IPv6 segmentation for VLANs - setup with SLAAC

alnico · Jan 6, 2021, 1:45 PM

Hello all,

I am a newbie to IPv6 and trying my best to get IPv6 on all my VLANs. However, I am having trouble segmenting IPv6 adresses to different VLANs. I was told previously that SLAAC is the way to go instead of DHCP6 for Android compatibility and ease of use.

I get a /56 subnet from my ISP. I use a Netgate SG3100.

This is the IP address showing up as LAN (I have changed the first four digits to begin with 2001 for privacy)
2001:3400:65f:4e00:208:a2ff:fe0d:c82

Now, I have got the following interfaces & VLANs set up:

LAN (untagged)
IoT
Radio
Cameras
Guest

I have looked around online, and from what I read is to set a prefix id to 1, 2, 3, 4, etc. for each of the VLANs.

However, I am not sure how to implement it, as selecting the IPv6 option with SLAAC does not give me any location where I can input these prefix ids for each of these VLANs. I would like to use SLAAC, as I have read that Android does not work with DHCP6.

These are my configuration settings:
WAN Interface

LAN Interface

LAN DHCP6

Router Advertisements

IoT Interface (VLAN interface as an example)

Should the segmentation look something like this?

LAN --> Track Interface
IoT ---> 2001:3400:65f:4e02::1
Radios -->2001:3400:65f:4e03::1
Cameras --> 2001:3400:65f:4e04::1
Guest --> 2001:3400:65f:4e025::1

Can someone more knowledgeable than me assist me where and how to add prefix ids for each of the interfaces?

Thank you!

JKnott · Jan 6, 2021, 1:58 PM

@alnico

Setting up SLAAC on a VLAN is no different than on the LAN, so you set it up exactly the same way. The only thing is you must select a different Prefix ID for each interface. For example, my main LAN is ID 0, my guest WiFi ID 3 and OpenVPN ff.

alnico · Jan 7, 2021, 2:18 PM

@jknott Thanks, setting that up was simple!

However, I don't seem to be getting any IPv6 addresses (either through Ethernet or Wireless). This is my setup:

SG3100 -> Ubiquity US-8-60W switch --> Ubiquiti UAP-nanoHD

I can get an IPv6 address on the LAN WLAN but not on the other WLANS (IoT, Radios etc.). Any ideas what could be blocking IPv6?

JKnott · Jan 7, 2021, 6:22 PM

@alnico

Is IPv6 enabled on the VLANs?

alnico · Jan 10, 2021, 1:30 PM

@jknott
Yes, as far as I know. Is there somewhere I need to check? Some screenshots of my system:

Also does the "Track Interface' setting automatically divy up a /56 subnet into individual /64 subnets? I dont see any setting to specifically change this in pfsense.

JKnott · Jan 10, 2021, 1:54 PM

@alnico

Can you try disabling all those block rules to see if it works? I can't check my system at the moment, as the computer it was running on died.

alnico · Jan 18, 2021, 3:11 PM

@jknott . It is working now. Apparently it needed a reboot. Helped by a power outage in my suburb. Thanks for your help!