Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IPv6 / DHCP-PD / Fortigate

kghgk
I've been here awhile

‎11-19-2019 07:28 AM - last edited on ‎11-19-2019 08:30 AM by Moderator

Information for any who may use it.

 

Objectives:

- Address each routed segment with IPv6

  - Obtain /56 from Cable

  - Assign /64 to segments to allow IPv6 clients to use SLAAC

 

Started with this link to get IPv6 enabled and receiving the delegation:

https://www.techwithahammer.com/2018/06/30/fortigate-6-0-1-ipv6-with-prefix-delegation/

 

Revised configuration based on the PD /56 and a /64 delegated to each routed segment:

config system dhcp6 server
 edit 22
  set rapid-commit enable
  set dns-service delegated
  set subnet 0:0:0:22::/64
  set interface "int-swi2"
  set upstream-interface "wan1"
  set ip-mode delegated
 next
 edit 20
  set rapid-commit enable
  set dns-service delegated
  set subnet 0:0:0:20::/64
  set interface "int-swi1"
  set upstream-interface "wan1"
  set ip-mode delegated
 next
end

config system interface
 edit "wan1"
  set vdom "root"
  set mode dhcp
  set allowaccess ping https ssh
  set vlanforward enable
  set type physical
  set role wan
  set snmp-index 1
  config ipv6
   set ip6-mode dhcp
   set dhcp6-prefix-delegation enable
   set dhcp6-prefix-hint ::/56
   set dhcp6-prefix-hint-plt 0
   set dhcp6-prefix-hint-vlt 0
  end
 next
 edit "int-swi1"
  set vdom "root"
  set ip x.x.x.1 255.255.255.0
  set allowaccess https ssh snmp
  set vlanforward enable
  set type hard-switch
  set role dmz
  set snmp-index 12
  config ipv6
   set ip6-mode delegated
   set ip6-allowaccess ping https ssh
   set dhcp6-prefix-delegation enable
   set ip6-send-adv enable
   set ip6-manage-flag enable
   set ip6-other-flag enable
   set ip6-upstream-interface "wan1"
   set ip6-subnet 0:0:0:20::/64
   config ip6-delegated-prefix-list
   edit 1
    set upstream-interface "wan1"
    set subnet 0:0:0:20::/64
    next
   end
  end
next
edit "int-swi2"
 set vdom "root"
  set ip x.x.x.1 255.255.255.0
  set type hard-switch
  set device-identification enable
  set role lan
  set snmp-index 15
  config ipv6
  set ip6-mode delegated
  set ip6-allowaccess ping https ssh
  set dhcp6-prefix-delegation enable
  set ip6-send-adv enable
  set ip6-manage-flag enable
  set ip6-other-flag enable
  set ip6-upstream-interface "wan1"
  set ip6-subnet 0:0:0:22::/64
  config ip6-delegated-prefix-list
   edit 1
    set upstream-interface "wan1"
    set subnet 0:0:0:22::/64
   next
  end
 end
next
end

 

Using this you can address your /64 segments from ::/64 (0:0:0:00::/64) to 0:0:0:ff::/64

 

*Added Labels*

Labels:
1 REPLY 1

Re: IPv6 / DHCP-PD / Fortigate

RogersMoin
Moderator
Moderator

‎11-19-2019 11:17 AM

Hello, @kghgk.

 

Thank you for sharing the IPv6 configuration with the Community. I appreciate your contribution and for your help in keeping the Community a pleasant to be. 👍

 

Cheers,
RogersMoin
 

0 Likes
Topic Stats
  • 1 reply
  • ‎11-19-2019 07:28 AM
  • 3276 views
  • 1 Like
  • 2 in conversation
Copyright © 2024 Khoros, LLC