Thank you for taking the time to respond. The NETGEAR documentation team uses your feedback to improve our knowledge base content.

Rating Submitted

Do you have a suggestion for improving this article?

Characters Left : 500

NETGEAR logo

MyNETGEAR® Account

Welcome back

Access your NETGEAR

how to add ipv6 address to vlan

NETGEAR Support

How do I create an IPv6 VLAN routing interface using the web interface on my managed switch?

Was this article helpful?    Yes      No

Image

  • In the VLAN ID field, enter 500 .
  • In the VLAN Type field, select Static .
  • Click Add .  

Image

  • In the VLAN ID list, select 500 .
  • Click Unit 1 . The ports display.
  • Click the gray box under port 1 until U displays, indicating that the egress packet is untagged for the port.
  • Click Apply .  

Image

  • Under PVID Configuration, scroll down and select the Interface 1/0/1 check box.
  • In the PVID (1 to 4093) field, enter 500 .
  • Click Apply to save the settings.  

Image

  • For IPv6 Unicast Routing, select the Enable radio button.
  • For IPv6 Forwarding, select the Enable radio button.

Image

  • Click VLANS. The logical VLAN interface 0/4/2 displays.
  • Select the 0/4/2 check box.
  • Under IPv6 Interface Configuration, in the IPv6 Mode field, select Enable .
  • Click Apply.  

Image

  • In the Interface field, select 0/4/2 .
  • In the IPv6 Prefix field, enter 2000::1 .
  • In the Length field, enter 64 .
  • In the EUI64 field, select Disable .
  • Click Add .

For more information see the How do I create an IPv6 routing VLAN using CLI commands on my managed switch?  support article.

This article applies to the following managed switches and their respective firmware:

  • M5300 - firmware version 10.0.0.x
  • M5300-28G (GSM7228S)
  • M5300-5G (GSM7252S)
  • M5300-28G3 (GSM7328Sv2h2)
  • M5300-52G3 (GSM7352Sv2h2)
  • M5300-28G_POE+ (GSM7228PSv1h2)
  • M5300-52G-POE+ (GSM7252PSv1h2)
  • M5300-28GF3 (GSM7328FSv2)
  • XSM7224S - firmware version 9.0.1.x (license required to support the feature described in this article)

Last Updated:04/04/2023 | Article ID: 21971

Was this article helpful?

This article applies to:.

  • M4200-10MG-PoE+ (GSM4210P)
  • M4250-10G2F-PoE+ (GSM4212P)
  • M4250-10G2XF-PoE+ (GSM4212PX)
  • M4250-10G2XF-PoE++ (GSM4212UX)
  • M4250-12M2XF (MSM4214X)
  • M4250-16XF (XSM4216F)
  • M4250-26G4F-PoE+ (GSM4230P)
  • M4250-26G4F-PoE++ (GSM4230UP)
  • M4250-26G4XF-PoE+ (GSM4230PX)
  • M4250-40G8F-PoE+ (GSM4248P)
  • M4250-40G8XF-PoE+ (GSM4248PX)
  • M4250-40G8XF-PoE++ (GSM4248UX)
  • M4250-8G2XF-PoE+ (GSM4210PX)
  • M4250-9G1F-PoE+ (GSM4210PD)
  • M4300-12X12F (XSM4324S)
  • M4300-16X (XSM4316PA)
  • M4300-16X (XSM4316PB)
  • M4300-24X (XSM4324CS)
  • M4300-24X24F (XSM4348S)
  • M4300-24XF (XSM4324FS)
  • M4300-28G (GSM4328S)
  • M4300-28G-PoE+ (GSM4328PA)
  • M4300-28G-PoE+ (GSM4328PB)
  • M4300-48X (XSM4348CS)
  • M4300-48XF (XSM4348FS)
  • M4300-52G (GSM4352S)
  • M4300-52G-PoE+ (GSM4352PA)
  • M4300-52G-PoE+ (GSM4352PB)
  • M4300-8X8F (XSM4316S)
  • M5300-28G-POE+ (GSM7228PSv1h2)
  • M5300-52G (GSM7252S)
  • M7300-24XF (XSM7224S)

Looking for more about your product?

Get information, documentation, videos and more for your specific product.

Can’t find what you’re looking for?

Quick and easy solutions are available for you in the NETGEAR community.

Need to Contact NETGEAR Support?

With NETGEAR’s round-the-clock premium support, help is just a phone call away.

Complimentary Support

NETGEAR provides complimentary technical support for NETGEAR products for 90 days from the original date of purchase.

NETGEAR Premium Support

Gearhead support for home users.

GearHead Support is a technical support service for NETGEAR devices and all other connected devices in your home. Advanced remote support tools are used to fix issues on any of your devices. The service includes support for the following:

  • Desktop and Notebook PCs, Wired and Wireless Routers, Modems, Printers, Scanners, Fax Machines, USB devices and Sound Cards
  • Windows Operating Systems (2000, XP or Vista), MS Word, Excel, PowerPoint, Outlook and Adobe Acrobat
  • Anti-virus and Anti-Spyware: McAfee, Norton, AVG, eTrust and BitDefender

ProSUPPORT Services for Business Users

NETGEAR ProSUPPORT services are available to supplement your technical support and warranty entitlements. NETGEAR offers a variety of ProSUPPORT services that allow you to access NETGEAR's expertise in a way that best meets your needs:

  • Product Installation
  • Professional Wireless Site Survey
  • Defective Drive Retention (DDR) Service

Where to Find Your Model Number

To find the model/version number, check the bottom or back panel of your NETGEAR device.

Select a product or category below for specific instructions.

how to add ipv6 address to vlan

Nighthawk Routers

how to add ipv6 address to vlan

Powerline and Wall Plug Extenders

how to add ipv6 address to vlan

Cable and DSL Modem Routers

how to add ipv6 address to vlan

ReadyNAS Network Storage

how to add ipv6 address to vlan

Wireless Access Points

how to add ipv6 address to vlan

Other Business Products

how to add ipv6 address to vlan

Mobile Broadband

The Cisco Learning Network

Ipv6 – basic configuration –address assignment slaac/dhcpv6, feb 13, 2020 • knowledge, information.

This post was first publish on my website. ( http://www.allinrouting.com )

This is the second post of my series on IPv6 addressing and routing:

IPv6 – The beginning – Addressing plans and adresses configuration

IPv6 – Basic configuration –address assignment SLAAC/DHCPv6

IPv6 – Routing – OSPFv3

IPv6 – Routing – EIGRPv6

Following my previous post, we need to finish the basic configuration of our network.

Here is again our network diagram with the IPv6 addresses.

Site 1 configuration:

Here is the config for the interco between R1 and SW1.

R1(config)#int Ethernet0/2 R1(config-if)#ipv6 add 2001:db8:10:2::/124 %Ethernet0/2: Warning: 2001:DB8:10:2::/124 is a Subnet Router Anycast SW1(config-if)#ipv6 add 2001:db8:10::0/124 %Ethernet0/0: Warning: 2001:DB8:10::/124 is a Subnet Router Anycast

One thing that you have to be careful with is that if you configure 2 IPv6 addresses under an interface, the second doesn’t replace the first one like in IPv4, it add another IPv6 under the interface.

R1(config-if)#ipv6 add 2001:db8:99:1::1/124 R1(config-if)#ipv6 add 2001:db8:99:1::2/124 R1#sh ipv6 int brie Ethernet1/3 [up/up] FE80::A8BB:CCFF:FE00:331 2001:DB8:99:1::1 2001:DB8:99:1::2

Let’s move on and configure the vlan interfaces on SW1.

SW1(config)#int vlan 10 SW1(config-if)#ipv6 add 2001:db8:10:10::1/64 SW1(config-if)#int vlan 11 SW1(config-if)#ipv6 add 2001:db8:10:10::1/64 SW1(config-if)#int vlan 12 SW1(config-if)#ipv6 add 2001:db8:10:11::1/64

That was easy, interface vlan are currently down so we will now activate the host.

Vlan10 [down/down] FE80::A8BB:CCFF:FE80:600 2001:DB8:10:10::1 Vlan11 [down/down] FE80::A8BB:CCFF:FE80:600 2001:DB8:10:11::1 Vlan12 [down/down] FE80::A8BB:CCFF:FE80:600 2001:DB8:10:12::1

End host ip address assignment – SLAAC:

I’m using routers as end host.

I will configure the router’s interface in order for them to get an IPv6 address using SLAAC.

SLAAC (Stateless Address AutoConfiguration) : Clients self-address with no ready centralized tracking or management.

Here is the config used on the router interface for SLAAC.

PC12(config-if)#int Ethernet0/0 PC12(config-if)#ipv6 enable PC12(config-if)#ipv6 address autoconfig

And we get an IP address in the correct range !

I can also ping vlan 10 interface.

PC12#sh ipv6 int brie Ethernet0/0 [up/up] FE80::A8BB:CCFF:FE00:800 2001:DB8:10:10:A8BB:CCFF:FE00:800 PC12#ping ipv6 2001:DB8:10:10::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:10:10::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/24 ms

End host ip address assignment – Stateful DHCPv6:

For Stateful DHCPv6 we need to configure a DHCP server on SW1. We will use it to assign address on host in vlan 11.

SW1(config)#ipv6 dhcp pool USER-VLAN11 SW1(config-dhcpv6)#address prefix 2001:db8:10:11::/64 lifetime infinite infinite SW1(config-dhcpv6)#dns-server 2001:4860:4860::8888 (That's google ipv6 public DNS)

Note that there is no option for default-router as in IPv4 DHCP.

