Enable the IPv6 Prefix Delegation Client

Enable the DHCPv6 Prefix Delegation client on one or more interfaces. The threat defense obtains one or more IPv6 prefixes that it can subnet and assign to inside networks. Typically, the interface on which you enable the prefix delegation client obtains its IP address using the DHCPv6 address client; only other threat defense interfaces use addresses derived from the delegated prefix.

This feature is only supported in routed mode. This feature is not supported in clustering or High Availability.

Before you begin

When you use Prefix Delegation, you must set the threat defense IPv6 neighbor discovery router advertisement interval to be much lower than the preferred lifetime of the prefix assigned by the DHCPv6 Server to prevent IPv6 traffic interruption. For example, if the DHCPv6 server sets the preferred Prefix Delegation lifetime to 300 seconds, you should set the threat defense RA interval to be 150 seconds. To set the preferred lifetime, use the show ipv6 general-prefix command. To set the threat defense RA interval, see Configure IPv6 Neighbor Discovery; the default is 200 seconds.

Procedure


Step 1

Select Devices > Device Management and click Edit (edit icon) for your threat defense device. The Interfaces page is selected by default.

Step 2

Click Edit (edit icon) for the interface you want to edit.

Step 3

Click the IPv6 page, and then click DHCP.

Step 4

Click Client PD Prefix Name and enter a name for this prefix.

Enable the Prefix Delegation Client
Enable the Prefix Delegation Client

The name can be up to 200 characters.

Step 5

(Optional) Enter the prefix and prefix length in the Client PD Hint Prefixes field to provide one or more hints to the DHCP server about the delegated prefix you want to receive, then click Add.

Typically you want to request a particular prefix length, such as ::/60, or if you have received a particular prefix before and want to ensure you get it again when the lease expires, you can enter the whole prefix as the hint. If you enter multiple hints (different prefixes or lengths), then it is up to the DHCP server which hint to honor, or whether to honor the hint at all.

Step 6

Click OK.

Step 7

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.