Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nomeursy
New Contributor III

Error when addin IPv6 with deligation to LAN interface

Hi, I trying to add IPv6 to existing interfaces on my Fortigate 60E running 7.0.2

 

The WAN part was no problem.

 

When adding the configuration to the LAN (internal) interface, I got an error:

object check operator error, 1, discard the setting

Command fail. Return code 1

 

Config WAN:

FTG60E (wan1) # show

config system interface

edit "wan1"

set vdom "root"

set mode dhcp

set allowaccess ping

set type physical

set description "WAN Ziggo"

set alias "Internet Ziggo"

set lldp-reception enable

set monitor-bandwidth enable

set role wan

set snmp-index 1

config ipv6

set ip6-mode dhcp

set ip6-allowaccess ping

set dhcp6-prefix-delegation enable

config dhcp6-iapd-list

edit 1

set prefix-hint ::/56

next

end

end

 

Confige I try to add to LAN:

config system interface

 edit "internal"

FTG60E-BMR-001 (internal) # config ipv6

FTG60E (ipv6) # set ip6-mode delegated

FTG60E (ipv6) # set ip6-send-adv enable

FTG60E (ipv6) # set ip6-other-flag enable

FTG60E (ipv6) # set ip6-upstream-interface "wan1"

FTG60E (ipv6) # set ip6-subnet ::1/64

FTG60E (ipv6) # config ip6-delegated-prefix-list

FTG60E (ip6-delegated-pr~ist) # edit 1

FTG60E (1) # set upstream-interface "wan1"

FTG60E (1) # set autonomous-flag enable

FTG60E (1) # set onlink-flag enable

FTG60E (1) # set subnet 0:0:0:1::/64

FTG60E (1) # next

FTG60E (ip6-delegated-pr~ist) # end

FTG60E (ipv6) # end

 

object check operator error, 1, discard the setting

Command fail. Return code 1

 

EME-FTG60E-BMR-001 (internal) #

 

Any thoughts or help will be welcome

1 Solution
jgreenburg
Staff
Staff

I was able to re-create the issue using the cmdlist you provided.  I think I have a simple solution.

You have an iapd entry on your upstream WAN interface but the ip6-delegated-prefix-iaid setting is not referencing it on your LAN interface's ipv6 config.

I believe your config should look like this:

config ipv6
set ip6-mode delegated
set ip6-delegated-prefix-iaid 1
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1:0:0:0:1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end

View solution in original post

4 REPLIES 4
jgreenburg
Staff
Staff

I was able to re-create the issue using the cmdlist you provided.  I think I have a simple solution.

You have an iapd entry on your upstream WAN interface but the ip6-delegated-prefix-iaid setting is not referencing it on your LAN interface's ipv6 config.

I believe your config should look like this:

config ipv6
set ip6-mode delegated
set ip6-delegated-prefix-iaid 1
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1:0:0:0:1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end

nomeursy
New Contributor III

@jgreenburg,

 

tnx for your solution, it works.
Could not test IPv6 yet, because my provider will enable it next week, but config is in place!

 

There however must be a bug in the GUI, because I tried it first on the GUI, same error. looked in the CLI and found the "config dhcp6-iapd-list", tis is not in all the examples on the internet, it was "set dhcp6-prefix-hint". But maybe it changes in 7.0.

Anyhow, thanks for your feedback!

fwelvering

Hi @nomeursy ,

 

Did you get this working?
I can get an public IPv6 with Ziggo, my internal interface has an IPv6 to but my devices won't get an IP assigned.

 

My Configs

WAN:
edit "wan1"
set vdom "root"
set mode dhcp
set type physical
set monitor-bandwidth enable
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
config dhcp6-iapd-list
edit 1
set prefix-hint ::/64
next
end
end
next

Internal
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping
set ip6-delegated-prefix-iaid 1
set dhcp6-prefix-delegation enable
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set subnet ::/64
set rdnss-service delegated
next
end
config dhcp6-iapd-list
edit 22
set prefix-hint ::/64
next
end

 

any help would be appriciated

nomeursy
New Contributor III

Hi @fwelvering,

 

Yes I got it working.

 

The problem was in how to set DHCPv6.

My working config you can find below:

 

config system interface

    edit "wan1"

        set vdom "root"

        set mode dhcp

        set type physical

        set description "WAN Ziggo"

        set alias "Internet Ziggo"

        set monitor-bandwidth enable

        set role wan

        set snmp-index 1

        config ipv6

            set ip6-mode dhcp

            set ip6-allowaccess ping

            set dhcp6-prefix-delegation enable

            config dhcp6-iapd-list

                edit 1

                    set prefix-hint ::/56

                next

            end

        end

    next

   

    edit "internal"

        config ipv6

            set ip6-mode delegated

            set ip6-delegated-prefix-iaid 1

            set ip6-send-adv enable

            set ip6-manage-flag enable

            set ip6-other-flag enable

            set ip6-upstream-interface "wan1"

            set ip6-subnet xxxx:xxxx:xxxx:xxxx::1/64

        end

    next

end

 

config system dhcp6 server

    edit 1

        set dns-service delegated

        set subnet xxxx:xxxx:xxxx:xxxx::/64

        set interface "internal"

        set upstream-interface "wan1"

        set delegated-prefix-iaid 1

        set ip-mode delegated

    next

end

 

Note: “Stateless Address Auto-configuration (SLAAC)” = Disabled

 

The xxxx’s in the subnet, I copied from the “internal” interface, after it got his IPv6 address.

 

Hope this helps!