Local bridge mode SSID IPv6 traffic
In the following example, FortiAP S221E is managed by FortiGate 100D through a local NATed switch and broadcasts local bridge mode SSID:FOS_QA_100D-LB-IPv6.
To configure a WiFi client accessing IPv6 local bridge mode traffic:
- Create a local bridge mode VAP:
config wireless-controller vap edit "test1" set ssid "FOS_QA-100D-LB-IPv6" set passphrase ******** set local-bridging enable set schedule "always" next end
- Create an IPv6 DHCP server for the local NATed switch (FortiWiFi 60E is used in this example):
config system interface edit "internal6" set vdom "vdom1" set ip 2.2.3.1 255.255.255.0 set allowaccess ping https http fabric set type physical set snmp-index 18 config ipv6 set ip6-address 2001:100:122:130::1/64 set ip6-allowaccess ping https http fabric set ip6-send-adv enable set ip6-manage-flag enable set ip6-other-flag enable end next end
config system dhcp6 server edit 1 set subnet 2001:100:122:130::/64 set interface "internal6" config ip-range edit 1 set start-ip 2001:100:122:130::200 set end-ip 2001:100:122:130::300 next end next end
- Create an IPv6 policy for the local NATed switch:
config firewall policy edit 2 set name "ipv6" set srcintf "internal6" set dstintf "internal7" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next end
- Verify the IPv6 address in the station list:
- In the FortiGate CLI:
# diagnose wireless-controller wlac -d sta online vf=4 wtp=3 rId=2 wlan=test1 vlan_id=0 ip=2.2.3.3 ip6=2001:100:122:130::200 mac=f0:98:9d:76:64:c4 vci= host=iPhoneX user= group= signal=-41 noise=-105 idle=18 bw=0 use=5 chan=36 radio_type=11AC security=wpa2_only_personal mpsk=default encrypt=aes cp_authed=no online=yes mimo=2 ip6=fe80::82a:9eba:69c5:5454,13, *2001:100:122:130::200,2,
- In the FortiAP CLI:
FortiAP-S221E # sta wlan10 (FOS_QA-100D-LB-IPv6) client count 1 MAC:f0:98:9d:76:64:c4 ip:2.2.3.3 ip_proto:dhcp ip_age:8 host:iPhoneX vci: ip6:fe80::82a:9eba:69c5:5454 ip6_proto:arp ip6_age:1 ip6_rx:12 ip6:2001:100:122:130::200 ip6_proto:dhcp ip6_age:8 ip6_rx:2 vlanid:0 Auth:Yes channel:36 rate:173Mbps rssi:64dB idle:0s Rx bytes:26654 Tx bytes:27949 Rx rate:78Mbps Tx rate:173Mbps Rx last:0s Tx last:0s AssocID:1 Mode: Normal Flags:1000000b PauseCnt:0 KEY type=aes_ccm pad=0 keyix=65535 keylen=16 flags=3(xmit recv) RSC=0 TSC=0 83 25 7e 72 d2 b1 d2 ef 30 9f 6e 9f 50 e5 6f 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 KEY type=aes_ccm pad=0 keyix=1 keylen=16 flags=83(xmit recv dflt) RSC=0 TSC=0 1f 25 64 3e 02 4d e2 f1 2c b0 5e 03 ed 99 a4 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FortiAP-S221E # FortiAP-S221E # usta WTP daemon STA info: 1/1 f0:98:9d:76:64:c4 00:00:00:00:00:00 vId=0 type=wl----sta, vap=wlan10,FOS_QA-100D-LB-IPv6(0) mpsk=default ip=2.2.3.3/1 host=iPhoneX vci= os=iOS ip6=fe80::82a:9eba:69c5:5454/2 rx=12 ip6=2001:100:122:130::200/1 rx=2 replycount=0000000000000002 Total STAs: 1
- In the FortiGate CLI: