How to configure IPv6 on static interface on dumb AP?

I need some advice, i get a /48 PD from my ISP, i have 4 interfaces configured with VLANs. Those interfaces get a /64 local IPv6 and a /64 part of the global IPv6. So that all seems to be working. Now I have 2 APs with the same networks, 3 of them are "unmanaged" and for clients connected to those IPv6 is working fine. The last interface is "static", for those clients IPv6 is not working. Also on the AP itself cannot connect to the internet on IPv6.

Can anybody give some advice on how to config it?

Thank you

I assume you're running a single trunk port on both of your routers. Did you by any chance misconfigure the vlan assignment? Network => Interfaces => Devices => "configure" on the "br-lan" => "Bridge VLAN filtering".

Make sure the VLAN line of your fourth vlan has the correct vlan ID on both of your devices and the dropdown set to "tagged" on the rj45 ports you're using.

Happens to me once in a while, I sometimes add the new VLAN line but either misstype the vlan ID or set the port dropdown to "untagged" instead of "tagged".

Anything that is properly bridged through will have clients handled by the main router. Think of the interface inside the AP as a tee off of the bridge, while the main road is a direct path from wireless to wired and back. The branch interface may or may not hold an IP address. If it does hold an IP address, packets on that VLAN can reach the OpenWrt kernel in the AP. This is done (usually on only one VLAN) so the router can reach the Internet, and so you can log in and administer it.

The IP address on the bridge is not involved to route or firewall clients. The AP remains "dumb" in that regard. It works at layer 2 (MAC address) level to forward packets from wireless to wired on the uplink Ethernet cable. It is important that a local DHCP server must not be running.

Instead of a static IP you could also use a (v4 and / or v6) DHCP client to pick up an administrative IP automatically. Again this would have no effect on the clients networking back to the main router.

Yes, especially because the router is a R4S. VLAN id should be fine as IPv4 works without a glitch.

Indeed that is what i was thinking. The thing is there is no route to ::/0 definex on the APs, only on the main router. So what I'm guessing is happening is that the clients somehow get a v6 address from the AP but then don't know how to reach the internet from there. I tried disabling router advertisement but that did not work. I tried putting in a gateway by hand but that also did not work. What ipv6 should i assign to the ap? And what gateway address? Oddly the wan has a fe80 address while the wan6 has the PD and the local v6...

I could maybe disable ipv6 completely on the APs but then cannot be reached via ipv6 anymore, maybe not thd end of the world but also not very elegant

Thx for the help

I still have the same issue. If I do service odhcpd restart after I connect I do consistently get an IPv6 and gateway.

So maybe its an issue in odhcpd? or maybe an misconfiguration or a bug?

Sounds like you need a hotplug to restart/reload odhcpd after the network comes up.

If I remember right, there is a hotplug for Dnsmasq actions, but as you do not have events in a dumb AP, that does not kick in.

You might need to figure a suitable hotplug action to react to in triggering odhcpd restart.

Yeah let's see if i can find something, not that easy as the client is connecting on the ap not the router... Thx for the suggestion though

Please just post your network config of the dump AP with the static address config.
I use (besides many tagged vlans on the trunk) an untagged vlan for network management to connect to the dump APs.

Its pretty boring config file. Pretty much no IPv6 anywhere. I used to have a IPv6 "management6" interface based on DHCPv6 to get a v6 address, for the router, but I removed it to not try to make things more complicated and 1st trouble shoot why the clients couldnt get a IPv6 from the router. I think the issue is in the router, or maybe the switch inbetween...

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option ula_prefix 'fd8f:64d4:7001::/48'
        option packet_steering '1'

config interface 'lan'
        option stp '1'
        option device 'br-lan'
        option proto 'none'
        option delegate '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option description 'lan'
        option ports '6t 4t 3t 2'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'
        option description 'guest'
        option ports '6t 4t 3t'

config interface 'guest'
        option stp '1'
        option device 'br-guest'
        option proto 'none'
        option ip6ifaceid '::1'
        option delegate '0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'
        option bridge_empty '1'
        option stp '1'
        option igmp_snooping '1'

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth1.3'
        option bridge_empty '1'
        option stp '1'
        option igmp_snooping '1'
        option multicast_querier '0'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '4'
        option description 'iot'
        option ports '6t 4t 3t'

config device
        option type 'bridge'
        option name 'br-IoT'
        list ports 'eth1.4'
        option stp '1'
        option igmp_snooping '1'
        option bridge_empty '1'

config interface 'IoT'
        option device 'br-IoT'
        option proto 'none'
        option delegate '0'

config device
        option name 'eth1.1'
        option type '8021q'
        option ifname 'eth1'
        option vid '1'

config device
        option name 'eth1.3'
        option type '8021q'
        option ifname 'eth1'
        option vid '3'

config device
        option name 'eth1.4'
        option type '8021q'
        option ifname 'eth1'
        option vid '4'

config switch_vlan
        option device 'switch0'
        option vlan '5'
        option vid '5'
        option description 'management'
        option ports '6t 4t 3t 1'

config interface 'management'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.64.1'
        option device 'br-management'
        option gateway '192.168.64.6'
        option delegate '0'
        option force_link '0'
        list dns '192.168.64.6'

config device
        option type 'bridge'
        option name 'br-management'
        option bridge_empty '1'
        list ports 'eth1.5'
        option stp '1'
        option igmp_snooping '1'
        option multicast_querier '0'
        option ip6segmentrouting '0'

ok seems i fixed it. It is either related to STP or IGMP snooping I think. Somehow some packets were stopped or something. Maybe a bug or just somehow misconfigured. Regardless, thx for the suggestions.

Update: actually I think it must have been allow ICMP messages :

config rule
         option name 'IPv6 allow specific ICMP'
         option family 'ipv6'
         list proto 'icmp'
         list icmp_type 'bad-header'
         list icmp_type 'destination-unreachable'
         list icmp_type 'echo-reply'
         list icmp_type 'echo-request'
         list icmp_type 'neighbour-advertisement'
         list icmp_type 'neighbour-solicitation'
         list icmp_type 'packet-too-big'
         list icmp_type 'router-advertisement'
         list icmp_type 'router-solicitation'
         list icmp_type 'time-exceeded'
         list icmp_type 'unknown-header-type'
         option src 'lan'
         option target 'ACCEPT'

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.