CS计算机代考程序代写 IOS dns DHCP Module 8: SLAAC and DHCPv6

程序代写 CS代考 / DHCP, dns, IOS

Module 8: SLAAC and DHCPv6
Switching, Routing and Wireless Essentials v7.0 (SRWE)

Module Objectives
Module Title: SLAAC and DHCPv6
Module Objective: Configure dynamic address allocation in IPv6 networks.
Topic Title
Topic Objective
IPv6 Global Unicast Address Assignment
Explain how an IPv6 host can acquire its IPv6 configuration.
SLAAC
Explain the operation of SLAAC.
DHCPv6
Explain the operation of DHCPv6
Configure DHCPv6 Server
Configure a stateful and stateless DHCPv6 server.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

8.1 IPv6 GUA Assignment
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

IPv6 GUA Assignment
IPv6 Host Configuration
On a router, an IPv6 global unicast address (GUA) is manually configured using the ipv6 address ipv6-address/prefix-length interface configuration command.
• A Windows host can also be manually configured with an IPv6 GUA address configuration, as shown in the figure.
• However, manually entering an IPv6 GUA can be time consuming and somewhat error prone.
• Therefore, most Windows host are enabled to dynamically acquire an IPv6 GUA configuration.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

IPv6 GUA Assignment
IPv6 Host Link-Local Address
If automatic IPv6 addressing is selected, the host will use an Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement (RA) message to help it autoconfigure an IPv6 configuration.
• The IPv6 link-local address is automatically created by the host when it boots and the Ethernet interface is active.
• The interface did not create an IPv6 GUA in the output because the network segment did not have a router to provide network configuration instructions for the host.
• Note: The “%” and number at the end of the link-local address is known as a Zone ID or Scope ID and is used by the OS to associate the LLA with a specific interface.
• Note: DHCPv6 is defined in RFC 3315.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

IPv6 GUA Assignment
IPv6 GUA Assignment
By default, an IPv6-enabled router periodically send ICMPv6 RAs which simplifies how a host can dynamically create or acquire its IPv6 configuration.
• A host can dynamically be assigned a GUA using stateless and stateful services.
• All stateless and stateful methods in this module use ICMPv6 RA messages to suggest to the host how to create or acquire its IPv6 configuration.
• Although host operating systems follow the suggestion of the RA, the actual decision is ultimately up to the host
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

IPv6 GUA Assignment
Three RA Message Flags
How a client obtains an IPv6 GUA depends on settings in the RA message. An ICMPv6 RA message includes the following three flags:
• A flag – The Address Autoconfiguration flag signifies to use Stateless Address Autoconfiguration (SLAAC) to create an IPv6 GUA
• O flag – The Other Configuration flag signifies that additional information is available from a stateless DHCPv6 server.
• M flag – The Managed Address Configuration flag signifies to use a stateful DHCPv6 server to obtain an IPv6 GUA.
Using different combinations of the A, O and M flags, RA messages inform the host about the dynamic options available.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8.2 SLAAC
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

SLAAC
SLAAC Overview
Not every network has access to a DHCPv6 server but every device in an IPv6 network needs a GUA. The SLAAC method enables hosts to create their own unique IPv6 global unicast address without the services of a DHCPv6 server.
• SLAAC is a stateless service which means there is no server that maintains network address information to know which IPv6 addresses are being used and which ones are available.
• SLAAC sends periodic ICMPv6 RA messages (i.e., every 200 seconds) providing addressing and other configuration information for hosts to autoconfigure their IPv6 address based on the information in the RA.
• A host can also send a Router Solicitation (RS) message requesting an RA.
• SLAAC can be deployed as SLAAC only, or SLAAC with DHCPv6.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

SLAAC
Enabling SLAAC
R1 G0/0/1 has been configured with the indicated IPv6 GUA and link-local addresses.
The R1 G0/0/01 IPv6 addresses include:
• Link-local IPv6 address – fe80::1
• GUA / subnet – 2001:db8:acad:1::1, 2001:db8:acad:1::/64
• IPv6 all-nodes group – ff02::1
R1 is configured to join the all IPv6 multicast group and start sending RA messages containing address configuration information to hosts using SLAAC.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

