I have a setup with a USG 20, a managed switch supporting VLAN and 2 access points supporting SSID to VLAN mapping. Lan1 is connected to the switch, on a port with untagged, VLAN10 and VLAN20. On the USG, I have obviously Lan1, VLAN 10 and VLAN 20 all out of Lan1 port. On the switch, I have 2 more ports going to 2 APs with the same Untagged, VLAN10 and VLAN20 setup. APs are both configured the same with prod1 SSID set to untagged, prod2 SSID set to VLAN10 and Guest set to VLAN20. With IPv4, everything is working fine. Stations on different SSID are assigned the proper subnet from the DHCP server.
IPv6 is a complete different story. Only stations on the SSID that is untagged are operational on IPv6. On the SSID that is fed untagged, stations receives the Router Advertisement (RAs) for the SLAAC and default gateway and uses DHCP to retrieve the DNS. DHCP is also giving away an IPv6 address from a pool but station uses the SLAAC (temporary) one.
The stations on the SSIDs fed with VLAN are not receiving RAs. I finally worked on my PC to get my Intel NIC to properly sniff the VLAN tags. I was able to see the RAs out of the Lan1 port for all 3 IPv6 subnets, 1 untagged and 2 with proper tags. Then went down the chain at the output port of the switch, still present. I didn't need a mirror port here as the RAs are multicast, I can see them from a port with the same 3 VLANs configured. On the station, RAs are non existent for those VLAN fed. Client keeps asking for Router Solicitation but no RA are coming back. Out of that duplicated switch port, I see these repeated RS from the clients and for each of them, I see the RA from the USG immediately following. Stations do receive an address from the DHCP as well as the DNS. But stations do not have an IPv6 default gateway as this is provided by the RA.
My APs are a TP-Link WA-801ND and an EnGenius ENS200EXT running stock FW.
I did a quick search and it seems that it is a known problem: http://www.mattb.net.nz/blog/2011/05/12/linux-ignores-ipv6-router-advertisements-when-forwarding-is-enabled/
Anyone else with this issue? How did you solved it? Does it means I need to flash my APs with OpenWRT?
↧