I want help to configure IPV6 in Mikrotik. Our ISP is giving /60 for us. As per my knowledge, /60 have 16 Nos of /64. I want to configure first four /64 to each interface. Please help.
Just as with IPv4 it could be static or dynamic, it depends on how the ISP delivers the IPv6. Also, the WAN IPv6 address may be part of the /60, or a separate /64 which could be globally routeable or link-local.
With static just assign a /64 to the WAN and each interface, and set a default route making sure you have suitable firewall rules. Otherwise you typically use the DHCPv6 client to request a prefix, adding it to a pool. The addresses are then assign from this pool.
Please post an example configuration (We are getting static /60 from ISP), so I can test.
Here is an example from an article (https://stubarea51.net/2018/09/14/wisp-design-an-overview-of-adding-ipv6-to-your-wisp/ ) I wrote for WISPs to implement IPv6. It shows implementing a single /64 built out of a pool - you can add other pools to this config.
This is the example of the home subscriber router in the post referenced above.
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-LAN
/interface vlan
add interface=ether1-WAN name=vlan1101-AP1-Data vlan-id=1101
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add disabled=no interface=ether1-WAN
/ipv6 address
add eui-64=yes from-pool=home interface=ether2-LAN
/ipv6 dhcp-client
add add-default-route=yes interface=vlan1101-AP1-Data pool-name=home \
pool-prefix-length=56 request=prefix
/ipv6 nd
add hop-limit=64 interface=ether2-LAN
/system identity
set name=Subscriber-1
/tool romon
set enabled=yes
/ipv6 address> print
2407:xxxx:0:10:ba69:f4ff:fe13:b562/60 ether1 (WAN)
2407:xxxx:0:11:ba69:f4ff:fe13:b567/64 pool1 ether6 (LAN)
/ipv6 pool> print
2407:xxxx:0:11::/64
I can ping from our Mikrotik. Client devices are getting IPV6, but can’t browse.
The /60 on ether1 is incorrect, post all of your IPv6 configuration.
This is the whole settings related to IPV6. IPV6 in WAN configured manually. I can ping to any IPV4/IPV6 sites from the router itself. But devices can’t get Internet through IPV6. If any specific setting you need to debug the problem, just post it. I will post the details.
Hi There, I recently got a mikrotik dish with a three SIM card however internet banking sites aren’t working. After some research it looks like it might be something to do with the unit being set to IPV6..? I’m not very technical if you can help me change the settings to using IPV4 only it might help!
Any other advice welcomed
Use /ipv6 export hide-sensitive and redact the public addresses
# oct/05/2021 23:35:35 by RouterOS 6.48.4
# software id = DM9G-HKLI
#
# model = 2011UiAS
# serial number = 8C1A092BF201
/ipv6 address
add address=2407:xxxx:0:1::2/60 advertise=no interface=ether1
add address=2407:xxxx:0:2::/64 advertise=yes interface=ether6
/ipv6 nd
set [ find default=yes ] managed-address-configuration=yes other-configuration=yes
/ipv6 route
add distance=1 gateway=2407:xxxx:0:1::1
I can ping to any IPV6 site from Mikrotik.
What IPv6 addresses and routes do you have?
Please sanitize and post the output of:
ipv6 address print where global
ipv6 route print
The address attached to ether1 should have a subnet mask of /64 not /60. All-zeros as the interface address in a subnet is reserved for the “all routers in the subnet” anycast address so the address attached to ether6 should be non-zero.
It is unusual that the WAN connection is not the first 2407:xxxx:0:0:: or last 2407:xxxx:0:f:: subnet of the /60., assuming it is actually 2407:xxxx:0:1:: then:
/ipv6 address
add address=2407:xxxx:0:1::2/6064 advertise=no interface=ether1
add address=2407:xxxx:0:2::1/64 advertise=yes interface=ether6
/ipv6 route
add distance=1 gateway=2407:xxxx:0:1::1
It is wise to make the unused subnets routed to you unreachable, otherwise packets will bounce back and forth between you and the ISP gateway until the TTL expires.
/ipv6 route
add distance=1 dst-address=2407:xxxx::/60 type=unreachable
The ND configuration is incorrect unless you have a DHCPv6 server providing addresses to client devices on your LAN. Setting managed-address-configuration=yes indicates clients should acquire an address using DHCPv6, not SLAAC. Note the Mikrotik DHCPv6 server cannot provide client addresses. Setting other-configuration=yes indicates clients should require information other than an address using DHCPv6, typically DNS server information. I usually disable the default ND settings and add specific setting for each interface, using DHCPv6 to provide the address of the Mikrotik itself as the DNS server:
/ipv6 dhcp-server option
add code=23 name=dns-net2 value=“‘2407:xxxx:0:2::1’”
/ipv6 dhcp-server
add dhcp-option=dns-net2 interface=ether6 name=dhcp-net2
/ipv6 nd
set [ find default=yes ] managed-address-configuration=yes other-configuration=yesdisabled=yes
add advertise-dns=no interface=ether6 other-configuration=yes
Here is the output
/ipv6 address> print where global
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2407:xxxx:0:1::2/64 ether1 no
1 G 2407:xxxx:0:2::1/64 ether6 yes
/ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 2407:xxxx:0:1::1 1
1 A SU 2407:xxxx::/60 1
2 ADC 2407:xxxx:0:1::/64 ether1 0
3 ADC 2407:xxxx:0:2::/64 ether6 0
Current Configuration
# oct/06/2021 02:33:09 by RouterOS 6.48.4
# software id = DM9G-HKLI
#
# model = 2011UiAS
# serial number = 8C1A092BF201
/ipv6 dhcp-server
add address-pool=pool1 disabled=yes interface=ether6 name=server1
/ipv6 dhcp-server option
add code=23 name=dns-net2 value="'2001:4860:4860::8844'"
/ipv6 address
add address=2407:xxxx:0:1::2 advertise=no interface=ether1
add address=2407:xxxx:0:2::1 interface=ether6
/ipv6 dhcp-server
add dhcp-option=dns-net2 interface=ether6 name=dhcp-net2
/ipv6 nd
set [ find default=yes ] disabled=yes other-configuration=yes
add advertise-dns=no advertise-mac-address=no interface=ether6 other-configuration=yes
/ipv6 route
add distance=1 gateway=2407:xxxx:0:1::1
add distance=1 dst-address=2407:xxxx::/60 type=unreachable
Still no internet connectivity from PC. Traceroute from PC
tracert -d 2001:4860:4860::8844
Tracing route to 2001:4860:4860::8844 over a maximum of 30 hops
1 2 ms 2 ms 2 ms 2407:xxxx:0:2::1
2 * * * Request timed out.
3 * ^C
IP configuration of my PC
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2407:xxxx:0:2:f4d4:3205:ac0f:7357
Temporary IPv6 Address. . . . . . : 2407:xxxx:0:2:5c05:58aa:6668:d2d6
Link-local IPv6 Address . . . . . : fe80::f4d4:3205:ac0f:7357%18
IPv4 Address. . . . . . . . . . . : 192.168.1.251
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::ba69:f4ff:fe13:b567%18
192.168.1.1
How has the ISP configured their end? Have they said the /60 is routed to 2407:xxxx:0:1::2? If they have merely attached a /60 to the interface at their end it will never work.
Please post the recommended settings at ISP side. So I can check with them.
They should be following guidelines such as https://www.ripe.net/publications/docs/ripe-690 section 4.1.
I would expect them to provide you with your WAN address and their gateway address, internally they should route the other subnets to your WAN address.
I can’t understand the document. Please post a recommended configuration so I can try it.
Your configuration has to match the information the ISP provides - I would expect them to provide you their gateway addresses, your WAN and additional subnets, e.g.
Gateway: 2001:0db8:1234:5678::1/64
Your WAN: 2001:0db8:1234:5678::2/64
Subnets: 2001:0db8:1234:9876::/60
Subnets: 2001:0db8:1234:9876::/60
Where to config subnet in Mikrotik ?