Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Simionas
New Contributor

Issues with IPv6 Prefix-Delegation

Hi all,

 

I am trying to implement IPv6 on Fortigate 200E for some testing in the local network.

 

Currently I have /48 prefix from our ISP.

One part of this prefix (/52) is used for server which is connected directly to ISP and another /52 prefix will be used in the office network.

What I am trying to achieve is to use both DHCPv6 and Prefix-Delegation in our ofice. IPv6 addresses from DHCPv6 should be used for local workstations and Prefix-Delegation is needed for other routers in our LAN which will have other IPv6 networks behind them.

 

So currently I was able to setup DHCPv6 for workstations and that works.

But the Prefix-Delegation part is a bit tricky as I am unable to setup it properly. All the examples I found on the internet was with Prefix-Delegation from their ISP's.

But in my case I have static IPv6 address on my WAN interface and I would like to setup Prefix-Delegation on the LAN interface, so that internal routers would receive routing information from Fortigate.

 

Maybe you will have any advice what I am doing wrong and how should I setup Prefix-Delegation on LAN interface?

 

Later today I will also upload diagram how it all should look like.

 

Bellow is current Fortigate configuration.

Current WAN interface configuration:

config ipv6     set ip6-address xxxx:yyyy:zzzz::2/64     set ip6-allowaccess ping There is only one static IPv6 route:

config router static6     edit 1         set gateway xxxx:yyyy:zzzz::1         set device "wan1"         set comment "IPv6_Default_route"

 

Here is my current LAN interface (VLANx) configuration:

config ipv6     set ip6-address xxxx:yyyy:zzzz:3000::1/56     set ip6-allowaccess ping https     set dhcp6-prefix-delegation enable     set dhcp6-prefix-hint xxxx:yyyy:zzzz:3100::/56     set ip6-send-adv enable     set ip6-manage-flag enable     set ip6-other-flag enable     config ip6-prefix-list         edit xxxx:yyyy:zzzz:3000::/64             set autonomous-flag enable             set onlink-flag enable

 

DHCP server configuration:

config system dhcp6 server     edit 1         set subnet xxxx:yyyy:zzzz:3000::/64         set interface "VLAN x"         config ip-range             edit 1                 set start-ip xxxx:yyyy:zzzz:3000::1:3                 set end-ip xxxx:yyyy:zzzz:3000::1:ffff             next         end         set dns-server1 2001:4860:4860::8888         set dns-server2 2001:4860:4860::8844     next

 

Added setup diagram.

2 REPLIES 2
Simionas
New Contributor

Link to a diagram: https://imgur.com/a/jXpJYaE

martijnr17
New Contributor

Did you got this to work? I need the same solution. All de documentation is about prefix delegation from the provider.

Labels
Top Kudoed Authors