ping -i6 is not working over different VLANs

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
2 VLANs, both ipforwarding ipv4 and ipv6 enabled, but still no ping ipv6 possible from one machine in VLAN1 to another machine in vlan2.

vlan-config:

create vlan vlan1
conf vlan1 tag 101
conf vlan1 ipadd 192.168.101.254/24
ena ipforward vlan1
ena ipforward ipv6 vlan1
conf vlan1 add po 1-4 tag


create vlan vlan2
conf vlan2 tag 102
conf vlan2 ipadd 192.168.102.254/24
ena ipforward vlan1
ena ipforward ipv6 vlan1
conf vlan2 add po 1-4 tag

Server in vlan1 has ipv4 IP 192.168.101.1/24
Server in vlan2 has ipv IP 192.168.102.1/24

Ping from Server vlan1 to Server vlan2 using ipv4 is working fine in both directions, so no Problem with Gateway or down vlans.
Ping -i6 is not working at all.

Any ideas what I've done wrong?

Kind Regards
Marco
Photo of Marco Lorenz

Marco Lorenz

  • 694 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Kawawa

Kawawa, GTAC

  • 3,160 Points 3k badge 2x thumb
Hi Marco, Hi Marco, I can't seem to see any IPv6 addresses defined in your configs above, please shre those addresses as well.  Secondly, have you either enabled a routing protocol for the IPv6 interfaces or defined static routes to tell each VLAN how to get to the other?
Photo of Marco Lorenz

Marco Lorenz

  • 694 Points 500 badge 2x thumb
Hi Kawawa,

the vlans don't have any ipv6-addresses. But ena ipf ipv6 vlan1 worked without Errors.
Maybe this is the mistake ;-) I know that ena ipf vlan1 will not work without any assigned ipv4-address to vlan1.
Why do I need a routing protocol? I don't have static routes for ipv4 as well. Both vlans are configred at the coreswitch and normally ena ipf vlan1 and ena ipf vlan2 leads to a connection between both vlans.

Kind reagrds
Marco
Photo of Kawawa

Kawawa, GTAC

  • 3,160 Points 3k badge 2x thumb
  1. If you want to have IPv6 routes, you'll need to define IPv6 addresses to the participating interfaces
  2. The enable ipforwarding ipv6 vlan <vlan> command will take effect without any issues, it's the IPv4 address that will return an error
  3. If you're getting from one host to another within the same subnet, you can do so without routes, however, if you have 2 VLANs, you'll need to tell HOST-A in VLAN 1 how to get to HOST b in VLAN 2, because VLANs dont forward traffic between each other unless you tell them how to
Photo of Marco Lorenz

Marco Lorenz

  • 694 Points 500 badge 2x thumb
3. i know that vlans do not Forward traffic if I don't tell the machines how to reach the other one in another vlan.

core-Switch has the following ips:
 vlan1 192.168.101.254/24
vlan2 192.168.102.254/24

Machine in vlan1 has ip 192.168.101.1/24 with Gateway 192.168.101.254
Machine in vlan2 has  ip 192.168.102.1/24 with Gateway 192.168.102.254
Both Gateways reside on the same Switch and both vlans are ipforwarding enabled and it works.

Isn't it the same with ipv6?
For sure, I have to assign ipv6 addresses to vlan1 and vlan2 at the core Switch, assign these addresses to the respective machine as Gateway and enable ipforwarding ipv6 on both vlans at core.

Kind Regards and sorry for my stupid question ;-)
Marco
Photo of Kawawa

Kawawa, GTAC

  • 3,160 Points 3k badge 2x thumb
Not to worry, that's the beauty of a community like this, we explore together.  Let me know when everything works. :)
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
Really stupid question(s):
Do you have "enable ipforwarding ipv6 vlan1" and "enable ipforwarding ipv6 vlan2" (i.e. forwarding on for both vlans) I'm just asking because your snippets only show it for vlan1, but that might have been a copy/paste issue.

But yes, IP6 address on vlan1, IP6 address on vlan2, use those as the respective default (or network specific) gateways on the servers, and things should work.

Would you mind posting more of the V6-specific configs - you can anonymize the beginning of your V6 addresses by starting them out with "2001:db8:..." - as well as perhaps the relevant parts from the two servers?
Photo of Marco Lorenz

Marco Lorenz

  • 694 Points 500 badge 2x thumb
Hello Frank,

you are right - copy-paste-error ;-) Sorry for that.
I don't have any other ipv6-config. Thats really everything I have configured for ipv6.
Although I'm within network configurations for over 15years now, I am a newbie to ipv6 :-(
IPs are already anonymized or better say, they are not the same es in production environment.
I will give it a try with assigning ipv6-addresses to the vlans and will tell the results to the community.

To explain, why I Need this now.
The customer has upgraded his active Directory to 2012R2 and he is experiencing many DNS-Errors. Searching the reason for this error lead to ipv6. DCs are "talking" over ipv6 as Long as this protocoll is enabled.
Maybe someone else here hast AD- and DNS-Errors in an ipv6-enabled Domain and searches for these keywords ;-).
Photo of Frank

Frank

  • 3,662 Points 3k badge 2x thumb
But I don't see any IP6 address in your config snippet :( That's all V4
If all you have are "fe80..." addresses, those are 'link local', and I'm not sure how well they route.
If you don't have real V6 space from anyone, you could use "fd..." networks - V6's "private" space (fd00::/8, see https://en.wikipedia.org/wiki/Private_network and here's a generator tool: http://www.simpledns.com/private-ipv6.aspx to maximize chances of having a unique private network. Think "avoiding 192.168.1.0/24" :) )
Photo of Marco Lorenz

Marco Lorenz

  • 694 Points 500 badge 2x thumb
Solved.
Like you stated before - missing ipv6-address on both VLANs was the Problem.
Thanks a lot. I've learned a lot about v6 today...