I've gotten IPv6 to work on my private network to work but couldn't do so on my Guest network. Both of them have IPv6 address assigned to them when I type in 'show interfaces'. I've used the same commands to set both the network up (only the name of the interface is changed). My guest network is running on vlan 10. Any idea how can I get it to work? I've gathered all the related informations below.
ISP: Telekom Malaysia (AS4788)
set interfaces ethernet eth0 vif 500 pppoe 0 dhcpv6-pd pd 0 interface switch0.10 service dhcpv6-stateless set interfaces switch switch0 vif 10 ipv6 router-advert prefix ::/64 set interfaces switch switch0 vif 10 ipv6 router-advert send-advert true
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
br0 - u/u TM UniFi HyppTV Bridge
eth0 - u/u Internet
eth0.500 - u/u TM UniFi Internet VLAN
eth0.600 - u/u TM UniFi HyppTV VLAN
eth1 - u/D Local
eth2 - u/D Local
eth3 - u/D Local
eth4 - u/u Local
lo 127.0.0.1/8 u/u
::1/128
pppoe0 175.1x3.y55.z6 u/u
switch0 10.0.0.1/24 u/u Local
2001:e68:5413:37ad:46d9:e7ff:fe07:1bd1/64
switch0.10 10.0.1.1/24 u/u Guest
2001:e68:5413:37ad:46d9:e7ff:fe07:1bd1/64firewall {
all-ping enable
broadcast-ping disable
group {
network-group RFC1918 {
description ""
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
}
ipv6-name WAN6_IN {
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
}
ipv6-name WAN6_LOCAL {
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
rule 40 {
action accept
description "allow DHCPv6 client/server"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name Guest_IN {
default-action accept
description ""
rule 10 {
action accept
description "Accept Established/Related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action accept
description "Allow Chromecast"
destination {
address 10.0.0.2
}
log disable
protocol all
}
rule 30 {
action drop
description "Drop RFC1918"
destination {
group {
network-group RFC1918
}
}
log disable
protocol all
}
}
name Guest_LOCAL {
default-action drop
description ""
rule 10 {
action accept
description "Accept DHCP"
destination {
port 67
}
log disable
protocol udp
}
rule 20 {
action accept
description "Accept DNS"
destination {
port 53
}
log disable
protocol udp
}
}
name WAN_IN {
default-action drop
description "WAN to LAN"
rule 1 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
enable-default-log
rule 1 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
related enable
}
}
rule 2 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
invalid enable
}
}
rule 3 {
action accept
description "Remote access"
destination {
port 80,443
}
log enable
protocol tcp_udp
}
rule 5 {
action accept
description SSH
destination {
port 122
}
log enable
protocol tcp_udp
}
rule 6 {
action accept
description Ping
log enable
protocol icmp
}
}
options {
mss-clamp {
interface-type pppoe
mss 1412
}
mss-clamp6 {
interface-type pppoe
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
description "TM UniFi HyppTV Bridge"
hello-time 2
max-age 20
priority 32768
promiscuous disable
stp false
}
ethernet eth0 {
description Internet
duplex auto
firewall {
in {
}
local {
}
}
speed auto
vif 500 {
description "TM UniFi Internet VLAN"
pppoe 0 {
default-route auto
dhcpv6-pd {
no-dns
pd 0 {
interface switch0 {
service dhcpv6-stateless
}
interface switch0.10 {
service dhcpv6-stateless
}
prefix-length 64
}
rapid-commit enable
}
firewall {
in {
ipv6-name WAN6_IN
name WAN_IN
}
local {
ipv6-name WAN6_LOCAL
name WAN_LOCAL
}
}
ipv6 {
dup-addr-detect-transmits 1
enable {
}
}
mtu 1492
name-server none
password ****************
user-id nsf6969@unifi
}
}
vif 600 {
bridge-group {
bridge br0
}
description "TM UniFi HyppTV VLAN"
}
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
bridge-group {
bridge br0
}
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 10.0.0.1/24
description Local
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag true
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth4 {
}
vlan-aware disable
}
vif 10 {
address 10.0.1.1/24
description Guest
firewall {
in {
name Guest_IN
}
local {
name Guest_LOCAL
}
}
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
mtu 1500
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
wan-interface pppoe0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name Guest {
authoritative disable
subnet 10.0.1.0/24 {
default-router 10.0.1.1
dns-server 10.0.1.1
dns-server 8.8.4.4
lease 86400
start 10.0.1.2 {
stop 10.0.1.254
}
}
}
shared-network-name LAN {
authoritative disable
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 10.0.0.1
dns-server 8.8.4.4
lease 86400
start 10.0.0.2 {
stop 10.0.0.254
}
static-mapping Chromecast {
ip-address 10.0.0.2
mac-address a4:77:33:5c:50:d0
}
}
}
use-dnsmasq disable
}
dns {
dynamic {
interface pppoe0 {
service noip {
host-name jacktooandroid.ddns.net
login jacktooandroid@gmail.com
password ****************
}
}
}
forwarding {
cache-size 150
listen-on switch0
listen-on switch0.10
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface pppoe0
protocol all
type masquerade
}
}
ssh {
port 122
protocol-version v2
}
upnp {
}
upnp2 {
listen-on switch0
listen-on switch0.10
nat-pmp enable
secure-mode enable
wan pppoe0
}
}
system {
config-management {
commit-archive {
}
commit-revisions 65535
}
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name ""
level admin
}
}
name-server 8.8.4.4
name-server 8.8.8.8
name-server 2001:4860:4860::8844
name-server 2001:4860:4860::8888
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Asia/Kuala_Lumpur
traffic-analysis {
dpi enable
export enable
}
}
traffic-control {
}Thanks in advance,
Jack.