MAC filter renders endpoint unpingable
Shadow Hawkins on Friday, 18 November 2011 21:37:32
I need some reassurance that I'm thinking clearly.
I've had several Dlink routers over the years and with all of them I am unable to remotely ping6 my endpoint when the router's MAC filter is on. I have raised this question multiple times with Dlink support under a variety of pseudonyms, explaining to them that the MAC filter should only impact the LAN side, not the WAN side of the router. They always reply that their code is golden, that either it is a fault of the IPv6 standard or that I don't know what I'm doing.
Has anyone else experienced this problem? Am I wrong to hold Dlink accountable for this "feature"?
MAC filter renders endpoint unpingable
Jeroen Massar on Friday, 18 November 2011 21:42:28 I am unable to remotely ping6 my endpoint when the router's MAC filter is on
What specifically is a "MAC filter"? That is what is it supposed to do?
MAC filter renders endpoint unpingable
Shadow Hawkins on Saturday, 19 November 2011 00:42:04
http://en.wikipedia.org/wiki/MAC_filtering
MAC filter renders endpoint unpingable
Jeroen Massar on Monday, 21 November 2011 12:49:39
That description is nice, but is that exactly what the feature does in your D-Link? Also do you have logs of packets which might be dropped?
Also note that IPv6 heavily relies on multicast, if that filter filters out those packets (as they have a different dest mac address), that might impact connectivity too.
MAC filter renders endpoint unpingable
Shadow Hawkins on Wednesday, 23 November 2011 20:52:22
This is not the place to give an education about basic networking; questions like this only serve to kill interest in a thread and leaves an owner without an answer. If you would like to learn more (MAC filtering has been around for 40 years), I would suggest you use Google or explore the options in your own router. I would also suggest you research the impact that enabling or disabling multicast has on IPv6 capable IPv4 routers.
MAC filter renders endpoint unpingable
Jeroen Massar on Wednesday, 23 November 2011 23:33:35 This is not the place to give an education about basic networking;
As it is the SixXS forum, it actually is. Lots of users with near to zero knowledge about networking, let alone IPv6, use SixXS and thus those users also will ask questions.
If somebody asks a question, then it is unknown if that person has a high or low level of knowledge in networking, thus asking more questions in return to narrow down what that level might be or to narrow down the question is always a first step.
questions like this only serve to kill interest in a thread and leaves an owner without an answer.
You might want to check that it was your question that started this thread.
If you refer to my questions, that was merely trying to narrow down the problem and asking for more details. Stating that something is a "MAC filter" does not say much especially as CPE devices tend to have names for things that are actually not what they are doing.
If you would like to learn more (MAC filtering has been around for 40 years),
As Ethernet was invented around 1975 and it is only 2011 now that can only be a max of 36 years, but
Ethernet switching only exists since around 1990. Thus filtering MACs is highly unlikely to have existed before that and thus MAC filtering, which is a thing that switches do (and not bridges or hubs), can only have existed for a bit over 20 years tops and likely less.
Unless you mean the fact that NICs per definition don't receive packets not destined to their MAC address of course, but that is not MAC Filtering.
I would suggest you use Google or explore the options in your own router.
A router per definition is a Layer 3 device, thus on the IP level.
As you are talking about D-Link, you probably mean a CPE (Customer Premises Equipment) device which is a mix of both Layer 2 (Ethernet) switching and Layer 3 (IP) Routing.
Personally I don't use any D-Link gear for routing. Proper routing hardware is much better fitted for that function.
I would also suggest you research the impact that enabling or disabling multicast has on IPv6 capable IPv4 routers.
Where you not the person asking the question about MAC Filtering? Why should I start googling for you?
Please note that I already stated in this very thread, actually even directly above your response, that if improperly implemented MAC filtering might affect IPv6 as it might break multicast from working.
Note that Multicast is an Ethernet feature too and that IPv6 heavily relies on this for Neighbor Discovery, thus if the "MAC Filtering" feature in your D-Link breaks that, it will thus automatically break IPv6.
MAC filter renders endpoint unpingable
Shadow Hawkins on Friday, 25 November 2011 21:23:38 Personally I don't use any D-Link gear
Exactly. Thank you. I thought I'd crafted my original post clearly enough that only persons with Dlink experience would reply but apparently this is not the case. This not openwrt, dd-wrt, pfsense, etc. where I'm able to create the rulesets but the very restrictive Dlink firmware whose company bills itself as IPv6 Phase 2 Ready.
I won't address the other points as you are confusing the Media Access Control protocol with the MAC address (the ethernet hardware address). You are obviously knowledgeable and I suspect if you were required to work with these cheap drop-in routers, you would know immediately what these companies mean by MAC filtering in this context. You would simply enter the hardware address of your network card into the MAC filter admin page of the router and suddenly find you can no longer ping6 your tunnel endpoint from the WAN side while your IPv4 address remains pingable. Then that information would be shared here or, ideally, in the Dlink forums, were there a significant number of SIXXS users there (which there aren't).
MAC filter renders endpoint unpingable
Jeroen Massar on Saturday, 26 November 2011 11:35:38 I thought I'd crafted my original post clearly enough that only persons with Dlink experience would reply
If you want no responses, then just state that ;)
the very restrictive Dlink firmware whose company bills itself as IPv6 Phase 2 Ready.
There is no filtering requirement and thus test in that test-suite.
you are confusing the Media Access Control protocol with the MAC address
I am certainly not confusing anything.
You would simply enter the hardware address of your network card into the MAC filter admin page of the router [..]
The likely problem with this 'filter', as mentioned above, is that it is likely per default dropping all Multicast packets, or at least the IPv6 ones, you would thus need to add all 2^24 MAC addresses that can possibly be used for IPv6 for this to work.
As you are not providing any packet dumps though, there is nothing to tell if this is really the case or not.
Then that information would be shared here or, ideally, in the Dlink forums,
There is nothing SixXS specific about this, it is a IPv6 thing, thus you are much better off complaining in those Forums than here.
Posting is only allowed when you are logged in. |