TL;DR - how can I tell the *actual* IPv6 prefix delegated from the upstream?
A customer's 60E is running FortiOS 7, the prefix-hint asks for a /60 from the WAN1 upstream, but it doesn't seem to be getting that prefix, but I can't find any place where I can discover what was actually provided by the upstream other than to see it's not working.
I have a 60F at home, I believe I'm actually getting the /56 I ask for, but I can't find that anywhere either.
I have been all over the CLI and cannot find any place to show what's going on with prefix delegation. Is there a place to do this without diving into debug mode and restarting the interface to see whatever might negotiate? There has to be a way.
Note that "diagnose ipv6 address list" does *not* show this information as far as I can tell.
From your post I understand that you have IPv6 configuration with DHCPv6 prefix delegation and you want to find out what prefix lenght you receive from the delegation ? Prefix hint is set to /60 but you suspect that the interfaces receive a different one.
There has been a change between FortiOS 7.0.1 and 7.0.2 where the prefix-delegation is set on different config sub-menu. You can check the CLI reference here:
The new menu is called "config dhcp6-iapd-list". So if you are using 7.0.2 or later you have to configure the prefix-hint in that menu. Normally following the upgrade path this configuration is migrated to the new firmware.
I guess your wan1 configuration looks right now similar to the example below?
config system interface edit "wan1" config ipv6 set ip6-mode dhcp set ip6-allowaccess ping set dhcp6-prefix-delegation enable set dhcp6-prefix-hint ::/60 end
You can use CLI command below to list all details you need:
My customer who has the questionable configuration won't be back until next week, but I'd be disappointed if FortiGate reported the *actual* prefix as a "hint", which is what I think you're suggesting. We'll find out in a day or two.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.