv6 DHCP: Source Address from SAS FE80::216:C7FF:FEBE:EC9
IPv6 DHCP: Sending REPLY to FE80::217:5AFF:FEED:7AF1 on FastEthernet0/1
It receives an information request which basically means that the clients wants to know about the “extra” stuff that the DHCPv6 pool has to offer. In our example that’s the DNS server and the domain name. Let’s check if the client received those:
R2#show ipv6 dhcp interface FastEthernet 0/0
FastEthernet0/1 is in client mode
  Prefix State is IDLE (0)
  Information refresh timer expires in 23:57:37
  Address State is IDLE
  List of known servers:
    Reachable via address: FE80::216:C7FF:FEBE:EC9
    DUID: 000300010016C7BE0EC8
    Preference: 0
    Configuration parameters:
      DNS server: 2001:4860:4860::8888
      Domain name: NETWORKLESSONS.LOCAL
      Information refresh time: 0
  Prefix Rapid-Commit: disabled
  Address Rapid-Commit: disabled
That’s good, it learned about the DNS server and the domain name. What does the pool look like on the server?
DHCPV6#show ipv6 dhcp pool 
DHCPv6 pool: STATEFUL
  Address allocation prefix: 2001:1111:1111:1111::/64 valid 172800 preferred 86400 (1 in use, 0 conflicts)
  DNS server: 2001:4860:4860::8888
  Domain name: NETWORKLESSONS.LOCAL
  Active clients: 1
DHCPv6 pool: STATELESS
  DNS server: 2001:4860:4860::8888
  Domain name: NETWORKLESSONS.LOCAL
  Active clients: 0
This is a good example as it shows you that the DHCPv6 servers sees an active client for the stateful pool but not for the stateless pool.
hostname DHCPV6
!
ipv6 unicast-routing
!
ipv6 dhcp pool STATEFUL
 address prefix 2001:1111:1111:1111::/64
 dns-server 2001:4860:4860::8888
 domain-name NETWORKLESSONS.LOCAL
!
ipv6 dhcp pool STATELESS
 dns-server 2001:4860:4860::8888
 domain-name NETWORKLESSONS.LOCAL
!
interface FastEthernet 0/0
 ipv6 address 2001:1111:1111:1111::1/64
 ipv6 dhcp server STATEFUL
 ipv6 nd managed-config-flag
 ipv6 nd prefix 2001:1111:1111:1111::/64 14400 14400 no-autoconfig
!
interface FastEthernet 0/1
 ipv6 address 2001:2222:2222:2222::2/64
 ipv6 dhcp server STATELESS
 ipv6 nd other-config-flag
!
end
hostname R1
!
interface FastEthernet 0/0
 ipv6 enable 
 ipv6 address dhcp 
!
end
hostname R2
!
interface FastEthernet 0/0
 ipv6 enable 
 ipv6 address autoconfig
!
end

And that’s the end of this tutorial! You have seen stateful and stateless configuration and the difference between normal and rapid mode. I hope you enjoyed this tutorial, if you did please share it with your friends or colleagues!
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)