SW1(config-dhcpv6)#? IPv6 DHCP configuration commands: address IPv6 address allocation default Set a command to its defaults dns-server DNS servers domain-name Domain name to complete unqualified host names exit Exit from DHCPv6 configuration mode import Import options information Information refresh option link-address Link-address to match nis NIS server options nisp NISP server options no Negate a command or set its defaults prefix-delegation IPv6 prefix delegation sip SIP server options sntp SNTP server options vendor-specific Configure Vendor-specific option

Now we will setup our end host to get an IP address from DHCP.

I enable IPv6 and choose the dhcp option.

PC14(config)#int eth 0/0 PC14(config-if)#ipv6 enabl PC14(config-if)#ipv6 add dhcp

But as per the log and debugs on, no address is assign:

*Jul 31 19:25:43.203: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on Ethernet0/0 *Jul 31 19:25:43.203: IPv6-Fwd: Sending on Ethernet0/0 *Jul 31 19:26:15.051: IPv6-Sas: SAS on intf Ethernet0/0 picked source FE80::A8BB:CCFF:FE00:A00 for FF02::1:2 *Jul 31 19:26:15.051: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on Ethernet0/0 *Jul 31 19:26:15.051: IPv6-Fwd: Sending on Ethernet0/0

The host is sending solicit message but gets nothing.

That’s because we also need to add a new command under the interface vlan 11 on SW1.

We need to specify the DHCP pool.

SW1(config)#int vlan 11 SW1(config-if)#ipv6 dhcp server USER-VLAN11

And now we get our address.

ul 31 19:31:05.363: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on Ethernet0/0 *Jul 31 19:31:05.363: IPv6-Fwd: Sending on Ethernet0/0 *Jul 31 19:31:19.925: IPV6: source FE80::A8BB:CCFF:FE80:600 (Ethernet0/0) *Jul 31 19:31:19.925: dest FF02::1:FF00:A00 *Jul 31 19:31:19.925: traffic class 224, flow 0x0, len 72+14, prot 58, hops 255, forward to ulp *Jul 31 19:31:19.926: IPV6: source FE80::A8BB:CCFF:FE00:A00 (local) *Jul 31 19:31:19.926: dest FE80::A8BB:CCFF:FE80:600 (Ethernet0/0) *Jul 31 19:31:19.926: traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating *Jul 31 19:31:19.927: IPv6-Fwd: Created tmp mtu cache entry for FE80::A8BB:CCFF:FE00:A00 FE80::A8BB:CCFF:FE80:600 00000000 *Jul 31 19:31:19.927: IPv6-Fwd: Sending on Ethernet0/0 *Jul 31 19:31:19.929: IPv6 DHCP: Received ADVERTISE from FE80::A8BB:CCFF:FE80:600 on Ethernet0/0 *Jul 31 19:31:19.929: IPv6 DHCP: Adding server FE80::A8BB:CCFF:FE80:600 *Jul 31 19:31:19.929: IPv6 DHCP: Sending REQUEST to FF02::1:2 on Ethernet0/0 *Jul 31 19:31:19.929: IPv6 DHCP: DHCPv6 address changes state from SOLICIT to REQUEST (ADDR_ADVERTISE_RECEIVED) on Ethernet0/0 *Jul 31 19:31:19.933: IPv6 DHCP: Received REPLY from FE80::A8BB:CCFF:FE80:600 on Ethernet0/0 *Jul 31 19:31:19.933: IPv6 DHCP: Processing options *Jul 31 19:31:19.933: IPv6 DHCP: Adding address 2001:DB8:10:11:3965:F165:3DDB:9226/128 to Ethernet0/0 *Jul 31 19:31:19.934: IPv6 DHCP: T1 set to expire in 43200 seconds *Jul 31 19:31:19.934: IPv6 DHCP: T2 set to expire in 69120 seconds *Jul 31 19:31:19.934: IPv6 DHCP: Configuring DNS server 2001:4860:4860::8888 *Jul 31 19:31:19.934: IPv6 DHCP: DHCPv6 address changes state from REQUEST to OPEN (ADDR_REPLY_RECEIVED) on Ethernet0/0 PC14#sh ipv6 int brie Ethernet0/0 [up/up] FE80::A8BB:CCFF:FE00:A00 2001:DB8:10:11:3965:F165:3DDB:9226

End host ip address assignment – stateless DHCPv6:

Last is stateless assignment, it’s a combination of SLAAC and statefull DHCPv6.

Address assignment comes from SLAAC and DNS and other option from DHCP.

We will use that for end host in vlan 12.

On SW1, we create a new DHCPv6 pool and we configure the interface vlan 12.

SW1(config)#ipv6 dhcp pool USER-VLAN12 SW1(config-dhcpv6)#dns-server 2001:4860:4860::8888 SW1(config-dhcpv6)#domain-name allinrouting.com SW1(config)#int vlan 12 SW1(config-if)#ipv6 dhcp server USER-VLAN12

See that no IPv6 prefix is configure in the DHCP pool.

Next we configure our end host and turn on debugging.

I get my IP address but from the debug I do not see that the DNS was received.

*Jul 31 19:51:33.823: [IPv6 Input]IPV6ADDR: intfid_algo '3' is not active on intf 3: unknown *Jul 31 19:51:33.823: [IPv6 Input]IPV6ADDR: intfid_algo '2' is active on intf 3: eui64 *Jul 31 19:51:33.823: [IPv6 Input]IPV6ADDR: Generating IntfID for 'eui64', prefix 2001:DB8:10:12::/64, address 2001:DB8:10:12:A8BB:CCFF:FE00:700: rc 0 *Jul 31 19:51:33.823: [IPv6 Input]IPV6ADDR: Preferring 2001:DB8:10:12:A8BB:CCFF:FE00:700 from Ethernet0/0 *Jul 31 19:51:33.824: [IPv6 Input]IPV6ADDR: Adding operating owner address configured on Ethernet0/0 *Jul 31 19:51:33.824: [IPv6 Input]IPV6ADDR: Notification: Address 2001:DB8:10:12:A8BB:CCFF:FE00:700 added to Ethernet0/0 *Jul 31 19:51:33.824: [IPv6 Input]IPV6ADDR: Ethernet0/0 - Join Mcast group: New refcnt for FF02::1:FF00:700 is 2 *Jul 31 19:51:34.829: [IPv6 ND]IPV6ADDR: Notification: Address 2001:DB8:10:12:A8BB:CCFF:FE00:700/64 is up on Ethernet0/0 PC11#sh ipv6 int brie Ethernet0/0 [up/up] FE80::A8BB:CCFF:FE00:700 2001:DB8:10:12:A8BB:CCFF:FE00:700

Again, another command needs to be added under the interface vlan 12 of SW1.

This is use to obtain autoconfiguration information other than addresses. If the flag is set, the attached hosts should use stateful autoconfiguration to obtain the other (nonaddress) information.

SW1(config)#int vlan 12 SW1(config-if)#ipv6 nd other-config-flag

And with this command we get DHCP option.

*Jul 31 19:56:04.091: IPv6 DHCP: Received REPLY from FE80::A8BB:CCFF:FE80:600 on Ethernet0/0 *Jul 31 19:56:04.091: IPv6 DHCP: detailed packet contents *Jul 31 19:56:04.091: src FE80::A8BB:CCFF:FE80:600 (Ethernet0/0) *Jul 31 19:56:04.091: dst FE80::A8BB:CCFF:FE00:700 (Ethernet0/0) *Jul 31 19:56:04.091: type REPLY(7), xid 16576445 *Jul 31 19:56:04.091: option SERVERID(2), len 10 *Jul 31 19:56:04.091: 00030001AABBCC000600 *Jul 31 19:56:04.091: option CLIENTID(1), len 10 *Jul 31 19:56:04.091: 00030001AABBCC000700 *Jul 31 19:56:04.091: option DNS-SERVERS(23), len 16 *Jul 31 19:56:04.091: 2001:4860:4860::8888 *Jul 31 19:56:04.091: option DOMAIN-LIST(24), len 18 *Jul 31 19:56:04.091: allinrouting.com *Jul 31 19:56:04.092: IPv6 DHCP: Adding server FE80::A8BB:CCFF:FE80:600 PC11# *Jul 31 19:56:04.092: IPv6 DHCP: Processing options *Jul 31 19:56:04.092: IPv6 DHCP: Configuring DNS server 2001:4860:4860::8888 *Jul 31 19:56:04.092: IPv6 DHCP: Configuring domain name allinrouting.com *Jul 31 19:56:04.092: IPv6 DHCP: DHCPv6 changes state from INFORMATION-REQUEST to IDLE (REPLY_RECEIVED) on Ethernet0/0

And DNS works.

PC11#sSH LOG Translating "LOG"...domain server (2001:4860:4860::8888) *Jul 31 19:58:32.941: IPv6-Sas: SAS picked source 2001:DB8:10:12:A8BB:CCFF:FE00:700 for 2001:4860:4860::8888 *Jul 31 19:58:32.941: IPv6-Fwd: No route to destination 2001:4860:4860::8888 (tableid=0)

On SW1, the DHCP pool reports 0 client. That makes sense because no IPv6 addresses are in lease.

DHCPv6 pool: USER-VLAN12 DNS server: 2001:4860:4860::8888 Domain name: allinrouting.com Active clients: 0

I will assign addresses to end host from site 2 and 3 the same way.

In the next post we will try to make all those stuff communicating together using dynamic routing protocols.

Thank you for reading.

Comments and reviews are appreciated.

Check out the other posts of this IPv6 series:

Article Details

how to add ipv6 address to vlan

Nothing here yet?

Log in to post to this feed.

