Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nomeursy
New Contributor III

Error when addin IPv6 with deligation to LAN interface

Hi, I trying to add IPv6 to existing interfaces on my Fortigate 60E running 7.0.2

 

The WAN part was no problem.

 

When adding the configuration to the LAN (internal) interface, I got an error:

object check operator error, 1, discard the setting

Command fail. Return code 1

 

Config WAN:

FTG60E (wan1) # show

config system interface

edit "wan1"

set vdom "root"

set mode dhcp

set allowaccess ping

set type physical

set description "WAN Ziggo"

set alias "Internet Ziggo"

set lldp-reception enable

set monitor-bandwidth enable

set role wan

set snmp-index 1

config ipv6

set ip6-mode dhcp

set ip6-allowaccess ping

set dhcp6-prefix-delegation enable

config dhcp6-iapd-list

edit 1

set prefix-hint ::/56

next

end

end

 

Confige I try to add to LAN:

config system interface

 edit "internal"

FTG60E-BMR-001 (internal) # config ipv6

FTG60E (ipv6) # set ip6-mode delegated

FTG60E (ipv6) # set ip6-send-adv enable

FTG60E (ipv6) # set ip6-other-flag enable

FTG60E (ipv6) # set ip6-upstream-interface "wan1"

FTG60E (ipv6) # set ip6-subnet ::1/64

FTG60E (ipv6) # config ip6-delegated-prefix-list

FTG60E (ip6-delegated-pr~ist) # edit 1

FTG60E (1) # set upstream-interface "wan1"

FTG60E (1) # set autonomous-flag enable

FTG60E (1) # set onlink-flag enable

FTG60E (1) # set subnet 0:0:0:1::/64

FTG60E (1) # next

FTG60E (ip6-delegated-pr~ist) # end

FTG60E (ipv6) # end

 

object check operator error, 1, discard the setting

Command fail. Return code 1

 

EME-FTG60E-BMR-001 (internal) #

 

Any thoughts or help will be welcome

1 Solution
jgreenburg
Staff
Staff

I was able to re-create the issue using the cmdlist you provided.  I think I have a simple solution.

You have an iapd entry on your upstream WAN interface but the ip6-delegated-prefix-iaid setting is not referencing it on your LAN interface's ipv6 config.

I believe your config should look like this:

config ipv6
set ip6-mode delegated
set ip6-delegated-prefix-iaid 1
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1:0:0:0:1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end

View solution in original post

4 REPLIES 4
jgreenburg
Staff
Staff

I was able to re-create the issue using the cmdlist you provided.  I think I have a simple solution.

You have an iapd entry on your upstream WAN interface but the ip6-delegated-prefix-iaid setting is not referencing it on your LAN interface's ipv6 config.

I believe your config should look like this:

config ipv6
set ip6-mode delegated
set ip6-delegated-prefix-iaid 1
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1:0:0:0:1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end

nomeursy
New Contributor III

@jgreenburg,

 

tnx for your solution, it works.
Could not test IPv6 yet, because my provider will enable it next week, but config is in place!

 

There however must be a bug in the GUI, because I tried it first on the GUI, same error. looked in the CLI and found the "config dhcp6-iapd-list", tis is not in all the examples on the internet, it was "set dhcp6-prefix-hint". But maybe it changes in 7.0.

Anyhow, thanks for your feedback!

fwelvering

Hi @nomeursy ,

 

Did you get this working?
I can get an public IPv6 with Ziggo, my internal interface has an IPv6 to but my devices won't get an IP assigned.

 

My Configs

WAN:
edit "wan1"
set vdom "root"
set mode dhcp
set type physical
set monitor-bandwidth enable
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
config dhcp6-iapd-list
edit 1
set prefix-hint ::/64
next
end
end
next

Internal
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping
set ip6-delegated-prefix-iaid 1
set dhcp6-prefix-delegation enable
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set subnet ::/64
set rdnss-service delegated
next
end
config dhcp6-iapd-list
edit 22
set prefix-hint ::/64
next
end

 

any help would be appriciated

nomeursy
New Contributor III

Hi @fwelvering,

 

Yes I got it working.

 

The problem was in how to set DHCPv6.

My working config you can find below:

 

config system interface

    edit "wan1"

        set vdom "root"

        set mode dhcp

        set type physical

        set description "WAN Ziggo"

        set alias "Internet Ziggo"

        set monitor-bandwidth enable

        set role wan

        set snmp-index 1

        config ipv6

            set ip6-mode dhcp

            set ip6-allowaccess ping

            set dhcp6-prefix-delegation enable

            config dhcp6-iapd-list

                edit 1

                    set prefix-hint ::/56

                next

            end

        end

    next

   

    edit "internal"

        config ipv6

            set ip6-mode delegated

            set ip6-delegated-prefix-iaid 1

            set ip6-send-adv enable

            set ip6-manage-flag enable

            set ip6-other-flag enable

            set ip6-upstream-interface "wan1"

            set ip6-subnet xxxx:xxxx:xxxx:xxxx::1/64

        end

    next

end

 

config system dhcp6 server

    edit 1

        set dns-service delegated

        set subnet xxxx:xxxx:xxxx:xxxx::/64

        set interface "internal"

        set upstream-interface "wan1"

        set delegated-prefix-iaid 1

        set ip-mode delegated

    next

end

 

Note: “Stateless Address Auto-configuration (SLAAC)” = Disabled

 

The xxxx’s in the subnet, I copied from the “internal” interface, after it got his IPv6 address.

 

Hope this helps!

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors