What ipv6 address should I put on the pfsense lan

  • Hello,

    I would like a small exclamation for the ipv6 address of the lan.

    My IPS gives me a / 48 for my LAN / DMZ (2001: AAA: BBB :: / 48)

    Can I just put this address as lan address of pfsense 2001: AAA: BBB :: / 48 and manually parameter my machines?

    Thanks for your help, it's not clear to me.

  • You could do that but it's a waste of all the IPv6 address space.

    /64 IIRC is the smallest network size for a SLAAC network, still it's 18 quintillion IPv6 addresses.

    I too had a /48 from my ISP, I split mine up into a bunch of /64s

    2a02:XXXX:YYYY::/48 split :-


    Start Range: 2a02:XXXX:YYYY:0:0:0:0:0
    End Range: 2a02:XXXX:YYYY:0:ffff:ffff:ffff:ffff
    No. of host: 18446744073709551616

    2a02:XXXX:YYYY:1::/64 LAN VLAN 1

    Start Range: 2a02:XXXX:YYYY:1:0:0:0:0
    End Range: 2a02:XXXX:YYYY:1:ffff:ffff:ffff:ffff
    No. of host: 18446744073709551616

    2a02:XXXX:YYYY:2::/64 USER VLAN 2

    Start Range: 2a02:XXXX:YYYY:2:0:0:0:0
    End Range: 2a02:XXXX:YYYY:2:ffff:ffff:ffff:ffff
    No. of host: 18446744073709551616

    2a02:XXXX:YYYY:3::/64 GUEST VLAN 3

    Start Range: 2a02:XXXX:YYYY:3:0:0:0:0
    End Range: 2a02:XXXX:YYYY:3:ffff:ffff:ffff:ffff
    No. of host: 18446744073709551616

    2a02:XXXX:YYYY:4::/64 IOT VLAN 4

    Start Range: 2a02:XXXX:YYYY:4:0:0:0:0
    End Range: 2a02:XXXX:YYYY:4:ffff:ffff:ffff:ffff
    No. of host: 18446744073709551616

    2a02:XXXX:YYYY:5::/64 DMZ VLAN 5

    Start Range: 2a02:XXXX:YYYY:5:0:0:0:0
    End Range: 2a02:XXXX:YYYY:5:ffff:ffff:ffff:ffff
    No. of host: 18446744073709551616

    2a02:XXXX:YYYY:6::/64 VOICE VLAN 6

    Start Range: 2a02:XXXX:YYYY:6:0:0:0:0
    End Range: 2a02:XXXX:YYYY:6:ffff:ffff:ffff:ffff
    No. of host: 18446744073709551616

    I also use the VLAN number as the 3rd octet in my IPv4 address space.

    You can set up the IPv6 DHCP scope & reservations.

  • oh great !

    thank you for your explanations !

  • That /48 is 65536 /64s.  You normally configure the router to use one of those for each LAN or VLAN.  This is done in pfSense on the LAN tab in IPv6 Prefix ID.  Normally, it's 0, for a single LAN, but you'd choose another for other LANs/VLANs.  One deficiency I've noticed with pfSense is that it only accepts values between 0 & ff, which will only cover a /56 block for 256 networks.  So, most of that /48 will be wasted, unless you use a different router that properly supports a /48.  Of course, I don't think most users will have more than 256 LANs/VLANs.  ;)

Log in to reply