Cisco ISATAP

Introduction

This example demonstrates ISATAP configuration on the head-end router and a simulated ISATAP client using a Cisco router.
Usually the client is a Windows PC with IPv6 enabled, initiating the tunnel. For testing and verification purposes, a Cisco router closest to the clients can act as a client.
For this, we are using ISATAP tunnel at the head-end and IPv6 over IPv4 manual tunnel at the client router. IPv6 unicast routing can be disabled on the client router, so that it will behave as a true client and install a default IPv6 static route towards the head-end.
Check feature navigator to verify head-end router image supports ISATAP tunnels.
Check feature navigator to verify simulated client router supports manually configured IPv6 over IPv4 tunnels.

Design

Configuration

Head-end router configuration

ipv6 unicast-routing

!

interface Loopback0

ip address 15.100.8.1 255.255.255.255

!

interface Tunnel1

no ip address

no ip redirects

ipv6 address 2001:DB8:CAFE:65::/64 eui-64 <<<Any /64 IPv6 address will work

no ipv6 nd ra suppress <<< IPv6 ra is suppressed by default on tunnel. Need to re-enable for client auto-configuration.

tunnel source Loopback0

tunnel mode ipv6ip isatap

Simulated ISATAP client on Cisco router

interface ethernet0

ip address 15.2.8.128 255.255.255.0

!

interface Tunnel1

no ip address

ipv6 address autoconfig

ipv6 enable

tunnel mode ipv6ip

tunnel source ethernet0

tunnel destination 15.100.8.1

 

Related show Commands

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.

 

Show running-config

Client Tunnel1 should acquire IPv6 address prefix from head-end. Then client source IPv4 address is appended at the end. In this example, 15.2.8.128 => F02:880

show ipv6 interface tunnel1

IPv6 is enabled, link-local address is FE80::F02:880

No Virtual link-local address(es):

Stateless address autoconfig enabled

Global unicast address(es):

2001:DB8:CAFE:65::F02:880, subnet is 2001:DB8:CAFE:65::/64 [EUI/CAL/PRE] <<< Acquired IPv6 prefix and resultant IPv6 autoconfig address

valid lifetime 2591770 preferred lifetime 604570

Joined group address(es):

FF02::1

FF02::1:FF02:880

MTU is 1480 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

Default router is FE80::5EFE:F64:801 on Tunnel1 <<< ISATAP head-end as the default router with 0000:5EFE appended with head-end source IPv4

If IPv6 unicast-routing is disabled on the client router, it will also install a default static route pointing towards the ISATAP head-end router.

show ipv6 route

IPv6 Routing Table – default – 4 entries

Codes: C – Connected, L – Local, S – Static, U – Per-user Static route

B – BGP, R – RIP, I1 – ISIS L1, I2 – ISIS L2

IA – ISIS interarea, IS – ISIS summary, D – EIGRP, EX – EIGRP external

ND – Neighbor Discovery, l – LISP

O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2

ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2

S  ::/0 [2/0]

via FE80::5EFE:F64:801, Tunnel1

C 2001:DB8:CAFE:65::/64 [0/0]

via Tunnel1, directly connected

L 2001:DB8:CAFE:65::F02:880/128 [0/0]

via Tunnel1, receive

L FF00::/8 [0/0]

via Null0, receive

Head-end should be able to ping the client.

router#ping ipv6 2001:DB8:CAFE:65::F02:880

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:CAFE:65::F02:880, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms