服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 当没有IPv6地址的VLAN时,Cisco 3560G不通过IPv6 RA
Intereting Posts
VirtualHost不使用正确的SSL证书文件 虚拟界面与keepalived冲突? 如何使用Amazon Cognito作为SSO OpenID身份提供商 find写入/ var / tmp的脚本 如何监视IIS应用程序池并警告任何停机时间? 从控制台激活SharePointpipe理中心 脚本来禁用Vista下的Windows防火墙 Mysql在cron上select查询不生成结果,但通过terminal可以 在2个绑定的VPN通道上的绑定性能差 鱿鱼相当于Windows? configurationProxyPass忽略斜线后的所有内容 麻烦扩展CentOS 5 VM上的磁盘空间 如何编写一个陷阱SIGTERM的bash脚本,并立即杀死进程和所有subprocess 在戴尔R410中安装2x16GB + 2x8GB RAM? 如何在linux中生成netflow数据

当没有IPv6地址的VLAN时,Cisco 3560G不通过IPv6 RA

问题:

在启用了L3的交换机上使用没有IPv6地址的VLAN时,除非将VLAN地址分配给VLAN,否则没有RA通过VLAN。 但是,静态分配是可以到达的。 

Switch(config)#interface Vlan 3 no ipv6 address autoconfig # RA from mikrotik not working ipv6 address autoconfig # RA from mikrotik suddenly starts working no ipv6 address autoconfig # IPMI immediately losts SLAAC IPv6 address and become unresponsive

拓扑结构:

– >上行链路 – >思科(L3路由到VLAN) – >服务器

在上行链路(vlan 1)上,我收到通过单个/ 64路由的非路由/ 27 IPv4和/ 48 IPv6路由。 因此,思科将IPv6路由到VLAN,其中每个VLAN被分配唯一/ 64范围并启用RA。 每个需要IPv4的人都被分配第二个端口(模式访问+ vlan 1)。

然而,VLAN 3是特殊的,因为它是通过mikrotik(防火墙)委托的,然后同一个cisco被用作L2交换机(访问vlan 3)。 在这种情况下,stream量通过思科两次。

– >上行链路 – >思科 – >(Gi0 / 2 VLAN 2 – > ether1)Mikrotik(ether2 – > Gi0 / 3 VLAN 3) – > Cisco – > IPMI

IPMI然后连接到VLAN 3,委托的IPv6有望通过mikrotik进行pipe理。

当我们直接将IPMI连接到mikrotik时,它没有任何问题。

显示版本 

 Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 52 WS-C3560G-48TS 15.0(2)SE4 C3560-IPSERVICESK9-M

显示运行configuration 

 version 15.0 ipv6 unicast-routing interface GigabitEthernet0/1 # uplink port ! interface GigabitEthernet0/2 # ether1 to mikrotik switchport access vlan 2 switchport mode access ! interface GigabitEthernet0/3 # ether2 from mikrotik, which manages IPv6 RA switchport access vlan 3 switchport mode access ! .... interface GigabitEthernet0/27 # Example of server uplink switchport access vlan 10 switchport mode access ! interface GigabitEthernet0/28 # Example of IPMI uplink switchport access vlan 3 switchport mode access ! interface GigabitEthernet0/41 # Example of port with IPv4 switchport access vlan 1 switchport mode access ! ... interface Vlan1 # Uplink VLAN no ip address ipv6 address fc00:0:0:ffff::1/64 ipv6 nd ra suppress all ! interface Vlan2 # Mikrotik prefix delegation network no ip address ipv6 address fc00:0:0:1::1/64 ipv6 nd ra suppress all ! interface Vlan3 # IPMI VLAN - IP addresses are managed by mikrotik no ip address ! interface Vlan10 # VLAN for servers no ip address ipv6 address fc00:0:0:10::1/64 ipv6 nd managed-config-flag ipv6 nd other-config-flag ipv6 dhcp relay destination ....... ! ... ipv6 route fc00:0:0:3::/64 fc00:0:0:1::2 # Prefix delegation to mikrotik ipv6 route ::/0 fc00:ffff::2 ipv6 address autoconfig

显示sdm偏好 

 The current template is "desktop IPv4 and IPv6 routing" template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unicast mac addresses: 1.5K number of IPv4 IGMP groups + multicast routes: 1K number of IPv4 unicast routes: 2.75K number of directly-connected IPv4 hosts: 1.5K number of indirect IPv4 routes: 1.25K number of IPv6 multicast groups: 1.125k number of directly-connected IPv6 addresses: 1.5K number of indirect IPv6 unicast routes: 1.25K number of IPv4 policy based routing aces: 0.25K number of IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: 0.5K number of IPv6 policy based routing aces: 0.25K number of IPv6 qos aces: 0.625k number of IPv6 security aces: 0.5K

通过升级到IOS 15.0(2)SE10(c3560-ipservicesk9-mz.150-2.SE4)来修复。 地狱,花了整整一天的时间来debugging这个问题。