DHCPv6 Support for ISG

Dynamic Host Configuration Protocol (DHCP) v6 supports Intelligent Services Gateway (ISG) session as a standalone application for allocating delegated prefixes to Customer Premises Equipment (CPE). The clients behind CPE are allocated addresses from the assigned prefixes.

Restrictions for DHCPv6 Support for ISG

  • ISG DHCPv6 IPoE session is initiated only after DHCPv6 transactions and successful IPv6 prefix assignment from DHCPv6 server are complete.

  • For DHCPv6, assignment of IANA & IAPD IPv6 prefixes (with any of IPv6 prefix attributes including Delegated-IPv6-Prefix) are not supported through RADIUS.

  • ISG IPv6 IPoE sessions are supported with either Stateless Address Auto-Configuration (SLAAC) or DHCPv6 only.

  • ISG IPv6 IPoE is not supported for clients connecting through any DHCPv6 Relay Agent as DHCPv6 packets are encapsulated in Relay-Forward or Relay-Reply messages between clients and ISG

Information About DHCPv6 Support for ISG

Interaction with FHS

In the Layer 2 connected subscriber sessions, the first hop security must be enabled This is the main requirement for ISG IPv6 Layer 2 connected subscriber sessions. On configuring control policy on the interface, ISG enables FHS snooping policy.

The First-Hop Security (FHS) intimates ISG about:
  • FSoL on binding entry creation in the binding table for messages such as RS, NS, and NA.
  • Removal of binding entry from the binding table with disassociation message.
  • Data packets which are pushed to RP and not having the binding table entry in FHS.
  • Interface change when you move from one interface to another.

ISG does not get information on any other control packets for session initiation.

Existing FHS behavior is modified and programmed to snoop DHCPv6 prefix.

Interaction with IPv6 ND

IPv6 ND sends multicast Router Advertisement (RA) at regular intervals and on receiving Router Solicitation (RS) from the host on bootup with all IPv6 prefixes. The interaction between the IPv6 ND and ISG happens with ISG integration. IPv6 ND sends unicast RA, instead of multicast RA, with prefixes assigned to the subscriber.

In case of DHCPv6, unicast RA is not advertised to client containing the prefix, to support this feature. Based on the type of the session (SLAAC or DHCPv6) ISG enables or disables RA session respectively.

Support for DHCPv6 Single or Dual Stack Session Bringup

To support ISG dual stack sessions with DHCPv6, an interface is configured with ISG and FHS is programmed for prefix-glean snooping policy. After the DHCPv6 handshake, a prefix is allocated to the CPE. Binding for the assigned prefix is created in FHS and a notification is sent to the IPSUB along with the prefix.

ISG session initiator unclassified-mac is used to support DHCPv6. After the DHCPv6 handshake is complete, a binding is created in FHS and a notification is sent to trigger an IPSUP session.

Based on the configuration on the interface, ISG configuration handler will program FHS for SLAAC or DHCPv6 based sessions.

For DHCPv6, ISG session is provisioned for MAC-address of the CPE and the prefix is allocated through DHCPv6. So the DHCP session is provisioned for the CPE MAC and DHCPv6. Packets flowing from the clients allocated IP address through this delegated prefix is accounted for this session.

How to Configure DHCPv6 Support for ISG

Configuration for DHCPv6 Support for ISG

Perform the following task to configure DHCPv6 support for ISG. 


interface Port-channel8.10 
    encapsulation dot1Q 10 primary GigabitEthernet1/1/0 
    ip address 192.168.11.1 255.255.255.0 
    ipv6 address 3002::1/64 
    ipv6 enable
    ipv6 nd managed-config-flag 
    ipv6 nd other-config-flag 
    ipv6 dhcp relay destination 201:201:201:201::2
    service-policy type control GX_TEST 
    ip subscriber l2-connected 
        initiator unclassified mac-address 
        initiator dhcp

Configuration Examples for DHCPv6 Support for ISG

Example: DHCPv6 Support for ISG

Example: DHCPv6 Support for ISG 


Device# show ipv6 neighbors binding
Binding Table has 3 entries, 1 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, DH - DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match     0002:Orig trunk            0004:Orig access
0008:Orig trusted trunk    0010:Orig trusted access   0020:DHCP assigned
0040:Cga authenticated     0080:Cert authenticated    0100:Statically assigned


        IPv6 address                                             Link-Layer addr         Interface        vlan prlvl  age   state    Time left
L      FE80::A8BB:CCFF:FE02:F800               AABB.CC02.F800       Et0/0             0  0100   24mn REACHABLE
L      ABCD::1                                                      AABB.CC02.F800       Et0/0             0  0100   24mn REACHABLE
DH  2010::/64                                                   AABB.CC02.9401        Et0/0             0  0024   24mn REACHABLE

Additional References for DHCPv6 Support for ISG

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

MIBs

MIB

MIBs Link

  • CISCO-MIB

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for DHCPv6 Support for ISG

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for DHCPv6 Support for ISG

Feature Name

Releases

Feature Information

DHCPv6 Support for ISG

Cisco IOS XE Everest 16.5.1b

This feature is about DHCPv6 Support for ISG.

There were no commands introduced or modified in this feature.

Unclassified MAC Initiator with IANA

Cisco IOS XE Gibraltar 16.12.1

ISG IPv6 sessions are based on the unclassified mac address of the subscriber. If you use DHCPv6 for IPv6 addresses, ISG creates subscriber sessions based on DHCPv6 packets with the IANA option.