GS1200-8 IPv6 neighbor discovery multicast on VLAN not filtered properly?!

peter314 · July 2018

Hello,

I observed this strange behavior on my GS1200-8 switch, that IPv6 neighbor discovery multicast packets are not filtered properly according to their VLAN-ID.

The attached picture shows the VLAN configuration. Port 1 and 2 are used for trunking to the router and another managed switch. All the other ports show the anomaly, that mentioned packets from VLAN 16 show up on the ports 3 to 8.

What is wrong here? Is that a bug or did I do anything wrong? Thanks in advance!

#Home_Switch_July

Zyxel_Steven · July 2018

@peter314,

I have sent you the firmware link of GS1200-8 about this problem via private message.
Please kindly check your message box.

Hill · July 2018

Can you share the firmware version of GS1200-8 and your network topology?
May I know the configuration purpose? What kind of application?
If there are more information, it will help to check this problem.

peter314 · July 2018

The firmware version is the most recent V1.00(ABME.0)C0.

VLAN1 is the standard internal network, while VLAN16 is meant to be the guest network.

The network topology looks like the following:

cable-modem -- router/firewall (pfsense) -- [port 1] GS1200-8 [port 2] -- GS1200-5HPv1 -- WIFI/AP

The problem showed up when devices directly connected to the GS1200-8 got IPv6 addresses from both VLANs. I can't see this effect on devices connected to the GS1200-5HPv1 or on the WIFI/AP (WPA2-Enterprise).
The normal broadcast messages, DHCP, ARP, etc. seem to be filtered correctly. AFAICS the problem seems to be limited to ICMPv6 multicast messages.

Wiasouda · July 2018

Hi @peter314
The original question you mentioned is port 3~8 received port 1/2's packet, do you want block/exclude port 3~8 to connect to port 1 and 2?

The problem showed up when devices directly connected to the GS1200-8 got IPv6 addresses from both VLANs. I can't see this effect on devices connected to the GS1200-5HPv1 or on the WIFI/AP (WPA2-Enterprise). <br>

Check user manual and there is not the IPv6 client or feature in GS1200-8, so do you mean that ICMPv6 can't be transfer correct while through GS1200-8?

peter314 · July 2018

Hi @Wiasouda

The ports 1/2 are for trunking to the router and the next switch. As you can see in the screenshot the ports 3 to 8 are assigned to VLAN1 only. But there are ICMPv6 multicast packets from VLAN16 that get through to VLAN1 that should not.

Some more observations: The problem occurs only if "IGMP Snooping" is enabled. If disabled the packets are filtered correctly. My guess is that this is a bug and not a feature

peter314 · July 2018

Hi again! Are there any Zyxel employees here that may comment on this? Is this a bug? Will there be a fix? Thanks in advance!

Zyxel_Steven · July 2018

@peter314,

Thanks for the information. We're still checking this problem.

If there are any update, we will let you know.

Zyxel_Steven · July 2018

@peter314,

I have sent you the firmware link of GS1200-8 about this problem via private message.
Please kindly check your message box.

peter314 · July 2018

Hi Steven, thanks for the quick response! I tested the firmware and the v6 multicast packets seem to be filtered correctly now.

Will let you know if any issues pop up.

Hope the official firmware can be released soon.

GS1200-8 IPv6 neighbor discovery multicast on VLAN not filtered properly?!

Accepted Solution

All Replies

Categories

Consumer Product Help Center