Related Articles

  • Number of Views 556
  • Number of Views 868
  • Number of Views 897

Trending Articles

  • Cisco Packet Tracer: Software de Simulación para Redes
  • Continuing Education Credits Automation
  • 200-301 CCNA Study Materials

If you encounter a technical issue on the site, please open a support case .

Communities: Chinese | Japanese | Korean

Cisco.com © Copyright 2024 Cisco, Inc. All Rights Reserved. Privacy Statement Terms & Conditions Cookie Policy Trademarks

how to add ipv6 address to vlan

  • Create Post
  • Create Chapter Note
  • Create Note for Selection
  • View All Notes
  • Show All Notes on Page
  • Hide All Notes on Page
  • Print with Notes
  • Share on Facebook
  • Share on Twitter
  • Email a Link
  • Copy Link to Clipboard
  • Cisco Services Modules

Published On: August 6ᵗʰ, 2019 02:04

Routing and Bridging Guide vA5(1.0), Cisco ACE Application Control Engine

Configuring vlan interfaces.

This chapter describes how to configure the VLAN interfaces on the ACE. The ACE appliance has external physical interfaces that you configure with VLANs to receive traffic from clients and servers.

(ACE module only) The ACE module does not have any external physical interfaces. Instead, it uses internal VLAN interfaces that you assign from the supervisor engine to the ACE module. After the VLANs are assigned to the ACE module, you can configure the corresponding VLAN interfaces on the module as either routed or bridged.

When you configure an IPv6 or an IPv4 address on an interface, the ACE automatically makes it a routed mode interface.

Similarly, when you configure a bridge group on an interface VLAN, the ACE automatically makes it a bridged interface. Then, you can associate a bridge-group virtual interface (BVI) with the bridge group. For more information on bridged groups and BVIs, see Chapter 5 "Bridging Traffic."

The ACE also supports shared VLANs, which are multiple interfaces in different contexts on the same VLAN within the same subnet. Only routed interfaces can share VLANs. Note that there is no routing across contexts even when shared VLANs are configured.

Each ACE supports a maximum of 4093 VLANs and a maximum of 1024 shared VLANs.

This chapter contains the following major sections:

ACE VLAN Interface Configuration Quick Start

Table 3-1 provides a quick overview of the steps required to configure VLAN interfaces on an ACE. Each step includes the CLI command or a reference to the procedure required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, see the sections following Table 3-1 .

Table 3-1 VLAN Interface Configuration Quick Start

Configuring ACE Module VLAN Groups

To allow the ACE module to receive traffic from the supervisor engine in the Catalyst 6500 series switch or Cisco 7600 series router, you must create VLAN groups on the supervisor engine and then assign the groups to the ACE module. After the VLAN groups are assigned to the ACE module, you can configure the VLAN interfaces on the ACE module. By default, all VLANs are allocated to the Admin context on the ACE module.

This section contains the following topics:

Creating VLAN Groups Using Cisco IOS Software

In Cisco IOS software, you can create one or more VLAN groups and then assign the groups to the ACE module. For example, you can assign all the VLANs to one group, create an inside group and an outside group, or create a group for each customer.

You cannot assign the same VLAN to multiple groups; however, you can assign up to a maximum of 16 groups to an ACE module. VLANs that you want to assign to multiple ACE modules, for example, can reside in a separate group from VLANs that are unique to each ACE module.

To assign VLANs to a group using Cisco IOS software on the supervisor engine, use the svclc vlan-group command. The syntax of this command is as follows:

svclc vlan-group group_number vlan_range

The arguments are as follows:

VLANs are specified in one of the following ways:

Separate numbers or ranges by commas, as shown in this example:

For example, to create three VLAN groups, 50 with a VLAN range of 55 to 57, 51 with a VLAN range of 75 to 86, and 52 with VLAN 100, enter:

Assigning VLAN Groups to the ACE Module through Cisco IOS Software

The ACE module cannot receive traffic from the supervisor engine unless you assign VLAN groups to it. To assign the VLAN groups to the ACE module using Cisco IOS software on the supervisor engine, use the svc module command in configuration mode. The syntax of this command is as follows:

svc module slot_number vlan-group group_number_range

For example, to assign VLAN groups 50 and 52 to the ACE module in slot 5, and VLAN groups 51 and 52 to the ACE in slot 8, enter:

To view the group configuration for the ACE module and the associated VLANs, use the show svclc vlan-group command. For example, enter:

To view VLAN group numbers for all ACEs, use the show svc module command. For example, enter:

Assigning a Switched Virtual Interface VLAN to the ACE Module

A VLAN defined on the Multilayer Switch Feature Card (MSFC) is called a switched virtual interface (SVI). If you assign the VLAN used for the SVI to the ACE module, then the MSFC routes between the ACE module and other Layer 3 VLANs. By default, only one SVI can exist between the MSFC and the ACE module. However, for multiple contexts, you may must configure multiple SVIs for unique VLANs on each context.

To add an SVI to the MSFC and configure it with a VLAN assigned to the ACE module, perform the following steps:

To view this SVI configuration, use the show interface vlan command. For example, enter:

Allocating VLANs to a User Context

By default, all VLANs assigned to the ACE are available at the Admin context. At the Admin context, you can assign a VLAN to a user context. VLANs can be shared across multiple contexts.

Guidelines and Restrictions

To assign VLAN interfaces to the context, access the context mode and use the allocate-interface vlan command in configuration mode. The syntax of this command is as follows:

allocate-interface vlan vlan_number

The vlan_number argument is the number of a VLAN or a range of VLANs assigned to the ACE.

For example, to assign VLAN 10 to context A, enter:

To allocate an inclusive range of VLANs from VLAN 100 through VLAN 200 to a context, enter:

To remove a VLAN from a user context, use the no allocate-interface vlan command in context configuration mode. For example, enter:

To remove a range of VLANs from a context, enter:

Configuring a Bank of MAC Addresses for Shared VLANs

When contexts share a VLAN, the ACE assigns a different MAC address to the VLAN on each context. The MAC addresses reserved for shared VLANs are 0x001243dc6b00 to 0x001243dcaaff, inclusive. All ACEs derive these addresses from a global pool of 16,000 MAC addresses. This pool is divided into 16 banks, each containing 1024 addresses. Each subnet can have 16 ACEs.

Each ACE supports 1024 shared VLANs, and uses only one bank of MAC addresses out of the pool. A shared MAC address is associated with a shared VLAN interface.

By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However, if you configure two ACEs in the same Layer 2 network and they are using shared VLANs, the ACEs may select the same address bank, which results in the use of the same MAC addresses. To avoid this conflict, you must configure the bank that the ACEs will use.

To configure a specific bank of MAC addresses for a local ACE or a peer ACE (in a redundant configuration), use the shared-vlan-hostid or the peer shared-vlan-hostid command, respectively, in configuration mode in the Admin context. The syntaxes of these commands are as follows:

shared-vlan-hostid number

peer shared-vlan-hostid number

The number argument indicates the bank of MAC addresses that the ACE uses. Enter a number from 1 to 16. Be sure to configure different bank numbers for multiple ACEs. For example, to configure bank 2 of MAC addresses for the local ACE and bank 3 for a peer ACE, enter:

To remove the configured bank of MAC addresses and allow the ACE to randomly select a bank, use the no shared-vlan-hostid command. For example, enter:

To remove the configured bank of MAC addresses from a peer ACE and allow it to randomly select a bank, use the no peer shared-vlan-hostid command. For example, enter:

Disabling the ACE Module Egress MAC Lookup

Normally, the ACE module performs a MAC address lookup when it receives a packet from the backplane and again when it forwards a packet out the egress interface. If you have multiple ACE modules installed in a Catalyst 6500 series switch or Cisco 7600 series router, you may experience lower performance than expected with very high rates of traffic. If you fail to achieve the advertised performance of the ACE module, you can disable the egress MAC address lookup using the hw-module optimize-lookup command in configuration mode. The syntax of this command is as follows:

hw-module optimize-lookup

For example, to disable all egress MAC address lookups in the ACE module, enter the following command:

To reenable egress MAC lookups, enter the following command:

Configuring VLAN Interfaces on the ACE

You can configure a VLAN interface and access its mode to configure its attributes by using the interface vlan command in configuration mode for the context. The syntax of this command is as follows:

interface vlan number

The number argument is the VLAN number you want to assign to the interface. VLAN numbers are 2 to 4094 (VLAN 1 is reserved for internal use and cannot be used).

For example, to create VLAN 200, enter:

To remove a VLAN, use the no interface vlan command. For example, enter:

Additional configurations and commands are available on a VLAN interface that are not documented in this chapter. These configurations are as follows:

Enabling IPv6 on an Interface

To enable IPv6 on an interface, use the ipv6 enable command in interface configuration mode. By default, IPv6 is disabled on an interface. Note that the interface cannot be in bridged mode. The interface may or may not have IPv4 addresses configured on it. The syntax of this command is as follows;

ipv6 enable

When you enter this command, the ACE automatically creates a link-local address for the interface and performs duplicate address detection (DAD).

To disable IPv6 functionality on an interface, enter the following command:

Assigning IPv6 Addresses to an Interface for Routing Traffic

The ACE supports several types of IPv6 addresses on an interface as follows:

For details about each address type, see Chapter 2, Overview of IPv6 .

The following subsections describe how to configure the various types of IPv6 addresses:

Configuring an IPv6 Link-Local Address

A link-local address is an IPv6 unicast address that has a scope of the local link only and is required on every interface. You can configure a link-local address manually or you can instruct the ACE to generate one automatically. Every link-local address has a predefined prefix of FE80::/64. You can configure only one IPv6 link-local address on an interface. Any additional IPv6 link-local address that you configure will overwrite the existing one. For more information about IPv6 link-local addresses, see Chapter 2, Overview of IPv6 .

To automatically configure a link-local address on an interface, use the ipv6 enable command or configure a global IPv6 address on an interface. For information about the ipv6 enable command, see the "Enabling IPv6 on an Interface" section.

To manually configure a link-local address on an interface, use the ip address command in interface configuration mode. The syntax of this command is as follows:

ip address ipv6_address / prefix_length link-local

The keywords and arguments are as follows:

For example, to configure a link-local address on VLAN 100, enter the following commands:

To remove a link-local address from an interface, enter the following commands:

Configuring an IPv6 Peer Link-Local Address

In a redundant configuration, you can configure an IPv6 peer link-local address for the standby ACE. You can configure only one peer link-local address on an interface. Any additional peer link-local address that you configure will overwrite the existing one.

To configure a peer link-local address, use the peer ip address command in interface configuration mode. The syntax of this command is as follows:

peer ip address ipv6_address / prefix_length link-local

For example, to configure a peer link-local address on VLAN 100, enter the following commands:

To remove a peer link-local address from VLAN 100, enter the following commands:

Configuring an IPv6 Unique-Local Address

A unique-local address is an optional IPv6 unicast address that is used for local communication within an organization and it is similar to a private IPv4 address (for example, 10.10.2.1). Unique local addresses have a global scope, but they are not routable on the internet, and they are assigned by a central authority. All unique-local addresses have a predefined prefix of FC00::/7. You can configure only one IPv6 unique-local address on an interface. Any additional unique-local address that you configure will overwrite the existing one. For more information about unique-local addresses, see Chapter 2, Overview of IPv6 .

To configure a unique-local address on an interface use the ip address command in interface configuration mode. The syntax of this command is as follows:

ip address ipv6_address / prefix_length unique-local [ eui64 ]

For example, to configure a unique-local address on VLAN 100, enter the following commands:

To remove a unique-local address from an interface, enter the following commands:

Configuring an IPv6 Peer Unique-Local Address

In a redundant configuration, you can configure an IPv6 peer unique-local address on the active that is synchronized to the standby ACE. You can configure only one peer unique-local IPv6 address on an interface. Any additional peer unique-local address that you configure will overwrite the existing one.

To configure an IPv6 peer unique-local address, use the peer ip address command in interface configuration mode. The syntax of this command is as follows:

peer ip address ipv6_address / prefix_length unique-local

The keywords and arguments are:

For example, to configure a peer unique-local IPv6 address on VLAN 100, enter the following commands:

To remove an IPv6 peer unique-local IPv6 address from an interface, enter the following commands:

Configuring an IPv6 Global Address

A global address is an optional IPv6 unicast address that is used for general IPv6 communication. Each global address is unique across the entire Internet. Therefore, its scope is global. The low order 64 bits can be assigned in several ways, including autoconfiguration using the EUI-64 format. You can configure only one global IPv6 address on an interface. Any additional global address that you configure will overwrite the existing one. For more information about global addresses, see Chapter 2, Overview of IPv6 .

To configure an IPv6 global address on an interface, use the ip address command in interface configuration mode. The syntax of this command is as follows:

ip address ipv6_address / prefix_length [ eui64 ]

For example, to configure an IPv6 global address on VLAN 100 using the EUI-64 format, enter the following commands:

To configure a global address without using EUI-64, enter the following command:

To remove an IPv6 global address from an interface, enter the following commands:

Configuring an IPv6 Peer Global Address

In a redundant configuration, you can configure an IPv6 peer global address that is synchronized to the standby ACE.

To configure an IPv6 peer global address, use the peer ip address command in interface configuration mode. The syntax of this command is as follows:

peer ip address ipv6_address / prefix_length [ eui64 ]

The arguments and option are as follows:

For example, to configure an IPv6 peer global address and prefix for the peer ACE, enter the following commands:

To remove an IPv6 peer global address from an interface, enter the following commands:

Configuring an IPv6 Alias Address

When you configure redundancy with active and standby ACEs, you can configure a VLAN interface that has an IPv6 alias address that is shared between the active and standby ACEs. The IPv6 alias address serves as a shared gateway for the two ACEs in a redundant configuration. The IPv6 alias address can be a unique-local or a global unicast address. You can configure only one IPv6 alias address on an interface. Any additional IPv6 alias address that you configure will overwrite the existing one.

To configure an IPv6 alias, use the alias command in interface configuration mode. The syntax of this command is as follows:

alias ipv6_address

For example, to configure an IPv6 alias unique-local address, enter the following commands:

To remove an IPv6 alias unique-local address from an interface, enter the following commands:

For example, to configure an IPv6 alias global address, enter the following commands:

To remove an IPv6 alias global address from an interface, enter the following commands:

Assigning IPv4 Addresses to Interfaces for Routing Traffic

The ACE supports only one primary IP address with a maximum of 15 secondary addresses per interface. It treats the secondary addresses the same as a primary address and handles IP broadcasts and ARP requests for the subnet that is assigned to the secondary address as well as the interface routes in the IP routing table.

The ACE accepts client, server, or remote access traffic on the primary and secondary addresses. When the destination for the control plane (CP)-originated packets is Layer 2 adjacent to either the primary subnet or one of the secondary subnets, the ACE uses the appropriate primary or secondary interface IP address for the destination subnet as the source IP address. For any destination that is not Layer 2 adjacent, the ACE uses the primary address as the source IP address. For packets destined to the secondary IP address, the ACE sends the response with the secondary IP address as the source address.

Observe the following requirements and restrictions when you assign an IP address to an interface:

When you configure access to an interface, the ACE applies the access to all IP addresses configured on the interface.

When you configure remote network management access on an interface, the interface does not require an ACL. However, it does require a management class map and management policy map configuration. For information on configuring remote access to the ACE, see the Administration Guide, Cisco ACE Application Control Engine .

To assign an IPv4 address to a VLAN interface, use the ip address command in interface configuration mode. The syntax of this command is as follows:

ip address ip_address mask [ secondary ]

If you do not include the secondary option, this address becomes the primary IP address. An interface can have only one primary IP address. To make the VLAN active, you must configure a primary IP address for the interface.

The primary address must be active before the secondary address can be active.

For example, to assign the IP address and mask 192.168.1.1 255.255.255.0 to VLAN interface 200, enter:

If you make a mistake while entering this command, you can reenter the command with the correct information.

To assign a secondary IP address and mask 11.11.1.1 255.255.255.0 to VLAN interface 200, enter:

To remove the IP address for the VLAN, use the no ip address command. For example, enter:

To remove a secondary IP address for the VLAN, enter:

Configuring a Peer IP Address

When you configure redundancy, by default, configuration mode on the standby ACE is disabled and changes on an active ACE are automatically synchronized on the standby ACE. However, interface IP addresses on the active and standby ACEs must be unique. To ensure that the addresses on the interfaces are unique, the IP address of an interface on the active ACE is synchronized on the standby ACE as the peer IP address.

To configure the IP address for an interface on a standby ACE, use the peer ip address command in interface configuration mode. The peer IP address on the active ACE is synchronized on the standby ACE as the interface IP address. The syntax of this command is:

peer ip address ip_address mask [ secondary ]

When the destination for the control plane (CP)-originated packets is Layer 2 adjacent to either the primary subnet or one of the secondary subnets, the ACE always uses the appropriate primary or secondary interface IP address that belongs to the destination subnet as the source IP address. For any destination that is not Layer 2 adjacent, the ACE uses the primary address as the source IP address.

For packets destined to the secondary IP address, the ACE sends the response with the secondary IP address as the source address.

SSL probes always uses the primary IP address as the source address for all destinations.

You cannot configure secondary IP addresses on FT VLANs.

For example, to configure an IPv4 address and netmask of the peer ACE, enter:

To configure a secondary IP address and mask for the peer ACE, enter:

To delete the IP address for the peer ACE, enter:

To delete the secondary IP address for the peer ACE, enter:

Configuring an Alias IP Address

When you configure redundancy with active and standby ACEs, you can configure a VLAN interface that has an alias IP address that is shared between the active and standby ACEs. The alias IP address serves as a shared gateway for the two ACEs in a redundant configuration.

The ACE also uses an alias IP address assigned to a VLAN to address a network device that you want to hide from the rest of the network. Typically, you assign alias IP addresses to VLANs with stealth firewalls so that the firewall remains invisible. An ACE uses the alias IP address configured on another ACE as the destination of the load-balancing process to direct flows through the firewalls. For details about configuring firewalls and firewall load balancing (FWLB) on the ACE, refer to the Server Load-Balancing Guide, Cisco ACE Application Control Engine .

To configure an alias IP address, use the alias command in interface configuration mode. The syntax of this command is as follows:

alias ip_address netmask [ secondary ]

The secondary alias address becomes active only when the corresponding secondary IP address on the same subnet is configured. If you remove the secondary IP address, the secondary alias address becomes inactive.

For example, to configure an alias IP address, enter:

To configure a secondary alias IP address, enter:

To remove an alias IP address, enter:

To remove a secondary alias IP address, enter:

Disabling and Enabling Traffic on Interfaces

When you configure an interface, the interface is in the shutdown state until you enable it. If you disable or reenable the interface within a context, only that context interface is affected.

To enable the interface, use the no shutdown command in interface configuration mode. For example, enter:

To disable a VLAN, use the shutdown command in interface configuration mode. The syntax of this command is as follows:

For example, to disable VLAN 3, enter:

Configuring the IPv6 MTU for a Layer 3 interface

For IPv6, the minimum MTU is 1280 and the default maximum transmission unit (MTU) is 1500 bytes. This value is sufficient for most applications, but you can pick a lower number if network conditions require this value (for example, to avoid fragmentation over IPSec tunnels) or a larger value (for example, for jumbo frames). Data that is larger than the MTU value is fragmented before being sent.

