1 00:00:02,289 --> 00:00:08,717 [music] 2 00:00:08,717 --> 00:00:14,371 In this section we're going to take a look at how to manually 3 00:00:14,371 --> 00:00:19,577 configure IPv6 addresses on your devices. 4 00:00:19,723 --> 00:00:23,105 We're going to start off with a base topology I have built here. 5 00:00:23,105 --> 00:00:26,043 We're going to use this for most of the course. 6 00:00:26,357 --> 00:00:28,812 I have some of the addressing done already, 7 00:00:28,812 --> 00:00:30,821 some of the addressing designed. 8 00:00:31,113 --> 00:00:35,135 Where we're going to be looking at right now is going to be on the 9 00:00:35,135 --> 00:00:41,263 VLAN 36 interfaces between Router 3 and Router 6. 10 00:00:41,263 --> 00:00:47,938 It's going to mostly involve FA0/0.36 on Router 3, 11 00:00:47,938 --> 00:00:51,541 just to start with for this first section. 12 00:00:51,541 --> 00:00:57,880 And then we'll move on to assigning addresses to Router 6 and so on. 13 00:00:58,190 --> 00:01:02,543 So we're going to start with manually assigning IPv6 addresses, 14 00:01:02,543 --> 00:01:05,493 and there's actually quite a few ways to do this, 15 00:01:05,493 --> 00:01:08,794 which is why we're going to take a minute here to do it. 16 00:01:08,960 --> 00:01:15,475 The first one would just simply be to type: ipv6 enable. 17 00:01:15,617 --> 00:01:18,771 So if we switch over here to the command line, and let me 18 00:01:18,771 --> 00:01:26,632 hop onto our Router 3, and we'll say, interface FA0/0.36. 19 00:01:26,850 --> 00:01:31,839 And just to start with, we'll just do show ipv6 interface brief. 20 00:01:32,207 --> 00:01:37,715 And you can see here that as of right now FA 0/0.36 21 00:01:37,715 --> 00:01:40,635 does not have any IPv6 addresses on it. 22 00:01:41,621 --> 00:01:46,069 The first command is just to simply say, ipv6 enable. 23 00:01:46,069 --> 00:01:50,799 I think a lot of people misunderstand this command on the Cisco router, 24 00:01:50,799 --> 00:01:53,570 that maybe you have to put it in or something 25 00:01:53,582 --> 00:01:55,699 like that, and that's not the case. 26 00:01:56,478 --> 00:02:01,099 IPv6 enable is a way of enabling IPV6 on an interface, 27 00:02:01,099 --> 00:02:03,807 but certainly not the only one. 28 00:02:03,929 --> 00:02:11,524 What you get if you type ipv6 enable, is you're going to get a 29 00:02:11,524 --> 00:02:21,605 show ipv6 interface brief, and you're going to end up with nothing 30 00:02:21,605 --> 00:02:25,508 but a link-local address on that interface. 31 00:02:25,508 --> 00:02:30,067 That link-local address is of course going to be based off of the 32 00:02:30,067 --> 00:02:35,251 client ID that we discussed earlier, and that of course comes from, 33 00:02:35,251 --> 00:02:39,821 if I were to say, do show interface FA0/0, 34 00:02:43,743 --> 00:02:46,697 and look at the burned in MAC address on it, 35 00:02:47,712 --> 00:02:54,736 this is that semi-well-known formatting - EUI-64 - 36 00:02:54,736 --> 00:02:56,145 we're going to look at in a minute, 37 00:02:56,145 --> 00:03:03,762 defaults to using this for the link-local address, which is, you take 38 00:03:03,762 --> 00:03:08,039 the second least significant bit - which is right here - 39 00:03:08,397 --> 00:03:13,936 of the first byte of the MAC address and you flip the 40 00:03:13,936 --> 00:03:17,044 second least significant bit to a 1. 41 00:03:17,044 --> 00:03:21,749 That's your local global bit indicating that this address is now 42 00:03:21,749 --> 00:03:23,833 a global unique address. 43 00:03:23,994 --> 00:03:27,005 And then, of course, right in the middle, so in this case 44 00:03:27,005 --> 00:03:30,455 between the D and the 4 in our MAC address. 45 00:03:30,769 --> 00:03:35,624 If you look up here between the D and the 4 up here at this address, 46 00:03:36,601 --> 00:03:48,056 you insert FFFE to pad the 24 bit MAC address. 47 00:03:48,130 --> 00:03:57,190 Sorry, a 48 bit MAC address. Sorry, up to a 64 bit host portion for IPv6. 