Theme

Welcome · log in · join

Search similar:

Forums → US ISPs non-cable →

AT&T U-verse → [AT&T Fiber] AT&T w/ EdgeRouter IPv6

uniqs
1070

« [AT&T Fiber] Question about Underground Fiber Installs • Suggestions for Network Monitoring Device? »

DougWare join:2009-11-17 Knightdale, NC	DougWare Member 2019-Jan-3 3:05 pm [AT&T Fiber] AT&T w/ EdgeRouter IPv6 dls Here's my relevant router configs. IPv6 was working with I had Spectrum, but none of the configuration information I've found has worked for AT&T fiber yet. firewall { all-ping enable broadcast-ping disable ipv6-name ALL2WANv6 { default-action accept rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action reject description "Reject invalid state" state { invalid enable } } rule 30 { action accept description "Allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-name WAN2LANv6 { default-action drop rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 100 { action accept description "Allow PING" protocol ipv6-icmp } rule 200 { action accept description "Allow DHCPv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-name WAN2LOCALv6 { default-action drop rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 100 { action accept description "Allow PING" protocol ipv6-icmp } rule 200 { action accept description "Allow DHCPv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects enable ipv6-src-route enable ip-src-route disable log-martians enable name ALL2WAN { default-action accept description "WAN Out" rule 10 { action accept description "Allow established/related" log disable state { established enable related enable } } rule 100 { action reject description "Reject invalid state" state { invalid enable } } } name LAN2LOCAL { default-action accept description "LAN to Local" rule 10 { action drop description "Drop invalid state" state { invalid disable } } } name WAN2LAN { default-action drop description "WAN To LAN" rule 10 { action accept description "Allow established/related" log disable state { established enable invalid disable new disable related enable } } rule 20 { action accept description "Allow ICMP" log disable protocol icmp state { established enable related enable } } rule 30 { action accept description RemoteDesktop destination { port 3389 } log disable protocol tcp state { established disable invalid disable new enable related disable } } rule 40 { action accept description SSH-MediaServer destination { port 22 } log disable protocol tcp state { established disable invalid disable new enable related disable } } rule 50 { action accept description SSH-GateWay destination { port 41 } log disable protocol tcp state { established disable invalid disable new enable related disable } } rule 60 { action accept description SSH-Pi1 destination { port 42 } log disable protocol tcp } rule 70 { action accept description MyQ-1 destination { port 80 } log disable protocol udp state { established enable invalid disable new enable related enable } } rule 80 { action accept description MyQ-2 destination { port 2165 } log disable protocol tcp_udp state { established enable invalid disable new enable related enable } } rule 90 { action accept description MyQ-3 destination { port 8883 } log disable protocol tcp_udp state { established enable invalid disable new enable related enable } } rule 100 { action accept description SNMP-Gateway destination { port 162 } log disable protocol udp state { established disable invalid disable new enable related disable } } rule 110 { action accept description SNMP-MediaServer destination { port 163 } log disable protocol udp state { established disable invalid disable new enable related disable } } rule 120 { action accept description SNMP-WiFiAP destination { port 165 } log disable protocol udp state { established enable invalid disable new enable related enable } } rule 130 { action drop description "Drop invalid state" protocol all state { established disable invalid enable new disable related disable } } } name