Keep in mind the following configuration retrictions and guidelines when you configure an MTU for IPv6 traffic:

To specify the MTU for an IPv6 interface, use the ipv6 mtu command in interface configuration mode. This command allows you to set the data size that is sent on a connection. The syntax of this command is as follows:

ipv6 mtu bytes

The bytes argument is the number of bytes in the MTU. For IPv6, enter a number from 1280 to 9216 bytes. The default is 1500.

For example, to specify the MTU data size of 1360 for a Layer 3 interface, enter the following command:

To reset the MTU block size to 1500 bytes, use the no ipv6 mtu command. For example, enter the following command:

Configuring the IPv4 MTU for an Interface

For IPv4, the default MTU is a 1500-byte block for Ethernet interfaces. This value is sufficient for most applications, but you can pick a lower number if network conditions require this value (for example, to avoid fragmentation over IPSec tunnels) or a larger value (for example, for jumbo frames). Data that is larger than the MTU value is fragmented before being sent.

To specify the MTU for an interface, use the mtu command in interface configuration mode. This command allows you to set the data size that is sent on a connection. The syntax of this command is as follows:

The bytes argument is the number of bytes in the MTU. For IPv4, enter a number from 68 to 9216 bytes. The default is 1500.

For example, to specify the MTU data size of 1000 for an interface:

To reset the MTU block size to 1500 bytes, use the no mtu command. For example, enter:

Autogenerating a MAC Address for a VLAN Interface

By default, the ACE does not allow traffic from one context to another context over a transparent firewall. The ACE assumes that VLANs in different contexts are in different Layer 2 domains, unless it is a shared VLAN. The ACE allocates the same MAC address to the VLANs.

When you are using a firewall service module (FWSM) to bridge traffic between two contexts on the ACE, you must assign two Layer 3 VLANs to the same bridge domain. To support this configuration, these VLAN interfaces require different MAC addresses.

To enable the autogeneration of a MAC address on a VLAN interface, use the mac-address autogenerate command in interface configuration mode. The syntax of this command is as follows:

mac-address autogenerate

For example, enter:

To disable MAC address autogeneration on the VLAN, use the no mac-address autogenerate command. For example, enter:

Enabling the Mac-Sticky Feature

The mac-sticky feature ensures that the ACE sends return traffic to the same upstream device through which the connection setup from the original client was received. When you enable this feature, the ACE uses the source MAC address from the first packet of a new connection to determine the device to send the return traffic. This guarantees that the ACE sends the return traffic for load-balanced connections to the same device originating the connection. By default, the ACE performs a route lookup to select the next hop to reach the client.

This feature is useful when the ACE receives traffic from Layer 2 and Layer 3 adjacent stateful devices, like firewalls and transparent caches, guaranteeing that it sends return traffic to the correct stateful device that sourced the connection without any requirement for source NAT. For more information on firewall load balancing, see the Security Guide, Cisco ACE Application Control Engine .

To enable the mac-sticky feature for a VLAN interface, use the mac-sticky enable command in interface configuration mode. By default, the mac-sticky feature is disabled on the ACE. The syntax of this command is:

mac-sticky enable

For example, to enable the mac-sticky feature, enter:

To disable the mac-sticky feature, use the no mac-sticky enable command. For example, enter:

Providing an Interface Description

You can provide a description for the interface by using the description command in interface configuration mode. The syntax of this command is as follows:

description text

The text argument is the description for the interface. Enter an unquoted text string that contains a maximum of 240 alphanumeric characters including spaces.

For example, to provide the description of POLICY MAP 3 FOR INBOUND AND OUTBOUND TRAFFIC, enter:

To remove the description for the interface, use the no description command. For example, enter:

Configuring the UDP Booster Feature

When a network application requires very high UDP connection rates, configure the UDP booster feature. For detailed information concerning this feature and its configuration, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine . To enable this feature, use the udp command in interface configuration mode. The syntax of this command is as follows:

udp { ip-source-hash | ip-destination-hash }

The keywords are as follows:

For example, for a client-side interface, to enable the UDP hash forwarding on the source IP address of the UDP packets, enter:

To disable this feature, enter:

Removing the ACE Ethernet IP Packet Trailing Byte

By default, the ACE does not perform an internal length check on an Ethernet IP packet to determine whether there are any trailing bytes appended to it. If the packet has an appended byte, the ACE would ignore and forward the packet.

To enable an internal length check and remove the trailing byte appended to the end of an Ethernet IP packet coming into the ACE, use the remove-eth-pad command in interface configuration mode for the VLAN. The syntax of this command is as follows:

remove-eth-pad

To disable an internal length check and the removal of the trailing byte, enter:

Assigning a Policy Map to an Interface

When you assign a policy map to a VLAN interface, the ACE can use the map to evaluate all network traffic on the interface. For more information on configuring policy maps, see the Administration Guide, Cisco ACE Application Control Engine .

You can apply one or more policy maps to a VLAN interface or globally to all VLAN interfaces in the same context. A policy map activated on an interface overwrites any specified global policy maps for overlapping classifications and actions.

You can assign multiple policy maps on an interface. However, the ACE allows only one policy map to be active on an interface at a given time. The order in which you configure the policy maps on the ACE is important.

To assign a policy map to an interface, use the service-policy command in interface configuration mode for an individual interface, or use the service-policy command in configuration mode for all interfaces in the same context.

The syntax of this command is as follows:

service-policy input policy_name

The keyword and argument are as follows:

For example, to specify a VLAN interface and apply multiple service policies to a VLAN, enter:

For example, to globally apply multiple service policies to all of the VLANs associated with a context, enter:

To remove a traffic policy from a VLAN interface, enter:

To globally remove a traffic policy from all VLANs associated with a context, enter:

Applying an Access List to an Interface

To allow the traffic to pass on an interface, you must apply ACLs to a VLAN interface. You can apply one ACL of each type (extended, ICMP, or EtherType) to both directions of the interface. For more information about ACLs and ACL directions, see the Security Guide, Cisco ACE Application Control Engine .

For connectionless protocols, you must apply the ACL to the source and destination interfaces if you want traffic to pass in both directions. For example, to allow Border Gateway Protocol (BGP) in an ACL in transparent mode, you must apply the ACL to both interfaces.

To apply an ACL to the inbound or outbound direction of an interface and make the ACL active, use the access-group command in interface configuration mode.

access-group { input | output } acl_name

The options and arguments are as follows:

To remove an ACL from an interface, use the no access-group command. For example, enter:

Displaying Interface Information

You can display information for the interfaces by using the show interface command. This section contains the following topics:

(ACE appliance only) You can display information for an Ethernet data port, Ethernet management port, or a port-channel virtual interface by using the show interface command. See Chapter 1 "Configuring ACE Appliance Ethernet Interfaces" for details.

Displaying IPv6 VLAN and BVI Information

You can use the show ipv6 interface command in Exec mode to display the IPv6 statistics for all VLANs and BVIs or a specified VLAN or BVI interface. The syntax of this command is as follows:

show ipv6 interface [ bvi number | vlan number ]

The bvi | vlan number options display the IPv6 information for the specified VLAN or bridge-group virtual interface number.

If you enter the show ipv6 interface command with no options, the ACE displays all VLAN and BVI interfaces. For example, to display IPv6 interface information for BVI 23, enter:

Table 3-2 describes the fields in the show ipv6 interface command output.

Table 3-2 Field Descriptions for the show ipv6 interface Command Output

Displaying IPv6 Interface Summary Information

You can use the show ipv6 interface brief command in Exec mode to view summary information for all VLANs and BVIs or a specified VLAN or BVI. The syntax of this command is as follows;

show ipv6 interface brief [ bvi number | vlan number ]

If you enter the show ipv6 interface command with no options, the ACE displays all VLAN and BVI interfaces. For example, to display IPv6 interface summary information for VLAN 300, enter:

Table 3-3 describes the fields in the show ipv6 interface brief command output.

Table 3-3 Field Descriptions for the show ipv6 interface brief Command Output

Displaying IPv4 VLAN and BVI Information

You can use the show interface command in Exec mode to display the details, statistics, or IP information for all or a specified VLAN or BVI interface. The syntax of this command is as follows:

show interface [ bvi number | vlan number ]

The bvi | vlan number options display the information for the specified VLAN or bridge-group virtual interface number.

If you enter the show interface command with no options, the ACE displays all VLAN and BVI interfaces. For example, enter:

Table 3-4 describes the fields in the show interface command output.

Table 3-4 Field Descriptions for the show interface Command Output

Displaying IPv4 VLAN and BVI Summary Statistics

You can use the show ip interface brief command in Exec mode to display a brief configuration and status summary of all interfaces or a specified BVI or a VLAN display. The syntax of this command is as follows:

show ip interface brief [ bvi number | vlan number ]

If you enter the show ip interface brief command with no options, the ACE displays all VLAN and BVI interfaces. For example, enter:

Table 3-5 describes the fields in the show ip interface brief command output.

Table 3-5 Field Descriptions for the show ip interface brief Command Output

Displaying the ACE Module Interface Ethernet Out-of-Band Channel Information

You can display the ACE module Ethernet out-of-band channel (EOBC) information by using the show interface eobc command in Exec mode. This command is available in the Admin context only. For example, enter:

Table 3-6 describes the fields in the show interface eobc command output for the ACE module.

