• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPv6 Question

Scheduled Pinned Locked Moved General pfSense Questions
64 Posts 3 Posters 10.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    johnnybinator @johnpoz
    last edited by Oct 21, 2022, 3:05 PM

    @johnpoz

    Is that the only way? Sometimes I don't want to set the native VLAN. I was hoping someone knew a trick to tell pfSense not to do that anymore.

    J 1 Reply Last reply Oct 21, 2022, 3:37 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @johnnybinator
      last edited by johnpoz Oct 21, 2022, 3:38 PM Oct 21, 2022, 3:37 PM

      @johnnybinator do what anymore? Unless its a vlan, it won't add a tag.. So incoming traffic that doesn't have a tag would hit the native interface..

      Not sure what your asking - why would you have a port set to trunk if your only going to connect 1 device to it? Just put the port your connecting this device to as access and put that in whatever vlan you want. Now the device doesn't need to understand tags.

      Just a bit confused on what your actually wanting to accomplish here?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      J 1 Reply Last reply Oct 21, 2022, 3:44 PM Reply Quote 0
      • J
        johnnybinator @johnpoz
        last edited by Oct 21, 2022, 3:44 PM

        @johnpoz Using vmware NSX-T, my edge router is getting an IPv6 address and I don't want it to. It's causing me hassles. I only want to get RA's and addresses where I want them not the default trunk.

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Oct 21, 2022, 3:47 PM

          This is why it's better to avoid tagged and untagged traffic on the same link. You can end up with unexpected consequences.

          Just move LAN to a VLAN instead of having it untagged. Or some other VLAN if you've used VLAN1 externally (which you should never do!)

          Steve

          J 1 Reply Last reply Oct 21, 2022, 4:10 PM Reply Quote 0
          • J
            johnnybinator @johnpoz
            last edited by Oct 21, 2022, 3:48 PM

            @johnpoz Thanks

            J 1 Reply Last reply Oct 21, 2022, 4:11 PM Reply Quote 0
            • J
              johnnybinator @stephenw10
              last edited by Oct 21, 2022, 4:10 PM

              @stephenw10 LAN is VLAN 11. I'm positive of it. That is why I'm so perplexed.

              J S 2 Replies Last reply Oct 21, 2022, 4:13 PM Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator @johnnybinator
                last edited by Oct 21, 2022, 4:11 PM

                @johnnybinator so you don't want any devices on your lan to get IPv6? If that was the case why do you have IPv6 enabled on the lan interface?

                Or you just wanting this device to not get IPv6 via the untagged traffic, but you want it to have IPv4 native?

                Still not sure exactly what your asking.. Be it tagged or untagged. You don't want this device to get a IPv6 address?

                You could always set native in the trunk to a dead vlan on the switch, but then untagged wouldn't work for IPv4.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator @johnnybinator
                  last edited by Oct 21, 2022, 4:13 PM

                  @johnnybinator said in IPv6 Question:

                  LAN is VLAN 11. I'm positive of it. That is why I'm so perplexed.

                  That might be on your switch, my lan on my switch is vlan ID 9, but this is the default vlan on the switch and untagged.

                  Your saying your lan interface is a vlan, there is no IP set on the native interface?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  J 1 Reply Last reply Oct 21, 2022, 4:18 PM Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator @johnnybinator
                    last edited by Oct 21, 2022, 4:14 PM

                    @johnnybinator said in IPv6 Question:

                    @stephenw10 LAN is VLAN 11. I'm positive of it. That is why I'm so perplexed.

                    Mmm, sounds like something is leaking then or just misconfigured.

                    Can the host actually use the address it gets on the trunk port?

                    J 1 Reply Last reply Oct 21, 2022, 4:20 PM Reply Quote 0
                    • J
                      johnnybinator @johnpoz
                      last edited by Oct 21, 2022, 4:18 PM

                      My LAN interface is on VLAN 11. I promise you. I do not have an interface that is not tied to a VLAN, besides WAN & NORD VPN on ipsec.

