I have set up my home router with two VLANs, one for IoT and other restricted devices (Guest VLAN) and an unrestricted VLAN (LAN VLAN).
To distinguish the networks, I request a /60 prefix from my ISP, which is granted. Then I give the aaaa:bbbb:cccc:ddd1/64 prefix to the LAN network and the aaaa:bbbb:cccc:ddd2/64 prefix to the Guest network. This makes them easily distinguishable via IP address.
However, I seem to be having an issue with SLAAC. For some reason, every client that connects to the router gets two Global IP addresses and two ULA addresses for their designated /64 subnet.
- My Ubuntu laptop gets 4 address. None of the addresses appear to be EUI-64, but the ULA and Global prefixes match up to /64 for each pair of ULA and Global addresses. The host portion of only one pair of ULA/Global addresses matches, the host portion of the other pair is entirely different.
- My Android phone gets 4 addresses as well. One global and one ULA address is EUI-64, the other pair is seemingly random. However, each ULA/Global pair has the same host portion. For example, two of the addresses are [ULA prefix]:9849:5769:69f8:a48c and [Global prefix]:9849:5769:69f8:a48c (these are the seemingly-random non-EUI-64 addresses).
- My Raspberry Pi (which is on my guest network) does only get one pair of addresses (one Global, one ULA). However, this must be a software setting or something since it's an oddball. However, it being on the guest network isn't the reason for this because when I connect my Android phone to my guest network I get 4 addresses.
I have disabled DCHPv6 on both my Guest and LAN interfaces so that they only give router advertisements, allowing connected clients to only use SLAAC addressing.
I'm about at my wit's end trying to figure out what is causing this issue.
Here are my relevant configs:
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option sequential_ip '1'
option cachesize '2500'
list notinterface 'wan'
list notinterface 'wan6'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,1.1.1.1,1.0.0.1'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'guest'
list dhcp_option '6,1.1.1.1,1.0.0.1'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'
config host
option dns '1'
option name 'raspberrypi'
option mac 'B8:27:EB:53:DC:C8'
option leasetime 'infinite'
option hostid '2'
option ip '192.168.2.1'
network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd68:fe79:ee19::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option _orig_ifname 'eth0 wlan0 wlan0-1 wlan1 wlan1-1 wlan2 wlan2-1'
option _orig_bridge 'true'
option ifname 'eth0.1'
option ip6assign '64'
option ip6hint '1'
option igmp_snooping '1'
option dns '1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001'
config interface 'wan'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
option reqprefix '60'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6'
option vid '2'
config interface 'guest'
option type 'bridge'
option ifname 'eth0.3'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '64'
option ipaddr '192.168.2.1'
option ip6hint '2'
option igmp_snooping '1'
option dns '1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '2 3 5t'