If you do not select to have an already set router factory set, like an asus wifi router, then you can
choose to use filtering on the srx to filter all the popular ipv6 prefixes. Also, I'd start with ge-0 or fe-, but not xe-. ge- for sure.
B.S.C.M. I.T.T. Tech
A.A.S. I.T.T. Tech
Original Message:
Sent: 01-04-2025 20:57
From: klui
Subject: IPv6 on SRX1500 not working
Are you suggesting I need to have a system with a routable IPv6 address before my WAN interface will accept the acknowledge from the DHCPv6 server? Or how to trigger a packet capture? I just asked the SRX to renew the lease on the WAN interface.
Original Message:
Sent: 01-04-2025 20:08
From: eugene1973
Subject: IPv6 on SRX1500 not working
- Put a device behind the srx.
- Ignore ipv6 on the srx for a while.
- Yes set it to be ready however.
- On the device behind the srx start using ipv6 filters.
- Slowly get the ipv6 services flowing.
- Exercise traffic.
Better know which prefixes your isp provides.
------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
Original Message:
Sent: 01-04-2025 20:01
From: klui
Subject: IPv6 on SRX1500 not working
Hi,
I'm testing IPv6 and I find that the DHCPv6 client is stuck at Selecting. What am I doing wrong? Does it work for 1 interface with both inet and inet6 families?
I configured dhcpv6-client on my WAN interface, then added system service dhcpv6 to the WAN interface in security-zone untrust's host-inbound-traffic. Same behavior if rapid-commit and update-router-advertisement are not configured.
set interfaces xe-0/0/19 description WANset interfaces xe-0/0/19 unit 0 family inet dhcp update-serverset interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client client-type statefulset interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client client-ia-type ia-pdset interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client rapid-commitset interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-llset interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client req-option dns-serverset interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client retransmission-attempt 9set interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client update-router-advertisement interface xe-0/0/19.0set interfaces xe-0/0/19 unit 0 family inet6 dhcpv6-client update-serverset security zones security-zone untrust interfaces xe-0/0/19.0 host-inbound-traffic system-services dhcpset security zones security-zone untrust interfaces xe-0/0/19.0 host-inbound-traffic system-services pingset security zones security-zone untrust interfaces xe-0/0/19.0 host-inbound-traffic system-services ntpset security zones security-zone untrust interfaces xe-0/0/19.0 host-inbound-traffic system-services dhcpv6
I tried to produce a capture but the file was not created. I have the following configuration but even though it commits, no file is created after I renew the DHCPv6 lease.
set forwarding-options packet-capture file filename mypcapset forwarding-options packet-capture file files 2set forwarding-options packet-capture file size 2mset forwarding-options packet-capture maximum-capture-size 1500set firewall family inet6 filter DHCPv6 term 1 from source-port 546set firewall family inet6 filter DHCPv6 term 1 from source-port 547set firewall family inet6 filter DHCPv6 term 1 from destination-port 546set firewall family inet6 filter DHCPv6 term 1 from destination-port 547set firewall family inet6 filter DHCPv6 term 1 then sampleset firewall family inet6 filter DHCPv6 term 1 then acceptset firewall family inet6 filter DHCPv6 term allow-all-else then acceptset interfaces xe-0/0/19 unit 0 family inet6 filter input DHCPv6set interfaces xe-0/0/19 unit 0 family inet6 filter output DHCPv6
Finally I just used monitor traffic to perform the capture. and it appears the DHCPv6 server from my ISP responds but the binding is never set to Bound. The transactions just repeats.
> monitor traffic interface xe-0/0/19 matching "ip6" size 999916:34:09.559416 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx > ff02::1:2: HBH ICMP6, multicast listener report max resp delay: 0 addr: ff02::1:2, length 2416:34:09.564079 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx > ff05::1:3: HBH ICMP6, multicast listener report max resp delay: 0 addr: ff05::1:3, length 2416:34:09.566460 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit16:34:11.423360 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx > ff02::1:2: HBH ICMP6, multicast listener report max resp delay: 0 addr: ff02::1:2, length 2416:34:11.568321 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit16:34:15.569682 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit16:34:19.333639 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx > ff05::1:3: HBH ICMP6, multicast listener report max resp delay: 0 addr: ff05::1:3, length 2416:34:21.645516 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.dhcpv6-server > fe80::xxxx:xxxx:xxxx:xxxx.dhcpv6-client: dhcp6 reply
Thanks!