Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] 'Overlapping IPv6 sub-nets on interface ethernet0/0' error when configuring the interface with static IPv6 address

0

0

Article ID: KB22083 KB Last Updated: 21 Nov 2011Version: 1.0
Summary:
This article describes the issue of the 'Overlapping IPv6 sub-nets on interface ethernet0/0' error message being generated, when the interface is configured with the static IPv6 address.
Symptoms:
 Environment:
  • Configuring the static IPv6 address on the interface in 'host' mode.

  • Receiving 'Overlapping IPv6 sub-nets on interface ethernet0/0' error.

  • There is no IPv6 address configured on the firewall.

Network:

(ethernet0/0)---------------- Firewall-A-- (ethernet0/1--)-------------------------(ethernet0/0)-- Firewall-B

See the below configuration of Firewall-A:

SSG140-(host)> get config | in ipv6
set interface "ethernet0/0" ipv6 mode "host"
set interface "ethernet0/0" ipv6 ip 1eee::1/64
set interface "ethernet0/0" ipv6 enable
set interface "ethernet0/1" ipv6 mode "router"
set interface ethernet0/0 ipv6 ra accept
set interface ethernet0/1 ipv6 ra link-address
set interface ethernet0/0 ipv6 nd nud
set interface ethernet0/1 ipv6 nd nud

See the below configuration of firewall B:

SSG520-(router)> get config | in ipv6
set interface "ethernet0/0" ipv6 mode "router"
set interface "ethernet0/0" ipv6 ip 1eee::3/64
set interface "ethernet0/0" ipv6 enable
set interface ethernet0/0 ipv6 ra link-address
set interface ethernet0/0 ipv6 ra transmit
set interface ethernet0/0 ipv6 nd nud
Cause:
 
Solution:
 In this scenario, if we enable the ra transmit at the eth0/0 interface of firewall B, it will automatically generate one IPv6 address to this host interface according to the ND protocol.

It reports Overlapping IPv6 sub-nets on interface ethernet0/0 of firewall A, as the configured static IPv6 address at eth0/0 on firewall A is conflicting with the auto generated IPv6 address of the eth0/1 interface of firewall B; so the command failed.

Configure another static IPv6 address in a different subnet at the eth0/0 interface on firewall A. With ra accept we can configure the static IP, as long as it is not in the same subnet.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search