Basic Asus RT-N10U IPv6 wireless routing issue
Shadow Hawkins on Monday, 29 September 2014 19:58:59
Hello!
I'm trying to get Asus RT-N10U WLAN AP to work with IPv6, but there is something wrong. Maybe someone at this forum can explan this behaviour or confirm that Asus IPv6 implementation is not working. Asus is currently configured as Wireless router mode, and all firewalls are disabled. Network traffic is working ok in IPv4.
Some background:
I have Cisco 800 running as hearthbeat tunnel device. Cisco is also running recent 15.4(2)T1 IOS version. One /64 network is reserved for the network between PoP and Cisco. I also have /48 network available, and I have assigned one /64 to a vlan 100 for the "normal" workstation network.
Configuration from Cisco side for LAN interface
interface Vlan100
description LAN Interface Ethernet VLAN 100
ip address <one C-class private network assigned>
ip nat inside
ip virtual-reassembly in
vlan-id dot1q 100
exit-vlan-config
!
ipv6 address FE80::1 link-local
ipv6 address 2001:<removed>55::1/64
ipv6 enable
ipv6 mtu 1280
ipv6 nd prefix 2001:<removed>55::/64 7200 7200 no-autoconfig
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd router-preference High
ipv6 nd ra interval 60
ipv6 dhcp relay destination 2001:<removed>55::14
ipv6 inspect IPv6Rule out
ipv6 traffic-filter IPv6-DENY out
As you can see, I'm having DHCP (and DNS) server with address (2001:<removed>55::14) at same /64 network, and Cisco is forwarding DHCP requests to that server, too.
I have also tried IPv6 routing from the VLAN100 to Asus WAN and LAN networks:
ipv6 route 2001:<removed>56::1/128 Vlan100 2001<removed>55::11
ipv6 route 2001:<removed>56::/64 Vlan100 2001<removed>55::11
From Asus side, I have IPv6 enabled and configured as Static IPv6
WAN settings are IP: 2001:<removed>55::11, this is from same subnet and same VLAN as the previous VLAN100 configuration is shown.
WAN Prefix Length: 64
WAN Gateway 2001:<removed>55::1 (this is Cisco's IPv6 address)
For Asus LAN settings I have assigned another /64 network. This is not used in somewhere else.
LAN: 2001:<removed>56::1
LAN Prefix Length: 64
LAN prefix: 2001:<removed>56::
IPv6 DNS server: (2001:<removed>55::14)
There is also Windows 7-workstation, which get's IPv4 and IPv6 address from the same DHCP server mentioned before. Let's say this has IPv6 address: 2001:<removed>55::1234
Test case 1:
ipv6 ping from Windows 7 to Asus WAN IP
2001:<removed>55::1234 --> 2001:<removed>55::11
Result: Working, no issues
Test case 2:
ipv6 ping from Windows 7 to Asus LAN IP -- Request timed out
2001:<removed>55::1234 --> 2001:<removed>56::1
Result: Not working, Request timed out
Test case 3:
ipv6 ping from Windows 7 to Asus WAN IP and also at the same time ipv6 ping from Windows 7 to Asus LAN IP
Result: Ping to WAN interfaces, like in #1. But after couple of seconds also ping to LAN interface starts to work. Also, when I stop the ipv6 ping to WAN IP, LAN ping will stop after max 30 seconds.
Questions: Any idea, why it takes ping to Asus WAN IPv6 address to get routing to work to Asus LAN IPv6 address, too? Do I needs to create another VLAN with different ipv6 nd settings, because Asus cannot handle DHCPv6?
I don't get IPv6 connectivity from any WLAN device currently. These test cases are just something I can easily repeat and I have feeling that this needs to be fixed first.
Thanks, Sami
Basic Asus RT-N10U IPv6 wireless routing issue
Jeroen Massar on Monday, 29 September 2014 23:47:25
You mention "Asus", but don't state what firmware/version it is running.
ipv6 address FE80::1 link-local
Why are you forcing the link-local address?
ipv6 mtu 1280
If this is an Ethernet link, why not use the standard 1500 byte MTU?
I have also tried IPv6 routing from the VLAN100 to Asus WAN and LAN networks:
Is the VLAN configured properly on all ports/devices?
For Asus LAN settings I have assigned another /64 network. This is not used in somewhere else.
