IPv6 RA breaks through VLAN's
-
@JKnott
Thanks for your response. It's a Mikrotik CRS354. -
I haven't used Mikrtik gear. However, that is the exact problem I had with a TP-Link AP. My guest WiFi is on VLAN 3 and until I replaced my access point with one from Ubiquiti I couldn't use IPv6 on it.
You mention the VLAN is not configured on the PC. Does the port it's connected to have VLAN 10 on it?
BTW, a line or two from Wireshark is pretty much useless. You should post the capture file here.
-
With the Mikrotik, I can use IPv6 without issues. The problem seems to be related when you use a hybrid port setup with a tagged and untagged VLAN.
After some research, I found out it's not a router nor a switch problem: Windows listens to RA's coming in on tagged VLAN's and strips VLAN tags, even when it's not configured to do so.
Testing the same port on a Linux box, it will disregard tagged VLAN's and the setup works as intended. So it seems to be a Windows problem only.In our network, some ports have a phone connected and a computer connected to the phone, others have the computer directly connected to the ports.
For generalization, I liked the idea to have only hybrid ports and be able to plug every combination into every port.It looks like I have to go back to access ports without any VLAN's being tagged and have the VLAN's stripped on the phones if a computer is connected to it.
-
@mphilippi so I am curious about this - I don't recall ever seeing such an issue in the wild.. But should be easy enough to test..
So if what reading is valid, or still valid on current versions of windows. My IPv4 is untagged native to my windows port, your saying if I enable IPv6 on this interface, but don't have IPv6 on the native untagged network, but also have a tagged vlan on this port with IPv6 on it pfsense will use this on its untagged interface?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
What happens if you don't run Wireshark in promiscuous mode ?
-
The client receives IPv6 addressing from the tagged VLAN but obviously won't be able to communicate with it through the untagged VLAN. It seems to be an issue with Windows.
Could you re-create the scenario? -
@NogBadTheBad
It has nothing to do with Wireshark. I used the packet capture feature of pfSense only after I found out about the issue to get more data -
@mphilippi said in IPv6 RA breaks through VLAN's:
So it seems to be a Windows problem only.
Yeah, another Windows "feature". Normally, with VoIP on a VLAN, you connect the computer through the phone, which will remove the tag, before passing packets on to the computer.
MS has a very long history of breaking things, because they don't follow standards and practices.
-
@mphilippi Both Wireshark and a packet capture from pfSense defaults to promiscuous mode, that was why I asked.
-
I always do packet capture in promiscuous mode, as these days switches keep most of the other traffic away. Back when I first started using it, then known as Ethereal, hubs were still in use, so you'd see everything on the network, including passwords.
