Hi guys,
I've been trying to get IPv6 to work properly on our 30E but I'm have a lot of difficulty setting it up correctly.
On the WAN side we're receiving an IPv6 address from the ISP and we're able to ping6 to random IPv6 hosts:
# get system interface physical == [onboard] ==[wan] mode: dhcp ip: 62.xxx.67.xxx 255.255.252.0 ipv6: 2a02:xxx:xxx:9::9ee/128 status: up speed: 1000Mbps (Duplex: full)
# execute ping6 google.com PING google.com(2a00:1450:400e:80a::200e) 56 data bytes 64 bytes from 2a00:1450:400e:80a::200e: icmp_seq=1 ttl=55 time=15.0 ms 64 bytes from 2a00:1450:400e:80a::200e: icmp_seq=2 ttl=55 time=13.5 ms 64 bytes from 2a00:1450:400e:80a::200e: icmp_seq=3 ttl=55 time=14.9 ms 64 bytes from 2a00:1450:400e:80a::200e: icmp_seq=4 ttl=55 time=13.6 ms 64 bytes from 2a00:1450:400e:80a::200e: icmp_seq=5 ttl=55 time=15.8 ms
But we can't get the LAN devices to receive an IPv6 IP address. I've gone through tons of posts and tutorials without any success. Here's a brief output of the WAN and LAN interface configs:
# show system interface wan config system interface edit "wan" set vdom "root" set mode dhcp set distance 2 set allowaccess ping https http fgfm set type physical set role wan set snmp-index 1 config ipv6 set ip6-mode dhcp set ip6-allowaccess ping https ssh set dhcp6-prefix-delegation enable end set macaddr xx:xx:xx:xx:xx:xx next end
# show system interface lan config system interface edit "lan" set vdom "root" set ip 192.168.1.254 255.255.255.0 set allowaccess ping https ssh http fgfm capwap set type hard-switch set stp enable set device-identification enable set fortiheartbeat enable set role lan set snmp-index 4 config ipv6 set ip6-mode dhcp set ip6-allowaccess ping https ssh http fgfm capwap end next end
We're pretty sure the lack of IPv6 on the LAN side has to do with the settings in system config dhcp6 server, which are non-existent but it's unclear how we are to set this up. Trying to follow this guide didn't get us anywhere. Specifically because of some of the terms used. For instance interface "port29", is this a WAN or LAN facing interface (the set-role attribute isn't used anywhere). Also the choice to assign IP address fd00::1/64, which to the best of our knowledge is a ULA address used for local traffic, is unclear. Also, with the trailing "/64", wouldn't this allow for an immensely large pool of IP addresses?
What we're trying to achieve here is that all the hosts on our network receive an IP address in our ISP's range of 2a02:xxx.
Before the 30E we had a Linksys LRT214 which did this all out-of-the-box and at home I have an AmpliFi which also just works when enabling the IPv6 checkmark :).
Any help with this would be greatly appreciated. Thanks in advance,
Kris Coady
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Update:
The guide at https://blah.cloud/networks/enabling-ipv6-dhcpv6-pd-pppoe-fortigate/ helped fix the issue. Specifically the following lines of code on the LAN interface:
config ipv6 set ip6-mode delegated set ip6-allowaccess ping https ssh http fgfm capwap set ip6-send-adv enable set ip6-manage-flag enable set ip6-upstream-interface "wan" set ip6-subnet ::1/64 config ip6-delegated-prefix-list edit 1 set upstream-interface "wan" set autonomous-flag enable set onlink-flag enable set subnet ::/64
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.