== Device Configuration (Dual Stack/IPv6) == As our network is working well in IPv4 mode lets enable dual stack. This is very easy as its only configuring the interface IP addresses and IPv6 routing. [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/ipv6v6config/IPv6.jpg)]] You can refer the following [=#point1 table] for assign Interface IPv6 addresses. In the following IPv6 addresses replace the '''PQRT''' segment with the IPv6 block assign to you. You can find your IP block from [wiki:2017Ipv6ipallocation here]. {{{#!th VLAN }}} {{{#!th VLAN Name }}} {{{#!th Device Name }}} {{{#!th VLAN Interface IPnsrc dynagen recovery }}} |---------------- {{{#!td rowspan=3 align=justify 2 }}} {{{#!td rowspan=3 align=justify Core }}} {{{#!td !CampusCore }}} {{{#!td 2401:dd00:PQRT:2::1/64 }}} |--------------- {{{#!td FacACore }}} {{{#!td 2401:dd00:PQRT:2::2/64 }}} |---------------- {{{#!td FacBCore }}} {{{#!td 2401:dd00:PQRT:2::3/64 }}} |---------------- {{{#!td rowspan=2 align=justify 10 }}} {{{#!td rowspan=2 align=justify Dept1 }}} {{{#!td FacACore }}} {{{#!td 2401:dd00:PQRT:A110::FFFF/64 }}} |--------------- {{{#!td Dept1PC }}} {{{#!td no interface IP }}} |---------------- {{{#!td rowspan=2 align=justify 20 }}} {{{#!td rowspan=2 align=justify Dept2 }}} {{{#!td FacBCore }}} {{{#!td 2401:dd00:PQRT:B220::FFFF/64 }}} |--------------- {{{#!td Dept2PC }}} {{{#!td no interface IP }}} |---------------- {{{#!td align=justify 255 }}} {{{#!td align=justify Router !Connection/Public IP }}} {{{#!td !CampusCore }}} {{{#!td 2401:dd00:PQRT::FFFE/64 }}} |--------------- === Initial Configurations === As we have done most of our configurations before setting up IPv4, Only configuration left is adding IPv6 DNS. Use the following command in all Core Devices and the Router (No need to add this in Dept1Sw & Dept2Sw) {{{ ip name-server 2401:DD00:1::161 }}} === Core Network Layer === First Configure the !CampusCore with IPv6 addresses and then move in to FacACore and FacBCore. ==== !CampusCore ==== - Login to !CampusCore device. Give your console port password (class password) - Go to config mode from user mode. Give your enable password (class password) - Assign the IPv6 Address to the VLAN interface {{{ CampusCore(config)#interface vlan 2 CampusCore(config-if)# ipv6 address 2401:dd00:PQRT:2::1/64 CampusCore(config-if)# exit CampusCore(config)#interface vlan 255 CampusCore(config-if)# ipv6 address 2401:dd00:PQRT::FFFE/64 CampusCore(config-if)# exit }}} - Next we have to configure unicast routing in the Switch {{{ CampusCore(config)#ipv6 unicast-routing }}} - Make sure you '''save''' the configurations to start-up Then we will configure FacACore with it's IPv6 Addresses ==== FacACore ==== - Login to FacACore device. Give your console port password (class password) - Go to config mode from user mode. Give your enable password (class password) - Assign the IP Address to the VLAN interface and enable unicast routing {{{ FacACore(config)#interface vlan 2 FacACore(config-if)#ipv6 address 2401:dd00:PQRT:2::2/64 FacACore(config-if)#exit FacACore(config)#interface vlan 10 FacACore(config-if)#ipv6 address 2401:dd00:PQRT:A110::FFFF/64 FacACore(config-if)#exit FacACore(config)#ipv6 unicast-routing FacACore(config)#exit FacACore#write }}} ==== FacBCore ==== - Repeat same to configure FacBCore {{{ FacBCore(config)#interface vlan 2 FacBCore(config-if)#ipv6 address 2401:dd00:PQRT:2::3/64 FacBCore(config-if)#exit FacBCore(config)#interface vlan 20 FacBCore(config-if)#ipv6 address 2401:dd00:PQRT:B220::FFFF/64 FacBCore(config-if)#exit FacBCore(config)#ipv6 unicast-routing FacBCore(config)#exit FacBCore#write }}} - Finally Verify the connectivity * Go to FacACore device * Go to privileged mode and ping !CampusCore and FacBCore {{{ ping 2401:dd00:PQRT:2::1 ping 2401:dd00:PQRT:2::3 }}} - You should get a positive reply with "!!" === PC Auto Configuration === Log in to your Dept1PC and check its IP address by issuing '''ifconfig''' in console. You may notice that there is a new IPv6 address auto configured with the VLAN 10 prefix. - Try ping IPv6 gateway {{{ ping6 2401:dd00:PQRT:A110::FFFF }}} - you will get a positive result Check the same with Dept2PC. But now it should show an address from VLAN 20 prefix. Check connectivity by ping6 VLAN20 interface ipv6 address. === Connecting LAN to the Router === Now you have done LAN interface configuration. Let's start routers Configuration. - Login to !BorderRt Router and switch to config mode - Router's IP allocation is as follows. You can get your Router's IP