Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Set up mixed IPv4 and IPv6 traffic?

    Scheduled Pinned Locked Moved General pfSense Questions
    26 Posts 3 Posters 3.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ Offline
      JKnott @pfguy2018
      last edited by JKnott

      @pfguy2018

      Switches and access points should have no problem at all with IPv6, as they are supposed to pass all Ethernet frames. Many years ago, switches were used to pass IPX and many other frame types. The only thing is some gear might be IPv4 only on the management interface. As I mentioned, I've been running IPv6 for almost 11 years. The only thing that absolutely has to hand IPv6 is the router and pfsense does that very well.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      P 1 Reply Last reply Reply Quote 1
      • P Offline
        pfguy2018 @JKnott
        last edited by

        @jknott @stephenw10
        Like I said, I guess I have a lot to learn. I am still not clear on how vlans work with IPv6 if the switch/APs don't see IPv6 (how does the equipment know which vlan to place the traffic in? Just based on the tag? Does the tag work with both v4 and v6?). I will have to do some reading/learning about this.

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ Offline
          JKnott @pfguy2018
          last edited by

          @pfguy2018

          They work exactly as they do with IPv4. You're confusing layers. Ethernet is layer 2 and IP, both 4 & 6 (and IPX) are layer 3. VLANs are an extension of Ethernet and so belong at layer 2 (some say 2.5). In every Ethernet frame, the first significant bytes are the 2 in the Ethertype/Length field. This is what determines what the frame contains. If it is 1500 or below, it is an 802.3 frame and the value refers to the payload size. Otherwise, it's a DIX II frame and the number refers to the data type, including IPv4, IPv6 and much more. So, normally a frame would have the Ethertype for IPv4 or IPv6. But if it's for a VLAN, it would have the Ethertype for VLANs, followed by 2 bytes for the VLAN ID and then followed by the original IP Ethertype, etc. So, for a VLAN, there are 4 bytes added, which the switch uses to sort according to VLAN.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          P 1 Reply Last reply Reply Quote 0
          • P Offline
            pfguy2018 @JKnott
            last edited by

            @jknott
            Thank you for the extremely detailed explanation. I am going to read and re-read that a few times until I grasp all the concepts you outlined. I think what you are saying though is that if pfSense passes IPv6 traffic on to a vlan, it will stay on that vlan throughout my networking equipment (switches, APs) even if that equipment does not explicitly have settings for IPv6?

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ Offline
              JKnott @pfguy2018
              last edited by

              @pfguy2018 said in Set up mixed IPv4 and IPv6 traffic?:

              I think what you are saying though is that if pfSense passes IPv6 traffic on to a vlan, it will stay on that vlan throughout my networking equipment (switches, APs) even if that equipment does not explicitly have settings for IPv6?

              Yep. As mentioned above, the only equipment where that would be a factor is routers. Switches and APs are transparent to the layer 3 packet type.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              P 1 Reply Last reply Reply Quote 0
              • P Offline
                pfguy2018 @JKnott
                last edited by

                @jknott
                So as long as pfSense is set up to accept and process IPV6, I don't need to change anything in my switches or APs or vlans? Whichever vlan the cable boxes get added to (either by ethernet connection to an untagged port belonging to the desired vlan on a switch or by joining a wireless network associated with that vlan), things will just work?

                JKnottJ 1 Reply Last reply Reply Quote 0
                • JKnottJ Offline
                  JKnott @pfguy2018
                  last edited by JKnott

                  @pfguy2018

                  Think of VLANs as though they were physically separate. If you can do something with plain switches and APs, you can do it with a VLAN. What VLANs allow you to do is run those logically separate networks over one physical network and then separate the traffic. For example, in offices, VoIP phones and computers often share the same connection, with the phone on a VLAN. This allows the phones to have priority over the computer data, as VLANs enable priority through switches, etc.. Another example is guest WiFi, so you can use the same APs, but keep then separate from the main LAN traffic. I have that here.

                  Bear in mind the VLANs must be configured on pfsense, switches and APs and the VLAN ID must match on each device.

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  P 1 Reply Last reply Reply Quote 0
                  • P Offline
                    pfguy2018 @JKnott
                    last edited by

                    @jknott
                    Right. I already have the vlans configured and running on all equipment. I am just confirming that nothing will need to be adjusted to accommodate IPV6 traffic on those vlans (except for at the pfSense end of things).

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ Offline
                      JKnott @pfguy2018
                      last edited by

                      @pfguy2018

                      Yep.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      P 1 Reply Last reply Reply Quote 0
                      • P Offline
                        pfguy2018 @JKnott
                        last edited by

                        @jknott
                        So much easier than I would have thought. Thanks!

                        JKnottJ 1 Reply Last reply Reply Quote 0
                        • JKnottJ Offline
                          JKnott @pfguy2018
                          last edited by

                          @pfguy2018

                          One thing to bear in mind is that each interface has to use a different prefix ID. With a /56 from Rogers, your choices are 0 to ff. You also have to specify you want a /56, though you could get a smaller one if you want.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          P 1 Reply Last reply Reply Quote 1
                          • P Offline
                            pfguy2018 @JKnott
                            last edited by

                            @jknott Good to know. I appreciate all your help so far. Once (if) I decide to proceed with this, I might have to come back to get more assistance...

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.