Fortinet Document Library

Version:


Table of Contents

New Features

6.4.0
Download PDF
Copy Link

Tunnel mode SSID IPv6 traffic

In the following example, FortiAP S221E is managed by FortiGate 100D and broadcasts tunnel mode SSID:FOS_QA_100D-IPv6.

To configure a WiFi client accessing IPv6 tunnel mode traffic:
  1. Create a tunnel mode VAP:
    config wireless-controller vap
        edit "wifi4"
            set ssid "FOS_QA_100D-IPv6"
            set passphrase ********
            set schedule "always"
        next
    end
  2. Create an IPv6 address for the VAP with DHCP enabled:
    config system interface
        edit "wifi4"
            set vdom "vdom1"
            set ip 10.40.80.1 255.255.255.0
            set allowaccess ping https http
            set type vap-switch
            set alias "vdom1:"
            set device-identification enable
            set role lan
            set snmp-index 36
            config ipv6
                set ip6-address 2001:10:40:80::1/64
                set ip6-allowaccess ping https http
                set ip6-send-adv enable
                set ip6-manage-flag enable
                set ip6-other-flag enable
            end
        next
    end
    config system dhcp6 server
        edit 1
            set subnet 2001:10:40:80::/64
            set interface "wifi4"
            config ip-range
                edit 1
                    set start-ip 2001:10:40:80::1000
                    set end-ip 2001:10:40:80::1100
                next
            end
        next
    end
  3. Create an IPv6 policy from the VAP to WAN1:
    config firewall policy
        edit 1
            set name "ipv6"
            set srcintf "wifi4"
            set dstintf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ALL"
            set logtraffic all
            set nat enable
        next
    end
  4. Verify the IPv6 address in the station list:
    1. In the FortiGate CLI:
      # diagnose wireless-controller wlac -d sta online
         vf=4 wtp=3 rId=1 wlan=wifi4 vlan_id=0 ip=10.40.80.2 ip6=2001:10:40:80::1000 mac=b4:ae:2b:cb:d1:72 vci=MSFT 5.0 host=DESKTOP-DO33HQP user= group= signal=-29 noise=-93 idle=1 bw=48 use=5 chan=6 radio_type=11N security=wpa2_only_personal mpsk=default encrypt=aes cp_authed=no online=yes mimo=2
                      ip6=fe80::c5c5:6c09:8021:d2d0,88, *2001:10:40:80::1000,8,
    2. In the FortiAP CLI:
      FortiAP-S221E # sta
      wlan00 (FOS_QA_100D-IPv6) client count 1
          MAC:b4:ae:2b:cb:d1:72 ip:10.40.80.2 ip_proto:dhcp ip_age:84 host:DESKTOP-DO33HQP vci:MSFT 5.0
                                ip6:fe80::c5c5:6c09:8021:d2d0 ip6_proto:arp ip6_age:2 ip6_rx:101
                                ip6:2001:10:40:80::1000 ip6_proto:dhcp ip6_age:82 ip6_rx:20
              vlanid:0 Auth:Yes channel:6 rate:130Mbps rssi:65dB idle:0s
              Rx bytes:256951 Tx bytes:53947 Rx rate:130Mbps Tx rate:130Mbps Rx last:0s Tx last:0s
              AssocID:1 Mode:  Normal Flags:f PauseCnt:0
              KEY type=aes_ccm pad=0 keyix=65535 keylen=16 flags=3(xmit recv) RSC=0 TSC=0
                  e7 6f 05 ce   06 e1 4a 9b   3a d4 4f 43   1f 57 bb 49
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
              KEY type=aes_ccm pad=0 keyix=1 keylen=16 flags=83(xmit recv dflt) RSC=0 TSC=0
                  01 47 6f 21   9b ac 73 4b   7c ae 07 66   7e 5a c6 7e
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
      FortiAP-S221E #
      
      FortiAP-S221E # usta
      
      WTP daemon STA info:
      
        1/1   b4:ae:2b:cb:d1:72 00:00:00:00:00:00 vId=0    type=wl----sta,  vap=wlan00,FOS_QA_100D-IPv6(0) mpsk=default  ip=10.40.80.2/1  host=DESKTOP-DO33HQP vci=MSFT 5.0 os=Windows
                                ip6=fe80::c5c5:6c09:8021:d2d0/2 rx=101
                                ip6=2001:10:40:80::1000/1 rx=21
                                replycount=0000000000000002
      
      Total STAs: 1

Tunnel mode SSID IPv6 traffic

In the following example, FortiAP S221E is managed by FortiGate 100D and broadcasts tunnel mode SSID:FOS_QA_100D-IPv6.

