ipv6

In my firewall I did not enabled the ipv6 to any port. But still firewall releasing the ipv6 IP address to the devices like Mobiles and IPV6 enabled systems. I am unable to trace where it is releasing and why. Could you please any one help in this regard. 



Added TAG
[edited by: emmosophos at 8:36 PM (GMT -8) on 8 Feb 2021]
Parents Reply Children
  • Sure, you can look at the reports then check the MAC address against your dhcp server.

    ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • You are already said ff02::1 is nothing but XG. But nothing in my XG, I troubleshooted the maximum ways and followed your suggestions/instructions too. Then how to trace in my XG? It is again coming to the 1st question.

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • You haven’t checked logviewer for Mac addresses and then compared them to your dhcp server.

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Dear Sir

    Can you check IPV6 router advertisement in XG. Please Disable it.

    BR

    Vishvas

  • Hi Vishvas,

    I Verified, nothing was there but still Firewall is responding and giving an link-local addresses for IPv6 enabled interfaces. I am unable to stop this. One thing identified it is a Port 4. But in port 4 also nothing was there against IPv6.

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • Dear Ramesh

    Is there any TPLINK router in the network ? Can you send me details of port 4 is it on Lan side ? and screenshot of Network IPV6 router advertisement ?  Have you defined any gateway/helper address on infra switches?

    BR

    Vishvas

  • Dear Vishvas,

    Thank you for your consideration.

    There is an D-Link routers DIR-600M & DIR-615. Both are have only following configuration options for IPv6

    Static IPv6
    SLAAC/DHCPv6
    PPPoE
    IPv6 in IPv4 Tunnel
    6 to 4
    6rd
    Link-Local Only(Configured as existing)

    There is no option to disable or stop the IPv6. These are configured as Access Points only, but still releasing the IPv6 address to the systems. I disabled the IPv6 from the each device. But no option to disable to few more like Mobiles, DVRs, Smart Devices etc... This is the case 1.


    2nd case: in Firewall Port 4 is an Lan IP without configuration of IPv6, but still it is responding (Advertisement/Solicitation) to few more devices like said above. I am unable to understand how to stop to the both cases.

    Advertisement/Solicitation from firewall;

    ----------------------------------------------------------

    tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    09:40:25.666359 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:34d4 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override]
    destination link-address option (2), length 8 (1): 14:07:08:0c:34:d4
    09:40:42.838645 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:3639 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override]
    destination link-address option (2), length 8 (1): 14:07:08:0c:36:39
    09:40:46.446195 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:3616 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override]
    destination link-address option (2), length 8 (1): 14:07:08:0c:36:16

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410