Configuring IPv6 for Cisco IOS

[email protected]

With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco

study guides in print, we continue to look for ways we can better serve the

information needs of our readers. One way we do that is by listening.

Readers like yourself have been telling us they want an Internet-based ser￾vice that would extend and enhance the value of our books. Based on

reader feedback and our own strategic plan, we have created a Web site

that we hope will exceed your expectations.

[email protected] is an interactive treasure trove of useful infor￾mation focusing on our book topics and related technologies. The site

offers the following features:

■ One-year warranty against content obsolescence due to vendor

product upgrades. You can access online updates for any affected

chapters.

■ “Ask the Author” customer query forms that enable you to post

questions to our authors and editors.

■ Exclusive monthly mailings in which our experts provide answers to

reader queries and clear explanations of complex material.

■ Regularly updated links to sites specially selected by our editors for

readers desiring additional reliable information on key topics.

Best of all, the book you’re now holding is your key to this amazing site.

Just go to www.syngress.com/solutions, and keep this book handy when

you register to verify your purchase.

Thank you for giving us the opportunity to serve your needs. And be sure

to let us know if there’s anything else we can do to help you get the

maximum value from your investment. We’re listening.

www.syngress.com/solutions

208_IPv6_FM.qxd 6/17/02 5:23 PM Page i

208_IPv6_FM.qxd 6/17/02 5:23 PM Page ii

1 YEAR UPGRADE

BUYER PROTECTION PLAN

Configuring

Sam Brown

Brian Browne

Neal Chen

Paul J. Fong

Robbie Harrell

Eric Knipp

Bart Saylors

Rob Webber

Edgar Parenti, Jr. Technical Editor

IPv6

Cisco IOS

for

208_IPv6_FM.qxd 6/17/02 5:23 PM Page iii

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or

production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results

to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work

is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state

to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or

other incidental or consequential damages arising out from the Work or its contents. Because some

states do not allow the exclusion or limitation of liability for consequential or incidental damages, the

above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when

working with computers, networks, data, and files.

Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” and “Ask the

Author UPDATE®,” are registered trademarks of Syngress Publishing, Inc. “Mission Critical™,”“Hack

Proofing®,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress

Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of

their respective companies.

KEY SERIAL NUMBER

001 44BVHTR46T

002 AKTRT4YHE4

003 KUH4T945T5

004 87U86T6NVH

005 NFGTE4RNAS

006 SGD34B39F4

007 Q2F9R565MR

008 MSVX63N54N

009 GT6YH2BDFC

010 83N5M4B3ES

PUBLISHED BY

Syngress Publishing, Inc.

800 Hingham Street

Rockland, MA 02370

Configuring IPv6 for Cisco IOS

Copyright © 2002 by Syngress Publishing, Inc.All rights reserved. Printed in the United States of

America. Except as permitted under the Copyright Act of 1976, no part of this publication may be

reproduced or distributed in any form or by any means, or stored in a database or retrieval system,

without the prior written permission of the publisher, with the exception that the program listings

may be entered, stored, and executed in a computer system, but they may not be reproduced for

publication.

Printed in the United States of America

1 2 3 4 5 6 7 8 9 0

ISBN: 1-928994-84-9

Technical Editor: Edgar Parenti, Jr. Cover Designer: Michael Kavish

Technical Reviewer:Tony Bautts Page Layout and Art by: Shannon Tozier

Acquisitions Editor: Catherine B. Nolan Copy Editors:Alexandra Kent and Michelle Melani

Developmental Editor: Kate Glennon Indexer: J. Edmund Rush

Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

208_IPv6_FM.qxd 6/17/02 5:23 PM Page iv

v

Acknowledgments

We would like to acknowledge the following people for their kindness and support

in making this book possible.

Ralph Troupe, Rhonda St. John, Emlyn Rhodes, and the team at Callisma for their

invaluable insight into the challenges of designing, deploying and supporting world￾class enterprise networks.

Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin

Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell, Sandra

Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly,Andrea Tetrick,

Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers

Group West for sharing their incredible marketing experience and expertise.

Jacquie Shanahan,AnnHelen Lindeholm, David Burton, Febea Marinetti, and Rosie

Moss of Elsevier Science for making certain that our vision remains worldwide in

scope.

Annabel Dent and Paul Barry of Elsevier Science/Harcourt Australia for all their help.

David Buckland,Wendi Wong, Marie Chieng, Lucy Chong, Leslie Lim,Audrey Gan,

and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive

our books.

Kwon Sung June at Acorn Publishing for his support.

Ethan Atkin at Cranbury International for his help in expanding the Syngress

program.

Jackie Gross, Gayle Voycey,Alexia Penny,Anik Robitaille, Craig Siddall, Darlene

Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates

for all their help and enthusiasm representing our product in Canada.

Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at

Jaguar Book Group for their help with distribution of Syngress books in Canada.

208_IPv6_FM.qxd 6/17/02 5:23 PM Page v

208_IPv6_FM.qxd 6/17/02 5:23 PM Page vi

vii

Contributors

Sam Brown (CCNP, CCDP, MCSE, MCP+I, CNE, Citrix CCA) is a

Consultant with Callisma where he provides technical consulting to a

variety of Callisma clients. His specialties include Network Management

Systems (NMS) planning and implementation, Cisco routers and LAN

switches, Microsoft NT and Novell design and implementation, network

planning, network architecture and design, and network troubleshooting

and optimization. Sam’s background includes positions as a Network

Analyst for Opryland USA in Nashville,TN, and and as a Senior

Network Engineer at Frost Bank in Fiesta,TX. Sam makes his home

in Denver, CO.

Brian Browne (CISSP) is a Senior Consultant with Callisma providing

senior-level strategic and technical security consulting to Callisma clients.

He has 12 years of experience in the field of information systems security

and is skilled in all phases of the security lifecycle.A former independent

consultant, Brian has provided security consulting expertise for multiple

Fortune 500 clients, and has been published in Business Communications

Review magazine. His security experience includes network security, fire￾wall architectures,Virtual Private Networks (VPNs), Intrusion Detection

Systems (IDSs), UNIX security,Windows NT security, and Public Key

Infrastructure (PKI). Brian resides in Willow Grove, PA with his wife Lisa

and daughter Marisa.

Neal Chen (CCNP, CCNA) is a Consultant with Callisma providing

strategic and technical consulting to all Callisma clients in the Northeast

region of the United States. His specialties include Cisco routers and

LAN switches, Cisco and Nortel Dense Wavelength Division

Multiplexing (DWDM) and SONET equipment, strategic network plan￾ning, network architecture and design, and network troubleshooting and

optimization. Neal’s background also includes a position as a Network

Engineer at Raytheon Corporation.

208_IPv6_FM.qxd 6/17/02 5:23 PM Page vii

viii

Paul J. Fong (CCDP, CCNP) is a Senior Consultant for Callisma where

he provides strategic and technical consulting to service provider clients.

Paul’s background includes positions as an Advisory Systems Analyst at IBM

where he developed a network monitoring system for NASA Space Shuttle

telemetry, and as a senior member of the technical staff at MCI Worldcom

where he played a key role in the development of the SRDF-over-IP pro￾tocol. Paul holds a Bachelor’s and a Master’s degree from Stanford

University.While pursuing his studies, Paul developed speech recognition

software at the Xerox Palo Alto Research Center as a research associate and

published his work in IEEE Transactions on Systems, Man and Cybernetics. Paul

is a member of the Colorado Springs Cisco Users Group and lives in

Monument, CO, with his wife Sharon and their daughter Shana.

Robbie Harrell (CCIE #3873) is a Principle Architect with Callisma in

Atlanta, GA. He has over 10 years of experience and provides strategic,

business, and technical consulting services to clients. Robbie specializes in

the design and implementation of complex solutions necessary to meet

business objectives in the enterprise and service provider market space.

His expertise is in routing and switching, and strategic planning. Robbie’s

background includes positions as a Principle Consultant at International

Network Services, Lucent, and Frontway.

Eric Knipp (CCNP, CCDP, CCNA, CCDA, MCSE, MCP+I) is a

Consultant with Callisma. He is currently engaged in a broadband opti￾mization project for a major U.S. backbone service provider. He special￾izes in IP telephony and convergence, Cisco routers, LAN switches, well

as Microsoft NT, and network design and implementation. Eric has also

passed both the CCIE Routing and Switching written exam as well as

the CCIE Communications and Services Optical qualification exam and

is currently preparing to take the CCIE lab later this year. Eric’s back￾ground includes positions as a Project Manager for a major international

law firm, and a Project Manager for NORTEL. Eric has contributed to

the Syngress publications Cisco AVVID and IP Telephony Design and

Implementation (ISBN: 1-928994-83-0), Managing Cisco Network Security,

Second Edition (ISBN: 1-931836-56-6), and the forthcoming Configuring

Cisco Voice Over IP, Second Edition (ISBN: 1-931836-64-7).

