This chapter covers IPv6 address autoconfiguration methods: Stateless Address Autoconfiguration (SLAAC) and DHCPv6. Understanding these mechanisms is critical for the N10-009 exam, as questions on IPv6 configuration and troubleshooting appear in roughly 10-15% of the exam. You will learn the differences between SLAAC and DHCPv6, how they operate at the packet level, and when to use each in enterprise networks.
Jump to a section
SLAAC is like a new resident in an apartment complex who wants a mailbox key. The resident (host) sends a broadcast request to the front desk (router) asking for the building's mailbox key pattern (prefix). The front desk responds with a template: "All keys in this building start with 'Building7-', and you choose your own apartment number." The resident then generates a unique key by combining 'Building7-' with a random apartment number they create (interface ID). They then test the key in the mailroom door to ensure no other resident has the same key (DAD). If the key works, they start using it. DHCPv6 is like a different complex where the front desk assigns a specific, pre-registered key from a pool. The resident asks for a key, the front desk checks its list, and hands them a unique key, also recording the resident's name and lease duration. In SLAAC, the resident manages their own address; in DHCPv6, the server manages it.
IPv6 was designed to simplify address assignment compared to IPv4. While IPv4 relies heavily on DHCP (and manual configuration), IPv6 offers multiple methods for hosts to obtain global unicast addresses. The two primary methods are Stateless Address Autoconfiguration (SLAAC) and DHCPv6. A third option, static configuration, is also available but not covered in depth here.
SLAAC allows a host to generate its own IPv6 address using a combination of a prefix advertised by a local router and a self-generated interface identifier. This process is defined in RFC 4862. SLAAC is "stateless" because the router does not maintain any state about which addresses have been assigned; it simply advertises the prefix and other parameters.
DHCPv6 (Dynamic Host Configuration Protocol for IPv6) is defined in RFC 3315. It operates similarly to DHCPv4: a client requests configuration parameters from a DHCPv6 server, which assigns addresses and other options (like DNS servers) and maintains a lease database.
How SLAAC Works
The SLAAC process involves several steps, primarily using ICMPv6 messages:
Router Solicitation (RS): When a host boots up or connects to a network, it sends an ICMPv6 Router Solicitation message to the all-routers multicast address (FF02::2). This is essentially a request: "Is there a router here? Please send me the prefix and other configuration information."
Router Advertisement (RA): Routers on the network respond with ICMPv6 Router Advertisement messages. RAs are sent periodically (default every 200 seconds) and also in response to RS messages. The RA contains:
Prefix information: The network prefix (e.g., 2001:db8:1::/64) and its length.
Flags: The M (Managed) flag and O (Other) flag indicate whether DHCPv6 should be used.
Other options: MTU, hop limit, DNS server (if the O flag is set).
Address Generation: The host uses the advertised prefix (typically /64) and appends a 64-bit interface identifier. The interface ID can be:
Generated from the MAC address using EUI-64 format (insert FFFE in the middle and flip the U/L bit).
Randomly generated for privacy (RFC 4941, Privacy Extensions).
Duplicate Address Detection (DAD): Before using the address, the host sends a Neighbor Solicitation (NS) message to the address itself. If no Neighbor Advertisement (NA) is received (i.e., no other host responds), the address is considered unique and is assigned to the interface. DAD is performed for all unicast addresses, including link-local.
Address Lifetime: The RA includes preferred and valid lifetimes. The preferred lifetime indicates how long the address can be used for new connections; the valid lifetime is the total time the address is valid. After the preferred lifetime expires, the address becomes deprecated, and new connections should use a new address. After the valid lifetime, the address is invalid.
How DHCPv6 Works
DHCPv6 can operate in three modes: Stateless DHCPv6, Stateful DHCPv6, and DHCPv6 Prefix Delegation.
Stateless DHCPv6: The host gets its address via SLAAC but obtains additional configuration (DNS, domain, etc.) from a DHCPv6 server. This is indicated by the RA having the M flag = 0 and O flag = 1.
