Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Extra IPv6 address when moving the device between vlans.

    Scheduled Pinned Locked Moved DHCP and DNS
    9 Posts 4 Posters 492 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NogBadTheBadN
      NogBadTheBad
      last edited by NogBadTheBad

      If I move my Mac OS device from my normal USER vlan (2) to the IOT vlan (4) I seem to be getting an extra IPv6 address, with no changes to the Mac OS device.

      Any ideas where inet6 fd6a:414f:6b31:ba43:1c3d:d5e2:a210:2f64 prefixlen 64 autoconf secured is to be coming from, I'm using Managed -RA Flags on both ?

      Running 24.11 & KEA.

      USER vlan (2)
 
andy@mac-pro ~ % ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
	ether 00:3e:e1:c1:af:07 
	inet6 fe80::c00:d37b:8222:3a41%en0 prefixlen 64 secured scopeid 0x4 
	inet6 xxxx:yyyy:60ec:2::14 prefixlen 64 dynamic 
	inet 172.16.2.20 netmask 0xffffff00 broadcast 172.16.2.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex,energy-efficient-ethernet>)
	status: active
andy@mac-pro ~ % 

IOT vlan (4)

andy@mac-pro ~ % ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
	ether 00:3e:e1:c1:af:07 
	inet6 fe80::c00:d37b:8222:3a41%en0 prefixlen 64 secured scopeid 0x4 
	inet6 fd6a:414f:6b31:ba43:1c3d:d5e2:a210:2f64 prefixlen 64 autoconf secured 
	inet6 xxxx:yyyy:60ec:4::64 prefixlen 64 dynamic 
	inet 172.16.4.100 netmask 0xffffff00 broadcast 172.16.4.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex,energy-efficient-ethernet>)
	status: active
andy@mac-pro ~ %

      Drat meant to put this in the IPv6 part of the forum.

      Andy

      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

      GertjanG JKnottJ 2 Replies Last reply Reply Quote 0
      • patient0P
        patient0
        last edited by

        Are you connected by Wifi or cable? And if connected wirelessly are any of your AP running OpenWRT?

        If I remember correctly OpenWRT sets an random ULA prefix, and what you see is an ULA address. Maybe the RA on one of the AP is not disabled?

        1 Reply Last reply Reply Quote 1
        • GertjanG
          Gertjan @NogBadTheBad
          last edited by

          @NogBadTheBad said in Extra IPv6 address when moving the device between vlans.:

          ether 00:3e:e1:c1:af:07

          Your MAC doesn't change, so no MAC randomization, so that's not the reason.
          Your IPv4 did change, normal, as its another network.
          Your GUA did change, normal, as this is another network.

          How a ULA is generated, I don't know, but your Mac is on another network, so : another ULA.

          Btw, is normal that a device has several IPv6 addresses.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          NogBadTheBadN JKnottJ 2 Replies Last reply Reply Quote 1
          • NogBadTheBadN
            NogBadTheBad @Gertjan
            last edited by

            @Gertjan I was just puzzled that I’m using a dhcpv6 reservation on vlan 2 for the device but not on vlan 4 and I’m seeing an extra ULA on vlan 4.

            Next test remove the dhcpv6 reservation from vlan 2 and see what happens.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @NogBadTheBad
              last edited by

              @NogBadTheBad said in Extra IPv6 address when moving the device between vlans.:

              dhcpv6 reservation

              AFAIK, "dhcpv6" hands out a GUA, not ULA's.
              Shut down dhcpv6, and your devcies won't have GUAs anymore, but ULA"s will still be there.
              ULA"s are "auto generated".

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              NogBadTheBadN 1 Reply Last reply Reply Quote 1
              • NogBadTheBadN
                NogBadTheBad @Gertjan
                last edited by

                @Gertjan said in Extra IPv6 address when moving the device between vlans.:

                AFAIK, "dhcpv6" hands out a GUA, not ULA's.
                Shut down dhcpv6, and your devcies won't have GUAs anymore, but ULA"s will still be there.
                ULA"s are "auto generated".

                The dhcpv6 address doesn't appear after disabling dhcpv6, odd that inet6 fd6a:414f:6b31:ba43:1c3d:d5e2:a210:2f64 prefixlen 64 autoconf secured doesn't appear on lan 2.

                andy@mac-pro ~ % ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
	ether 00:3e:e1:c1:af:07 
	inet6 fe80::c00:d37b:8222:3a41%en0 prefixlen 64 secured scopeid 0x4 
	inet6 fd6a:414f:6b31:ba43:1c3d:d5e2:a210:2f64 prefixlen 64 autoconf secured 
	inet 172.16.4.100 netmask 0xffffff00 broadcast 172.16.4.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex,energy-efficient-ethernet>)
	status: active
andy@mac-pro ~ %

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                patient0P 1 Reply Last reply Reply Quote 0
                • patient0P
                  patient0 @NogBadTheBad
                  last edited by

                  @NogBadTheBad the may not disappear because the device giving them out is still active, like an AP.

                  You of course can check for the IPv6 neighbours using ndp -a and the routing table netstat -rn -f inet6 to see over which link the ULA prefix is comming.

                  1 Reply Last reply Reply Quote 1
                  • JKnottJ
                    JKnott @NogBadTheBad
                    last edited by

                    @NogBadTheBad said in Extra IPv6 address when moving the device between vlans.:

                    fd6a:414f:6b31:ba43:1c3d:d5e2:a210:2f64

                    That's a Unique Local Address and coming from your router. You should have a different address on each VLAN, as they are different subnets. You should see the 4th address block (ba43) change with each VLAN or LAN. It appears you're using prefix ID 3 on that subnet.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 1
                    • JKnottJ
                      JKnott @Gertjan
                      last edited by

                      @Gertjan said in Extra IPv6 address when moving the device between vlans.:

                      How a ULA is generated, I don't know, but your Mac is on another network, so : another ULA.

                      ULA works exactly the same way as global addresses, except you set your own prefix range when you enable ULA.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.