Community discussions

MikroTik App
 
csurata
just joined
Topic Author
Posts: 17
Joined: Sat May 09, 2020 3:14 am

HaP Ac2 erro dhcpv6 client

Sun Jan 15, 2023 5:38 am

Hello Guys, I am not able to get the prefix 64 from my ISP. The dhcpv6 client just keeps looking. I tested other models of routers and they all worked, but MK v7.7 is not working. Can someone help me?
# jan/15/2023 00:29:32 by RouterOS 7.7

#
# model = RBD52G-5HacD2HnD

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    use-peer-dns=yes user=


/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.30
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=40m name=defconf
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
add disabled=no name=default-v3 version=3
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
add disabled=yes instance=default-v3 name=backbone-v3
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=\
    "wlan 2.4ghz"
add bridge=bridge comment=defconf ingress-filtering=no interface="wlan 5ghz"
/ip neighbor discovery-settings
set discover-interface-list=none protocol=""
/ip settings
set max-neighbor-entries=8192 rp-filter=strict
/ipv6 settings
set accept-router-advertisements=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN lan-interface-list=\
    LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface ovpn-server server
set auth=sha1,md5

/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip cloud
set ddns-enabled=yes

/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1 netmask=24

/ip dns static
add address=192.168.88.1 comment=defco
Last edited by BartoszP on Sun Jan 15, 2023 9:03 am, edited 1 time in total.
Reason: Use proper tags: quote to quote, code for code - keep forum tidy
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: HaP Ac2 erro dhcpv6 client

Sun Jan 15, 2023 2:54 pm

The config shown does not have anything IPv6 related (apart from a line with settings). E.g. you don't have DHCPv6 running ...
 
csurata
just joined
Topic Author
Posts: 17
Joined: Sat May 09, 2020 3:14 am

Re: HaP Ac2 erro dhcpv6 client

Sun Jan 22, 2023 1:02 am

[admin@MikroTik] > ipv6/ export verbose hide-sensitive
# jan/21/2023 19:55:51 by RouterOS 7.8beta2
# software id = 7EZV-MG4T
#
# model = RBD52G-5HacD2HnD
# serial number = BEEB0BF456C2
/ipv6 dhcp-client
add add-default-route=yes default-route-distance=1 dhcp-options="" dhcp-options="" disabled=no interface=pppoe-out1 pool-name=V6 pool-prefix-length=64 prefix-hint=::/0 request=prefix \
use-peer-dns=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" disabled=no dynamic=no list=bad_ipv6
add address=::1/128 comment="defconf: lo" disabled=no dynamic=no list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" disabled=no dynamic=no list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" disabled=no dynamic=no list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" disabled=no dynamic=no list=bad_ipv6
add address=100::/64 comment="defconf: discard only " disabled=no dynamic=no list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" disabled=no dynamic=no list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" disabled=no dynamic=no list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no dns="" hop-limit=unspecified interface=all managed-address-configuration=no mtu=unspecified \
other-configuration=no pref64="" ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m ra-preference=medium reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes disable-ipv6=no forward=yes max-neighbor-entries=2048
You do not have the required permissions to view the files attached to this post.
 
csurata
just joined
Topic Author
Posts: 17
Joined: Sat May 09, 2020 3:14 am

Re: HaP Ac2 erro dhcpv6 client

Sun Jan 22, 2023 1:13 am

Today I upgraded to beta version 7.8Beta2, to check if the version has an update for these issues.
But I'm still having problems for SLAAC ipv6 on my MK, which are not receiving the 64 prefix from my ISP. I tried several settings here on the forum and none worked.
I discovered that my ISP uses huawei equipment as IPV6 providers, and I believe that for this reason there is some incompatibility.
I've tested equipment like Unifi, DDWRT and Huawei and all worked perfectly with ipv6 SLAAC or ipv6 dhcp.
But unfortunately the MK doesn't work, I'm using HAP ac2 and HAP Lite and none of them worked.
Can someone help me?

Thanks
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: HaP Ac2 erro dhcpv6 client

Sun Jan 22, 2023 1:11 pm

But I'm still having problems for SLAAC ipv6 on my MK, which are not receiving the 64 prefix from my ISP.

You have concepts slightly confused. SLAAC is stateless self-configuration where devices construct their own IPv6 addresses aftrr they receive router advertisement (RA) which is broadcast by router periodically. ROS does support this kind of address acquisition for its WAN address if accept-router-advertisements option is set to yes (default is different). However, such address is not shown when using usual commands (e.g. print) due to long outstanding bug. And more importantly, such address is not useful at all (it only provides router with global IPv6 address), it's not possible to have LAN subnets only with that info. And point to point links (such as PPPoE) definitely don't need global IPv6 address associated.

And then there's DHCPv6, which can give out addresses (ROS server doesn't support that) and/or prefixes ... and only if ROS receives prefix it's possible to have LAN subnets with IPv6. Your DHCPv6 client config seems almost fine, I have it very similar on a few different ISPs (some use PPPoE, some "native" ethernet) running just fine. I'm using prefix-hint setting of "::/56" (or you can try even to unset it), your setting of ::0 might upset your ISP's DHCPv6 server.
So I guess you should ask your ISP about that (after changing prefix-hint setting).
 
csurata
just joined
Topic Author
Posts: 17
Joined: Sat May 09, 2020 3:14 am

Re: HaP Ac2 erro dhcpv6 client

Fri Jan 27, 2023 9:12 pm

But I'm still having problems for SLAAC ipv6 on my MK, which are not receiving the 64 prefix from my ISP.

You have concepts slightly confused. SLAAC is stateless self-configuration where devices construct their own IPv6 addresses aftrr they receive router advertisement (RA) which is broadcast by router periodically. ROS does support this kind of address acquisition for its WAN address if accept-router-advertisements option is set to yes (default is different). However, such address is not shown when using usual commands (e.g. print) due to long outstanding bug. And more importantly, such address is not useful at all (it only provides router with global IPv6 address), it's not possible to have LAN subnets only with that info. And point to point links (such as PPPoE) definitely don't need global IPv6 address associated.

And then there's DHCPv6, which can give out addresses (ROS server doesn't support that) and/or prefixes ... and only if ROS receives prefix it's possible to have LAN subnets with IPv6. Your DHCPv6 client config seems almost fine, I have it very similar on a few different ISPs (some use PPPoE, some "native" ethernet) running just fine. I'm using prefix-hint setting of "::/56" (or you can try even to unset it), your setting of ::0 might upset your ISP's DHCPv6 server.
So I guess you should ask your ISP about that (after changing prefix-hint setting).
Hello, after performing the version upgrade to 7.8Beta2 and restarting the MK a few times, everything worked like magic, thank you very much

Who is online

Users browsing this forum: 4l4R1, Ahrefs [Bot], bizarrity, Guntis, h1ghrise, robertkjonesjr and 88 guests