Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to create a static DHCPv6 entry in the SonicWall Appliance

03/26/2020 7 People found this article helpful 95,768 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    How to create a static DHCPv6 entry in the SonicWall Appliance

    Resolution

     

    Feature/Application:

    The SonicWall DHCPv6 server can be configured similar to IPv4, using Dynamic or Static IPv6 addresses. This KB article describes how to create a static DHCPv6 scope to lease static IPv6 addresses to designated hosts.

    Procedure:

    Step 1 Preparing the X0 IPv6 Interface

    • Login to the SonicWall Management GUI
    • Navigate to the Network > Interfaces page.
    • Select the radio button IPv6 under View IP Version.
    • Click on the Configure icon for the interface you want to configure the DHCPv6 Server address for and the Edit Interface window will be displayed.

    General Tab

    • In the IP Assignment pulldown menu, select Static.
    • IPv6 Address: A unique IPv6 unicast address. Example: 2002:c0a8:a8a8:1::1
    • Prefix Length: The network bit. Example: a prefix of 64 for the above IPv6 address would mean a network with addresses from 2002:c0a8:a8a8:0001:0000:0000:0000:0000  to 2002:c0a8:a8a8:0001:ffff:ffff:ffff:ffff
    • Enable Router Advertisement: Enable this option to make this an advertising interface that distributes network. Routers Advertisements are sent in ICMPv6 Type 134 packet to the multicast group ff02::1.
    • Advertise Subnet Prefix of IPv6 Primary Static Address: Leave this option unchecked. This will later enable clients to get IPv6 addresses from the DHCPv6 server rather than assigning themselves a stateless IPv6 address with the advertised prefix.
    Image

    Advanced Tab

    • Enable Listening to Router Advertisement: Leave this option unchecked.
    • Enable Stateless Address Auto configuration: Leave this option unchecked.

    Image

    Router Advertisement Tab

    • Enable Router Advertisement: This would be automatically checked if Enable Router Advertisement in the General tab is checked.
    • Optionally, you can modify the following Router Advertisement settings
      • Router Adv Interval Range - The time interval allowed between sending unsolicited multicast Router Advertisements from the interface, in seconds.
      • Link MTU - The recommended MTU for the interface link. A value of 0 means firewall will not advertise link MTU for the link.
      • Reachable Time - The time that a node assumes a neighbor is reachable after having received a reachability confirmation. A value of 0 means this parameter is unspecified by this firewall.
      • Retrans Timer - The time between retransmitted Neighbor Solicitation messages. A value of 0 means this parameter is unspecified by this firewall.
      • Current Hop Limit - The default value that should be placed in the Hop Count field of the IP header for outgoing IP packets. A value of 0 means this parameter is unspecified by this firewall.
      • Router Lifetime - The lifetime when firewall is accepted as a default router. A value of 0 means that the router is not a default router.
    • Managed checkbox:  Enable this option to make the SonicWall send Managed Address Configuration Flag, also known as the M flag, set to 1 in their Router Advertisements. When an IPv6 host receives a Router Advertisement with this flag set, and if SonicWall DHCPv6 server is enabled with an IPv6 address range, IPv6 hosts can obtain IPv6 addresses from within the range. If this option is checked and the SonicWall DHCPv6 server is not enabled, IPv6 hosts configure their own IPv6 addresses based on the subnet prefix in Router Advertisements.
    • Other Configuration checkbox: Enabling this option will make the SonicWall send the Other Stateful Configuration Flag, also known as the O flag, set to 1 in its Router Advertisements. When an IPv6 host receives a Router Advertisement with this flag set, and if a DHCPv6 server is available, IPv6 hosts can obtain configuration settings other than their IPv6 address, such as the DNS server address.
    • Prefix List Settings: Leave this option unchecked.
    • Click on OK to save the changes.
    Image


    Step 2 - Obtaining the DUID and IAID of clients

    To create a static DHCPv6 entry, the DUID and IAID of the client must be entered. This section explains how to obtain this information in a client.

