Link to home
Start Free TrialLog in
Avatar of Shane Krueger
Shane Krueger

asked on

How to set DHCPv6 options on a Sonicwall?

I've got a Dell Sonicwall firewall (running SonicOS Enhanced 5.9.1.7-2o) and have configured the LAN zone to provide IPv6 addresses via a Router Advertisement providing a prefix list.  The PCs correctly pull a IPv6 address with a correct prefix, and can access the internet without a problem.  I would like them to also pull an IPv6 DNS server address via a stateless DHCPv6 server.  How is this done?

Here is what I have tried:
- Checked the 'other configuration' checkmark on the Router Advertisement options, but not the 'managed' box
- Assigned a IPv6 site-local address to the interface
- Created a DHCPv6 scope that matches that address
- Put the DNS settings into the scope options

However, the PCs still don't pull a DNS IPv6 server address from the DHCPv6 scope (along with the IPv6 address from the router advertisement).  What am I missing?  Thanks!
Avatar of arnold
arnold
Flag of United States of America image

Usually, you would need to add to the DHCPv6 scope options the nameserver record.

Your existing prefixes are either defaulting to or you have DHCPv6 configured.

Consult ipconfig /all | find /I "DHCP" to identify your DHCP server.

...
Avatar of Shane Krueger
Shane Krueger

ASKER

Usually, you would need to add to the DHCPv6 scope options the nameserver record.
As I indicated, I've done this.
Your existing prefixes are either defaulting to or you have DHCPv6 configured.
As I indicated, I'm using a router advertisement to advertise a prefix, allowing automatically assigned IP addresses within the correct subnet.
Consult ipconfig /all | find /I "DHCP" to identify your DHCP server.
It correctly lists the Sonicwall router as the DHCP server
Without seeing any info neither your sonicwall nor what gets set on the client, what is the issue?
IPv4 DNS us set, but IPv6 DNS does not?
What are the IPv6 DNS that you are pushing!
LAN IPv6 settings on Sonicwall:
IP Assignment: Static
IPv6 Address: fd00:a::1
Enable router advertisement: yes
Managed: no
Other configuration: yes
Prefix list: 2603:blah:blah:blah::
All other settings unchecked

DHCP server on sonicwall:
Enable DHCPv6 Server: on
No option groups defined
No options defined
DHCPv6 Server Lease Scopes: 1 defined, as follows:
Prefix: fd00:a::
Range start: fd00:a::1:1
Range end: fd00:a::1:ff
DNS Server domain name: mydomain.local
DNS Servers: specify manually
DNS Server 1: (my IPv6 DNS server address)
DNS Server 2: (my other IPv6 DNS server address)
DHCPv6 Generic Option: none
Send DHCPv6 Options Always: no

If I disable and re-enable the network card in my PC, this is what ipconfig/all shows:
Ethernet adapter vEthernet (ACD network):

   Connection-specific DNS Suffix  . : mydomain.local
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 00-22-4D-84-35-6A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2603:blah:blah:blah:5c88:e175:f1c9:473c(Preferred)
   Temporary IPv6 Address. . . . . . : 2603:blah:blah:blah:117d:f9e6:6fdb:db69(Preferred)
   Link-local IPv6 Address . . . . . : fe80::5c88:e175:f1c9:473c%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.16.0.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Friday, December 09, 2016 3:55:35 PM
   Lease Expires . . . . . . . . . . : Tuesday, December 13, 2016 5:47:23 AM
   Default Gateway . . . . . . . . . : fe80::217:c5ff:fe65:a41e%4
                                       172.16.0.254
   DHCP Server . . . . . . . . . . . : 172.16.0.254
   DHCPv6 IAID . . . . . . . . . . . : 134226509
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-A4-9C-DB-00-22-4D-9D-B4-7A
   DNS Servers . . . . . . . . . . . : 172.16.0.2
                                       172.16.0.21
   Primary WINS Server . . . . . . . : 172.16.0.21
   Secondary WINS Server . . . . . . : 172.16.0.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

Interestingly, my PC will retrieve the DNS IPv6 address when using ipconfig/renew6 as shown below:
   Connection-specific DNS Suffix  . : mydomain.local
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 00-22-4D-84-35-6A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2603:blah:blah:blah:5c88:e175:f1c9:473c(Preferred)
   Temporary IPv6 Address. . . . . . : 2603:blah:blah:blah:117d:f9e6:6fdb:db69(Preferred)
   Link-local IPv6 Address . . . . . : fe80::5c88:e175:f1c9:473c%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.16.0.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Friday, December 09, 2016 3:55:35 PM
   Lease Expires . . . . . . . . . . : Tuesday, December 13, 2016 12:15:30 PM
   Default Gateway . . . . . . . . . : fe80::217:c5ff:fe65:a41e%4
                                       172.16.0.254
   DHCP Server . . . . . . . . . . . : 172.16.0.254
   DHCPv6 IAID . . . . . . . . . . . : 134226509
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-A4-9C-DB-00-22-4D-9D-B4-7A
   DNS Servers . . . . . . . . . . . : 2603:blah:blah:blah:6d6b:43e0:5bc:151
                                       2603:blah:blah:blah:5894:b19f:d10d:8a90
                                       172.16.0.2
                                       172.16.0.21
   Primary WINS Server . . . . . . . : 172.16.0.2
   Secondary WINS Server . . . . . . : 172.16.0.21
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       mydomain.local