Table 3-6 Field Descriptions for the show interface eobc Command Output

Displaying the Internal Interface Manager Tables

You can display the internal interface manager tables and events by using the show interface internal command in Exec mode. The syntax of this command is as follows:

show interface internal { event-history { dbg | mts } | iftable [ interface_name ] | seciptable | vlantable [ vlan_number ]}

For example, to display the interface internal debug event history starting with the most recent event, enter:

To display the interface internal message event history starting with the most recent event, enter:

To display the master interface table, enter:

To display the master VLAN table, enter:

Displaying ACE Module VLANs Downloaded from the Supervisor Engine

You can use the show vlans command in Exec mode for the Admin context to display the VLANs on the ACE module downloaded from the supervisor engine. For example, enter:

Displaying ACE Module Private VLAN Information

The private VLAN feature on the Catalyst 6500 series switch or Cisco 7600 series router works with the ACE module. The Cisco IOS PVLAN configuration populates the PVLAN mapping database on the ACE module. See the documentation for the switch or router for detailed information.

To display the private VLANs on the ACE module that are downloaded from the supervisor engine, use the show pvlans command in Exec mode. For example, enter:

Table 3-7 describes the fields in the show pvlans command output.

Table 3-7 Field Descriptions for the show pvlans Command Output

Clearing Interface Statistics

You can clear the statistics displayed through the show interface command by using the clear interface command in Exec mode. The syntax of this command is as follows:

clear interface [ vlan number | bvi number ]

If you do not enter an option and argument, the statistics for all VLANs and BVIs are set to zero. The options and arguments are as follows:

For example to clear the statistics for VLAN 10, enter:

Custom Book

Welcome to the custom book wizard. Using this tool you can create books containing a custom selection of content. To get started, enter a name for the book or select an existing book to add to.

Select the topics and posts that you would like to add to your book.

Preview your selected content before you download or save to your dashboard.

PDF View with Adobe Reader on a variety of devices.

ePub View in various apps on iPhone, iPad, Android, Sony Reader or Windows devices.

Mobi View on Kindle device or Kindle app on multiple devices.

Save to Dashboard

Save the custom book to your dashboard for future downloads.

Your contact details will be kept confidential and will not be shared outside Cisco. If we need additional information regarding your feedback, we will contact you at this email address.

Select Folder

Content library - -.

Click on the file types below to dowload the content in that format.

  • Technical Forums
  • Security / SD-WAN

Configuring IPv6 on VLANS

  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Printer Friendly Page

jotech

  • Mark as New
  • Report Inappropriate Content

Solved! Go to Solution.

PhilipDAth

View solution in original post

  • All forum topics
  • Previous Topic

alemabrahao

  • New February 14: [Contest Closed] Valentine’s Contest ‌💌‌ — Share some ‌💘‌
  • February 5: Enhanced Reporting for Inappropriate Content = Better Community Experience
  • February 5: Recognizing the January 2024 Members of the Month

View all community news »

  • 3rd Party VPN 129
  • Auto VPN 243
  • Client VPN 359
  • Firewall 402

custom.footer.

  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Terms of Use

Example: Configuring port-based IPv6 multicast VLAN

Network configuration.

As shown in Figure 33 :

Layer 3 device Switch A runs MLDv1 and acts as the MLD querier. Layer 2 device Switch B runs MLDv1 snooping.

The IPv6 multicast source sends IPv6 multicast data to IPv6 multicast group FF1E::101. Receivers Host A, Host B, and Host C belong to VLAN 2, VLAN 3, and VLAN 4, respectively.

Configure a port-based IPv6 multicast VLAN on Switch B to meet the following requirements:

Switch A sends IPv6 multicast data to Switch B through the IPv6 multicast VLAN.

Switch B forwards the IPv6 multicast data to the receivers in different user VLANs.

Figure 33: Network diagram

how to add ipv6 address to vlan

Configure Switch A:

# Enable IPv6 multicast routing.

# Create VLAN 20, and assign GigabitEthernet 1/0/2 to the VLAN.

# Assign an IPv6 address to VLAN-interface 20, and enable IPv6 PIM-DM on the interface.

# Create VLAN 10, and assign GigabitEthernet 1/0/1 to the VLAN.

# Assign an IPv6 address to VLAN-interface 10, and enable MLD on the interface.

Configure Switch B:

# Enable the MLD snooping feature.

# Create VLAN 10, assign GigabitEthernet 1/0/1 to the VLAN, and enable MLD snooping for the VLAN.

# Create VLAN 2, and enable MLD snooping for the VLAN.

# Create VLAN 3, and enable MLD snooping for the VLAN.

# Create VLAN 4, and enable MLD snooping for the VLAN.

# Configure GigabitEthernet 1/0/2 as a hybrid port, and configure VLAN 2 as the PVID of the hybrid port.

# Assign GigabitEthernet 1/0/2 to VLAN 2 and VLAN 10 as an untagged VLAN member.

# Configure GigabitEthernet 1/0/3 as a hybrid port, and configure VLAN 3 as the PVID of the hybrid port.

# Assign GigabitEthernet 1/0/3 to VLAN 3 and VLAN 10 as an untagged VLAN member.

# Configure GigabitEthernet 1/0/4 as a hybrid port, and configure VLAN 4 as the PVID of the hybrid port.

# Assign GigabitEthernet 1/0/4 to VLAN 4 and VLAN 10 as an untagged VLAN member.

# Configure VLAN 10 as an IPv6 multicast VLAN.

# Assign GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 to VLAN 10.

# Assign GigabitEthernet 1/0/4 to VLAN 10.

Verifying the configuration

# Display information about IPv6 multicast VLANs on Switch B.

# Display dynamic MLD snooping forwarding entries on Switch B.

The output shows that MLD snooping maintains the user ports in the multicast VLAN (VLAN 10). Switch B will forward the IPv6 multicast data of VLAN 10 through these user ports.

© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP

  • Menu ▾

Setting up an IPv6 VLAN

My internet service provider ( FIOS ) doesn’t yet (sad face) offer IPv6 capable service, so I’ve set up an IPv6 tunnel using the Hurricane Electric tunnel broker. I want to provide IPv6 connectivity to multiple systems in my house, but not to all systems in my house 1 . In order to meet those requirements, I’m going to set up the tunnel on the router, and then expose connectivity over an IPv6-only VLAN. In this post, we’ll walk through the steps necessary to set that up.

Parts of this post are going to be device specific: for example, I’m using a Ubiquiti EdgeRouter X as my Internet router, so the tunnel setup is going to be specific to that device. The section about setting things up on my Linux desktop will be more generally applicable.

There are three major parts to this post:

Configure the EdgeRouter

This shows how to set up an IPv6 tunnel and configure an IPv6-only VLAN on the EdgeRouter.

Configure the switch

This is only necessary due to the specifics of the connection between my desktop and the router; you can probably skip this.

Configure the desktop

This shows how to set up the IPv6 VLAN interface under Linux using nmcli .

What we know ⌗

When you set up an IPv6 tunnel with hurricane electric, you receive several bits of information. We care in particular about the following (the IPv6 addresses and client IPv4 addresses here have been munged for privacy reasons):

IPv6 Tunnel Endpoints ⌗

Routed ipv6 prefixes ⌗.

We’ll refer back to this information as we configured things later on.

Configure the EdgeRouter ⌗

Create the tunnel interface ⌗.

The first step in the process is to create a tunnel interface – that is, an interface that looks like an ordinary network interface, but is in fact encapsulating traffic and sending it to the tunnel broker where it will unpacked and sent on its way.

I’ll be creating a SIT tunnel, which is designed to “interconnect isolated IPv6 networks” over an IPv4 connection.

I start by setting the tunnel encapsulation type and assigning an IPv6 address to the tunnel interface. This is the “Client IPv6 Address” from the earlier table:

Next I need to define the local and remote IPv4 endpoints of the tunnel. The remote endpoint is the “Server IPv4” address. The value 0.0.0.0 for the local-ip option means “whichever source address is appropriate for connecting to the given remote address”:

Finally, I associate some firewall rulesets with the interface. This is import because, unlike IPv4, as you assign IPv6 addresses to internal devices they will be directly connected to the internet . With no firewall rules in place you would find yourself inadvertently exposing services that previously were “behind” your home router.

I’m using the existing WANv6_IN and WANv6_LOCAL rulesets, which by default block all inbound traffic. These correspond to the following ip6tables chains:

As you can see, both rulesets block all inbound traffic by default unless it is related to an existing outbound connection.

Create a vlan interface ⌗

I need to create a network interface on the router that will be the default gateway for my local IPv6-only network. From the tunnel broker, I received the CIDR 2001:470:1237:1212::/64 for local use, so:

  • I’ve decided to split this up into smaller networks (because a /64 has over 18 quintillion available addresses). I’m using /110 networks in this example, which means I will only ever be able to have 262,146 devices on each network (note that the decision to use a smaller subnet impacts your choices for address autoconfiguration; see RFC 7421 for the relevant discussion).

I’m using the first /110 network for this VLAN, which comprises addresses 2001:470:1237:1212::1 through 2001:470:1237:1212::3:ffff . I’ll use the first address as the router address.

I’ve arbitrarily decided to use VLAN id 10 for this purpose.

To create an interface for VLAN id 10 with address 2001:470:1237:1212::1/110 , we use the set interfaces ... vif command:

Configure the default IPv6 route ⌗

We don’t receive router advertisements over the IPv6 tunnel, which means we need to explicitly configure the IPv6 default route. The default gateway will be the “Server IPv6 Address” we received from the tunnel broker.

Enable router advertisements ⌗

IPv6 systems on our local network will use the neighbor discovery protocol to discover the default gateway for the network. Support for this service is provided by RADVD , and we configure it using the set interfaces ... ipv6 router-advert command:

The managed-flag setting corresponds to the RADVD AdvManagedFlag configuration setting, which instructs clients to use DHCPv6 for address autoconfiguration.

Configure the DHCPv6 service ⌗

While in theory it is possible for clients to assign IPv6 addresses without the use of a DHCP server using stateless address autoconfiguration , this requires that we’re using a /64 subnet (see e.g. RFC 7421 ). There is no such limitation when using DHCPv6.

Here I’m largely setting things up to mirror the configuration of the IPv4 dhcp server for the name-server , domain-search , and lease-time settings. I’m letting the DHCPv6 server allocate pretty much the entire network range, with the exception of the first 10 addresses.

Commit the changes ⌗

After making the above changes they need to be activated:

Verify the configuration ⌗

This produces the following interface configuration for tun0 :

And for switch0.10 :

And the following route configuration:

We can confirm things are properly configured by accessing a remote service that reports our ip address:

Configure the switch ⌗

In my home network, devices in my office connect to a switch, and the switch connects back to the router. I need to configure the switch (an older Netgear M4100-D12G) to pass the VLAN on to the desktop.

Add vlan 10 to the vlan database with name ipv6net0 ⌗

I start by defining the VLAN in the VLAN database:

Configure vlan 10 as a tagged member of ports 1-10 ⌗

Next, I configure the switch to pass VLAN 10 as a tagged VLAN on all switch interfaces:

Configure the desktop ⌗

With the above configuration in place, traffic on VLAN 10 will arrive on my Linux desktop (which is connected to the switch we configured in the previous step). I can use nmcli , the NetworkManager CLI, to add a VLAN interface (I’m using Fedora 37, which uses NetworkManager to manage network interface configuration; other distributions may have different tooling).

The following command will create a connection named vlan10 . Bringing up the connection will create an interface named vlan10 , configured to receive traffic on VLAN 10 arriving on eth0 :

This produces the following interface configuration:

Note that unlike access using IPv4, the address visible here is the address assigned to our local interface. There is no NAT happening at the router.

Cover image by Chris Woodford/explainthatstuff.com , licensed under CC BY-NC-SA 3.0 .

Some services (Netflix is a notable example) block access over the IPv6 tunnels because it breaks their geolocation process and prevents them from determining your country of origin. I don’t want to break things for other folks in my house just because I want to play with IPv6.  ↩︎

Configuring an IPv6 RA on a VLAN

You must configure the IPv6 RA functionality on a VLAN for it to send solicited or unsolicited RAs on the IPv6 network. You must configure the following for the IPv6 RA to be operational on a VLAN:

  • IPv6 global unicast address
  • Enable IPv6 RA
  • IPv6 RA prefix

Important Points to Note

  • The advertised IPv6 prefix length must be 64 bits for the stateless address autoconfiguration to be operational.
  • You can configure up to three IPv6 prefixes per VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface.
  • Each IPv6 prefix must have an on-link interface address configured on the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. .
  • Ensure you configure the upstream routers to route the packets back to Aruba managed device .

The following procedure describes how to configure the IPv6 RA Router Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. on a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. :

  • In the Managed Network node hierarchy, navigate to the Configuration > Interfaces > VLANs tab.
  • Select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.  name under the VLANs table.
  • Select the corresponding VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID from the VLANs <name> table and click the IPv6 tab.
  • Expand the IP Address Assignment accordion.
  • Enable Use Static addresses. IPV6 addresses table appears .
  • Click + in IPV6 addresses.
  • In the Add New IPV6 addresses pop-up, select Global unicast for Address Type. Enter the IPV6 address and select the Use EUI-64 Format check box, if applicable. Click OK .
  • To enable an IPv6 RA on a VLAN, select the Router advertisements (ra) check box under Neighbor Discovery accordion.
  • Click + in the RA prefixes table in the Neighbor Discovery accordion.
  • Enter a value in the IPv6 RA  field.

You can add up to three IPv6 prefixes per VLAN interface.

  • Click Submit .
  • Click Pending Changes .
  • In the Pending Changes window, select the check box and click Deploy changes .

The following CLI commands configure RA on a VLAN:

(host) [md](config) #interface vlan <vlanid>

(host) [md](config-subif)#ipv6 address <prefix>/<prefix-length>

(host) [md](config-subif)#ipv6 nd ra enable

(host) [md](config-subif)#ipv6 nd ra prefix X:X:X:X::X/64

how to add ipv6 address to vlan

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

How to tag IPv4 and IPv6 packets with different VLAN tags on a Linux box?

I want to tag incoming IPv4 and IPv6 packets from a dual stack enabled connection with different VLAN tags, e.g. IPv4 packets should go to VLAN4 and IPv6 packets should go to VLAN6. To be more general, I want to split the dual stack ip stream with mixed IPv4 and IPv6 packets into two clean single stack networks so you will not find any IPv4 packet on a IPv6 network and vise versa. I need this to test and support an IPv6 only network. And of course I still need the IPv4 data. It cannot simply be dropped.

I had a look at the Linux bridge and at nftables but wasn't able to find a solution. How can I achieve this selective tagging?

  • systemd-networkd

Ingo's user avatar

  • 2 Show your VLAN interfaces and routing table. –  Michael Hampton Feb 10, 2021 at 12:32
  • 1 Is the Linux box acting as a router, or a bridge? –  Gordon Davisson Feb 11, 2021 at 9:43
  • @MichaelHampton Thanks for having a look at the question and asking for details. Only looking for an example to answer the details give me the idea for a solution :-) –  Ingo Feb 11, 2021 at 23:05
  • @GordonDavisson It is not the question what we have. The goal defines what to use. In this case we have to use a bridge as I found in my answer. –  Ingo Feb 11, 2021 at 23:09
  • Is there a reason you cannot simply have the two vlan interfaces and assign the local addresses to these to match what you like, letting the normal routing table do the work instead of all this bridging and filtering and stuff? –  Håkan Lindqvist Feb 12, 2021 at 15:30

2 Answers 2

While your answer apparantly works for you, it does seem overly complicated. I'm doubtful though that it does what you want, as it lacks any IPv4 addresses in the given output (apart from lo).

Creating 2 tagged interfaces (named e.g. vlan4 and vlan6), assigning them IPv4 and IPv6 addresses + gateways, and disabling SLAAC with sysctl for the IPv4 one should be sufficient.

There's neither need for bridging nor messing with nftables apart from what you would need to enable flow between eth0 and eth1.

fuero's user avatar

  • This does not answer my question. You suggest to split one line into two interfaces. As shown in the drawing I have only one line to continue and it must be a so called trunk line for upstream connection to a router. A trunked line is one line transporting several virtual networks where the ip packets are differentiated by the VLAN tag. –  Ingo Sep 17, 2023 at 8:40

I have found a solution. Because I want to manipulate VLANs, I have to use a bridge. VLAN is working on OSI layer 2 and a bridge is the device that can handle layer 2 protocols. So first I added two VLAN interfaces to the physical interface eth1 . Then added all interfaces eth0 , vlan4 and vlan6 to the bridge. The rest is done by nftables .

IPv4 and IPv6 are defined on layer3 and have no different meaning on layer 2. So nftables can handle them just as packets with different "marks", which is the protocol type in the IP header. Fortunately nftables can select them with meta protocol {} . It directs the incoming untagged IPv4 and IPv6 packets to the corresponding VLAN interface. Tagging is done automagically by the interface as usual. I use systemd-networkd and here is the configuration in detail.

First create the network devices vlan4, vlan6 and the bridge br0:

Then attach the interfaces to eth1 and to the bridge:

Now just bring up the bridge:

After a reboot this will give you:

It is also worth to check with resolvectl . Now we have to do the final step and redirect the packets with nftables using these rules:

On the forward chain this will drop all IPv6 to/from interface vlan4 and only allow it on interface vlan6 . All other stuff is dropped on interface vlan6 , but by the chains default policy accepted on interface vlan4 . This ensures that all old stuff like ARP and other broadcasts go also to interface vlan4 .

The output chain is only to avoid that the bridge itself sends packets to the wrong VLAN. On my configuration it uses only IPv6 (single stack) so everything will be dropped by the chains default policy, except IPv6 to vlan6 .

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged debian ipv6 vlan ipv4 systemd-networkd ..

  • The Overflow Blog
  • Would you trust an AI bot to find the fix for vulnerabilities in your code?
  • Who owns this tool? You need a software component catalog
  • Featured on Meta
  • Site maintenance - Saturday, February 24th, 2024, 14:00 - 22:00 UTC (9 AM - 5...
  • Upcoming privacy updates: removal of the Activity data section and Google...

Hot Network Questions

  • Was Alexei Navalny poisoned in 2020 with Novichok nerve agents by Russia's Federal Security Service?
  • Which Potentials lead to Kepler's second Law?
  • Putting a term under the square root
  • Is macOS `prefPane` app possible containing virus?
  • Based on ranges, for a given number, I want to increment it by another number
  • Is QFT qubit recycling compatible with Zeckendorf's Fibonacci representation of integers?
  • Series about a Teen girl goes to dragon themed summer camp after lifelong obsession with dragons, finds out she's a descendant of dragon slayers
  • Manager asked for home address without giving a reason. Should I have provided it?
  • How to not fear the supernatural?
  • Maze-Jigsaw Fusion
  • Derivation of Coulomb's law from Maxwell's equations
  • The problem of philosophy?
  • Why doesn't the Moon disrupt the orbits of geostationary satellites?
  • How to remove artifacts in Plot3D?
  • What was the ‘obvious’ new answer to Asimov’s Pâté de Foie Gras made possible by scientific advance?
  • XTR Double chain set to single?
  • Hiding public IP address while using free DynDns?
  • Why is everything based on likelihoods even though likelihoods are so small?
  • compute accurate derivatives using FFT
  • Can i connect my P-45 Digital Piano to play keys on my computer?
  • Increasing trust in a downloaded binary
  • Why does my opto behave like this?
  • What is this Bottom Bracket tool called?
  • Strings without twin letters

how to add ipv6 address to vlan

IMAGES

  1. IPV6 address implementation for VLANs Clients by DHCPv6 Server

    how to add ipv6 address to vlan

  2. Switch

    how to add ipv6 address to vlan

  3. VLAN Lab

    how to add ipv6 address to vlan

  4. How to assign an IPv6 address to LAN clients?

    how to add ipv6 address to vlan

  5. How to create a vlan on a cisco switch

    how to add ipv6 address to vlan

  6. How to Configure IPv6 on CISCO Router?

    how to add ipv6 address to vlan

VIDEO

  1. FEATURES OF IPv6

  2. Router IPv6 Configuration

  3. 23- IPv4 Routing

  4. Understanding IPv4 Addressing

  5. How to Implement VLAN with IP Address

  6. learn basics: IP address, VLAN, subnetting

COMMENTS

  1. Configuration Example: IPv6 Inter-VLAN Communication

    $31.99 (Save 20%) Configuration Example: IPv6 Inter-VLAN Communication Figure 3-2 shows the network topology for the configuration that follows, which demonstrates how to configure IPv6 inter-VLAN communication using commands covered in this chapter. Some commands used in this configuration are from previous chapters.

  2. Solved: IPv6 on vlans

    What do I need to do to add IPv6 to my VLANs? Router interfaces: interface GigabitEthernet0/0 description OUTSIDE ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto ipv6 address dhcp ipv6 address autoconfig ipv6 enable ipv6 nd dad attempts 0 ipv6 nd autoconfig default-route ipv6 dhcp client pd hint ::/64

  3. Configuring a static IPv6 address on a VLAN

    Syntax: [no] ipv6 address fe80::<interface-id> link-local If IPv6 is not already enabled on the VLAN, this command enables IPv6 and configures a static link-local address. If IPv6 is already enabled on the VLAN, this command overwrites the current, link-local address with the specified static address.

  4. How do I create an IPv6 VLAN routing interface using the web interface

    Click Unit 1. The ports display. Click the gray box under port 1 until U displays, indicating that the egress packet is untagged for the port. Click Apply. Specify the PVID on port 1/0/1. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.

  5. IPv6

    1 IPv6 - InterVlan Routing SunilKhanna Beginner 03-19-2012 04:05 AM - edited ‎03-01-2019 04:47 PM Introduction IPv6 host residing in different VLANS communicate via L3 device to route between the VLANS. The solution known as Intervlan Routing or Router on stick, a very well known solution of IPv4.

  6. how to configure static ipv6 and additional ipv6 with same vlan?

    1 I'm having trouble with configuration static ipv6 address and additonal ipv6 on same interface (eth4). static ipv6 configuraiton issue firstly, I configure below vi /etc/network/interfaces

  7. How does VLAN subnetting work on IPv6?

    How does VLAN subnetting work on IPv6? Ask Question Asked 6 years, 5 months ago Modified 2 years ago Viewed 20k times 8 I have a network with about dozen VLANs, most with inter-VLAN routing, some without. They might talk to each other but not to the other's gateway.

  8. IPv6

    Here is the config used on the router interface for SLAAC. PC12 (config-if)#int Ethernet0/0. PC12 (config-if)#ipv6 enable. PC12 (config-if)#ipv6 address autoconfig. And we get an IP address in the correct range ! I can also ping vlan 10 interface. PC12#sh ipv6 int brie. Ethernet0/0 [up/up] FE80::A8BB:CCFF:FE00:800.

  9. Configuring IPv6 Addresses

    1. In the Managed Network node hierarchy, navigate to the Configuration > Interfaces > VLANs tab. 2. Select a Vlan from the VLANs table. 3. Select the corresponding Vlan Id from the VLANS <Vlan name> table. 4. Select the IPv6 tab and expand the IP Address Assignment accordion. 5. Enable Use Static addresses. IPV6 addresses table appears. 6.

  10. Cisco Content Hub

    To add an SVI to the MSFC and configure it with a VLAN assigned to the ACE module, perform the following steps: Step 1 (Optional) If you need to add more than one SVI to the ACE module, enter the following command: Router (config)# svclc multiple-vlan-interfaces. Step 2 Add a VLAN interface to the MSFC.

  11. Configuring IPv6 Addresses

    Click + in IPv6 addresses. In the Add New IPV6 addresses pop-up, select Global unicast for Address Type. Enter the IPV6 address and select the Use EUI-64 Format check box, if applicable. Click OK. Click Submit. Click Pending Changes. In the Pending Changes window, select the check box and click Deploy changes.

  12. Configuring an IPv6 RA on a VLAN

    ID from the VLANs <name> table and click the IPv6 tab. 4. To configure an IPv6 global unicast address, follow the steps below: a. Expand the IP Address Assignment accordion. b. Enable Use Static addresses. IPV6 addresses table appears. c. Click + in IPV6 addresses. d. In the Add New IPV6 addresses pop-up, select Global unicast for Address Type.

  13. IPv6 Addressing and Basic Connectivity Configuration Guide ...

    An IPv6 address prefix, in the format ipv6-prefix / prefix-length, can be used to represent bit-wise contiguous blocks of the entire address space.The ipv6-prefix must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons. The prefix length is a decimal value that indicates how many of the high-order contiguous bits of the ...

  14. Solved: Configuring IPv6 on VLANS

    Solved: We recently recieved a dedicated line with multiple IPv4 addresses and a IPv6 address to use for our systems. I have configured our Meraki. Community Technical Forums; Groups. ... But I am not sure how to use this across multiple VLANS. I figure I need to add this as an IPv6 Prefix and I can then set each VLAN to 'Auto' in the config.

  15. Example: Configuring port-based IPv6 multicast VLAN

    Configure Switch A: # Enable IPv6 multicast routing. <SwitchA> system-view [SwitchA] ipv6 multicast routing [SwitchA-mrib6] quit # Create VLAN 20, and assign GigabitEthernet 1/0/2 to the VLAN. [SwitchA] vlan 20 [SwitchA-vlan20] port gigabitethernet 1/0/2 [SwitchA-vlan20] quit

  16. Setting up an IPv6 VLAN :: blog.oddbit.com

    There are three major parts to this post: Configure the EdgeRouter. This shows how to set up an IPv6 tunnel and configure an IPv6-only VLAN on the EdgeRouter. Configure the switch. This is only necessary due to the specifics of the connection between my desktop and the router; you can probably skip this. Configure the desktop.

  17. Catalyst 2960-X Switch IPv6 Configuration Guide, Cisco IOS Release 15.0

    To access Cisco Feature Navigator, go to http:/ / www.cisco.com/ go/ cfn. An account on Cisco.com is not required. Information About Configuring IPv6 Host Functions This chapter describes how to configure IPv6 host functions on the Catalyst 2960, 2960-S, 2960-C, 2960-X switch. Note

  18. IPV6 address implementation for VLANs Clients by DHCPv6 Server

    Step 1: Creates sub-interfaces for each VLANs (VLAN 10, 20,30) and assigns IPV6 addresses: # int G0.10 # encapsulation dot1Q 10 # IPV6 Address 2001:db8:170:10::1/64 # IPV6 DHCP server vlan10 //Pointing to IPv6 DHCP pool name & IPv6 Prefix # ipv6 nd other-config-flag //Pointing to IPv6 DHCP DNS-Server address ! # int G0.20 # encapsulation dot1Q 20

  19. Assign correctly IPv6 to VLANs? : r/Ubiquiti

    The best way to do this would be to write an up hook for the networking manager you're using on the RPi. When the network interface comes up, wait for IPv6 to be assigned to the interface, then add a static IPv6 address based on the prefix that was assigned. For example prefix::100. That's how I do it currently.

  20. Configuring an IPv6 RA on a VLAN

    To configure an IPv6 RA prefix for a VLAN, follow the steps below: Click + in the RA prefixes table in the Neighbor Discovery accordion. Enter a value in the IPv6 RA field. Click OK. You can add up to three IPv6 prefixes per VLAN interface. Click Submit. Click Pending Changes.

  21. Solved: IPv6 on vlans

    All three IPv6 addresses are pingable from the outside world. The switch and router are connected with OSPF. I am not able to add the eui-64 prefix to my VLAN. What do I need to do to add IPv6 to my VLANs? Router interfaces: interface GigabitEthernet0/0 description OUTSIDE ip address dhcp ip nat outside ip virtual-reassembly in duplex auto ...

  22. debian

    1. I want to tag incoming IPv4 and IPv6 packets from a dual stack enabled connection with different VLAN tags, e.g. IPv4 packets should go to VLAN4 and IPv6 packets should go to VLAN6. To be more general, I want to split the dual stack ip stream with mixed IPv4 and IPv6 packets into two clean single stack networks so you will not find any IPv4 ...

  23. Configure an IP address for that VLAN interface

    5 Configure an IP address for that VLAN interface tie Beginner 12-05-2012 10:31 AM - edited ‎03-07-2019 10:25 AM Hello everyone, I am hoping that someone can point in the right direction. I just got my geeky hands on a two 3750G switches and went, "Yuppie no more router on a stick for me, inter vlan routing here I come!!!"