IPv6 router solicitations dropped for wireless clients (beta firmware)
[ 2023-12-27: updated title because this doesn't appear PPSK related after all ]
Trying out PPSK with the most recent beta firware for the EAP613, it fails IPv6 traffic. Specifically, essential ICMPv6 traffic does not pass from the wireless interface to the wired interface. When a new device connects and issues router solicitation, the packet never makes it out of the access point, so the the device never find the router.
Going from the wired interface to the wireless does seem to work, meaning that when the router eventually sends out a periodic unsolicited router advertisement, it does make it through to the wireless side where client picks it up and configures its v6 stack appropriately.
I'm not sure if it is the ff02::2 multicast destination of the router solicitation, or some other facet of the ICMPv6 that is being blocked. I kind of suspect the former since some ICMPv6 traffic does make it through once the client has recieved a periodic router advertisement and configured itself.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The newly released EAP613(EU)_V1_1.4.3 Build 20231215 firmware does fix the problem of IPv6 router solicitations being blocked or dropped.
- Copy Link
- Report Inappropriate Content
Hi @seacycle,
seacycle wrote
Trying out PPSK with the most recent beta firware for the EAP613, it fails IPv6 traffic. Specifically, essential ICMPv6 traffic does not pass from the wireless interface to the wired interface. When a new device connects and issues router solicitation, the packet never makes it out of the access point, so the the device never find the router.
May I know the firmware version of your controller?
Do you have the same issue before you upgrade the firmware to EAP613 1.4.2? What is the original firmware version of the EAP613?
How did you confirm the IPv6 issue is caused by PPSK settings? How did you set the PPSK? Can EAP613 transfer IPv6 traffic properly if you disable PPSK?
- Copy Link
- Report Inappropriate Content
@Hank21 - Software controller is 5.13.22. Previous EAP613 firmware was 1.3.2 Build 20230414 Rel. 54437.
I setup the test as PPSK without RADIUS with three passphrase mapping to three different VLANs, but no MAC bindings. The WLAN group had two SSIDs, but only one active on the EAPs in question (the one with the PPSK configuration).
The problem seems tied specifically to PPSK. I reverted to a non PPSK configuration with the same 1.4.2 beta build and the problem goes away.
I diagnosed by taking icmp6 packet captures at three points: on the router interface, from the EAP on the wired side, and from the EAP on the wireless side. The wireless client was an iPhone (ios17). With a PPSK configuration, the router solicitations from the client showed on the wireless side of the EAP, but did not show on the wired interface, and obviously not at the router. Reverting to the non-PPSK configuration, the router solicitations go through to the router as expected. (The router is not tp-link.)
UPDATE: just after writing that, I encountered the symptom again (A device not getting a v6 address until an unsolicited RA is sent out) with PPSK off, so maybe the PPSK is just making the problem occur more reliably? I'll do some more testing, and may revert back to 1.3.2.
- Copy Link
- Report Inappropriate Content
@Hank21 More investigation, I think PPSK is not actually relevant here. I went there because I first noticed the symptoms shortly after enabling it. I'm not certain how I observed router solicitations going through after disabling it yesterday. Further testing today with the 1.4.2 firmware, I see router solicitations from wireless clients being dropped reliably, regardless of whether PPSK is being used. Reverting to the latest release, EAP613(US)_v1_1.3.2 Build 20230414, router solicitations pass through as expected. So it seems to be more generally a 1.4.2 issue, not a PPSK issue. Such is life with betas!
- Copy Link
- Report Inappropriate Content
Hello @seacycle,
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID231246832, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!
- Copy Link
- Report Inappropriate Content
Hank21 wrote
Hello @seacycle,
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID231246832, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!
@Hank21 — Thanks, I've loaded up the on-track-to-release firware provided in the issue and it does resolve the problem of all router solicitation packets being dropped.
There is still a related issue where a client using Optimistic Duplicate Address Detection (RFC 4429) issues an initial router solicitation packet without the source link-layer address option, as mandated by the RFC. This initial router solicitation packet is dropped by the EAP in both the pre-release firmware supplied in the ticket, and the currently released firware (1.3.2 Build 20230414 Rel. 54437). Once the full duplicate address detection workflow completes, the client then sends another router solicitation packet with the source link-layer option. This second packet does go through the EAP, but the drop of the first solicitation introduces a 4-5 second delay in configuring the v6 stack on the client, effectively breaking Optimistic DAD.
RFC 4429 is, what, 17 years old? Seems like that would be sufficient time to write up a test suite to run the firmware through to ensure proper behavior. I've been using omada stuff for switching for a couple years and am pretty satisfied. I just bought a couple EAPs to test out going all-omada. Based on other forum posts and my own experience, I must say that the IPv6 situation with the EAPs is disappointing.
- Copy Link
- Report Inappropriate Content
Hi @seacycle,
Our senior engineer has received your feedback on the issue via email, they will continue to follow up with your case. If you have any additional information, please feel free to reply to the support email whose case ID is TKID231246832. Many thanks for your cooperation and patience!
Thank you for your valued update on the case.
- Copy Link
- Report Inappropriate Content
Hi @seacycle,
If your concern is resolved, I'd encourage you to give feedback to the community so others can be confident of the solution.
Additional, a newer 5.13.30.4 Beta firmware of Controller has been released, please follow the post link below for details.
Omada SDN Controller_V5.13.30.4 Pre-release (Released on Jan 8th, 2024)
- Copy Link
- Report Inappropriate Content
The newly released EAP613(EU)_V1_1.4.3 Build 20231215 firmware does fix the problem of IPv6 router solicitations being blocked or dropped.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 710
Replies: 8
Voters 0
No one has voted for it yet.