SRX Services Gateway
SRX Services Gateway

ipv6 issue. Unable to disable slaac at any means

‎11-18-2017 10:45 AM

Hi,

 

I've got this configutration:

 

#show protocols router-advertisement
interface reth0.2000 { no-managed-configuration; prefix 2a04:7e80:f1ce:2000::/64; }

But my clients connected to this interface still getting SLAAC addresses configured from thei MAC-s. How can I get rid of this and leave only dhcpv6 to be configured?

 

Client network configuration looks like this:

 

iface eth0 inet6 dhcp

Juniper SRX dhcpv6 configuration looks like this:

 

# show system services dhcp-local-server
dhcpv6 {
    overrides {
        interface-client-limit 100;
    }
    group test {
        interface reth0.2000;
    }
}
# show access address-assignment
pool lan-ito-v6 {
    family inet6 {
        prefix 2a04:7e80:f1ce:2000::/64;
        range lan-ito-v6-dyn {
            low 2a04:7e80:f1ce:2000::172.21.0.10/64;
            high 2a04:7e80:f1ce:2000::172.21.0.20/64;
        }
        dhcp-attributes {
            maximum-lease-time 86400;
            grace-period 43200;
        }
    }
}

Policy:

show security zones security-zone lan
host-inbound-traffic {
    system-services {
        ping;
        traceroute;
        ssh;
        snmp;
        ntp;
        dhcpv6;
    }
}
interfaces {
    reth0.20;
    reth0.1110;
    reth0.2000;

 

And clients are not able to get any response from SRX with DHCPv6 packets.

 

Where is the problem? I've wasted about 3 days googling on it. Still can't disable SLAAC, but leave default route advertising and use dhcpv6

1 REPLY 1
SRX Services Gateway

Re: ipv6 issue. Unable to disable slaac at any means

‎11-18-2017 06:26 PM

UPD:

 

Got my mistakes:

1. v6 range low and hig prefixes are wrong. Should be /128

2. to diseable inet6 autoconfiguration and leave default advertising, allowing dhcpv6 to take an action I had to change config to this one:

#show protocols router-advertisement
interface reth0.2000;

And I guess, if I want to force NS advertising via dhcpv6 I have to add the other-stateful-configuration stanza.

3. got to add to lo0 RE protection filter the term that allows incoming dhcpv6 from link local addresses.