WAN2LOCAL { default-action drop description "WAN to Firewall" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action accept description SSH-Gateway destination { port 41 } log disable protocol tcp state { established disable invalid disable new enable related disable } } rule 30 { action accept description SNMP-Gateway destination { port 161 } log disable protocol udp source { address XX.XX.XX.XX } state { established disable invalid disable new enable related disable } } rule 40 { action accept description "Allow PING" destination { group { address-group ADDRv4_eth0.0 } } log disable protocol icmp } rule 41 { action accept description "Allow PING" destination { address XX.XX.XX.177 } log disable protocol icmp } rule 42 { action accept description "Allow PING" destination { address XX.XX.XX.178 } log disable protocol icmp } rule 43 { action accept description "Allow PING" destination { address XX.XX.XX.179 } log disable protocol icmp } rule 44 { action accept description "Allow PING" destination { address XX.XX.XX.180 } log disable protocol icmp } rule 45 { action accept description "Allow PING" destination { address XX.XX.XX.181 } log disable protocol icmp } rule 46 { action accept description "Allow PING" destination { address XX.XX.XX.182 } log disable protocol icmp } rule 50 { action accept description ike destination { port 500 } log disable protocol udp } rule 60 { action accept description esp log disable protocol esp } rule 70 { action accept description nat-t destination { port 4500 } log disable protocol udp } rule 80 { action accept description l2tp destination { port 1701 } ipsec { match-ipsec } log disable protocol udp } rule 90 { action drop description "Drop invalid state" protocol all state { established disable invalid enable new disable related disable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { description WAN duplex auto firewall { in { name WAN2LAN } local { name WAN2LOCAL } out { name ALL2WAN } } speed auto vif 0 { address dhcp description "WAN VLAN 0" dhcp-options { default-route update default-route-distance 21 name-server update } dhcpv6-pd { duid 00:02:00:00:0d:e9:30:30:44:30:39:45:2d:32:32:31:36:31:4e:30:37:35:36:32:36 pd 1 { interface eth1 { host-address ::1 no-dns prefix-id :1 } prefix-length 60 } prefix-only rapid-commit disable } firewall { in { ipv6-name WAN2LANv6 name WAN2LAN } local { ipv6-name WAN2LOCALv6 name WAN2LOCAL } out { ipv6-name ALL2WANv6 name ALL2WAN } } ipv6 { address { autoconf } dup-addr-detect-transmits 1 } mac f8:2c:18:29:22:d8 } } ethernet eth1 { address 192.168.10.1/24 description LAN duplex auto ipv6 { address { autoconf } dup-addr-detect-transmits 1 router-advert { cur-hop-limit 64 link-mtu 0 max-interval 600 other-config-flag false prefix ::/64 { autonomous-flag true on-link-flag true valid-lifetime 86400 } reachable-time 0 retrans-timer 0 send-advert true } } speed auto } ethernet eth2 { description "AT&T router" duplex auto speed auto } ethernet eth3 { description SFP duplex auto speed auto } loopback lo { description Loopback } pseudo-ethernet peth0 { address XX.XX.XX.177/29 description "AT&T Static IP XX.XX.XX.177" firewall { in { ipv6-name WAN2LANv6 name WAN2LAN } local { ipv6-name WAN2LOCALv6 name WAN2LOCAL } out { ipv6-name ALL2WANv6 name ALL2WAN } } link eth0 } pseudo-ethernet peth1 { address XX.XX.XX.178/29 description "AT&T Static IP XX.XX.XX.178" firewall { in { ipv6-name WAN2LANv6 name WAN2LAN } local { ipv6-name WAN2LOCALv6 name WAN2LOCAL } out { ipv6-name ALL2WANv6 name ALL2WAN } } link eth0 } pseudo-ethernet peth2 { address XX.XX.XX.179/29 description "AT&T Static IP XX.XX.XX.179" firewall { in { ipv6-name WAN2LANv6 name WAN2LAN } local { ipv6-name WAN2LOCALv6 name WAN2LOCAL } out { ipv6-name ALL2WANv6 name ALL2WAN } } link eth0 } pseudo-ethernet peth3 { address XX.XX.XX.180/29 description "AT&T Static IP for MediaServer" firewall { in { ipv6-name WAN2LANv6 name WAN2LAN } local { ipv6-name WAN2LOCALv6 name WAN2LOCAL } out { ipv6-name ALL2WANv6 name ALL2WAN } } link eth0 } pseudo-ethernet peth4 { address XX.XX.XX.181/29 description "AT&T Static IP for Pi1" firewall { in { ipv6-name WAN2LANv6 name WAN2LAN } local { ipv6-name WAN2LOCALv6 name WAN2LOCAL } out { ipv6-name ALL2WANv6 name ALL2WAN } } link eth0 } pseudo-ethernet peth5 { address XX.XX.XX.182/29 description "AT&T Static IP XX.XX.XX.182" firewall { in { ipv6-name WAN2LANv6 name WAN2LAN } local { ipv6-name WAN2LOCALv6 name WAN2LOCAL } out { ipv6-name ALL2WANv6 name ALL2WAN } } link eth0 } } port-forward { auto-firewall enable hairpin-nat enable lan-interface eth1 rule 1 { description SNMP-MediaServer forward-to { address 192.168.10.253 port 161 } original-port 163 protocol udp } rule 2 { description SNMP-Pi1 forward-to { address 192.168.10.254 port 161 } original-port 164 protocol udp } rule 3 { description SNMP-Gateway forward-to { address 192.168.10.1 port 161 } original-port 162 protocol udp } rule 4 { description SNMP-WiFiAP forward-to { address 192.168.10.2 port 161 } original-port 165 protocol udp } rule 5 { description MediaServer-HTTP forward-to { address 192.168.10.253 port 80 } original-port 80 protocol tcp } rule 6 { description MediaServer-HTTPS forward-to { address 192.168.10.253 port 443 } original-port 443 protocol tcp } wan-interface eth0.0 } protocols { static { } } service { dns { dynamic { interface eth0.0 { service custom-Google { host-name XX.com login XXXX password XXXX protocol dyndns2 server domains.google.com } web dyndns } } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 1 { description RemoteDesktop destination { port 3389 } inbound-interface eth0.0 inside-address { address 192.168.10.50 port 3389 } log disable protocol tcp type destination } rule 2 { description SSH-MediaServer destination { port 22 } inbound-interface eth0.0 inside-address { address 192.168.10.253 port 22 } log disable protocol tcp type destination } rule 3 { description SSH-GateWay destination { port 41 } inbound-interface eth0.0 inside-address { address 192.168.10.1 port 22 } log disable protocol tcp type destination } rule 4 { description SSH-Pi1 destination { port 42 } inbound-interface eth0.0 inside-address { address 192.168.10.254 port 22 } log disable protocol tcp type destination } rule 5 { description MyQ-1 destination { port 80 } inbound-interface eth0.0 inside-address { address 192.168.10.17 port 80 } log disable protocol udp type destination } rule 6 { description MyQ-2 destination { port 2165 } inbound-interface eth0.0 inside-address { address 192.168.10.17 port 2165 } log disable protocol tcp_udp type destination } rule 7 { description MyQ-3 destination { port 8883 } inbound-interface eth0.0 inside-address { address 192.168.10.17 port 8883 } log disable protocol tcp_udp type destination } rule 8 { description SNMP-Gateway destination { port 162 } inbound-interface eth0.0 inside-address { address 192.168.10.1 port 161 } log disable protocol udp type destination } rule 9 { description SNMP-MediaServer destination { port 163 } inbound-interface eth0.0 inside-address { address 192.168.10.253 port 161 } log disable protocol udp source { group { } } type destination } rule 10 { description SNMP-WiFiAP destination { port 165 } inbound-interface eth0.0 inside-address { address 192.168.10.2 port 161 } log disable protocol udp type destination } rule 11 { description SNMP-Pi1 destination { port 164 } inbound-interface eth0.0 inside-address { address 192.168.10.2 port 161 } log disable protocol udp type destination } rule 12 { description MediaServer-HTTP destination { port 80 } inbound-interface eth0.0 inside-address { address 192.168.10.253 port 80 } log disable protocol tcp type destination } rule 13 { description MediaServer-HTTPS destination { port 443 } inbound-interface eth0.0 inside-address { address 192.168.10.253 port 443 } log disable protocol tcp type destination } rule 500 { description SSH-MediaServer-StaticIP destination { port 22 } inbound-interface peth3 inside-address { address 192.168.10.253 port 22 } log disable protocol tcp type destination } rule 501 { description MediaServer-HTTP-StaticIP destination { port 80 } inbound-interface peth3 inside-address { address 192.168.10.253 port 80 } log disable protocol tcp type destination } rule 502 { description MediaServer-HTTPS-StaticIP destination { port 443 } inbound-interface peth3 inside-address { address 192.168.10.253 port 443 } log disable protocol tcp type destination } rule 503 { description SSH-Pi1-StaticIP destination { port 22 } inbound-interface peth4 inside-address { address 192.168.10.254 port 22 } log disable protocol tcp type destination } rule 4000 { description DNS-Redirect destination { port 53 } disable inbound-interface eth1 inside-address { address 192.168.10.254 port 53 } log disable protocol tcp_udp source { address 192.168.10.1-192.168.10.253 } type destination } rule 5001 { description "Outbound Static IP XX.XX.XX.181 for Pi1" destination { address 0.0.0.0/0 } log disable outbound-interface eth0.0 outside-address { address XX.XX.XX.181 } protocol all source { address 192.168.10.254/32 } type source } rule 5002 { description "Outbound Static IP XX.XX.XX.180 for MediaServer" destination { address 0.0.0.0/0 } log disable outbound-interface eth0.0 outside-address { address XX.XX.XX.180 } protocol all source { address 192.168.10.253/32 } type source } rule 5005 { description "Masquerade for WAN" log disable outbound-interface eth0.0 protocol all type masquerade } } snmp { community Secretprivate { authorization ro } contact "Doug Eubanks (admin@xx.xx)" location Home } ssh { port 22 protocol-version v2 } unms { disable } upnp2 { listen-on eth1 nat-pmp enable secure-mode enable wan eth0.0 } } system { config-management { commit-revisions 20 } conntrack { expect-table-size 2048 hash-size 32768 table-size 262144 } domain-name Gateway host-name Gateway login { user douge { authentication { encrypted-password xx plaintext-password "" public-keys rsa-key-xx { key xx type ssh-rsa } } full-name "Doug" level admin } } name-server 192.168.10.254 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat disable ipsec enable ipv4 { forwarding enable gre enable vlan enable } ipv6 { forwarding enable vlan enable } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone America/New_York traffic-analysis { dpi enable export enable } } traffic-control { } vpn { ipsec { auto-firewall-nat-exclude disable ipsec-interfaces { interface eth0.0 } } l2tp { remote-access { authentication { local-users { username doug { password "xx" } } mode local } client-ip-pool { start 192.168.10.190 stop 192.168.10.199 } dhcp-interface eth0.0 dns-servers { server-1 192.168.10.254 } idle 1800 ipsec-settings { authentication { mode pre-shared-secret pre-shared-secret xx } ike-lifetime 3600 lifetime 3600 } mtu 1492 } } }
	· actions · 2019-Jan-3 3:05 pm ·
ArgMeMatey join:2001-08-09 Milwaukee, WI	ArgMeMatey Member 2019-Jan-3 4:47 pm I have VDSL, not fiber, with the BGW210-700 modem, set to IP Passthrough. IPv6 is working for me. Sanitized - if I screwed up anything in the "find & replace" process, please let me know. AT&T modem is on eth0. LAN is on eth1. eth2 is unused. zzzzzz@nnnn:~$ show configuration all firewall { all-ping enable broadcast-ping disable group { address-group BlockExternalIPv4 { address 192.168.1.254 description WanOutDropList } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name GLAN_IN { default-action accept description "Guest LAN to WAN" rule 1 { action drop description "Block Guest to WAN IPv4" destination { group { address-group BlockExternalIPv4 } } log enable protocol all source { group { } } state { established enable invalid disable new enable related enable } } } name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address dhcp description Internet dhcpv6-pd { pd 0 { interface eth0 { service slaac } interface eth1 { host-address ::1 } prefix-length /64 } pd 1 { interface eth1 { host-address ::1 prefix-id 1 service slaac } interface