208_IPv6_FM.qxd 6/17/02 5:23 PM Page viii

ix

Bart Saylors (CCNP, CCDP) is a Senior Consultant with Callisma. His

specialties include Cisco router and LAN switching design, implementation,

and troubleshooting as well as providing the business processes and project

management needed during the life cycle of these technologies. Bart has 19

years of networking experience and has held positions of Senior Network

Support for the JCPenney corporate data center network, Senior Design

Engineer at ACS and Data Engineering Support for GTE.

Rob Webber (CCIE #6922) is a Senior Network Consultant with

Callisma in Wakefield, MA. He has over 14 years of experience in the data

networking industry, and has spent the last four as a consultant. Rob spe￾cializes in the design and implementation of complex networks in the

financial, medical, manufacturing, and service provider industries. His

expertise includes routing, switching, security, and converged voice and

data networking solutions from Cisco Systems and Nortel Networks.

Rob is a contributing author to Cisco AVVID and IP Telephony Design &

Implementation (Syngress Publishing, ISBN: 1-928994-83-0). In addition to

networking Rob enjoys Web development and Perl scripting. Rob holds a

Bachelor’s of Science degree from the University of New Hampshire.

208_IPv6_FM.qxd 6/17/02 5:23 PM Page ix

x

Technical Reviewer

Tony Bautts is a Senior Security Consultant with Astech Consulting. He

currently provides security advice and architecture for clients in the San

Francisco Bay area. His specialties include Intrusion Detection Systems

(IDSs), firewall design and integration, post-intrusion forensics, bastion

hosting, and secure infrastructure design.Tony’s security experience has

led him to work with Fortune 500 companies in the United States as well

as to perform two years of security consulting in Japan.Tony was a con￾tributing author to Hack Proofing Your Wireless Network (Syngress

Publishing, ISBN: 1-928994-59-8). He is also involved with the

BerkeleyWireless.net project, which is working to build neighborhood

wireless networks for residents of Berkeley, CA.

Edgar Parenti, Jr. (CCNA, CCDA, CCNP, CCDP, CNE-3/4/5,

MCNE, PSE, MCSE 2000, MCT) is currently a Consulting Engineer

with UNICOM Technology Group, Inc. where he provides corporate,

education, and government customers with a portfolio of cutting-edge

networking solutions. Edgar has a strong background in network and

directory design, network analysis and optimization, system performance

tuning,Web application architecture and support, messaging and infras￾tructure engineering, operating system support, process engineering, and

information security. His background also includes working at numerous

corporations of all sizes providing senior-level IT consulting services uti￾lizing a wide array of technologies and over six years of designing and

managing Cisco internetworks.

Technical Editor

208_IPv6_FM.qxd 6/17/02 5:23 PM Page x

Contents

xi

Foreword xix

Chapter 1 Introduction to the Cisco IOS 1

Introduction 2

Connecting to the Router 2

Console Port Connections 3

Telnet Connection 6

SNMP Configurations 7

Entering Commands to Configure a Cisco Router 9

Using Configuration Commands 11

Using Passwords to Control Router Access 13

Performing Interface Configuration Tasks 15

Using show Commands 18

Using the show version Command 21

Using the show running-configuration

Command 23

Using the show interface Command 25

Increasing Efficiency by Using Shortcuts 27

Summary 29

Solutions Fast Track 30

Frequently Asked Questions 31

Chapter 2 Introduction to

IPv6 Architecture 33

Introduction 34

Understanding the Benefits of IPv6 34

Increased IP Address Size 35

Increased Addressing Hierarchy Support 36

Simplified Host Addressing 41

The show version

Command

The show version

command enables

administrators to discern

the following system

conditions and

parameters:

■ System Platform

■ System IOS version

■ System Boot Rom

Version

■ System Uptime

■ Reason for last reboot

■ System Image File

■ Processor and Memory

available

■ Physical Interfaces

■ Configuration Register

208_IPv6_TOC.qxd 6/18/02 1:33 PM Page xi

xii Contents

Simpler Autoconfiguration of Addresses 42

Improved Scalability of Multicast Routing 44

The Anycast Address 48

Streamlined Header 50

Security 52

Mobility 53

Performance 54

Comparing IPv6 to IPv4 55

Addressing Structure 56

Address Administration 56

Header Comparison 58

Feature Comparison 59

Examining IPv6 Network Architecture 60

IPv6 Communication Fundamentals 61

Intra-Subnet Communications 61

Inter-Subnet Communications 63

Internetwork Communications 65

Upper-Layer Protocol Issues 67

Understanding ICMPv6 68

Error Messages 69

Informational Messages 70

Understanding Neighbor Discovery 71

Router Solicitation and Advertisement 72

Neighbor Solicitation and Advertisement 73

Redirect Message 73

Message Options 74

Summary 75

Solutions Fast Track 76

Frequently Asked Questions 79

Chapter 3 The IPv6 Headers 81

Introduction 82

Analyzing the IPv6 Header 83

Comparing the IPv6 and IPv4 Headers 84

The IPv6 Extension Headers 87

Hop-by-Hop Options Header 91

Routing Header 94

The Benefits of IPv6

The benefits of IPv6

include:

■ Increased IP Address

Size

■ Increased Addressing

Hierarchy Support

■ Simplified Host

Addressing

■ Simplified Auto￾configuration of

Addresses

■ Improved Scalability of

Multicast Routing

■ The Anycast Address

■ Streamlined Header

■ Improved Security

■ Better Mobility

■ Better Performance

208_IPv6_TOC.qxd 6/18/02 1:33 PM Page xii

Contents xiii

Fragment Header 98

Authentication Header 101

Encapsulating Security Payload 104

Destination Options Header 106

Summary 108

Solutions Fast Track 109

Frequently Asked Questions 111

Chapter 4 Explaining IPv6 Addressing 113

Introduction 114

The Basics of IPv6 Addressing 115

IPv6 Addressing Scheme Characteristics 116

IPv6 Header Overview 116

Version Field 116

Traffic Class Field 117

Flow Label Field 118

Payload Length Field 118

Next Header Field 119

IPv4 and IPv6 Address Space 119

IPv6 Address Structure 121

Unicast Addresses 127

Multicast Address 141

Anycast Address 145

Nodes-Required Address 147

The Need for Further Development 149

The Multihoming Problem 149

Dual IPv6 Addressing on a Host 151

Portability of Address Space 152

Dual IPv6 Address Prefixes Allocated

within the Environment 152

Independently Assigned Address Space 153

The 6Bone 153

Summary 155

Solutions Fast Track 155

Frequently Asked Questions 157

IPv4 and IPv6 Address

Spaces

The allocation and

assignment policies are

defined in RFC 2050.

Specifically, the policy is as

follows:

1. End users should

request address space

from their directly

connected upstream

provider.

2. If no addresses are

available from the

upstream provider,

request addresses from

the provider’s provider.

3. If justifiable, request

address space directly

from ARIN, RIPE, or

APNIC.

208_IPv6_TOC.qxd 6/18/02 1:33 PM Page xiii

xiv Contents

Chapter 5 Configuring IPv6 Addressing 159

Introduction 160

Configuring IPv6 Addressing 160

Configuring LAN Addresses 162

Configuring Duplicate Address Detection 165

Configuring DNS 166

Configuring WAN Addresses 168

Configuring ATM 168

Configuring Frame-Relay 169

Configuring ICMPv6 and Neighbor

Discovery 172

Verifying Addressing Configuration 174

Verifying LAN Addressing 176

Verifying WAN Addressing 177

Verifying ICMPv6 and Neighbor

Discovery Configuration 178

Summary 180

Solutions Fast Track 181

Frequently Asked Questions 183

Chapter 6 Routing IPv6 for the Cisco IOS 185

Introduction 186

Explaining RIP for IPv6 186

Periodic Updates 187

Routing Loops 189

Triggered Updates 190

Split Horizon 191

Counting to Infinity 192

Poison Reverse 193

Hold-Down Timers 193

RIP Timers 194

Administrative Distance 195

Configuring RIP for IPv6 196

Basic IPv6 RIP Configuration 196

Default Routes in IPv6 RIP 198

IPv6 RIP Route Redistribution 200

Filtering IPv6 RIP Routing 205

Configuring IPv6

Addressing

■ When configuring your

interfaces, remember

that ipv6 must be

included in the syntax

to distinguish between

IPv4 and IPv6

addresses.

■ There are three types

of addresses that can

be assigned on an

interface: global, site￾local and link-local.

■ If you are using the

EUI-64 command when

entering an IPv6

address, remember

that the router uses its

identifier for the last

64 bits of the IPv6

address, therefore if

you want to find out

the address, you have

to go back and get the

full IPv6 address.

■ With the configuration

of duplicate address

detection, you can

specify the number of

solicitation messages

that are sent out.

208_IPv6_TOC.qxd 6/18/02 1:33 PM Page xiv