ICND2 200-105

ICND2 200-105

Path, Gateway, Name Resolution and ACL issues in IPv6

Let's move up the OSI model and start at thinking layer 3 - the layer 3 path that means routing.

Default Gateway

I want you thinking now. How does a v6 client get its default gateway? How does it get its default gateway? I want you to give me two ways. Really for me, I'm thinking three ways. Alright, it could be statically configured, could be by an administrator. It could be provided via Dynamic Host Configuration Protocol, or DHCP server for IP version 6. That's called DHCPv6. And the third way would be an autoconfiguration method.

Stateless autoconfiguration, do you remember that when you've seen a discussion of IPv6? If you don't, it's basically a router advertisement saying, hey, I'm going to let you know who I am and what subnet you're on. And you can solicit this when you come online. This is a great functionality. So there are three ways then you can obtain the default gateway in an IPv6 environment.

Name Resolution

How do you learn your name resolvers in v4, v6? If you're on a client, how do you look for your name resolvers? What command? I'm at the command prompt, I did CMD.exe, I'm at the command prompt now on Windows 7, 8 whatever that may be, how do you find what the name resolvers are?

Well you could type in ipconfig /all. That will tell you the addresses of your name resolvers or DNS servers. And then I'm going to ping them and if I can ping them, I'm probably not having a name resolution issue that I can resolve. The servers might be having a problem at that point. But very often, we'll have an IP address but not the means of reaching our name resolution servers. So in that case we want to make sure that we restore the layer 3 path to them or maybe point to different name resolvers if we don't believe that we can get that set up or if there's a fundamental problem with that.

Just like in our IP version 4 discussion, we modify our host file. Why? We don't have a DNS server in our topology, just modify that host file. Here's an example, throw in the IPv6 address of our server, provide its name. In this case, we call it Server6 for IP version 6. But then let's ping. Let's see if we have successful name resolution through the ping command.

Hosts File Record for IPv6 Address

So name resolution worked here using that host file. But as we mentioned in our IP version 4 discussion, DNS servers all the way. That's really what we want to use in our production environments. We don't want to be messing around with hosts files.

ACLs in IPv6

Our knowledge of access control lists that we discussed previously all applies to v6. So let's revisit ACLs but with that different slant on it, the v6 slant.

I don't want to bore you to tears with this one, because really this is the same discussion, right. We have a situation where it looks like they're only allowing ICMP and telnet isn't getting through.

IPv6 ACLs Troubleshooting

That's exactly the same scenario we had before, but, but what's the difference between IPv4 and IPv6 on this screen alone? The command, that's it folks. You want to verify your access list for IPv6, show ipv6 access-list and that'll show you all your access list. If you want to look at specific one, show ipv6 access-list - the name or number attached to it.

When I personally look for access lists and if they are applied to interfaces, I look at the running config. You can see it in a show IP or show IPv6 interface output, it's perfectly good way to look at it. But it's in fact, I think, a lot more straightforward to look at it as it lives in the running config.

When creating an IPv6 access list we don't have the distinction really between standard and extended now either, which is good. And the beauty is, in that command that is, that in fact is, the exact same command. I mean it's almost strange, that's not any different when we're adding that specific telnet permit statement.

So once we're in the configuration mode, everything is the same folks. Don't be scared of IPv6 access list; if you know IPv4 access list, you just use a different command to get into the configuration mode.

And our interpretation is the same. By the way, I usually do show access lists and when you do that, it would show your IPv4 and show IPv6 access lists at the same time. But when we interpret this, we're not going to be struck by anything that is earth shattering here. The suffer may be the fact that they've rearranged the sequence numbers in the match parenthetical, okay, otherwise it's the same beast.