[c-nsp] Dot11Radio0 ipv6 command

Michael K. Smith - Adhost mksmith at adhost.com
Tue Jun 21 17:11:41 EDT 2011


Hey Everyone:

Here is the configuration.  It's in the 12.1 train IRC.  This was from a
long-ago blog post, so there are some comments in at and the v6 ACL might
be out of date.  All the IP's (v4 and v6) are RFC document ranges.

! BEGIN
!
!
dot11 ssid myssid
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 a-shame-this-is-still-not-md5
!
ip dhcp excluded-address 192.0.2.1 192.0.2.99
!
! This is the Ethernet pool of addresses.
!
ip dhcp pool sdm-pool1
import all
network 192.0.2.0 255.255.255.128
default-router 192.0.2.1
!
! This is the wireless pool of addresses
!
ip dhcp pool wireless-pool
import all
network 192.0.2.128 255.255.255.128
default-router 192.0.2.129
!
! Enable ipv6 globally
!
ipv6 unicast-routing
!
! This is a security check - you shouldn't have a need for source-routing,
similar to IPv4
!
no ipv6 source-route
!
ipv6 cef
!
!
interface Tunnel1
description My IPv6 Tunnel
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 address 2001:db8:1::/126
ipv6 enable
ipv6 traffic-filter ipv6-global-route in
!
! My outside IP address changes frequently, so this way
! I don¹t have to reconfigure the tunnel IP on this end
! However, when it changes, I have to change the tunnel
! IP on the Tunnel Broker Side
!
tunnel source FastEthernet4
tunnel destination 
tunnel mode ipv6ip
!
interface Null0
no ip unreachables
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$$FW_OUTSIDE$
ip dhcp client update dns server both
ip ddns update hostname my.dydns-domain.name
ip ddns update sdm_ddns1
ip address dhcp client-id FastEthernet4 hostname router-name
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip multicast boundary 30
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
ip address 192.0.2.129 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
!
encryption mode ciphers tkip
!
ssid myssid
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
power client 20
station-role root
! 
! The IPv6 address and default gateway that will be assigned when you
connect
!
ipv6 address 2001:db8:2::/64 eui-64
ipv6 enable
!
interface Vlan1
ip address 192.0.2.1 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip multicast boundary 30
ip nat inside
ip virtual-reassembly
ipv6 address 2001:db8:3::/64 eui-64
ipv6 enable
ipv6 nd prefix /64 infinite infinite
!
no ip forward-protocol nd
!
ip nat inside source list 1 interface FastEthernet4 overload
!
logging history informational
!
no cdp run
ipv6 route ::/0 Tunnel1
!
! You may or may not decide to apply an access list like this.  You may
also want to expand upon it, extend it, and get more granular with your
filtering.
!
ipv6 access-list ipv6-global-route
permit ipv6 2001:200::/23 any
permit ipv6 2001:400::/23 any
permit ipv6 2001:600::/23 any
permit ipv6 2001:800::/23 any
permit ipv6 2001:A00::/23 any
permit ipv6 2001:C00::/23 any
permit ipv6 2001:E00::/23 any
permit ipv6 2001:1200::/23 any
permit ipv6 2001:1400::/23 any
permit ipv6 2001:1600::/23 any
permit ipv6 2001:1800::/23 any
permit ipv6 2001:1A00::/23 any
permit ipv6 2001:1C00::/22 any
permit ipv6 2001:2000::/20 any
permit ipv6 2001:3000::/21 any
permit ipv6 2001:3800::/22 any
permit ipv6 2001:4000::/23 any
permit ipv6 2001:4200::/23 any
permit ipv6 2001:4400::/23 any
permit ipv6 2001:4600::/23 any
permit ipv6 2001:4800::/23 any
permit ipv6 2001:4A00::/23 any
permit ipv6 2001:4C00::/23 any
permit ipv6 2001:5000::/20 any
permit ipv6 2001:8000::/19 any
permit ipv6 2001:A000::/20 any
permit ipv6 2001:B000::/20 any
permit ipv6 2002::/16 any
permit ipv6 2003::/18 any
permit ipv6 2400::/12 any
permit ipv6 2600::/12 any
permit ipv6 2610::/23 any
permit ipv6 2620::/23 any
permit ipv6 2800::/12 any
permit ipv6 2A00::/12 any
permit ipv6 2C00::/12 any
sequence 500 deny ipv6 any any log-input




On 6/21/11 1:21 PM, "Gert Doering" <gert at greenie.muc.de> wrote:

>Hi,
>
>On Tue, Jun 21, 2011 at 04:47:17PM +0000, Michael K. Smith - Adhost wrote:
>> You can do IPv6 on the 87x series, it's just kludgy.  You have to use a
>> separate /64 for the wireless and attach it to the VLAN interface, while
>> leaving the IPv4 address on the dot11Radio interface.
>> 
>> If anyone would like to see a working configuration let me know and I'll
>> send it offlist.
>
>I'd like to see a working configuration, and for the benefits of the
>archive, the list might want to see it as well :-)
>
>(Just replace any public addresses by 2001:db8:...)
>
>What IOS version is this on?
>
>thanks in advance,
>
>gert
>
>-- 
>USENET is *not* the non-clickable part of WWW!
>                  
>//www.muc.de/~gert/
>Gert Doering - Munich, Germany
>gert at greenie.muc.de
>fax: +49-89-35655025
>gert at net.informatik.tu-muenchen.de




More information about the cisco-nsp mailing list