Configuring IPv6 in Windows with NetShell

IPv6 on Board

Autoconfiguration, Yes, but…

Autoconfiguration is enabled by default. If an IPv6 router uses a router advertisement to return a prefix or other configuration information, they are processed by Windows. The Windows host then automatically creates IPv6 addresses for itself. By default, the host automatically generates two addresses:

  • Public address: Used to make the host accessible via a fixed address.
  • Temporary address: Created based on the RFC 4941 Privacy Extensions and used for outbound communication from the host.

In contrast to the public address, the temporary address has a randomly generated interface ID.

Although the public address is created again after reinitialization of the interface, it always has the same interface ID. The Windows system generates this "randomized identifier" once only during the initial installation of the operating system.

In contrast to the EUI-64 method, in which the MAC address is used as a basis to form an interface ID, this method randomizes the identifier and will not allow any conclusions about the MAC address.

In some scenarios, you might want to work around the randomized identifier and instead use EUI-64 for forming the interface ID. To disable the randomized identifier, enter:

netsh interface ipv6 set global randomizeidentifiers=disable

The randomized identifier can only be deactivated globally. The output of the command:

netsh interface ipv6 show global

now shows the randomize identifier as "disabled" (Figure 6).

Figure 6: You can disable the randomization of interface IDs.

You can also suppress the creation of a temporary address via Privacy Extensions. To do so, type the following command:

netsh interface ipv6 set privacy disabled

If you display the help for this command, you will notice that this is the short form of the command:

netsh interface ipv6 set privacy state=disabled

These two forms of the same command underscore the fact that NetShell often uses abbreviations. You also can adjust the validity period for temporary addresses, which is seven days by default. The validity period is expressed in days. Use:

netsh interface ipv6 set privacy maxvalidlifetime=1d

if you want to restrict the validity period to one day.

Gateways and Routing

The following command sets the default gateway to "2001:db8:affe ::4711":

netsh interface ipv6 add route ::/0 "LAN-Connection" \
  2001:db8:affe::4711

You can also look at the routing table outside of NetShell using the route print or netstat -nr commands. The output is divided up neatly into IPv4 and IPv6. Within NetShell, you can view the IPv6 routing table with:

netsh interface ipv6 show route

You can configure additional static routes in the same way as you create the default route. Just pass in the routing destination with an appropriate prefix. For example, using

netsh interface ipv6 add route 2001:db8::/48 11 \
  fe80::20f:23ff:fef5:68eb

routes the prefix 2001:db8::/48 via the interface with an index of 11 to the link local address fe80::20f:23ff:fef5:68eb on the router.

Managing DNS

One of the pillars of the Internet is name resolution with DNS, the Domain Name System. IPv6 addresses are harder to read than IPv4 addresses, so even greater importance is attached to name resolution. You can easily add DNS servers via the input box for an interface.

To add a DNS server in NetShell, you should enter the interface, the DNS server address, and, optionally, an index number to set the DNS server's priority. An example is as follows:

netsh interface ipv6 add dnsservers= "LAN-Connection" \
  fd00:abcd::ff index=2

NetShell automatically tries to find the DNS server and outputs an error message if it fails, but it still adds the server. Using:

netsh interface ipv6 show dnsservers

outputs the DNS server configuration.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Advanced Security in Windows Firewall

    Windows Firewall with Advanced Security was introduced in Vista/Windows Server 2008. Compared with the old Windows Firewall, it offers many new features and possibilities.

  • Setting up and managing IPv6 on Windows Server 2016
    Windows Server 2016 automatically prefers IPv6 addresses, if available, but the manual configuration steps differ from IPv4 and necessitate new tools. Here's how to approach IPv6 in your daily admin work.
  • Neglected IPv6 Features

    IPv6 is establishing itself in everyday IT life, and all modern operating systems from Windows, through Mac OS X, to Linux have it on board; but if you let IPv6 introduce itself into your environment, you could be in for some unpleasant surprises.

  • Network management with the IPRoute2 toolbox
    Traditional administration command-line tools such as ifconfig, route, and arp are almost as old as TCP/IP itself. We provide an overview of how the IPRoute2 toolkit now unifies the management of kernel network components.
  • IPRoute2: arp, route, and ifconfig in a Single Tool

    Traditional administration command-line tools such as ifconfig, route, and arp are almost as old as TCP/IP itself. We provide an overview of how the IPRoute2 toolkit now unifies the management of kernel network components.

comments powered by Disqus