disabling client use of SLAAC
otroan at employees.org
Fri Mar 5 10:40:42 CET 2010
> We're trying out deployment scenarios and the first one was to try to mimic our current model with DHCPv4 but move that to DHCPv6.
> We have successfully gotten a 1841 using IOS 15.0(1)M to do DHCPv6 relaying to a wide-dhcp6-server running on a linux machine and in this combination handing out IPv6 addresses statefully.
> On the cisco router we have:
> interface FastEthernet0/1
> encapsulation dot1Q 11
> ipv6 address YY:XX::1/64
> ipv6 enable
> ipv6 nd autoconfig default-route
> ipv6 nd managed-config-flag
> ipv6 nd other-config-flag
> ipv6 nd ra interval 10
> ipv6 dhcp relay destination XX:YY::ZZ
> On a linux ubuntu 9.10 machine (2.6.31 kernel) the default when running wide-dhcpv6-client is that it will get stateful IPv6 address from the dhcp6s scope and successfully set /etc/resolv.conf with information received via DHCPv6. It will also successfully get the on-wire prefix from RAs, and everything is fine and dandy apart from that the client by default will still do SLAAC as well, and so it gets two IPv6 addresses, one with SLAAC and one from DHCP. Putting 0 into /proc/sys/net/ipv6/conf/eth0/autconf will stop SLAAC, so then it does what we want, but would like to avoid changing defaults in the OS. We haven't tested Win7.
> Looking at the RAs from the router, it has the "auto" flag set on the prefix info option, is this the flag that indicates if SLAAC is ok or not?
yes, you need to turn the A flag off for each prefix you are advertising.
> I have not been able to find any information on this and if indeed that flag tells clients if SLAAC should be done or not, then how do I disable that flag in the router?
> The M and O flags says "get info via DHCP", but it seems they don't mean "do NOT use SLAAC" if I read http://www.ietf.org/rfc/rfc2462.txt correctly?
that's correct. you can do both DHCPv6 address assignment and SLAAC at the same time.
> So bottom line, how to make clients not use SLAAC with a Cisco router?
ipv6 nd prefix YY:XX::/64 no-autoconfig
More information about the ipv6-ops