ER605 sending out RA's for multiple networks incorrectly

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ER605 sending out RA's for multiple networks incorrectly

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
13 Reply
Re:ER605 sending out RA's for multiple networks incorrectly
2024-04-10 00:44:38

Hi @cakemix 

Thanks for posting in our business forum.

cakemix wrote

 Hi @Clive_A,

 

You either seem to be focusing on the wrong point of the issue, or not understanding the issue. This may be partly my fault due to putting IPv6 terminology into the subject, however this is *not* a layer 3 issue per se, this is a layer 2 issue.

 

To simplify the issue, take 3 networks, the default using the pre-configured vlan id 1 as this cannot be removed, wifi_lan on vlan id 100 and servers on vlan id 128.

 

I have a port on the er605 gateway that is connected to a client that needs to be in vlan 100, and I have another port that is connected to a switch which needs to have vlan 100 and 128 as tagged.

 

If I mirror the port that is connected to the switch, I can see all frames leave the ER605 with the correct dot1q tags, or lack thereof.

 

If I set PVID 100 on the port that is connected to the device that needs to be in vlan 100, it *still* received multicast/ broadcast packets that should be in vlan 1 and 128 without the dot1q tags added added to the Ethernet frame header. This is the unexpected behavior, and why my device is configuring IPv6 addresses for all of my VLANs breaking my IPv6 network for this client.

 

I have configured devices with similar configuration on Netgear, D-Link, Cisco, Juniper, Huawei, Fortigate, Extreme, Brocade and many other vendors, *none* of them show this behavior when setting a port PVID, Trunk Native or access VLAN on the port, they all correctly send the tagged traffic as tagged an the untagged traffic as untagged with the vlans that are configured on the port.

 

I should not need to send you packet captures from these other vendors devices for such a basic behavior before you investigate and resolve the issue.

 

Kind regards,

Keith

OK. Then the test team did tests on the Draytek and UBNT, they behaved the same as us. Which, again, means this is expected. Like what I previously suggested. Netgear is the home product and which model supports the VLAN interface?

What is the result of Huawei and Cisco? Care to share your config? And verification steps? I will pass it over to the test team and see if they have models from them to test.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#12
Options
Re:ER605 sending out RA's for multiple networks incorrectly-Solution
2024-04-14 16:51:47 - last edited 2024-04-15 01:09:43

 Hi @Clive_A

 

This turned out to be a bug on the Realtek Network adapter on the windows machine - this was stripping the vlan tags of all ingress traffic. Extremely concerning that support consistently tried to gaslight me into believing this was working as intended when it quite obviously was not. I  can only assume this post made it no where near someone with the required technical skills to understand the packet captures, because it would have been readily apparent that something wasn't behaving as intended to anyone who did, no matter if the blame was on the ER605 or the end device, as was be the case.


Anyone who comes across this post googling a similar issue, there was details on a Wireshark post - which unfortunately I am not allowed to link, because why would posting helpful links be allowed on a support forum?

 

I will include the details below directly for anyone who is searching:

 

If changing that setting alone doesn't work for you:

1: Update your realtek drivers

2: The key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E972-E325-11CE-BFC1-08002BE10318}\00nn needs to have 4 values. '00nn' is the specific key that has the information for the adapter you intend on capturing on. Add or edit the following DWORDs

MonitorModeEnabled - 1
MonitorMode - 1
*PriorityVLANTag - 0
SkDisableVlanStrip - 1

Restart your computer, make sure there's no firewall preventing wireshark from seeing the no longer vlan tagged packets, and you should be good to go.

 

 

Recommended Solution
  1  
  1  
#13
Options
Re:ER605 sending out RA's for multiple networks incorrectly-Solution
2024-04-15 01:37:31 - last edited 2024-04-15 01:37:35

For anyone who tries this above solution shared by the OP, please proceed based on your discretion. Please back up your registry for safety. If there is any issues, please contact your computer vendor for further recovering and technical support.

 

We, TP-Link, will not be responsible for any malfunction that happens to your computer if you modify your system settings. Data is invaluable and be sure you have them properly backed up.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#14
Options