IPv6, VLANs and Android...

JKnott

@FillDee

I let the AP remove the VLAN tags and connect to the 2nd SSID. And no, you generally don't request RAs. They happen automagically. Seems to me you're trying to do things the wrong way.

bschapendonk

@FillDee could be that android randomizes the MAC, hence the different VLAN if they are based on the MAC?

JKnott

@bschapendonk

That shouldn't make a difference, if the network is set up properly.

FillDee

@bschapendonk
It gets multiple RA subnets/routes, not just the incorrect one. As I base my VLANs on MAC addresses, a random mac acts like a guest and gets only internet access, whereas, if I use my phone MAC, it gets access to my internal network.

All of that works fine with IPv4, with DHCP.

FillDee

@JKnott said in IPv6, VLANs and Android...:

I let the AP remove the VLAN tags and connect to the 2nd SSID. And no, you generally don't request RAs. They happen automagically. Seems to me you're trying to do things the wrong way.

Router solicitations are done by most clients afaik. I was hoping that I could just stop the RA multicasts. I'm relatively new to IPv6 so I could have misunderstood it. The correct RA subnet is always first to appear {assuming from the solicitation and the unicast reply), followed by the incorrect ones a bit later, from what I am again assuming is the periodic RA's.

If I'm doing things the wrong way, how should I be doing it?

Things work fine for IPv4, as DHCP gives out the GW and IP, so it's nice and neat. Since IPv6 is based on SLAAC and RA's, this seems to break using VLANs the way I am.

I guess I could look at an access point that can fix SSIDs to a specific VLAN. I had that setup with a 2nd access point, but decided to set them as a MESH and use MAC based VLANs instead. I like this setup, as new devices have only internet access until I add the MACs to an internal VLAN. This also works if a laptop gets plugged into one of the AP ethernet ports. It was a nice solution that worked great up until this point... :(

JKnott

@FillDee said in IPv6, VLANs and Android...:

Router solicitations are done by most clients afaik. I was hoping that I could just stop the RA multicasts. I'm relatively new to IPv6 so I could have misunderstood it. The correct RA subnet is always first to appear {assuming from the solicitation and the unicast reply), followed by the incorrect ones a bit later, from what I am again assuming is the periodic RA's.

A client will do a RS when first connecting to a network. That RA will be addressed to the client requesting it. After that, it relies on periodic RAs, which are sent to the entire network, using multicast address ff02::1, which is all IPv6 devices.

Things work fine for IPv4, as DHCP gives out the GW and IP, so it's nice and neat. Since IPv6 is based on SLAAC and RA's, this seems to break using VLANs the way I am.

On IPv4, the client requests the lease and that's the only way it gets one. There is nothing comparable to RAs on IPv4. Also, a DHCP lease can last for several hours, depending on how the DHCP server is configured. RAs occur frequently.

I guess I could look at an access point that can fix SSIDs to a specific VLAN.

That is the way you're supposed to do it. I suspect you're using a router as an access point. I have a proper access point, separate from my router. My router is configured to place my guest WiFi on a VLAN, over the same cable as my main LAN and then the AP separates them and places the VLAN on the 2nd SSID. You really need something that supports VLANs and multiple SSIDs to do this.

FillDee

@JKnott
Thanks for the info.
I'll look into things further and see if I can stop RA multicasts and see what problems that might bring.
As I said, I like the fact I can plug my laptop into the APs (which are Asus AX routers in access point mode), and still get onto the internal network without changing any config.
These routers do support multiple SSIDs and can support VLANs, just not from gui.
I really don't want to go back to that if Ican help it.

JKnott

@FillDee said in IPv6, VLANs and Android...:

I'll look into things further and see if I can stop RA multicasts and see what problems that might bring.

You'll break the network. RAs are a key part of IPv6.

FillDee

@JKnott

I can always turn them back on if I break things.

FillDee

Update for anyone with the same issue.

I have decided, for now, to use DHCPv6 and forget about the Android devices which, of course, ignore them. The other PC's such as my Windows laptop, work just fine on the VLANs and WiFi.

Thanks for the help @JKnott

JKnott

@FillDee said in IPv6, VLANs and Android...:

I have decided, for now, to use DHCPv6 and forget about the Android devices

Why not just try to do things properly, instead of what you're trying? That is, use a VLAN and 2nd SSID.

FillDee

@JKnott
Because it doesn't fit my requirements. It's not what I want to do, and doesn't achive what I need.
For my needs, he disadvantages of different SSIDs, outweigh the benefits, since everything but Android works, that's a solution for me at this time.