Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help me with IPv6 SLAAC on Android

    Scheduled Pinned Locked Moved IPv6
    ipv6androidslaac
    29 Posts 6 Posters 8.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pixielark @JKnott
      last edited by

      @jknott
      I don't think I have multiple GUA prefix on each LAN interface
      If you see my above picture
      LAN: 2604:3d08:6b80:ff00:4262:31ff:fe02:ad6f
      VLAN10: 2604:3d08:6b80:ff01:4262:31ff:fe02:ad6f
      VLAN20: 2604:3d08:6b80:ff02:4262:31ff:fe02:ad6f
      VLAN30: 2604:3d08:6b80:ff03:4262:31ff:fe02:ad6f
      so obviously my ISP gave me prefix 2604:3d08:6b80::/56 and pfsense were able to give me a 2604:3d08:6b80:ff00-03::/64 on each LAN interface
      The reason might be as what others pointed out, flooded RA message on LAN and VLAN☹
      Thanks for your help anyway

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @pixielark
        last edited by

        @pixielark said in Help me with IPv6 SLAAC on Android:

        I am not 100% seperating my vlan and that might explain the reason

        Any chance you have a cheap TP-Link switch? That's a known "feature" with them.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • P
          pixielark @Derelict
          last edited by pixielark

          @derelict said in Help me with IPv6 SLAAC on Android:

          I'd say @grimson is correct and the android device is seeing RAs from all VLANs instead of just one. Is this a managed switch with VLANs properly defined?

          @jknott said in Help me with IPv6 SLAAC on Android:

          Any chance you have a cheap TP-Link switch? That's a known "feature" with them.

          I do have a TP-link switch but I won't call it a cheap one, model number T1500G-10MPS (fully L2 managed I believe) and it cost almost same as a ubiquiti managed switch (price wise at least☹ )

          I got this switch because I am using some TP-Link EAP access point so just got the switch at the same time

          but it might be just me being stupid🤔 (looking back to my JIRA board at work)

          so here is my WIFI setup, I have 4 SSID and 4 AP at home
          8 port TP-Link switch
          port 1 connect to my pfsense, port 5-8 to each AP

          test-LAN(SSID) without any wirelss VLAN ID
          test-vlan10(SSID) with wireless VLAN ID 10
          test-vlan20(SSID) with wireless VLAN ID 20
          test-vlan30(SSID) with wireless VLAN ID 30

          on my TP-Link switch
          I have 4 vlan
          VLAN ID 1 System-VLAN with port 1-8 untagged
          VLAN ID 10 VLAN10 with port 1-8 tagged
          VLAN ID 20 VLAN20 with port 1-8 tagged
          VLAN ID 30 VLAN30 with port 1-8 tagged

          but it seems like the System-VLAN leaks RA message to all VLAN10-30 therefore when device connect to test-vlan10-30 if will receive RA from System-VLAN and get a IPv6 address from ff00 on top of the interface it belongs to

          and System-VLAN will receive RA message from all VLAN10-30 so I am getting IPv6 from all prefix ID (ff00-ff03)

          is this some "feature" of the TP-Link switch? or I was using my switch wrong with misconfiged VLAN?
          Thanks a lot for eveyones help 😌

          JKnottJ 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            That looks OK. I would say that TP-Link switch leaks IPv6 multicast/ICMP6 across VLANs when it shouldn't.

            One more reason to simply discard TP-Link from the list of considered manufacturers.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            P 1 Reply Last reply Reply Quote 0
            • P
              pixielark @Derelict
              last edited by

              @derelict said in Help me with IPv6 SLAAC on Android:

              That looks OK. I would say that TP-Link switch leaks IPv6 multicast/ICMP6 across VLANs when it shouldn't.

              One more reason to simply discard TP-Link from the list of considered manufacturers.

              I am looking at tp-link official docs about how to setup vlan https://www.tp-link.com/us/faq-788.html
              will report back after I do more digging⛑
              thanks a lot

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                It could also be the APs doing it.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                P 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  I know @JKnott had problems with tplink AP that they sucked at vlans just like their cheap switches.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • P
                    pixielark @Derelict
                    last edited by

                    @derelict said in Help me with IPv6 SLAAC on Android:

                    It could also be the APs doing it.

