IPv6 WAN Interface Configuration on SA540 Security Appliances


Sat, 07/09/2016 - 08:10
Apr 26th, 2016
User Badges:

Cisco Support Community

Article ID: 664


A Wide Area Network (WAN) is a network that consists of multiple smaller networks. The most well known WAN is the Internet. To gain access to the Internet, organizations called Internet Service Providers (ISPs) are used to provide such services and they interact with the SA540 through the WAN port. WANs are networks that logically and physically cover a larger and wider area than Local Area Networks (LANs). The IP settings for the SA540 include IPv4 and IPv6 connectivity. IPv4 addresses have a size of 32 bits while IPv6 have 128 bits as its space size. IPv6 is used when more IP address spaces are needed. The IPv6 WAN Configuration page allows the user to choose the type of WAN connection to use. Two modes can be used, static and via DHCP. A static IPv6 WAN address is used when the user is provided with a permanent address from an Internet Service Provider (ISP). DHCP is a network protocol that allows a server to assign IP addresses to devices connected on its networks from a pool of valid addresses. It is an efficient way for devices on a network to automatically acquire IP addresses.

This article explains how to configure an IPv6 WAN Interface on SA540 Security Appliances.

Applicable Device

• SA540 Security Appliance

Software Version


IPv6 WAN Configuration

Enable IPv6

Step 1. Log in to the Security Appliance Configuration Utility and choose Networking > IPv6 > Routing Mode. The Routing Mode page opens: 

Step 2. Click the IPv4 / IPv6 mode radio button to enable IPv6 mode on the device.

Step 3. Click Apply to save the configuration.

Static IPv6 WAN

A static WAN IP address is an address assigned to a user by an Internet Service Provider to be the permanent address to connect to the Internet with. Since it is permanent, the IP address will not change and this can be advantageous to the user to host a website, and to remote login to your network from anywhere. A static IP address can become a security risk, because the address is always the same and static IPs are easier to track for data mining companies. A static IPv6 is not recommended because the more chances of error, which cause troubleshooting issues. But it can be used as a last resort on SA540 Security Appliances if they are unable to get an IP address from the Internet Service Provider (ISP) via Dynamic Host Control Protocol (DHCP) or if your ISP wants you to configure a static IP address instead.

Step 1. Log in to the Security Appliance Configuration Utility and choose Networking > IPv6 > IPv6 WAN Config. The IPv6 WAN Configuration page opens:

Step 2. Choose Static IPv6 from the WAN Connection Type drop-down list.

Step 3. Enter the static IPv6 address provided by the ISP in the IPv6 Address field. This is the Internet Static IPv6 address for the device.

Step 4. Enter the IPv6 prefix length in the IPv6 Prefix Length field. All the hosts in the network have same initial bits for their IPv6 address. So the prefiix length is used to identify the IPv6 network (subnet). 

Step 5. Enter the default gateway in the Default IPV6 Gateway field, which is always provided by the ISP. The default gateway IP address is the IP address of the router or modem to which the SA540 device is connected. It is used to route data of which the destination is not known by the client.

Step 6. Enter the primary DNS server address in the Primary DNS Server field. A Domain Name System (DNS) converts IP addresses to fully qualified domain names (FQDNs). This is helpful because domain names are easier to remember than IP addresses.

Step 7. (Optional) Enter the secondary DNS server address in the Secondary DNS Server (Optional) field. If the primary DNS server fails the DNS queries are done via the secondary DNS Server. 

Step 8. Click Apply to save the configuration.


DHCPv6 is used when the user is not assigned a static IP address. Automatic IP address configuration allows for the router to receive an IP address from the Dynamic Host Configuration Protocol (DHCP) server of the ISP. DHCP is a network protocol that allows a server to automatically assign an IP address to a connected device from a pool of available IP addresses which expire after a predetermined period of time. DHCPv6 allows normal address allocation, as well as temporary address allocation.

Step 1. Log in to the Security Appliance Configuration Utility and choose Networking > IPv6 > IPv6 WAN Config. The IPv6 WAN Configuration page opens:

Step 2. Choose DHCPv6 from the WAN Connection Type drop-down list to enable DHCPv6. DHCPv6 will automatically detect the information needed by the device to set up the connection.

Step 3. Click the desired DHCPv6 type radio button that you would like to apply to the connection. The two possible values are:

• Stateful Address Auto Configuration — This Controls the IP address assignment centrally; the security appliance gets IPv6 addresses from the service provider.

• Stateless Address Auto Configuration — Gets the IP address automatically without the need of the client status. The security appliance can generate their own address with the help of the information available locally.

Step 4. Click Apply to save the configuration.



This Document