Skip to main content
Cisco Meraki

IPv6 Support on MX Security & SD-WAN Platforms - LAN

LAN

There are several options for configuring IPv6 Prefixes supported by the MX.  In this section, we will cover the different options available, how to configure them, and how to view available prefixes.

Note:

  • By default, IPv6 is disabled on the LAN side and must be configured for existing VLANs if desired.

  • Auto is enabled by default for WAN 1 and WAN 2 when IPv6 is set to enable.

  • SLAAC is used to provide clients’ IPv6 addresses within their respective IPv6 enabled VLANs.

  • As of now, we only support SLAAC on LAN with limited RA options (like prefix information, MTU, source-link layer address). We do not support DHCPv6-NA nor DHCPv6-PD.

  • ULA addresses may be configured on the LAN side of the MX, but it is recommended to leverage GUA addresses.

  • One prefix is always delegated to the source NAT on the WAN side. Hence, users should include N+1 /64 prefixes, where N is the number of VLANs. Users can also leverage the prefix starvation reports to administer this behaviour. If ULA is used, NAT66 will be used for the source NAT operation.

 

clipboard_eb5ce15096cceca03c4eb691e68034983.png

Auto (DHCPv6-PD)

It is the simplest way to configure IPv6 allowing the MX to obtain IPv6 Prefixes directly from the WAN ISPs and automatically assigning them to IPv6 enabled VLANs. Please note this requires the ISP to support DHCPv6-PD for it to work. Currently, MX does not support DHCPv6 options in MX17.

Configuration

  • Go to Addressing & VLANs page > Select [or add] the VLAN you want IPv6 enabled on

  • Configure the VLAN Name, VLAN ID, Group Policy (optional) and VPN (optional) & click Next

  • Ensure IPv6 Config is set to Enabled and the appropriate WANs to Auto and click preview

  • Confirm, double check the changes, and select Update

  • Remember to save the configuration via the addressing and VLANs page so the changes are applied to the MX.

  • Once the configuration is complete, the MX will send DHCPv6-PD requests via the enabled IPv6 Uplinks to obtain IPv6 Prefixes to use on the IPv6 enabled VLANs.

Manual Prefixes (Auto delegation)

You can configure Manual prefixes if your ISP doesn’t support DHCPv6-PD or if you are using your own Independent Prefix space.  The MX will in turn automatically assign /64 prefixes to each VLAN as configured and available.

Note:

  • When a manual prefix is added per origin (WAN1 or WAN2), this disables auto delegated prefixes from DHCPv6-PD for the respective origin (WAN1 or WAN2). This means that automatic VLAN assignments will not obtain a prefix from the auto delegated prefix pool from DHCPv6-PD. More on this in Manual Prefixes (VLAN overrides).

Configuration:

  • Go to Security & SD-WAN > Appliance status page

  • Click on the IPv6 Prefixes tab and click Add new prefixes on the right hand side

  • Enter the source name, Prefix,  select the appropriate origin and click save

Manual Prefixes (VLAN overrides)

Individually override the VLAN configuration with specific desired prefixes you want that VLAN to use.  This is only recommended if you have non changing prefixes (typically Static from an ISP or your own Independent prefix space)

When performing VLAN overrides, make sure the following rules are met for the end device to receive an IP (if not, you will receive dashboard alerts):

  • If WAN_X uplink gets a ULA prefix from upstream, then you can enable IPv6 for the VLAN and configure VLAN override for the WAN_X origin with matching WAN_X ULA prefix in the Addressing & VLANs page (where X= WAN1 or WAN2)

  • If WAN_X uplink gets a GUA prefix from upstream, then you can enable IPv6 for the VLAN and configure VLAN override for the WAN_X origin with matching WAN_X GUA prefix (where X= WAN1 or WAN2)

  • If you want to enable IPv6 for the VLAN and configure VLAN override with a GUA/ULA prefix for Independent origin > then user must configure the same GUA/ULA prefix for Independent origin in the delegation prefix table

Configuration

  • Go to Addressing & VLANs page > Select [or add] the VLAN you IPv6 enabled on

  • Configure the VLAN Name, VLAN ID, Group Policy (optional) and VPN (optional) & click Next

  • Select Enable button for IPv6 and Select Manual for WAN 1 / WAN 2 or Independent

    • The WAN selection defines that the IPv6 prefix will route to the uplink network via the select WAN (Origin).

  • Click Save and preview your changes, then click the Update button

  • Remember to save the configuration via the addressing and VLANs page so the changes are applied to the MX

Cellular

The MX67C and MX68CW are now capable of obtaining a /64 prefix from the cellular provider network to use as its cellular WAN.  Since IPv6 requires additional prefixes to function on the LAN, either DHCPv6-PD needs to be supported by the cellular provider or an Independent prefix should be configured so that LAN clients can communicate using IPv6 over the cellular network.

Note:

  • A ULA prefix is recommended to be configured as Independent in the IPv6 Prefix tab so it can be leveraged for Cellular assignment. This will allow LAN clients to receive IPv6 addresses via SLAAC on VLANs enabled for independent, and when a client uses IPv6 from the LAN to the Internet over cellular, the MX will translate the LAN address to the single /64 on the cellular interface and use of the IPv6 cellular network.

Configuration:

  • Go to Addressing & VLANs page > Select [or add] the VLAN you want IPv6 enabled on

  • Configure the VLAN Name, VLAN ID, Group Policy (optional) and VPN (optional) & click Next

  • Ensure IPv6 Config is set to Enabled and the appropriate WANs to Auto and click preview

  • Confirm, double check the changes, and select Update

  • Remember to save the configuration via the addressing and VLANs page so the changes are applied to the MX

  • Once the configuration is complete, the MX will send DHCPv6-PD requests via the enabled IPv6 Uplinks to obtain IPv6 Prefixes to use on the IPv6 enabled VLANs.

 

  • Was this article helpful?