Vlan – IPv6 DHCP Server vs Router

dhcpdhcpv6ipv6vlan

I am setting up a testing environment for dualstack.

I currently have a server (Windows 2008 R2), 2 switches and a router installed and configured. The server is the Primary Domain Controller and it has the DHCP role installed.

I am using VLANs to separate the computers from each other. Now I am stuck on a problem and I can't seem to figure it out, so I really hope you guys can help me!

I created both IPv4 and IPv6 Scopes on the server. On the router I have my sub-interfaces for the use of the VLANs and IPv4 works fine.

I seem to be having a problem with IPv6. I gave my NIC a static IPv6 address, in this case 2001:db8:a:1::10. I also created multiple scopes (to use the VLANs).

The configuration of two interfaces on my router is:
Configuration Router

The IP's that are given to the computers who are connected on the default VLAN (DEFAULT) receive the IPv6 addresses from the DHCP server. But the ones that are connected with the other VLANs receive an IP address from the router without me creating a DHCP pool (NOTE: they receive an IP address in the range of the IP that I gave to the sub-interfaces).

I want this not to happen and make it that they get the IP addresses from the Scope on the DHCP server (and so they show up in the lease).

Any help would be greatly appreciated!

Best Answer

IPv6 has more options for configuring addresses than IPv4. The process works as follows:

  1. A new client joins the network and sends a Router Solicitation (RS)
  2. Each router (can be multiple) sends a Router Advertisement (RA)
    • This happens both on request (when receiving an RS) as well as periodically
  3. The RA contains a lot of information on how the network is run:
    • If the router sending the RA can be a default gateway, and for how long
    • Telling clients if there is a stateless (not giving out addresses, only providing extra information like DNS settings) DHCPv6 server on the network (the O=other flag)
    • Telling clients if there is a stateful (like in IPv4) DHCPv6 server on the network (the M=managed flag)
    • Telling clients about the prefixes in use on the network
      • For each prefix: tell the clients if they can auto-configure an address by themselves (the A=autoconf flag)
    • And possibly lots of other stuff

If you want to run a fully managed network where the DHCPv6 server manages all the addresses (and please think why you want this before choosing it, if you don't use the information in the DHCPv6 server then letting clients configure their own addresses is much easier) then the router has to turn off the A (autoconf) flag for every prefix it announces and turn on the M (managed) flag so that clients know that they are not allowed to choose their own addresses but that there is a DHCPv6 server available to help them.

This is how to do that on a Cisco router:

; Go to the interface configuration
interface FastEthernet0/0
  ; Tell clients that auto configuration is not allowed
  ; This changes the default parameters.
  ; You have to specify the timers, so I use the standard values
  ipv6 nd prefix default 2592000 604800 no-autoconfig
  ;
  ; Tell the clients that there is a stateful DHCPv6 server available
  ipv6 nd managed-config-flag

; Repeat this for every (sub)interface where you want to force clients to use DHCPv6.

Also note: You need those RA packets. DHCPv6 only provides information, and optionally addresses. It does not provide a default gateway. That is done using RA. The idea here is that routers usually have better information on routing and gateways than DHCP servers, with the added benefit that you can have multiple routers on one subnet acting as default gateways with clients load balancing between them etc.

Related Topic