FW V4.90(ABPL.1)C0 seems to break IPV6 traffic on GS1350-26HP

Options
Lefuneste83
Lefuneste83 Posts: 11
First Comment

I have applied FW V4.90(ABPL.1)C0 to GS1350-26HP as I needed to have port information exposed in SNMP. This FW does indeed brings this feature, but I am encountering a serious issue which forced me to rollback to previous FW version.

As soon as I got the FW updated to V4.90(ABPL.1)C0 users complained about connection issues on Nebula APs connected downstream of the switch.

Upon further investigation I have the following conclusions:

1/ The switch is Nebula managed, but because I suspected the switch was the source of my connectivity issues, I have defined interfaces for all VLANs exposed by the switch using WebGUI. Note that the VLAN interfaces were already defined and working in Nebula, but were not defined in the WebGUI of the new FW when I first connected.

2/ I have activated and setup IPV6 for every such interface.

3/ I can ping the gateway in IPV6 from the switch itself reliably and without issue which makes me believe that I have proper IPV6 settings.

4/ Mobile devices connected to AP downstream of the switch do get IPV6 addresses from the router with RA mechanism (managed mode SLAAC and DHCPV6 addresses) which means that broadcast requests pass through the switch.

5/ Mobile devices connected to AP downstream of the switch cannot reliably ping the gateway in IPV6. When doing specific ping queries in IPV6 to the gateway, about one request out of 20 gets a reply, with random TTL sometimes 10ms sometimes 2000+ms. I then get 3 to 5 replies then no replies for another 20 request and so on. As by default Android and iOS choose to use IPV6 connectivty by default when available, the mobiles devices get disconnected when trying to access IPV6 services (streaming services for instance).

6/ If I disable the RA mechanism forcing mobile device to only use IPV4, connectivity is working fine to outside services and all IPV4 services are accessible.

7/ Mobile devices connected to AP which is NOT downstream of the switch get IPV6 address with the same mechanism. They have no issue pinging the gateway in IPV6.

8/ Wired devices such as PC and servers connected downstream of the switch cannot ping the gateway in IPV6 neither, but can reliably connect in IPV4.

9/ I have verified IPV6 configuration of the switch itself and everything appears good and as stated above. The switch itself does not suffer connectivity issues when pinging the gateway in IPV6.

10/ I have rolled back to V4.70(ABPL.5) | 10/25/2022 and I immediately get all the above issues resolved.

So the overall symptoms are that IPV6 unicast packets do not get pass the switch itself.

My conclusion is that either V4.90(ABPL.1)C0 breaks connectivity in IPV6 completely, or it encounters an issue with previous settings from the previous FW version. I have not tried to reset switch settings completely as it would require a complete reconfiguration of all ports and VLAN mappings.

Let me know if I can provide you with configuration or any other data.

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 711  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Lefuneste83

    To further investigate your issue, could you please enable Zyxel Support on Nebula CC and provide your org. and site name? We would like to replicate your configuration on our end and look into this matter.

    Share yours now! https://bit.ly/4aO0BMF

    Kay

  • Lefuneste83
    Lefuneste83 Posts: 11
    First Comment
    Options

    Hello. I have enabled RO access on Nebula if you want to have a look at the switch settings. It is only a single Org and Site so you should find it straight away. Let me know if you need some extra information or RW access. Please take note that I have rolled back the FW version to 4.70, but the settings are unchanged from the 4.90 version including VLAN interface definitions and IPV6 activation for each such VLAN interfaces. So you should get them if you do a FW dump.

    Thanks for your time and dedication.

  • Zyxel_Kay
    Zyxel_Kay Posts: 711  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Lefuneste83

    Thank you for enabling the Zyxel Support on Nebula.

    We will proceed with further troubleshooting regarding this matter and keep you updated on any progress we make.

    Share yours now! https://bit.ly/4aO0BMF

    Kay

  • Lefuneste83
    Lefuneste83 Posts: 11
    First Comment
    Options

    Thanks a lot !

  • Zyxel_Kay
    Zyxel_Kay Posts: 711  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Lefuneste83 and All,

    Regarding the issue of IPv6 traffic on GS1350 V4.90(ABPL.1)C0 firmware, we are actively working on a solution and intend to address it in our future official firmware update. Stay tuned to the https://community.zyxel.com/en/categories/switch-news-and-release for the most recent firmware updates.

    Share yours now! https://bit.ly/4aO0BMF

    Kay