Hello everyone,
I am trying to set up IPv6 connectivity on some VLANs I have on my CRS326-24G-2S+RM switch. These VLANs already have working v4 connectivity.
The switch is sitting behind a firewall, which is requesting the v6 prefixes, and then I manually split and configure them on the switch, using the firewall only as a gateway for internet bound traffic.
The following is my routing table:
[primrose@hyacinth] /interface/bridge> /ipv6/route
[primrose@hyacinth] /ipv6/route> print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, g - SLAAC; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAgH ::/0 fe80::xxxx:xxxx:xxxx:543e%bridge 1
DAcH 26xx:xxxx:xxxx:7100::/64 bridge 0
DAcH 26xx:xxxx:xxxx:7103::/64 gardenia 0
DAcH fe80::%bridge/64 bridge 0
DAcH fe80::%aconite/64 aconite 0
DAcH fe80::%bellflower/64 bellflower 0
DAcH fe80::%gardenia/64 gardenia 0
DAcH fe80::%iris/64 iris 0
DAcH fe80::%periwinkle/64 periwinkle 0
DAcH fe80::%senna/64 senna 0
[primrose@hyacinth] /ipv6/route>
As you can see, the default IPv6 route is configured to send all other traffic (i.e internet bound traffic) to the firewall for routing.
The following are my addresses assigned to my interfaces:
[primrose@hyacinth] /ipv6/route> /ipv6/address
[primrose@hyacinth] /ipv6/address> print
Flags: D - DYNAMIC; G - GLOBAL, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
# ADDRESS INTERFACE ADVERTISE
0 DL fe80::xxxx:xxxx:xxxx:906/64 bellflower no
1 DL fe80::xxxx:xxxx:xxxx:906/64 iris no
2 DL fe80::xxxx:xxxx:xxxx:906/64 aconite no
3 DL fe80::xxxx:xxxx:xxxx:906/64 gardenia no
4 DL fe80::xxxx:xxxx:xxxx:906/64 bridge no
5 DL fe80::xxxx:xxxx:xxxx:906/64 periwinkle no
6 DL fe80::xxxx:xxxx:xxxx:906/64 senna no
7 G 26xx:xxxx:xxxx:7100::cafe/64 bridge yes
8 G 26xx:xxxx:xxxx:7103::1/64 gardenia yes
[primrose@hyacinth] /ipv6/address>
If I ping a public IPv6 host from the bridge interface’s IPv6 address, it works as expected, and I get replies:
[primrose@hyacinth] /ipv6/address> /ping interface=bridge 2606:4700:4700::1111
SEQ HOST SIZE TTL TIME STATUS
0 2606:4700:4700::1111 56 56 11ms488us echo reply
1 2606:4700:4700::1111 56 56 13ms10us echo reply
2 2606:4700:4700::1111 56 56 11ms404us echo reply
3 2606:4700:4700::1111 56 56 18ms635us echo reply
4 2606:4700:4700::1111 56 56 12ms445us echo reply
5 2606:4700:4700::1111 56 56 12ms537us echo reply
6 2606:4700:4700::1111 56 56 13ms186us echo reply
sent=7 received=7 packet-loss=0% min-rtt=11ms404us avg-rtt=13ms243us max-rtt=18ms635us
[primrose@hyacinth] /ipv6/address>
But, if I try to do the same using the “gardenia” VLAN interface, I get a “no route to host” error
[primrose@hyacinth] /ipv6/address> /ping interface=gardenia 2606:4700:4700::1111
SEQ HOST SIZE TTL TIME STATUS
0 no route to host
1 no route to host
2 no route to host
3 no route to host
4 no route to host
sent=5 received=0 packet-loss=100%
[primrose@hyacinth] /ipv6/address>
Clients within this VLAN are also unable to ping public IPv6 addresses, only ones that are on the local VLAN.
I have tried everything, from disabling and enabling IPv6 forward, messing around with the routing table by pointing ::/0 to gardenia to see if that would solve anything, and have spent hours looking at similar issues online on places like reddit and this forum, but to no avail.
If anyone has any clue what is going on and can assist me, it would be very much appreciated. If any more information is needed to assist, please let me know and I will be happy to provide it.
Thank you in advance for your help.