I have been running IPv6 and IPv4 concurrently. At Cisco Live San Diego 2019  I shared some of my experiences with Jeffry Handal (I met him initially at CiscoLive Barcelona 2019)  and somewhow we ended up talking about IPv6 and how by default you receive multiple IPv6 addresses. To me, that was one of my frustrations, so my network is setup in such a way that it only assigns a single IPv6 address. It appears that such a setup is not very common. So I would like to share with you how my IPv6 network is configured.

My network consists of an ASA firewall (soon to be replaced with the FirePower 1010), a 3560 compact switch that acts as L3 switch, and a Catalyst 9800 Wireless Controller (yep, moved from Mobility Express to the Cat9k wireless IOS-XE). The figure below shows my network topology.

In this network setup, the 3560 acts as L3 switch and DHCP server (both IPv4 and IPv6). It is absolutely possible to use an external DHCP server and use helpers instead. But for my home network that is, well, not necessary. The configuration on the client VLAN is shown below:

interface Vlan300
 description clients
 ip address 192.168.1.1 255.255.255.0
 ipv6 address FE80::300 link-local
 ipv6 address 2001: db8:face:300::1/64
 ipv6 enable
 ipv6 nd prefix 2001:db8:face:300::/64 300 300 no-autoconfig
 ipv6 nd managed-config-flag
 ipv6 nd router-preference High
 ipv6 nd ra interval 30
 ipv6 dhcp server clients-300 rapid-commit
end

By setting the managed-config-flag and disabling auto-config on the prefix I effectively state that my switch is the only router and device allowed to assign and distribute IPv6 addresses. I effectively disable every auto-magic feature within IPv6 except DHCPv6. The configuration I use for that DHCPv6 server is defined below:

ipv6 dhcp database flash:dhcpv6-db
ipv6 dhcp pool clients-300
 address prefix 2001:db8:face:300::/64 lifetime 86400 86400
 link-address 2001:db8:face:300::/64
 dns-server 2620:119:35::35
 dns-server 2620:119:53::53
 domain-name clients.nefkens.net
!

Using this configuration all my devices (and yes, Jeffry told me that Android devices do not support DHCPv6 so go complain at Google for that) receive a single IPv6 address, as can be shown in the screen shot below.

Although it might not be common, it is very much possible to use DHCPv6 and only assign a single IPv6 address to each device. It will make your life for troubleshooting or looking at management systems, such as Firepower Management Center, DNA Center, or Syslog server a lot easier.

Share This