IPv6 prefix delegation broken

IPv6 prefix delegation broken

IPv6 prefix delegation broken
IPv6 prefix delegation broken
2024-10-17 05:10:51
Tags: #IPv6
Model: Festa FR205  
Hardware Version: V1
Firmware Version: 1.0.2

Hello, I think I have configured the IPv6 prefix delegation properly in the Festa cloud interface. The clients in the LAN receive an IPv6 address from the delegated prefix. But they cannot access the internet. I have setup a port mirror on the WAN interface of the Festa device, and I can see that IPv6 packets from the LAN are going out the WAN, and responses are coming back, but they are being dropped inbound on the WAN. Almost like you guys didn't add the proper firewall/ACL rules. I thought I could use the IPv6_group option to create an ACL, but it appears you don't allow IPv6 ACLs? I know the ISP works fine with IPv6 prefix delegation, I had a Ubiquiti router before that was doing it just fine for years. I have posted screenshots of the IPv6 WAN/LAN config. Any ideas?

 

1412764fbd744900a87fb4bf321ca12f

 

 

  0      
  0      
#1
Options
3 Reply
Re:IPv6 prefix delegation broken
2024-10-18 00:47:57

Hi @t_wrex 

Thanks for posting in our business forum.

How do you test it to see if it is not working? Please paste the results of it and your steps to reproduce it.

 

In Omada, it could do that. If in your Festa interface, and this option is missing, it could be a problem with the Festa not adapting.

 

Note that the GW ACL does not offer IP group as an option in the SRC and DST. We are aware of this and will improve and optimize it.

As for now, SW ACL offers the IP/IP-Port ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:IPv6 prefix delegation broken
2024-10-18 03:49:30

  @Clive_A I set up a port mirror of the LAN port of the Festa and capture the traffic. I see packets going out from the clients towards any internet destination IPv6 address, but nothing makes it back. I set up a port mirror on the WAN interface and I see packets going in and coming back. Inbound they are being stopped at the Festa.

 

LAN mirror capture:

22:47:02.989540 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 255, length 64
22:47:03.992600 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 256, length 64
22:47:04.995842 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 257, length 64
22:47:05.993762 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 258, length 64
22:47:06.991367 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 259, length 64

 

WAN mirror capture:

22:42:55.969669 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 8, length 64
22:42:55.969733 IP6 2607:f8b0:4002:c11::12 > 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9: ICMP6, echo reply, id 35134, seq 8, length 64
22:42:56.967601 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 9, length 64
22:42:56.967630 IP6 2607:f8b0:4002:c11::12 > 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9: ICMP6, echo reply, id 35134, seq 9, length 64
22:42:57.965690 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 10, length 64
22:42:57.965717 IP6 2607:f8b0:4002:c11::12 > 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9: ICMP6, echo reply, id 35134, seq 10, length 64
22:42:58.968812 IP6 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9 > 2607:f8b0:4002:c11::12: ICMP6, echo request, id 35134, seq 11, length 64
22:42:58.968837 IP6 2607:f8b0:4002:c11::12 > 2604:2d80:9b03:8300:b2b9:8aff:fe43:98e9: ICMP6, echo reply, id 35134, seq 11, length 64

 

I'm not sure how the switch ACL would be useful. I can't even add anything on that screen. Probably because i don't have a Festa switch.

  0  
  0  
#3
Options
Re:IPv6 prefix delegation broken
3 weeks ago
Any more information anyone can provide on this?
  0  
  0  
#4
Options