Discussion:
[c-nsp] IPv6 ns-interval & 12.2(33)SRE & ASA 8.2(2)
Timothy Arnold
2010-01-13 12:31:56 UTC
Permalink
Hi Guys,
I'm hoping there is someone out there who knows a bit more about IPv6 that I do :)

Enabled ipv6 between the Cisco 7600 running 12.2(33)SRE and a pair of Cisco ASA firewalls running 8.2(2) (in HA). I get the following from the 7600

%IPV6-3-CONFLICT: Router FE80::21A:E2FF:FE68:50AA on Vlan2008 has conflicting ND settings

"show ipv6 routers" show the only real difference is the retransmit time. On the 7600, it is 0ms (which I understand to be "unspecified" rather than 0) and on the ASA the default is 1000.

cr1-sdf2.uk#show ipv6 routers vlan2008
Router FE80::21A:E2FF:FE68:50AA on Vlan2008, last update 0 min, CONFLICT
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 msec, Retransmit time 1000 msec
Prefix 2A02:298:0:4::/112 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800

colofw1/act# show ipv6 routers
Router fe80::21b:dff:fee5:ae00 on outside, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
Reachable time 0 msec, Retransmit time 0 msec
Prefix 2a02:298:0:4::/112 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800

Adding the following configuration to the 7600 corrects the issue:

ipv6 nd ns-interval 1000

cr1-sdf2.uk(config-if)#do show ipv6 routers vlan2008
Router FE80::21A:E2FF:FE68:50AA on Vlan2008, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 msec, Retransmit time 1000 msec
Prefix 2A02:298:0:4::/112 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800

Both ends are now the same and no conflict occurs. Any ideas why it's complaining? I thought that the unspecified nature of ns-interval means that it would accept the 1000 milliseconds from the other end?

Thanks
Tim



Timothy Arnold
Senior Engineer, Operations (Network, Security & Facilities Group), UKSolutions

Telephone: 0845 004 1333, option 2
Email: ***@uksolutions.co.uk
Web: www.uksolutions.co.uk<http://www.uksolutions.co.uk/>
UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered in England Number 3036806
This email must be read in conjunction with the legal & service notices on http://www.uksolutions.co.uk/disclaimer.html
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
harbor235
2010-01-13 13:45:44 UTC
Permalink
Tim,

I got the following of from Cisco pertaining to your error message;


Explanation Another router on the link has sent router advertisements
with parameters that conflict with this router.

Recommended Action Verify that all IPv6 routers on the link have the same
parameters in the router advertisement for hop-limit, managed-config-flag,
other-config-flag, reachable-time and ns-interval. Also verify that
preferred and valid lifetimes for the same prefix advertised by several
routers are the same. Enter the *show ipv6 interface* command to list the
parameters per interface.
mike

On Wed, Jan 13, 2010 at 7:31 AM, Timothy Arnold <
Post by Timothy Arnold
Hi Guys,
I'm hoping there is someone out there who knows a bit more about IPv6 that I do :)
Enabled ipv6 between the Cisco 7600 running 12.2(33)SRE and a pair of Cisco
ASA firewalls running 8.2(2) (in HA). I get the following from the 7600
%IPV6-3-CONFLICT: Router FE80::21A:E2FF:FE68:50AA on Vlan2008 has conflicting ND settings
"show ipv6 routers" show the only real difference is the retransmit time.
On the 7600, it is 0ms (which I understand to be "unspecified" rather than
0) and on the ASA the default is 1000.
cr1-sdf2.uk#show <http://cr1-sdf2.uk/#show> ipv6 routers vlan2008
Router FE80::21A:E2FF:FE68:50AA on Vlan2008, last update 0 min, CONFLICT
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 msec, Retransmit time 1000 msec
Prefix 2A02:298:0:4::/112 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
colofw1/act# show ipv6 routers
Router fe80::21b:dff:fee5:ae00 on outside, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
Reachable time 0 msec, Retransmit time 0 msec
Prefix 2a02:298:0:4::/112 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
ipv6 nd ns-interval 1000
cr1-sdf2.uk(config-if)#do show ipv6 routers vlan2008
Router FE80::21A:E2FF:FE68:50AA on Vlan2008, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 msec, Retransmit time 1000 msec
Prefix 2A02:298:0:4::/112 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
Both ends are now the same and no conflict occurs. Any ideas why it's
complaining? I thought that the unspecified nature of ns-interval means that
it would accept the 1000 milliseconds from the other end?
Thanks
Tim
Timothy Arnold
Senior Engineer, Operations (Network, Security & Facilities Group), UKSolutions
Telephone: 0845 004 1333, option 2
Web: www.uksolutions.co.uk<http://www.uksolutions.co.uk/>
UKS Ltd, Birmingham Road, Studley, Warwickshire, B80 7BG Registered in
England Number 3036806
This email must be read in conjunction with the legal & service notices on
http://www.uksolutions.co.uk/disclaimer.html
_______________________________________________
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Loading...