12.9.2 Lab – Configure IPv6 Addresses on Network Devices (Answers)

12.9.2 Lab – Configure IPv6 Addresses on Network Devices

Topology

12.9.2 Lab - Configure IPv6 Addresses on Network Devices (Answers) 2
12.9.2 Lab – Configure IPv6 Addresses on Network Devices (Answers) 2

Addressing Table

Device Interface IPv6 Address Prefix Length Default Gateway
R1 G0/0/0 2001:db8:acad:a::1 64 N/A
G0/0/1 2001:db8:acad:1::1 64 N/A
S1 VLAN 1 2001:db8:acad:1::b 64 N/A
PC-A NIC 2001:db8:acad:1::3 64 fe80::1
PC-B NIC 2001:db8:acad:a::3 64 fe80::1

Objectives

  • Part 1: Set Up Topology and Configure Basic Router and Switch Settings
  • Part 2: Configure IPv6 Addresses Manually
  • Part 3: Verify End-to-End Connectivity

Background / Scenario

In this lab, you will configure hosts and device interfaces with IPv6 addresses. You will issue show commands to view IPv6 unicast addresses. You will also verify end-to-end connectivity using ping and traceroute commands.

Note: The routers used with CCNA hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 2960s with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.

Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Instructions for Packet Tracer: Delete/erase the startup configuration for the Router/Switch.

Router# erase startup-config
Router# reload
Switch# delete flash:vlan.dat
Switch# erase startup-config
Switch# reload

Note: The default 2960 Switch Database Manager (SDM) template does not support IPv6. It may be necessary to issue the command sdm prefer dual-ipv4-and-ipv6 default to enable IPv6 addressing before applying an IPv6 address to the VLAN 1 SVI.

Note: The default bias template used by the Switch Database Manager (SDM) does not provide IPv6 address capabilities. Verify that SDM is using either the dual-ipv4-and-ipv6 template or the lanbase-routing template. The new template will be used after reboot.

S1# show sdm prefer

Follow these steps to assign the dual-ipv4-and-ipv6 template as the default SDM template:

S1# configure terminal
S1(config)# sdm prefer dual-ipv4-and-ipv6 default
S1(config)# end
S1# reload

Required Resources

  • 1 Router (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
  • 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
  • 2 PCs (Windows with terminal emulation program, such as Tera Term)
  • Console cables to configure the Cisco IOS devices via the console ports
  • Ethernet cables as shown in the topology

Note: The Gigabit Ethernet interfaces on Cisco 4221 routers are autosensing and an Ethernet straight-through cable may be used between the router and PC-B. If using another model Cisco router, it may be necessary to use an Ethernet crossover cable.

Instructions

Part 1: Cable the Network and Configure Basic Router and Switch Settings

After cabling the network, initializing and reloading the router and switch, complete the following:

Step 1: Configure the router.

Assign the hostname and configure basic device settings.

Step 2: Configure the switch.

Assign the hostname and configure basic device settings.

Instructions for Packet Tracer:

<pre class="code_answer">enable
config terminal

hostname R1
enable secret class

banner motd $Unauthorized access is prohibited!$

line con 0
password ccna
login

line vty 0 4
password ccna
login

service password-encryption

no ip domain lookup

end</pre>
<pre class="code_answer">enable
config terminal

hostname S1
enable secret class

banner motd $Unauthorzed access is prohibited!$

line con 0
password ccna
login

line vty 0 15
password ccna
login

service password-encryption

no ip domain-lookup

end</pre>

Part 2: Configure IPv6 Addresses Manually

Step 1: Assign the IPv6 addresses to Ethernet interfaces on R1.

a. Assign the IPv6 global unicast addresses, listed in the Addressing Table, to both Ethernet interfaces on R1.

R1(config)# interface g0/0/0
R1(config-if)# ipv6 address 2001:db8:acad:a::1/64
R1(config-if)# no shutdown
R1(config-if)# interface g0/0/1
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown
R1(config-if)# end

Instructor Note: The IPv6 global prefix 2001:db8::/32 is a reserved prefix for use in documentation, as described in RFC 3849.

b. Verify that the correct IPv6 unicast address is assigned to each interface.

R1# show ipv6 interface brief
Em0/0                  [administratively down/down]
    unassigned
GigabitEthernet0/0/0     [up/up]
    FE80::D68C:B5FF:FECE:A0C0
    2001:DB8:ACAD:A::1
GigabitEthernet0/0/1     [up/up]
    FE80::D68C:B5FF:FECE:A0C1
    2001:DB8:ACAD:1::1
<output omitted>

Note: The link-local address (fe80::) displayed is based on EUI-64 addressing, which automatically uses the interface Media Access Control (MAC) address to create a 128-bit IPv6 link-local address.

c. To get the link-local address to match the global unicast address on the interface, manually enter the link-local addresses on each of the Ethernet interfaces on R1.

R1# config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# interface g0/0/0
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# interface g0/0/1
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# end

Note: Each router interface belongs to a separate network. Packets with a link-local address never leave the local network; therefore, you can use the same link-local address on both interfaces.

d. Use a command of your choice to verify that the link-local address has been changed to fe80::1.

R1# show ipv6 interface g0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::1
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:ACAD:A::1, subnet is 2001:DB8:ACAD:A::/64 
  Joined group address(es):
    FF02::1
    FF02::1:FF00:1
  MTU is 1500 bytes
<output omitted>

Which two multicast groups have been assigned to interface G0/0/0?
The all-nodes multicast group (FF02::1) and the Solicited Nodes multicast group (ff02::1:ff00:1).

Step 2: Enable IPv6 routing on R1.

a. On a PC-B command prompt, enter the ipconfig command to examine IPv6 address information assigned to the PC interface.

Has an IPv6 unicast address been assigned to the network interface card (NIC) on PC-B?
No

b. Enable IPv6 routing on R1 using the IPv6 unicast-routing command.

R1 # configure terminal
R1(config)# ipv6 unicast-routing
R1(config)# exit

c. Use a command to verify the new multicast group are assigned to interface G0/0/0. Notice that the all-router multicast group (ff02::2) now appears for interface G0/0/0.

Note: This will allow the PCs to obtain their IP address and default gateway information automatically using Stateless Address Autoconfiguration (SLAAC).

R1# show ipv6 interface g0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::1
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:ACAD:A::1, subnet is 2001:DB8:ACAD:A::/64 [EUI]
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:1
  MTU is 1500 bytes
<partial output omitted>
Hosts use stateless autoconfig for addresses.

d. Now that R1 is part of the all-router multicast group FF02::2, re-issue the ipconfig command on PC-B and examine the IPv6 address information.

Why did PC-B receive the Global Routing Prefix and Subnet ID that you configured on R1?

On R1 all IPv6 interfaces are now part of the All-router multicast group, FF02::2. This allows it to send Router Advertisement (RA) messages with the Global Network Address and Subnet ID information to all nodes on the LAN. Notice that R1 also sent the link-local address, fe80::1, as the Default Gateway. The PCs will receive their IPv6 addresses and default gateway via SLAAC as long as the advertised prefix length is 64 bits .

Step 3: Assign IPv6 addresses to the management interface (SVI) on S1.

a. Assign the IPv6 address for S1. Also assign a link-local address for this interface.

S1(config)# interface vlan 1
S1(config-if)# ipv6 address 2001:db8:acad:1::b/64
S1(config-if)# ipv6 address fe80::b link-local
S1(config-if)# end

b. Use a command of your choice to verify that the IPv6 addresses are properly assigned to the management interface.

S1# show ipv6 interface vlan1
Vlan1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::B
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:ACAD:1::B, subnet is 2001:DB8:ACAD:1::/64
  Joined group address(es):
    FF02::1
    FF02::1:FF00:B
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Output features: Check hwidb
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND NS retransmit interval is 1000 milliseconds

Step 4: Assign static IPv6 addresses to the PCs.

a. Open the Ethernet Properties window on for each PC and assign IPv6 addressing.

b. Verify both PCs have the correct IPv6 address information. Each PC should have two Global IPv6 addresses: one static and one SLACC

Part 3: Verify End-to-End Connectivity

From PC-A, ping fe80::1. This is the link-local address assigned to G0/0/1 on R1.

Ping the S1 management interface from PC-A.

Use the tracert command on PC-A to verify that you have end-to-end connectivity to PC-B.

From PC-B, ping PC-A.

From PC-B, ping the link-local address for G0/0/0 on R1.

Note: If end-to-end connectivity is not established, troubleshoot your IPv6 address assignments to verify that you entered the addresses correctly on all devices.

Reflection Questions

1. Why can the same link-local address, fe80::1, be assigned to both Ethernet interfaces on R1?

Link-local packets never leave the local network, so the same link-local address can be used on an interface associated to a different local network.

2. What is the Subnet ID of the IPv6 unicast address 2001:db8:acad::aaaa:1234/64?

0 (zero) or 0000 (zeros). The fourth hextet is the Subnet ID of an IPv6 address with a prefix of /64. In the example, the fourth hextet contains all zeros and the IPv6 Omitting All 0 Segment rule is using the double colon to depict the Subnet ID and the first two hextets of the Interface ID. This is why the subnet of the Global unicast address of 2001:acad::aaaa:1234/64 is 2001:db8:acad::/64

Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
4221 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
4300 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Device Configs

Router R1 (After part 1 of this lab)

R1# show run
Building configuration...

Current configuration : 1443 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C
**********************************************
* Warning: Unauthorized access is prohibited! *
**********************************************
^C
!
line con 0
 password 7 01100F175804
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password 7 104D000A0618
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

Switch S1 (After part 1 of this lab)

S1# show run
Building configuration...

Current configuration : 1624 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
!
ip http server
ip http secure-server
!
banner motd ^C
**********************************************
* Warning: Unauthorzed access is prohibited! *
**********************************************
^C
!
line con 0
 password 7 121A0C041104
 login
line vty 0 4
 password 7 121A0C041104
 login
line vty 5 15
 password 7 121A0C041104
 login
!
end

Router R1 (Final)

R1# show run
Building configuration...

Current configuration : 1577 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown 
!
interface GigabitEthernet0/0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address fe80::1 link-local
 ipv6 address 2001:db8:acad:a::1/64
!
interface GigabitEthernet0/0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address fe80::1 link-local
 ipv6 address 2001:db8:acad:1::1/64
!
interface Serial0/0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown 
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C
**********************************************
* Warning: Unauthorzed access is prohibited! *
**********************************************
^C
!
line con 0
 password 7 01100F175804
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password 7 104D000A0618
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

Switch S1 (Final)

* Warning: Unauthorzed access is prohibited! *
**********************************************
^C
!
line con 0
 password 7 121A0C041104
 login
line vty 0 4
 password 7 121A0C041104
 login
line vty 5 15
 password 7 121A0C041104
 login
!
end

Download Packet Tracer (.pka) file

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.