ipv6

In my firewall I did not enabled the ipv6 to any port. But still firewall releasing the ipv6 IP address to the devices like Mobiles and IPV6 enabled systems. I am unable to trace where it is releasing and why. Could you please any one help in this regard. 



Added TAG
[edited by: emmosophos at 8:36 PM (GMT -8) on 8 Feb 2021]
Parents Reply Children
  • Now, you need to remove each device from your network until the issue stops. Further you need to examine every devices network configuration to determine which on is using IPv6 link local addressing.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    I know that. It is an example to better understand only, easy to stop at water tank level instead of every and each water tap. Can we do like that from the firewall instead of each device?

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • Sure, you can look at the reports then check the MAC address against your dhcp server.

    ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • You are already said ff02::1 is nothing but XG. But nothing in my XG, I troubleshooted the maximum ways and followed your suggestions/instructions too. Then how to trace in my XG? It is again coming to the 1st question.

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • You haven’t checked logviewer for Mac addresses and then compared them to your dhcp server.

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Dear Sir

    Can you check IPV6 router advertisement in XG. Please Disable it.

    BR

    Vishvas

  • Hi Vishvas,

    I Verified, nothing was there but still Firewall is responding and giving an link-local addresses for IPv6 enabled interfaces. I am unable to stop this. One thing identified it is a Port 4. But in port 4 also nothing was there against IPv6.

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • Dear Ramesh

    Is there any TPLINK router in the network ? Can you send me details of port 4 is it on Lan side ? and screenshot of Network IPV6 router advertisement ?  Have you defined any gateway/helper address on infra switches?

    BR

    Vishvas

  • Dear Vishvas,

    Thank you for your consideration.

    There is an D-Link routers DIR-600M & DIR-615. Both are have only following configuration options for IPv6

    Static IPv6
    SLAAC/DHCPv6
    PPPoE
    IPv6 in IPv4 Tunnel
    6 to 4
    6rd
    Link-Local Only(Configured as existing)

    There is no option to disable or stop the IPv6. These are configured as Access Points only, but still releasing the IPv6 address to the systems. I disabled the IPv6 from the each device. But no option to disable to few more like Mobiles, DVRs, Smart Devices etc... This is the case 1.


    2nd case: in Firewall Port 4 is an Lan IP without configuration of IPv6, but still it is responding (Advertisement/Solicitation) to few more devices like said above. I am unable to understand how to stop to the both cases.

    Advertisement/Solicitation from firewall;

    ----------------------------------------------------------

    tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    09:40:25.666359 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:34d4 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override]
    destination link-address option (2), length 8 (1): 14:07:08:0c:34:d4
    09:40:42.838645 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:3639 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override]
    destination link-address option (2), length 8 (1): 14:07:08:0c:36:39
    09:40:46.446195 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:3616 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override]
    destination link-address option (2), length 8 (1): 14:07:08:0c:36:16

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410