address from [wiki:2017Ipv6ipallocation here]. ||= Interface Name =||= IP Address =|| ||Fast Ethernet 0/0 ||2401:dd00:PQRT::FFFF/64|| ||Fast Ethernet 0/1 |||| - Let's configure the LAN port (fa 0/0) {{{ BorderRt(config)#interface fastEthernet 0/0 BorderRt(config-if)#ipv6 address 2401:dd00:PQRT::FFFF/64 BorderRt(config-if)#exit }}} - Configure the WAN port (fa 0/1) {{{ BorderRt(config)#interface fastEthernet 0/1 BorderRt(config-if)#ipv6 address 2401:dd00:1:128::XXXX/64 BorderRt(config-if)#exit BorderRt(config)#ipv6 unicast-routing BorderRt(config)#exit BorderRt#write }}} - You have successfully finished connecting !CampusCore to the !BorderRt router. Let's verify the connectivity using the ping command - Go to !BorderRt and ping to !CampusCore switch's VLAN 255 Interface IP {{{ ping 2401:dd00:PQRT::FFFF }}} - Now Check the routers connectivity in WAN port. Ping to the WAN Gateway {{{ ping 2401:DD00:1:128::FFFF }}} - Both these ping commands should give you a reply  === Routing === In this Lab we will enable OSPF for IPv6 in all the core switches and we will add default routes in !Campuscore and the router. - Now let's enable OSPF on Core devices. Starting from !CampusCore * Login to !CampusCore? switch and switch to config mode * Define OSPF process and Process ID. In this lab use process ID as 1 {{{ CampusCore(config)#ipv6 router ospf 1 }}} * Give the router ID, this will be the same as ipv4 ospf router ID for simplicity {{{ CampusCore(config-rtr)#router-id 10.0.2.1 }}} * You are going to announce the subnets which are directly connects to you. Use this command for that {{{ CampusCore(config-rtr)#redistribute connected }}} * You are enabling OSPF on VLAN 2. Use this command for that. {{{ CampusCore(config)#interface vlan 2 CampusCore(config-if)# ipv6 ospf 1 area 2 CampusCore(config-if)# exit }}} * Now you have enable OSPF on !CampusCore Switch. Now lets add the default Route. {{{ CampusCore(config)# ipv6 route ::/0 2401:dd00:PQRT::FFFF }}} - Follow the same steps in FacACore and FacBCore ==== FacACore ==== {{{ FacACore(config)#ipv6 router ospf 1 FacACore(config-rtr)#router-id 10.0.2.2 FacACore(config-rtr)#redistribute connected FacACore(config-rtr)#exit FacACore(config)#interface vlan 2 FacACore(config-if)# ipv6 ospf 1 area 2 FacACore(config-if)# exit FacACore(config)#ipv6 route ::/0 2401:dd00:PQRT:2::1 }}} ==== FacBCore ==== {{{ FacBCore(config)#ipv6 router ospf 1 FacBCore(config-rtr)#router-id 10.0.2.3 FacBCore(config-rtr)#redistribute connected FacBCore(config-rtr)#exit FacBCore(config)#interface vlan 2 FacBCore(config-if)# ipv6 ospf 1 area 2 FacBCore(config-if)# exit FacBCore(config)#ipv6 route ::/0 2401:dd00:PQRT:2::1 }}} - Now you have enable Routing in your Core network. Let's verify whether it is working.  * Go to Dept1PC and try a Ping6 to Dept2PC. You get get the auto configured IPv6 address of the Dep2tPC by '''ifconfig''' command * Try a ping to Router's LAN port {{{ ping6 2401:dd00:PQRT::FFFF }}} * Both should give you a reply - Add the !BorderRt Routers default gateway * Go to !BorderRt and switch to config mode * Add the default route {{{ - BorderRt(config)# ipv6 route ::/0 2401:DD00:1:128::FFFF }}} * Verify the route by ping a known host from the !BorderRt router {{{ ping 2401:dd00:1::161 }}} * This should give you a reply === Router Configuration === Here we need no NAT to access internet, only dependency is the correct routing details. - Login to !BorderRt Router and switch to config mode - Add a static route in the router so that the traffic coming to our defined network will redirect to !CampusCore switch {{{ BorderRt(config)#ipv6 route 2401:dd00:PQRT::/48 2401:dd00:PQRT::FFFE }}} - Now try a ping from DeptPC1 to the 2401:dd00:1::161 . It should give reply === Wireshark === Let's capture some packets and do a analysis. - Log in to Dept1PC and and start blackbox. {{{ sudo startx }}} - Right click on desktop and open '''xterm''' terminal - type '''wireshark''' and press enter - On the wireshark interface select the '''enp0s3''' interface and click '''Capture packets''' button - While you are capturing. Open another xterm terminal. And type '''midori''' and press enter. - You will get midori browser. Click the arrow head at top right corner to get the menu. In the menu select '''New Private Browsing Window''' - Browse for '''www.google.com''' from the browser. - Go back to wireshark and '''stop''' capturing - Click on '''Statistics''' and select '''Summary''' - You will see high percentage of IPv6 packets - Try for some other popular sites