SLAAC
Enabling SLAAC (Cont.)
The IPv6 all-routers group responds to the IPv6 multicast address ff02::2.
• The show ipv6 interface command verifies that R1 has joined the IPv6 all-routers group (i.e., ff02::2).
• R1 will now begin to send RA messages every 200 seconds to the IPv6 all-nodes multicast address ff02::1.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

SLAAC
SLAAC Only Method
RA messages from R1 have the following flags set:
• •
• •
A = 1 – Informs the client to use the IPv6 GUA prefix in the RA and dynamically create its own Interface ID.
O = 0 and M = 0 – Informs the client to also use the additional information in the RA message (i.e., DNS server, MTU, and default gateway information).
The ipconfig Windows command confirms that PC1 has generated an IPv6 GUS using the R1 RA.
The default gateway address is LLA of the R1 G0/0/1 interface.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

SLAAC
ICMPv6 RS Messages
A router sends RA messages every 200 seconds or when it receives an RS message from a host.
• IPv6 enabled hosts wishing to obtain IPv6 addressing information send an RS message to the IPv6 all-routers multicast address of ff02::2.
The figure illustrates how a host initiates the SLAAC method.
1. PC1 has just booted and sends an RS message to the IPv6 all-routers multicast address of ff02::2 requesting an RA.
2. R1 generates an RA and then sends the RA message to the IPv6 all-nodes multicast address of ff02::1. PC1 uses this information to create a unique IPv6 GUA.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

SLAAC
Host Process to Generate Interface ID
Using SLAAC, a host acquires its 64-bit IPv6 subnet information from the router RA and must generate the remainder 64-bit interface identifier (ID) using either:
• Randomly generated – The 64-bit interface ID is randomly generated by the client operating system. This is the method now used by Windows 10 hosts.
• EUI-64 – The host creates an interface ID using its 48-bit MAC address and inserts the hex value of fffe in the middle of the address. Some operating systems default to the randomly generated interface ID instead of the EUI-64 method, due to privacy concerns. This is because the Ethernet MAC address of the host is used by EUI-64 to create the interface ID.
Note: Windows, Linux, and Mac OS allow for the user to modify the generation of the interface ID to be either randomly generated or to use EUI-64.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

SLAAC
Duplicate Address Detection
A SLAAC host may use the following Duplicate Address Detection (DAD) process to ensure that the IPv6 GUA is unique.
• The host sends an ICMPv6 Neighbor Solicitation (NS) message with a specially constructed solicited-node multicast address containing the last 24 bits of IPv6 address of the host.
• If no other devices respond with a Neighbor Advertisement (NA) message, then the address is virtually guaranteed to be unique and can be used by the host.
• If an NA is received by the host, then the address is not unique, and the host must generate a new interface ID to use.
Note: DAD is really not required because a 64-bit interface ID provides 18 quintillion possibilities. Therefore, the chance of a duplicate address is remote. However, the Internet Engineering Task Force (IETF) recommends that DAD is used. Therefore, most operating systems perform DAD on all IPv6 unicast addresses, regardless of how the address is configured.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

8.3 DHCPv6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

DHCPv6
DHCPv6 Operation Steps
Stateful DHCPv6 does not require SLAAC while stateless DHCPv6 does.
Regardless, when an RA indicates to use DHCPv6 or stateful DHCPv6:
1. The host sends an RS message.
2. The router responds with an RA message.
3. The host sends a DHCPv6 SOLICIT message.
4. The DHCPv6 server responds with an ADVERTISE message.
5. The host responds to the DHCPv6 server.
6. The DHCPv6 server sends a REPLY message.
Note: Server to client DHCPv6 messages use UDP destination port 546 while client to server DHCPv6 messages use UDP destination port 547.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

DHCPv6
Stateless DHCPv6 Operation
If an RA indicates the stateless DHCPv6 method, the host uses the information in the RA message for addressing and contacts a DHCPv6 server for additional information.
Note: The DHCPv6 server only provides configuration parameters for clients and does not maintain a list of IPv6 address bindings (i.e. stateless).
For example, PC1 receives a stateless RA message containing:
• The IPv6 GUA network prefix and prefix length.
• A flag set to 1 informing the host to use SLAAC.
• O flag set to 1 informing the host to seek that additional configuration information from a DHCPv6 server.
• M flag set to the default value 0.
• PC1 sends a DHCPv6 SOLICIT message seeking additional information from a stateless DHCPv6 server.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

DHCPv6
Enable Stateless DHCPv6 on an Interface
Stateless DHCPv6 is enabled using the ipv6 nd other-config-flag interface configuration command setting the O flag to 1.
The highlighted output confirms the RA will tell receiving hosts to use stateless autoconfigure (A flag = 1) and contact a DHCPv6 server to obtain another configuration information (O flag = 1).
Note: You can use the no ipv6 nd other- config-flag to reset the interface to the default SLAAC only option (O flag = 0).
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

DHCPv6
Stateful DHCPv6 Operation
If an RA indicates the stateful DHCPv6 method, the host contacts a DHCPv6 server for all configuration information.
• Note: The DHCPv6 server is stateful and maintains a list of IPv6 address bindings. For example, PC1 receives a stateful RA message
containing:
• The IPv6 GUA network prefix and prefix length.
• A flag set to 0 informing the host to contact a DHCPv6 server.
• O flag set to 0 informing the host to contact a DHCPv6 server.
• M flag set to the value 1.
• PC1 sends a DHCPv6 SOLICIT message seeking additional information from a stateful DHCPv6 server.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

DHCPv6
Enable Stateful DHCPv6 on an Interface
Stateful DHCPv6 is enabled using the ipv6 nd managed-config-flag interface configuration command setting the M flag to 1.
The highlighted output in the example confirms that the RA will tell the host to obtain all IPv6 configuration information from a DHCPv6 server (M flag = 1).
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

8.4 Configure DHCPv6 Server
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

Configure DHCPv6 Server DHCPv6 Router Roles
Cisco IOS routers are powerful devices. In smaller networks, you do not have to have separate devices to have a DHCPv6 server, client, or relay agent. A Cisco IOS router can be configured to provide DHCPv6 server services.
Specifically, it can be configured to be one of the following:
• DHCPv6 Server – Router provides stateless or stateful DHCPv6 services.
• DHCPv6 Client – Router interface acquires an IPv6 IP configuration from a DHCPv6 server.
• DHCPv6 Relay Agent – Router provides DHCPv6 forwarding services when the client and the server are located on different networks.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

Configure DHCPv6 Server
Configure a Stateless DHCPv6 Server
The stateless DHCPv6 server option requires that the router advertise the IPv6 network addressing information in RA messages.
There are five steps to configure and verify a router as a stateless DHCPv6 server:
1. Enable IPv6 routing using the ipv6 unicast-routing command.
2. Define a DHCPv6 pool name using the ipv6 dhcp pool POOL-NAME global config command.
3. Configure the DHCPv6 pool with options. Common options include dns-server X:X:X:X:X:X:X:X and domain-name name.
4. Bind the interface to the pool using the ipv6 dhcp server POOL-NAME interface config command.
• Manually change the O flag from 0 to 1 using the ipv6 nd other-config-flag interface command. RA messages sent on this interface indicate that additional information is available from a stateless DHCPv6 server. The A flag is 1 by default, telling clients to use SLAAC to create their own GUA.
5. Verify that the hosts have received IPv6 addressing information using the ipconfig /all command.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

Configure DHCPv6 Server
Configure a Stateless DHCPv6 Client
A router can also be a DHCPv6 client and get an IPv6 configuration from a DHCPv6 server, such as a router functioning as a DHCPv6 server.
1. Enable IPv6 routing using the ipv6 unicast-routing command.
2. Configure the client router to create an LLA. An IPv6 link-local address is created on a router interface when a global unicast address is configured, or without a GUA using the ipv6 enable interface configuration command. Cisco IOS uses EUI-64 to create the Interface ID.
3. Configure the client router to use SLAAC using the ipv6 address autoconfig command.
4. Verify that the client router is assigned a GUA using the show ipv6 interface brief command.
5. Verify that the client router received other necessary DHCPv6 information. The show ipv6 dhcp interface g0/0/1 command confirms DHCP option information, such as DNS server and domain name, have been received by the client.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Configure DHCPv6 Server
Configure a Stateful DHCPv6 Server
The stateful DHCP server option requires that the IPv6 enabled router tells the host to contact a DHCPv6 server to obtain all necessary IPv6 network addressing information.
There are five steps to configure and verify a router as a stateful DHCPv6 server:
1. 2. 3.
4.
Enable IPv6 routing using the ipv6 unicast-routing command.
Define a DHCPv6 pool name using the ipv6 dhcp pool POOL-NAME global config command.
Configure the DHCPv6 pool with options. Common options include the address prefix command, domain name, DHS server IP address, and more.
Bind the interface to the pool using the ipv6 dhcp server POOL-NAME interface config command. Manually change the M flag from 0 to 1 using the interface command ipv6 nd managed-config-flag.
Manually change the A flag from 1 to 0 using the ipv6 nd prefix default no-autoconfig interface command to inform the client to not to use SLAAC to create a GUA. The router will now respond to stateful DHCPv6 requests with the information contained in the pool.
Verify that the hosts have received IPv6 addressing information using the ipconfig /all command.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
5.
• •

Configure DHCPv6 Server
Configure a Stateful DHCPv6 Client
A router can also be a DHCPv6 client. The client router needs to have ipv6 unicast- routing enabled and an IPv6 link-local address to send and receive IPv6 messages.
There are five steps to configure and verify a router as a stateless DHCPv6 client.
1. Enable IPv6 routing using the ipv6 unicast-routing command.
2. Configure the client router to create an LLA. An IPv6 link-local address is created on a router interface when a global unicast address is configured, or without a GUA using the ipv6 enable interface configuration command. Cisco IOS uses EUI-64 to create an Interface ID.
3. Configure the client router to use DHCPv6 using the ipv6 address dhcp interface config command.
4. Verify that the client router is assigned a GUA using the show ipv6 interface brief command.
5. Verify that the client router received other necessary DHCPv6 information using the show ipv6 dhcp interface g0/0/1 command.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

Configure DHCPv6 Server
DHCPv6 Server Verification Commands
The show ipv6 dhcp pool command verifies the name of the DHCPv6 pool and its parameters. The command also identifies the number of active clients.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

Configure DHCPv6 Server
DHCPv6 Server Verification Commands (Cont.)
Use the show ipv6 dhcp
binding command output to display the IPv6 link-local address of the client and the global unicast address assigned by the server.
• This information is maintained by a stateful DHCPv6 server.
• A stateless DHCPv6 server would not maintain this information.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

Configure DHCPv6 Server
Configure a DHCPv6 Relay Agent
If the DHCPv6 server is located on a different network than the client, then the IPv6 router
can be configured as a DHCPv6 relay agent.
• The configuration of a DHCPv6 relay agent is similar to the configuration of an IPv4 router as a DHCPv4 relay.
• This command is configured on the interface facing the DHCPv6 clients and specifies the DHCPv6 server address and egress interface to reach the server, as shown in the output. The egress interface is only required when the next-hop address is an LLA.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

Configure DHCPv6 Server
Verify the DHCPv6 Relay Agent
Verify that the DHCPv6 relay agent is operational with the show ipv6 dhcp interface and show ipv6 dhcp binding commands.
Verify Windows hosts received IPv6 addressing information with the ipconfig /all command.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

8.5 Module Practice and Quiz
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

Module Practice and Quiz
What Did I Learn In This Module?
• On a router, an IPv6 global unicast addresses (GUA) is manually configured using the ipv6 address ipv6-address/prefix- length interface configuration command.
• When automatic IPv6 addressing is selected, the host will attempt to automatically obtain and configure IPv6 address information on the interface.
• The IPv6 link-local address is automatically created by the host when it boots and the Ethernet interface is active.
• The decision of how a client will obtain an IPv6 GUA depends on the settings within the RA message. An ICMPv6 RA
message includes three flags to identify the dynamic options available to a host:
• A flag – This is the Address Autoconfiguration flag. Use SLAAC to create an IPv6 GUA.
• O flag – This is the Other Configuration flag. Get Other information from a stateless DHCPv6 server.
• M flag – This is the Managed Address Configuration flag. Use a stateful DHCPv6 server to obtain an IPv6 GUA.
• The SLAAC method enables hosts to create their own unique IPv6 global unicast address without the services of a DHCPv6 server. SLAAC, which is stateless, uses ICMPv6 RA messages to provide addressing and other configuration information that would normally be provided by a DHCP server. SLAAC can be deployed as SLAAC only, or SLAAC with DHCPv6. The SLAAC only method is enabled by default when the ipv6 unicast-routing command is configured.
• To enable the sending of RA messages, a router must join the IPv6 all-routers group using the ipv6 unicast-routing global config command. Use the show ipv6 interface command to verify if a router is enabled.
• All enabled Ethernet interfaces with an IPv6 GUA configured will start sending RA messages with the A flag set to 1, and the O and M flags set to 0. The A = 1 flag suggests to the client to create its own IPv6 GUA using the prefix advertised in the RA. The O =0 and M=0 flags instructs the client to use the information in the RA message exclusively.
• A router sends RA messages every 200 seconds. However, it will also send an RA message if it receives an RS message from a host.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

Module Practice and Quiz
What Did I Learn In This Module?
• Using SLAAC, a host typically acquires its 64-bit IPv6 subnet information from the router RA. However, it must generate the remainder 64-bit interface identifier (ID) using one of two methods: randomly generated, or EUI-64.
• The DAD process is used by a host to ensure that the IPv6 GUA is unique. DAD is implemented using ICMPv6. To perform DAD, the host sends an ICMPv6 NS message with a specially constructed multicast address, called a solicited-node multicast address. This address duplicates the last 24 bits of IPv6 address of the host.
• The host begins the DHCPv6 client/server communications after stateless DHCPv6 or stateful DHCPv6 is indicated in the RA.
• Server to client DHCPv6 messages use UDP destination port 546, while client to server DHCPv6 messages use UDP destination port 547.
• The stateless DHCPv6 option informs the client to use the information in the RA message for addressing, but additional configuration parameters are available from a DHCPv6 server. This is called stateless DHCPv6 because the server is not maintaining any client state information.
• Stateless DHCPv6 is enabled on a router interface using the ipv6 nd other-config-flag interface configuration command. This sets the O flag to 1.
• In stateful DHCPv6, the RA message tells the client to obtain all addressing information from a stateful DHCPv6 server, except the default gateway address which is the source IPv6 link-local address of the RA. It is called stateful because the DHCPv6 server maintains IPv6 state information.
• Stateful DHCPv6 is enabled on a router interface using the ipv6 nd managed-config-flag interface configuration command. This sets the M flag to 1.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34

Module Practice and Quiz
What Did I Learn In This Module?
• A Cisco IOS router can be configured to provide DHCPv6 server services as one of the following three types: DHCPv6 server, DHCPv6 client, or DHCPv6 relay agent.
• A router can also be a DHCPv6 client and get an IPv6 configuration from a DHCPv6 server.
• The stateful DHCP server option requires that the IPv6-enabled router tells the host to contact a DHCPv6 server to acquire
all required IPv6 network addressing information.
• For a client router to be a DHCPv6 router, it needs to have ipv6 unicast-routing enabled and an IPv6 link-local address to
send and receive IPv6 messages.
• Use the show ipv6 dhcp pool and show ipv6 dhcp binding commands to verify DHCPv6 operation on a router.
• If the DHCPv6 server is located on a different network than the client, then the IPv6 router can be configured as a DHCPv6
relay agent using the ipv6 dhcp relay destination ipv6-address [interface-type interface-number] command. This command is configured on the interface facing the DHCPv6 clients and specifies the DHCPv6 server address and egress interface to reach the server. The egress interface is only required when the next-hop address is an LLA.
• Verify the DHCPv6 relay agent is operational with the show ipv6 dhcp interface and show ipv6 dhcp binding commands.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35

Related Posts