Created on 08-01-2019 07:26 AM Edited on 06-02-2022 10:00 AM By Anonymous
Description
This article describes how to delegate IPv6 prefix from delegating router (Prefix Delegation Server) to a requesting router (Prefix Delegation Client) and use those prefixes to assign global IPv6 addresses to the devices on its internal interfaces. It is based on use of DHCPv6 messages ( RFC 3633 ) and sometimes is known as DHCPv6 Prefix Delegation.
Useful links:
Fortinet Documentation
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/FeatureCatalog-ipv6.htm
Solution
The PPPoE server can be set up on some router ( in this KB Cisco 1841 )
Here is the Step by Step guide:
Example setup of PPPoE server
Enable ipv6, dhcpv6 server:
#ipv6 unicast-routingInterfaces configuration:
ipv6 cef
ipv6 dhcp pool dhcpv6
prefix-delegation pool dhcpv6-pool1 lifetime 1800 600
dns-server 2001:4860:4860::8888
end
ipv6 local pool dhcpv6-pool1 2A02:A440:8932::/48 48
#bba-group pppoe globalExample setup of PPPoE client:
virtual-template 1
!
interface FastEthernet0/0
no ip address
load-interval 30
duplex auto
speed auto
ipv6 enable
pppoe enable group global
standby use-bia
standby version 2
!
interface Virtual-Template1
mtu 1492
no ip address
ipv6 unnumbered FastEthernet0/0
ipv6 enable
no ipv6 nd ra suppress
ipv6 dhcp server dhcpv6
no peer default ip address
ppp authentication pap chap
!
#config system interface
edit "port1"
set ip 192.168.1.99 255.255.255.0set description "LAN - downstream"set role lanconfig ipv6set ip6-allowaccess ping https httpset ip6-address 2a02:a440:8932:1::1/64set ip6-send-adv enableset ip6-manage-flag enable disableset ip6-other-flag enableconfig ip6-delegated-prefix-list
edit 1
set upstream-interface "pppoe1"
set autonomous-flag enable
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end
next
edit "port4"
set type physical
set description "WAN - upstream"
set estimated-upstream-bandwidth 102400
set estimated-downstream-bandwidth 102400
set role wan
set snmp-index 4
config ipv6
set ip6-allowaccess ping https
set ip6-retrans-time 4000
set dhcp6-prefix-delegation enable
set autoconf enable
end
set mtu-override enable
set mtu 1492
next
edit "pppoe1"
set vdom "root"
set mode pppoe
set allowaccess ping https
set type tunnel
set snmp-index 9
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping ssh
set dhcp6-prefix-delegation enable
set dhcp6-prefix-hint 2a02:a440:8932::/48
set ip6-upstream-interface "port4"
end
set interface "port4"
next
end
Troubleshooting:
Check DHCPv6 bindings ( server )
#Router#show ipv6 dhcp binding
Client: FE80::724C:A5F1:FFFE:AAA3
DUID: 00010001386D4380000000000000
Username : admin
Interface : Virtual-Access1.1
IA PD: IA ID 0x0000001C, T1 300, T2 480
Prefix: 2A02:A440:8932::/48
preferred lifetime 600, valid lifetime 1800
expires at Aug 01 2019 09:25 AM (1742 seconds)
Check IPv6 assignments ( client )
# diagnose ipv6 address list
dev=9 devname=port1 flag=P scope=0 prefix=64 addr=2a02:a440:8932:1::1 preferred=4294967295 valid=4294967295
dev=9 devname=port1 flag=P scope=253 prefix=64 addr=fe80::724c:a5ff:feef:aaa0 preferred=4294967295 valid=4294967295
dev=12 devname=port4 flag=P scope=253 prefix=64 addr=fe80::724c:a5ff:feef:aaa3 preferred=4294967295 valid=4294967295
dev=24 devname=root flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295
dev=28 devname=pppoe1 flag=P scope=253 prefix=10 addr=fe80::724c:a5f1:fffe:aaa3 preferred=4294967295 valid=4294967295
dev=29 devname=vsys_ha flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295
dev=31 devname=vsys_fgfm flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295
Check IPv6 assignments ( internal client )
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.