Configuring IPv6 on VLANS

Solved
jotech
Here to help

Configuring IPv6 on VLANS

We recently recieved a dedicated line with multiple IPv4 addresses and a IPv6 address to use for our systems.

 

I have configured our Meraki device with both IPv4 and v6, both say the uplink is active. Our internal network has always used IPv4 and I am interested in experimenting and learning more about using IPv6 if possible.

 

Our ISP gave use the following information:

IPV6 Network Address : 2345:0425:2CA1::

IPV6 Network Mask : /64

 

But I am not sure how to use this across multiple VLANS. I figure I need to add this as an IPv6 Prefix and I can then set each VLAN to 'Auto' in the config.

It would be my assumption if I have two VLANs that I want to use these IPv6 addresses, in theory I would be able to split them into two subnets with 2a00:2381:71f3::/65 and 2a00:2381:71f3:0:8000::/65 (calculated with https://subnettingpractice.com/ipv6-subnet-calculator.html)

But when adding a Prefix it says I need to use a "valid IPv6 CIDR with mask 1-64". If I add the prefix as 2a00:2381:71f3::/64 I can only assign this to one VLAN.

 

 

Am I completely misunderstanding how this works? I am new to IPv6 so that's very possible.

Or would I need multiple /64 addresses from my ISP to make this work?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

>IPV6 Network Mask : /64

 

That is pretty stink.  It is recommended ISPs allocate a minimum of /56 to "home users".  CPE then allocates a /64 per VLAN (in a home environment).

 

You don't mention where you are in the world, but this is the official guidance from APNIC for those ISPs in Asia Pacific (these guidelines are globally accepted though).

https://www.apnic.net/about-apnic/corporate-documents/documents/resource-guidelines/ipv6-guidelines/

Search for /56.

 

Often, allocations to small to medium businesses are a /48.

 

 

Go back to your ISP and ask them for a /56 and life will be simple.  They should be following best practice guidelines.  My best guess is your ISP lacks experience in how to deploy IPv6 to be doing crazy sh*t like this.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

I'm not sure but, when you try to split your /64 into two /65s, you’re going against the standard practice. This is why you’re seeing the error message about needing a “valid IPv6 CIDR with mask 1-64”. The system is expecting a /64 for each VLAN.

So, if you have multiple VLANs and you want to use IPv6, you would typically need multiple /64s. 

 

You can read more here:

 

Networking Concepts — IPv6 — IPv6 Subnetting | pfSense Documentation (netgate.com)

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

>IPV6 Network Mask : /64

 

That is pretty stink.  It is recommended ISPs allocate a minimum of /56 to "home users".  CPE then allocates a /64 per VLAN (in a home environment).

 

You don't mention where you are in the world, but this is the official guidance from APNIC for those ISPs in Asia Pacific (these guidelines are globally accepted though).

https://www.apnic.net/about-apnic/corporate-documents/documents/resource-guidelines/ipv6-guidelines/

Search for /56.

 

Often, allocations to small to medium businesses are a /48.

 

 

Go back to your ISP and ask them for a /56 and life will be simple.  They should be following best practice guidelines.  My best guess is your ISP lacks experience in how to deploy IPv6 to be doing crazy sh*t like this.

jotech
Here to help

That makes a lot of sense, and if they had allocated a /56 or other then I think I would have been able to figure it out and split it in multiple /64 subnets.

 

For the record, this is in the UK with a BTnet leased line for a business. So I assumed they should know their stuff. I'll go back through their documentation and follow up with them as it's possible I missed something.

 

 

EDIT: While I wait for them to get back to me, a thought occurs: is it possible there was a typo in the network mask they sent me? That it should be /48 instead of /64?

The address they sent me is the first three groups which matches up with the table in the link provided by alemabrahao above. Whereas the /64 has four groups.

 

I guess since the zeros have been ommitted it could still be a /64 mask but I found it interesting that they match up like that.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels