If you are certain that routing is not an issue, that is good. And actually you don't need to mess with iptables to begin with to check connnectivity. All you need to begin with is ip forwarding via sysctl.

See screenshot.

Attached Thumbnails

 

I am not sure what you are getting at. I don't see any sysctl commands in your screenshot?

What I see is that AP01 knows two ways to reach the network 2003::/64.

1. Out the WLAN1 interface to the link local address of AP02 wlan1
2. Out the eth0 interface to the link local address of AP02 eth0

I need to eliminate option 2 from the equation I think. If I could configure IP6TABLES to drop packets to/from the link local address of AP02 eth0 I think the route should go down and it will use the one I want. I need help achieving this. If you think I can achieve the same with sysctl please provide the commands

I was able to replicate your setup (minus the Client A). See screen shot. I'm not the best picture editor, so I left the hostnames as it is. Assume:

AP02 = debian-server
B = client1
AP01 = client2

You would notice that no firewall rules enabled there.

Attached Thumbnails

 

A couple of things:

1. isn't correct. "-p" is "load from a file" "-w" is "write it now". If you do both, you may overwrite what you just did. Use -w first, then once you get the whole thing worked out, put those commands in a file so you can load them all at next reboot with "sysctl -p /etc/whatever.file".


2. You shouldn't have to mess with ip6tables at all, unless you already blocked off yourself using it. Check ip6tables -L INPUT (and OUTPUT, FORWARD). If those tables are blank and policy is ACCEPT, let it like that, at least until you get this problem figured out.

3. In ipv6, a machine is either a host, or a router. Then was added (maybe only to Linux?) a "both". It's set via 'net.ipv6.conf.$INTERFACE.accept_ra'. That means is this a router (accept_ra=0), a host (accept_ra=1), or both (accept_ra=2). "ra" is Router Advertisement, whether to accept them or not. Figuring this out took a day or so when I was trying to get ipv6 up and working. If you're using Stateless Auto Configuration and everything is set right, ipv6 should configure addresses and routes for everything right on down the line using radvd. ipv6 really is a lot better to work with than ipv4.

4. Wouldn't it be simplier to just use one /64 prefix from your ISP? Certainly there is enough addresses in there? Pardon me if I mis-read your setup, as mine is somewhat different and sometimes it's hard to picture another's setup in terms of what one already knows. I'm not using mesh, but routing packets should be similar.

You don't need layer 3 switch, layer 2 is good enough. You can use AP01 and AP02 as inter-VLAN routing. The VLAN on switch is just used to separate advertising, don't mixing up advertising of two networks.

The goal here is to send simulated VOIP traffic from Client 1 to Client 2. It should follow a wired connection to AP01 then hop over wireless to AP02 before finally being sent to Client 2 over wired again. It should NOT use wired between AP01 and AP02.

The other important goal is that there must be routing involved. The main goal is to investigate if varying the routing protocol used on the mesh has any impact on the VOIP performance. This is why I don't use a single /64

With these two goals in mind, if there is a way to prevent/deny the wired route between AP01 and AP02?

This is a fair requirement. Isn't it one of the goals is to get them connected regardless of medium? You can simply 's/wired/wireless/'.


Once routing table has been populated (and assuming it is the optimal route), the traffic does not distinguish or even care if the source of route comes from static source or from routing protocols. So I do not think there is any impact at all unless you introduce a more efficient route where the dynamic protocols can notice.

Don't connect a cable?

This is test lab for a Masters. The goal is to test the performance of VOIP over a wireless mesh, so yes it matters.

In reality there is a a large Mesh network between AP01 and AP05 over which the routing protocol will decide the best path at any one time. This information was not relevant to the question I was asking so I simplified the topology to eliminate the problem.

If you don't connect a cable, how does Client 1 get to his first hop which is eth0 on AP01?

just use tcpdump on AP01 and AP02 to check what traffic you are getting on the AP's.

compare ping output on AP's using different protocols, or try something like traceroute if possible.

If you know AP02 is not forwarding to client on its side , check AP02 settings.

you said there is AP05 , so how does AP01 know that it has to send to AP02 ?

Your setup makes me assume there is a minimal setup.

Routers just forward packets, I sense something wrong with the configuration , esp when other protos are working and bable isnt.

correction : Your setup *made* me assume there is a minimal setup.

This is me just getting confused between the actual mesh and the simplified version I presented in the question. AP02 is AP05 here, sorry for confusion.

The problem is that the two access points have a choice of path. Wired or wireless. Both are working but wired is preferred as it is a better route. I need to find a way to make it not better or not work at all.

I solved the issue, thanks for all the help

I used the command below to drop all traffic on AP01 coming from the AP02 link local address in the active route. The wireless route was used instead and I can now ping end to end.

sudo ip6tables -A INPUT -s fe80::cdf9:b2a5:629e:f201 -j DROP