Cisco IOS IPv6: Addressing, Routing Protocols, and Tunneling

IPv6 on Cisco IOS — The Address Space You’ve Been Putting Off

IPv6 has been “the future” since 1998. The future has been arriving slowly for 25 years; somewhere around 2015 it became reasonable to demand that any new infrastructure ship with IPv6 from day one. On Cisco IOS, that means understanding the address scopes, the “link-local first” rule, EUI-64 vs static configuration, the routing-protocol changes (OSPFv3, EIGRPv6, RIPng, MP-BGP), and the tunneling options for stretching IPv6 across IPv4-only paths.

This article is a working reference for IPv6 on Cisco IOS — addressing, interface configuration, the four routing protocols, and the dual-stack vs tunneling decision.

Address Format and Scopes

An IPv6 address is 128 bits, written as 8 hextets of 4 hex digits separated by colons. Two compression rules:

• Leading zeros in a hextet can be dropped: 2001:0db8:0000:0001:0000:0000:0000:0001 → 2001:db8:0:1:0:0:0:1
• One run of consecutive all-zero hextets can be replaced with :: (only one per address): → 2001:db8:0:1::1

Five scopes you need to memorize:

Critical to internalize: every IPv6 interface has a link-local address. It’s automatically generated when the interface comes up, derived from the MAC address (or randomly with privacy extensions). Routing protocols (OSPFv3, EIGRPv6) form neighbor relationships using link-local source addresses, not the global addresses you configure. This catches everyone the first time.

Enabling IPv6 on Cisco IOS

By default, IPv6 forwarding is OFF. The first thing you do, globally:

Router(config)# ipv6 unicast-routing

Without that command, the router accepts and processes IPv6 packets destined to itself but doesn’t forward IPv6 between interfaces. You will spend an hour debugging this on day one. Memorize the line.

Configuring Interface Addresses

Three ways to give an interface a global IPv6 address:

1. Manual

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ipv6 address 2001:db8:abcd:1::1/64

You typed the whole address. Easy to read in show running-config; easy to mistype.

2. EUI-64 — auto-derive interface ID from MAC

Router(config-if)# ipv6 address 2001:db8:abcd:1::/64 eui-64

The router takes the network prefix you provided (2001:db8:abcd:1::/64), then computes the lower 64 bits from the interface’s 48-bit MAC by inserting FFFE in the middle and flipping the U/L bit. Result: a unique address per interface, derived deterministically from the hardware. Saves typing; makes the running-config slightly less self-explanatory because you have to read the MAC to know the IID.

3. Stateless Address Autoconfiguration (SLAAC)

Router(config-if)# ipv6 address autoconfig

The router listens for Router Advertisements (RAs) from the local segment and configures itself based on what they say. Common on host operating systems; less common on routers, which usually have static prefixes assigned.

Link-local: always there, sometimes set explicitly

Every interface gets a link-local automatically once IPv6 is enabled on it (any of the above commands triggers this). To set it manually for clarity in routing protocols:

Router(config-if)# ipv6 address fe80::1 link-local

Hardcoding link-local addresses on routers makes show ipv6 ospf neighbor dramatically more readable — a stable fe80::1 beats the EUI-64-derived monstrosity any day.

Static Routing

Router(config)# ipv6 route 2001:db8:bcde::/48 2001:db8:abcd:1::2
Router(config)# ipv6 route ::/0 2001:db8:abcd:1::2

Identical to IPv4 except the keyword is ipv6 route and the addresses look different. The ::/0 form is the IPv6 default route.

Dynamic Routing — the IPv6 Variants

OSPFv3

OSPFv3 is RFC 5340, the IPv6 cousin of OSPFv2. Configuration is per-interface, not via network statements:

Router(config)# ipv6 router ospf 1
Router(config-rtr)# router-id 1.1.1.1

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ipv6 ospf 1 area 0

Note the router-id is still a 32-bit IPv4-style number — OSPFv3 inherits OSPFv2’s router-id format, even though it carries IPv6 prefixes. As with OSPFv2, set it manually; default selection is fragile.

OSPFv3 forms adjacencies on link-local addresses, advertises both IPv4 and IPv6 prefixes (in newer IOS), and uses multicast FF02::5 for hellos.

EIGRPv6 (EIGRP for IPv6)

Router(config)# ipv6 router eigrp 100
Router(config-rtr)# eigrp router-id 1.1.1.1
Router(config-rtr)# no shutdown

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ipv6 eigrp 100

Note the no shutdown in the routing-process config — EIGRPv6 starts shut down by default, unlike its IPv4 counterpart. Forget this and the protocol silently does nothing.

RIPng

Router(config)# ipv6 router rip RIPNG-PROC

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ipv6 rip RIPNG-PROC enable

RIPng is RIP for IPv6, distance-vector, hop-count metric. Like its v4 cousin, fine for tiny labs; not used in production.

MP-BGP for IPv6 (Multiprotocol BGP)

BGP didn’t fork; it added IPv6 support via address families:

Router(config)# router bgp 65001
Router(config-router)# neighbor 2001:db8::1 remote-as 65002

Router(config-router)# address-family ipv6 unicast
Router(config-router-af)# neighbor 2001:db8::1 activate
Router(config-router-af)# network 2001:db8:abcd::/48

The two-step pattern: define the neighbor in the global BGP context, then activate it for IPv6 in the address-family. Forgetting the activate command is the #1 IPv6 BGP mistake.

Tunneling IPv6 over IPv4

If your WAN is still IPv4-only but you need IPv6 connectivity between sites, tunnel it. Three common tunnel types on IOS:

Manual (configured) tunnel

Router(config)# interface Tunnel0
Router(config-if)# ipv6 address 2001:db8:ffff::1/64
Router(config-if)# tunnel source GigabitEthernet0/1
Router(config-if)# tunnel destination 198.51.100.2
Router(config-if)# tunnel mode ipv6ip

Symmetric configuration on both ends. Stable, predictable, but doesn’t scale beyond point-to-point.

GRE tunnel (IPv6 inside GRE inside IPv4)

Router(config-if)# tunnel mode gre ip

GRE carries any payload, including IPv6 + multicast + routing protocols. Use this when you want to run OSPFv3 across the tunnel.

6to4 (automatic, prefix derived from public IPv4)

Router(config)# interface Tunnel0
Router(config-if)# ipv6 address 2002:cb00:7105::1/16
Router(config-if)# tunnel source GigabitEthernet0/1
Router(config-if)# tunnel mode ipv6ip 6to4
Router(config)# ipv6 route 2002::/16 Tunnel0

The IPv6 prefix is derived from the public IPv4: 2002: + IPv4-as-hex. Convenient for ad-hoc connectivity; used to be common for home users without native IPv6. Largely obsolete now.

ISATAP — intra-site automatic

Router(config-if)# tunnel mode ipv6ip isatap
Router(config-if)# ipv6 address 2001:db8:ffff::/64 eui-64

ISATAP wraps IPv6 over IPv4 inside a single site — useful for migrating an enterprise without changing the underlying IPv4 network all at once. Niche but specifically tested in CCNP material.

Verification

If show ipv6 interface brief shows only a link-local on an interface where you configured a global address, check that ipv6 unicast-routing is enabled globally and that the address command was accepted (case-insensitive but format-strict).

What’s Different from IPv4 (Cheat Sheet)

• No NAT. The address space is large enough that NAT’s reason for existing is gone. End-to-end addressing returns.
• No ARP. Replaced by Neighbor Discovery Protocol (NDP), which uses ICMPv6 messages over multicast.
• No broadcast. Anything that was a broadcast in v4 (ARP, DHCP) is multicast in v6 (NDP, DHCPv6).
• Link-local automatic. Every IPv6-enabled interface has one, always. Routing protocols use them.
• Multiple addresses per interface. Normal. An interface typically has at least a link-local and a global; can have multiple globals (ULA + GUA).
• Header simpler, no fragmentation in transit. Routers don’t fragment; the source has to do Path MTU Discovery.

Common Pitfalls

• Forgetting ipv6 unicast-routing. The router accepts IPv6 packets to itself but won’t forward. Check this first when nothing routes.
• EIGRPv6 stays shut down. Unlike IPv4 EIGRP, the IPv6 process needs no shutdown in ipv6 router eigrp X.
• BGP IPv6 neighbor not activated. The neighbor exists globally but isn’t enabled for IPv6 unicast. Run activate in the IPv6 address-family.
• Routing protocols use link-local; you configured global. When OSPFv3 doesn’t form adjacencies, check link-locals on both ends — they may be auto-generated and not what you expect.
• Mixing OSPFv2 router-id with OSPFv3 process. OSPFv3 inherits the IPv4 router-id format, but it’s a separate process. Set it explicitly per process.
• MTU forgotten on tunnels. 6to4/manual/GRE all add overhead. Drop MTU on the tunnel interface or apps fail intermittently.

Conclusion

The IPv6 address space is mostly the headline; the protocol-level changes are where the day-to-day work is. Routing protocols re-cast (OSPFv3, EIGRPv6, MP-BGP), the “every interface has a link-local” rule, no NAT, no ARP, multiple addresses per interface as the norm.

The patterns to lock in:

1. ipv6 unicast-routing globally before anything else.
2. Set router-id manually on every IPv6 routing process.
3. Hardcode link-local addresses on infrastructure (fe80::1, fe80::2) for readability.
4. Run dual-stack on transitional networks — both v4 and v6 active — not tunnels, except where you genuinely have to bridge IPv4-only WAN.
5. Always activate BGP neighbors in the IPv6 address-family.

IPv6 is no longer experimental; it’s table stakes for new infrastructure. Cisco IOS’s IPv6 implementation is mature; the gotchas are well-known. The hardest part is rewiring the IPv4-shaped reflexes — once that’s done, everything else is a notation difference.