DHCPv6 prefix delegation over multiple local VLANs
-
My ISP is finally providing proper IPv6 dual-stack and I'm getting an address and a nice /56 prefix assigned on the WAN interface. The LAN interface is sett to track the WAN and so far so good, everything is working fine, IPv6 routing is working and traffic is flowing in and out.
But I've also got a couple of local VLAN tagged networks that is set to get a /64 net each and here it gets interesting. I have to problems.
-
The IPv6 prefix ID does not seem to take. In the snip below the prefix ID for each local network has been set to the VLAN tag value (which I also use as a value for the 3rd IPv4 octet). But when the IPv6 addresses are assigned it seems to just go from zero and up, red circles.
-
Only the first VLAN on a physical interface is getting an IPv6 address/range. In the screenshot both GUESTS, IOT and OPT_TEST are one the same physical interface. They are configured identically (apart from ip4 address and ip6 prefix) but only the first one that I configured (IOT) gets an IPv6 address.
All this is on pfSense 2.4.5-RELEASE (amd64). What I'm i doing wrong?
-
-
Are you selecting a prefix ID for each VLAN? With a /56, your choices are 0 - ff. You can only use each one once.
-
Yes, I know and I do. I'm trying to use the VLAN tag/4rd octet (tried both as DEC and HEX), but I've tried lots of different options as well. And btw the GUI complains if you reuse a value, refusing to save the settings.
-
You'd use the hex value, as I showed with 0 - ff. It works fine for me here.
-
I got it working... Apparently I had enabled Do not allow PD/Address release on the WAN IPv6 config page. This probably messed up something. I disabled it and everything works as intended.
-
That should be on, unless you want your prefix to change occasionally. I found disconnecting/reconnecting the WAN cable was enough to do that. Perhaps you had a conflict, which has now been resolved.
-
Okay, I turned it on again and nothing broke, so I'll leave it at that then.
-
Good. When I started with pfSense, that option wasn't available, so my prefix changed on occasion.