IPv6 on Guest wifi network

Guest

I have set up a guest wifi on my pfSense system (v2.4) interface 'GST' using a vlan and I can allocate a static IPv4 address to it and set up a dhcp server on GST with the appropriate a firewall rule pointing all GST network to WAN Gateway only so that access to my LAN is restricted

My ISP gives me a 56 prefix which I allocate to my LAN interface using TRACK INTERFACE

However that cannot be used on GST as only one interface can "Track"

How do a divide the 56 up into sub prefix (is that the right expression) so that I can allocate IPV6 functionality to both my LAN & GST interface

NogBadTheBad

My ISP gave me a /64 on the WAN and a /48 on the LAN.

I just split up my /48 into /64s, that gives you 18 quintillion IPv6 addresses per /64

I just manually configured IPv6 on each interface.

igb0_vlan2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
  options=3 <rxcsum,txcsum>ether 00:08:a2:0a:9d:cb
  inet6 fe80::208:a2ff:fe0a:9dcb%igb0_vlan2 prefixlen 64 scopeid 0xb
  inet 172.16.2.1 netmask 0xffffff00 broadcast 172.16.2.255
  inet6 2a02:xxxx:xxxx:2::1 prefixlen 64
  nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
  status: active
  vlan: 2 vlanpcp: 0 parent interface: igb0

igb0_vlan3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
  options=3 <rxcsum,txcsum>ether 00:08:a2:0a:9d:cb
  inet6 fe80::208:a2ff:fe0a:9dcb%igb0_vlan3 prefixlen 64 scopeid 0xc
  inet 172.16.3.1 netmask 0xffffff00 broadcast 172.16.3.255
  inet6 2a02:xxxx:xxxx:3::1 prefixlen 64
  nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
  status: active
  vlan: 3 vlanpcp: 0 parent interface: igb0</full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,promisc,simplex,multicast>

Guest

Thanks

I assume your IPv6 prefix is fixed

Mine is sticky, so can change

NogBadTheBad

Yes mine is fixed

Seems a bit rubbish that they can't give you a fixed range.

Guest

Yes, I have only had the prefix change once in 12 months but its is possible

Might be time to move ISP

MikeV7896

My ISP gives me a /60 (16 /64's) via DHCPv6-PD and I have one /64 for my LAN and one /64 for my GUEST network.

Multiple interfaces can track the WAN… it's just that you need each interface to be using a unique prefix ID. You can't use the same prefix ID for both of your networks.

Guest

Yes @marjohn pointed out the error of my ways

Simply setting the IPv6 Prefix ID to 1 rather than 0 means I can split my /56 across another LAN