DHCPv6 stateful server
Similar to a DHCPv4 server, a DHCPv6 server is stateful. It can track client/server states, assign IP addresses to clients, and maintain full control over the process. In addition to assigning IP addresses, a DHCP server can also provide DNS server addresses. However, this IP address assignment method does not support failover protection. If the DHCPv6 server fails, hosts are unable to obtain an IPv6 address, and the network ceases to function. Furthermore, DHCPv6 does not provide gateway information. See RFC 3315 for more information.
In this example, the Enterprise Core FortiGate is connected to the First Floor FortiGate. The Enterprise Core FortiGate has a stateful DHCPv6 server configured that allows the First Floor FortiGate to automatically obtain an IPv6 address and DNS server address using the DHCP option.
To configure a DHCPv6 stateful server in the GUI:
-
Configure the Enterprise Core FortiGate with DHCPv6 stateful server:
-
Go to Network > Interfaces and edit port5.
-
Configure the following settings:
DHCPv6 Server
Enable
IPv6 subnet
2001:db8:d0c:1::/64
DNS service
Same as System DNS
Stateful server.
Enable
IP mode
IP range
Address range
2001:db8:d0c:1::a to 2001:db8:d0c:1::f
-
Click OK.
-
-
Configure the First Floor FortiGate to obtain an IPv6 address using DHCP:
-
Go to Network > Interfaces and edit port5.
-
Set IPv6 addressing mode to DHCP.
-
Click OK.
-
-
Verify that the First Floor FortiGate obtained an IPv6 address and DNS server address from the DHCPv6 server:
-
Go to Network > Interfaces and edit port5. The Obtained IP/Netmask and Acquired DNS fields are populated with an IPv6 address.
-
To configure a DHCPv6 stateful server in the CLI:
-
Configure the Enterprise Core FortiGate with DHCPv6 stateful server:
config system dhcp6 server edit 1 set dns-service default set subnet 2001:db8:d0c:1::/64 set interface "port5" config ip-range edit 1 set start-ip 2001:db8:d0c:1::a set end-ip 2001:db8:d0c:1::f next end next end
-
Configure the First Floor FortiGate to obtain an IPv6 address using DHCP:
config system interface edit "port5" config ipv6 set ip6-mode dhcp end next end
-
Verify that the First Floor FortiGate obtained an IPv6 address and DNS server address from the DHCPv6 server:
# diagnose ipv6 address list | grep port5 dev=4 devname=port5 flag=P scope=0 prefix=128 addr=2001:db8:d0c:1::a preferred=4294967295 valid=4294967295 cstamp=1298969 tstamp=1298969ip6-address # dia test application dnsproxy 3 worker idx: 0 VDOM: root, index=0, is primary, vdom dns is enabled, pip-0.0.0.0 dns_log=1 dns64 is disabled DNS servers: 2001:db8:d0c:1::ff:53 vrf=0 tz=0 encrypt=none req=1 to=1 res=0 rt=0 ready=1 timer=0 probe=0 failure=1 last_failed=19812