Open in new window

But otherwise it will not automatically pull the DNS IPv6 address, like if I reset the network adapter.  So what's going on?  The Sonicwall help files say that the "other configuration" checkbox is supposed to tell PCs to query DHCPv6 for stateless information.  Microsoft DHCP servers have two different installation modes: stateful and stateless.  Is Sonicwall set up as a stateful DHCPv6 server?  How do I switch it to a stateless DHCPv6 server?  I do not want it set up as a stateful DHCPv6 server.
You need to set the "Managed" option to YES -- checking that box is necessary if using the SonicWall DHCPv6 server and you want it to send the M flag (which will update the DNS Server settings on your clients).

Full documentation is here:  https://support.software.dell.com/kb/sw9322

DHCPv6 defines two different configuration modes:
DHCPv6 stateful mode: DHCPv6 clients require IPv6 address together with other network parameters (e.g. DNS Server, Domain Name, etc.).
DHCPv6 stateless mode: DHCPv6 client only obtains network parameters other than IPv6 address.

I want to use a stateless DHCPv6 server, not a stateful DHCPv6 server.  So I had set it up with M=0 and O=1.


M = 0, O = 1: IPv6 hosts use DHCPv6 only for other network parameter settings and not for address configuration. Hosts derive stateless addresses using address prefixes in Router Advertisements. If the RA has the prefix information, hosts combine the prefix and a unique Interface Identifier address to derive an IPv6 address. This is known as DHCPv6 stateless because the server is not assigning stateful addresses.

Are you saying that the Sonicwall DHCPv6 server does not support a stateless configuration?  The KB article does not explicitly say that it does or does not support stateless mode for its DHCPv6 server.  (Microsoft, on the other hand, includes instructions for configuration of its DHCPv6 server as a stateful server, or as a stateless server, as desired.)
You do not want your dhcpv6 to distribute (stateless) where the workstation only receives the advertised prefix and derives its IPv6 address from that, but you want the same workstation to receive an IPv6 DNS settings.....

Those two are in conflict, ref your own posting of the definition of the stateless and the behavior...
This is known as DHCPv6 stateless because the server is not assigning stateful addresses.
I don't understand.

"You do not want your dhcpv6 to distribute (stateless)..."  - wrong.  I do want it to distribute stateless addresses

 "...where the workstation only receives the advertised prefix and derives its IPv6 address from that..." - yes that's what i want

"...but you want the same workstation to receive an IPv6 DNS settings" - yes, that's what i want

"Those two are in conflict" - incorrect.  A stateless DHCPv6 server does EXACTLY that.  It does NOT distribute IP addresses to clients, but it DOES deliver DHCP options, which in this case is the DNS domain name and addresses.  See MSDN article for how to set up their DHCPv6 stateless server:

https://technet.microsoft.com/en-us/library/cc753493(v=ws.11).aspx

DHCPv6 stateless mode clients use DHCPv6 to obtain network configuration parameters other than the IPv6 address, such as DNS server addresses. Clients configure an IPv6 address through a non-DHCPv6 based mechanism such as IPv6 address auto-configuration (based on the IPv6 prefixes included in router advertisements), or static IP address configuration.
The link is for a windows DHCP server and you are using the DHCP server from your Sonicwall.  You can configure DHCP server on a Windows system while disabling your Sonicwall DHCP server to achieve what the article states.

The DHCP server on the Sonicwall in the configuration you want does not distribute the IPv6 DNS setting unless as you pointed out, you trigger the IPv6 renewal which differs,....
Yes, I know I can use the Microsoft server - but I don't want to.

Are you saying that the Sonicwall does not support a stateless DHCPv6 server?
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks.  Actually, running ipconfig /renew6 does retrieve the DNS addresses from the Sonicwall DHCP server.  But Windows will not automatically retrieve them, for instance, when resetting the network card.  It is possible that the bug lies within Microsoft's software.  But as DHCPv6 stateless mode is supported by the Microsoft DHCP server, I find this unlikely.
The difference might be in implementatino, in stateless mode, when a client does a DHCPDiscovery, it gets the response where the DHCPv6 is as well as the Prefix for the network. The clients ends the session there as it has all relevant info to bring up IPv6 IP.
Without doing the trace, the Suggestion that the windows DHCP server includes the Scope options with the Prefix advertisement.

capture the interaction as suggested to confirm or .......