Do you route that prefix from the Cisco to the Asus?
Note that configuration might not match running config.
ipv6 ping from Windows 7 to Asus LAN IP -- Request timed out 2001:<removed>55::1234 --> 2001:<removed>56::1 Result: Not working, Request timed out
Is "forwarding" enabled on the Asus?
Result: Ping to WAN interfaces, like in #1. But after couple of seconds also ping to LAN interface starts to work. Also, when I stop the ipv6 ping to WAN IP, LAN ping will stop after max 30 seconds.
Might be a Neighbor Discovery issue/clash.
Your best idea: Wireshark on each link to see what is visible there.
Basic Asus RT-N10U IPv6 wireless routing issue
Shadow Hawkins on Tuesday, 30 September 2014 17:57:36
Jeroen Massar wrote:
You mention "Asus", but don't state what firmware/version it is running.
Thats Asus RT-N10U running original Asus 3.0.0.4.374_5517 firmware and device is configured for Wireless router mode. This is the latest firmware available.
> ipv6 address FE80::1 link-local
Why are you forcing the link-local address?
I had some troubles defining default router to DHCP server, and with this setting I have LAN segment now working ok with IPv4/IPv6 dual stack.
> ipv6 mtu 1280
If this is an Ethernet link, why not use the standard 1500 byte MTU?
I haven't had time to wonder is IPv6 can handle fragments better than IPv4. Like those above, after some try&error, this has shown to work.
> I have also tried IPv6 routing from the VLAN100 to Asus WAN and LAN networks:
Is the VLAN configured properly on all ports/devices?
Asus is connected to a normal access port on the Cisco router.
interface FastEthernet7
description Asus RT-N10U
switchport access vlan 100
no ip address
duplex full
speed 100
> For Asus LAN settings I have assigned another /64 network. This is not used in somewhere else.
Do you route that prefix from the Cisco to the Asus?
Note that configuration might not match running config.
Routing config on the Cisco side should be ok. I'll route statically first address of the LAN /64 network and also whole /64. I know the first route (...::1/128) is more or less not needed, but just in case.
Is "forwarding" enabled on the Asus?
There is no such configuration setting visible on Asus GUI. I assume that the wireless routing mode (comparing Access point, which kills all Ipv6) should just do the trick.
Might be a Neighbor Discovery issue/clash.
Asus WAN ipv6 address is shown in the Cisco router ipv6 neighbors -list.
Your best idea: Wireshark on each link to see what is visible there.
Thanks for the help. If someone can verify that this Asus device is capable of providing IPv6 connections I would like to hear more. Also any additional tips are welcome.
Basic Asus RT-N10U IPv6 wireless routing issue
Jeroen Massar on Tuesday, 30 September 2014 18:55:15 > > ipv6 mtu 1280 > If this is an Ethernet link, why not use the standard 1500 byte MTU? > I haven't had time to wonder is IPv6 can handle fragments better than IPv4. Like those above, after some try&error, this has shown to work.
PathMTU solves this. The problem with setting the MTU wrong is that you lose packetsize on the local network and some devices might not use the RAs value.
Routing config on the Cisco side should be ok. I'll route statically first address of the LAN /64 network and also whole /64. I know the first route (...::1/128) is more or less not needed, but just in case.
You do not have to route the specific if you have a covering address. Also, all boxes need an address out of the same prefix anyway, thus it does not need a more specific address.
You might want to show those routes, seems there might be a big issue.
If someone can verify that this Asus device is capable of providing IPv6 connections I would like to hear more
It likely is just another Linux box with a GUI. You might want to check if OpenWRT/DD-WRT has support for it, as then you gain a lot of insight in the internal workings of it all.
Basic Asus RT-N10U IPv6 wireless routing issue
Shadow Hawkins on Saturday, 01 November 2014 09:47:50
Hello!
I think I found out at least one more bug from my installation. When updating Cisco IOS to 15.4.2T2 I noticed after reboots that there was access list blocking IPv6 traffic between Wifi-clients and local Windows Domain controller, which works also as a DNS server.
I have no idea, why those denies were not shown in logs before but at least this is now fixed.
http://test-ipv6.com/ shows now 10/10 from Windows Wifi-connected workstation and also from Ipad.
Thanks.
Posting is only allowed when you are logged in. |