Problem:
When having VLAN without IPv6 address on L3 enabled switch, no RA is passed through VLAN unless there is IPv6 address assigned to the VLAN. Static assigments however are reachable fine.
Switch(config)#interface Vlan 3
no ipv6 address autoconfig # RA from mikrotik not working
ipv6 address autoconfig # RA from mikrotik suddenly starts working
no ipv6 address autoconfig # IPMI immediately losts SLAAC IPv6 address and become unresponsive
Topology:
-> Uplink -> Cisco (L3 routing to VLANs) -> Servers
I receive non routed /27 IPv4 and /48 IPv6 routed via single /64 on uplink (vlan 1). Cisco therefore does IPv6 routing to VLANs, where each VLAN is assigned unique /64 range with RA enabled. Everyone who needs IPv4 is assigned second port with (mode access + vlan 1).
VLAN 3 is however special as it is delegated through mikrotik (firewall) and the same cisco is then used as L2 switch (access vlan 3). In that case traffic passes cisco twice.
-> Uplink -> Cisco -> (Gi0/2 VLAN 2 -> ether1) Mikrotik (ether2 -> Gi0/3 VLAN 3) -> Cisco -> IPMI
IPMI are then connected to VLAN 3 and delegated IPv6 is expected to be managed via mikrotik.
When we connect IPMI directly to mikrotik, it works without any issue.
show ver
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3560G-48TS 15.0(2)SE4 C3560-IPSERVICESK9-M
show running-config
version 15.0
ipv6 unicast-routing
interface GigabitEthernet0/1 # uplink port
!
interface GigabitEthernet0/2 # ether1 to mikrotik
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/3 # ether2 from mikrotik, which manages IPv6 RA
switchport access vlan 3
switchport mode access
!
....
interface GigabitEthernet0/27 # Example of server uplink
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/28 # Example of IPMI uplink
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/41 # Example of port with IPv4
switchport access vlan 1
switchport mode access
!
...
interface Vlan1 # Uplink VLAN
no ip address
ipv6 address fc00:0:0:ffff::1/64
ipv6 nd ra suppress all
!
interface Vlan2 # Mikrotik prefix delegation network
no ip address
ipv6 address fc00:0:0:1::1/64
ipv6 nd ra suppress all
!
interface Vlan3 # IPMI VLAN - IP addresses are managed by mikrotik
no ip address
!
interface Vlan10 # VLAN for servers
no ip address
ipv6 address fc00:0:0:10::1/64
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 dhcp relay destination .......
!
...
ipv6 route fc00:0:0:3::/64 fc00:0:0:1::2 # Prefix delegation to mikrotik
ipv6 route ::/0 fc00:ffff::2
ipv6 address autoconfig
show sdm prefer
The current template is "desktop IPv4 and IPv6 routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 1.5K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 2.75K
number of directly-connected IPv4 hosts: 1.5K
number of indirect IPv4 routes: 1.25K
number of IPv6 multicast groups: 1.125k
number of directly-connected IPv6 addresses: 1.5K
number of indirect IPv6 unicast routes: 1.25K
number of IPv4 policy based routing aces: 0.25K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 0.5K
number of IPv6 policy based routing aces: 0.25K
number of IPv6 qos aces: 0.625k
number of IPv6 security aces: 0.5K
Fixed by upgrading to IOS 15.0(2)SE10 (c3560-ipservicesk9-mz.150-2.SE4). Hell, spent whole day on debuging this problem.