Course Content
Networking Today
0/7
Network Components
Network Representations and Topologies
Common Types of Networks
Internet Connections
Reliable Networks
Network Security Basic
Network Trends
Basic Switch and End Device Configuration
0/7
Cisco IOS Access
Cisco IOS Navigation
Cisco IOS Command Structure
Basic Cisco Device Configuration
Save Cisco IOS Configurations
Ports and Addresses
Configure IP Addressing
Protocols and Models
0/7
The Rules in Network Communications
Protocols
Protocol Suites
Standards Organizations
Reference Models
Data Encapsulation
Data Access
Physical Layer
0/6
Purpose of the Physical Layer
Physical Layer Characteristics
Copper Cabling
UTP Cabling
Fiber-Optic Cabling
Wireless Media
Data Link Layer
0/3
Purpose of the Data Link Layer
WAN and LAN topologies
Data Link Frame
Ethernet Switching
0/4
Ethernet Frames
Ethernet MAC Address
The MAC Address Table
Switch Speeds and Forwarding Methods
Network Layer
0/5
Network Layer Characteristics
IPv4 Packet
IPv6 Packet
How a Host Routes
Router Routing Tables
Number Systems
0/2
Binary Number System
Hexadecimal Number System
Address Resolution
Explain how ARP and ND enable communication on a network
0/3
MAC and IP
ARP
Neighbor Discovery
Basic Router Configuration
0/3
Configure Initial Router Settings
Configure Interfaces
Configure the Default Gateway
IPv4 Addressing
0/7
IPv4 Address Structure
IPv4 Unicast, Broadcast, and Multicast
Types of IPv4 Addresses
Network Segmentation
Subnet an IPv4 Network
VLSM
Structured Design
IPv6 Addressing
0/8
IPv4 Issues
IPv6 Address Representation
IPv6 Address Types
GUA and LLA Static Configuration
Dynamic Addressing for IPv6 GUAs
Dynamic Addressing for IPv6 LLAs
IPv6 Multicast Addresses
Subnet an IPv6 Network
ICMP
0/2
ICMP Messages
Ping and Traceroute Testing
Transport Layer
0/7
Transportation of Data
TCP Overview
UDP Overview
Port Numbers
TCP Communication Process
Reliability and Flow Control
UDP Communication
Application Layer
0/7
Application, Presentation, and Session
Peer-to-Peer
Web Protocols
Email Protocols
Dynamic Host Configuration Protocol (DHCP)
Domain Name Service
File Sharing Services
Network Security Fundamentals
0/4
Security Threats and Vulnerabilities
Network Attacks
Network Attack Mitigation
Device Security
Build a Small Network
0/7
Devices in a Small Network
Small Network Applications and Protocols
Scale to Larger Networks
Verify Connectivity
Host and IOS Commands
Troubleshooting Methodologies
Troubleshooting Scenarios
Basic Device Configuration
0/5
Configure a Switch with Initial Settings
Configure Switch Ports
Secure Remote Access
Basic Router Configuration
Verify Directly Connected Networks
CCNA: Switching, Routing, and Wireless Essentials
The second course in the CCNA curriculum focuses on switching technologies and router operations that support small-to-medium business networks and includes wireless local area networks (WLAN) and security concepts.
0/15
Switching Concepts
VLANs
Inter-VLAN Routing
STP
Etherchannel
DHCPv4
SLAAC and DHCPv6 Concepts
FHRP Concepts
LAN Security Concepts
Switch Security Configuration
WLAN Concepts
WLAN Configuration
Routing Concepts
IP Static Routing
Troubleshoot Static and Default Routes
CCNA: Enterprise Networking, Security, and Automation
The third CCNA course describes the architectures and considerations related to designing, securing, operating, and troubleshooting enterprise networks – including wide area network (WAN) technologies & quality of service (QoS) mechanisms for secure remote access, along with software-defined networking, virtualization, & automation concepts supporting network digitization.
0/14
Single-Area OSPFv2 Concepts
Single-Area OSPFv2 Configuration
Network Security Concepts
ACLs Concepts
ACLS for IPv4 Configuration
NAT for IPv4
WAN Concepts
VPN and IPsec Concepts
QoS Concepts
Network Management
Network Design
Network Troubleshooting
Network Virtualization
Network Automation
CCNA Course
About Lesson

SLAAC and DHCPv6

Module Objective:  Configure dynamic address allocation in IPv6 networks.

Topic Title Topic Objective
IPv6 Global Unicast Address Assignment Explain how an IPv6 host can acquire its IPv6 configuration.
SLAAC Explain the operation of SLAAC.
DHCPv6 Explain the operation of DHCPv6.
Configure DHCPv6 Server Configure a stateful and stateless DHCPv6 server.

