Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.0.14 Administration Guide
7.0.14
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

IPv6 stateless address auto-configuration (SLAAC)

IPv6 stateless address auto-configuration (SLAAC)

FortiGate can easily obtain an IPv6 address on any given interface using SLAAC (stateless address auto-configuration). SLAAC is designed only for IP assignments and does not provide DNS server addresses to hosts. See RFC 4862 for more information.

Use one of the following options to obtain a DNS server address:

In this example, the Enterprise Core FortiGate is connected to the First Floor FortiGate. The Enterprise Core FortiGate has SLAAC enabled, which allows the First Floor FortiGate to automatically obtain an IPv6 address using the auto-configuration IPv6 address option.

To enable IPv6 auto-configuration in the GUI:

  1. Configure SLAAC on the Enterprise Core FortiGate:

    1. Go to Network > Interfaces and edit port5.

    2. Configure the following settings:

      IPv6 addressing mode

      Manual

      IPv6 Address/Prefix

      2001:db8:d0c:1::1/64

      Stateless Address Auto-configuration (SLAAC)

      Enable

      IPv6 prefix list

      Enable

      IPv6 prefix

      2001:db8:d0c:1::/64

    3. Click OK.

  2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

    1. Go to Network > Interfaces and edit port5.

    2. Enable Auto configure IPv6 address. The First Floor FortiGate uses the prefix that it obtains from the Enterprise Core FortiGate interface, and automatically generates an IPv6 address.

  3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

    1. Go to Network > Interfaces and edit port5. The IPv6 Address/Prefix field is prepopulated with an IPv6 address.

To enable IPv6 auto-configuration in the CLI:

  1. Configure SLAAC on the Enterprise Core FortiGate:

    config system interface
    edit "port5"
        config ipv6
            set ip6-address 2001:db8:d0c:1::1/64
            set ip6-send-adv enable
            config ip6-prefix-list
                edit 2001:db8:d0c:1::/64
                next
            end
        end
    next
end

  2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

    config system interface
    edit "port5"
        config ipv6
            set autoconf enable
        end
    next
end

  3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

    # diagnose ipv6 address list | grep port5
dev=4 devname=port5 flag= scope=0 prefix=64 addr=2001:db8:d0c:1:20c:29ff:fe4d:f83d preferred=604419 valid=2591619 cstamp=976270 tstamp=979470
Previous
Next

IPv6 stateless address auto-configuration (SLAAC)

FortiGate can easily obtain an IPv6 address on any given interface using SLAAC (stateless address auto-configuration). SLAAC is designed only for IP assignments and does not provide DNS server addresses to hosts. See RFC 4862 for more information.

Use one of the following options to obtain a DNS server address:

In this example, the Enterprise Core FortiGate is connected to the First Floor FortiGate. The Enterprise Core FortiGate has SLAAC enabled, which allows the First Floor FortiGate to automatically obtain an IPv6 address using the auto-configuration IPv6 address option.

To enable IPv6 auto-configuration in the GUI:

  1. Configure SLAAC on the Enterprise Core FortiGate:

    1. Go to Network > Interfaces and edit port5.

    2. Configure the following settings:

      IPv6 addressing mode

      Manual

      IPv6 Address/Prefix

      2001:db8:d0c:1::1/64

      Stateless Address Auto-configuration (SLAAC)

      Enable

      IPv6 prefix list

      Enable

      IPv6 prefix

      2001:db8:d0c:1::/64

    3. Click OK.

  2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

    1. Go to Network > Interfaces and edit port5.

    2. Enable Auto configure IPv6 address. The First Floor FortiGate uses the prefix that it obtains from the Enterprise Core FortiGate interface, and automatically generates an IPv6 address.

  3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

    1. Go to Network > Interfaces and edit port5. The IPv6 Address/Prefix field is prepopulated with an IPv6 address.

To enable IPv6 auto-configuration in the CLI:

  1. Configure SLAAC on the Enterprise Core FortiGate:

    config system interface
    edit "port5"
        config ipv6
            set ip6-address 2001:db8:d0c:1::1/64
            set ip6-send-adv enable
            config ip6-prefix-list
                edit 2001:db8:d0c:1::/64
                next
            end
        end
    next
end

  2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

    config system interface
    edit "port5"
        config ipv6
            set autoconf enable
        end
    next
end

  3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

    # diagnose ipv6 address list | grep port5
dev=4 devname=port5 flag= scope=0 prefix=64 addr=2001:db8:d0c:1:20c:29ff:fe4d:f83d preferred=604419 valid=2591619 cstamp=976270 tstamp=979470
Previous
Next