Stateful DHCPv6: The host obtains both its address and other configuration from the DHCPv6 server. This is indicated by the M flag = 1. The server maintains a lease database.
DHCPv6 Prefix Delegation: Used by ISPs to delegate a prefix to a customer router, which then subnets it.
The DHCPv6 message exchange typically uses UDP on ports 546 (client) and 547 (server). The process:
Solicit: The client sends a Solicit message to the all-DHCP-servers multicast address (FF02::1:2) to find servers.
Advertise: Servers respond with Advertise messages containing configuration parameters.
Request: The client selects one server and sends a Request message.
Reply: The server sends a Reply with the assigned address and options, including lease duration.
Renewal: The client sends Renew messages to extend the lease before it expires.
Key Components, Values, and Defaults
Router Advertisement interval: Default 200 seconds, but can be configured (e.g., 30-1800 seconds).
Prefix length: SLAAC typically requires a /64 prefix because EUI-64 or random IDs use 64 bits.
DAD: The host sends up to 3 NS messages (default), with a 1-second delay between them. If no NA is received, the address is unique.
Preferred lifetime: Typically 7 days (604800 seconds) by default in many implementations.
Valid lifetime: Typically 30 days (2592000 seconds) by default.
DHCPv6 ports: Client 546, Server 547.
DHCPv6 multicast addresses: All-DHCP-servers FF02::1:2, All-DHCP-agents FF02::1:3.
RA flags: M (Managed) and O (Other) flags.
Configuration and Verification Commands
On Cisco IOS, you can configure SLAAC and DHCPv6:
Enable IPv6 routing:
ipv6 unicast-routing
interface GigabitEthernet0/0
ipv6 address 2001:db8:1::1/64
ipv6 enableConfigure RA with SLAAC only (M=0, O=0):
interface GigabitEthernet0/0
no ipv6 nd managed-config-flag
no ipv6 nd other-config-flagConfigure stateful DHCPv6 (M=1):
interface GigabitEthernet0/0
ipv6 nd managed-config-flag
ipv6 dhcp server DHCP_POOLConfigure stateless DHCPv6 (O=1):
interface GigabitEthernet0/0
ipv6 nd other-config-flag
ipv6 dhcp server DHCP_POOLCreate DHCPv6 pool:
ipv6 dhcp pool DHCP_POOL
dns-server 2001:db8::53
domain-name example.com
prefix-delegation pool PD_POOLVerification commands:
show ipv6 interface brief
show ipv6 routers
show ipv6 dhcp interface
show ipv6 dhcp bindingInteraction with Related Technologies
SLAAC and DHCPv6 interact with: - ICMPv6: RS, RA, NS, NA messages are all ICMPv6 types. - NDP (Neighbor Discovery Protocol): SLAAC uses NDP for DAD and neighbor discovery. - DNS: DHCPv6 can provide DNS server addresses; SLAAC alone does not, unless combined with stateless DHCPv6. - Privacy Extensions (RFC 4941): Hosts may generate temporary addresses that change over time. This is common in modern OSes (Windows 10/11, macOS, Linux). - Prefix Delegation: ISPs use DHCPv6-PD to delegate prefixes to CPE routers.
Common Configurations
In enterprise networks, the choice between SLAAC and DHCPv6 depends on: - Control: Stateful DHCPv6 gives the network admin control over address assignment and tracking. - Simplicity: SLAAC requires no server infrastructure. - Security: SLAAC addresses can be harder to track; DHCPv6 provides logs. - Mobility: SLAAC is often used for temporary devices.
Typical deployment: Use SLAAC with stateless DHCPv6 for DNS (O flag), or stateful DHCPv6 for full control.
Host sends Router Solicitation
When a host initializes its IPv6 stack (e.g., after boot or interface link-up), it sends an ICMPv6 Router Solicitation (RS) message to the all-routers multicast address FF02::2. The RS message requests that routers immediately send a Router Advertisement. The source address of the RS is typically the host's link-local address (FE80::/10). The host may send up to 3 RS messages (default) if no RA is received, with a 4-second interval between them (RFC 4861).