8.1 IPv6 GUA Assignment

IPv6 Host Configuration

On a router, an IPv6 global unicast address (GUA) is manually configured using the ipv6 address ipv6-address/prefix-length interface configuration command.

  • A Windows host can also be manually configured with an IPv6 GUA address configuration, as shown in the figure.
  • However, manually entering an IPv6 GUA can be time consuming and somewhat error prone.
  • Therefore, most Windows host are enabled to dynamically acquire an IPv6 GUA configuration.

IPv6 Host Link-Local Address

If automatic IPv6 addressing is selected, the host will use an Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement (RA) message to help it autoconfigure an IPv6 configuration.

  • The IPv6 link-local address is automatically created by the host when it boots and the Ethernet interface is active.
  • The interface did not create an IPv6 GUA in the output because the network segment did not have a router to provide network configuration instructions for the host.

  • Note: The “%” and number at the end of the link-local address is known as a Zone ID or Scope ID and is used by the OS to associate the LLA with a specific interface.
  • Note: DHCPv6 is defined in RFC 3315.

IPv6 GUA Assignment

By default, an IPv6-enabled router periodically send ICMPv6 RAs which simplifies how a host can dynamically create or acquire its IPv6 configuration.

  • A host can dynamically be assigned a GUA using stateless and stateful services.
  • All stateless and stateful methods in this module use ICMPv6 RA messages to suggest to the host how to create or acquire its IPv6 configuration.
  • Although host operating systems follow the suggestion of the RA, the actual decision is ultimately up to the host

Three RA Message Flags

How a client obtains an IPv6 GUA depends on settings in the RA message. An ICMPv6 RA message includes the following three flags:

  • A flag – The Address Autoconfiguration flag signifies to use Stateless Address Autoconfiguration (SLAAC) to create an IPv6 GUA
  • O flag – The Other Configuration flag signifies that additional information is available from a stateless DHCPv6 server.
  • M flag – The Managed Address Configuration flag signifies to use a stateful DHCPv6 server to obtain an IPv6 GUA.

Using different combinations of the A, O and M flags, RA messages inform the host about the dynamic options available.

8.2 SLAAC

SLAAC Overview

Not every network has access to a DHCPv6 server but every device in an IPv6 network needs a GUA. The SLAAC method enables hosts to create their own unique IPv6 global unicast address without the services of a DHCPv6 server.

  • SLAAC is a stateless service which means there is no server that maintains network address information to know which IPv6 addresses are being used and which ones are available.
  • SLAAC sends periodic ICMPv6 RA messages (i.e., every 200 seconds) providing addressing and other configuration information for hosts to autoconfigure their IPv6 address based on the information in the RA.
  • A host can also send a Router Solicitation (RS) message requesting an RA.
  • SLAAC can be deployed as SLAAC only, or SLAAC with DHCPv6.

Enabling SLAAC

R1 G0/0/1 has been configured with the indicated IPv6 GUA and link-local addresses.

  • The R1 G0/0/01 IPv6 addresses include:
  • Link-local IPv6 address – fe80::1
  • GUA / subnet – 2001:db8:acad:1::1, 2001:db8:acad:1::/64
  • IPv6 all-nodes group – ff02::1

R1 is configured to join the all IPv6 multicast group and start sending RA messages containing address configuration information to hosts using SLAAC. The IPv6 all-routers group responds to the IPv6 multicast address ff02::2.

  • The show ipv6 interface command verifies that R1 has joined the IPv6 all-routers group (i.e., ff02::2).

  • R1 will now begin to send RA messages every 200 seconds to the IPv6 all-nodes multicast address ff02::1.

 

SLAAC Only Method

RA messages from R1 have the following flags set:

  • A = 1 – Informs the client to use the IPv6 GUA prefix in the RA and dynamically create its own Interface ID.
  •  O = 0 and M = 0 – Informs the client to also use the additional information in the RA message (i.e., DNS server, MTU, and default gateway information).

The ipconfig Windows command confirms that PC1 has generated an IPv6 GUS using the R1 RA. The default gateway address is LLA of the R1 G0/0/1 interface.  

ICMPv6 RS Messages

A router sends RA messages every 200 seconds or when it receives an RS message from a host. IPv6 enabled hosts wishing to obtain IPv6 addressing information send an RS message to the IPv6 all-routers multicast address of ff02::2. The figure illustrates how a host initiates the SLAAC method.

  • PC1 has just booted and sends an RS message to the IPv6 all-routers multicast address of ff02::2 requesting an RA.
  • R1 generates an RA and then sends the RA message to the IPv6 all-nodes multicast address of ff02::1. PC1 uses this information to create a unique IPv6 GUA.

Host Process to Generate Interface ID

Using SLAAC, a host acquires its 64-bit IPv6 subnet information from the router RA and must generate the remainder 64-bit interface identifier (ID) using either:

  • Randomly generated – The 64-bit interface ID is randomly generated by the client operating system. This is the method now used by Windows 10 hosts.
  • EUI-64 – The host creates an interface ID using its 48-bit MAC address and inserts the hex value of fffe in the middle of the address. Some operating systems default to the randomly generated interface ID instead of the EUI-64 method, due to privacy concerns. This is because the Ethernet MAC address of the host is used by EUI-64 to create the interface ID.

Note: Windows, Linux, and Mac OS allow for the user to modify the generation of the interface ID to be either randomly generated or to use EUI-64.

Duplicate Address Detection

A SLAAC host may use the following Duplicate Address Detection (DAD) process to ensure that the IPv6 GUA is unique.

  • The host sends an ICMPv6 Neighbor Solicitation (NS) message with a specially constructed solicited-node multicast address containing the last 24 bits of IPv6 address of the host.
  • If no other devices respond with a Neighbor Advertisement (NA) message, then the address is virtually guaranteed to be unique and can be used by the host.
  • If an NA is received by the host, then the address is not unique, and the host must generate a new interface ID to use.

  Note: DAD is really not required because a 64-bit interface ID provides 18 quintillion possibilities. Therefore, the chance of a duplicate address is remote. However, the Internet Engineering Task Force (IETF) recommends that DAD is used. Therefore, most operating systems perform DAD on all IPv6 unicast addresses, regardless of how the address is configured.

8.3 DHCPv6

DHCPv6 Operation Steps

Stateful DHCPv6 does not require SLAAC while stateless DHCPv6 does. Regardless, when an RA indicates to use DHCPv6 or stateful DHCPv6: 1. The host sends an RS message. 2. The router responds with an RA message. 3. The host sends a DHCPv6 SOLICIT message. 4. The DHCPv6 server responds with an ADVERTISE message. 5. The host responds to the DHCPv6 server. 6. The DHCPv6 server sends a REPLY message. Note: Server to client DHCPv6 messages use UDP destination port 546 while client to server DHCPv6 messages use UDP destination port 547.

Stateless DHCPv6 Operation

If an RA indicates the stateless DHCPv6 method, the host uses the information in the RA message for addressing and contacts a DHCPv6 server for additional information. Note: The DHCPv6 server only provides configuration parameters for clients and does not maintain a list of IPv6 address bindings (i.e. stateless). For example, PC1 receives a stateless RA message containing:

  • The IPv6 GUA network prefix and prefix length.
  • A flag set to 1 informing the host to use SLAAC.
  • O flag set to 1 informing the host to seek that additional configuration information from a DHCPv6 server.
  • M flag set to the default value 0.

PC1 sends a DHCPv6 SOLICIT message seeking additional information from a stateless DHCPv6 server.

Enable Stateless DHCPv6 on an Interface

Stateless DHCPv6 is enabled using the ipv6 nd other-config-flag interface configuration command setting the O flag to 1. The highlighted output confirms the RA will tell receiving hosts to use stateless autoconfigure (A flag = 1) and contact a DHCPv6 server to obtain another configuration information (O flag = 1). Note: You can use the no ipv6 nd other-config-flag to reset the interface to the default SLAAC only option (O flag = 0).

Stateful DHCPv6 Operation

If an RA indicates the stateful DHCPv6 method, the host contacts a DHCPv6 server for all configuration information. Note: The DHCPv6 server is stateful and maintains a list of IPv6 address bindings.   For example, PC1 receives a stateful RA message containing:

  • The IPv6 GUA network prefix and prefix length.
  • A flag set to 0 informing the host to contact a DHCPv6 server.
  • O flag set to 0 informing the host to contact a DHCPv6 server.
  • M flag set to the value 1.

PC1 sends a DHCPv6 SOLICIT message seeking additional information from a stateful DHCPv6 server.

Enable Stateful DHCPv6 on an Interface

Stateful DHCPv6 is enabled using the ipv6 nd managed-config-flag interface configuration command setting the M flag to 1. The highlighted output in the example confirms that the RA will tell the host to obtain all IPv6 configuration information from a DHCPv6 server (M flag = 1).

8.4 Configure DHCPv6 Server

DHCPv6 Router Roles

Cisco IOS routers are powerful devices. In smaller networks, you do not have to have separate devices to have a DHCPv6 server, client, or relay agent. A Cisco IOS router can be configured to provide DHCPv6 server services. Specifically, it can be configured to be one of the following:

  • DHCPv6 Server – Router provides stateless or stateful DHCPv6 services.
  • DHCPv6 Client – Router interface acquires an IPv6 IP configuration from a DHCPv6 server.
  • DHCPv6 Relay Agent – Router provides DHCPv6 forwarding services when the client and the server are located on different networks.

Configure a Stateless DHCPv6 Server

The stateless DHCPv6 server option requires that the router advertise the IPv6 network addressing information in RA messages. There are five steps to configure and verify a router as a stateless DHCPv6 server:

  • Enable IPv6 routing using the ipv6 unicast-routing command.
  • Define a DHCPv6 pool name using the ipv6 dhcp pool POOL-NAME global config command.
  • Configure the DHCPv6 pool with options. Common options include dns-server X:X:X:X:X:X:X:X and domain-name name.
  • Bind the interface to the pool using the ipv6 dhcp server POOL-NAME interface config command. Manually change the O flag from 0 to 1 using the ipv6 nd other-config-flag interface command. RA messages sent on this interface indicate that additional information is available from a stateless DHCPv6 server. The A flag is 1 by default, telling clients to use SLAAC to create their own GUA.
  • Verify that the hosts have received IPv6 addressing information using the ipconfig /all command.

Configure a Stateless DHCPv6 Client

A router can also be a DHCPv6 client and get an IPv6 configuration from a DHCPv6 server, such as a router functioning as a DHCPv6 server.

  • Enable IPv6 routing using the ipv6 unicast-routing command.
  • Configure the client router to create an LLA. An IPv6 link-local address is created on a router interface when a global unicast address is configured, or without a GUA using the ipv6 enable interface configuration command. Cisco IOS uses EUI-64 to create the Interface ID.
  • Configure the client router to use SLAAC using the ipv6 address autoconfig command.
  • Verify that the client router is assigned a GUA using the show ipv6 interface brief command.
  • Verify that the client router received other necessary DHCPv6 information. The show ipv6 dhcp interface g0/0/1 command confirms DHCP option information, such as DNS server and domain name, have been received by the client.

 

Configure a Stateful DHCPv6 Server

The stateful DHCP server option requires that the IPv6 enabled router tells the host to contact a DHCPv6 server to obtain all necessary IPv6 network addressing information. There are five steps to configure and verify a router as a stateful DHCPv6 server:

  • Enable IPv6 routing using the ipv6 unicast-routing command.
  • Define a DHCPv6 pool name using the ipv6 dhcp pool POOL-NAME global config command.
  • Configure the DHCPv6 pool with options. Common options include the address prefix command, domain name, DHS server IP address, and more.
  • Bind the interface to the pool using the ipv6 dhcp server POOL-NAME interface config command.
    • Manually change the M flag from 0 to 1 using the interface command ipv6 nd managed-config-flag.
    • Manually change the A flag from 1 to 0 using the ipv6 nd prefix default no-autoconfig interface command to inform the client to not to use SLAAC to create a GUA. The router will now respond to stateful DHCPv6 requests with the information contained in the pool.
  • Verify that the hosts have received IPv6 addressing information using the ipconfig /all command.

Configure a Stateful DHCPv6 Client

A router can also be a DHCPv6 client. The client router needs to have ipv6 unicast-routing enabled and an IPv6 link-local address to send and receive IPv6 messages. There are five steps to configure and verify a router as a stateless DHCPv6 client.

  • Enable IPv6 routing using the ipv6 unicast-routing command.
  • Configure the client router to create an LLA. An IPv6 link-local address is created on a router interface when a global unicast address is configured, or without a GUA using the ipv6 enable interface configuration command. Cisco IOS uses EUI-64 to create an Interface ID.
  • Configure the client router to use DHCPv6 using the ipv6 address dhcp interface config command.
  • Verify that the client router is assigned a GUA using the show ipv6 interface brief command.
  • Verify that the client router received other necessary DHCPv6 information using the show ipv6 dhcp interface g0/0/1 command.

 

DHCPv6 Server Verification Commands

The show ipv6 dhcp pool command verifies the name of the DHCPv6 pool and its parameters. The command also identifies the number of active clients. Use the show ipv6 dhcp binding command output to display the IPv6 link-local address of the client and the global unicast address assigned by the server.  

  • This information is maintained by a stateful DHCPv6 server.
  • A stateless DHCPv6 server would not maintain this information.

Configure a DHCPv6 Relay Agent

If the DHCPv6 server is located on a different network than the client, then the IPv6 router can be configured as a DHCPv6 relay agent.

  • The configuration of a DHCPv6 relay agent is similar to the configuration of an IPv4 router as a DHCPv4 relay.
  • This command is configured on the interface facing the DHCPv6 clients and specifies the DHCPv6 server address and egress interface to reach the server, as shown in the output. The egress interface is only required when the next-hop address is an LLA.

Verify the DHCPv6 Relay Agent

Verify that the DHCPv6 relay agent is operational with the show ipv6 dhcp interface and show ipv6 dhcp binding commands. Verify Windows hosts received IPv6 addressing information with the ipconfig /all command.

 

Join the conversation
Previous
Next