For each remote site with which you want to communicate using IPv6, you must additionally create an equivalent logical IPv6 WAN interface under WAN profiles. This profile is then selected at the remote site.
Entries in the WAN profiles table have the following meaning:
- Entry active
- Enables or disables this profile on a logical IPv6 WAN interface.
- Profile name
- Give the profile of the logical IPv6 interface a name. This name can be used to select the profile at the corresponding IPv6 remote site. The default is always the profile "DEFAULT". If an empty entry is selected as an IPv6 remote station, then IPv6 is not active for this remote site.
Note: A profile in the WAN interfaces table can be referenced multiple times by remote sites.
- Interface tag
- The interface tag that you enter here is a value that uniquely identifies the network. All packets received by this device on this network will be internally marked with this tag. The interface tag enables the routes which are valid for this network to be separated even without explicit firewall rules.
- Auto configuration
- Enable or disable the automatic configuration of addresses (SLAAC or DHCPv6) for this interface in the client role.
- Accept router advertisements
- Enables or disables the processing of received router advertisement messages. With processing disabled, the device ignores any prefix, DNS and router information received via router advertisements.
- Forwarding
- Enables or disables the forwarding of data packets to other interfaces. With forwarding disabled, no router advertisements are transmitted from this interface.
- Firewall active for this interface
- If the global firewall is enabled for IPv6 interfaces, you can disable the firewall for an individual interface here. To globally enable the firewall for all interfaces, navigate to IPv6 firewall/QoS enabled.
DANGERIf you disable the global firewall, the firewall of an individual interface is also disabled. This applies even if you have enabled this option.
and check the option
- PD source type
- This option allows you to set the way the router performs the prefix delegation:
- DHCPv6
- Prefix delegation is performed via DHCPv6.
- Router-Advertisement
- Prefix delegation is performed via router advertisement and the DHCPv6 client does not start.
Cellular networks that support IPv6 only support DHCPv6 prefix delegation as of 3GPP Release 10. Consequently, a terminal device in a mobile network older than Release 10 can only be assigned one /64 prefix, for example by means of router advertisements. IPv6 support is easy to implement for smartphones or laptops using this method. However, an IPv6 router needs at least one more prefix that it can propagate to clients on the LAN.
IPv6 prefix delegation from the WWAN to the LAN allows clients to work on the LAN with a /64 prefix that is assigned from the WAN. A consequence of this is that a router is able to operate in an IPv6 cellular network without DHCPv6 prefix delegation and neighbor discovery proxy (ND proxy). The router announces the retrieved /64 prefix on the LAN by router advertisement, instead of adding it at the WAN interface. Clients generate an address from this prefix and use it for their IPv6 communications.
The following restrictions apply:
- You can only use the feature on point-to-point links (for example, PPP or cellular interfaces) where the remote site automatically sends all traffic to the router because there is no ND proxy.
- You can only create one IPv6 network on the LAN since only one /64 prefix is available.
- The feature is not suitable for scenarios where an upstream router does not perform prefix delegation, except for point-to-point links.
- The IPv6 address generated automatically on the WAN interface cannot be reached by clients from the LAN because there is no ND proxy.
- ND proxy
- Enables or disables the IPv6 Neighbor Discovery proxy. The ND proxy corresponds to the IPv4 counterpart ARP proxy. The ND proxy integrates remote IPv6 stations into your local network as if they were physically located within it. The router then responds to neighbor discovery packets on behalf of the remote station.
Example scenarios:
- An upstream router does not support DHCPv6 prefix delegation. The downstream router enables the ND proxy and uses the same /64 prefix on its LAN and WAN interfaces. The LAN prefix is generated from the router advertisement of the upstream router of the WAN interface. This enables communication between LAN stations and WAN stations that use the same /64 prefix.
- A VPN gateway assigns dial-up clients an IPv6 address from the same prefix that is already configured on a local interface. This router must enable the ND proxy to allow communication between dial-in clients and stations on the local LAN with the same IPv6 prefix. This scenario is analogous to the ARP proxy for IPv4.
- Comment
- Enter a descriptive comment for this entry.