1.0 Executive Summary

This document addresses a network connectivity issue where an IPv6-enabled end host (PC) fails to ping its default gateway, specifically a router’s subinterface configured in a Router-on-a-Stick (RoaS) topology. The root cause analysis reveals a combination of a fundamental Layer 2 misconfiguration and the frequent omission of a critical Layer 3 global command. The comprehensive solution involves ensuring the VLAN exists in the switch database, correctly configuring switchports for access and trunking, and activating IPv6 routing globally on the router. This guide provides the complete configuration and verification steps to establish robust IPv6 connectivity in this common network design.

2.0 Problem Analysis

The reported issue is constrained to a specific scenario within Cisco Packet Tracer 8.2.2, but the principles apply to all Cisco IOS and IOS-XE platforms.

• Topology: A PC is connected to a switch access port assigned to VLAN 10. The switch is connected via a trunk link to a router. The router is configured with a subinterface to act as the default gateway for VLAN 10.
• Configuration:
  • Router Subinterface (Gateway): Configured with the IPv6 address 2001:DB8:ACAD:10::1/64 and encapsulation dot1q 10.
  • PC (End Host): Statically assigned the IPv6 address 2001:DB8:ACAD:10::10/64 and its default gateway is correctly set to 2001:DB8:ACAD:10::1.
• Symptom: The PC can successfully ping its own IPv6 address, confirming its local TCP/IP stack is functional. However, ping requests from the PC to its default gateway (2001:DB8:ACAD:10::1) fail, indicating a breakdown in connectivity between the end host and the router.

The initial technical details provided pointed to a Layer 2 issue as the primary fault. Specifically, the VLAN to which the access port was assigned had not been created in the switch’s VLAN database. A switch cannot process or forward 802.1Q tagged frames for a VLAN that does not exist in its local database. This is a critical yet commonly overlooked configuration step.

3.0 Comprehensive Solution and Configuration Guide

To resolve this issue and establish a best-practice configuration, the following steps must be implemented across the network devices.

3.1 Step 1: Global Router Configuration (Layer 3 Foundation)

The fundamental prerequisite for a router to forward IPv6 packets is the global activation of IPv6 routing. Without this command, the router will operate in a host-like mode for IPv6 and will not route traffic between its interfaces or subinterfaces.

On the Router:

configure terminal
! Enable IPv6 packet forwarding globally
ipv6 unicast-routing
end

3.2 Step 2: Switch Configuration (Layer 2 Foundation)

Correct Layer 2 configuration is essential for transporting frames between the PC and the router.

On the Switch:

configure terminal

! 2.1: Create the VLAN in the switch database. This is the critical missing step.
vlan 10
 name IPv6_Clients
exit

! 2.2: Configure the access port connecting to the PC.
interface FastEthernet0/1  ! Or the relevant PC-facing interface
 description PC-Host-VLAN10
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast  ! Recommended for edge ports
exit

! 2.3: Configure the trunk port connecting to the router.
interface GigabitEthernet0/1 ! Or the relevant router-facing interface
 description Trunk-to-Router
 switchport mode trunk
! switchport trunk allowed vlan 10 (Optional but recommended best practice)
exit

end

3.3 Step 3: Router Subinterface Configuration (Layer 3 Gateway)

The router subinterface configuration must match the VLAN it is serving. The encapsulation dot1q command tags the subinterface for VLAN 10 traffic.

On the Router:

configure terminal

! Configure the physical interface. It must be in a 'no shutdown' state.
interface GigabitEthernet0/0 ! Or the relevant physical interface
 no shutdown
exit

! Configure the logical subinterface for VLAN 10.
interface GigabitEthernet0/0.10
 description Gateway for VLAN10
 encapsulation dot1q 10
 ipv6 address 2001:DB8:ACAD:10::1/64
exit

end

4.0 Verification and Troubleshooting

After applying the configuration, use the following commands to verify operational status.

1. Verify VLAN on Switch: Ensure VLAN 10 is active.

   show vlan brief
   

2. Verify Trunk on Switch: Confirm the router-facing port is trunking.

   show interfaces trunk
   

3. Verify Router IPv6 Interfaces: Check that the subinterface is “up, up” and has the correct IPv6 address.

   show ipv6 interface brief
   

4. Test Connectivity: From the PC’s command prompt, initiate the ping to the default gateway.

   ping 2001:DB8:ACAD:10::1
   

   A successful reply will confirm that end-to-end connectivity between the host and its gateway has been established.

5.0 Conclusion

The failure of an IPv6 host to ping its gateway in a RoaS environment is typically rooted in incomplete Layer 2 or Layer 3 configurations. The solution requires a systematic approach: enabling global IPv6 routing, creating the necessary VLAN in the switch database, correctly defining access and trunk ports, and properly configuring the router subinterface. By following these structured steps, engineers can ensure reliable network operation and prevent common connectivity failures.