Router sends Router Advertisement
A router configured to advertise IPv6 prefixes responds with an ICMPv6 Router Advertisement (RA) message. The RA is sent to the all-nodes multicast address FF02::1. It contains the prefix(es) (with prefix length, typically /64), preferred and valid lifetimes, and flags (M and O). The router also includes other options like MTU (default 1500) and hop limit (default 64). RAs are sent periodically (every 200 seconds by default) and also in response to RS messages.
Host generates IPv6 address
The host examines the RA and extracts the prefix (e.g., 2001:db8:1::/64). It then generates a 64-bit interface identifier. If using EUI-64, it takes the MAC address (e.g., 00:1A:2B:3C:4D:5E), inserts FFFE in the middle (00:1A:2B:FF:FE:3C:4D:5E), and flips the U/L bit (the 7th bit of the first byte) to 1, resulting in 02:1A:2B:FF:FE:3C:4D:5E. The full address becomes 2001:db8:1::021A:2BFF:FE3C:4D5E. Modern OSes often use random interface IDs for privacy (RFC 4941).
Host performs Duplicate Address Detection
Before assigning the address, the host sends a Neighbor Solicitation (NS) message to the tentative address (the address itself) using the solicited-node multicast address (FF02::1:FFxx:xxxx). The NS message asks: "Who has this address?" If any host responds with a Neighbor Advertisement (NA), the address is duplicate, and the host must generate a new interface ID. If no NA is received after up to 3 retries (1 second apart), the address is considered unique and assigned to the interface.
Host uses address and monitors lifetime
Once DAD completes, the address is assigned and can be used for communication. The host maintains two timers: preferred lifetime and valid lifetime. When the preferred lifetime expires, the address becomes deprecated: existing connections can continue, but new connections should use a new address (generated via another SLAAC cycle). When the valid lifetime expires, the address is invalid and must not be used. The host may send RS messages again to refresh the RA and extend lifetimes.
Enterprise Scenario 1: Campus Network with Stateless DHCPv6
A university campus network deploys IPv6 using SLAAC with stateless DHCPv6. The network team configures routers to send RAs with the O flag set (other configuration) and M flag cleared. This allows hosts to generate their own addresses via SLAAC (using random interface IDs for privacy) but obtain DNS server addresses and domain search lists from a DHCPv6 server. The DHCPv6 server is configured with a pool that only provides options (no address assignment). This approach reduces server load (no lease tracking) and provides flexibility for mobile devices. Misconfiguration: If the O flag is not set, hosts will not request DHCPv6 options, and DNS resolution fails. The team uses show ipv6 dhcp interface to verify that hosts are requesting options.
Enterprise Scenario 2: Data Center with Stateful DHCPv6
A financial data center requires strict control over IPv6 address assignment for auditing and security. The network team uses stateful DHCPv6 (M flag set) to assign addresses from a managed pool. Each server gets a fixed reservation (DHCPv6 address binding) based on its DUID (DHCP Unique Identifier). The DHCPv6 server logs all assignments and lease renewals. The team configures the DHCPv6 pool with a lease time of 8 hours to match their security policy. Common issue: If the DHCPv6 server fails, new hosts cannot obtain addresses. The team implements a secondary DHCPv6 server and uses DHCPv6 failover (not supported in all implementations). They also configure the RA with a short valid lifetime (e.g., 30 minutes) so that hosts re-request addresses frequently.
Enterprise Scenario 3: ISP Home Network with Prefix Delegation
An ISP uses DHCPv6 Prefix Delegation (DHCPv6-PD) to assign a /56 or /48 prefix to each customer's CPE router. The CPE router then subnets that prefix into /64 subnets for its LAN interfaces. The CPE sends a DHCPv6 Solicit with a Prefix Delegation option, and the ISP's DHCPv6 server responds with an Advertise containing the delegated prefix. The CPE then configures its LAN interfaces with SLAAC or DHCPv6. This allows the customer to have multiple subnets without manual configuration. Misconfiguration: If the CPE does not request a prefix or the ISP server does not respond, the CPE may only get a single /64 from SLAAC, breaking multi-subnet capabilities.
