Pruebas con DHCP en IPv6
Fecha: 21 de noviembre Clase: CCNA2 R&S, módulo 10
Otras pruebas fueron realizadas el 24/11 y clases posteriores, dentro de las pruebas de este documento podemos listar:
1.- Pruebas de Packet Tracer
2.- Pruebas con equipos reales sin estado (SLAAC)
3.- Pruebas con equipos reales con estado
4.- Pruebas con un server Windows 2008 ofreciendo DHCPv6
5.- Pruebas con un server Windows 2008 y relay DHCPv6
Escenario
1.- Pruebas con Packet Tracer
1.1.- Pruebas con autoconfiguración
Cisco1941(config)#ipv6 unicast-routing
Cisco1941(config)#interface GigabitEthernet0/1
Cisco1941(config-if)#ipv6 add 2340:1234:abcd:1::1/64
Cisco1941(config-if)#end
Cisco1941#
1.2.- Pruebas con DHCPv6 con estado
Cisco1941(config)#ipv6 unicast-routing
Cisco1941(config)#ipv6 dhcp pool DHCPv6
Cisco1941(config-dhcp)# dns-server 2340:8:8:8::8
Cisco1941(config-dhcp)#domain-name aula7b.com
Cisco1941(dhcp-config)#? (no aparece la opción address, por lo tanto no se puede continuar)
dns-server DNS servers
domain-name Domain name to complete unqualified host names
exit Exit from DHCPv6 configuration mode
no Negate a command or set its defaults
prefix-delegation IPv6 prefix delegation
Cisco1941(config-dhcp)#exit
Cisco1941(config)#interface GigabitEthernet0/1
Cisco1941(config-if)#ipv6 add 2340:1234:abcd:1::1/64
Cisco1941(config-if)#ipv6 dhcp server DHCPv6
Cisco1941(config-if)#end
2.- Pruebas con equipos reales
2.1.- Pruebas con autoconfig
Cisco1941#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco1941(config)#ipv6 unicast-routing (habilita el RA: router advertisement)
Cisco1941(config)#int fa0/1
Cisco1941(config-if)#ipv6 add 2340:1234:abcd:1::1/64
Cisco1941(config-if)#end
2.2.- Verificación en la PC
C:\>ipconfig
Adaptador Ethernet Intel on board :
Sufijo de conexión específica DNS :
Dirección IP. . . . . . . . . . . : 2340:1234:abcd:1:21b:38ff:fe7e:f171 (utiliza EUI-64, la MAC es 00:1b:38:7e:f1:71 )
Dirección IP. . . . . . . . . . . : fe80::21b:38ff:fe7e:f171%8
Puerta de enlace predeterminada : fe80::32e4:dbff:fe53:2b21%8
C:\>
2.3.- Resultado de las capturas de paquetes
Frame 1: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0 (antes de conectar la PC a la red)
Ethernet II, Src: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21), Dst: 33:33:00:00:00:01 (33:33:00:00:00:01)(multicast)
Internet Protocol Version 6, Src: fe80::32e4:dbff:fe53:2b21 (fe80::32e4:dbff:fe53:2b21), Dst: ff02::1 (ff02::1)
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xccaf [correct]
Cur hop limit: 64
Flags: 0x00
0... .... = Managed address configuration: Not set
.0.. .... = Other configuration: Not set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 30:e4:db:53:2b:21)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21)
ICMPv6 Option (MTU : 1500)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1500
ICMPv6 Option (Prefix information : 2340:1234:abcd:1::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0
Valid Lifetime: 2592000
Preferred Lifetime: 604800
Reserved
Prefix: 2340:1234:abcd:1:: (2340:1234:abcd:1::)
Frame 2: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0 (se conecta la PC y genera la solicitud)
Ethernet II, Src: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 33:33:00:00:00:02 (33:33:00:00:00:02) (multicast)
Internet Protocol Version 6, Src: :: (::), Dst: ff02::2 (ff02::2)
Internet Control Message Protocol v6
Type: Router Solicitation (133)
Code: 0
Checksum: 0x7bb8 [correct]
Reserved: 00000000
Frame 3: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0(trama similar a la trama #1)
Ethernet II, Src: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21), Dst: 33:33:00:00:00:01 (33:33:00:00:00:01) (multicast)
Internet Protocol Version 6, Src: fe80::32e4:dbff:fe53:2b21 (fe80::32e4:dbff:fe53:2b21), Dst: ff02::1 (ff02::1)
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xccaf [correct]
Cur hop limit: 64
Flags: 0x00
0... .... = Managed address configuration: Not set (significa que trabaja en el modo SLAAC)
.0.. .... = Other configuration: Not set (significa que trabaja en el modo SLAAC)
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 30:e4:db:53:2b:21)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21)
ICMPv6 Option (MTU : 1500)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1500
ICMPv6 Option (Prefix information : 2340:1234:abcd:1::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0
Valid Lifetime: 2592000
Preferred Lifetime: 604800
Reserved
Prefix: 2340:1234:abcd:1:: (2340:1234:abcd:1::)
Frame 4: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0
Ethernet II, Src: 00:1b:38:7e:f1:71 (00:1b:38:7e:f1:71), Dst: 33:33:ff:7e:f1:71 (multicast de verificación a su propia dirección IPv6,
Internet Protocol Version 6, Src: :: (::), Dst: ff02::1:ff7e:f171 (ff02::1:ff7e:f171) este mecanismo se llama DAD, duplicated address
Internet Control Message Protocol v6 detection)
Type: Neighbor Solicitation (135)
Code: 0
Checksum: 0x7c6a [correct]
Reserved: 00000000
Target Address: 2340:1234:abcd:1:21b:38ff:fe7e:f171 (2340:1234:abcd:1:21b:38ff:fe7e:f171)
3.- Pruebas con DHCPv6 con estado
En este caso, el mensaje RA (Router Advertisement) le informa al cliente que no utilice la información contenida en el mensaje RA.
Toda la información de direccionamiento y de configuración debe obtenerse de un servidor de DHCPv6 con estado.
Esto se conoce como DHCPv6 con estado, debido a que el servidor de DHCPv6 mantiene información de estado de IPv6.
El indicador M señala si se debe utilizar DHCPv6 con estado o no. El indicador O no interviene.
El siguiente comando se utiliza para cambiar el indicador M de 0 a 1 para indicar DHCPv6 con estado:
Router(config-if)# ipv6 nd managed-config-flag
3.1.- Configuración en el router
Cisco1941(config)#ipv6 unicast-routing
Cisco1941(config)#int fa0/1
Cisco1941(config-if)#ipv6 add 2340:1234:abcd:1::1/64
Cisco1941(config-if)#ipv6 dhcp server DHCPv6
Cisco1941(config-if)#ipv6 nd managed-config-flag
Cisco1941(config-if)#exit
Cisco1941(config)#ipv6 dhcp pool DHCPv6
Cisco1941(config-dhcpv6)#address prefix 2340:1234:abcd:1::/64 (este comando no está en Packet Tracer)
Cisco1941(config-dhcpv6)#dns-server 2340:8:8:8::8
Cisco1941(config-dhcpv6)#end
Cisco1941#sh ipv6 dhcp pool
DHCPv6 pool: DHCPv6
Address allocation prefix: 2340:1234:ABCD:1::/64 valid 172800 preferred 86400 (6 in use, 0 conflicts)
DNS server: 2340:8:8:8::8
Active clients: 6
Cisco1941#
3.2.- Verificación en la PC
3.3.- Verificación en el router
Cisco1941#sh ipv6 dhcp binding
Client: FE80::6111:2E26:11B4:CB8 (cliente 1, la PC con Wireshark)
DUID: 000100011ABE506254BEF757F30F
Username : unassigned
IA NA: IA ID 0x0E54BEF7, T1 43200, T2 69120
Address: 2340:1234:ABCD:1:D9F8:AFF2:535D:AF4
preferred lifetime 86400, valid lifetime 172800
expires at Nov 21 2014 01:21 PM (172618 seconds)
Client: FE80::8D62:50FE:5807:140B (cliente 2)
DUID: 000100011ABE68C454BEF757EDE4
Username : unassigned
IA NA: IA ID 0x0E54BEF7, T1 43200, T2 69120
Address: 2340:1234:ABCD:1:7C6E:ED7A:B2D:A7B0
preferred lifetime 86400, valid lifetime 172800
expires at Nov 21 2014 01:18 PM (172485 seconds)
Client: FE80::91AE:DF34:3271:3FA8 (cliente 3)
DUID: 000100011BF7D57754BEF757F0C9
Username : unassigned
IA NA: IA ID 0x0E54BEF7, T1 43200, T2 69120
Address: 2340:1234:ABCD:1:D85E:8CF4:93F:B8F5
preferred lifetime 86400, valid lifetime 172800
expires at Nov 21 2014 01:15 PM (172286 seconds)
Client: FE80::795E:9200:8E98:D0D4 (cliente 4)
DUID: 000100011ABE570054BEF757F280
Username : unassigned
IA NA: IA ID 0x0E54BEF7, T1 43200, T2 69120
Address: 2340:1234:ABCD:1:58B6:C8BE:C35F:C4EB
preferred lifetime 86400, valid lifetime 172800
expires at Nov 21 2014 01:18 PM (172457 seconds)
Client: FE80::E042:C20B:B277:C24D (cliente 5)
DUID: 000100011ABFB40354BEF757F2A9
Username : unassigned
IA NA: IA ID 0x0E54BEF7, T1 43200, T2 69120
Address: 2340:1234:ABCD:1:8D2C:5936:DA39:CDA9
preferred lifetime 86400, valid lifetime 172800
expires at Nov 21 2014 01:17 PM (172385 seconds)
Client: FE80::6D1A:FF6A:8985:E62C (cliente 6)
DUID: 000100011ABCC45B54BEF757EFFB
Username : unassigned
IA NA: IA ID 0x0E54BEF7, T1 43200, T2 69120
Address: 2340:1234:ABCD:1:ADA5:565:4852:473B
preferred lifetime 86400, valid lifetime 172800
expires at Nov 21 2014 01:14 PM (172239 seconds)
Cisco1941#
3.4.- Resultado de la captura de Wireshark
Frame 1: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0 (no aparece en la imagen de WireShark)
Ethernet II, Src: 54:be:f7:57:f3:0f (54:be:f7:57:f3:0f), Dst: 33:33:00:01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::6111:2e26:11b4:cb8 (fe80::6111:2e26:11b4:cb8), Dst: ff02::1:2 (ff02::1:2)(multicast)
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xcc2f [correct]
Cur hop limit: 64
Flags: 0x80
1... .... = Managed address configuration: Set (indica que es servidor DHCPv6)
.0.. .... = Other configuration: Not set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 54:be:f7:57:f3:0f)
ICMPv6 Option (MTU : 1500)
ICMPv6 Option (Prefix information : 2340:1234:abcd:1::/64)
Frame 1: 147 bytes on wire (1176 bits), 147 bytes captured (1176 bits) on interface 0
Ethernet II, Src: 54:be:f7:57:f3:0f (54:be:f7:57:f3:0f), Dst: 33:33:00:01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::6111:2e26:11b4:cb8 (fe80::6111:2e26:11b4:cb8), Dst: ff02::1:2 (ff02::1:2)(multicast)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547)
DHCPv6
Message type: Solicit (1)
Transaction ID: 0x550598
Elapsed time
Client Identifier: 000100011abe506254bef757f30f
Identity Association for Non-temporary Address
Fully Qualified Domain Name
Vendor Class
Option Request
Frame 2: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) on interface 0
Ethernet II, Src: 00:1d:e6:08:4b:4f (00:1d:e6:08:4b:4f), Dst: 54:be:f7:57:f3:0f (54:be:f7:57:f3:0f)
Internet Protocol Version 6, Src: fe80::21d:e6ff:fe08:4b4f (fe80::21d:e6ff:fe08:4b4f), Dst: fe80::6111:2e26:11b4:cb8 (fe80::6111:2e26:11b4:cb8)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546)
DHCPv6
Message type: Advertise (2)
Transaction ID: 0x550598
Server Identifier: 00030001001de6084b4e
Client Identifier: 000100011abe506254bef757f30f
Identity Association for Non-temporary Address