48 00:03:57,301 --> 00:04:01,650 This is done automatically, and this is functional. 49 00:04:01,650 --> 00:04:03,473 In fact, just to show you that it works, 50 00:04:03,473 --> 00:04:09,320 we can hop over to Router 6 and say, interface 51 00:04:09,332 --> 00:04:13,819 gigabit 00.36, and say, IPv6 enable. 52 00:04:17,289 --> 00:04:23,420 Say, do show IPv6 interface brief. 53 00:04:24,914 --> 00:04:28,328 It also gets an address, and it's fully functional. 54 00:04:28,328 --> 00:04:33,804 The only problem is it's a little bit crazy of an address 55 00:04:33,804 --> 00:04:35,591 to have to actually try to use. 56 00:04:35,679 --> 00:04:38,473 So, we can copy it, we can go to the other side, 57 00:04:38,473 --> 00:04:43,493 and we can very easily say, do ping, put that address in, 58 00:04:47,296 --> 00:04:53,835 and you get the fun first problem that you have with using link-local addresses. 59 00:04:54,991 --> 00:04:59,225 And if you look at some of the other addresses we have on this router already, 60 00:04:59,225 --> 00:05:03,914 you see here we have a FastEthernet 0/0.344 with an address, 61 00:05:03,914 --> 00:05:05,621 FA0/1 with an address. 62 00:05:05,621 --> 00:05:14,497 And notice, with the link-locals, they all start FE80::/10, as we discussed before. 63 00:05:14,690 --> 00:05:18,703 So the problem is, of course, normally a router looks at 64 00:05:18,703 --> 00:05:22,918 his routing table and says, what interface does this go out? 65 00:05:23,188 --> 00:05:27,424 Well, the problem, of course, here is it doesn't have any idea what 66 00:05:27,424 --> 00:05:29,312 the egress interface should be. 67 00:05:29,843 --> 00:05:34,120 And this is just a formatting thing on the Cisco router, 68 00:05:34,120 --> 00:05:36,885 but this is another little bit of a fun thing. 69 00:05:36,885 --> 00:05:41,153 If you say that the outgoing interface is FA0/0.36, 70 00:05:41,153 --> 00:05:43,944 it will actually yell at you here, and say, 71 00:05:43,944 --> 00:05:46,499 "No, no, no, I want the whole name." 72 00:05:46,608 --> 00:05:53,754 So FastEthernet 0/0.36, and it works. 73 00:05:53,995 --> 00:05:56,664 So our link-local addressing works. 74 00:05:57,666 --> 00:06:01,350 And something else you should note, it'll become important as we 75 00:06:01,350 --> 00:06:06,422 move through some of our other modules coming up later, such as BGP. 76 00:06:06,583 --> 00:06:12,291 I'll show you how to actually use the link-local address to peer 77 00:06:12,291 --> 00:06:14,310 with BGP neighbors and such. 78 00:06:14,409 --> 00:06:18,156 Problem is, soon as you use a link-local address, 79 00:06:18,156 --> 00:06:22,508 like we did right up here, it of course has no idea what the egress 80 00:06:22,508 --> 00:06:25,213 interface should be, as we've already discussed. 81 00:06:25,900 --> 00:06:30,351 So, for a lot of things, if you're going to use link-local, 82 00:06:30,351 --> 00:06:35,124 you need to be able to specify the egress interface on the same line. 83 00:06:35,924 --> 00:06:41,770 And you do this by specifying the interface index number in the IPv6 address. 84 00:06:41,770 --> 00:06:44,648 Different operating systems do this different ways. 85 00:06:44,820 --> 00:06:49,523 If you're on a Windows machine and - just as an example - 86 00:06:49,523 --> 00:06:54,092 and you have not turned off IPv6, but if you're are on that Windows machine 87 00:06:54,092 --> 00:06:59,764 and you look at your ipconfig, you'll find that it's usually something 88 00:06:59,764 --> 00:07:03,186 like a percent 9, something along those lines. 