Forgive if this is loaded somewhere else.
I'm running into a snag here. I am currently on Spectrum and getting a /128 from them. According to my WAN1 interface.
I am trying to get the DHCP to passthrough to my clients on a vlan, anyone have any luck with this?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you speak with your provider? They will tell you what size prefix is belng delegated , typically /48 or /56 and then you configure the fortigate for the ipv6 delegation on the wan and you pass a prefix in that delegation to your inside lans
e.g
config sys inteface
edit wan1
config ipv6
set ipv6 dhcp-prefix-delegation enable
set dhcp6-prefix-hint 2001:db8:44 /56
end
Once you have the assignment, you use slacc on your internal lans for assignments of the /64 to the hosts machines.
config sys int
edit port1
config ipv6
set ip6-allowaccess ssh ping https
set ip6-mode delegate
set ip6-upstream wan1
end
Yes it's really that easy you need to speak to your ISP
Ken Felix
PCNSE
NSE
StrongSwan
Do a search on configuring IPv6 prefix-delegation on your Fortigate.
You need a fortiOS version that support IPV6PD and what is the service provider giving you ( e.g a /48 ) ?
Ken Felix
PCNSE
NSE
StrongSwan
Hey Micah,
I've actually done this successfully with Spectrum. This is where I found the most help: https://www.reddit.com/r/fortinet/comments/4p74xi/541_and_dhcpv6pd_prefix_hint/
Here is what I ended up configuring (single LAN for now). On my WAN interface:
edit "wan1"
set mode dhcp
set alias "Charter"
set role wan
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping https
set dhcp6-prefix-delegation enable
set dhcp6-prefix-hint ::/56
end
next
Then on my internal interface:
config ipv6
set ip6-mode delegated
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan1"
set ip6-subnet ::1/64
config ip6-delegated-prefix-list
edit 1
set upstream-interface "wan1"
set autonomous-flag enable
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end
Hope it helps! - Daniel
I have a Fortigate 60F running 6.2.3
I "think" they are handing out a /64, the fortigate right now shows a /128. From what i have ready, the fortigate will always show that.
Another thing i noticed, is that Daniel has the following -
edit 1 set upstream-interface "wan1" set autonomous-flag enable set onlink-flag enable set subnet 0:0:0:1::/64
When i paste that in, the autonomous and onlink CLI disappear.
Did you speak with your provider? They will tell you what size prefix is belng delegated , typically /48 or /56 and then you configure the fortigate for the ipv6 delegation on the wan and you pass a prefix in that delegation to your inside lans
e.g
config sys inteface
edit wan1
config ipv6
set ipv6 dhcp-prefix-delegation enable
set dhcp6-prefix-hint 2001:db8:44 /56
end
Once you have the assignment, you use slacc on your internal lans for assignments of the /64 to the hosts machines.
config sys int
edit port1
config ipv6
set ip6-allowaccess ssh ping https
set ip6-mode delegate
set ip6-upstream wan1
end
Yes it's really that easy you need to speak to your ISP
Ken Felix
PCNSE
NSE
StrongSwan
Well.
I called Spectrum, the first person i talked to said since i have my own firewall, they cant log in and see what im getting for a prefix. I then told her, that they should know what they are handing out. there is no need to log into my device. She then stated they had to in order to see, since multiple firewalls give different prefixes. I then asked for a manager. He then told me the same thing. I tried to explain this in ipv4 terms, and he seemed to understand, but he then came up with, we don't know and they don't deal with those types of issues. I then asked to talk to his supervisor, which i was told there just busy right now, maybe call later.
I realized i would not be getting a call back, i will try tomorrow.
It sound like your up a creek with no paddle. if you think you have IPV6-DHCP, you can look at your ipv6 routing table and that will show you want you are being assigned. Sounds like you do not have ipv6 since you mention a /128 earlier.
What is your wan interface cfg as ( is it static ip6 or mode dhcp6 ) that would be a start and a clue as to where you are at.
If you have a linux or window host, you could maybe config it for dhcp6-client and grab the details that 1> dhcp6 is being used 2> what one of the 100s or 1000s ipv6 assignment that spectrum uses.
Ken Felix
PCNSE
NSE
StrongSwan
I did some more digging, when i hook up a laptop direct, i do not get an IPV6 address with that either. So, ill be calling again to see whats up.
Once i can get that going, i can start seeing about the rest. My head already hurts in having to call them
we have good news, its a ::/56
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1666 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.