Browse All Articles
> Avoid This Windows IPv6 Problem on Your Network
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native VLAN" and "voice VLAN" assignments. This is a really convenient configuration, but may be problematic when you deploy IPv6.
If both your native and voice VLANs are configured on an IPv6 network and you are using IPv6 stateless address autoconfiguration (SLAAC), a Windows client plugged into on of these ports will probably self-configure addresses on BOTH VLANs. The address on the voice VLAN is will probably be unusable for anything but VoIP and may cause problems if your Windows client advertises this address through dynamic DNS registration or LLMNR. You don't want your Windows computers doing this!
The reason this happens is that many Windows network adapter drivers in their default VLAN-unaware configuration simply take the voice VLAN traffic, remove the VLAN tags, and pass it off to Windows just like it was sent on the native VLAN. Windows' IPv6 auto-configures itself on the voice VLAN because it is receiving the IPv6 router advertisements (RAs) from that network. (This does not seem to be a problem in OS X.)
So, how to fix this? The solution will vary depending on your network adapter, but what you have to do is tell the driver to either leave the VLAN tags intact or tell it to only listen on the native VLAN. Broadcom NetXtreme adapters fall into the first category, Intel adapters fall into the second.
The following specifics are from a Wireshark howto that can be found at: http://wiki.wireshark.org/CaptureSetup/VLAN
For Broadcom adapters, use Regedit to search for TxCoalescingTicks in HKEY_LOCAL_MACHINE\SYSTEM\
asses . This will locate your network adapter's settings. Now in the same key create a string value PreserveVlanInfoInRxPacket
and set its value to 1. Restart your computer and you should no longer get self-configured addresses on the voice VLAN.
For Intel adapters, first make sure you have the current Intel PROset drivers. Only the PROset drivers will have the VLAN features needed. Then, in Device Manager (not the network and sharing center), open the properties for your Intel adapter and locate the VLAN tab. We want to specify the "untagged VLAN". The native VLAN is also know as an untagged VLAN and is intended for access without any VLAN-awareness. However, Intel's driver doesn't let you specify an untagged VLAN until you specify a tagged VLAN, so first add a VLAN using any number (it doesn't matter since we will disable it). Next, add another VLAN and check the "untagged VLAN" box. You will now see three adapters in Device Manager where before there was one. Now disable that first VLAN adapter we created, leaving only the original and the untagged VLAN adapters. The original adapter remains, but only as a parent to the virtual adapters, Windows won't use it. That's it, you're done. You may want to reboot, but I found it works without a reboot.
I'm sure there are other network adapter drivers with similar issues and there may be alternate solutions to the Broadcom and Intel adapters I've listed. If you know of any, please add them as replies here!
I spent a LOT of time searching on this issue and found several people describing the problem but no real solutions. One Cisco document I found described the problem but only suggested a routing weight by prefix lifetime workaround or disabling PC Voice VLAN Access through the IP phone (which may not always be present). I prefer that Windows not see the voice VLAN at all, even if no IP phone is present as a filter.
I hope this saves the next person in my situation a lot of head-pounding, and maybe it will even get the attention of Microsoft and the network adapter driver authors so they can reconsider the default way Windows handles this situation.