Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Kedare
New Contributor

Created on ‎08-06-2012 12:25 PM

Issue with radvd (IPv6 ND/RA) : No IP distributed

Hello, I have some issue on configuring Neighbor advertisement on my Fortiwifi 60C. I' ve configured the interface like this : 
config system interface
     edit " wifi" 
         set vdom " root" 
         set ip 192.168.3.129 255.255.255.192
         set allowaccess ping https ssh snmp
         set type vap-switch
             config ipv6
                 set ip6-address 2001:470:cc3c::1/48
                 set ip6-allowaccess ping https ssh
                 set ip6-manage-flag enable
                 set ip6-other-flag enable
                     config ip6-prefix-list
                         edit 2001:470:cc3c::/48
                             set autonomous-flag enable
                             set onlink-flag enable
                             set preferred-life-time 3600
                         next
                     end
                 set ip6-send-adv enable
             end
     next
 end
But when my clients try to get IPv6 configuration, they get nothing, and I get this error when debugging RADVD on the Fortigate. 
recvmsg len=8
 found Interface: wifi
 sending RA on wifi
 sending RA on wifi@0 err=56 errno=4
 radvd_main:361, no pending task
I can' t find what can be the problem.... Can you help me ? Thank you
6146
0 Kudos
6 REPLIES 6
emnoc
Esteemed Contributor III

Created on ‎08-06-2012 04:20 PM

What is a vap-switch ? Have you conduct a diag sniffer to see if the RA is being sent?

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
3512
0 Kudos
pchechani_FTNT
Staff
Staff

Created on ‎08-06-2012 08:12 PM

@Kedare, Does your client machine has static ipv6 configured or you using dhcpv6 server on fortigate to get ipv6 for the client? which clients you are trying to connect, windows or linux (ubuntu, fedora) machines I have ubuntu machine and it get dhcp ipv6 from fortigate 80CM and FAP 220B. @emnoc vap-switch: Virtual Access Point switch
-p
3512
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎08-07-2012 07:24 AM

With the manage flag, we are expecting a DHCPv6 server, but RA announcements should still be sent.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
3512
0 Kudos
Kedare
New Contributor

Created on ‎08-08-2012 02:56 AM

My machines are all configured to get automatically IPv6 from the network. I tried with both Windows and Os X computers, Android devices and I get the same issue on all of them. I did not had the occasion yet to sniff the traffic. EDIT: I sniffed the traffic with tcpdump on a Host on the network (Ubuntu) and I get the RA : 
13:22:22.452624 IP6 fe80::2ff:17ff:fe82:7a > ip6-allnodes: ICMP6, router advertisement, length 56
 13:22:22.453186 IP6 fe80::2ff:17ff:fe82:7a > ip6-allnodes: ICMP6, router advertisement, length 56
And another one in more verbose mode : 
13:27:38.663655 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::2ff:17ff:fe82:7a > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 56
         hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s
           prefix info option (3), length 32 (4): 2001:470:cc3c::/48, Flags [onlink, auto], valid time 3s, pref. time 1s
             0x0000:  30c0 0000 0003 0000 0001 0000 0000 2001
             0x0010:  0470 cc3c 0000 0000 0000 0000 0000
           source link-address option (1), length 8 (1): 00:ff:17:82:00:7a]
(valid time and pref time low values are normal, it' s for testing) I forgot to mention my version of FortiOS: v4.0,build0632,120705 (MR3 Patch 8)
3512
0 Kudos
Kedare
New Contributor

Created on ‎08-08-2012 05:19 AM

I also found something strange, it looks like the hosts get the routes but not the IP, they only get routes using the link local IPv6 : 
Kernel IPv6 routing table
 Destination                    Next Hop                   Flag Met Ref Use If
 2001:470:cc3c::/48             ::                         UAe  256 0     0 wlan0
 2a00:1450:4007:802::1014/128   fe80::2ff:17ff:fe82:7a     UG   1024 0    23 wlan0
 fe80::/64                      ::                         U    256 0     0 wlan0
 ::/0                           fe80::2ff:17ff:fe82:7a     UG   1   0     0 wlan0
 ::/0                           fe80::2ff:17ff:fe82:7a     UGDAe 1024 0     0 wlan0
 ::/0                           ::                         !n   -1  1    27 lo
 ::1/128                        ::                         Un   0   1    11 lo
 fe80::211:9ff:febf:5a86/128    ::                         Un   0   1    37 lo
 ff00::/8                       ::                         U    256 0     0 wlan0
 ::/0                           ::                         !n   -1  1    27 lo
fe80::2ff:17ff:fe82:7a = Fortigate link local IPv6
3512
0 Kudos
Kedare
New Contributor

Created on ‎08-08-2012 06:03 AM

I just found the problem.... I' m stupid I try to distribute a /48 but it' s not usable with autoconfiguration... :) Subnetted to /64 and now works fine Thank you :)
3512
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.