DNS recursive name server
Frame 3: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits) on interface 0
Ethernet II, Src: 54:be:f7:57:f3:0f (54:be:f7:57:f3:0f), Dst: 33:33:00:01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::6111:2e26:11b4:cb8 (fe80::6111:2e26:11b4:cb8), Dst: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547)
DHCPv6
Message type: Request (3)
Transaction ID: 0x550598
Elapsed time
Client Identifier: 000100011abe506254bef757f30f
---resumido---
Frame 4: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) on interface 0
Ethernet II, Src: 00:1d:e6:08:4b:4f (00:1d:e6:08:4b:4f), Dst: 54:be:f7:57:f3:0f (54:be:f7:57:f3:0f)
Internet Protocol Version 6, Src: fe80::21d:e6ff:fe08:4b4f (fe80::21d:e6ff:fe08:4b4f), Dst: fe80::6111:2e26:11b4:cb8 (fe80::6111:2e26:11b4:cb8)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546)
DHCPv6
Message type: Reply (7)
Transaction ID: 0x550598
Server Identifier: 00030001001de6084b4e
Client Identifier: 000100011abe506254bef757f30f
Identity Association for Non-temporary Address
DNS recursive name server
4.- Pruebas con un server DHCPv6 basado en Windows 2008
Estas pruebas se realizaron fuera de clase, en mi laboratorio particular como complemento a lo ofrecido en la currícula.
4.1.- Configuración del router
Cisco1941(config)#ipv6 unicast-routing
Cisco1941(config)#int gi0/1
Cisco1941(config-if)#ipv6 address 2340:1234:abcd:1::1/64
Cisco1941(config-if)#ipv6 nd managed-config-flag (activa en 1 el bit de Managed address configuration y evita el SLAAC)
Cisco1941(config-if)#^Z
Cisco1941#
4.2.- Configuración del servidor
4.3.- Prueba desde un PC
4.4.- Verificación en el server
4.5.- Tráfico involucrado
5.- Pruebas de relay DHCPv6
Se agrega un segundo scope al server (ver imagen anterior), y una segunda interface al router.
5.1.- Configuración del router
Cisco1941(config)#int gi0/0
Cisco1941(config-if)#ipv6 add 2340:1234:abcd:2::1/64
Cisco1941(config-if)#ipv6 dhcp relay destination 2340:1234:abcd:1::10
Cisco1941(config-if)#ipv6 nd managed-config-flag
Cisco1941(config-if)#^Z
Cisco1941#
5.2.- Verificación
Cisco1941#sh ipv6 int bri (verificación)
GigabitEthernet0/0 [up/up]
FE80::32E4:DBFF:FE53:2B20
2340:1234:ABCD:2::1
GigabitEthernet0/1 [up/up]
FE80::32E4:DBFF:FE53:2B21
2340:1234:ABCD:1::1
Serial0/0/0 [down/down]
unassigned
Serial0/0/1 [up/up]
unassigned
Serial0/0/2 [administratively down/down]
unassigned
Serial0/0/3 [administratively down/down]
unassigned
Cisco1941#
Cisco1941#sh ipv6 dhcp interface (verificación del relay DHCPv6)
GigabitEthernet0/0 is in relay mode
Relay destinations:
2340:1234:ABCD:1::10 via GigabitEthernet0/1
Cisco1941#
5.3.- Prueba desde un PC
5.4.- Verificación en el server
5.5.- Tráfico involucrado
Frame 1: 203 bytes on wire (1624 bits), 203 bytes captured (1624 bits)
Ethernet II, Src: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21), Dst: 00:1e:8c:1e:24:f7 (00:1e:8c:1e:24:f7)
Internet Protocol Version 6, Src: 2340:1234:abcd:1::1 (2340:1234:abcd:1::1), Dst: 2340:1234:abcd:1::10 (2340:1234:abcd:1::10)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 547 (547)
DHCPv6
Message type: Relay-forw (12)
Hopcount: 0
Link address: 2340:1234:abcd:2::1 (2340:1234:abcd:2::1)
Peer address: fe80::dcdb:1771:9274:e42 (fe80::dcdb:1771:9274:e42)
Relay Message
Option: Relay Message (9)
Length: 95
Value: 015bb79c0008000200000001000e0001000113da000e0003...
