The pfSense Store

Author Topic: Router Advertisements on interfaces it is not configured  (Read 577 times)

0 Members and 1 Guest are viewing this topic.

Offline pox

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #15 on: September 12, 2017, 01:53:46 pm »
"but the TP-Link router passing vlan tagged packets on an untagged lan."

What specific tp-link device do you have - make and model.. And how do you have it all connected together?  What configs do you have on its ports for vlans and tags?

TP-Link router is wrong: it's a TP-Link EAP245 Access Point.
The AP is connected with ethernet to pFsense. On the pFsense side that ethernet port is configured as an interface for
  • lan: untagged traffic
  • vlan.20
  • vlan.30

lan has IPv6 configured with a static IPv6 address. RA is configured on that interface. All other interfaces are IPv4 only.

On the AP there are 3 configured SSIDs:
  • SSID1: no vlan tag specified
  • SSID2: vlan id 20
  • SSID3: vlan id 30

If i connect to Wireless SSID2, I get the ICMPv6 router advertisements from lan.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9038
  • Karma: +1030/-306
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #16 on: September 12, 2017, 02:04:14 pm »
About the only suggestion I can make on the pfSense side is to also tag the LAN interface, but if the TP-Link AP requires management to be untagged (as so many do) that will probably not be possible.

Or, maybe, make a special management interface that is untagged to the AP with no RA enabled and a separate LAN interface that is tagged with the RA on it.

Just thinking of ways that might possibly work around that broken AP.

Personally, I would discard/return it and get something that works.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #17 on: September 12, 2017, 02:11:10 pm »
"If i connect to Wireless SSID2, I get the ICMPv6 router advertisements from lan."

And what happens when you connect to SSID3?  Are you also seeing lan RAs?

According to the main site for that eap245 it states
"Supports management VLAN for an enhanced network management"

Have to look at the manual.. But yeah if the traffic is tagged going into the AP it sure and the F should not send the RAs out a vlan SSID..

Are you doing anything with the captive portal of the AP?  Curious if that might have something to do with it??  Are you running the firmware I show on their site? EAP245(US)_V1_161116  says it has fixed some bugs ;)
« Last Edit: September 12, 2017, 02:17:30 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline pox

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #18 on: September 12, 2017, 02:16:11 pm »
"If i connect to Wireless SSID2, I get the ICMPv6 router advertisements from lan."

And what happens when you connect to SSID3?  Are you also seeing lan RAs?

Yes, the same.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #19 on: September 12, 2017, 02:23:50 pm »
ok check this out from their manual..

http://static.tp-link.com/1910012212_EAP_UG.pdf
Wireless VLAN
ID
Set a VLAN ID for the wireless network. It supports maximum 8 VLANs
per frequency band.
With this feature, the EAP can work together with the switches
supporting 802.1Q VLAN. The EAP adds different VLAN tags to the
clients which are connected to the corresponding wireless network. The
clients in different VLANs cannot directly communicate with each other.
VLAN 0 means that the EAP does not add any VLAN tag to the clients
which are connected to this wireless network.

Note: Clients connected to the EAP via Ethernet cable do not belong
to any VLAN. Thus wired client can communicate with all the wireless
clients despite the VLAN settings
.


From that I take this AP is just plain borked!!!  And doesn't care what tags you send into the thing..
« Last Edit: September 12, 2017, 02:27:53 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline pox

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #20 on: September 12, 2017, 02:24:16 pm »
"If i connect to Wireless SSID2, I get the ICMPv6 router advertisements from lan."

And what happens when you connect to SSID3?  Are you also seeing lan RAs?

According to the main site for that eap245 it states
"Supports management VLAN for an enhanced network management"

Yes, I could do what Derelict proposes, and transform all my untagged lan traffic in tagged traffic. And add a management vlan for the ap.
But that would be a lot of work, and I'm not even sure if it would work. Maybe it sends ICMPv6 packets across tagged lans as well...

Are you doing anything with the captive portal of the AP?  Curious if that might have something to do with it??  Are you running the firmware I show on their site? EAP245(US)_V1_161116  says it has fixed some bugs ;)

The CP is not active on the AP, and I updated the FW yesterday because I thought the same :)

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #21 on: September 12, 2017, 02:26:05 pm »
See my last post - quote from their UG... This AP just looks broken when it comes to tags entering the AP from the wired network..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline pox

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #22 on: September 12, 2017, 02:30:53 pm »
See my last post - quote from their UG... This AP just looks broken when it comes to tags entering the AP from the wired network..

Ok... I throw it in the trash. Any suggestions on AP that supports VLANs and is around 100?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #23 on: September 12, 2017, 02:35:55 pm »
I am huge fan of the unifi AP.. Not sure about cost in euro.. But the uap-ac-lite model runs 80$ USD while the pro is $130..

https://www.ubnt.com/unifi/unifi-ac/

I have 3 of them in my house, the Pro, the LR and the lite.... They support vlans, I read on their forums that management vlan is coming if recall.  But currently the management IP of the AP has to be untagged..  I run multiple vlans on them and have never seen any bleed over that is for sure ;)

edit:
When I get home I will fire up my laptop to be sure!!

But I know my wifi devices work for ipv6 so I have to assume they are getting the correct RA ;)
« Last Edit: September 12, 2017, 02:42:39 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9038
  • Karma: +1030/-306
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #24 on: September 12, 2017, 02:47:20 pm »
Probably either Ubiquiti or, maybe, Xclaim if you want NIB. Though the Xclaim simultaneous dual-band AC units get you into the price points of "real" Ruckus APs used. Lots of things available on eBay - at least here in the US.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline pox

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #25 on: September 14, 2017, 03:08:50 am »
Thank you both. I don't like that the ubiquiti don't have a web interface, and that I have to download a management software.

I bought a D-Link DAP-2610.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #26 on: September 14, 2017, 04:10:46 am »
Dude your going to have more than 1 right... Why would you not control it from the controller software.. Where do you think you get all the bells and whistles from..

Does that even support vlans??  I don't see it listed on the specs...  And says wave 2... BS its not just look at the specs.. Dude you can manage the unifi from your phone if you wont, you don't have to run the controller software..
« Last Edit: September 14, 2017, 04:16:21 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline pox

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #27 on: September 14, 2017, 04:15:17 am »
Dude your going to have more than 1 right...

No, just that one.

Why would you not control it from the controller software.. Where do you think you get all the bells and whistles from..

I don't like to install stuff.

Does that even support vlans??  I don't see it listed on the specs...

Yes, I checked the manual a few hundred times before buying :)

Offline JKnott

  • Hero Member
  • *****
  • Posts: 880
  • Karma: +29/-4
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #28 on: September 14, 2017, 07:08:23 am »
Quote
It's not that big of a problem really, those packets do no harm. It's just traffic that should not be there...

I saw this problem years before I started using pfSense.  I used to use openSUSE for my firewall/router.  I was planning on setting up a guest WiFi, when I ran into that problem.

Quote
What specific tp-link device do you have - make and model.. And how do you have it all connected together?  What configs do you have on its ports for vlans and tags?

I have the TP-Link TL-WA901ND.

Offline pox

  • Jr. Member
  • **
  • Posts: 55
  • Karma: +0/-0
    • View Profile
Re: Router Advertisements on interfaces it is not configured
« Reply #29 on: September 22, 2017, 04:38:48 pm »
Thank you both. I don't like that the ubiquiti don't have a web interface, and that I have to download a management software.

I bought a D-Link DAP-2610.

Just for the record: with the D-Link AP everything works as expected.
Never again TP-Link.