To configure a WiFi client accessing IPv6 tunnel mode traffic:
  1. Create a tunnel mode VAP:
    config wireless-controller vap
        edit "wifi4"
            set ssid "FOS_QA_100D-IPv6"
            set passphrase ********
            set schedule "always"
        next
    end
  2. Create an IPv6 address for the VAP with DHCP enabled:
    config system interface
        edit "wifi4"
            set vdom "vdom1"
            set ip 10.40.80.1 255.255.255.0
            set allowaccess ping https http
            set type vap-switch
            set alias "vdom1:"
            set device-identification enable
            set role lan
            set snmp-index 36
            config ipv6
                set ip6-address 2001:10:40:80::1/64
                set ip6-allowaccess ping https http
                set ip6-send-adv enable
                set ip6-manage-flag enable
                set ip6-other-flag enable
            end
        next
    end
    config system dhcp6 server
        edit 1
            set subnet 2001:10:40:80::/64
            set interface "wifi4"
            config ip-range
                edit 1
                    set start-ip 2001:10:40:80::1000
                    set end-ip 2001:10:40:80::1100
                next
            end
        next
    end
  3. Create an IPv6 policy from the VAP to WAN1:
    config firewall policy
        edit 1
            set name "ipv6"
            set srcintf "wifi4"
            set dstintf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ALL"
            set logtraffic all
            set nat enable
        next
    end
  4. Verify the IPv6 address in the station list:
    1. In the FortiGate CLI:
      # diagnose wireless-controller wlac -d sta online
         vf=4 wtp=3 rId=1 wlan=wifi4 vlan_id=0 ip=10.40.80.2 ip6=2001:10:40:80::1000 mac=b4:ae:2b:cb:d1:72 vci=MSFT 5.0 host=DESKTOP-DO33HQP user= group= signal=-29 noise=-93 idle=1 bw=48 use=5 chan=6 radio_type=11N security=wpa2_only_personal mpsk=default encrypt=aes cp_authed=no online=yes mimo=2
                      ip6=fe80::c5c5:6c09:8021:d2d0,88, *2001:10:40:80::1000,8,
    2. In the FortiAP CLI:
      FortiAP-S221E # sta
      wlan00 (FOS_QA_100D-IPv6) client count 1
          MAC:b4:ae:2b:cb:d1:72 ip:10.40.80.2 ip_proto:dhcp ip_age:84 host:DESKTOP-DO33HQP vci:MSFT 5.0
                                ip6:fe80::c5c5:6c09:8021:d2d0 ip6_proto:arp ip6_age:2 ip6_rx:101
                                ip6:2001:10:40:80::1000 ip6_proto:dhcp ip6_age:82 ip6_rx:20
              vlanid:0 Auth:Yes channel:6 rate:130Mbps rssi:65dB idle:0s
              Rx bytes:256951 Tx bytes:53947 Rx rate:130Mbps Tx rate:130Mbps Rx last:0s Tx last:0s
              AssocID:1 Mode:  Normal Flags:f PauseCnt:0
              KEY type=aes_ccm pad=0 keyix=65535 keylen=16 flags=3(xmit recv) RSC=0 TSC=0
                  e7 6f 05 ce   06 e1 4a 9b   3a d4 4f 43   1f 57 bb 49
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
              KEY type=aes_ccm pad=0 keyix=1 keylen=16 flags=83(xmit recv dflt) RSC=0 TSC=0
                  01 47 6f 21   9b ac 73 4b   7c ae 07 66   7e 5a c6 7e
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
                  00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
      FortiAP-S221E #
      
      FortiAP-S221E # usta
      
      WTP daemon STA info:
      
        1/1   b4:ae:2b:cb:d1:72 00:00:00:00:00:00 vId=0    type=wl----sta,  vap=wlan00,FOS_QA_100D-IPv6(0) mpsk=default  ip=10.40.80.2/1  host=DESKTOP-DO33HQP vci=MSFT 5.0 os=Windows
                                ip6=fe80::c5c5:6c09:8021:d2d0/2 rx=101
                                ip6=2001:10:40:80::1000/1 rx=21
                                replycount=0000000000000002
      
      Total STAs: 1