IPv6 Configuration Example

The following example configures and enables an IPv6 address on a GigaVUE‑HC3 node. It also configures an IPv6 address for a TACACS+ server, which is the remote authenticator.

To configure an IPv6 address for an LDAP server, use the CLI command host ldap host instead of tacacs-server host in Step 13.

In this example, the IPv6 network prefix is 2001:db8::/120.

Step

Description

Command

1.  

Use the configuration jump-start wizard on the GigaVUE‑HC3 to specify the eth0 Management interface, enable DHCP on eth0, enable IPv6, enable IPv6 autoconfig on eth0, and enable DHCPv6 on eth0.

(config) # configuration jump-startGigaVUE‑OS configuration wizardStep 1: Hostname? [gigamon1]Step 2: Management Interface <eth0> ? [eth0]Step 3: Use DHCP on eth0 interface? [no] yesStep 4: Enable IPv6? [no] yesStep 5: Enable IPv6 autoconfig (SLAAC) on eth0 interface? [no] yesStep 6: Enable DHCPv6 on eth0 interface? [no] yesStep 7: Enable secure cryptography? [no]Step 8: Enable secure passwords? [no]Step 9: Minimum password length? [8]Step 10: Admin password?Please enter a password. Password is a must.Step 10: Admin password?Step 10: Confirm admin password?Step 11: Cluster enable? [no]You have entered the following information:To change an answer, enter the step number to return to.Otherwise hit <enter> to save changes and exit.<enter>

2.  

Verify that IPv6 is supported and enabled.

Note:  If no is displayed for either IPv6 supported or admin enabled, IPv6 communication will fail. Issue the CLI command in Step 3.

(config) # show ipv6

IPv6 summary    IPv6 supported: yes    IPv6 admin enabled: yes    IPv6 interface count: 1
3.

(Optional) If no is displayed for either IPv6 supported or admin enabled, issue the following CLI command.

(config) # ipv6 enable

4.  

Configure an IPv6 address for eth0 in the same subnet as the TACACS+ server.

(config) # interface eth0 ipv6 address 2001:db8:a0b:12f0::17/120

5.  

Enable the eth0 interface.

(config) # interface eth0 ipv6 enable

6.  

Verify the IPv6 address.

(config) # show interface eth0

Interface eth0 status:...   IPv6 enabled:       yes   ...   IPv6 address:       2001:db8:a0b:12f0::17/120
7.  

Add an IPv6 static route. Routing is essential to IPv6 communications. Ensure that all IPv6 addresses are routable and are on the same subnet. Also ensure your network switches, routers, and firewalls are configured in such way to allow IPv6 packets to reach their destination.

(config) # ipv6 route 2001:db8:a0b::/120 eth0

8.  

Verify the IPv6 routing table.

(config) # show ipv6 route

 

                     Destination prefix
                         Gateway                                  Interface  Source
                     -----------------------------------------------------------------
                     ::/0
                         ::                                       eth0       static
                     2001:db8:a0b:12f0::/120
                         ::                                       eth0       static
                         ::                                       eth0       interface
                     2001:db8:a0b:12f0::17/120
                         ::                                       lo         local
9.  

Ping the host default gateway from the GigaVUE node to verify the endpoints. If you do not get a response, check the connections and routing.

(config) # ping6 -I eth0 2001:db8:a0b:12f0::1

10.  

Configure TACACS+ as the default AAA login.

(config) # aaa authentication login default tacacs+

11.  

Verify the authentication configuration. Also verify that the default user is external.

(config) # show aaa

AAA authorization:
   Default User: external
   Map Order: remote-first
Authentication method(s):
tacacs+ local
12.  

Verify that the external user has a password set.

(config) # show usernames

USERNAME     FULL NAME                ACCOUNT STATUS
admin        System Administrator     Password set
13.

Configure the IPv6 address for the TACACS+ server.

(config) # tacacs-server host 2001:db8:a0b:12f0::11 key gigamon enable

14.  

Verify the TACACS+ server IPv6 address.

(config) # show tacacs

    ...
TACACS+ servers:
2001:db8:a0b:12f0::11:49
15.  

Ping the TACACS+ server to verify that it is reachable.

(config) # ping6 -I eth0 2001:db8:a0b:12f0::11