Hi, I trying to add IPv6 to existing interfaces on my Fortigate 60E running 7.0.2
The WAN part was no problem.
When adding the configuration to the LAN (internal) interface, I got an error:
object check operator error, 1, discard the setting
Command fail. Return code 1
Config WAN:
FTG60E (wan1) # show
config system interface
edit "wan1"
set vdom "root"
set mode dhcp
set allowaccess ping
set type physical
set description "WAN Ziggo"
set alias "Internet Ziggo"
set lldp-reception enable
set monitor-bandwidth enable
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
config dhcp6-iapd-list
edit 1
set prefix-hint ::/56
next
end
end
Confige I try to add to LAN:
config system interface
edit "internal"
FTG60E-BMR-001 (internal) # config ipv6
FTG60E (ipv6) # set ip6-mode delegated
FTG60E (ipv6) # set ip6-send-adv enable
FTG60E (ipv6) # set ip6-other-flag enable
FTG60E (ipv6) # set ip6-upstream-interface "wan1"
FTG60E (ipv6) # set ip6-subnet ::1/64
FTG60E (ipv6) # config ip6-delegated-prefix-list
FTG60E (ip6-delegated-pr~ist) # edit 1
FTG60E (1) # set upstream-interface "wan1"
FTG60E (1) # set autonomous-flag enable
FTG60E (1) # set onlink-flag enable
FTG60E (1) # set subnet 0:0:0:1::/64
FTG60E (1) # next
FTG60E (ip6-delegated-pr~ist) # end
FTG60E (ipv6) # end
object check operator error, 1, discard the setting
Command fail. Return code 1
EME-FTG60E-BMR-001 (internal) #
Any thoughts or help will be welcome
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I was able to re-create the issue using the cmdlist you provided. I think I have a simple solution.
You have an iapd entry on your upstream WAN interface but the ip6-delegated-prefix-iaid setting is not referencing it on your LAN interface's ipv6 config.
I believe your config should look like this:
config ipv6
set ip6-mode delegated
set ip6-delegated-prefix-iaid 1
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1:0:0:0:1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end
I was able to re-create the issue using the cmdlist you provided. I think I have a simple solution.
You have an iapd entry on your upstream WAN interface but the ip6-delegated-prefix-iaid setting is not referencing it on your LAN interface's ipv6 config.
I believe your config should look like this:
config ipv6
set ip6-mode delegated
set ip6-delegated-prefix-iaid 1
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1:0:0:0:1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end
tnx for your solution, it works.
Could not test IPv6 yet, because my provider will enable it next week, but config is in place!
There however must be a bug in the GUI, because I tried it first on the GUI, same error. looked in the CLI and found the "config dhcp6-iapd-list", tis is not in all the examples on the internet, it was "set dhcp6-prefix-hint". But maybe it changes in 7.0.
Anyhow, thanks for your feedback!
Hi @nomeursy ,
Did you get this working?
I can get an public IPv6 with Ziggo, my internal interface has an IPv6 to but my devices won't get an IP assigned.
My Configs
WAN:
edit "wan1"
set vdom "root"
set mode dhcp
set type physical
set monitor-bandwidth enable
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
config dhcp6-iapd-list
edit 1
set prefix-hint ::/64
next
end
end
next
Internal
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping
set ip6-delegated-prefix-iaid 1
set dhcp6-prefix-delegation enable
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set subnet ::/64
set rdnss-service delegated
next
end
config dhcp6-iapd-list
edit 22
set prefix-hint ::/64
next
end
any help would be appriciated
Hi @fwelvering,
Yes I got it working.
The problem was in how to set DHCPv6.
My working config you can find below:
config system interface
edit "wan1"
set vdom "root"
set mode dhcp
set type physical
set description "WAN Ziggo"
set alias "Internet Ziggo"
set monitor-bandwidth enable
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
config dhcp6-iapd-list
edit 1
set prefix-hint ::/56
next
end
end
next
edit "internal"
config ipv6
set ip6-mode delegated
set ip6-delegated-prefix-iaid 1
set ip6-send-adv enable
set ip6-manage-flag enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet xxxx:xxxx:xxxx:xxxx::1/64
end
next
end
config system dhcp6 server
edit 1
set dns-service delegated
set subnet xxxx:xxxx:xxxx:xxxx::/64
set interface "internal"
set upstream-interface "wan1"
set delegated-prefix-iaid 1
set ip-mode delegated
next
end
Note: “Stateless Address Auto-configuration (SLAAC)” = Disabled
The xxxx’s in the subnet, I copied from the “internal” interface, after it got his IPv6 address.
Hope this helps!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.