Final Report - IPV6

IPV6 Deployment
Project Report
CSE5ITP 28/10/2019 MICT

IPv6 Deployment
Project Report
on
Internet protocol version 6
(IPv6) Deployment
Submitted as per requirement of ITP Project

Towards partial fulfillment of
Masters in Information and communication technology
Submitted by:
Shodhana Tumma (19839745)
Sai Praneeth Koka(19813326)
Challa Laxman Reddy (19892136)
Sudheer Kakollu(20095385)
Latrobe University, Plenty

Rd & Kingsbury Dr, Bundoora, VIC-3085.
i
IPv6 Deployment
ABSTRACT
With the rapid growth of the Internet there is an urgency to expand the address space
available to users of the Internet. The current version of the Internet Protocol, IPv4, is slowly
losing position because of its various limitations such as limited address space, lack of
functionality and inadequate security features. The intent of this paper is to deploy both IPv6
and IPv4 (dual stack) over Latrobe University Network. In dual-stack architecture, all the
components of the network system should support the both protocols. Applications must
choose either IPv4 or IPv6, by selecting the correct address based on the type of IP traffic and
requirements of the communication.
In dual-stack architecture, all the components of the network system should support the both
protocols. Applications must choose either IPv4 or IPv6, by selecting the correct address
based on the type of IP traffic and requirements of the communication
We have considered different VLAN’s students, staff, management, guest as end hosts and
are connected to access switch through another two switches. We have considered three
switches were considered taking growth of the network and redundancy into consideration.
We have considered three routers named as distribution, core and internet routers.
Distribution router is connected to end hosts through the access switch. For inter VLAN
communication trunk is created and for intra VLAN communication router on stick is
implemented on distribution router. DHCP is implemented on distribution router for
assigning the end hosts with IPv4 and IPv6 addresses automatically. Core router connected to
both distribution and internet router. Internet router is connected to DMZ, External network
and to the internal network through core router. OSPF protocol is implemented on all the
routers to advertise their directly connected networks to their neighbour routers. PAT, NAT
are implemented on the internet router to translate the IP addresses traversing the network.
Access- Controlled lists were created on the internet router to ensure the traffic is not entering
the inside network. Finally, as per the project requirement outbound connectivity for both
IPv4 and IPv6 was established externally and no inbound connections to the inside network
are allowed.
ii
IPv6 Deployment
Acknowledgement
We are sincerely thankful to Latrobe University (Bundoora campus) for providing us
with the opportunity to implement “IPV6 Deployment networking project” as part of
CSE5ITP.
We are thankful to our course co-ordinator Dr. Prakash Veeraraghavan for providing us
insights and expertise that greatly assisted the project.
We thank Dr Miro for providing comments and suggesting better options during mid-term
presentation related to the devices we used for implementation which further greatly helped
us in proceeding further.
We would also like to show our gratitude to Dheeraj Sudarsanam, for continuous guidance
throughout the project and sharing his knowledge. We are grateful for his comments and
inputs in earlier version of our project.
We hereby acknowledge that the results, observations provided are solely our own effort.
iii
IPv6 Deployment
Table of contents:
I. Title ………………………………………………………………………….. i
II. Abstract ………………………………………………………………………ii
III.Acknowledgement …………………………………………………………...iii
IV. Table of contents ……………………………………………………………..iv
1. Introduction ………………………………………………………………….1
2. Network Topology..…………………………………………………...……...2
3. Implementation ………………………………………………………………3
3.1. VLANs …………………………………………………………...………3
3.1.1. Port Assignments and Trunking ……………………...………...3
3.2. Subnetting Scheme ……………………………………………...………5
3.2.1. IPv4 Subnetting Scheme .………………………………..………5
3.2.2. IPv6 Subnetting Scheme …………………………………..…….7
3.3. Devices and Roles ……………………………………………….………9
3.4. Router on Stick ………………………………………………….……...11
3.5. Dynamic Host Configuration Protocol (DHCP) ………………….…..14
3.6. Open Short Path First (OSPF) ……………………………….………..22
3.7. Network Address Translation (NAT) ……………………….………...28
3.8. Demilitarized Zone (DMZ) ………………………………….…………32
3.9. Access-control lists (ACLs) …………………………………….………33
3.9.1. Standard Access-control lists ………………………….....……..33
3.9.2. Extended Access-control lists ………………………….………..33
3.10. Context-Based Access Control (CBAC) ……………………..………..34
4. Costing ……………………………………………………………….………36
5. Appendix …………………………………………………….…....………….38
5.1. Switch1 configuration ………………………………………….……….38
5.2. Switch2 configuration …………………………………………………..40
5.3. Access switch configuration ……………………………………………42
5.4. Distribution router configuration ……………………………………..44
5.5. Core router configuration ……………………………………….……..48
5.6. Internet router configuration ………………………….……….………50
5.7. Configuration results ………………………….……...………………...53
iv
IPv6 Deployment
1.Introduction
IP - Internet Protocol is the most widely used communication protocol. Internet
protocol version 6 is the replacement for Internet protocol version 4. Some of the deficiencies
of IPV4 and the way it handles the hosts is corrected by IPV6.
IPV4 which is a fourth version of Internet protocol handles 4.3 billion unique IP addresses
with its 32- bit address format. But, for the rapidly rising growth of the Internet it is not
enough to sustain.
Hence, the implementation of IPV6 is introduced which supports 3.4 x 1038
Unique IP addresses with its 128-bit address format. Apart from handling limitless unique IP
addresses, IPV6 had many advantages as: efficient packet handling with its simplified header
format, routing efficiency, increased throughput etc.
While a lot of carriers now a days are proceeding with IPV6network for future generation
services, current practical implementations still need the ipv4 devices and other handsets.
Here comes the support of dual stack.
Dual stack: In this project, we are implementing dual stack which means both IPV6 and
IPV4 addresses exits on the same platform and supports both hosts.
IPV4 Addressing: IPV4ues hierarchical addressing scheme. It is a 32-bit address which

contains information regarding host and network.
In our project we have been given IPv4 192.168.[Y0-Y9].0/24 private address range (Y (7) is
our POD number). We have used 192.168.[70-79].0/24 as per requirements. Similarly,
2400:13c0:177::ffe8::/62 for IPV6.
Next segments in this project document describes the clear explanation regarding topology,
IP addressing schemes, Protocols and ACLS implemented in this project.
1
IPv6 Deployment
2.Network Topology
Topology:
Justification of Topology:
Above network topology is built as per the requirements provided in IPV6 project
implementation guide in lab environment.
As per the availability of the lab resources and considering the growth and redundancy of the
network, we have considered three cisco switches.
We have considered different VLANS as end host devices named student, staff, management
and guest. These VLANS are connected to switch1 and switch2 simultaneously.
Third switch, which is considered as access switch is connected to the switch1 and switch2
via trunk link. IPV6 and IPV4 is deployed.
DHCP is implemented on the distribution router for both IPV6 and IPV4 which makes the
end users acquire the IPV6 and IPV4 addresses automatically as per the VLANS connected.
2
IPv6 Deployment
The protocol we have implemented for IPV4 and IPV6 is OSPFv2 and OSPFv3 respectively.
This OSPF routing protocols enables IPV4 and IPV6 to advertise their directly connected
networks to the other networks which are not directly connected in the topology.
The core router is connected to the distribution router mentioned above with a point to point
link. OSPF version2 and version3 are configured in Core router to advertise their directly
connected networks.
Internet router is connected to Core router using point to point link. Internet router is also
connected to DMZ (Demilitarized Zone) using point to point link. Internet router is also
connected to LTU Network using point to point link. OSPF version2 and version3 are
configured in Internet router to advertise their directly connected networks.
Protocols OSPF and DHCP are explained in detail in the OSPF and DHCP justification.
3
IPv6 Deployment
3.Implementation
3.1 VLANs:
VLAN VLAN NAME

Vlan10 Students
Vlan 20 Staff
Vlan 30 Management
Vlan 40 guest
Vlan 50 Vlan50(configured for using serial port G 0/0/0 on
internet router to connect to DMZ)
3.1.1 Port Assignments and Trunking:
Switch 1
Ports Assignment Network in IPv4 Network in IPv6

G1/0/1 – G1/0/4 Trunks (Native 192.168.72.0/24 2400:13c0:177:ffea::/64
VLAN 30)
G1/0/5 – G1/0/6 VLAN 10 - Students 192.168.70.0/24 2400:13c0:177:ffe8::/64
G1/0/7 – G1/0/8 VLAN 20 - Staff 192.168.71.0/24 2400:13c0:177:ffe9::/64
G1/0/9 – VLAN 40 - Guest 192.168.73.0/24 2400:13c0:177:ffeb:3fff:/66
G1/0/10
Switch 2

G1/0/1 – G1/0/4 Trunks (Native 192.168.72.0/24 2400:13c0:177:ffea::/64
VLAN 30)
G1/0/5 – G1/0/6 VLAN 10 - 192.168.70.0/24 2400:13c0:177:ffe8::/64
Students
G1/0/7 – G1/0/8 VLAN 20 - Staff 192.168.71.0/24 2400:13c0:177:ffe9::/64
G1/0/9 – G1/0/10 VLAN 40 - Guest 192.168.73.0/24 2400:13c0:177:ffeb:3fff:/66
Access switch:

G1/0/1 – G1/0/4 and Trunks(Native 192.168.72.0/24 2400:13c0:177:ffea::/64
G1/0/14 VLAN 30)
4
IPv6 Deployment
3.2 Subnetting Scheme:

3.2.1 IPv4 Subnetting Scheme:

Device Interface IPV6 Address Subnet Prefix Default
Length Gateway
Distribution Gi 0/1 192.168.75.1 255.255.255.252 N/A
Router Gi 0/0.10 192.168.70.254 255.255.255.0 N/A
Gi 0/0.20 192.168.71.254 255.255.255.0 N/A
Gi 0/0.30 192.168.72.254 255.255.255.0 N/A
Gi 0/0.40 192.168.73.254 255.255.255.0 N/A
Access Vlan10(Students) 192.168.70.1 255.255.255.0 192.168.70.254
Switch Vlan20(Staff) 192.168.71.1 255.255.255.0 192.168.71.254
Vlan30(Management) 192.168.72.1 255.255.255.0 192.168.72.254
Vlan40(Guest) 192.168.73.1 255.255.255.0 192.168.73.254
Core Router Gi 0/0 192.168.75.2 255.255.255.252 N/A
Gi 0/1 192.168.75.5 255.255.255.252 N/A
Internet Gi 0/0 192.168.75.6 255.255.255.252 N/A
Router Gi 0/1 131.172.254.26 255.255.255.252 N/A
Gi 0/0/0 192.168.74.254 255.255.255.0 N/A
DMZ 192.168.74.1 255.255.255.0 192.168.74.254
Students NIC DHCP DHCP DHCP
PCs
Staff PCs NIC DHCP DHCP DHCP

5
IPv6 Deployment
Networks Addresses
Student 192.168.70.0/24
Staff 192.168.71.0
Management 192.168.72.0
Guest 192.168.73.0
Distribution – core 192.168.75.0/30.
Core- internet 192.168.75.4/30
Internet – DMZ 192.168.74.0/29
Default gateway to DMZ 192.168.74.254/24
Internet Router to LTU switch 131.172.254.26/30
Four samples of VLANs are created. Network Students is accessed by students of university.
This network would be getting IP address from the network 192.168.70.0/24
Network staff is accessed by Staff of university. This network would be getting IP address
from the network 192.168.71.0/24.
Network Guest is accessed by Guests. This network would be getting IP address from the
network 192.168.73.0/24.
Network 192.168.72.0/24 is reserved which is a management VLAN. This makes switches to

communicate with other VLANs.
Distribution router has an IP address of 192.168.70.254/24 on its sub- interface Gi0/0.10 as

default gateway for VLAN 10.
G0/0.20 sub-interface has an IP address of 192.168.71.254/24 as default gateway for
VLAN20.
VLAN30.
VLAN40.
Distribution router and core router has a point to point connection with the network address
of 192.168.75.0/30.
Internet router and core router are connected using network 192.168.75.4/30.
6
IPv6 Deployment
DMZ and internet router have related to the network 192.168.74.0/24
Default gateway and DMZ are connected using network 192.168.74.254/24

LTU switch and internet router is connected using network 131.172.254.26/30.
The above IPV4 subnetting scheme is built with private subnetting scheme and designed as
per the need of Lab topology.
The VLANS which are Student, staff, Management and Guest networks are designed with
subnet mask of /24 so that it can accommodate up to more than 200 users per each network.
3.2.2 IPv6 Subnetting Scheme:
Subnet Prefix Default

Device Interface IPV6 Address
Length Gateway
Gi 0/1 2400:13c0:177:ffeb:8000::2 /126 N/A
Gi 0/0.10 2400:13c0:177:ffe8::fffe /64 N/A
Distribution
Gi 0/0.20 2400:13c0:177:ffe9::fffe /64 N/A
Router
Gi 0/0.30 2400:13c0:177:ffea::fffe /64 N/A
Gi 0/0.40 2400:13c0:177:ffeb:3fff::fffe /66 N/A
Access Switch Vlan10
2400:13c0:177:ffe8:: /64 N/A
(Students)
Vlan20
2400:13c0:177:ffe9:: /64 N/A
(Staff)
Vlan30
2400:13c0:177:ffea:: /64 N/A
(Management)
Vlan40
2400:13c0:177:ffeb:: /66 N/A
(Guest)
Core Router Gi 0/0 2400:13c0:177:ffeb:8000::3 /126 N/A
Gi 0/1 2400:13c0:177:ffeb:8000::5 /126 N/A
Internet Router Gi 0/0 2400:13c0:177:ffeb:8000::6 /126 N/A
Gi 0/1 2400:13C0:254:24::2 /66 N/A
Gi 0/0/0 2400:13c0:177:ffeb:4000::fffe /66 N/A
DMZ 2400:13c0:177:ffeb:4000:: /66 N/A
7
IPv6 Deployment
Networks Addresses
Student 2400:13c0:177:ffe8::/64
staff 2400:13c0:177:ffe9::/64
Management 2400:13c0:177:ffea::/64
Guest 2400:13c0:177:ffeb:3fff:/66
Distribution - core 2400:13c0:177:ffe8:8000::/126
Core- internet 2400:13c0:177:ffe8:8000::4/126
Internet - DMZ 2400:13c0:177:ffeb:4000::/66
Default gateway to DMZ 2400:13c0:177:ffeb:4000::fffe/66
Internet Router to LTU switch 2400:13C0:254:24::2/66
Four samples of VLANs are created. Network - Students is accessed by students of
university. This network would be getting IP address from the 2400:13c0:177:ffe8::/64.
Network staff is accessed by Staff of university. This network would be getting IP address
from the network 2400:13c0:177:ffe9::/64 Network Guest is accessed by Guests. This
network would be getting IP address from the network 2400:13c0:177:ffeb:3fff:/66. Network
2400:13c0:177:ffea::/64 is reserved which is a management VLAN. This makes switches to
communicate with other VLANs.
Distribution router has an IP address of 2400:13c0:177:ffe8::fffe /64 on its sub- interface

Gi0/0.10 as default gateway for VLAN 10.
G0/0.20 sub-interface has an IP address of 2400:13c0:177:ffe9::fffe /64 as default gateway
for VLAN20.
G0/0.30 sub-interface has an IP address of 2400:13c0:177:ffea::fffe /64 as default gateway
for VLAN30.
G0/0.40 sub-interface has an IP address of 2400:13c0:177:ffeb:3fff::fffe/66 as default
gateway for VLAN40.
Distribution router and core router has a point to point connection with the network address
of 2400:13c0:177:ffe8:8000::/126. Internet router and core router are connected using
network 2400:13c0:177:ffe8:8000::4/126. DMZ and internet router have been connected
with the network 2400:13c0:177:ffeb:4000::/66. Default gateway and DMZ are connected
8
IPv6 Deployment
using network 2400:13c0:177:ffeb:4000::fffe/66. LTU switch and internet router is connected

using network 2400:13C0:254:24::2/66.
9
IPv6 Deployment
3.3 Devices and roles:
Distribution Router:
This router is used for inter-VLAN routing. In this router, IPV4 and IPV6 addresses are
assigned automatically to end devices.
Services performed on distribution router are:
Router on stick:
For inter VLAN communication to take place, router on stick is implemented on distribution
router. Sub-Interfaces are created on the distribution router and is assigned to each VLAN for
inter VLAN communication using router on stick.
DHCP and SLAAC:
For the end host devices to acquire IPV4 and IPV6 addresses automatically as per their
VLANS, DHCP is implemented for IPV4 and stateless DHCPV6 is implemented for IPV6 on
distribution router.
OSPF:
OSPFv2 and OSPFv3 is configure on distribution router for both IPV6 and IPV4 so that they
advertise their directly connected networks to their neighbour routers.
Core Router:
Core router resides within the middle of the network. Core router is designed in such a way
that it forwards IP packets at full speed between the networks.
Services performed on internet router are as follows:
OSPF:
OSPFV2 and OSPFv3 is configure on Core router for both IPV4 and IPV6 so that they
advertise their directly connected networks to their neighbour routers.
Internet Router:
Internet router is used to forward the packets in between the core router, DMZ and LTU
switch. Any communication with the exterior networks is done through Internet router.
10
IPv6 Deployment
Services performed on internet router are as follows:
OSPF: OSPFV2 and OSPFv3 is configure on Internet router for both IPV6 and IPV4 so that
they advertise their directly connected networks to their neighbour routers.
PAT: To translate the Private IP addresses on to public IP addresses, PAT is implemented.

