20 Mar

IPv6 only segments not really working (mostly)

I’ve been playing a little with IPv6 when I was preparing WLAN infrastructure for PLNOG 6 conference in Warsaw last week. Here are few discoveries:
1) Most operating systems (including latest Windows and MacOS X) does not like when network is IPv6-only. All of the systems reported limited network access, even tho they had Internet access via IPv6 network.
2) Most operating system were having problems acquiring DNS server information via DHCPv6. MacOS X does not support DHCPv6 at all, Windows, especially when additional antivirus or firewall software were present, wouldn’t work with DHCPv6 either.
3) We really need statefull NAT64 on routers. On ASR1000 stateless NAT64 is available, but it does not solve lack of IPv4 addresses problem. Statefull NAT64 is expected in Q2 or Q3 this year. NAT-PT on ISR routers is not really a solution because you have to disable CEF for IPv6 to make it work.

12 Mar

Enabling IPv6 passthrough on WLC

Wireless network in controller-based environment is good place to start playing with IPv6. You can create separate VLAN and SSID to provide IPv6 service within network. Cisco wireless devices cannot be configured with IPv6-intelligence yet, therefor you can’t assign IPv6 address to access point or BVI interface if needed nor provide any security features. But they can pass IPv6 traffic between IPv6-aware routers and client devices.

By default stand-alone access point pass IPv6 traffic so no additional configuration is needed as long as routers, where particular VLAN is terminated, is properly configured. On Wireless LAN Controllers IPv6 pass-through have to be enabled for particular WLAN.

IPv6 support can be enabled in Advanced tab of WLAN configuration on controller. But, for some unknown reason, this feature is not available on WLC series 2000, 2100 and NME-WLC, even tho it’s visible on configuration panel. Also 7.0 firmware is recommended.