eth1.14 { host-address ::1 prefix-id 2 service slaac } prefix-length /60 } rapid-commit enable } duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } } ipv6 { address { autoconf } dup-addr-detect-transmits 1 router-advert { cur-hop-limit 64 link-mtu 0 managed-flag true max-interval 600 other-config-flag false reachable-time 0 retrans-timer 0 send-advert true } } speed auto } ethernet eth1 { address 10.0.0.254/24 description Local duplex auto speed auto vif 1 { ipv6 { address { autoconf } dup-addr-detect-transmits 1 } } vif 14 { address 10.0.1.254/24 description GuestWiFi firewall { in { name GLAN_IN } } mtu 1500 } } ethernet eth2 { address 192.168.2.1/24 description "Local 2" disable duplex auto speed auto } loopback lo { } } port-forward { auto-firewall enable hairpin-nat enable lan-interface eth1 lan-interface eth1.14 wan-interface eth0 } service { dhcp-relay { interface eth1 interface eth1.14 server 10.0.0.254 server 10.0.1.254 } dhcp-server { disabled false hostfile-update disable shared-network-name LAN15 { authoritative disable subnet 10.0.0.0/24 { default-router 10.0.0.254 dns-server 8.8.8.8 dns-server 8.8.4.4 lease 4320 start 10.0.0.16 { stop 10.0.0.127 } static-mapping AmazonFireStick { ip-address 10.0.0.x mac-address 70:48:0f:zz:zz:zz } } } shared-network-name VLAN14 { authoritative disable subnet 10.0.1.0/24 { default-router 10.0.1.254 dns-server 8.8.8.8 dns-server 8.8.4.4 lease 1440 start 10.0.1.128 { stop 10.0.1.248 ... } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on eth1 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5010 { description "masquerade for WAN" outbound-interface eth0 type masquerade } } ssh { port 22 protocol-version v2 } } system { conntrack { expect-table-size 2048 hash-size 32768 modules { sip { disable } } table-size 262144 } host-name nnnn login { user username { authentication { encrypted-password ************** plaintext-password ************ } full-name "ssh login" level LLLLLLLL } user username2 { authentication { encrypted-password ************ plaintext-password ************ } full-name "" level LLLLLLLLL } } name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.nnnn.pool.ntp.org { } server 1.nnnn.pool.ntp.org { } server 2.nnnn.pool.ntp.org { } server 3.nnnn.pool.ntp.org { } } offload { hwnat disable ipv4 { forwarding enable } } package { repository wheezy { components "main contrib non-free" distribution wheezy password ************** url »http.us.debian.org/debian username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } host 10.0.0.19 { facility all { level err } } } time-zone America/Chicago traffic-analysis { dpi enable export enable } } traffic-control { }
	· actions · 2019-Jan-3 4:47 pm ·
rbeck692 join:2002-05-30 Irvine, CA ARRIS SB8200 Ubiquiti EdgeRouter ER-4 Ubiquiti UniFi UAP-AC-PRO	rbeck692 to DougWare Member 2019-Jan-3 5:16 pm to DougWare By the way there's an interesting bug with the Edgerouters if you give them an invalid v6 config they will work for a while, and then the whole interface DISAPPEARS from the GUI and CLI. It will still passes v4 traffic despite the interface not being visible, but all v6 traffic stops. I'm working though that issue right now, looking at you guys config is helping.
	· actions · 2019-Jan-3 5:16 pm ·
ArgMeMatey join:2001-08-09 Milwaukee, WI	ArgMeMatey Member 2019-Jan-3 5:30 pm said by rbeck692: there's an interesting bug with the Edgerouters if you give them an invalid v6 config they will work for a while, and then the whole interface DISAPPEARS from the GUI and CLI. At least twice, after AT&T pushed automatic firmware upgrades on the BGW210, IPv6 has quit on the LAN, and I have had to reboot my ERL, after which it comes up just fine. But that's the only issue I can recall. Also my 1.14 network is a guest vLAN, so I have the firewall drop packets going from guests to the 192.168.1.254 address on the BGW210. Can't find any option to enable a username-password requirement to get into the admin web interface.
	· actions · 2019-Jan-3 5:30 pm ·
dls join:2018-12-07 Chicago, IL	dls to DougWare Member 2019-Jan-3 5:40 pm to DougWare One thing that stands out as different from my config is DUID-EN length. Mine is 12 octets. There are also differences in DHCPv6-PD config - I have rapid-commit enabled and slaac. I don't have autoconf, instead I have DHCPv6-IA_NA. It is not really working outside of ATT network, so I don't think it is your issue. Here is what I have: interfaces { ethernet eth0 { description ONT duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } out { name WAN_OUT } } mac <RG MAC> speed auto vif 0 { address dhcp description WAN dhcpv6-pd { duid 00:02:00:00:05:E6:XX:XX:XX:XX:XX:XX no-dns pd 0 { interface eth2 { host-address ::1 no-dns prefix-id :0 service slaac } interface eth3.107 { host-address ::1 no-dns prefix-id :1 service slaac } interface eth3.199 { host-address ::1 no-dns prefix-id :2 service slaac } interface eth3.200 { host-address ::1 no-dns prefix-id :3 service slaac } prefix-length 60 } rapid-commit enable My RA config is also different, but I don't have autoconf and I have managed-flag: ethernet eth2 { address 192.168.1.1/24 description "Home Network" duplex auto firewall { } ipv6 { dup-addr-detect-transmits 1 router-advert { cur-hop-limit 64 link-mtu 0 managed-flag true max-interval 600 name-server 2001:4860:4860::8888 name-server 2001:4860:4860::8844 other-config-flag false prefix ::/64 { autonomous-flag true on-link-flag true valid-lifetime 2592000 } reachable-time 0 retrans-timer 0 send-advert true } } speed auto } I also have IPv6 DNS name servers defined under system config in addition to IPv4 servers. What version of EdgeOS are you running? There are known issues with radvd in multiple versions, but especially, 2.0 beta. I am on v1.10.8 Have you tried restarting radvd with 'sudo /etc/init.d/radvd restart' ?
	· actions · 2019-Jan-3 5:40 pm ·
DougWare join:2009-11-17 Knightdale, NC	DougWare Member 2019-Jan-3 7:19 pm Where did you get your DUID from? I got mine here, which involved using my modem's serial number. »github.com/jaysoffian/ea ··· 33677976 I've tried two different PDs, one that shows 00D09E-(modem serial number) and one that shows ▒00D09E-(modem serial number) in /var/lib/dhcpv6/dhcp6c_duid. Using one of the configs, the EdgeRouter is getting a working WAN IPv6 with a /128. The inside LAN interface has an IPv6 that isn't reachable (that may be a firewall rule). I don't think any of the systems inside the LAN are getting IPv6 IPs either. Doug
	· actions · 2019-Jan-3 7:19 pm ·
dls join:2018-12-07 Chicago, IL	dls Member 2019-Jan-4 10:08 am I've created it myself manually. In my config I've replaced XX with my MAC. Here is my firewall config for IPv6. ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 30 { action drop description "Drop invalid state" state { invalid enable } } }
	· actions · 2019-Jan-4 10:08 am ·
DougWare join:2009-11-17 Knightdale, NC	DougWare Member 2019-Jan-4 4:10 pm I get an IPv6 address, but the EdgeRouter is sending both it's inside global IPv6 address and it's local link IPv6 address (the one that stars with fe80) in it's announcements. When I show neighbors on an inside system, I see this: ip -6 neigh show 2600:XXXX:XXXX:XXXX::1 dev br0 lladdr fc:ec:da:42:XX:XX router STALE fe80::feec:daff:fe42:XXXX dev br0 lladdr fc:ec:da:42:XX:XX router STALE I can't figure out why. Doug
	· actions · 2019-Jan-4 4:10 pm ·
dls join:2018-12-07 Chicago, IL	dls Member 2019-Jan-4 4:27 pm What if you disable link-local addresses on edgerouter by removing the following from all interfaces? ipv6 { address { autoconf } I don't have 'ipv6 address' section on any of the edgerouter interfaces - internal or external.
	· actions · 2019-Jan-4 4:27 pm ·
DougWare join:2009-11-17 Knightdale, NC	DougWare Member 2019-Jan-4 4:29 pm I removed that some time ago. I'm still checking, I hope to get this figured out eventually. Doug
	· actions · 2019-Jan-4 4:29 pm ·

Forums → US ISPs non-cable → AT&T U-verse	« [AT&T Fiber] Question about Underground Fiber Installs • Suggestions for Network Monitoring Device? »