                    So I have it fixed, as what you mentioned, I cannot figure out what's wrong with my switch config, so I looked at my AP config, remember my default SSID test-LAN does not have vlan tag enabled, but after I read tp-link switch doc my understanding is that the switch always operate under vlan1 (I don't even think it supports untagged operation at all base on their document), so it makes no sense for AP to operate at untagged (or vlan disabled as what they called), and I think their solution to deal with this is to pollute all vlan so you will receive package on your AP regardless of you AP is set to be untagged but switch is operating at vlan1
                    I put my test-lan SSID onto vlan1 and boom☠ , no more pollution, everything is working as expected now, I only receive the IPv6 address based on the interface(vlan) I am connecting to now

                    @johnpoz said in Help me with IPv6 SLAAC on Android:

                    I know @JKnott had problems with tplink AP that they sucked at vlans just like their cheap switches.

                    I'd recommand him to put his AP onto vlan1 and try it again, but I agree whatever tp-link implemented does not make sense at all☹
                    but for the price I won't complain too much, hope they will improve their software or my wifi6 upgrade will be full ubiquiti in the future😑

                    1 Reply Last reply Reply Quote 0
                    • P
                      pixielark
                      last edited by

                      ok, so after a few tries, it seems my main lan (vlan1) is not getting pollution anymore, but RA still leaks to vlan10-30, so I am still seeing unnecessary IP at all of my vlan, time to file a bug tp tp-link i guess☹

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        @pixielark said in Help me with IPv6 SLAAC on Android:

                        time to file a bug tp tp-link i guess

                        Good luck with that - if you read the history of the complaints of their sg105e and 108e switches took them forever to even admit they were doing anything wrong.. There is a post on their forums where they say it was like that by design to not remove vlan 1 from all ports.. They just don't get it!

                        They finally released a fix for v3+ of their hardware but 1 and 2 got left hanging...

                        I wouldn't recommend buying their switches or AP no matter how cheap they are.. Unless you want is dumb device with no vlan support.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott @pixielark
                          last edited by

                          @pixielark said in Help me with IPv6 SLAAC on Android:

                          but it seems like the System-VLAN leaks RA message to all VLAN10-30 therefore when device connect to test-vlan10-30 if will receive RA from System-VLAN and get a IPv6 address from ff00 on top of the interface it belongs to

                          That sounds just like the problem I had with my TP-Link access point. It made having a guest WiFi impossible.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          P 1 Reply Last reply Reply Quote 0
                          • B
                            bimmerdriver
                            last edited by

                            This is the first I've heard of Shaw supporting IPv6.

                            What type of service do you have?

                            What type of modem do you have?

                            Is your pfSense connected through a bridged port?

                            P 1 Reply Last reply Reply Quote 0
                            • P
                              pixielark @bimmerdriver
                              last edited by pixielark

                              @bimmerdriver said in Help me with IPv6 SLAAC on Android:

                              This is the first I've heard of Shaw supporting IPv6.

                              What type of service do you have?

                              What type of modem do you have?

                              Is your pfSense connected through a bridged port?

                              Shaw started to offer IPv6 service about a year ago.
                              You have to be on their current 300M or 600M service (residential, not sure about business)
                              You have to get their XB6 modem (No, the Hirtron one with 300M service will NOT work, if you request a XB6 Shaw will force you to renew your contract to be on their "new" billing system in order to be qualified, so it is your choise to pay "extra" if you definitely want IPv6)
                              There are currently 2 XB6 modems Shaw offer, Arris TG3482 and Technicolor CGM4141, I would personally recommand you to get the Technicolor one (using Broadcom processor), the Arris one uses Intel Puma chip which has famous hardware defact, although both will work just for getting IPv6.
                              You can put your XB6 into bridge mode by going into the settings page and everything should work afterwards, connect your pfsense to your XB6 and request a /56 prefix from Shaw (defalt /64 because of all the garbage modem on the market), and you can workout the others after that

                              B JKnottJ 2 Replies Last reply Reply Quote 0
                              • P
                                pixielark @JKnott
                                last edited by

                                @jknott said in Help me with IPv6 SLAAC on Android:

                                @pixielark said in Help me with IPv6 SLAAC on Android:

                                but it seems like the System-VLAN leaks RA message to all VLAN10-30 therefore when device connect to test-vlan10-30 if will receive RA from System-VLAN and get a IPv6 address from ff00 on top of the interface it belongs to

                                That sounds just like the problem I had with my TP-Link access point. It made having a guest WiFi impossible.

                                Yeah, I guess if we only need ipv4 everything would work just fine😂

                                1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by

                                  You only do need IPv4 - name 1 actual resource you need to get to that requires IPv6 ;)

                                  But multicast is multicast - you have other stuff that would be bleeding over.. Just wouldn't be such an obvious problem.

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    bimmerdriver @pixielark
                                    last edited by

                                    @pixielark said in Help me with IPv6 SLAAC on Android:

                                    @bimmerdriver said in Help me with IPv6 SLAAC on Android:

                                    This is the first I've heard of Shaw supporting IPv6.

                                    What type of service do you have?

                                    What type of modem do you have?

                                    Is your pfSense connected through a bridged port?

                                    Shaw started to offer IPv6 service about a year ago.
                                    You have to be on their current 300M or 600M service (residential, not sure about business)
                                    You have to get their XB6 modem (No, the Hirtron one with 300M service will NOT work, if you request a XB6 Shaw will force you to renew your contract to be on their "new" billing system in order to be qualified, so it is your choise to pay "extra" if you definitely want IPv6)
                                    There are currently 2 XB6 modems Shaw offer, Arris TG3482 and Technicolor CGM4141, I would personally recommand you to get the Technicolor one (using Broadcom processor), the Arris one uses Intel Puma chip which has famous hardware defact, although both will work just for getting IPv6.
                                    You can put your XB6 into bridge mode by going into the settings page and everything should work afterwards, connect your pfsense to your XB6 and request a /56 prefix from Shaw (defalt /64 because of all the garbage modem on the market), and you can workout the others after that

                                    Thanks for the info. My question was more out of curiosity, because I was not aware that Shaw is offering IPv6. I'm on Telus and I don't have to pay extra for IPv6 or a modem that I can bridge to use my own pfSense router, so I don't plan to switch to Shaw. (I left Shaw years ago because I wasn't happy with their service.)

                                    P 1 Reply Last reply Reply Quote 0
                                    • P
                                      pixielark @bimmerdriver
                                      last edited by pixielark

                                      @bimmerdriver If I can get Telus fibre I would ditch Shaw in a heartbeat, our city is very stubborn with some regulations so Telus does not deploy fibre in my city☹

                                      1 Reply Last reply Reply Quote 0
                                      • JKnottJ
                                        JKnott @pixielark
                                        last edited by

                                        @pixielark said in Help me with IPv6 SLAAC on Android:

                                        You have to get their XB6 modem (No, the Hirtron one with 300M service will NOT work, if you request a XB6 Shaw will force you to renew your contract to be on their "new" billing system in order to be qualified, so it is your choise to pay "extra" if you definitely want IPv6)

                                        I'm on Rogers. I had to get a new modem to use IPv6. When I did that, I wound up with a cheaper package, with pretty much the same bandwidth and cap.

                                        Based on what I've heard of Shaw, that money grab is not surprising.

                                        PfSense running on Qotom mini PC
                                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                        UniFi AC-Lite access point

                                        I haven't lost my mind. It's around here...somewhere...

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          pixielark
                                          last edited by pixielark

                                          Ok, so the final update, I have everything fixed now (at least till now)☺

                                          So the final trick is to set my switch to tag port 5-8 which connect to my 4 APs

                                          apparently the tp-link APs will receice packages on it's selected wirelss VLAN + anything that's untagged (without vlan header)

                                          after change my switch to tag vlan1 on port 5-8 it ensures all the vlan1 tag won't be removed when outbound the port, which fixes the RA flood issue.

                                          Thanks everyone for the help

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.