Meraki

Community

IPv6 Disabled on VLAN but Clients Still Getting IPv6 SLAAC Addresses

bigjon
Just browsing
2 hours ago
2 hours ago

IPv6 Disabled on VLAN but Clients Still Getting IPv6 SLAAC Addresses

This is very confusing to me. I am working on a large Meraki deployment where the ISP is handing out IPv4 and IPv6 addresses to the WAN interface. Meraki doesn't allow you to disable IPv6 on WAN - Annoying, but fair enough.

 

  • VLAN SVIs on the LAN terminate to the MX logically from a Layert 3 perspective.
  • SVIs have IPv6 disabled.
  • In Network Client list, clients are getting IPv6 addresses when connected to wireless.
  • Wired clients aren't getting IPv6 addresses

 

From what I can figure out, Meraki MX forward the ISPs IPv6 subnet as a IPv6 RA and clients allocate their own IPs using SLAAC. Client doesn't want to disable IPv6 on workstations (as WFH option may require it).

 

Some questions I am hoping people can answer:

  1. Is my understanding/explanation of how IPv6 addresses are allocated on the MX correct?
  2. Why are clients getting IPv6 addresses if SVIs have IPv6 disabled on MX?
  3. Why would only wireless clients be getting IPv6 addresses?
  4. What methods are available to disable clients from getting IPv6 addresses?
0 Kudos
2 Replies 2
Mloraditch
Kind of a big deal
Kind of a big deal
16m ago
16m ago

My understanding of SLAAC is if a client sees an RA packet and has IPv6 enabled it will assign itself an IP. You should be able to see what that is in a packet capture. It could be another device misconfigured on the network. That device would  have to be reconfigured, taken offline, etc.

The only reason I can see wireless clients only getting it would be if you bridge wireless to a separate VLAN than wired and the RA advertising device is only on that VLAN. I'm not aware and can't find any documentation that suggests IPv6 exists in NAT mode yet. (https://documentation.meraki.com/Wireless/Product_Information/Compatibility_and_Firmware/IPv6_Suppor...)

Regardless the only way to completely prevent the clients using IPv6 is disabling it on the clients. 

Others may  have better insight, we don't really use IPv6 in our environments so my experience is limited, but hopefully the above helps, but I do think the capture is the best bet, find the RA packet, get it's mac and hunt it down.

 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
RWelch
Kind of a big deal
Kind of a big deal
9m ago
9m ago

What MS firmware are you currently running?  MS 18.1.3.1 fixed some IPv6 related issues.

MS 18.1.3.1 - New stable RC 


If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.