- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Issue with radvd (IPv6 ND/RA) : No IP distributed
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue with radvd (IPv6 ND/RA) : No IP distributed
Hello,
I have some issue on configuring Neighbor advertisement on my Fortiwifi 60C. I' ve configured the interface like this :
config system interface
edit " wifi"
set vdom " root"
set ip 192.168.3.129 255.255.255.192
set allowaccess ping https ssh snmp
set type vap-switch
config ipv6
set ip6-address 2001:470:cc3c::1/48
set ip6-allowaccess ping https ssh
set ip6-manage-flag enable
set ip6-other-flag enable
config ip6-prefix-list
edit 2001:470:cc3c::/48
set autonomous-flag enable
set onlink-flag enable
set preferred-life-time 3600
next
end
set ip6-send-adv enable
end
next
end
But when my clients try to get IPv6 configuration, they get nothing, and I get this error when debugging RADVD on the Fortigate.
recvmsg len=8 found Interface: wifi sending RA on wifi sending RA on wifi@0 err=56 errno=4 radvd_main:361, no pending taskI can' t find what can be the problem.... Can you help me ? Thank you
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is a vap-switch ? Have you conduct a diag sniffer to see if the RA is being sent?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Kedare,
Does your client machine has static ipv6 configured or you using dhcpv6 server on fortigate to get ipv6 for the client?
which clients you are trying to connect, windows or linux (ubuntu, fedora) machines
I have ubuntu machine and it get dhcp ipv6 from fortigate 80CM and FAP 220B.
@emnoc
vap-switch: Virtual Access Point switch
-p
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With the manage flag, we are expecting a DHCPv6 server, but RA announcements should still be sent.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My machines are all configured to get automatically IPv6 from the network.
I tried with both Windows and Os X computers, Android devices and I get the same issue on all of them.
I did not had the occasion yet to sniff the traffic.
EDIT: I sniffed the traffic with tcpdump on a Host on the network (Ubuntu) and I get the RA :
13:22:22.452624 IP6 fe80::2ff:17ff:fe82:7a > ip6-allnodes: ICMP6, router advertisement, length 56 13:22:22.453186 IP6 fe80::2ff:17ff:fe82:7a > ip6-allnodes: ICMP6, router advertisement, length 56And another one in more verbose mode :
13:27:38.663655 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::2ff:17ff:fe82:7a > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 56
hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s
prefix info option (3), length 32 (4): 2001:470:cc3c::/48, Flags [onlink, auto], valid time 3s, pref. time 1s
0x0000: 30c0 0000 0003 0000 0001 0000 0000 2001
0x0010: 0470 cc3c 0000 0000 0000 0000 0000
source link-address option (1), length 8 (1): 00:ff:17:82:00:7a]
(valid time and pref time low values are normal, it' s for testing)
I forgot to mention my version of FortiOS: v4.0,build0632,120705 (MR3 Patch 8)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also found something strange, it looks like the hosts get the routes but not the IP, they only get routes using the link local IPv6 :
Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:470:cc3c::/48 :: UAe 256 0 0 wlan0 2a00:1450:4007:802::1014/128 fe80::2ff:17ff:fe82:7a UG 1024 0 23 wlan0 fe80::/64 :: U 256 0 0 wlan0 ::/0 fe80::2ff:17ff:fe82:7a UG 1 0 0 wlan0 ::/0 fe80::2ff:17ff:fe82:7a UGDAe 1024 0 0 wlan0 ::/0 :: !n -1 1 27 lo ::1/128 :: Un 0 1 11 lo fe80::211:9ff:febf:5a86/128 :: Un 0 1 37 lo ff00::/8 :: U 256 0 0 wlan0 ::/0 :: !n -1 1 27 lofe80::2ff:17ff:fe82:7a = Fortigate link local IPv6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just found the problem.... I' m stupid I try to distribute a /48 but it' s not usable with autoconfiguration... :)
Subnetted to /64 and now works fine
Thank you :)
Related Posts
- BGP Route-map - set match-interface 4981 Views
- High Memory 3610 Views
- NSX-T: FortiManager - Fortigate as North... 1368 Views
- Mixed up Timestamps in Netflow 7440 Views
Labels
-
FortiGate
6,675 -
FortiClient
1,330 -
5.2
801 -
5.4
639 -
FortiManager
577 -
FortiAnalyzer
422 -
6.0
416 -
5.6
362 -
FortiSwitch
342 -
FortiAP
339 -
FortiClient EMS
272 -
FortiMail
259 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
159 -
6.4
128 -
FortiNAC
109 -
FortiGuard
106 -
FortiSIEM
92 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
79 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
67 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
30 -
SD-WAN
30 -
Firewall policy
29 -
High Availability
24 -
FortiConnect
24 -
VLAN
22 -
FortiWAN
22 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Logging
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
10 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Authentication
8 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSO
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.