DHCPv6 enabled on LAN but serves VLANs too
I have a DHCPv6 enabled serving IP addresses to clients on my LAN subnet.
I created a new vlan interface and configured the switchports to that vlan only. Pfsense switch port is configured for all traffic.
The clients in the vlan get an IPv4 address from the range I configured, but they also get an IPv6 address from LAN. Since some of those clients give IPv6 prio, they can't reach anything because IPv6 isn't accepted on the vlan interface.
I basically need to prevent vlan clients from getting served by DHCPv6. How do I do that? I tried creating a rule on top to drop all IPv6 traffic but clients are still getting IPv6 addresses.
Thanks for the help.
If your clients on vlan X, are getting IP from dhcp6 on your lan or other vlan - then you have problem with your switching.. Its not possible for dhcp be it v4 or v6 to hand a client an IP that is not on its L2.. So you have something messed up in your switching where you have connected your L2 networks together.
Thanks for the prompt reply.
I double checked the switch ports. I created profiles for lan only, vlanx only and both lan+vlanx. When I set the switch port for pfsense to "all" instead of lan+vlanx, things started to slowly work as expected. So thanks for the tip, I wouldn't have tried that without that.
DHCP still seems to hand out pfsense IPv6 address as a DNS server, but if the client only has a link-local address it doesn't seem to be used. I guess that's fine.
I can't say I understand how this works, I checked the profiles too and the correct lan and vlans are selected in each profile.
Anyway, thanks for the prompt help!
DHCP still seems to hand out pfsense IPv6 address as a DNS server
You can hand out whatever dns IP you want in dhcp.. That is different than getting an IP from dhcp server.
Out of the box pfsense would hand its IP address on that interface to its dhcp clients.