Community discussions

MikroTik App
 
staticsafe
just joined
Topic Author
Posts: 6
Joined: Sun Dec 28, 2014 6:42 pm

Router Advertisement leakage across VLANs

Sun Dec 28, 2014 6:48 pm

Hi all,

I am running a CRS125-24G-1S-RM with RouterOS version 6.24. I am seeing a rather strange issue where I'm seeing IPv6 router advertisements leaking across VLANs. Unsure if this a bad configuration somewhere on my part or a bug.

Example:
My desktop PC on VLAN 10, whenever I turn on something in VLAN 20, I see the router solicitation and the corresponding router advertisements which confuses the host in VLAN 10.

Thank you in advance for any help.

My configuration:
[admin@janus] > /export compact hide-sensitive
# dec/28/2014 16:27:10 by RouterOS 6.24
# software id = ZLEQ-11VA
#
/interface bridge
add comment="Wired Standard" name=br10
add comment="Wireless Standard" name=br20
add comment="IPv6Only Experimental" name=br30
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-slave-local
set [ find default-name=ether3 ] name=ether3-slave-local
set [ find default-name=ether4 ] name=ether4-slave-local
set [ find default-name=ether5 ] name=ether5-slave-local
set [ find default-name=ether6 ] name=ether6-slave-local
set [ find default-name=ether7 ] name=ether7-slave-local
set [ find default-name=ether8 ] name=ether8-slave-local
set [ find default-name=ether9 ] name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether1-gateway name=ether10-slave-local
set [ find default-name=ether11 ] master-port=ether1-gateway name=ether11-slave-local
set [ find default-name=ether12 ] master-port=ether1-gateway name=ether12-slave-local
set [ find default-name=ether13 ] master-port=ether1-gateway name=ether13-slave-local
set [ find default-name=ether14 ] master-port=ether1-gateway name=ether14-slave-local
set [ find default-name=ether15 ] master-port=ether1-gateway name=ether15-slave-local
set [ find default-name=ether16 ] master-port=ether1-gateway name=ether16-slave-local
set [ find default-name=ether17 ] master-port=ether1-gateway name=ether17-slave-local
set [ find default-name=ether18 ] master-port=ether1-gateway name=ether18-slave-local
set [ find default-name=ether19 ] master-port=ether1-gateway name=ether19-slave-local
set [ find default-name=ether20 ] master-port=ether1-gateway name=ether20-slave-local
set [ find default-name=ether21 ] master-port=ether1-gateway name=ether21-slave-local
set [ find default-name=ether22 ] master-port=ether1-gateway name=ether22-slave-local
set [ find default-name=ether23 ] master-port=ether1-gateway name=ether23-slave-local
set [ find default-name=ether24 ] master-port=ether1-gateway name=ether24-slave-local
set [ find default-name=sfp1 ] master-port=ether1-gateway name=sfp1-slave-local
/interface 6to4
add local-address=174.117.80.88 mtu=1480 name=sit1 remote-address=216.66.38.58
/ip neighbor discovery
set br10 comment="Wired Standard"
set br20 comment="Wireless Standard"
set br30 comment="IPv6Only Experimental"
/interface vlan
add comment="Wired Standard" interface=ether2-slave-local l2mtu=1584 name=vlan10 vlan-id=10
add comment="Wireless Standard" interface=ether2-slave-local l2mtu=1584 name=vlan20 vlan-id=20
add comment="IPv6Only Experimental" interface=ether2-slave-local l2mtu=1584 name=vlan30 vlan-id=30
/ip neighbor discovery
set vlan10 comment="Wired Standard"
set vlan20 comment="Wireless Standard"
set vlan30 comment="IPv6Only Experimental"
/ip pool
add name="VLAN10 pool" ranges=10.0.10.2-10.0.10.253
add name="VLAN20 pool" ranges=10.0.20.3-10.0.20.253
/ip dhcp-server
add add-arp=yes address-pool="VLAN10 pool" always-broadcast=yes authoritative=yes disabled=no interface=br10 name="VLAN10 DHCP"
add add-arp=yes address-pool="VLAN20 pool" always-broadcast=yes authoritative=yes disabled=no interface=br20 name="VLAN20 DHCP"
/port
set 0 name=serial0
/interface bridge port
add bridge=br20 interface=ether4-slave-local
add bridge=br20 interface=vlan20
add bridge=br10 interface=ether2-slave-local
add bridge=br10 interface=vlan10
add bridge=br10 interface=ether3-slave-local
add bridge=br10 interface=ether5-slave-local
add bridge=br10 interface=ether6-slave-local
add bridge=br10 interface=ether7-slave-local
add bridge=br10 interface=ether8-slave-local
add bridge=br30 interface=ether9-slave-local
add bridge=br30 interface=vlan30
/interface ethernet switch egress-vlan-tag
add disabled=yes tagged-ports=switch1-cpu vlan-id=10
add disabled=yes tagged-ports=switch1-cpu vlan-id=20
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 disabled=yes new-customer-vid=20 ports=ether4-slave-local sa-learning=yes
add customer-vid=0 disabled=yes new-customer-vid=10 ports=ether2-slave-local,ether3-slave-local,ether5-slave-local,ether6-slave-local sa-learning=yes
/ip address
add address=10.0.10.1/24 interface=br10 network=10.0.10.0
add address=10.0.20.1/24 interface=br20 network=10.0.20.0
add address=10.0.10.254/24 interface=vlan10 network=10.0.10.0
add address=10.0.20.254/24 interface=vlan20 network=10.0.20.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
*snip static leases*
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=10.0.10.3 gateway=10.0.10.1 netmask=24
add address=10.0.20.0/24 dns-server=10.0.10.3 gateway=10.0.20.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=2001:470:b2c9:10:c23f:d5ff:fe68:2453
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.0.10.0/24,10.0.20.0/24
set ssh address=10.0.10.0/24,10.0.20.0/24
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1-gateway type=external
add interface=br10 type=internal
add interface=br20 type=internal
/ipv6 address
add address=2001:470:1c:96b::2 advertise=no interface=sit1
add address=2001:470:b2c9:10::1 advertise=no interface=br10
add address=2001:470:b2c9:20::1 advertise=no interface=br20
add address=2001:470:b2c9:30::1 advertise=no interface=br30
/ipv6 nd
set [ find default=yes ] disabled=yes
add advertise-mac-address=no hop-limit=64 interface=br10 mtu=1480
add advertise-mac-address=no disabled=yes hop-limit=64 interface=br20 mtu=1480
add advertise-mac-address=no disabled=yes hop-limit=64 interface=br30 mtu=1480
/ipv6 nd prefix
add interface=br10 prefix=2001:470:b2c9:10::/64
add disabled=yes interface=br20 prefix=2001:470:b2c9:20::/64
add disabled=yes interface=br30 prefix=2001:470:b2c9:30::/64
/ipv6 route
add distance=1 dst-address=2000::/3 gateway=2001:470:1c:96b::1
/lcd
set read-only-mode=yes
/system clock
set time-zone-name=Etc/UTC
/system identity
set name=janus
/system ntp client
set enabled=yes primary-ntp=192.67.222.4 secondary-ntp=167.88.40.177

Who is online

Users browsing this forum: domodial, Google [Bot], McSee, MRSample and 116 guests