ER605 sending out RA's for multiple networks incorrectly
ER605 sending out RA's for multiple networks incorrectly
I have multiple networks configured on the controller with individual IPv6 networks assigned to each one.
When I connect a wired client to a LAN port on the ER605, this receives RA's for multiple networks all without the expected VLAN's. This persists even when changing the PVID assigned to the port. DHCP IPv4 addresses are correctly assigned, so this appears to be a IPv6 specific issue.
Screenshots of my networks, showing the VLAN and the associated IPv6 prefix, and from Wireshark on the client showing the RA's from both networks within the same capture along with the output of ipconfig on the windows client showing it having addresses in multiple IPv6 prefix ranges.There are additional IPv6 networks configured, and ultimately the wired client receives RA's and addresses from each, completely isolating the client from the other IPv6 networks as it believes these are on link.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @cakemix
Thanks for posting in our business forum.
cakemix wrote
Hi @Clive_A,
You either seem to be focusing on the wrong point of the issue, or not understanding the issue. This may be partly my fault due to putting IPv6 terminology into the subject, however this is *not* a layer 3 issue per se, this is a layer 2 issue.
To simplify the issue, take 3 networks, the default using the pre-configured vlan id 1 as this cannot be removed, wifi_lan on vlan id 100 and servers on vlan id 128.
I have a port on the er605 gateway that is connected to a client that needs to be in vlan 100, and I have another port that is connected to a switch which needs to have vlan 100 and 128 as tagged.
If I mirror the port that is connected to the switch, I can see all frames leave the ER605 with the correct dot1q tags, or lack thereof.
If I set PVID 100 on the port that is connected to the device that needs to be in vlan 100, it *still* received multicast/ broadcast packets that should be in vlan 1 and 128 without the dot1q tags added added to the Ethernet frame header. This is the unexpected behavior, and why my device is configuring IPv6 addresses for all of my VLANs breaking my IPv6 network for this client.
I have configured devices with similar configuration on Netgear, D-Link, Cisco, Juniper, Huawei, Fortigate, Extreme, Brocade and many other vendors, *none* of them show this behavior when setting a port PVID, Trunk Native or access VLAN on the port, they all correctly send the tagged traffic as tagged an the untagged traffic as untagged with the vlans that are configured on the port.
I should not need to send you packet captures from these other vendors devices for such a basic behavior before you investigate and resolve the issue.
Kind regards,
Keith
OK. Then the test team did tests on the Draytek and UBNT, they behaved the same as us. Which, again, means this is expected. Like what I previously suggested. Netgear is the home product and which model supports the VLAN interface?
What is the result of Huawei and Cisco? Care to share your config? And verification steps? I will pass it over to the test team and see if they have models from them to test.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
This turned out to be a bug on the Realtek Network adapter on the windows machine - this was stripping the vlan tags of all ingress traffic. Extremely concerning that support consistently tried to gaslight me into believing this was working as intended when it quite obviously was not. I can only assume this post made it no where near someone with the required technical skills to understand the packet captures, because it would have been readily apparent that something wasn't behaving as intended to anyone who did, no matter if the blame was on the ER605 or the end device, as was be the case.
Anyone who comes across this post googling a similar issue, there was details on a Wireshark post - which unfortunately I am not allowed to link, because why would posting helpful links be allowed on a support forum?
I will include the details below directly for anyone who is searching:
If changing that setting alone doesn't work for you:
1: Update your realtek drivers
2: The key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E972-E325-11CE-BFC1-08002BE10318}\00nn needs to have 4 values. '00nn' is the specific key that has the information for the adapter you intend on capturing on. Add or edit the following DWORDs
MonitorModeEnabled - 1
MonitorMode - 1
*PriorityVLANTag - 0
SkDisableVlanStrip - 1
Restart your computer, make sure there's no firewall preventing wireshark from seeing the no longer vlan tagged packets, and you should be good to go.
- Copy Link
- Report Inappropriate Content
For anyone who tries this above solution shared by the OP, please proceed based on your discretion. Please back up your registry for safety. If there is any issues, please contact your computer vendor for further recovering and technical support.
We, TP-Link, will not be responsible for any malfunction that happens to your computer if you modify your system settings. Data is invaluable and be sure you have them properly backed up.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1209
Replies: 13
Voters 0
No one has voted for it yet.