N10-009 Objective 1.4: Explain the purpose and properties of IPv6 addressing and configuration
This objective specifically tests your understanding of SLAAC and DHCPv6. The exam expects you to:
Differentiate between stateless (SLAAC) and stateful (DHCPv6) address assignment.
Identify the flags in Router Advertisements (M and O) and their effect.
Understand the role of DAD and the RS/RA process.
Know the default RA interval (200 seconds) and DAD retries (3).
Recognize the difference between DHCPv6 and DHCPv4 (e.g., DHCPv6 uses multicast, not broadcast).
Common Wrong Answers and Why Candidates Choose Them
"SLAAC uses DHCPv6 to assign addresses": Candidates confuse SLAAC with stateful DHCPv6. SLAAC is stateless; the host generates its own address. DHCPv6 is used only for additional options in stateless mode.
"DHCPv6 uses broadcast messages like DHCPv4": DHCPv6 uses multicast (FF02::1:2) instead of broadcast. Candidates who remember DHCPv4 assume the same.
"The M flag means 'Managed' so DHCPv6 assigns addresses": This is actually correct, but candidates often think M flag means "More" or "Manual". Know that M=1 means stateful DHCPv6 (addresses assigned by server).
"SLAAC requires a DHCPv6 server": No, SLAAC works with just a router sending RAs. The host generates its own address.
"DAD is performed only for global unicast addresses": DAD is performed for all unicast addresses, including link-local addresses.
Specific Numbers and Terms That Appear on the Exam
Default RA interval: 200 seconds
DAD retries: 3 (default)
DHCPv6 ports: UDP 546 (client), 547 (server)
DHCPv6 multicast: FF02::1:2
EUI-64: inserts FFFE in the middle of MAC, flips the 7th bit (U/L bit)
Preferred vs valid lifetimes
M flag: Managed (stateful DHCPv6)
O flag: Other configuration (stateless DHCPv6)
Edge Cases and Exceptions
Privacy Extensions: Many OSes (Windows, macOS, Linux) use random interface IDs by default, not EUI-64. This is not explicitly tested but may appear.
DHCPv6 Rapid Commit: Option to reduce message exchange (Solicit-Reply instead of Solicit-Advertise-Request-Reply). Not commonly tested.
Prefix lengths other than /64: SLAAC technically can work with other lengths, but /64 is required for EUI-64 and is the standard.
How to Eliminate Wrong Answers
If the question mentions "stateless" or "no server", the answer is SLAAC.
If the question mentions "DHCP server" or "centralized control", the answer is DHCPv6.
If the question asks about "DNS server assignment" in IPv6, look for "stateless DHCPv6" or "O flag".
If the question asks about "duplicate address detection", the answer involves Neighbor Solicitation (NS) and Neighbor Advertisement (NA).
SLAAC uses ICMPv6 Router Advertisements (RA) to provide a prefix; the host generates its own interface ID (EUI-64 or random).
DHCPv6 uses UDP ports 546 (client) and 547 (server) with multicast address FF02::1:2.
The M flag in RA indicates stateful DHCPv6 (address assignment); the O flag indicates stateless DHCPv6 (other configuration like DNS).
Duplicate Address Detection (DAD) sends up to 3 Neighbor Solicitations to the tentative address; if no Neighbor Advertisement is received, the address is unique.
Default RA interval is 200 seconds; DAD retry interval is 1 second.
SLAAC requires a /64 prefix to accommodate the 64-bit interface identifier.
Privacy Extensions (RFC 4941) generate temporary random addresses to prevent tracking.
DHCPv6 Prefix Delegation (DHCPv6-PD) allows an ISP to delegate a prefix to a customer router.
These come up on the exam all the time. Here's how to tell them apart.