NAT: Static NAT is implemented on this Router statically to map the Private IPv4 address
with the public address of the interface. With this implementation DMZ can be accessed by
using public address from Internet.
Access control List: To filter the data traffic on the internet. ACL is implemented.
ACL is also implemented to identify the traffic needs that are to be permitted and those that
need to be restricted and to filter routing updates.
Switch1 and Switch2:
These two switches are used to connect end host devices which are in different VLANs.
Depending on the ports assigned to respective VLANs, network is accessed accordingly.
Access switch:
Access switch is the main switch which interconnects Both switch1 and switch2. This
interconnection takes place using trunk links so that Intra VLAN and Inter VLAN
communication takes place.
11
IPv6 Deployment
3.4 Router on Stick:

It is a type of router configuration in which a single physical interface routes traffic
between multiple VLANs on a network. The router interface is configured to operate as a
trunk link and is connected to a switchport configured in trunk mode. The router performs the
inter VLAN routing by accepting VLAN tagged traffic to the trunk interface coming from the
adjacent switch and internally routing between the VLANs using sub interfaces. The routers
then forward the routed traffic-VLAN tagged for the destination VLAN out the same physical
interface. Sub-interfaces are multiple virtual interfaces associated with one physical interface.
Sub interfaces are configured for different subnets corresponding to their VLAN assignment
to facilitate logical routing before the data frames are VLAN tagged and sent back out the
physical interface
ADVANTAGES OF ROUTER ON A STICK:
- Port limits: physical interfaces are configured to have one interface per VLAN, using
single router to perform inter-VALN routing is not possible
- Sub-interfaces allow a router to scale to accommodate more VLANs then physical
interfaces permit
- Performance: Because there is no contention for bandwidth on physical interfaces,
physical interfaces have better performance for inter-VLAN routing. When sub -
interfaces are used for inter-VLAN routing, the traffic being routed competes for
bandwidth on the single physical interface. On a busy network, this could cause a
bottleneck for communication.
- Access ports and trunk ports: connecting physical interfaces for inter- VALN
routing Requires that the switch ports be configured as access ports. Sub-interfaces
require the switch port to be configured as a trunk port so that it can accept VLAN
tagged traffic on the trunk link
- Cost: Routers with many physical interfaces cost more than routers with single
interface, financially it is more cost effective to use sub-interfaces over separate
physical interfaces
- Complexity: Using sub interfaces for inter-VLAN routing results in a less complex
physical configuration than using separate physical interfaces. On the other hand,
using sub interfaces with a trunk port results in a more complex software
configuration, which can be difficult to troubleshoot. If one VLAN is having trouble
12
IPv6 Deployment
routing to other VLANs, you cannot simply trace the cable to see if the cable is
plugged into the correct port. You need to check to see if the switch port is configured
to be a trunk and verify that the VLAN is not being filtered on any of the trunk links
before it reaches the router interface.
DISADVANTAGES OF ROUTER ON A STICK:
The disadvantages of router on stick network are it is more complex to set up compared to
other networks. traffic VLAN goes into the router and out of the router through the same port.
the trunk is the major source of congestion
IMPLEMENTATION:
To implement the router on stick on the distribution router we had divided the gi0/0 interface
into four sub-interfaces as, i.e, Gi0/0.10, Gi0/0.20, Gi0/0.30, Gi0/0.40.
Gi0/0.10 for the VLAN students with ipv4 address of 192.168.70.254/24 and with ipv6
address of 2400:13C0:177:ffe8::fffe/64.
Gi0/0.20 for VLAN 20 for staff with ipv4 address of 192.168.71.254/24 and with ipv6
address of 2400:13C0:177:ffe9::fffe/64.
Gi0/0.30 for VALN 30 as management with ip address of ipv4 192.168.72.254/24 and with
ipv6 address 2400:13C0:177:ffea::fffe/64.
Gi0/0.40 for VLAN 40 as guest with ipv4 address of 192.168.73.254/24 and with ipv6
address of 2400:13C0:177:ffeb::fffe/66.
Before assigning an IP address to a sub-interface, the sub-interface needs to be configured to

operate on a specific VLAN using the encapsulation dot1q VLAN id command.
CONFIGURATION ON ROUTER ON A STICK:

interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.70.254 255.255.255.0
ipv6 address 2400:13C0:177:FFe8::FFFE/64
ipv6 enable
no shutdown

13
IPv6 Deployment
ip address 192.168.71.254 255.255.255.0
ipv6 address 2400:13C0:177:FFe9::FFFE/64
ipv6 enable
no shutdown
ip address 192.168.72.254 255.255.255.0
ipv6 address 2400:13C0:177:FFea::fffe/64
ipv6 enable
no shutdown
ip address 192.168.73.254 255.255.255.0
ipv6 address 2400:13C0:177:FFeb:3fff::FFFE/66
ipv6 enable
no shutdown
14
IPv6 Deployment
3.5 Dynamic Host Configuration Protocol (DHCP):

DHCP is a protocol used for assigning dynamic IP addresses to devices on a network
with dynamic addressing, a device can have a different IP address every time it connects to
the network. in some systems the devices IP address can even change while it is still
connected. DHCP also supports a mix of static and dynamic IP addresses
Components of DHCP:
DHCP server: A network device running the DHCP service that holds IP addresses and
related configuration information of the devices. these most typically will be a server or a
router or it could be anything that acts as a host.ie such as a SD-WAN appliance
DHCP client: The endpoint that receives configuration information from a DHCP server.
this can be any device example a mobile, computer, IoT endpoint or can be anything else that
requires a connection to the network. Most networks are configured to receive the DHCP
information by default.
IP address pool: Range of IP address that are available to the DHCP clients. Address are
sequentially handed from lowest to highest
Subnet: IP address are partitioned in to small segments known a subnet. subnets help to keep
the network manageable
Lease: Length of time for which the DHCP client holds the IP address information. when a
lease expires the client must renew it
DHCP replay: A router or host that listens for client messages being broadcast on the
network and forwards to a configured server. The server then sends response back to the
replay agent which passes them along the clients. this can be used to centralize DHCP servers
instead of having a server on each subnet.
Advantages of DHCP server:
Simplified management by using the DHCP server we can provide very simplified
management of network
Reduced IP address conflicts: Each connected device must have an IP address. However,
each address can only be used once, and a duplicate address will result in a conflict where
one or both devices cannot be connected. This can happen when addresses are assigned
15
IPv6 Deployment
manually, particularly when there are many endpoints that only connect periodically, such as
mobile devices. The use of DHCP ensures that each address is only used once.
Automation of IP addressing: Without DHCP, network administrators would need to

assign, and revoke addresses manually. Keeping track of which device has what address can
be an exercise in futility as it’s nearly impossible to understand when devices require access
to the network and when they leave. DHCP allows this to be automated and centralized so
network professionals can manage all locations from a single location.
Efficient change management: Using DHCP makes it very simple to change address,
scopes or end points.
Disadvantages of DHCP:
DHCP poses security risks DHCP protocol requires no authentication so any client can join
the network quickly. Because of these it opens to a number of security risks, including
unauthorized servers that hands bad information to clients, by giving IP address and IP
address depletion from unauthorized or malicious clients
How do avoid DHCP security poses: by using the 802.1X authentication otherwise known
as network access control (NAC), can be used to secure DHCP
SLAAC:
To perform address configuration on IPv6 there are a couple of familiar methods and a few
additional methods, including: static addressing, static addressing with DHCPv6 (stateless),
dynamic addressing via DHCPv6 (Stateful), SLAAC alone, or SLAAC with DHCPv6
(Stateless).
SLAAC is a method in which the host or router interface is assigned a 64-bit prefix, and then
the last 64 bits of its address are derived by the host or router with help of EUI-64 process
SLAAC provides the ability to address a host based on a network prefix that is advertised
from a local network router via Router Advertisements (RA). RA messages are sent by
default by most IPV6 routers; these messages are sent out periodically by the router and
include information including:
 One or more IPv6 prefixes (Link-local scope)

 Prefix lifetime information
 Flag information
16
IPv6 Deployment
 Default device information (Default router to use and its lifetime)
SLAAC is implemented on the IPv6 client by listening for these local RA’s and then taking
the prefix that is advertised to form a unique address that can be used on the network. For this
to work, the prefix that is advertised must advertise a prefix length of 64 bits (i.e., /64);
SLAAC will then dynamically form a host identifier that is 64 bits long and will be suffixed
to the end of the advertised prefix to form an IPv6 address.
To give an idea as to how this works, the example topology shown in figure is used.
If the hosts (H1-H4) shown in figure were using the EUI-64 method of host identification, the
IPv6 addresses created using SLAAC would be:
 H1 – 2000:1234:5678::12FF:FE34:5678
 H2 – 2000:1234:5678::EBFF:FEA4:C1AE
 H3 – 2000:1234:5678::BAFF:FE24:C4AE
 H4 – 2000:1234:5678::84FF:FE67:AEFC
To be thorough, the EUI-64 process will be outlined for H1 as follows:
The prefix 2000:1234:5678::/64 will be learned from R1’s RA messages and will be the
initial prefix.
The client identifier would then be created from the MAC address that is assigned to H1, in
this case 0200:1234:5678. The first step of EUI-64 conversion is to split the MAC address in
half and place FF:FE in the middle, which results in 0200:12FF:FE34:5678. Then the seventh
17
IPv6 Deployment
bit will be flipped, in this case the first 8 bits is 00000010 (0x02). Next, the seventh bit is
flipped and the bit becomes 0, resulting in 00000000 (0x00); this gives a final host identifier
result of 0000:12FF:FE34:5678. When the prefix and the host identifier are brought together,
it results in an IPv6 address that is used for H1 of
2000:1234:5678:0000:0000:12FF:FE34:5678, which can be shortened to
2000:1234:5678::12FF:FE34:5678.
DHCP Justification:
Dynamic host configuration protocol is implemented on distribution server, so that end host
devices can acquire IP addresses automatically depending on which network they are in.
DHCP is implemented for IPv4 addresses and Stateless DHCPv6 is implemented for IPv6
addresses. The purpose of implementing stateless DHCPv6 is so that IPv6 addresses can be
acquired by router advertisements and there is no need of DHCP server for that. The end
hosts in student VLAN would be acquiring the IPv4 addresses from the network address
192.168.70.0/24 and IPv6 address from the network 2400:13C0:177:ffe8::/64. The end hosts
in staff VLAN would be acquiring the IPv4 addresses from the network address
192.168.71.0/24 and IPv6 address from the network 2400:13C0:177:ffe9::/64.the end hosts of
the guest VLAN would be acquiring the IPv4 addresses form the network address
192.168.73.0/24 and IPv6 address from the network 2400:13C0:177:ffeb::/66
There are four pools created in DHCP named as VLAN10, VLAN20, VLAN30, VLAN40 for
student, staff, management, guest networks respectively. The naming convention could be
anything, so the names defined for pools are the supposed names. The VLAN10 is used for
Students network (192.168.70.0/24 & 2400:13C0:177:ffe8::/64). The VLAN20 is used for
Staff network (192.168.71.0/24 & 2400:13C0:177:ffe9::/64). The VLAN30 is used for
Management network (192.168.72.0/24 & 2400:13C0:177:ffea::/64) The VLAN40 is used
for Guest network (192.168.73.0/24 & 2400:13C0:177:ffeb::/66)
The addresses that are statically assigned to sub-interfaces of the Gi 0/0 of distribution router,
are excluded from the pools created so that these addresses cannot be automatically assigned
to end host devices, avoiding IP address conflict.
18
IPv6 Deployment
DHCP syntax for IPv4
Step 1 enable Enables privileged EXEC

mode.
Example: Enter your password if
Device> enable prompted.

Step 2 configure terminal Enters global configuration
mode.
Example:
Device# configure terminal

Step 3 ip dhcp excluded-address low-address [hig Specifies IP addresses that
h-address] the DHCP server should
not assign to DHCP clients.
Example:
Device(config)# ip dhcp excluded-address
172.16.1.100 172.16.1.103

Step 4 ip dhcp pool name Creates a name for the
DHCP server address pool
and enters DHCP pool
Example: configuration mode.
Device(config)# ip dhcp pool 1

Step 5 domain-name domain Specifies the domain name
for the client.
Example:
Device(dhcp-config)# domain-name
cisco.com

Step 6 dns-server address [address2 ... address8] Specifies the IP address of
a DNS server that is
available to a DHCP client.
Example:
Device(dhcp-config)# dns server One IP address is required;
172.16.1.103 172.16.2.103 however, you can specify
up to eight IP addresses in
one command.
Servers should be listed in
order of preference.
Step 7 End Returns to privileged
EXEC mode.
Example:
Device(dhcp-config)# end
19
IPv6 Deployment
DHCP syntax for IPv6
Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example:
Enter your password if prompted.
Router> enable
Step 2 configure terminal Enters global configuration mode.
Example:

Router# configure terminal
Step 3 ipv6 dhcp pool poolname Configures a DHCPv6 configuration

Example: information pool and enters DHCPv6
Router(config)# ipv6 dhcp pool dhcp- pool configuration mode.
pool
Step 4 dns-server ipv6-address Specifies the DNS IPv6 servers
Example: available to a DHCPv6 client.
Router(config-dhcp) dns-server
2001:DB8:3000:3000::42
Step 5 domain-name domain Configures a domain name for a

Example: DHCPv6 client.
Router(config-dhcp)# domain-name

domain1.com
Step 6 exit Exits DHCPv6 pool configuration
Example: mode, and returns the router to global
Router(config-dhcp)# exit configuration mode.
Step 7 interface type number Specifies an interface type and number,

Example: and places the router in interface
Router(config)# interface serial 3 configuration mode.
Step 8 ipv6 dhcp server poolname [rapid- Enables DHCPv6 on an interface.

commit] [preference value] [allow-

hint]
20
IPv6 Deployment
Example:
Router(config-if)# ipv6 dhcp server
dhcp-pool
Step 9 ipv6 nd other-config-flag Sets the "other stateful configuration"
Example: flag in IPv6 RAs.
Router(config-if)# ipv6 nd other-

config-flag

Step 10 end Returns to privileged EXEC mode.
Example:

Router(config-if)# end
DHCP implementation in our Project:
IPV4:
ip dhcp excluded-address 192.168.70.254

ip dhcp excluded-address 192.168.72.1 192.168.72.5
ip dhcp pool vlan10
network 192.168.70.0 255.255.255.0
default-router 192.168.70.254
dns-server 131.172.2.2
ip dhcp pool vlan20
network 192.168.71.0 255.255.255.0
ip dhcp pool vlan30
network 192.168.72.0 255.255.255.0
21
IPv6 Deployment
ip dhcp pool vlan40

network 192.168.73.0 255.255.255.0
IPV6:
ipv6 dhcp pool vlan10
dns-server 2400:13C0:177:FFE8::FFFE
dns-server 2400:13C0:177:FFE9::FFFE
dns-server 2400:13C0:177:FFEA::FFFE
address prefix 2400:13C0:177:FFEB::/66
dns-server 2400:13C0:177:FFEB:3FFF::FFFE
22
IPv6 Deployment
3.6 Open Short Path First (OSPF):

OSPF is an IGP Protocol (interior gateway protocol) which is used to route packets in
between a single AS (autonomous system). It uses a link-state information to make routing
decisions. It makes route calculations using SPF (shortest path first) algorithm. This
algorithm is also referred as Dijkstra algorithm. Link state advertisements are flood by OSPF
running routers throughout the Autonomous systems or the area that has the information
about attached interfaces of routers and includes metrics related to routing.
The information present in the link state advertisements are used by the routers to calculate
the cost path which is less and create a routing table for the protocol.
The OSPF protocol was designed for TCP/IP environment and as a result, it exteriorly
supports IPO subnetting and tagging of routing information that is derived. Authentication of
routing updates is also provided by OSPF protocol. OSPF routes IP packets depending upon
the destination IP address which is present in the packet header.
The best advantage of OSPF is it quickly detects the topology changes. These changes
include the sudden unavailability of router etc.
OSPF Autonomous system can be divide d into multiple areas or it can also consist of a
single area. Each OSPF area is named using a 32-bit identifier which in most cases is written
in the same dotted-decimal notation as an IP4 address. For example, Area 0 is usually written
as 0.0.0.0.
In single area topology. Each router maintains database which contains the information of
respective AS. Link state information is flooded through AS. Where as in multi area OSPF
topology, data base is maintained by each router, but it contains the information of that area.
Link state information is also flooded through that area. Each area has identical topology
databases. With the changes in topology, OSPF ensures that the data is converged quickly in
all the databases.
All OSPF version 2 protocol exchanges can be authenticated. OSPF version 3 mainly relies
on IPsec to provide this functionality. Which means the routers that can be trusted are the
only routers that participate in AS’s routing. Single authentication is implemented in each
area. This enables some areas to use strict authentication than others.
23
IPv6 Deployment
Default route preference values:
Routing protocol assigns a default preference value to each route. This value depends on the
source route. Th preference value ranges from 0 to 4,294,967,295 (232 – 1). Lower value
indicates preferable route.
Route id:
By the OSPF Router ID, any router is known to OSPF process
To distinguish one OSPF router to another LSDBs use the OSPF router ID.
On an active interface, router ID is the highest IP address at the moment OSPF

process start-up by default.
OSPF Working algorithm:
As we learned from that OSPF used SPF algorithm, when the device starts, it initializes
OSPF and waits for indication that router is function from lower level protocols. The routing
devices to acquire neighbours, uses hello protocol. It sends its hello packets and receives the
same from neighbours. OSPF hello protocol elects a designated router for the network. This
device now will be responsible to advertise link state advertisements. This reduces the
network traffic and reduces the size of database.
Now, the routing device forms the adjacencies with its newly acquired neighbours.
Distribution of routing protocol packets is determined by the adjacencies. Through these
adjacencies the routing packets are been sent. When these adjacencies are establishes, then
the routers start synchronizing their topological databases.
The device now sends the LSA packets to advertise respective state periodically, when n it
starts changing. Routing device adjacency information is present in LSA packets so that it
allows the detection of routing devices which are non-operatable currently.
By using the reliable algorithm, the routing device floods the information throughout the area
and ensures that all routing devices database contains the same information and updated.
With the information present in the database, each routing device calculates the shortest path
tree with itself as the root. The routing devices use these paths to route the traffic.
24
IPv6 Deployment
OSPF version3:
OSPF version3 is a modified version of OSPF version 2 that supports IP version 6(IPV6)
addressing. OSPF version3 has the following differences with version2.
- Rather per subnet, OSPFv3 runs based on links.

- All the neighbour id information is based on 32-bit router ID.
- Network and router link state advertisements do not carry prefix information.
- For all neighbour exchanges link local addresses are used except for the virtual links.
- IPV6 authentication header relies on the IP layer.
- Hello messages do not carry address.
Advantages of OSPF:
- OSPF is a loop free routing protocol.

- OSPF supports VLSM (variable length subnet mask).
- Convergence is very fast. Change sin route can b e transmitted and converged
quickly.
- With the concept of area division, it also makes routing information to not to expand
rapidly with increase in network scale.
25
IPv6 Deployment
- OSPF minimizes the overhead.

- Through strict division if level of routing, it provides more reliable routing.
- OSPF supports interface-based plaintext ad MD5 authentication.
Disadvantages of OSPF:
- CPU utilization is high as the calculations using SPF are more.

- With the increase in topology and increase in routers the database becomes large and
uses large amount of memory which effects the integrity.
OSPF Justification:
Open Shortest Path First protocol is implemented as a routing protocol to dynamically route
the network addresses in between the connected routers.
Distribution router has ospfv2 implemented for ipv4 networks while ospfv3 is implemented
for ipv6 networks. The distribution router then advertises its directly connected networks
192.168.70.0/24, 192.168.71.0/24, 192.168.72.0/24, 192.168.73.0/24, 192.168.75.0/30,
192.168.75.4/30. This information is obtained by Core router as it is directly connected to
distribution router.
Secondly, the core router then advertises its directly connected networks 192.168.75.0/30,
192.168.75.0/30 to distribution router and internet router.
Lastly, the internet router advertises its directly connected networks 192.168.75.4/30, to core
router and LTU switch.
RIP, OSPF and EIGRP are the three most common dynamic routing protocols.
Among all three protocols when initializing, recovering and failing, EIGRP is the fastest
routing protocol as per convergence. Compare to EIGRP, OSPF is slow as it needs to let all
other routers know each other during initialization.
RIP performance is near to EIGRP performance but when it comes to Large networks,
Convergence speed of RIP is slow.
As per the traffic sent in bytes/sec, EIGRP an OSPF benefit from the bandwidth whereas RIP
wastes bandwidth by sending the complete information to flood the network.
26
IPv6 Deployment
Comparison with EIGRP:
Though EIGRP has fast convergence than OSPF, it is more versatile, and adaptable. But
EIGRP I specific to cisco devices, it is a cisco proprietary. We choose OSPF as it is open
standard and supports multiple vendors. Also, OSPF uses areas which segments the network
more logically.
OSPF Configuration:
Below table shows the steps that are involved to configure a basic OSPF network:
1 Enter global configuration mode. router#configure terminal
2 Create an OSPF routing process and enter router(config)#router ospf process-id

router configuration mode.
3 Router ID router(config)#router-id id-of-the-router
4 Configure the interfaces that OSPF will router(config-router)#network network

be enabled on. wildcard-mask area area-id
IPV6:
Verification of OSPF implementation commands:
# show ip ospf neighbor
# show ip ospf database
27
IPv6 Deployment
# show ip ospf
OSPF configuration at distribution Router:
IPV4:
router ospf 1
router-id 1.1.1.1
network 192.168.70.0 0.0.0.255 area 0
network 192.168.71.0 0.0.0.255 area 0
network 192.168.72.0 0.0.0.255 area 0
network 192.168.73.0 0.0.0.255 area 0
network 192.168.75.0 0.0.0.3 area 0
IPV6:
IPV6 router ospf 1

router-id 1.1.1.1
ipv6 unicast
interface GigabitEthernet0/1
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
OSPF configuration at Internet Router:
IPV6
Ipv6 router ospf1
router-id 3.3.3.3
ipv6 unicast
28
IPv6 Deployment
ipv6 ospf 1 area 0

ipv6 ospf 1 area 0
interface Vlan50
ipv6 ospf 1 area 0
IPV4:
router ospf 1
router-id 3.3.3.3
network 131.172.254.24 0.0.0.3 area 0
network 192.168.74.0 0.0.0.255 area 0
network 192.168.75.4 0.0.0.3 area 0
OSPF configuration at Core Router:

IPv4:
router ospf 1
router-id 2.2.2.2
network 192.168.75.0 0.0.0.3 area 0
network 192.168.75.4 0.0.0.3 area 0
IPV6:
IPV6 router ospf 1
router-id 2.2.2.2
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
29
IPv6 Deployment
3.7 Network Address Translation (NAT):
Network Address Translation – NAT is a method which allows the

modification(translation) of IP addresses. This translation takes place while packets are
traversing the network. NAT enables private IP internetworks that use non-registered IP
addresses to connect to the internet.
NAT Overload, which is also known as port address translation (PAT) is essentially NAT
with the added extra feature of TCP and UDP ports translation.
The main purpose of NAT is to hide the IP address (usually Private IP address) of the end
host in order to reserve the public address space. For instance, a complete network with 50
hosts have 50 private addresses and can be made visible to outside world which is Internet as
a single IP address.
Advantages of NAT:
- Advantages of NAT includes economical usage of the IP address ranges at hand.

- NAT provides an additional layer of security by hiding the original source and
destination address.
- It increases the flexibility while connecting to public internet.
- NAT allows us to use our own private address preventing the internal address changes
even if we change the service provider.
Below steps explain basic NAT overload configuration. NAT is the most common operation
used in today’s business around the world. As NAT enables the whole network making it
access the Internet using single IP address.
Configuring NAT overload:
Overloading: This means a single IP address (public IP address) assigned to our router can be
used by many internal hosts concurrently. This is done by translating TCP/UDP ports in the
packets. These packets are kept in track within the translation table in the Router. This would
be the general NAT implementation in today’s networks.
Initially, in NAT configuration is to define the interfaces inside (step 6-8).
In next step outside interfaces are defined. (step10-12)
30
IPv6 Deployment
We also need to create and access list (ACL) which includes our private hosts or networks.
This defined ACL is later applied to the service command of NAT, which further controls the
hosts that will be able to access the Internet. (step4 in syntax). NAT overload is enabled and
bind it to outside interface which is created using NAT implementation (step 5)
NAT Implementation in our project:
ip nat inside source list internet interface GigabitEthernet0/1 overload

ip nat inside source static 192.168.74.1 131.172.254.26
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip access-list standard internet
permit 192.168.0.0 0.0.255.255
ip address 131.172.254.26 255.255.255.252
ip nat outside
ip address 192.168.75.6 255.255.255.252
ip access-group deny_all out
ip nat inside
31
IPv6 Deployment
Verification of NAT is done by using the below commands:
# show ip nat translations
# show ip nat statistics
Disadvantages of NAT:
- NAT consumes memory and processor resource, this is because NAT need to
translate all incoming and outgoing datagrams and store the details in memory.
- NAT causes delay in IPv4 communication.
- Loss of end to end traceability.
32
IPv6 Deployment
3.8 Demilitarized Zone (DMZ):

Demilitarized Zone is a perimeter network consisting of information and services that need to
be accessed by external users. It is generally placed between Internet (Untrusted network) and
Internal Network (Trusted network). By creating DMZ, we are adding additional security by
restricting all the external traffic entering into internal network.
All the services providing servers/systems such as company website, support services are
needed to be accessed by external users if they are placed inside the trusted network will
make the whole network vulnerable to attack. So, placing them in a separate network between
firewalls will be easy to protect the trusted network without being attacked.
Justification:
In our network we have placed our web server in the demilitarized zone by connecting it to
the Interface Gi0/0/0 of the Internet Router. 192.168.74.0/24, 2400:13c0:177:ffeb:4000:: are
IPv4 and IPv6 addresses dedicated to DMZ network.
We are using Apache 2.4 http server for creating and managing our web server which
consists of the basic information.
33
IPv6 Deployment
3.9 Access-control lists (ACLs):
Access Control Lists are list of arguments which are used to control the flow of traffic
in and out of the network interface. They are named by number or word. They can be
configured in routers and switches for meeting basic security requirements. There are two
types of ACLs standard acls and extended acls.
3.9.1 Standard Access-control lists:
Standard Acls are numbered between 1 and 99. They check for the source address and will be
filtering the packets. Standard acls will permit or deny protocols.
3.9.2 Extended Access-control lists:
Extended Acls are numbered between 100 to 199 and can be named with words. Unlike
standard acls extended acls check for source and destination address while filtering the
packets. They permit or deny specific protocols i.e TCP, UDP with source and destination
ports and ICMP, IP by name or protocol numbers. Comparing to standard acls, extended acls
have more features. In our network topology we need to restrict traffic from entering internal
network connected to interface gi0/0, while internal traffic needs to access internet and dmz
information. By implementing extended acls we cannot restrict external traffic and allow
internal user to use internet simultaneously. We are going for advanced security protocols.
Acl Implementation:
ipv6 access-list inbound

permit icmp any any
deny tcp any any eq telnet
permit ipv6 any any
ipv6 access-list outbound
sequence 70 permit udp any host 2400:13C0:177:FFEB:4000::FFFE eq domain
sequence 90 permit tcp any host 2400:13C0:177:FFEB:4000::1
deny icmp host 2400:13C0:177:FFEB:4000::1 any echo-request
permit ipv6 any any
interface Vlan50
ipv6 traffic-filter outbound in
ipv6 traffic-filter inbound in
34
IPv6 Deployment
3.10 Context-Based Access Control (CBAC):

As per our requirement we need to use cbac along with acls. In cbac we can inspect the
packets which are travelling from firewall and allow them back into the network. Like acls
we can inspect in-bound and out-bound traffic of specific interface. CBAC supports TCP,
TFTP, UDP, HTTP, FTP and more protocols.
Lets assume 2 networks 131.172.254.24/30 on Interface G0/1 and 192.168.75.0/30 on

Interface G0/0 in above image.
We need to restrict the traffic which flow outbound from G0/0. For which we will use
extended acl to deny all traffic and implement it on Gi0/0 towards out. And the traffic
condition will be as below.
Now we need to inspect the required packet that flow from Interface G0/0 inorder to allow
them back into the internal network.
35
IPv6 Deployment
By enabling CBAC, the router will inspect the packets from trusted host and deny all
extended acl is modified automatically by allowing reply packets to trusted network.
CBAC Justification:
As per requirement in our topology we are restricting the outbound traffic from entering
internal network and internal network should access information in DMZ and also access
internet.
So we will be implementing CBAC as above in Interface G0/0 and inspect http, https, dns,
udp packets which flow inbound to interface.
CBAC Configuration:
ip inspect name png http

ip inspect name png https
ip inspect name png icmp
ip inspect name png dns
ip access-group deny_all out
ip inspect png in
ip access-list extended deny_all
deny ip any any
36
IPv6 Deployment
4. Costing
The costing mentioned here is confined to the lab environment for one POD as per
given instructions. Through this estimate, cost of labor, software and hardware can be quoted
for entire La Trobe university network.
Here are the costs mentioned below in AUD:
Wire costing (CAT-6)

Around 100meter wire is required to attach in between LTU Switch and the installation point.
The average cost for RJ45 CAT6 for 1 meter is $2.2. So, the total cost of wire here for
connecting between LTU Switch and installation point would be $220. Another 200meter
wire which is further cut into around 55 small ethernet cables are required for
interconnectivity between routers and switches. So, the overall cost for CAT6 wire would be
around $660.
Moreover, the associated cost for this project is roughly $3000 for the materials and
installation (mainly wiring).
Material
The cabling itself is one part of the network when installing an ethernet cable in Lab. For the
system to run properly there some other materials involved which are necessary and others
are optional.
We also need an Ethernet switch or central hub to plug electronics to capture the Ethernet.
These typically cost under $20 each and also to complete the installation, gang retrofit
box for each line is needed. These cost roughly $2 each.
Optional materials
• Patch panel: a switchboard that connects multiple devices, ($30 and up).

• Plastic grommets: if necessary, for retrofitting cables ($5 and up).
• Plugs: which may also be necessary for retrofitting or finishing cables ($2 and up).
• Short patch cables: if you are moving from one setup to another within the same lab
($0.80 and up).
37
IPv6 Deployment
Labor cost:
For wiring every lab takes approximately 3 hours, so the labor cost would be between
$1000 - $1500 to have a Cat 6 network professionally installed. Apart from this material costs
are an additional $1300 - $1500 depending on how many computers are in the room.
Timeline of the completion of installation of project is around 4 months. The price charged
by the professionals is around $50/hr. So, it would be around $48000 for labor. Professionals
will be a team of 3 members for installation of the project, working around 20 hours per week
for 16 weeks.
Hardware Cost:
S.no Item Description Qty/ Unit Price Amount
Length
1 Routers CISCO1941/K9 3 A$2997.68 A$8993.04
Cisco 1941
Router ISR G2
2 Switches WS-C2960G- 3 A$3653.30 A$10959.9
24TC-L
Catalyst 2960
24
3 Wire RJ45 CAT6 300m $2.2/meter $660
4 Connectors RJ45 12 A$2 A$24
connectors
Pack of 20
5 Rack 19" Server 1 A$358.02 A$358.02
Rack Cabinet,
20U
6 HTTP HP Pavilion i5 1 A$1500 A$1500
Server
(PC)
Total $22494.96
Total Cost of the project would be around $80,000.
38
IPv6 Deployment
5. Appendix
5.1 Switch1 configuration:
hostname S1 switchport trunk native vlan 30

! switchport mode trunk
boot-start-marker !
boot-end-marker interface GigabitEthernet1/0/5
! switchport access vlan 10
enable secret 5 switchport mode access
$1$HsF8$9mzU37G5j/7FlIV5Br5I30
!
!
interface GigabitEthernet1/0/6
no aaa new-model
switchport access vlan 10
switch 1 provision ws-c3560cx-12pd-s
switchport mode access
system mtu routing 1500
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
switchport trunk native vlan 30
!
switchport mode trunk
!
!
!
!
!
!
39
IPv6 Deployment
interface GigabitEthernet1/0/12 password cisco

