I am trying to add IPV6 to and existing network. The network has 2 MX64 in hot standby.
Q1: Is Hot standby supported in IPv6 ? (does not seem to be support for static shared address) (my current static route points to primary [see picture])
Because in hot standby I need to use 1 subnet of /64 on the outside between MX64 and the rest on the internal vlans (see picture)
I have setup static addressing on the WAN and this is working
I have setup static addressing on the LAN and this is working.
Q2 I do not understand how to get an IPV6 DNS server to the clients on LAN, ipv6 is working buy they are using IPV4 for DNS Where do you set the DNS server they get ??
I added xxxx:yyyy:zzzz:dd/48 to the IPv6 prefixes as I don't have any AUTO vlans (or should I be adding multiple /64 prefixes for every vlan ?? )
In the VLAN Assignments all the VLAN show with the correct Subnet prefix and the status is active
IPv6 works.
but I then found the next day the VLAN Assignments tables went to expiring soon and then empty and IPv6 was not working..
Q3 Am I doing it totally wrong ????
I configured the Cisco router instead to be a IPV6 dhcp server and setup Prefix pool
ipv6 local pool MERAKI_POOL xxxx:yyyyy:zzzz::/40 56
ipv6 dhcp pool MY_V6
prefix-delegation pool MERAKI_POOL
dns-server xxxx:yyyy:101::1
dns-server xxxx:yyyy:101::2
domain-name xxx.com.au
and then put all all meraki IPv6 settings on auto.
both mx64 got IP address xxxx:yyyy:zzzz:ddff::
and the IPv6 prefix got the address from auto
it then gave xxxx:yyyy:zzzz:dd01: /dd:02 / dd:03 to each vlan.
this worked. But VLan60 had the wrong IPv6 address and the static route required in router to point to pri MX would fail if the MX got a different address.
Either I cannot find it or the IPv6 configuration for meraki is hard to find.
I would love some insight from the IPv6 experts......
Q4) When testing IPv6 some of the testing sites say IPV6 relies on some ICMP IPv6 messages.
Is this best practice ??? should I be adding a firewall rule to outside to allow ICMPv6 traffic any to xxxx:yyyy:zzzz:dd:: ??
Check this:
I don't know the answer.
What I expect is that your hosts should be learning the IPv6 DNS server to use from the RA announcement from the MX.
When in "auto" mode this should be easy. The MX gets a prefix from the ISP (which includes the IPv6 DNS servers to use). Part of that larger prefix gets assigned to each VLAN, and those existing DNS servers can be re-used in the RA announcement.
What happens when you use manual mode in Meraki? I'm not sure. At a minimum, you would need IPv6 DNS servers configured on the WAN interface. Have you got those?
The next problem I see is when you specify manually configure the IPv6 prefixes for the VLANs - there is nowhere to specify the DNS servers. So either it has to guess which DNS servers to use from the available WAN ports, or I guess do nothing.
The other thing to check is to see if your hosts actually learned IPv6 DNS servers, and are simply preferring to use their IPv4 DNS server entries.
I logged this case with support and so far have no info to help me move forward
only answer so far is
HA is supported
if it is where do you put the virtual IP V6 address ???
Is there no Meraki IP V6 experts on forum ?? support are not helpful so far.
For the internal IP addresses, I'd assume that it behaves the same as in the IPv4 world: you don't need a virtual address.
Or are you referring to the external interfaces?
the issue is that I am splitting the ISP supplied address range between inside and outside for for a while then stops.
Yes I was referring to external address.
Just and update the latest Firmware 17.8 has fixed the issue of the IPV6 just stopping after a while when the IPV6 Prefixes would just disappear from the "IPv6 Prefixes" Tab for Manually Assigned IPv6 Addresses.
Also the allow incoming IPV6 ICMP firewall rule I had just started working.
I removed the Secondary MX and all seems much more stable and the dash board now displays the status correctly (all the fields line up correctly on the Uplink Tab with secondary removed) Think I will leave this disabled till the IPV6 external virtual ip address support is there.
Still have 1 unresolved issue and that is how do the clients behind the meraki on IPV6 get the DNS servers ? Is the Mx advertising any IPV6 servers. My switches have IPV6 address on AUTO but are not getting IPV6 DNS. is the ONLY way to get DNS to have STATIC IPv6 Address and STATIC IPv6 DNS servers ?? (latest firmware also fixed the bug that the IPV6 interface is on the correct VLAN and not VLAN 1. Yay !)
When testing IPv6 some of the testing sites say IPV6 relies on some ICMP IPv6 messages.
Any IPV6 Experts out there is this best practice ???
Should I be leaving a firewall rule to outside to allow ICMPv6 traffic any to xxxx:yyyy:zzzz:dd:: ??
I'm finding 17.8 better as well, but I also do not get any IPv6 DNS servers.