89 00:07:03,704 --> 00:07:07,703 But what I'm talking about here specifically is this part right here. 90 00:07:07,798 --> 00:07:11,396 Really just the part at the end. I mean we're going to use the whole address, 91 00:07:11,665 --> 00:07:15,784 but this tells the router your egress interface, 92 00:07:15,784 --> 00:07:18,652 and Cisco chose to just use the interface name. 93 00:07:18,652 --> 00:07:22,759 So if I were to repeat my ping command, 94 00:07:22,759 --> 00:07:27,692 but this time actually add that to the end of it... 95 00:07:29,810 --> 00:07:34,548 what sometimes confuses people a little bit is it's still 96 00:07:34,548 --> 00:07:39,211 the remote address that I'm trying to contact, but then after the 97 00:07:39,211 --> 00:07:43,424 percent is the local egress interface that I want to go out. 98 00:07:43,979 --> 00:07:49,219 Hit enter, and it just works. It doesn't ask me what the 99 00:07:49,219 --> 00:07:54,552 egress interface is anymore. The other thing to note here, 100 00:07:54,552 --> 00:07:57,774 it's a little bit unfortunate, but I'm sure you probably almost saw 101 00:07:57,774 --> 00:08:02,072 this coming, is it's case sensitive. If I lower that just an E 102 00:08:02,072 --> 00:08:05,441 to a lower case e, it'll tell me "Oh, I have no idea what you're talking about. 103 00:08:05,580 --> 00:08:07,742 I've never heard of that address, 104 00:08:07,742 --> 00:08:09,996 or protocol, or whatever that is you're trying to say." 105 00:08:10,478 --> 00:08:13,407 So that's just a little bit of a gotcha there. 106 00:08:14,146 --> 00:08:16,956 So that's your IPv6 enable. 107 00:08:16,956 --> 00:08:22,482 To wrap it up all you do is you get a standard link-local address 108 00:08:22,706 --> 00:08:26,785 based off the MAC address of the device. 109 00:08:27,343 --> 00:08:34,628 Your next choice, of course, is IPv6 link-local with automatic assignment. 110 00:08:34,628 --> 00:08:40,815 That's what we just looked at, which is where you just do IPv6 enable. 111 00:08:41,074 --> 00:08:44,193 This sort of calls into some of the other stuff I'm going to look at. 112 00:08:44,193 --> 00:08:46,078 So let's move through a couple of these. 113 00:08:46,985 --> 00:08:51,182 When we're talking about automatic or static assignment, this is talking 114 00:08:51,182 --> 00:08:55,718 about pulling a link-local address with how you get your address 115 00:08:55,718 --> 00:08:58,082 with some of the other things coming up later. 116 00:08:58,327 --> 00:09:01,092 So, in some of the upcoming lessons 117 00:09:01,092 --> 00:09:03,686 we will come back and look at this again. 118 00:09:04,654 --> 00:09:08,028 Basically what I'm just trying to get out here is you're going to 119 00:09:08,028 --> 00:09:13,330 get a link-local address no matter how you get your global IPv6 address. 120 00:09:13,330 --> 00:09:17,517 We'll see what happens with this under different scenarios as we 121 00:09:17,517 --> 00:09:20,578 move forward through these lessons. 122 00:09:21,724 --> 00:09:26,414 The next one we're going to look at right now is doing a global address 123 00:09:26,414 --> 00:09:29,920 with EUI-64, and this is sort of going to play back 124 00:09:29,920 --> 00:09:32,401 into these two points above it as well. 125 00:09:34,198 --> 00:09:38,759 In this one I think a lot of people don't understand 100% what happens here. 126 00:09:38,759 --> 00:09:40,430 Let's take a look at it. 127 00:09:40,478 --> 00:09:44,981 First thing I'm going to do is I'm going to say, no ipv6 enable. 128 00:09:44,981 --> 00:09:48,519 Now, we don't have to take this off, but just in light of what I 129 00:09:48,519 --> 00:09:53,341 said earlier, that you don't need it, I just want to show you that 130 00:09:53,341 --> 00:09:55,371 you, in fact, don't need it. 131 00:09:55,876 --> 00:09:59,208 As soon as you're going to go in and start manually doing your own stuff, 132 00:09:59,208 --> 00:10:01,899 then you don't need the IPv6 enable anymore. 133 00:10:01,899 --> 00:10:06,820 That's just sort of a generic way of quickly throwing IPv6 on an interface. 134 00:10:07,249 --> 00:10:10,504 Maybe this is like a link between you and your service provider. 135 00:10:10,504 --> 00:10:13,758 And as I get into some more complex examples later, 136 00:10:13,758 --> 00:10:16,103 I'll probably come back and just use that again. 137 00:10:16,103 --> 00:10:19,372 It can be handy, I don't want anybody to misunderstand what I'm saying. 