config router ipv6-ra

Use this command to configure IPv6 Router Advertisement (RA) parameters on FortiADC. RA messages are part of the IPv6 Neighbor Discovery Protocol (NDP) and are used by routers to inform hosts on the same link of the network prefix, default gateway, DNS settings, and other parameters. This allows IPv6 hosts to autoconfigure their network settings using Stateless Address Autoconfiguration (SLAAC), as defined in RFC 4861 and RFC 8106.

FortiADC can act as an IPv6 router and send RA messages on specified interfaces. You can enable or disable advertisements per interface, define prefix and route options, and include DNS configuration using RDNSS and DNSSL options.

Syntax

config router ipv6-ra
   config ra-interface
      edit <interface-name>
         set interface <interface-name>
         set send-adv {enable | disable}
         set max-interval <seconds>
         set min-interval <seconds>
         set hop-limit <integer>
         set manage-flag {enable | disable}
         set other-flag {enable | disable}
         set route-pref {high | medium | low}
         set default-life <seconds>
         set reachable-time <milliseconds>
         set retrains-time <milliseconds>
         set link-mtu <integer>
         set adv-rio {enable | disable}
         config prefix-list
            edit <index>
               set prefix6 <prefix/length>
               set onlink-flag {enable | disable}
               set autonomous-flag {enable | disable}
               set preferred-life-time <seconds>
               set valid-life-time <seconds>
            next
         end
         config rdnss
            edit <index>
               set dns-server <IPv6 address>
               set life-time <seconds>
            next
         end
         config dnssl
            edit <index>
               set domain-name <domain>
               set life-time <seconds>
            next
         end
         config route-list
            edit <index>
               set route <prefix/length>
               set route-pref {high | medium | low}
               set route-life-time <seconds>
            next
         end
      next
   end
end

config ra-interface
interface	Specifies the physical or logical interface that will send RA messages.
send-adv	Enables or disables RA message transmission and solicitation responses.
max-interval	Maximum interval between unsolicited multicast RA transmissions.
min-interval	Minimum interval between unsolicited multicast RA transmissions.
hop-limit	Default Hop Limit to be placed in the IP header of outbound packets.
manage-flag	Indicates whether hosts should use DHCPv6 for address configuration (ManagedAddressConfiguration flag).
other-flag	Indicates whether hosts should use DHCPv6 for other configuration (OtherConfiguration flag).
route-pref	Preference value for the advertising router.
default-life	Lifetime associated with the default router.
reachable-time	Time a node assumes a neighbor is reachable after a confirmation.
retrains-time	Time between retransmitted Neighbor Solicitation messages.
link-mtu	MTU value to be advertised to hosts on the link.
adv-rio	Enables or disables the Route Information Option (RIO) section.
config prefix-list
prefix6	IPv6 prefix to be advertised (e.g., 2001:db8::/64).
onlink-flag	When enabled, indicates the prefix is on-link.
autonomous-flag	When enabled, allows SLAAC address configuration using this prefix.
preferred-life-time	Duration the address remains preferred.
valid-life-time	Duration the prefix is considered valid for on-link determination.
config rdnss
dns-server	One or more IPv6 addresses of recursive DNS servers.
life-time	Time the RDNSS entries are valid for name resolution.
config dnssl
domain-name	The domain name suffixes to use for DNS search.
life-time	Time the DNSSL entries are valid.
config route-list
route	IPv6 route prefix to advertise to hosts (e.g., 2001:db8::/96).
route-pref	Preference value for the advertised route.
route-life-time	Lifetime of the advertised route.

Example

The following example shows how to configure RA on port2 with a single prefix (2001:db8:1::/64), Recursive DNS server (2001:db8::1), and a DNS search domain (example.com). Route advertisement is also included.

config router ipv6-ra
   config ra-interface
      edit "port2"
         set interface "port2"
         set send-adv enable
         set max-interval 600
         set min-interval 200
         set hop-limit 64
         set manage-flag disable
         set other-flag enable
         set route-pref medium
         set default-life 1800
         set reachable-time 0
         set retrains-time 0
         set link-mtu 1500
         set adv-rio enable
         config prefix-list
            edit 1
               set prefix6 2001:db8:1::/64
               set autonomous-flag enable
               set onlink-flag enable
               set preferred-life-time 3600
               set valid-life-time 7200
            next
         end
         config rdnss
            edit 1
               set dns-server 2001:db8::1
               set life-time 600
            next
         end
         config dnssl
            edit 1
               set domain-name "example.com"
               set life-time 600
            next
         end
         config route-list
            edit 1
               set route 2001:db8:2::/64
               set route-pref low
               set route-life-time 1800
            next
         end
      next
   end
end