Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.0.13 Administration Guide
7.0.13
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

DHCPv6 stateful server

DHCPv6 stateful server

Similar to a DHCPv4 server, a DHCPv6 server is stateful. It can track client/server states, assign IP addresses to clients, and maintain full control over the process. In addition to assigning IP addresses, a DHCP server can also provide DNS server addresses. However, this IP address assignment method does not support failover protection. If the DHCPv6 server fails, hosts are unable to obtain an IPv6 address, and the network ceases to function. Furthermore, DHCPv6 does not provide gateway information. See RFC 3315 for more information.

In this example, the Enterprise Core FortiGate is connected to the First Floor FortiGate. The Enterprise Core FortiGate has a stateful DHCPv6 server configured that allows the First Floor FortiGate to automatically obtain an IPv6 address and DNS server address using the DHCP option.

To configure a DHCPv6 stateful server in the GUI:

  1. Configure the Enterprise Core FortiGate with DHCPv6 stateful server:

    1. Go to Network > Interfaces and edit port5.

    2. Configure the following settings:

      DHCPv6 Server

      Enable

      IPv6 subnet

      2001:db8:d0c:1::/64

      DNS service

      Same as System DNS

      Stateful server.

      Enable

      IP mode

      IP range

      Address range

      2001:db8:d0c:1::a to 2001:db8:d0c:1::f

    3. Click OK.

  2. Configure the First Floor FortiGate to obtain an IPv6 address using DHCP:

    1. Go to Network > Interfaces and edit port5.

    2. Set IPv6 addressing mode to DHCP.

    3. Click OK.

  3. Verify that the First Floor FortiGate obtained an IPv6 address and DNS server address from the DHCPv6 server:

    1. Go to Network > Interfaces and edit port5. The Obtained IP/Netmask and Acquired DNS fields are populated with an IPv6 address.

To configure a DHCPv6 stateful server in the CLI:

  1. Configure the Enterprise Core FortiGate with DHCPv6 stateful server:

    config system dhcp6 server
    edit 1
        set dns-service default
        set subnet 2001:db8:d0c:1::/64
        set interface "port5"
        config ip-range
            edit 1
                set start-ip 2001:db8:d0c:1::a
                set end-ip 2001:db8:d0c:1::f
            next
        end
    next 
end

  2. Configure the First Floor FortiGate to obtain an IPv6 address using DHCP:

    config system interface
    edit "port5"
        config ipv6
            set ip6-mode dhcp
        end
    next
end

  3. Verify that the First Floor FortiGate obtained an IPv6 address and DNS server address from the DHCPv6 server:

    # diagnose ipv6 address list | grep port5
dev=4 devname=port5 flag=P scope=0 prefix=128 addr=2001:db8:d0c:1::a preferred=4294967295 valid=4294967295 cstamp=1298969 tstamp=1298969ip6-address        
# dia test application dnsproxy 3
worker idx: 0
VDOM: root, index=0, is primary, vdom dns is enabled, pip-0.0.0.0 dns_log=1
dns64 is disabled
DNS servers:
2001:db8:d0c:1::ff:53 vrf=0 tz=0 encrypt=none req=1 to=1 res=0 rt=0 ready=1 timer=0 probe=0 failure=1 last_failed=19812
Previous
Next

DHCPv6 stateful server

Similar to a DHCPv4 server, a DHCPv6 server is stateful. It can track client/server states, assign IP addresses to clients, and maintain full control over the process. In addition to assigning IP addresses, a DHCP server can also provide DNS server addresses. However, this IP address assignment method does not support failover protection. If the DHCPv6 server fails, hosts are unable to obtain an IPv6 address, and the network ceases to function. Furthermore, DHCPv6 does not provide gateway information. See RFC 3315 for more information.

In this example, the Enterprise Core FortiGate is connected to the First Floor FortiGate. The Enterprise Core FortiGate has a stateful DHCPv6 server configured that allows the First Floor FortiGate to automatically obtain an IPv6 address and DNS server address using the DHCP option.

To configure a DHCPv6 stateful server in the GUI:

  1. Configure the Enterprise Core FortiGate with DHCPv6 stateful server:

    1. Go to Network > Interfaces and edit port5.

    2. Configure the following settings:

      DHCPv6 Server

      Enable

      IPv6 subnet

      2001:db8:d0c:1::/64

      DNS service

      Same as System DNS

      Stateful server.

      Enable

      IP mode

      IP range

      Address range

      2001:db8:d0c:1::a to 2001:db8:d0c:1::f

    3. Click OK.

  2. Configure the First Floor FortiGate to obtain an IPv6 address using DHCP:

    1. Go to Network > Interfaces and edit port5.

    2. Set IPv6 addressing mode to DHCP.

    3. Click OK.

  3. Verify that the First Floor FortiGate obtained an IPv6 address and DNS server address from the DHCPv6 server:

    1. Go to Network > Interfaces and edit port5. The Obtained IP/Netmask and Acquired DNS fields are populated with an IPv6 address.

To configure a DHCPv6 stateful server in the CLI:

  1. Configure the Enterprise Core FortiGate with DHCPv6 stateful server:

    config system dhcp6 server
    edit 1
        set dns-service default
        set subnet 2001:db8:d0c:1::/64
        set interface "port5"
        config ip-range
            edit 1
                set start-ip 2001:db8:d0c:1::a
                set end-ip 2001:db8:d0c:1::f
            next
        end
    next 
end

  2. Configure the First Floor FortiGate to obtain an IPv6 address using DHCP:

    config system interface
    edit "port5"
        config ipv6
            set ip6-mode dhcp
        end
    next
end

  3. Verify that the First Floor FortiGate obtained an IPv6 address and DNS server address from the DHCPv6 server:

    # diagnose ipv6 address list | grep port5
dev=4 devname=port5 flag=P scope=0 prefix=128 addr=2001:db8:d0c:1::a preferred=4294967295 valid=4294967295 cstamp=1298969 tstamp=1298969ip6-address        
# dia test application dnsproxy 3
worker idx: 0
VDOM: root, index=0, is primary, vdom dns is enabled, pip-0.0.0.0 dns_log=1
dns64 is disabled
DNS servers:
2001:db8:d0c:1::ff:53 vrf=0 tz=0 encrypt=none req=1 to=1 res=0 rt=0 ready=1 timer=0 probe=0 failure=1 last_failed=19812
Previous
Next