Hands-on exercises for Module 2: Windows Support for IPv6

These hands-on exercises are designed for Module 2: Windows Support for IPv6 of the Microsoft IPv6 course from the Microsoft Virtual Academy. They demonstrate the following:

• Creating and testing IPv6 connectivity on an IPv4-only test network
• Adding native IPv6 addressing and routing and testing IPv6 connectivity

Step 1: Build out the IPv6 test lab

The IPv6 test lab for the Microsoft IPv6 MVA course consists of five separate computers on two subnets:

• The Corpnet subnet contains the DC1, APP1, and RTR1 computers
• The Corpnet2 subnet contains the RTR1 and DNS2 computers

The CLIENT1 computer can connect to either subnet. The following figure shows the IPv6 test lab (click on it for a larger version).

  

This figure shows the computers and their connections to the subnets using a single server running Windows Server 2012 R2 or Windows 10 and Hyper-V. You can also implement this configuration using physical computers and switches or hubs.

The key elements of this configuration are the following:

• All five computers (DC1, APP1, CLIENT1, RTR1, and DNS2) are virtual machines running on the Hyper-V server.
• The Corpnet subnet is implemented as the Corpnet virtual switch. DC1, APP1, and RTR1 are connected to the Corpnet virtual switch.
• The Corpnet2 subnet is implemented as the Corpnet2 virtual switch. RTR1 and DNS2 are connected to the Corpnet2 virtual switch.

The Hyper-V server has at least one physical network adapter that connects to your organization intranet and the Internet. You can use this connection to connect a test lab computer to your organization network for Internet access, for example to install software or updates.

To build out the Corpnet subnet in Hyper-V on Windows Server 2012 R2 or Windows 10, do the following:

1. Install Hyper-V on your computer running Windows Server 2012 R2 or Windows 10.
2. Get the ISO file for the trial version of Windows Server 2012 R2 and store it in the C:\ISOs folder. For more information, see Try Windows Server 2012 R2.
3. Get the ISO file for the trial version of Windows 10 Enterprise Edition and store it in the C:\ISOs folder. For more information, see Try Windows 10 Enterprise Edition.
4. Open the PowerShell Integrated Script Environment (ISE) or an administrator-level Windows PowerShell command prompt.
5. For the $isoNameServer and $isoNameClient variables in the following command block, insert the names of your downloaded Windows Server 2012 R2 Standard Edition and Windows 10 Enterprise Edition ISO files, not including the .ISO extension and removing the "<" and ">" characters.
6. Run the following command block to create the VMs and start the operating system installation process for each. 

# Variables

$isoNameServer="<name of the Windows Server 2012 R2 ISO file>"

$isoNameClient="<name of the Windows 10 ISO file>"

 

$vhdPath="C:\ProgramData\Microsoft\Windows\Hyper-V\

$isoPathServer="C:\ISOs\ + $isoNameServer + ".iso"

$isoPathClient="C:\ISOs\ + $isoNameClient + ".iso"

 

# Create switches

New-VMSwitch -Name InternetAccess -NetAdapterName Ethernet

New-VmSwitch -Name Corpnet -SwitchType Private

New-VmSwitch -Name Corpnet2 -SwitchType Private

 

# Create DC1

$vmName="DC1"

$vsdxPath=$vhdPath + $vmName + ".VHDX"

New-VM –Name $vmName –MemoryStartupBytes 1GB -NewVHDSizeBytes 128GB –SwitchName InternetAccess –NewVHDPath $vsdxPath

Set-VMDvdDrive -VMName $vmName -Path $isoPathServer

Start-VM $vmName

 

# Create APP1

$vmName="APP1"

$vsdxPath=$vhdPath + $vmName + ".VHDX"

New-VM –Name $vmName –MemoryStartupBytes 1GB -NewVHDSizeBytes 128GB –SwitchName InternetAccess –NewVHDPath $vsdxPath

Set-VMDvdDrive -VMName $vmName -Path $isoPathServer

Start-VM $vmName

 

# Create RTR1

$vmName="RTR1"

$vsdxPath=$vhdPath + $vmName + ".VHDX"

New-VM –Name $vmName –MemoryStartupBytes 1GB -NewVHDSizeBytes 128GB –SwitchName InternetAccess –NewVHDPath $vsdxPath

Set-VMDvdDrive -VMName $vmName -Path $isoPathServer

Start-VM $vmName

 

# Create CLIENT1

$vmName="CLIENT1"

$vsdxPath=$vhdPath + $vmName + ".VHDX"

New-VM –Name $vmName –MemoryStartupBytes 1GB -NewVHDSizeBytes 128GB –SwitchName InternetAccess –NewVHDPath $vsdxPath

Set-VMDvdDrive -VMName $vmName -Path $isoPathClient

Start-VM $vmName

For each VM, complete the installation process for Windows Server 2012 R2 Standard Evaluation (Server with a GUI) or Windows 10. For the local administrator account for each VM, use a strong password.

When complete, log in to each VM using the local administrator account.

Next, use the Hyper-V Manager to change the network adapter of each virtual machine to use the Corpnet virtual switch.

On the machine running Hyper-V, run the following command at the Windows PowerShell command prompt:

Add-VMNetworkAdapter –VMName RTR1 –SwitchName Corpnet2

 

RTR1

Use the Hyper-V Manager to connect to RTR1 and log in using the local administrator account.

On RTR1, run the following at a Windows PowerShell command prompt:

Rename-NetAdapter -Name Ethernet -NewName Corpnet

Rename-NetAdapter -Name Ethernet2 -NewName Corpnet2

New-NetIPAddress -InterfaceAlias Corpnet -IPAddress 10.0.0.1 -AddressFamily IPv4 -PrefixLength 24

New-NetIPAddress -InterfaceAlias Corpnet2 -IPAddress 10.0.2.1 -AddressFamily IPv4 -PrefixLength 24

Set-NetIPInterface -InterfaceAlias Corpnet -AddressFamily IPv4 -Forwarding Enabled

Set-NetIPInterface -InterfaceAlias Corpnet2 -AddressFamily IPv4 -Forwarding Enabled

Set-DnsClient -InterfaceAlias Corpnet2 -ConnectionSpecificSuffix corp.contoso.com

Set-DnsClientServerAddress -InterfaceAlias Corpnet2 -ServerAddresses 10.0.0.2

Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)"

Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv6-In)"

Rename-Computer RTR1

Restart-Computer

After restarting, log in with the local administrator account credentials and run the following at the Windows PowerShell command prompt to install the Routing and Remote Access service:

Import-Module ServerManager

Install-WindowsFeature RemoteAccess -IncludeManagementTools

Add-WindowsFeature -name Routing -IncludeManagementTools

To configure the DHCP relay agent on RTR1 to service DHCP clients on Corpnet2, do the following:

1. Click Start, type Routing, and then click Routing and Remote Access.
2. In the Routing and Remote Access snap-in, right-click RTR1, and then click Configure and Enable Routing and Remote Access.
3. On the Welcome screen, click Next.
4. On the Configuration screen, click Custom configuration, and then click Next.
5. On the Custom Configuration screen, click LAN routing, and then click Next.
6. On the Completing screen, click Finish. When prompted, click Start service.
7. In the console tree, expand IPv4. Right-click General, and then click New Routing Protocol.
8. In New Routing Protocol, click DHCP Relay Agent, and then click OK.
9. In the console tree, right-click DHCP Relay Agent, click New Interface, click Corpnet2, and then click OK twice.
10. Right-click DHCP Relay Agent, and then click Properties.
11. On the General tab, type 10.0.0.2, click Add, and then click OK.

 

DC1

Use the Hyper-V Manager to connect to DC1 and log in using the local administrator account.

Run the following at a Windows PowerShell command prompt:

New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 10.0.0.2 -AddressFamily IPv4 -PrefixLength 24

New-NetRoute -DestinationPrefix 10.0.2.0/24 -InterfaceAlias Ethernet -AddressFamily IPv4 -NextHop 10.0.0.1

Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 127.0.0.1

Rename-Computer DC1

Restart-Computer

 

After restarting, log in with the local administrator credentials and run the following at a Windows PowerShell command prompt:

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Install-ADDSForest -DomainName corp.contoso.com

 

After restarting, log in with the CORP\Administrator credentials (same password as the local Administrator account) and run the following at an administrator-level Windows PowerShell command prompt, specifying a strong password for the User1 account:

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -assecurestring) -name "User1" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false

 

Next, run the following commands at the Windows PowerShell command prompt:

Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=corp,DC=contoso,DC=com" -MemberOf "CN=Enterprise Admins,CN=Users,DC=corp,DC=contoso,DC=com","CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com"

Install-WindowsFeature DHCP -IncludeManagementTools

Netsh DHCP Add SecurityGroups

Restart-Service DhcpServer

Add-DhcpServerInDC -DnsName dc1.corp.contoso.com

Add-DhcpServerv4Scope -Name "Corpnet" -StartRange 10.0.0.100 -EndRange 10.0.0.200 -SubnetMask 255.255.255.0

Set-DhcpServerv4OptionValue -DnsDomain corp.contoso.com -DnsServer 10.0.0.2

Set-DhcpServerv4OptionValue -ScopeId 10.0.0.0 -Router 10.0.0.1

Add-DhcpServerv4Scope -Name "Corpnet2" -StartRange 10.0.2.100 -EndRange 10.0.2.200 -SubnetMask 255.255.255.0

Set-DhcpServerv4OptionValue -ScopeId 10.0.2.0 -Router 10.0.2.1

Log out and then log in using the CORP\User1 account.

APP1

Use the Hyper-V Manager to connect to APP1 and log in using the local administrator account.

Run the following at a Windows PowerShell command prompt:

New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 10.0.0.3 -AddressFamily IPv4 -PrefixLength 24

Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 10.0.0.2

Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)"

Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv6-In)"

New-NetRoute -DestinationPrefix 10.0.2.0/24 -InterfaceAlias Ethernet -AddressFamily IPv4 -NextHop 10.0.0.1

Add-Computer -NewName APP1 -DomainName corp.contoso.com

Restart-Computer

When prompted for credentials, use the CORP\User1 account name and password.

CLIENT1

Use the Hyper-V Manager to connect to CLIENT1 and log in using the local administrator account (account name Customer with your password).

Run the following at an administrator-level Windows PowerShell command prompt:

Add-Computer -NewName CLIENT1 -DomainName corp.contoso.com

Restart-Computer

 

When prompted for credentials, use the CORP\User1 account name and password.

After restarting, log in to CLIENT1 with the CORP\User1 account .

Using the Hyper-V Manager, change CLIENT1's network adapter to use the Corpnet2 virtual switch. At the Windows PowerShell command prompt, run ipconfig /renew until you get an IPv4 address that starts with "10.0.2".

Run the following at the Windows PowerShell command prompt to ensure name resolution and IPv4 connectivity across the network:

ping rtr1

ping dc1

ping app1

 

Here is the resulting, IPv4-only environment.

Step 2: Test default IPv6 connectivity on an IPv4-only network

In this procedure, we demonstrate default IPv6 configuration on an IPv4-only network and link-local connectivity.

1. Using the Hyper-V Manager, change CLIENT1's network adapter to use the Corpnet virtual switch. At the Windows PowerShell command prompt, run ipconfig /renew until you get an IPv4 address that starts with "10.0.0".
2. On DC1, open the DNS manager snap-in.
3. In the console tree, open DNS >DC1 > Forward Lookup Zones, and then click corp.contoso.com. Notice that there are no IPv6 Host (AAAA) records corresponding to registered IPv6 addresses for DC1, CLIENT1, RTR1, or APP1 listed in the contents pane. Leave the DNS snap-in open.
4. On APP1, at the Windows PowerShell command prompt, run ipconfig. Notice the IPv6 address assigned to the Ethernet interface that starts with “fe80”. This is the automatically-assigned link-local address. Write the address here: _______________________
5. On CLIENT1, at the Windows PowerShell command prompt, run ipconfig. Notice the IPv6 address assigned to the Ethernet interface that starts with “fe80”. Write the address here: __________________________
6. At the Windows PowerShell command prompt, run ping APP1’s link-local address (from step 4). You should see four successful replies.

In this procedure, we demonstrate the scope of functionality for link-local addresses.

1. Using the Hyper-V Manager, change CLIENT1's network adapter to use the Corpnet2 virtual switch. At the Windows PowerShell command prompt, run ipconfig /renew until you get an IPv4 address that starts with "10.0.2".
2. At the Windows PowerShell command prompt, run ping APP1’s link-local address (from step 4 of the previous procedure). You should see four "Destination host unreachable" messages.
3. On APP1, at the Windows PowerShell command prompt, run ping CLIENT1’s link-local address (from step 5 of the previous procedure). You should see four "Destination host unreachable" messages.
4. On RTR1, at the Windows PowerShell command prompt, run ipconfig. Notice the link-local IPv6 address assigned to the Corpnet2 interface. Write the address here: __________________________
5. At the Windows PowerShell command prompt, run ping dc1.corp.contoso.com. You should see four successful replies. Notice that the name dc1.corp.contoso.com has been resolved to the IPv4 address 10.0.0.2.
6. On CLIENT1, at the Windows PowerShell command prompt, ping RTR1’s link-local address (from step 4). You should see four successful replies.

 

In their default configuration on the IPv4-only Contoso intranet, the computers running Windows 10 or Windows Server 2012 R2 automatically configure link-local IPv6 addresses that only provide connectivity to other IPv6 hosts on the same subnet. These link-local addresses are not registered in DNS.

 

Step 3: Add native IPv6 and test connectivity on an dual stack network

In this procedure, we configure RTR1 as an IPv6 router that advertises native IPv6 prefixes to the Corpnet and Corpnet2 subnets.

At an administrator-level Windows PowerShell prompt on RTR1, run the following:

Set-NetIPInterface -InterfaceAlias Corpnet -AddressFamily IPv6 -AdvertiseDefaultRoute Enabled –Forwarding Enabled -Advertising Enabled

Set-NetIPInterface -InterfaceAlias Corpnet2 -AddressFamily IPv6 -AdvertiseDefaultRoute Enabled –Forwarding Enabled -Advertising Enabled

New-NetRoute -DestinationPrefix 2001:db8::/64 -InterfaceAlias Corpnet -AddressFamily IPv6 -Publish Yes

New-NetRoute -DestinationPrefix  2001:db8:0:2::/64 -InterfaceAlias Corpnet2 -AddressFamily IPv6 -Publish Yes

New-NetRoute -DestinationPrefix ::/0 -InterfaceAlias Corpnet -AddressFamily IPv6 -Publish Yes

 

Here is the resulting dual stack test lab.

This procedure tests native IPv6 connectivity.

1. At the Windows PowerShell command prompt on RTR1, run ipconfig. Notice the new IPv6 address starting with “2001:db8::” assigned to the Corpnet interface and the address starting with “2001:db8:0:2” assigned to the Corpnet2 interface. Notice the link-local address of the Corpnet interface. Write the address here: _________________________
2. On APP1, at the Windows PowerShell command prompt, run ipconfig. Notice the new IPv6 addresses starting with “2001:db8::” and the default gateway of RTR1’s link-local address on the Corpnet subnet, as recorded in step 1.
3. Using the Hyper-V Manager, change CLIENT1's network adapter to use the Corpnet virtual switch. At the Windows PowerShell command prompt, run ipconfig /renew until you get an IPv4 address that starts with "10.0.0".
4. On CLIENT1, at the Windows PowerShell command prompt, run ipconfig. Notice the new IPv6 addresses starting with “2001:db8::” and the default gateway of RTR1’s link-local address, as recorded in step 1.
5. On DC1, refresh the details pane of the DNS snap-in and verify there are new AAAA records registered for CLIENT1, APP1, RTR1, and DC1.
6.  Using the Hyper-V Manager, change CLIENT1's network adapter to use the Corpnet2 virtual switch. At the Windows PowerShell command prompt, run ipconfig /renew until you get an IPv4 address that starts with "10.0.2".
7. On APP1, at the Windows PowerShell command prompt, run ipconfig /flushdns.
8. On APP1, run ping client1. You should see a successful name resolution to CLIENT1’s IPv6 address on the Corpnet2 subnet (starting with “2001:db8:0:2”) and four successful replies.
9. On CLIENT1, at the Windows PowerShell command prompt, run ipconfig /flushdns.
10. At the Windows PowerShell command prompt, run ping dc1.corp.contoso.com. You should see four successful replies. Notice that CLIENT1 is using DC1’s IPv6 address starting with “2001:db8::”, rather than the IPv4 address 10.0.0.2.

To continue your hands-on learning about IPv6, see Hands-on exercises for Module 4: Practical aspects of IPv6.