DHCPv6
Message type: Solicit (1)
Transaction ID: 0x5bb79c
---resumido---
Frame 4: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits)
Ethernet II, Src: 00:1e:8c:1e:24:f7 (00:1e:8c:1e:24:f7), Dst: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21)
Internet Protocol Version 6, Src: 2340:1234:abcd:1::10 (2340:1234:abcd:1::10), Dst: 2340:1234:abcd:1::1 (2340:1234:abcd:1::1)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 547 (547)
DHCPv6
Message type: Relay-reply (13)
Hopcount: 0
Link address: 2340:1234:abcd:2::1 (2340:1234:abcd:2::1)
Peer address: fe80::dcdb:1771:9274:e42 (fe80::dcdb:1771:9274:e42)
Interface-Id
Option: Interface-Id (18)
Length: 4
Value: 00000002
Interface-ID:
Relay Message
Option: Relay Message (9)
Length: 105
Value: 025bb79c0002000e000100011c04fdb7001e8c1e24f70001...
DHCPv6
Message type: Advertise (2)
Transaction ID: 0x5bb79c
---resumido---
IA Address: 2340:1234:abcd:2:d533:3f05:e0f:1260
Option: IA Address (5)
Length: 24
Value: 23401234abcd0002d5333f050e0f1260000a8c00000fd200
IPv6 address: 2340:1234:abcd:2:d533:3f05:e0f:1260
Preferred lifetime: 691200
Valid lifetime: 1036800
---resumido---
Frame 5: 249 bytes on wire (1992 bits), 249 bytes captured (1992 bits)
Ethernet II, Src: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21), Dst: 00:1e:8c:1e:24:f7 (00:1e:8c:1e:24:f7)
Internet Protocol Version 6, Src: 2340:1234:abcd:1::1 (2340:1234:abcd:1::1), Dst: 2340:1234:abcd:1::10 (2340:1234:abcd:1::10)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 547 (547)
DHCPv6
Message type: Relay-forw (12)
Hopcount: 0
Link address: 2340:1234:abcd:2::1 (2340:1234:abcd:2::1)
Peer address: fe80::dcdb:1771:9274:e42 (fe80::dcdb:1771:9274:e42)
Relay Message
Option: Relay Message (9)
Length: 141
Value: 035bb79c0008000200000001000e0001000113da000e0003...
DHCPv6
Message type: Request (3)
Transaction ID: 0x5bb79c
---resumido---
Frame 6: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits)
Ethernet II, Src: 00:1e:8c:1e:24:f7 (00:1e:8c:1e:24:f7), Dst: 30:e4:db:53:2b:21 (30:e4:db:53:2b:21)
Internet Protocol Version 6, Src: 2340:1234:abcd:1::10 (2340:1234:abcd:1::10), Dst: 2340:1234:abcd:1::1 (2340:1234:abcd:1::1)
User Datagram Protocol, Src Port: 547 (547), Dst Port: 547 (547)
DHCPv6
Message type: Relay-reply (13)
Hopcount: 0
Link address: 2340:1234:abcd:2::1 (2340:1234:abcd:2::1)
Peer address: fe80::dcdb:1771:9274:e42 (fe80::dcdb:1771:9274:e42)
Interface-Id
Option: Interface-Id (18)
Length: 4
Value: 00000002
Interface-ID:
Relay Message
Option: Relay Message (9)
Length: 105
Value: 075bb79c0002000e000100011c04fdb7001e8c1e24f70001...
DHCPv6
Message type: Reply (7)
Transaction ID: 0x5bb79c
---resumido---
(2014) Sensei, my mind have a IPv6 address ?
Rosario, Argentina