[XGS1930] blocks IPv6 RA/ND

MichaelB
MichaelB Posts: 6
First Anniversary Friend Collector First Comment
edited August 2022 in Switch
Hello,

so I replaced an older layer 2 switch with the XGS1930 (firmware V4.70(ABHS.1), local management) and discovered that my clients do not receive any IPv6 addresses any longer. On my uplink router I actually cannot see any IPv6 client addresses any longer on the switchport which the XGS1930 is connected to. The XGS1930 has basically the default configuration running with an IPv4 management address. What function of the XGS1930 might block IPv6?

  • On the XGS1930, VLAN 1 is untagged on all switchports, VLAN 100 is tagged on all switchports
  • Management VLAN is 1
  • The traffic for the clients which do not have any IPv6 connection use tagged VLAN 100. IPv4 within VLAN 100 works without any problem. IPv6 doesn´t.
Regards

All Replies

  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2021
    Hi @MichaelB,

    Welcome to Zyxel Community!

    Since the default configuration only supports IPv6 is VLAN 1, so you may need to create an interface VLAN 100 for IPv6 use.

    Here is the steps to create an IPv6 interface:
    Create an interface VLAN 100

    After adding it, it will show on the bottom.


    Enable interface VLAN 100



    Configure interface IA type.

    Description of IA type:


    Please also make sure that the DHCP server has an IPv6 pool for VLAN 100 subnet.

    Adam
  • MichaelB
    MichaelB Posts: 6
    First Anniversary Friend Collector First Comment
    Hello, thank you for your answer. With this settings, the switch itself receives an IPv6 address from the DHCPv6 server. Unfortunately, every client which is connected to the switch in VLAN 100 still doesn´t receive any IPv6 address at all.
  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    @MichaelB,

    Thanks for your reply.
    May I confirm one thing that do you need your DHCPv6 server to send an IPv6 perfix to XGS1930 switch and the switch helps to forward IPv6 address by sending RA to your clients? If so, XGS1930 is not supported this function so far, so we could help you transfer your case to feature request.

    However, the switch which supports your requirement is L3 switch (XS3800/XGS4600).
    Adam
  • MichaelB
    MichaelB Posts: 6
    First Anniversary Friend Collector First Comment
    Sorry, my answer was kind of wrong. We have:

    - switch A (layer 3) which has DHCPv6 relay enabled and forwards the request to the DHCPv6 server and receives the answer.
    - The ZyXel XGS1930 switch which is connected to the layer 3 switch above.

    So the ZyXel SGS1930 should work as simply layer 2 and pass all IPv6 traffic to the clients which are connected to it. The RAs which are sent by the layer 3 switch do not pass the ZyXel XGS1930 switch. When I plug in e.g. my laptop directly to the layer 3 switch (instead of the ZyXel XGS1930) I immediately get an IPv6 address assigned from the DHCPv6 server.

  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    @MichaelB

    Thanks for your reply.
    Could you please PM me your configuration of both switch, so we are able to help to investigate your issue.

    Since you said that XGS1930 was able to get IPv6 address from layer 3 switch, so clients connect to XGS1930 should also have no issue to get IPv6 address.
    Adam
  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2021
    Hi @MichaelB,

    Thanks for sharing your configuration.

    After testing your configuration, we found that the command "igmp-snooping reserved-multicast-group drop" drop IPv6 RA packets which leads your clients connect to XGS1930 are unable to get IPv6 address.

    You need to change the configuration from "drop" to "flooding" in order to solve your issue.

    If you would like to drop specific reserved multicast address, you may use Classifier + Policy Rule (ACL) to do it.

    Thanks,
    Let me know if you have any concern.
    Adam