! login
interface GigabitEthernet1/0/13 line vty 5 15
! password cisco
interface GigabitEthernet1/0/14 login
! !
interface GigabitEthernet1/0/15 !
! end
!
interface TenGigabitEthernet1/0/1
!
!
interface Vlan1
no ip address
!
interface Vlan30
ip address 192.168.72.1 255.255.255.0
ipv6 address 2400:13C0:177:FFEA::1/64
ipv6 enable
!
ip forward-protocol nd
ip http server
ip http secure-server
!
no vstack
!
line con 0
password cisco
login
line vty 0 4
5.2 Switch2 configuration:
40
IPv6 Deployment
hostname switch2 interface GigabitEthernet1/0/5

boot-start-marker switchport mode access
boot-end-marker !
! interface GigabitEthernet1/0/6
enable secret 5 switchport access vlan 10
$1$7H21$EYycFGaS1QVd6QNgPKYrE.
!
!
no aaa new-model
switch 1 provision ws-c3560cx-12pd-s
system mtu routing 1500
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
41
IPv6 Deployment
! end
!
!
!
interface Vlan1
no ip address
!
interface Vlan30
ip address 192.168.72.2 255.255.255.0
ipv6 enable
!
ip http server
ip http secure-server
!
no vstack
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
42
IPv6 Deployment
5.3 Access switch configuration: switchport mode trunk

!
hostname accessswitch
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
$1$BzH/$p7JejfQoUAQYW5oll3CJz/ switchport access vlan 10
! switchport mode access
no aaa new-model !
switch 1 provision ws-c3560cx-12pd-s interface GigabitEthernet1/0/6
system mtu routing 1500 switchport access vlan 10
! switchport mode access
spanning-tree mode rapid-pvst !
spanning-tree extend system-id interface GigabitEthernet1/0/7
vlan internal allocation policy ascending switchport mode access
! !
interface GigabitEthernet1/0/1 interface GigabitEthernet1/0/8
switchport trunk native vlan 30 switchport access vlan 20
switchport mode trunk switchport mode access
! !
switchport mode trunk switchport mode access
! !
43
IPv6 Deployment
switchport mode access ip forward-protocol nd

! ip http server
interface GigabitEthernet1/0/11 ip http secure-server
! !
interface GigabitEthernet1/0/12 no vstack
! !
interface GigabitEthernet1/0/13 line con 0
! password cisco
switchport access vlan 30 line vty 0 4
switchport trunk native vlan 30 password cisco
switchport mode trunk login
spanning-tree portfast edge trunk line vty 5 15
! password cisco
! !
! end
!
!
interface Vlan1
no ip address
!
interface Vlan30
ip address 192.168.72.3 255.255.255.0
ipv6 enable
!
44
IPv6 Deployment
5.4 Distribution router configuration !

ip dhcp pool vlan40
hostname distribution
network 192.168.73.0 255.255.255.0
!
boot-start-marker
boot-end-marker
!
!
ip cef
enable secret 5
$1$f8g/$4y0bTlE0zc82D4tstPUMW0 ipv6 unicast-routing
! ipv6 dhcp pool vlan10
no aaa new-model dns-server 2400:13C0:177:FFE8::FFFE
ethernet lmi ce !
memory-size iomem 5 ipv6 dhcp pool vlan20
! dns-server 2400:13C0:177:FFE9::FFFE
ip dhcp excluded-address 192.168.70.254 !
ip dhcp excluded-address 192.168.71.254 ipv6 dhcp pool vlan30
ip dhcp excluded-address 192.168.72.1 dns-server 2400:13C0:177:FFEA::FFFE
192.168.72.5
!
!
address prefix 2400:13C0:177:FFEB::/66
ip dhcp pool vlan10
dns-server
network 192.168.70.0 255.255.255.0 2400:13C0:177:FFEB:3FFF::FFFE
default-router 192.168.70.254 !
dns-server 131.172.2.2 ipv6 cef
! multilink bundle-name authenticated
ip dhcp pool vlan20 !
network 192.168.71.0 255.255.255.0 license udi pid CISCO1941/K9 sn
FGL171211FW
!
redundancy
!
!
ip dhcp pool vlan30
interface Embedded-Service-Engine0/0
network 192.168.72.0 255.255.255.0
no ip address
shutdown
45
IPv6 Deployment
! encapsulation dot1Q 30 native

interface GigabitEthernet0/0 ip address 192.168.72.254 255.255.255.0
no ip address ip nat inside
duplex auto ip virtual-reassembly in
speed auto ipv6 address
2400:13C0:177:FFEA::FFFE/64
!
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server vlan30
ip address 192.168.70.254 255.255.255.0
ipv6 ospf 1 area 0
ip nat inside
!
ip virtual-reassembly in
ipv6 address FE80::1 link-local
ipv6 address 2400:13C0:177:FFE8::1/64
ip address 192.168.73.254 255.255.255.0
ipv6 address
2400:13C0:177:FFE8::FFFE/64 ip nat inside
ipv6 enable ip virtual-reassembly in
ipv6 nd other-config-flag ipv6 address FE80::1 link-local
ipv6 dhcp server vlan10 ipv6 address 2400:13C0:177:FFEB::1/66
ipv6 ospf 1 area 0 ipv6 address
2400:13C0:177:FFEB:3FFF::FFFE/66
!
ipv6 enable
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ip address 192.168.71.254 255.255.255.0
ipv6 dhcp server vlan40
ip nat inside
ipv6 ospf 1 area 0
!
ipv6 address
2400:13C0:177:FFE9::FFFE/64 interface GigabitEthernet0/1
ipv6 enable ip address 192.168.75.1 255.255.255.252
ipv6 nd other-config-flag duplex auto
ipv6 dhcp server vlan20 speed auto
ipv6 ospf 1 area 0 ipv6 address
2400:13C0:177:FFEB:8000::2/126
!
ipv6 enable
46
IPv6 Deployment
ipv6 ospf 1 area 0 !

! router ospf 1
interface Serial0/1/0 router-id 1.1.1.1
no ip address network 192.168.70.0 0.0.0.255 area 0
shutdown network 192.168.71.0 0.0.0.255 area 0
clock rate 2000000 network 192.168.72.0 0.0.0.255 area 0
! network 192.168.73.0 0.0.0.255 area 0
interface Serial0/1/1 network 192.168.75.0 0.0.0.3 area 0
no ip address !
shutdown ip forward-protocol nd
! !
interface GigabitEthernet0/0/0 no ip http server
no ip address no ip http secure-server
! !
interface GigabitEthernet0/0/1 ip dns server
no ip address ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
! !
interface GigabitEthernet0/0/2 ipv6 route ::/0 GigabitEthernet0/1
no ip address !
! control-plane
no ip address line con 0
! password cisco
interface Vlan1 login
no ip address line aux 0
! line 2
router ospfv3 1 no activation-character
router-id 1.1.1.1 no exec
! transport preferred none
address-family ipv6 unicast transport output pad telnet rlogin lapb-ta
mop udptn v120 ssh
router-id 1.1.1.1
stopbits 1
exit-address-family
line vty 0 4
47
IPv6 Deployment
password cisco
login
transport input none
line vty 5 15
password cisco
login
!
scheduler allocate 20000 1000
!
end
48
IPv6 Deployment
5.5 Core Router configuration: ipv6 enable

ipv6 ospf 1 area 0
hostname corerouter
!
!
boot-start-marker
ip address 192.168.75.5 255.255.255.252
boot-end-marker
duplex auto
!
speed auto
enable secret 5
$1$3/7O$nUiIrNFVJaGgWy6TVSoO40 ipv6 address
2400:13C0:177:FFEB:8000::5/126
!
ipv6 enable
no aaa new-model
ipv6 ospf 1 area 0
ethernet lmi ce
!
memory-size iomem 5
interface Serial0/1/0
!
no ip address
ip cef
shutdown
ipv6 unicast-routing
!
ipv6 cef
multilink bundle-name authenticated
no ip address
!
shutdown
license udi pid CISCO1941/K9 sn
FGL171227WY clock rate 2000000
! !
redundancy interface GigabitEthernet0/0/0
! no ip address
interface Embedded-Service-Engine0/0 !
no ip address interface GigabitEthernet0/0/1
shutdown no ip address
! !
interface GigabitEthernet0/0 interface GigabitEthernet0/0/2
ip address 192.168.75.2 255.255.255.252 no ip address
duplex auto !
speed auto interface GigabitEthernet0/0/3
ipv6 address no ip address

2400:13C0:177:FFEB:8000::3/126 !
49
IPv6 Deployment
interface Vlan1 transport preferred none

no ip address transport output pad telnet rlogin lapb-ta
mop udptn v120 ssh
!
stopbits 1
router ospfv3 1
line vty 0 4
router-id 2.2.2.2
password cisco
!
login
address-family ipv6 unicast
router-id 2.2.2.2
line vty 5 15
exit-address-family
password cisco
!
login
router ospf 1
router-id 2.2.2.2
!
network 192.168.75.0 0.0.0.3 area 0
network 192.168.75.4 0.0.0.3 area 0
!
!
end
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
ipv6 route ::/0 GigabitEthernet0/1
!
control-plane
!
line con 0
password cisco
line aux 0
line 2
no activation-character
no exec
50
IPv6 Deployment
5.6 Internet Router configuration: ip access-group deny_all out

ip nat inside
hostname Internetrouter
ip inspect png in
!
boot-start-marker
duplex auto
boot-end-marker
speed auto
!
ipv6 address
no aaa new-model 2400:13C0:177:FFEB:8000::6/126
ethernet lmi ce ipv6 enable
memory-size iomem 5 ipv6 traffic-filter inbound in
! ipv6 ospf 1 area 0
ip inspect name png http !
ip inspect name png https interface GigabitEthernet0/1
ip inspect name png icmp ipaddress131.172.254.26 255.255.255.252
ip inspect name png dns ip nat outside
ip cef ip virtual-reassembly in
ipv6 unicast-routing duplex auto
ipv6 cef speed auto
! ipv6 address 2400:13C0:254:24::2/66
multilink bundle-name authenticated ipv6 enable
! ipv6 ospf 1 area 0
license udi pid CISCO1941/K9 sn !
FGL171227WG
license boot module c1900 technology-
package securityk9 no ip address
! shutdown
redundancy clock rate 2000000
! !
interface Embedded-Service-Engine0/0 interface Serial0/1/1
no ip address no ip address
shutdown shutdown
! !
interface GigabitEthernet0/0 interface GigabitEthernet0/0/0
ip address 192.168.75.6 255.255.255.252 switchport access vlan 50
51
IPv6 Deployment
no ip address network 131.172.254.24 0.0.0.3 area 0

! network 192.168.74.0 0.0.0.255 area 0
interface GigabitEthernet0/0/1 network 192.168.75.4 0.0.0.3 area 0
no ip address !
! ip forward-protocol nd
no ip address no ip http server
! no ip http secure-server
no ip address ip nat inside source list internet interface
GigabitEthernet0/1 overload
!
ip nat inside source static 192.168.74.1
interface Vlan1 131.172.254.26
no ip address ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
! !
interface Vlan50 ip access-list standard internet
ip address 192.168.74.254 255.255.255.0 permit 192.168.0.0 0.0.255.255
ip nat inside !
ip virtual-reassembly in ip access-list extended deny_all
ipv6 address deny ip any any
2400:13C0:177:FFEB:4000::FFFE/66
ip access-list extended dmz_png
ipv6 enable
permit tcp any host 131.172.2.2 eq www
ipv6 traffic-filter outbound in
!
ipv6 ospf 1 area 0
ipv6 route ::/0 2400:13C0:254:24::1
!
!
router ospfv3 1
ipv6 access-list inbound
router-id 3.3.3.3
permit icmp any any
!
deny tcp any any eq telnet
address-family ipv6 unicast
permit ipv6 any any
router-id 3.3.3.3
!
exit-address-family
ipv6 access-list outbound
!
sequence 70 permit udp any host
router ospf 1 2400:13C0:177:FFEB:4000::FFFE eq
router-id 3.3.3.3 domain
52
IPv6 Deployment
sequence 90 permit tcp any host

2400:13C0:177:FFEB:4000::1
deny icmp host
2400:13C0:177:FFEB:4000::1 any echo-
request
permit ipv6 any any
!
control-plane
!
line con 0
password cisco
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta
mop udptn v120 ssh
stopbits 1
line vty 0 4
login
!
!
end
53
IPv6 Deployment
5.7 Configuration results:

DHCP :
#show ip dhcp pool
54
IPv6 Deployment
Verification Results:
OSPF – Verification results
# show ip ospf database
# show ip ospf neighbour
Internetrouter :
DistributionRouter–OSPF
55
IPv6 Deployment
CoreRouter–OSPF
Trunk Interfaces in all Switches:
56
IPv6 Deployment
VLAN information in all switches:
57
IPv6 Deployment
Firewall Rules:
DHCP output:
58
IPv6 Deployment
host to host: student to staff:
59
IPv6 Deployment
Host to distribution Router:
60
IPv6 Deployment
61
IPv6 Deployment
Host to core router:
Host to DMZ- IPV4:
HOST to DMZ -IPV6:
62
IPv6 Deployment
63
IPv6 Deployment
Host to Internet router:
Host to DMZ:
64
IPv6 Deployment
Host to Latrobe:
DMZ to Host:
65
IPv6 Deployment
DMZ to Latrobe:
External Network to DMZ:
66
IPv6 Deployment
67

Final Report - IPV6

Uploaded by

Copyright:

Available Formats

Final Report - IPV6

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Report - IPV6

Uploaded by

Copyright:

Available Formats

IPV6 Deployment

CSE5ITP 28/10/2019 MICT

Submitted as per requirement of ITP Project

Masters in Information and communication technology

Latrobe University, Plenty

Hence, the implementation of IPV6 is introduced which supports 3.4 x 1038

IPV4 Addressing: IPV4ues hierarchical addressing scheme. It is a 32-bit address which

VLAN VLAN NAME

Ports Assignment Network in IPv4 Network in IPv6

Ports Assignment Network in IPv4 Network in IPv6

Ports Assignment Network in IPv4 Network in IPv6

3.2 Subnetting Scheme:

Network 192.168.72.0/24 is reserved which is a management VLAN. This makes switches to

Distribution router has an IP address of 192.168.70.254/24 on its sub- interface Gi0/0.10 as

DMZ and internet router have related to the network 192.168.74.0/24

Default gateway and DMZ are connected using network 192.168.74.254/24

3.2.2 IPv6 Subnetting Scheme:

Subnet Prefix Default

Distribution router has an IP address of 2400:13c0:177:ffe8::fffe /64 on its sub- interface

using network 2400:13c0:177:ffeb:4000::fffe/66. LTU switch and internet router is connected

3.3 Devices and roles:

Services performed on distribution router are:

Services performed on internet router are as follows:

Services performed on internet router are as follows:

PAT: To translate the Private IP addresses on to public IP addresses, PAT is implemented.

Switch1 and Switch2:

3.4 Router on Stick:

ADVANTAGES OF ROUTER ON A STICK:

DISADVANTAGES OF ROUTER ON A STICK:

Before assigning an IP address to a sub-interface, the sub-interface needs to be configured to

CONFIGURATION ON ROUTER ON A STICK:

3.5 Dynamic Host Configuration Protocol (DHCP):

Advantages of DHCP server:

Automation of IP addressing: Without DHCP, network administrators would need to

 One or more IPv6 prefixes (Link-local scope)

 Default device information (Default router to use and its lifetime)

To be thorough, the EUI-64 process will be outlined for H1 as follows:

DHCP syntax for IPv4

Step 1 enable Enables privileged EXEC

DHCP syntax for IPv6

Command or Action Purpose

Step 3 ipv6 dhcp pool poolname Configures a DHCPv6 configuration

Step 5 domain-name domain Configures a domain name for a

Step 7 interface type number Specifies an interface type and number,

Step 8 ipv6 dhcp server poolname [rapid- Enables DHCPv6 on an interface.

DHCP implementation in our Project:

ip dhcp excluded-address 192.168.70.254

ip dhcp pool vlan40

3.6 Open Short Path First (OSPF):

Default route preference values:

By the OSPF Router ID, any router is known to OSPF process

On an active interface, router ID is the highest IP address at the moment OSPF

OSPF Working algorithm:

- Rather per subnet, OSPFv3 runs based on links.

- OSPF is a loop free routing protocol.

- OSPF minimizes the overhead.

- CPU utilization is high as the calculations using SPF are more.

Comparison with EIGRP:

1 Enter global configuration mode. router#configure terminal

2 Create an OSPF routing process and enter router(config)#router ospf process-id