IPv6 segmentation for VLANs - setup with SLAAC

alnico

Hello all,

I am a newbie to IPv6 and trying my best to get IPv6 on all my VLANs. However, I am having trouble segmenting IPv6 adresses to different VLANs. I was told previously that SLAAC is the way to go instead of DHCP6 for Android compatibility and ease of use.

I get a /56 subnet from my ISP. I use a Netgate SG3100.

This is the IP address showing up as LAN (I have changed the first four digits to begin with 2001 for privacy)
2001:3400:65f:4e00:208:a2ff:fe0d:c82

Now, I have got the following interfaces & VLANs set up:

LAN (untagged)
IoT
Radio
Cameras
Guest

I have looked around online, and from what I read is to set a prefix id to 1, 2, 3, 4, etc. for each of the VLANs.

However, I am not sure how to implement it, as selecting the IPv6 option with SLAAC does not give me any location where I can input these prefix ids for each of these VLANs. I would like to use SLAAC, as I have read that Android does not work with DHCP6.

These are my configuration settings:
WAN Interface
WAN settings.png

LAN Interface
LAN interface.png

LAN DHCP6
LAN DHCP6.png

Router Advertisements

IoT Interface (VLAN interface as an example)
IoT interface.png

Should the segmentation look something like this?

LAN --> Track Interface
IoT ---> 2001:3400:65f:4e02::1
Radios -->2001:3400:65f:4e03::1
Cameras --> 2001:3400:65f:4e04::1
Guest --> 2001:3400:65f:4e025::1

Can someone more knowledgeable than me assist me where and how to add prefix ids for each of the interfaces?

Thank you!

JKnott

@alnico

Setting up SLAAC on a VLAN is no different than on the LAN, so you set it up exactly the same way. The only thing is you must select a different Prefix ID for each interface. For example, my main LAN is ID 0, my guest WiFi ID 3 and OpenVPN ff.

alnico

@jknott Thanks, setting that up was simple!

However, I don't seem to be getting any IPv6 addresses (either through Ethernet or Wireless). This is my setup:

SG3100 -> Ubiquity US-8-60W switch --> Ubiquiti UAP-nanoHD

I can get an IPv6 address on the LAN WLAN but not on the other WLANS (IoT, Radios etc.). Any ideas what could be blocking IPv6?

JKnott

@alnico

Is IPv6 enabled on the VLANs?

alnico

@jknott
Yes, as far as I know. Is there somewhere I need to check? Some screenshots of my system:

firewall IoT.png

Also does the "Track Interface' setting automatically divy up a /56 subnet into individual /64 subnets? I dont see any setting to specifically change this in pfsense.

JKnott

@alnico

Can you try disabling all those block rules to see if it works? I can't check my system at the moment, as the computer it was running on died.

alnico

@jknott . It is working now. Apparently it needed a reboot. Helped by a power outage in my suburb. Thanks for your help!