    The DHCP Unique Identifier (DUID)

    Each DHCP client and server has a DUID.  DHCP servers use DUIDs to identify clients for the selection of configuration parameters and in the association of IAs (Identity Association) with clients. DHCP clients use DUIDs to identify a server in messages where a server needs to be identified. For more information, see RFC3315.

    Identity Association ID (IAID)

    An "identity-association" (IA) is a construct through which a server and a client can identify, group, and manage a set of related IPv6 addresses.  Each IA consists of an IAID and associated configuration information.

    A client must associate at least one distinct IA with each of its network interfaces for which it is to request the assignment of IPv6 addresses from a DHCP server.  The client uses the IAs assigned to an interface to obtain configuration information from a server for that interface.  Each IA must be associated with exactly one interface. For more information, see RFC3315.

    In Windows (7 & 8), the DUID and IAID can be obtained by entering ipconfig/all at the command prompt.

    Note: This will be visible only after preparing the interface (the server) in the manner described in Step 1.

    In the Registry, the DUID is under HKLMSYSTEMCurrentControlSetservicesTCPIP6Parameters. A client has an IAID for each of its interfaces. Therefore, identify the interface and look for Dhcpv6Iaid under HKLMSYSTEMCurrentControlSetservicesTCPIP6ParametersInterfaces.

    In Linux OS, I was unable to find where these are stored. Therefore, after following Step 1 above, restart the network service while doing a packet capture. In the capture look for the DUID & IAID in the DHCPv6 messages from the client.

    Step 3 - Creating a static DHCPv6 entry in the SonicWall

    • Navigate to the Network > DHCP Server page
    • Select the radio button under IPv6 on the far right side of the page under View IP Version, to change to the DHCPv6 interface.
    • Enable check box Enable DHCPv6 Server.
    • Click on the Accept button to save the changes.
    • Click on the Add Static button to bring up the Add DHCPv6 Static Scope window.
    • Enter the following information:
      • Enter a name for this static scope
      • Enter the subnet prefix under Prefix: 2002:c0a8:a8a8:1::
      • Under Static IPv6 Address, enter the IP address to be assigned to the client. In this case 2002:c0a8:a8a8:1::2
      • Under IAID, enter the IAID of the client. IAID must be decimal value.
      • Under DUID, enter the DUID of the client. DUID value must be alphanumeric with no spaces or hyphens.
      • Under Valid Lifetime (minutes), enter the valid lifetime of the IPv6 address leased by this scope. The minimum value is 0 and maximum is 71582789. The default is 2160. Valid Lifetime is the length of time an address remains in the valid state (i.e., the time until invalidation). The valid lifetime must be greater then or equal to the preferred lifetime.  When the valid lifetime expires, the address becomes invalid. When an address becomes invalid it is not assigned to any interface. The valid lifetime must be greater then or equal to the preferred lifetime. Source: RFC 2462
      • Under Preferred Lifetime (minutes), enter the preferred lifetime of the IPv6 address leased by this scope. The minimum value is 0 and maximum is 71582789. The default is 2160.  Preferred lifetime is the length of time that a valid address is preferred (i.e., the time until deprecation). When the preferred lifetime expires, the address becomes deprecated. An address assigned to an interface whose use is discouraged, but not forbidden.  A deprecated address should no longer be used as a source address in new communications, but packets sent from or to deprecated addresses are delivered as expected.
    • Click on OK to save. Source: RFC 2462

    Image

    IPv6 hosts will automatically be assigned the static addresses. If not, release and renew the interface to obtain the address.

    Related Articles

    • App Control fails by schema error when editing VPN category
    • Custom Geo-IP list to exclude a website from Geo-IP filter
    • GVC stuck on acquiring IP for some users

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:dd05288e52973a5809ba22c373a5ba22-70