I recently was informed my ISP (Bahnhof in Sweden) now can give me IPv6 natively. So of course, I wanted to try it out! I thought I’d share my experience of configuring IPv6 on my home network. I think it was difficult to find an easy to follow guide and I also had some problems with my accesspoints (wAP AC and cAP AC). I’m not an expert so if you see any areas for improvement please make a comment. Hopefully this short post will help others who want to get IPv6 on their Mikrotik equipment.

My ISP uses DHCP-PD for delegation of prefix. Currently I’m assigned a /56 prefix which I understand is the recommended subnet size for end-customers. I’m using stateless assignment of addresses to my end-points.

The router I use, RB4011 is connected to ISP on Ether1 and all other networks are configured with bridges and assigned ports, most of them run through VLANs on the sfp+ port. I have several bridges but started out with just configuring one to see if I could get it to work. It was easy to later add more subnets, just assign IP from the pool (will be explained later), configure neighbor discovery and you should be set.
So here is a brief step-by-step guide:
First of all, make sure you have the IPv6 package installed and then configure the firewall with some basic settings for IPv6. I ended up with the following minimal settings to start with:
Next thing to configure is the IPv6 DHCP-client.
If all goes well, you should be assigned a prefix from your ISP. If you have /56 prefix assigned, you can subnet that to 256 /64 networks which each contains a whopping 18,446,744,073,709,551,616 addresses. As I understand the pool will default to /64 which is exactly what’s needed for getting stateless configuration to work.
The pool will be used for configuring IP-addresses on the router and if needed to delegate subnets to other routers (in that case you will have to configure IPv6 DHCP server). I choose to not have ISP provided DNS since I run internal DNS servers and they can make IPv6 address lookups (when they receive a global IPv6 address).
Now we can assign IP address to the router and on those internal networks that need IPv6 connectivity. I don’t need IP address on ether1 even if it’s the external facing interface since I don’t have any service in use yet which requires external access to that interface.
In my case I choose my bridge for LAN to be assigned an address. If you followed these steps, hopefully you now have a globally unique address. Check that with /ipv6 address print. You should be able to find a globally unique (marked with G flag) assigned from your newly created pool.

Next step is to configure Neighbor Discovery: Lastly check IPv6 settings, you must make sure forwarding is enabled.
/ipv6 settings print
forward: yes
accept-redirects: yes-if-forwarding-disabled
accept-router-advertisements: no
That should be it! Now is a good time to test from a pc or other device in your LAN that you have IPv6 connectivity. I’m pinging google from a pc:

ping -6 ipv6.google.com
Pinging ipv6.l.google.com [2a00:1450:400f:809::200e] with 32 bytes of data:
Reply from 2a00:1450:400f:809::200e: time=17ms
...
Ping statistics for 2a00:1450:400f:809::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 17ms, Average = 17ms
Congratulations, you have working IPv6!

The only real problem I had was getting my wifi to run IPv6, I only use Mikrotik accespoints which are centrally managed by the router via CAPsMAN.
After some troubleshooting, I discovered that the IPv6 settings for the AP’s needed to be configured with IPv6 forwarding disabled and I needed to add the ether interface (which is assigned to bridge1) to Neighbor Discovery.
/ipv6 settings print
forward: no
accept-redirects: yes-if-forwarding-disabled
accept-router-advertisements: yes
max-neighbor-entries: 8192

Hopefully this will help you get started. If you find any suggestions for improvements, I’d be glad to hear about them.

Awesome - thanks for this!

I had recently transferred my working IPv6 config manually from a HexGR3 to a new 4011, and for the life of me couldn't figure out why I was getting an IPv6 address from the service provider, but none of internal clients were. Walking through this write-up I realized I'd missed the 'add address=::1' - HAH!

Awesome - thanks for this!

I had recently transferred my working IPv6 config manually from a HexGR3 to a new 4011, and for the life of me couldn't figure out why I was getting an IPv6 address from the service provider, but none of internal clients were. Walking through this write-up I realized I'd missed the 'add address=::1' - HAH!

Great, glad it helped!

Btw, any admin reading this? I realize I posted in the wrong section of the forum. You can move this to "Beginner Basics" if you find it more fitting.

I think different ISP give different way to get ipv6. With my ISP Viettel (Vietnam). I just need to setup ipv6 dhcp-client and address. It all up now. But the bug is when my pppoe disconnect, the dhcp-client can't rebind. I need to release it manually.

When you Winbox to the router do both your ipv4 AND ipv6 addresses show up to manage the router?

Hi there,

Given the current problems with IPv6 on Mikrotik, I would strongly suggest waiting before you deploy it. Want to know why? Read these links...

viewtopic.php?t=147076
viewtopic.php?t=147048
https://indico.uknof.org.uk/event/46/contributions/667/

Cheers,
Christopher H.

When you Winbox to the router do both your ipv4 AND ipv6 addresses show up to manage the router?

No, when looking in Neighbors in Winbox a only see the MAC address and the ipv4 address.

Hi there,

Given the current problems with IPv6 on Mikrotik, I would strongly suggest waiting before you deploy it. Want to know why? Read these links...

viewtopic.php?t=147076
viewtopic.php?t=147048
https://indico.uknof.org.uk/event/46/contributions/667/

Cheers,
Christopher H.

I agree, been following the mentioned threads with interest. Since I only use this for my home network it's easy to disable. But I'm pretty confident it will be fixed soon so I'm not that worried.