This article will provide guidance on how to provision IPv6 on any model of UniFi Security Gateway (USG). The article will explain how DHCPv6-PD and Static IPv6 are implemented, along with explaining how LAN clients obtain an IPv6 address.
NOTES & REQUIREMENTS:
Table of Contents
Depending on how the ISP has their IPv6 environment structured, the USG will either need to be configured with a static IPv6 address or receive an address via DHCPv6 on WAN.
On the LAN side of this configuration, the setup may vary on the factors listed in the table above. If the USG has received a prefix delegation (PD) from the ISP, it will advertise the prefix that clients will use with stateless address auto-configuration (SLAAC) and the EUI-64 process. The static IPv6 addressing assumes you know the block of addressing that the clients are supposed to be using.
Steps: How to Implement IPv6 on a USG
- In the UniFi Controller, navigate to Settings>Networks>Edit WAN Network.
- In the IPv6 section select whether the Connection Type will be DHCPv6 or static IPv6 addressing. Other than that, it is only necessary to select the Prefix Delegation Size.
- Click Save to finish.
User Tip: If unsure about the Prefix Delegation Size, your ISP should be able to provide this information.
- Navigate to Settings > Networks > Edit network > "Configure IPv6 network" section.
- If DHCPv6 was selected on WAN then prefix delegation will be used for "IPv6 Interface Type".
- Make sure the correct WAN interface and IPv6 router advertisement are applied.
- If static was chosen on WAN, the options for IPv6 gateway/subnet must be filled in along with applying the correct DHCPv6 range if desired.
- After each selection has been made click save and the USG will be provisioned.
NOTE: Prefix ID on LAN is typically best-kept blank. Situations such as an ISP giving a static prefix delegation and wanting to keep the same subnet on a particular interface are an exception.
User Tip: Once you have selected Prefix Delegation under IPv6 Interface Type, the settings are set to work properly, leave the default settings when using DHCPv6.
Testing & Verification
1. SSH into the USG.
2. Input the following commands:
show ipv6 route : will show IPv6 connected networks for both global and link-local address types.
show interfaces : will show IPv6 addressing under the configured interfaces.
show ipv6 neighbors : will show IPv6 Neighbor Discovery (ND) information.
ping6 google.com : will respond with icmp6 replies if configured correctly.
When enabled, the clients should not need intervention to complete the SLAAC process. If the clients do not have an address then disabling/enabling the NIC should bring the addressing up. A test of connectivity from a client would be to "ping6 google.com" (OS X, Linux, BSD) or "ping -6 google.com" (Windows)
Manual Configuration with .JSON File (Controller Version Pre-5.7)
Click here to see manual configuration instructions for UniFi Controller versions prior to v5.7. We recommend upgrading to the newest version available.