Duplicate IPv6 addresses
-
@pbnet said in Duplicate IPv6 addresses:
I'm really lost here :(
Are the 2 prefixes assigned on your network? Have you run Wireshark to examine the RAs? If you're seeing RAs for both prefixes, you've got something crossed somewhere. The TP-Link problem I mentioned above was due to multicasts not being restricted to the VLAN so a device on the LAN would get the wrong prefix. Also, look at what's actually leaving pfSense. You can do that with Packet Capture right in pfSense or Wireshark, with port mirroring on the managed switch.
-
Not sure here
This is what gets assigned automatically on PFSense:
There is no DHCPv6, only RA:
-
OK, so I figured out that both prefixes (from VLAN5 and VLAN10) are assigned to the NIC on VLAN5 on the PC.
The problem is I have no idea how to limit the prefix to a specific VLAN. -
Then as I stated you do not have actual vlan isolation... Your just running multiple L3 on the same L2..
That is going to be issue with your switch config.. Are these both tagged, is 1 not tagged on pfsense?
pfsense - em0 vlan5T, vlan 10T -- switch -- vlan 5U -- pc..
There would be no possible way for pc connect to vlan 5 switch port to see vlan 10, traffic - unless you have it mis configured on the switch, etc.
-
@johnpoz
Well, each VLAN leaves PFSense on its own NIC:VLAN5 is on NIC bce1 and appears in PFSense as LAN: VLAN 5 on bce1 (VLAN5)
VLAN10 is on NIC bce3 and appears in PFSense as PBNETLAN2: VLAN10 on bce3 (VLAN10)The network cables that leave PFSense (running on a dell R710), reach the Mikrotik Switch like this:
- VLAN5 --> Port 1 --> VLAN Mode: Enable // VLAN Receive: Only Tagged // Default VLAN ID: 5
- VLAN 10 --> Port 2 --> VLAN Mode: Enable // VLAN Receive: Only Tagged // Default VLAN ID: 10
Desktop PC: Port 24: VLAN Mode: Enable // VLAN Receive: ANY // Default VLAN ID: 5
Call me stupid, but I still don't figure out what is wrong on this config.
Thanks.
-
Is port 24 an access or trunk port? Normally, it should be an access port, unless you need more than one LAN/VLAN on it.
-
@pbnet said in Duplicate IPv6 addresses:
VLAN5 --> Port 1 --> VLAN Mode: Enable // VLAN Receive: Only Tagged // Default VLAN ID: 5
Why are you setting up vlans on pfsense? If its the only network on the interface... It would just be native an untagged then..
-
Well, as far as I can understand from my logic, it looks more like trunk to me :(
Here's what Mikrotik says: https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-ExampleAnd this is my setup:
Correct me if I'm wrong. I didn't quite get the VLANS tab part :(
-
@johnpoz That seemed logical at that time when I first set up the VLANs... Can this be a problem?
-
I do not know that switch... All I can tell you is that if your getting 2 address from two different RA then your not isolated at Layer 2 - its simple as that. Be it your switch config, or you have something else bridging the 2 L2 networks.
It makes no sense to me to run a vlan on top of the native interface if all your going to do is run 1 network on it.. Pointless... Now if your going to run more than 1 vlan on it, then there is something to be said to only tagging and no native.. But if all you have is native interface pfsense needs not now anything about vlans for that network.
But an "any" setting doesn't seem logical to me at all..
From you later image looks like you have every port as a member of 3 vlans - that is BORKED for freaking sure!!
I can tell you for freaking sure that is wrong without knowing that switch os at all...
The only ports that should be members of more than 1 vlan are ports connected to something that will sep the vlans based upon tag, etc.. Like a router interface that has more than 1 vlan on it, or a another switch uplink, or connection to an AP, etc.
