IPv6 – Setting up a connection to a Tunnel Broker (Part 3)

Finally got the 2nd ISP connection installed so I could work on this without taking my main connection offline. Here is the configuration that I used on my Cisco 1811W Router. You will see Vlan1 mentioned in the configuration. That is due to the router having an 8 port layer 2 switch built into it along with 2 separate Layer 3 ethernet ports. The Fa1 port connects directly to the cable modem and the workstations plug into one of the 8 ports that are part of the layer two groups of ports. This should be viewed as bare bones config since the NAT configuration you see in the lines below, I am working on something additional just for the IPv6 since the NAT in place only functions for IPv6.

A couple of things to remember on putting in the configuration from the HE Tunnel Broker website. You will want to use the Client IPv6 on the Tunnel interface on your router. The Client IPv4 address will be for your WAN port on the router. One of the next things I will be working on will be getting Dynamic DNS updating to work with Hurricane Electric and Tunnel Broker service they have to save on the costs of paying extra each month for a static ip address. For the Vlan 1 interface, you will use the address range that is assigned to you in the Router IPv6 Prefixes section of the configuration.

In an earlier post, I talked about Hurricane Electric and the IPv6 certification. I am working through that process as a way of validating that what I am doing is working. When I brought up the configuration you see below, the HE IPv6 Certification site automatically sensed that I was talking to them over an IPv6 connection and automatically raised me to IPv6 Explorer. If you look at my earlier post on this, you will see that the certificate now says Explorer.

!
! Config I used for IP6to4 tunnel to Hurricane.net on 1811W
!
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
!
! This will be the client address on the HE Tunnel Broker website
!
ipv6 address 2001:0db8:1F10:102::2/64
ipv6 enable
tunnel source FastEthernet1
tunnel destination 209.51.181.2
tunnel mode ipv6ip
!
interface FastEthernet1
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description LAN
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip virtual-reassembly
!
! This will be the routable /64 segment on the HE Tunnel Broker site when you have created the Tunnel
!
ipv6 address 2001:0db8:1F11:102::1/64
ipv6 enable
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1
!
ip nat inside source list 1 interface FastEthernet1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
ipv6 route ::/0 Tunnel0
!

Once you have the configuration in place, you should be able ping an IPv6 address somewhere on the Internet. By using the debug command debug tunnel, you will be able to see the traffic going to/from the tunnel broker. If you only see one way traffic from you to the tunnel broker, that is a pretty good indication of a configuration problem. Look carefully at the debug output, you will want to see the alternating exchange of encapsulated and decapsulated packets. This is an indication of good two way traffic between you and the Tunnel Broker.

! Ping outside host on IPv6
!
IPv6_Tunnel#ping ipv6 2001:470:1f10:102::1
!
! do a debug tunnel and term mon to see the following output
!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:102::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/80/80 ms
IPv6_Tunnel#
Feb 1 22:48:42: Tunnel0: IPv6/IP encapsulated 72.128.41.109->209.51.181.2 (linktype=79, len=120)
Feb 1 22:48:42: Tunnel0 count tx, adding 20 encap bytes
Feb 1 22:48:42: Tunnel0: IPv6/IP to classify 209.51.181.2->72.128.41.109 (tbl=0,”IPv4:Default” len=120 ttl=247 tos=0x0) ok, oce_rc=0x0
Feb 1 22:48:42: Tunnel0: IPv6/IP (PS) to decaps 209.51.181.2->72.128.41.109 (tbl=0, “default”, len=120,ttl=247)
Feb 1 22:48:42: Tunnel0: decapsulated IPv6/IP packet
Feb 1 22:48:42: Tunnel0: IPv6/IP encapsulated 72.128.41.109->209.51.181.2 (linktype=79, len=120)
Feb 1 22:48:42: Tunnel0 count tx, adding 20 encap bytes
Feb 1 22:48:42: Tunnel0: IPv6/IP to classify 209.51.181.2->72.128.41.109 (tbl=0,”IPv4:Default” len=120 ttl=247 tos=0x0) ok, oce_rc=0x0
Feb 1 22:48:42: Tunnel0: IPv6/IP (PS) to decaps 209.51.181.2->72.128.41.109 (tbl=0, “default”, len=120,ttl=247)
Feb 1 22:48:42: Tunnel0: decapsulated IPv6/IP packet
Feb 1 22:48:42: Tunnel0: IPv6/IP encapsulated 72.128.41.109->209.51.181.2 (linktype=79, len=120)
Feb 1 22:48:42: Tunnel0 count tx, adding 20 encap bytes
Feb 1 22:48:42: Tunnel0: IPv6/IP to classify 209.51.181.2->72.128.41.109 (tbl=0,”IPv4:Default” len=120 ttl=247 tos=0x0) ok, oce_rc=0x0
Feb 1 22:48:42: Tunnel0: IPv6/IP (PS) to decaps 209.51.181.2->72.128.41.109 (tbl=0, “default”, len=120,ttl=247)
Feb 1 22:48:42: Tunnel0: decapsulated IPv6/IP packet
Feb 1 22:48:42: Tunnel0: IPv6/IP encapsulated 72.128.41.109->209.51.181.2 (linktype=79, len=120)
Feb 1 22:48:42: Tunnel0 count tx, adding 20 encap bytes
Feb 1 22:48:42: Tunnel0: IPv6/IP to classify 209.51.181.2->72.128.41.109 (tbl=0,”IPv4:Default” len=120 ttl=247 tos=0x0) ok, oce_rc=0x0
Feb 1 22:48:42: Tunnel0: IPv6/IP (PS) to decaps 209.51.181.2->72.128.41.109 (tbl=0, “default”, len=120,ttl=247)
Feb 1 22:48:42: Tunnel0: decapsulated IPv6/IP packet
Feb 1 22:48:42: Tunnel0: IPv6/IP encapsulated 72.128.41.109->209.51.181.2 (linktype=79, len=120)
Feb 1 22:48:42: Tunnel0 count tx, adding 20 encap bytes
Feb 1 22:48:43: Tunnel0: IPv6/IP to classify 209.51.181.2->72.128.41.109 (tbl=0,”IPv4:Default” len=120 ttl=247 tos=0x0) ok, oce_rc=0x0
Feb 1 22:48:43: Tunnel0: IPv6/IP (PS) to decaps 209.51.181.2->72.128.41.109 (tbl=0, “default”, len=120,ttl=247)
Feb 1 22:48:43: Tunnel0: decapsulated IPv6/IP packet

Send to Kindle
This entry was posted in Blog Entries and tagged . Bookmark the permalink.