pfSense English Support > IPv6

Disable ipv6 for some LAN clients

(1/1)

trumee:
Hello,

It is possible to deny DHCP ipv6 address to some LAN clients?

Thanks

Napsterbater:

--- Quote from: trumee on January 01, 2018, 03:48:22 pm ---Hello,

It is possible to deny DHCP ipv6 address to some LAN clients?

Thanks

--- End quote ---

No

And keep in mind it wouldn't stop SLAAC, even if RA is set to "Managed" some clients will still SLAAC.

hda:

--- Quote from: Napsterbater on January 01, 2018, 03:54:13 pm ---And keep in mind it wouldn't stop SLAAC, even if RA is set to "Managed" some clients will still SLAAC.

--- End quote ---
...and not succeed to obtain an address. Did you test this explicitly ?

Napsterbater:

--- Quote from: hda on January 01, 2018, 07:22:59 pm ---
--- Quote from: Napsterbater on January 01, 2018, 03:54:13 pm ---And keep in mind it wouldn't stop SLAAC, even if RA is set to "Managed" some clients will still SLAAC.

--- End quote ---
...and not succeed to obtain an address. Did you test this explicitly ?

--- End quote ---

Didn't say it was right, only that some (very few) have done it. Been awhile since I saw it, think it was Android, or just a subset of them. It was a while ago.

johnpoz:
If your wanting to use ipv6 for some clients and not others you have 2 ways to go about it if you ask me..

1) Complete static do not run RA, do not run dhcpipv6.. Any clients that want to use ipv6 will have to be setup static ipv6 to be able to talk to pfsense, and get outbound on it, etc.  This allows you to easy firewall and only allow specific IPs that you set on clients.  Your going to want to turn off privacy ipv6 on the client as well or they will just use some random ipv6 in the prefix you setup as their outgoing source IPv6..

2) You can setup RA and or dhcpv6, etc..  But disable ipv6 on the client completely..  This might not be available on some clients, refer to option 1

I use option 1... It allows me to use ipv6 on the devices I want to use ipv6 on while not have to worry about it on other devices..  Actually sort of a hybrid of 1 and 2 - since I also disable ipv6 on any device I can that I am not going to be using it on..

Navigation

[0] Message Index

Go to full version