Lead Image © James Steidl, 123RF.com

Lead Image © James Steidl, 123RF.com

Configuring IPv6 in Windows with NetShell

IPv6 on Board

Article from ADMIN 25/2015
Windows provides a simple dialog box for configuring IPv6, but the available settings only scratch the surface. IPv6 comes with many features that are primarily managed using the command-line tool NetShell.

The Windows input template for the network interface is fine for a basic IPv6 configuration (Figure 1). You can define values such as the IPv6 address(es), prefix (typically "/64"), default gateway(s), and DNS server. However, IPv6 offers several other features that are not controllable via the standard configuration dialog. Also, the overview you get when you press Details is very rudimentary (Figure 2). If you want to delve deeper into your IPv6 configuration, the tool you'll need is NetShell.

Figure 1: The default input mask for IPv6 provides only the basic settings.
Figure 2: The connection details for IPv6 reveal only the bare minimum.

Working with NetShell

NetShell lets you customize and view almost all network-specific parameters for Windows and the TCP/IP stack. You can configure both IPv4 and IPv6 parameters. Although IPv4 often requires no further tuning, NetShell can be very useful for customizing IPv6 settings.

Launch NetShell by typing the netsh command at the command prompt. You can either type a complete command or use NetShell in interactive mode. If you have to enter multiple commands, interactive mode will save you some typing, and an interactive session also gives you access to NetShell's detailed help resources.

Be sure to launch the command prompt in administrative mode if you want to make changes to the configuration.

Entering netsh without any parameters starts interactive mode. The context for the IPv6 configuration is interface ipv6 ; you need to enter this in the terminal after launching the interactive shell. NetShell then displays the prompt netsh interface ipv6.

You only need to type the command until the syntax becomes unambiguous. For example, instead of interface ipv6, you can just type int ipv6. Additionally, you can always access the contextual help by typing a question mark. The help system is simple, intuitive, and very useful. Exit quits the interactive NetShell.

IPv6 and MAC Addresses

NetShell uses show commands to display all configuration and status details for IPv6 and its subcomponents. For example, you can query the contents of the neighbor cache, which corresponds to the ARP cache in IPv4. (ARP was replaced in IPv6 by Neighbor Discovery.) When an IPv6 address is resolved into a link-layer address (MAC address), a corresponding entry is produced in the neighbor cache. Display the contents of this cache using the command:

netsh interface ipv6 show neighbor

If you are already in the right context, simply type show neighbor, or the short form sh n (Figure 3).

Figure 3: A call to "show neighbor" displays the Neighbor Cache.

For each interface, the IPv6-address to link-layer-address mappings are listed separately. Tunnel and pseudo-interfaces are given their own sections. In addition to unicast addresses, various multicast addresses are also listed.

In the line with Neighbor Unreachability Detection (NUD), each unicast record has a status, known as a "type"; possible values include:

  • Reachable: The entry is valid; the MAC address can be used.
  • Incomplete: The entry is invalid; the current MAC address could not be determined.
  • Stale: The entry has exceeded a timeout value (the default is 30 seconds) and must be refreshed before its next use.

Static entries can map specific IPv6 addresses to the matching link layer addresses. To map an address, specify the interface, the IPv6 address, and the link-layer address, as follows:

netsh interface ipv6 set neighbors "LAN-Connection" \
  "fd00:1234::1" "ab-cd-ef-01-23-45"

If NetShell simply says "OK," or nothing at all, the command was accepted. An entry you define in this way appears in the Neighbor Cache as a "permanent" type.

Such configuration changes, however, basically only survive until the next reboot. If you want to save the changes permanently, add the configuration command using the store=persistent option. This option then applies to all configuration commands in NetShell.

Interfaces and Addresses

The ipconfig /all command provides a good general overview of the most important IP(v6) parameters, but it only scratches the surface. To obtain a comprehensive list of settings, you need NetShell. If you want an overview of your IPv6-enabled interfaces, use the command:

netsh interface ipv6 show interfaces

See Figure 4. This command also displays the index number and the correct name of the interface. If the index of the interface is Local Area Connection 11, the command described above for a static neighbor cache entry would read as follows:

Figure 4: NetShell showing the existing IPv6 interfaces.
netsh interface ipv6 set neighbors 11 "fd00:1234::1" \

A comprehensive overview of the interface addresses is provided by the following command:

netsh interface ipv6 show addresses

See Figure 5. In addition to displaying the address type, this command also shows the validity and status. This information is particularly relevant in the context of autoconfiguration and it goes far beyond ipconfig /all's ability to provide meaningful information.

Figure 5: The "show addresses" command tells NetShell to indicate the validity and status of IPv6 addresses.

Of course, you can again tweak various interface and address parameters. If you want to permanently add the IPv6 address 2001:db8:face::1 to your LAN connection interface with an index of 11, the command is as follows:

netsh interface ipv6 add address 11 2001:db8:face::1/64 store=persistent

If this address is an anycast address, add anycast to the command.

An existing address is removed in a similar way. If you want to delete the address, try the command:

netsh interface ipv6 delete address 11 2001: db8:face::1

Caution: Do not enter a prefix, or NetShell will simply output an error message telling you that it needs a valid IPv6 address.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Advanced Security in Windows Firewall

    Windows Firewall with Advanced Security was introduced in Vista/Windows Server 2008. Compared with the old Windows Firewall, it offers many new features and possibilities.

  • Neglected IPv6 Features

    IPv6 is establishing itself in everyday IT life, and all modern operating systems from Windows, through Mac OS X, to Linux have it on board; but if you let IPv6 introduce itself into your environment, you could be in for some unpleasant surprises.

  • Network management with the IPRoute2 toolbox
    Traditional administration command-line tools such as ifconfig, route, and arp are almost as old as TCP/IP itself. We provide an overview of how the IPRoute2 toolkit now unifies the management of kernel network components.
  • IPRoute2: arp, route, and ifconfig in a Single Tool

    Traditional administration command-line tools such as ifconfig, route, and arp are almost as old as TCP/IP itself. We provide an overview of how the IPRoute2 toolkit now unifies the management of kernel network components.

  • IPv6 tunnel technologies
    Now that IPv6 is the official Internet protocol, all that remains is the simple task of migrating all the machines on the Internet. Until that happens, tunnel technologies provide an interim solution.
comments powered by Disqus