Strange behavior with Apple Airport Extremes

Guest

Sorry if this is in the wrong forum

I'm seeing some rather strange behaviour from Apple Airport Extremes connected to pfSense 2.4 (yes I know its beta but I was seeing the same at 2.3)

Basically every few minutes a number of the Apples devices (NOT ALL) will issue a solicit and my log is full of this type of sequence

Feb 3 07:39:47 dhcpd Solicit message from fe80::66a5:c3ff:fe60:ecfa port 546, transaction ID 0x9DED4000
Feb 3 07:39:47 dhcpd Advertise NA: address 2a02:wwww:xxxx:yyyy:eeee:9d4e:1f05:a4f to client with duid 00:03:00:01:64:a5:c3:60:ec:fa iaid = -1017058054 valid for 7200 seconds
Feb 3 07:39:47 dhcpd Sending Advertise to fe80::66a5:c3ff:fe60:ecfa port 546

The network topology of the Airports can be seen in the attached image
The worse offender is the one marked Rectory Cinema

I have tried swapping the AP around but it seems to be location based not specific to a AP.

Cable tests show no issues

I have NO connectivity issues and devices attached either wired or wirelessly to the AP's get both IPv4 and IPv6 address without problems

![Screen Shot 2017-02-03 at 07.13.23.png](/public/imported_attachments/1/Screen Shot 2017-02-03 at 07.13.23.png)
![Screen Shot 2017-02-03 at 07.13.23.png_thumb](/public/imported_attachments/1/Screen Shot 2017-02-03 at 07.13.23.png_thumb)

stephenw10

Where is pfSense in that network?

Which device is sending the solicit messages? Or does it vary/all of them?

Steve

Guest

Sorry should have made that clear

PfSense sits between the internet and rectory office (WAN out to internet LAN out to Rectory Office AP)

The troublesome AP's are

Rectory Office
Rectory Cinema

I have swapped AP around but its always the AP in these locations

Guest

So I have discovered that by setting the Airport Extremes to link-local only (image 2) as apposed to the default of Automatic (image 1)

The issue disappears and I am still able to distribute IPv4 and IPv6 address to any clients attached to the AP's

Not sure thats actually a valid setup in true IPv6 terms, but it means my log is not filling up and I can still access clients via IPv6 which is my end goal so I can live with it until someone tells me what either I'm doing wrong or confirms that Apple is breaking some rules

![Screen Shot 2017-02-04 at 00.00.46.png](/public/imported_attachments/1/Screen Shot 2017-02-04 at 00.00.46.png)
![Screen Shot 2017-02-04 at 00.00.46.png_thumb](/public/imported_attachments/1/Screen Shot 2017-02-04 at 00.00.46.png_thumb)
![Screen Shot 2017-02-04 at 00.00.29.png](/public/imported_attachments/1/Screen Shot 2017-02-04 at 00.00.29.png)
![Screen Shot 2017-02-04 at 00.00.29.png_thumb](/public/imported_attachments/1/Screen Shot 2017-02-04 at 00.00.29.png_thumb)

kpa

Link-local only is perfectly fine if you don't need a routable IPv6 addresses on the APs, they will be reachable on the same network segment by their link-local IPv6 addresses. If you use the automatic setting the device will keep sending router solicitation messages periodically and that's where your log spam is from.

Guest

@kpa:

Link-local only is perfectly fine if you don't need a routable IPv6 addresses on the APs, they will be reachable on the same network segment by their link-local IPv6 addresses. If you use the automatic setting the device will keep sending router solicitation messages periodically and that's where your log spam is from.

I would expect them to send solicitation messages every 2 hours or so as 7200 seconds is the lease time but they were doing it every few minutes