I have been running IPv6 and IPv4 concurrently close to a decade now. At Cisco Live San Diego 2019 I shared some of my experiences with Jeffry Handal (I met him initially at CiscoLive Barcelona 2019) and somewhow we ended up talking about IPv6 and how by default you receive multiple IPv6 addresses. To me, that was one of my frustrations, so my network is setup in such a way that it only assigns a single IPv6 address. It appears that such a setup is not very common. So I would like to share with you how my IPv6 network is configured.
My network consists of an ASA firewall (soon to be replaced with the FirePower 1010), a 3560 compact switch that acts as L3 switch, and a Catalyst 9800 Wireless Controller (yep, moved from Mobility Express to the Cat9k wireless IOS-XE). The figure below shows my network topology.
In this network setup, the 3560 acts as L3 switch and DHCP server (both IPv4 and IPv6). It is absolutely possible to use an external DHCP server and use helpers instead. But for my home network that is, well, not necessary. The configuration on the client VLAN is shown below:
interface Vlan300
description clients
ip address 192.168.1.1 255.255.255.0
ipv6 address FE80::300 link-local
ipv6 address 2001: db8:face:300::1/64
ipv6 enable
ipv6 nd prefix 2001:db8:face:300::/64 300 300 no-autoconfig
ipv6 nd managed-config-flag
ipv6 nd router-preference High
ipv6 nd ra interval 30
ipv6 dhcp server clients-300 rapid-commit
end
By setting the managed-config-flag and disabling auto-config on the prefix I effectively state that my switch is the only router and device allowed to assign and distribute IPv6 addresses. I effectively disable every auto-magic feature within IPv6 except DHCPv6. The configuration I use for that DHCPv6 server is defined below:
ipv6 dhcp database flash:dhcpv6-db
ipv6 dhcp pool clients-300
address prefix 2001:db8:face:300::/64 lifetime 86400 86400
link-address 2001:db8:face:300::/64
dns-server 2620:119:35::35
dns-server 2620:119:53::53
domain-name clients.nefkens.net
!
Using this configuration all my devices (and yes, Jeffry told me that Android devices do not support DHCPv6 so go complain at Google for that) receive a single IPv6 address, as can be shown in the screen shot below.
Although it might not be common, it is very much possible to use DHCPv6 and only assign a single IPv6 address to each device. It will make your life for troubleshooting or looking at management systems, such as Firepower Management Center, DNA Center, or Syslog server a lot easier.
2 Responses
That is a very recommended solution, ie, no A-flag and M-flag on for client subnets!
And as you say, an Android device won’t get an IPv6 addr…
An additional note of fun, if you statically assign an IPv6 addr to a client, it will then also get its DHCPv6 addr, and will have 2 v6 addrs….also not really desired.
IPv6 is fun!!!
Thanks! And well, DHCPv6 and manual combined is similar to IPv4, isn’t it? In that case I am able (on some OS’es) to configure a static IP address to. Or.. I could attempt to use IPv6 source guard to prevent that use case with 2 IP’s. Something to test out