DHCPv6

DHCPv6

You can use DHCP with IPv6 using the CLI. To configure DHCP, ensure IPv6 is enabled by going to System > Feature Visibility and enabling IPv6.

Use the CLI command config system dhcp6

For more information on the configuration options, see the FortiGate CLI Reference.

DHCP delegated mode

Downstream IPv6 interfaces can receive address assignments on delegated subnets from a DHCP server that serves an upstream interface.

DHCPv6-PD configuration

Enable DHCPv6 Prefix Delegation on upstream interface (port10): config system interface edit “port10” config ipv6

set dhcp6-prefix-delegation enable end

end

Assign delegated prefix on downstream interface (port1). Optionally, specific delegated prefixes can be specified: config system interface

edit “port1”

config ipv6

set ip6-mode delegated set ip6-upstream-interface “port10” set ip6-subnet ::1:0:0:0:1/64 set ip6-send-adv enable config ipv6-delegated-prefix-list edit 1

set upstream-interface “port10” set autonomous-flag enable set onlink-flag enable set subnet 0:0:0:100::/64 end end

end

DHCPv6 server configuration

Configuring a server that uses delegated prefix and DNS from upstream: config system dhcp6 server edit 1

set dns-service delegated

set interface “wan2” set upstream-interface “wan1” set ip-mode delegated set subnet 0:0:0:102::/64

end

DHCPv6 relay

You can use the following command to configure a FortiGate interface to relay DHCPv6 queries and responses from one network to a network with a DHCPv6 server and back. The command enables DHCPv6 relay and includes adding the IPv6 address of the DHCP server that the FortiGate unit relays DHCPv6 requests to:

config system interface edit internal config ipv6 set dhcp6-relay-service enable set dhcp6-relay-type regular set dhcp6-relay-ip 2001:db8:0:2::30

end

This entry was posted in Administration Guides, FortiGate, FortiOS 6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.