                      Keyboard-interactive authentication prompts from server:
                      End of keyboard-interactive prompts from server
                      Netgate 6100 - Serial: 2051210048 - Netgate Device ID: e6b7e9a44cc68a2e2e29

                      *** Welcome to Netgate pfSense Plus 22.05-RELEASE (amd64) on pfSense ***

                      WAN (wan) -> igc1 -> v4/DHCP4: xx.xx.xx.xx/23
                      v6/DHCP6: xxxx:xxx:xxxx:xccx:711b:386f:1bc7:69c6/128
                      LAN (lan) -> ix0.11 -> v4: 10.200.0.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:0:92ec:77ff:fe21:2eba/64
                      VLAN6 (opt1) -> ix0.6 -> v4: 10.0.6.254/24
                      VLAN7 (opt2) -> ix0.7 -> v4: 10.0.7.254/24
                      VLAN8 (opt3) -> ix0.8 -> v4: 10.0.8.254/24
                      VLAN10 (opt4) -> ix0.10 -> v4: 10.0.10.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx::92ec:77ff:fe21:2eba/64
                      VLAN20 (opt5) -> ix0.20 -> v4: 10.0.20.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:2:92ec:77ff:fe21:2eba/64
                      VLAN30 (opt6) -> ix0.30 -> v4: 10.0.30.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:3:92ec:77ff:fe21:2eba/64
                      VLAN40 (opt7) -> ix0.40 -> v4: 10.0.40.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:4:92ec:77ff:fe21:2eba/64
                      VLAN50 (opt8) -> ix0.50 -> v4: 10.0.50.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:5:92ec:77ff:fe21:2eba/64
                      VLAN60 (opt9) -> ix0.60 -> v4: 10.0.60.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:6:92ec:77ff:fe21:2eba/64
                      VLAN70 (opt10) -> ix0.70 -> v4: 10.0.70.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:7:92ec:77ff:fe21:2eba/64
                      VLAN80 (opt11) -> ix0.80 -> v4: 10.0.80.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:8:92ec:77ff:fe21:2eba/64
                      VLAN90 (opt12) -> ix0.90 -> v4: 10.0.90.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:9:92ec:77ff:fe21:2eba/64
                      VLAN100 (opt13) -> ix0.100 -> v4: 10.0.100.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:a:92ec:77ff:fe21:2eba/64
                      VLAN110 (opt14) -> ix0.110 -> v4: 10.0.110.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:b:92ec:77ff:fe21:2eba/64
                      VLAN120 (opt15) -> ix0.120 -> v4: 10.0.120.254/25
                      v6/t6: xxxx:xxxx:xxxx:xxxx:c:92ec:77ff:fe21:2eba/64
                      VLAN130 (opt16) -> ix0.130 -> v4: 10.0.130.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:d:92ec:77ff:fe21:2eba/64
                      VLAN140 (opt17) -> ix0.140 -> v4: 10.0.140.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:e:92ec:77ff:fe21:2eba/64
                      VLAN150 (opt18) -> ix0.150 -> v4: 10.0.150.254/24
                      v6/t6: xxxx:xxxx:xxxx:xxxx:f:92ec:77ff:fe21:2eba/64
                      VLAN160 (opt19) -> ix0.160 -> v4: 10.0.160.254/24
                      VLAN170 (opt20) -> ix0.170 -> v4: 10.0.170.254/24
                      VLAN180 (opt21) -> ix0.180 -> v4: 10.0.180.254/24
                      VLAN190 (opt22) -> ix0.190 -> v4: 10.0.190.254/24
                      VLAN200 (opt23) -> ix0.200 -> v4: 10.0.200.254/24
                      VLAN210 (opt24) -> ix0.210 -> v4: 192.168.250.254/24
                      DLVLAN (opt25) -> ix0.151 -> v4: 10.0.151.254/24
                      NORD_VPN (opt26) -> ovpnc1 -> v4: 10.8.3.4/24

                      1. Logout (SSH only) 9) pfTop
                      2. Assign Interfaces 10) Filter Logs
                      3. Set interface(s) IP address 11) Restart webConfigurator
                      4. Reset webConfigurator password 12) PHP shell + Netgate pfSense Plus tools
                      5. Reset to factory defaults 13) Update from console
                      6. Reboot system 14) Disable Secure Shell (sshd)
                      7. Halt system 15) Restore recent configuration
                      8. Ping host 16) Restart PHP-FPM
                      9. Shell
                      1 Reply Last reply Reply Quote 0
                      • J
                        johnnybinator @stephenw10
                        last edited by Oct 21, 2022, 4:20 PM

                        @stephenw10 yes. the host can ping6 on that interface to 2600:: but if I give the same interface an IPv4 address without tagging, I cannot ping out on IPv4.

                        J 1 Reply Last reply Oct 21, 2022, 4:37 PM Reply Quote 0
                        • J
                          johnpoz LAYER 8 Global Moderator @johnnybinator
                          last edited by Oct 21, 2022, 4:37 PM

                          @johnnybinator well that is odd..

                          I could see if the pvid on the port connected to your device was your lan vlan id, that could get to pfsense tagged as it leaves the port connected to pfsense.

                          But if that was what was happening then ipv4 should work as well, unless your rules on the lan interface didn't allow IPv4?

                          If the traffic was actually coming to pfsense untagged, and pfsense has nothing set on the native interface.. Then it shouldn't be able to get anything.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          J 1 Reply Last reply Oct 21, 2022, 4:46 PM Reply Quote 0
                          • J
                            johnnybinator @johnpoz
                            last edited by Oct 21, 2022, 4:46 PM

                            @johnpoz Yeah. Exactly.

                            1 Reply Last reply Reply Quote 0
                            • S
                              stephenw10 Netgate Administrator
                              last edited by Oct 21, 2022, 5:01 PM

                              So to be clear this happens when you connect a host to ix0 directly? Or some other down stream trunk link?

                              If it's something other than actually on ix0 on the firewall I'd guess there's something else bridging to it. It's all too easy to leak tagged traffic to untagged but much less likely to go the other way. And that would be required for ping6 to work obviously.

                              Steve

                              J 1 Reply Last reply Oct 21, 2022, 5:18 PM Reply Quote 0
                              • J
                                johnnybinator @stephenw10
                                last edited by Oct 21, 2022, 5:18 PM

                                @stephenw10 This is through a switch that has a trunk port set up on the 6100 - 10Gb.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  stephenw10 Netgate Administrator
                                  last edited by Oct 21, 2022, 5:46 PM

                                  So you're connecting to a trunk port on the switch and there is a separate trunk to the 6100?

                                  That sounds like a switch config problem then. That trunk port is untagged on VLAN11 somehow?
                                  Doesn't explain how 6 works and v4 doesn't though.

                                  J 1 Reply Last reply Oct 21, 2022, 5:55 PM Reply Quote 0
                                  • J
                                    johnpoz LAYER 8 Global Moderator @stephenw10
                                    last edited by Oct 21, 2022, 5:55 PM

                                    @stephenw10 exactly common config actually - pvid on a trunk is vlan X... As traffic enters the port untagged it gets put in vlan X.. Now when it leaves the switch to say the router it is tagged on vlan X.

                                    But my same question that could explain what is happening - but doesn't explain why it doesn't work on ipv4.. Unless the firewall rules on lan on pfsense do not allow ipv4?

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    J 1 Reply Last reply Oct 23, 2022, 9:17 PM Reply Quote 0
                                    • J
                                      johnnybinator @johnpoz
                                      last edited by Oct 23, 2022, 9:17 PM

                                      @johnpoz I have no PIVD set. No Native VLAN. Just straight Trunk. on the switch or the Host. I'm sure of it.

                                      interface ethernet 1/25
                                      description sm3_10G
                                      switchport mtu 9216
                                      switchport mode trunk
                                      switchport trunk allowed vlan all
                                      ipv6 nd ra suppress

                                      J S 2 Replies Last reply Oct 23, 2022, 9:26 PM Reply Quote 0
                                      • J
                                        johnpoz LAYER 8 Global Moderator @johnnybinator
                                        last edited by Oct 23, 2022, 9:26 PM

                                        @johnnybinator said in IPv6 Question:

                                        Just straight Trunk

                                        And what switch allows that? If there was no native, then any untagged traffic wouldn't go anywhere - so clearly that is not what is happening.

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                                        J 1 Reply Last reply Oct 23, 2022, 9:35 PM Reply Quote 0
                                        • J
                                          johnnybinator @johnpoz
                                          last edited by Oct 23, 2022, 9:35 PM

                                          @johnpoz Clearly there's nothing clear about it.

                                          J 1 Reply Last reply Oct 23, 2022, 9:55 PM Reply Quote 0
                                          22 out of 64
                                          • First post
                                            22/64
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received