138 00:10:19,530 --> 00:10:24,901 It's just that you don't need it if you're going to set the address another way. 139 00:10:24,901 --> 00:10:31,860 For example, if I said, do show IPv6 interface brief, right now. 140 00:10:32,146 --> 00:10:38,079 We're back to the 36 not having any address on it at all. 141 00:10:38,079 --> 00:10:41,843 And now I'm going to say, IPv6 address, and I'm going to give it a 142 00:10:41,843 --> 00:10:50,012 global address, 2001DB8:100:36::. 143 00:10:50,187 --> 00:10:55,880 And, normally, of course, in a minute, we'll put the host portion here. 144 00:10:55,880 --> 00:11:00,899 What I'm looking at right now is using an EUI-64 assignment, at which 145 00:11:00,899 --> 00:11:11,606 case you simply say, the mask, and then we're going to say, EUI-64. 146 00:11:12,191 --> 00:11:15,441 Hit Enter, and what you get now, 147 00:11:15,606 --> 00:11:23,493 do show ipv6 interface brief, is you're going to get the link-local address, 148 00:11:23,598 --> 00:11:27,020 because that always comes along. Have to have the link-local. 149 00:11:27,253 --> 00:11:31,993 So we get the link-local address back again, and now it's taking that 150 00:11:31,993 --> 00:11:38,521 same ending host portion based on the MAC address and puts it 151 00:11:38,521 --> 00:11:41,326 after the global address that we put in. 152 00:11:41,810 --> 00:11:45,951 But I think the part where a lot of people get mislead here a little bit 153 00:11:46,115 --> 00:11:52,829 is to say that EUI-64 on the global address pulls its address 154 00:11:52,829 --> 00:11:57,277 from the MAC address on the Cisco router. That's not specifically true. 155 00:11:57,415 --> 00:11:59,384 That's what I'm going to show you right now. 156 00:11:59,384 --> 00:12:04,986 What it actually does is it pulls the address from the client identifier. 157 00:12:05,172 --> 00:12:09,446 The client identifier is pulled from the link-local address. 158 00:12:09,446 --> 00:12:15,192 The link-local address is defaulting to pulling that from the MAC address. 159 00:12:15,304 --> 00:12:19,155 Now, all of that said, I'm sure you can understand how it 160 00:12:19,155 --> 00:12:23,657 becomes very common to say that if you use EUI-64, 161 00:12:23,657 --> 00:12:28,468 that it pulls the host portion from the MAC address. 162 00:12:28,862 --> 00:12:31,515 The problem with that statement is, again, 163 00:12:31,515 --> 00:12:34,296 it's not completely accurate. 164 00:12:34,296 --> 00:12:36,985 It's accurate from a default standpoint. 165 00:12:36,985 --> 00:12:44,559 However, if I were to say, IPv6 address FE80::, 166 00:12:44,559 --> 00:12:47,714 and this is Router 3, so I'll just make it ::3. 167 00:12:47,973 --> 00:12:52,995 And then I said link-local, to manually set the link-local address, 168 00:12:52,995 --> 00:12:56,991 hit enter. Do show ipv6 interface brief. 169 00:12:56,991 --> 00:13:00,641 What we're going to find is that not only did that manually set my 170 00:13:00,641 --> 00:13:09,131 link-local address, it also sets the client address for the global address. 171 00:13:09,680 --> 00:13:12,491 So this is what I'm saying when I say you can't just say 172 00:13:12,491 --> 00:13:17,390 EUI-64 is based off the MAC address, and we'll see this 173 00:13:17,390 --> 00:13:20,410 later when we get to ISATAP tunnels. 174 00:13:20,577 --> 00:13:22,694 It's not based on the MAC address anyway, 175 00:13:22,694 --> 00:13:25,851 it's based on the underlying IPv4 address 176 00:13:25,851 --> 00:13:28,354 of the egress interface for the tunnel. 177 00:13:28,354 --> 00:13:33,280 So, EUI-64 is not always based on the MAC address, 178 00:13:33,481 --> 00:13:38,044 it's actually based on the client ID for most applications. 179 00:13:38,179 --> 00:13:43,093 So we'll, again, build on this more as we go, but this is sort of 180 00:13:43,093 --> 00:13:45,493 an example of what I meant when I was talking about, 181 00:13:45,493 --> 00:13:49,323 you know, if we go back over here to the slides, 182 00:13:49,323 --> 00:13:53,299 this is link-local, and how it behaves and what you can do with 183 00:13:53,299 --> 00:13:56,679 link-local with either an automatic assignment, 184 00:13:56,679 --> 00:13:58,127 which is what we just did. 185 00:13:58,794 --> 00:14:02,285 That's one way of doing automatic, just so we're clear. 186 00:14:02,285 --> 00:14:05,205 EUI-64 is one way of doing that. 187 00:14:05,588 --> 00:14:10,993 Another way, of course, is to say, what happens when there's a static 188 00:14:10,993 --> 00:14:13,137 assignment to the link-local address? 189 00:14:13,286 --> 00:14:17,181 So that's EUI-64. Let me hop back over to Router 3 here. 190 00:14:17,181 --> 00:14:19,441 Now we're going to do it a little bit different. 191 00:14:19,441 --> 00:14:28,380 I'm going to say, no IPv6 address FE80::3 link-local. 192 00:14:38,072 --> 00:14:43,095 And when we look back at it it'll be back to the MAC-based address thing again. 193 00:14:43,505 --> 00:14:48,255 And now what I'm going to do is I'm going to hard code a real global address. 194 00:14:48,255 --> 00:14:52,492 So we're just going to go back up to where we said EUI-64. 195 00:14:52,931 --> 00:14:55,172 First thing we need to do is take that off. 196 00:14:55,172 --> 00:14:59,969 In fact, you know what, before I do, let's look at another interesting problem. 197 00:15:03,479 --> 00:15:06,052 I'm going to actually hardcode it in an address. 198 00:15:10,836 --> 00:15:13,533 I believe I mentioned this in a previous lesson, 199 00:15:13,533 --> 00:15:17,403 but you really have to be careful with IPv6 since it does support 200 00:15:17,403 --> 00:15:19,779 multiple addresses on an interface. 201 00:15:20,044 --> 00:15:25,942 You can see here what I end up with is my client ID based address, 202 00:15:26,130 --> 00:15:31,579 which of course is this one, and the one I just manually typed in. 203 00:15:31,579 --> 00:15:35,546 And again, there's nothing fundamentally wrong with that, unless, 204 00:15:35,546 --> 00:15:39,423 of course, that wasn't your intention to end up with both addresses. 205 00:15:39,423 --> 00:15:42,798 And if that's the case, you have to go back up to the address that we 206 00:15:42,798 --> 00:15:47,212 did with EUI-64 and take it off. 207 00:15:53,271 --> 00:15:54,779 There we go. 208 00:15:56,694 --> 00:16:00,387 And this goes back to - and we'll wrap up with this - 209 00:16:00,559 --> 00:16:07,325 this is a static address assignment. So this was our last point over here. 210 00:16:07,325 --> 00:16:11,935 I didn't bring it up there, but this is an IPv6 global address using 211 00:16:11,935 --> 00:16:16,625 a static assignment. So it is going to manually put in our global address, 212 00:16:16,625 --> 00:16:21,913 like such, and the default behavior-- see, this doesn't go both ways 213 00:16:21,913 --> 00:16:23,871 like where we're looking at a minute ago. 214 00:16:24,128 --> 00:16:30,379 If you manually set the link-local, that will change the global address 215 00:16:30,379 --> 00:16:34,818 used for any form of automatic assignment. 216 00:16:35,032 --> 00:16:38,998 In the next section we're going move into some other ways of assigning 217 00:16:38,998 --> 00:16:43,834 an address, and what we'll see there is we can 218 00:16:43,834 --> 00:16:46,323 control this through link-local as well. 219 00:16:46,323 --> 00:16:52,059 But if you manually set the global address or statically set to global, 220 00:16:52,059 --> 00:16:55,278 that does not affect the link-local. 221 00:16:55,278 --> 00:16:58,960 Now, since we used the link-local for so much in IPv6, 222 00:16:58,960 --> 00:17:02,904 just to leave you with a recommendation here, I would say, 223 00:17:02,904 --> 00:17:08,202 ipv6 address fe80::3 link-local. 224 00:17:15,099 --> 00:17:20,050 And then what you end up with is both of your addresses manually 225 00:17:20,050 --> 00:17:22,033 set the way you want them. 226 00:17:22,300 --> 00:17:28,091 That's how I would do it if I was going to do manual address configuration. 227 00:17:28,091 --> 00:17:31,940 And we are going to leave Router 3 this way for now. 228 00:17:32,099 --> 00:17:36,991 [music]