SLAAC
Stateless; no server required
Host generates its own address
Uses Router Advertisements (RS/RA)
No lease tracking or address logging
Easier to deploy; less administrative overhead
Stateful DHCPv6
Stateful; requires DHCPv6 server
Server assigns addresses from a pool
Uses DHCPv6 messages (Solicit, Advertise, Request, Reply)
Provides lease tracking and logging
More control; suitable for enterprise environments
Mistake
SLAAC requires a DHCPv6 server to assign addresses.
Correct
SLAAC is stateless; the host generates its own address using a prefix from a Router Advertisement and a self-generated interface ID. No DHCPv6 server is needed for address assignment.
Mistake
DHCPv6 uses broadcast messages like DHCPv4.
Correct
DHCPv6 uses multicast messages. Clients send Solicit to FF02::1:2 (all DHCP servers), and servers respond to the client's link-local address or multicast.
Mistake
The M flag in Router Advertisements stands for 'More' or 'Manual'.
Correct
M stands for 'Managed'. When set to 1, it indicates that hosts should use stateful DHCPv6 to obtain addresses.
Mistake
Duplicate Address Detection (DAD) is only performed for global unicast addresses.
Correct
DAD is performed for all unicast addresses, including link-local addresses (FE80::/10). It is part of the Neighbor Discovery Protocol.
Mistake
EUI-64 is the only method for generating interface identifiers in SLAAC.
Correct
Modern operating systems often use randomly generated interface identifiers for privacy (RFC 4941). EUI-64 is a legacy method but still supported.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
SLAAC (Stateless Address Autoconfiguration) allows a host to generate its own IPv6 address using a prefix from a Router Advertisement and a self-generated interface ID. It does not require a server. DHCPv6 (Dynamic Host Configuration Protocol for IPv6) uses a client-server model to assign addresses and other configuration parameters. DHCPv6 can be stateful (assigns addresses) or stateless (provides other options like DNS). The key difference: SLAAC is stateless and host-driven; DHCPv6 is stateful and server-driven.
The M flag (Managed) and O flag (Other) are two bits in the Router Advertisement message. M=1 tells hosts to use stateful DHCPv6 to obtain addresses. O=1 tells hosts to use DHCPv6 to obtain other configuration information (e.g., DNS servers) but addresses are obtained via SLAAC. If both are 0, SLAAC is used with no DHCPv6. If both are 1, stateful DHCPv6 is used for both addresses and other options.
DAD is performed by a host before assigning an IPv6 address. The host sends a Neighbor Solicitation (NS) message to the tentative address's solicited-node multicast address. If another host responds with a Neighbor Advertisement (NA), the address is duplicate. The host retries up to 3 times (default) with a 1-second delay. If no response, the address is considered unique and assigned. DAD is performed for all unicast addresses, including link-local.
The default interval between unsolicited Router Advertisements is 200 seconds (3 minutes 20 seconds). This is defined in RFC 4861. The interval can be configured between 30 and 1800 seconds. Routers also send RAs in response to Router Solicitations (RS) from hosts.
DHCPv6 uses UDP port 546 for the client and UDP port 547 for the server. The client listens on port 546, and the server listens on port 547. Messages are sent to multicast address FF02::1:2 (all DHCP servers) initially.
EUI-64 (Extended Unique Identifier) is a method to create a 64-bit interface ID from a 48-bit MAC address. The process: split the MAC in half, insert FFFE in the middle, and flip the 7th bit (U/L bit) of the first byte. For example, MAC 00:1A:2B:3C:4D:5E becomes 02:1A:2B:FF:FE:3C:4D:5E. This is then appended to the /64 prefix to form the full IPv6 address.
Technically, SLAAC can work with any prefix length, but the standard requires a /64 because the interface identifier is 64 bits. If a different prefix length is used, the host cannot generate a complete address using standard methods. In practice, SLAAC is almost always used with /64 prefixes.
You've just covered IPv6 SLAAC and DHCPv6 — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?