IPv6 Question
-
Hmm, is that IPv6 address in any of the pfSense interface subnets?
Since pfSense doesn't have an interface on the untagged ix0 NIC I don't expect it to be.
-
@stephenw10 yes, that's the LAN /64. (VLAN11). I changed it so that the IPv6 address is on VLAN 11 instead of VLAN 1. I belive that is going to fix all this crap. Cannot verify until later.
-
@johnnybinator if your switch as an IPv6 on its vlan1 - maybe it handing out address via slaac? Since clearly untagged traffic coming into that port would be on vlan 1.
That seems logical to be honest.. While somehow pfsense seeing untagged traffic on its vlan 11 does not.
-
@johnpoz Yeah. I was thinking the same. Odd thing is, the switch is not providing any IPv6 services. Somehow the pfsense box is doing the RA on VLAN11, but the switch is seeing that on VLAN 1, because I had accidentally put an IPv6 address on VLAN 1.
I put the IPv6 address on the switch via the GUI. It mentions nothing about the VLAN it is assigning the address to. I should have just done it via CLI.
-
I would expect it to be on the switch native VLAN unless you specifically set it otherwise.
I still wouldn't expect it to allow traffic between that and VLAN 11 though.
This is a curious situation you have discovered!
-
@stephenw10 said in IPv6 Question:
This is a curious situation you have discovered!
For sure... there has to be a piece of the puzzle we are missing. Since it makes zero sense that untagged traffic coming into 3/20 on his switch could somehow make it to pfsense tagged vlan 11. When clearly on his port connected to ix0 on pfsense also shows untagged as 1..
From his 2 switch port configs, the untagged or native vlan is clearly shown as vlan 1
Is there any other ports connected to this server.. That could somehow put untagged traffic on vlan 11 on the switch?
-
@johnpoz Not that I'm aware of.
-
It's the fact you have two way traffic that is most confusing. It's relatively common to see something incorrectly stripping tags. Some misbehaving switch or hardware offloading on a NIC for example. But that would only ever expose an untagged host to traffic that should be on a VLAN. It would not re-tag it the other way.
You could try running packet captures on the interfaces in question to see if that traffic is in fact tagged or untagged as expected.Steve
-
@stephenw10 I will do some testing later. I cannot do it now.
-
@johnnybinator Actually I was able to spin up a VM & everything now works as intended. I appreciate you sticking with me and helping to eliminate possibilities.
-
@johnnybinator said in IPv6 Question:
I was able to spin up a VM & everything now works as intended
huh.. Dude you can not leave us hanging like that ;) There has to be a actual reason, so before the vm was tagging the traffic that you didn't think it should be tagging?
-
@johnpoz I guess I could put the switch back the way it was and see if that makes things go back to what was happening. This is at him and I'm working. Kind of a hectic week. When originally posted this, I thought someone was going to just say "yeah, just click here, etc..."
-
The change you made though was to remove the IPv6 IP from the switch?
-
@stephenw10 The change was ipv6 addres on vlan 11, which is where the switch's IPv4 is, instead of VLAN 1 which is where the IPv6 address assignment went when I put it in via the GUI, which doesn't give you a choice of interface.
-
So assigning it in the switch sing the CLI you were able to put it on VLAN11 and everything started working as expected? That's some interesting behaviour.
-
@stephenw10 Yes, exactly. These are not the highest-end switches I've ever worked with. I went for silence, remember?
-
Mmm, fun*. I'll have to watch out for that.