IPv6

From VyOS Wiki
Jump to: navigation, search

For IPv6 address setup see Network address setup#DHCPv6

For IPv6 DNS services see System Management#Configuring DNS

For DHCPv6 server configuration see DHCP server

For DHCPv6 relay configuration see DHCP relay


IPv6 specific system commands

Several IPv6 specific configuration commands are available:

  • Disable IPv6 globally
  • Disable IPv6 address assignment
  • Disable IPv6 packet forwarding
  • Disable IPv6 on an interface when DAD fails

Additional operational commands:

  • Reset a IPv6 address from the ND cache
  • Reset ND cache for specific interface
  • Display IPv6 ND cache

Disable IPv6 globally

Disable IPv6 functionality on the system:

# set system ipv6 blacklist

Reenable IPv6 functionality:

# delete system ipv6 blacklist

Show IPv6 functionality status:

# show system ipv6

Disable IPv6 address assignment

Disable IPv6 address assignment on all interfaces:

# set system ipv6 disable

Reenable IPv6 address assignment on all interfaces:

# delete system ipv6 disable

Show IPv6 disabling configuration:

# show system ipv6 disable

Disable IPv6 packet forwarding

Disable IPv6 forwarding on all interfaces: (Note: IPv6 forwarding can also be disabled on a per-interface basis by using the interfaces <interface> ipv6 disable-forwarding command)

# set system ipv6 disable-forwarding

Reenable IPv6 forwarding:

# delete system ipv6 disable-forwarding

Show the current IPv6 forwarding configuration:

# show system ipv6 disable-forwarding

Disable IPv6 on an interface when DAD fails

Disable IPv6 operation on an interface when Duplicate Addess Detection (DAD) fails for a link-local address. By default, after a DAD fails, the duplicate address is not assigned to the interface but IPv6 continues to operate. To change this default behaviour:

# set system ipv6 strict-dad

Leave IPv6 operational when DAD fails:

# delete system ipv6 strict-dad

Show DAD failure configuration:

# show system ipv6 strict-dad

Reset a IPv6 address from the ND cache

Removes/resets a specific IPv6 address from the IPv6 neighbour discovery (ND) cache:

$ reset ipv6 neighbors address <IPv6 address>

Reset ND cache for specific interface

Reset the IPv6 ND cache for a specific interface:

$ reset ipv6 neighbors interface <interface>

Display IPv6 ND cache

Show the system's IPv6 ND cache:

$ show ipv6 neigbors

Possible states are:

  • incomplete
- Address resolution is currently being performed on this entry, a neighbour solicitation message has been sent but no reply has been received yet.
  • reachable
- The neighbour is reachable and path is operational.
  • stale
- Timeout on reachability confirmation from the neighbour.
  • delay
- Timeout on reachability confirmation from the neighbour, TCP is allowed to confirm the neighbour.
  • probe
- A solicitation was sent and the system is waiting for a response.
  • failed
- Reachability state detection failed.
  • noarp
- Neighbour entry is valid, no validation attempts will be carried out. Can be removed from the cache after lifetime expiration.
  • permanent
- Neighbour entry is valid indefinitely and should remain in cache.
  • none
- No state defined.

IPv6 default route

$ set protocols static route6 ::/0 next-hop <gateway link-local address>