How to route IPv6 across ports in Cisco ISR

I have a Cisco ISR router with 4 ports. We own our IPv4 addresses and handle them via BGP, but my datacenter provider assigned us a IPv6 network. I've successfully added the IPv6 network to GigibitEthernet0/0/0 and an able to ping the upstream gateway. I'm trying to connect a computer directly to GigabitEthernet0/0/3 and assign it a IPv6 address in the range (2001:550:xx:xx::249.3/112), but that computer can't ping the gateway at all.

I'm looking for some advice on how best to setup that 2nd port so that the IPv6 traffic can be routed over to Gi0/0/0 and ultimately to the upstream gateway.

I suspect I just need to setup a route between gi0/0/3 and gi0/0/0 but I'm not sure how to do that

My configuration:

interface GigabitEthernet0/0/0
 ip address xx.xx.xx.114 255.255.255.248
 media-type sfp
 negotiation auto
 ipv6 address 2001:550:xx:xx::249:0/112 eui-64
!
interface GigabitEthernet0/0/1
 no ip address
 media-type sfp
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
!

sh int GigabitEthernet0/0/3
GigabitEthernet0/0/3 is up, line protocol is up 
  Hardware is ISR4431-X-4x1GE, address is 00xx.xxx.d423 (bia xxx.428a.d423)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported 
  Full Duplex, 1000Mbps, link type is auto, media type is RJ45
  output flow-control is on, input flow-control is on
  ARP type: ARPA, ARP Timeout 04:00:00

ping 2001:550:xx:xx::249:1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:550:xx:xx::249:1, timeout is 2 seconds:
!!!!!

Solution 1:

(1) you need 1x "/64-IPv6-Network" per Ethernet-LAN-Interface => as Ron stated => otherwise, the "IPv6-ARP" called Neighbor-Solicitation can't work

//forget about subnetting in ethernet-IPv6 //but remember /127 on ptp-links of course

config-if)# ipv6 address 2001:550:xx:xx::/64 eui-64

(2) enable IPv6-Routing globally

config)# ipv6 unicast-routing

(3) change the "link-local"-Address per Interface (optional, but best practice)

config-if)# ipv6 address FE80::<Router-ID> link-local

Router-ID could be "0001" or "0002" - the "eui-64"-keyword when configuring the routable-address copies the rightmost 64-bits of the link-local-address to generate the routeable-address

• you can configure the same link-local address on many interfaces, since it is link-local ;-) //thinking about complex link-local-addressing-schemes is just over-engineering

so

config-if)# ipv6 address FE80::0001 link-local
config-if)# ipv6 address 2001:db8:0000:0001::/64 eui-64

will get the router to use "2001:db8:0000:0001::0001/64" as routable address:

• the first command defines the "rightmost" 64Bit ("Host-ID") of the IPv6-Address
• the second command defines the "leftmost" 64Bit ("Network") of the IPv6 Address best practice to change the link-local-address per Interface to get "nice" addresses for the case the DNS is down...

(4) no "static routes" required since both IPv6-networks are locally connected

(5) IPv6-Router-Advertisement are active per default

Clients in both LANs can communicate immedeately.

//if ping doesn't work, check the (windows-)firewall