Hi, trying to get my ipv6 going, I'm not fully grasping on the basics and settings.It appears I can obtain an prefix from my ISP, I seem to get an IPv6 address for my PC but when I activate dhcp client on ipv6, I cannot access mikrotik.com anymore and ipv6 test website shows me fail all tests.
I'm for sure missing something, or forgot something but can't figure out what .... Anyone can see the obvious?
Attached my network layout and config export with hide sensitive.
I'm for sure missing something, or forgot something but can't figure out what .... Anyone can see the obvious?
Attached my network layout and config export with hide sensitive.
Code:
# 2024-04-01 10:15:22 by RouterOS 7.14.2# software id = LRF1-VRV8## model = RB5009UPr+S+# serial number = HE108G1D2HS/interface bridgeadd frame-types=admit-only-vlan-tagged name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] poe-out=offset [ find default-name=ether2 ] poe-out=offset [ find default-name=ether3 ] poe-out=offset [ find default-name=ether5 ] poe-out=offset [ find default-name=ether6 ] poe-out=offset [ find default-name=ether7 ] poe-out=offset [ find default-name=ether8 ] poe-out=offset [ find default-name=sfp-sfpplus1 ] disabled=yes/interface vlanadd interface=bridge1 name=IP_camera_nas vlan-id=40add interface=bridge1 name=Internal_LAN vlan-id=10add interface=bridge1 name=Internet_of_Things vlan-id=20add interface=bridge1 name=Work_Devices vlan-id=30add interface=ether1 name=vlan6 vlan-id=6/interface listadd name=WANadd name=VLAN/ip pooladd name=Internal_LAN ranges=192.168.1.100-192.168.1.200add name=Internet_of_Things ranges=10.0.20.100-10.0.20.200add name=Work_Devices ranges=10.0.30.100-10.0.30.200/ip dhcp-serveradd address-pool=Internal_LAN interface=Internal_LAN lease-time=1d name=\ Internal_LANadd address-pool=Internet_of_Things interface=Internet_of_Things lease-time=\ 1d name=Internet_of_Thingsadd address-pool=Work_Devices interface=Work_Devices lease-time=1d name=\ Work_Devices/ppp profileset *FFFFFFFE only-one=yes remote-ipv6-prefix-pool=ipv6pool use-upnp=no/interface pppoe-clientadd add-default-route=yes disabled=no interface=vlan6 keepalive-timeout=30 \ max-mtu=1492 name=pppoe-out1 profile=default-encryption use-peer-dns=yes \ user=hide/interface bridge portadd bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether2 pvid=10add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether3add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether4add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether5 pvid=10add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether6 pvid=10add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether7 pvid=10add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether8 pvid=10add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=sfp-sfpplus1 pvid=10/interface bridge vlanadd bridge=bridge1 tagged=bridge1,ether3,ether4 untagged=\ ether2,ether5,ether6,ether7,ether8,sfp-sfpplus1 vlan-ids=10,20,30,40/interface list memberadd interface=pppoe-out1 list=WANadd interface=Internal_LAN list=VLANadd interface=Internet_of_Things list=VLANadd interface=Work_Devices list=VLANadd interface=ether1 list=WANadd interface=IP_camera_nas list=VLANadd interface=*13 list=WAN/ip addressadd address=10.0.0.2/24 interface=ether1 network=10.0.0.0add address=192.168.1.1/24 interface=Internal_LAN network=192.168.1.0add address=10.0.20.1/24 interface=Internet_of_Things network=10.0.20.0add address=10.0.30.1/24 interface=Work_Devices network=10.0.30.0add address=10.0.40.1/24 interface=IP_camera_nas network=10.0.40.0/ip dhcp-server leaseadd address=10.0.20.196 mac-address=24:94:94:16:3C:F5 server=\ Internet_of_Things/ip dhcp-server networkadd address=10.0.10.0/24 gateway=10.0.10.1add address=10.0.20.0/24 gateway=10.0.20.1add address=10.0.30.0/24 gateway=10.0.30.1add address=192.168.1.0/24 gateway=192.168.1.1/ip firewall filteradd action=accept chain=input comment="Allow established, related, untracked" \ connection-state=established,related,untrackedadd action=drop chain=input comment="drop invalid" connection-state=invalidadd action=reject chain=input comment="drop dns resolver" dst-port=53 \ in-interface-list=WAN protocol=udp reject-with=icmp-network-unreachableadd action=reject chain=input comment="drop dns resolver" dst-port=53 \ in-interface-list=WAN protocol=tcp reject-with=icmp-network-unreachableadd action=accept chain=input comment="accept icmp" protocol=icmpadd action=drop chain=input comment="drop all not coming from VLAN" \ in-interface-list=!VLANadd action=fasttrack-connection chain=forward comment=fasttrack hw-offload=\ yesadd action=accept chain=forward comment=\ "accept established, related, untracked" connection-state=\ established,related,untrackedadd action=accept chain=forward comment=\ "allow control of bedroom light from internal lan" dst-address=\ 10.0.20.196 in-interface=Internal_LAN out-interface=Internet_of_Thingsadd action=accept chain=forward comment=\ "Allow access to IP camera from Internal LAN" dst-address=10.0.40.64 \ in-interface=Internal_LANadd action=accept chain=forward comment=\ "Allow access to NAS surveillance from Internal LAN" dst-address=\ 10.0.40.182 in-interface=Internal_LANadd action=accept chain=forward comment=\ "allow printer to VLAN30 Work Devices" dst-address=192.168.1.5 \ dst-address-list="" in-interface=Work_Devices out-interface=Internal_LANadd action=drop chain=forward comment=\ "no outside access to IP_camera_nas VLAN" in-interface=IP_camera_nas \ out-interface-list=WANadd action=accept chain=forward comment="VLAN internet access only" \ connection-state=new in-interface-list=VLAN out-interface-list=WANadd action=drop chain=forward comment="VLAN no inter communication" \ in-interface=all-vlan out-interface=all-vlanadd action=drop chain=forward comment="drop all from WAN not DSTNATed" \ connection-nat-state=!dstnat in-interface-list=WANadd action=drop chain=forward comment="drop invalid" connection-state=invalid/ip firewall natadd action=masquerade chain=srcnat out-interface-list=WAN/ip serviceset telnet disabled=yesset ftp disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ipv6 addressadd from-pool=ipv6pool interface=Internal_LAN/ipv6 dhcp-clientadd interface=pppoe-out1 pool-name=ipv6pool pool-prefix-length=48 request=\ prefix/ipv6 firewall address-listadd address=fe80::/10 comment="defconf: RFC6890 Linked-Scoped Unicast" list=\ no_forward_ipv6add address=ff00::/8 comment="defconf: multicast" list=no_forward_ipv6add address=::1/128 comment="defconf: RFC6890 lo" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: RFC6890 IPv4 mapped" list=\ bad_ipv6add address=2001::/23 comment="defconf: RFC6890" list=bad_ipv6add address=2001:db8::/32 comment="defconf: RFC6890 documentation" list=\ bad_ipv6add address=2001:10::/28 comment="defconf: RFC6890 orchid" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: RFC6890 Discard-only" list=\ not_global_ipv6add address=2001::/32 comment="defconf: RFC6890 TEREDO" list=not_global_ipv6add address=2001:2::/48 comment="defconf: RFC6890 Benchmark" list=\ not_global_ipv6add address=fc00::/7 comment="defconf: RFC6890 Unique-Local" list=\ not_global_ipv6add address=::/128 comment="defconf: unspecified" list=bad_dst_ipv6add address=::/128 comment="defconf: unspecified" list=bad_src_ipv6add address=ff00::/8 comment="defconf: multicast" list=bad_src_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept ICMPv6 after RAW" \ protocol=icmpv6add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept IPSec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept IPSec ESP" protocol=\ ipsec-espadd action=drop chain=input comment="defconf: drop all not coming from VLAN" \ in-interface-list=!VLANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment="defconf: drop bad forward IPs" \ src-address-list=no_forward_ipv6add action=drop chain=forward comment="defconf: drop bad forward IPs" \ dst-address-list=no_forward_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6 after RAW" \ protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches IPSec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from VLAN" in-interface-list=\ !VLAN/ipv6 ndset [ find default=yes ] advertise-dns=no advertise-mac-address=no hop-limit=\ 64 interface=Internal_LAN/system identityset name=Router/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp serverset broadcast=yes enabled=yes manycast=yes multicast=yes/system ntp client serversadd address=0.nl.pool.ntp.orgadd address=1.nl.pool.ntp.orgadd address=2.nl.pool.ntp.orgadd address=3.nl.pool.ntp.orgStatistics: Posted by liviu2004 — Mon Apr 01, 2024 1:20 pm