I originally posted this in /r/ipv6 :
I have a school campus network with dual-stack IPv6 deployed in a few, but not all of the buildings, as we're currently doing a Pilot.
I'm seeing something on our Wi-Fi when looking at clients (we use Meraki in a bridged mode) where clients are showing up in the reports as having IPv6 addresses, despite those addresses being originated somewhere else, when they are on an IPv4-only network segment.
For example, I see clients having mostly addresses from other buildings in our Campus, but I am also seeing IP Addresses that were likely assigned from home routers, from AT&T, Spectrum, etc.
Is there something I should be doing at least on our interfaces to force a lifetime onto our addresses in a best practice?
Here's an example of how a typical SVI is configured: (we use Cisco)
!
interface Vlan136
ip address 10.155.136.1 255.255.252.0
ip helper-address 10.xxx.1.6
ip helper-address 10.xxx.1.66
ip helper-address 10.xxx.1.25
ipv6 address 2607:xxxx:yyy:9B88::1/64
ipv6 nd ra lifetime 300
ipv6 eigrp 7600
end
I don't believe that clients having an IPv6 address (from the wrong subnet) in an IPv4 network would cause any problems due to Happy Eyeballs- but our CTO is concerned, and I want to make sure I'm following best practices to ensure as devices roam about campus, they get new addresses and drop their old ones.
Thanks!
No comments:
Post a Comment