In modern networking setups, systems often have multiple interfaces where IPv6 Stateless Address Autoconfiguration (SLAAC) might not be desirable for all of them. For instance, in Debian-based appliances, you may want eth0 to obtain an IPv6 address via SLAAC while restricting other interfaces (eth1, wlan0, etc.) to link-local or manually configured addresses.
Debian uses sysctl and NetworkManager or systemd-networkd for network configurations. To disable SLAAC on specific interfaces, you can tweak kernel parameters or use network configuration files.
Method 1: Using sysctl (Temporary Solution)
To disable SLAAC for a specific interface (e.g., eth1), run:
echo 0 > /proc/sys/net/ipv6/conf/eth1/accept_raThis prevents Router Advertisements (RAs) from triggering SLAAC on eth1.
Method 2: Persistent Configuration via systemd-networkd
Edit or create /etc/systemd/network/10-eth1.network:
[Network]
Description=Disable SLAAC on eth1
[IPv6AcceptRA]
UseAutonomousPrefix=falseAfter saving, restart the network service:
systemctl restart systemd-networkdMethod 3: Using NetworkManager (if installed)
For NetworkManager-managed interfaces, modify /etc/NetworkManager/conf.d/no-slaac.conf:
[keyfile]
unmanaged-devices=interface-name:eth1
[connection-ethernet-eth1]
ipv6.addr-gen-mode=stable-privacyThen reload NetworkManager:
nmcli connection reloadCheck if SLAAC is disabled on the target interface while still active on eth0:
ip -6 addr show eth1
ip -6 addr show eth0Only eth0 should display a globally scoped SLAAC-derived address.
If the changes don’t take effect:
- Ensure no conflicting DHCPv6 client (
dhclient) is running. - Check kernel logs for RA-related errors:
dmesg | grep -i ipv6.
In modern Debian systems with multiple network interfaces, there are legitimate cases where administrators need fine-grained control over IPv6 Stateless Address Autoconfiguration (SLAAC). The typical scenario involves:
- Primary interface (eth0) using SLAAC for automatic configuration
- Secondary interfaces (eth1, eth2, etc.) requiring only link-local or static IPv6 addresses
- Preventing unwanted global IPv6 addresses on non-primary interfaces
Method 1: sysctl Interface-Specific Controls
The most precise approach uses per-interface sysctl parameters. Create or modify /etc/sysctl.d/60-ipv6-slaac.conf:
# Enable SLAAC on eth0 net.ipv6.conf.eth0.accept_ra = 1 net.ipv6.conf.eth0.autoconf = 1 # Disable SLAAC on all other interfaces net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.all.autoconf = 0 # Explicitly disable for specific interfaces (e.g., eth1) net.ipv6.conf.eth1.accept_ra = 0 net.ipv6.conf.eth1.autoconf = 0
Apply changes immediately with: sysctl --system
Method 2: NetworkManager Configuration (If Used)
For systems using NetworkManager, create interface-specific profiles:
[connection] id=eth1-no-slaac type=ethernet interface-name=eth1 [ipv6] method=disabled # OR for link-local only: method=link-local
After configuration, verify with these commands:
ip -6 addr show dev eth0 # Should show SLAAC addresses ip -6 addr show dev eth1 # Should only show link-local cat /proc/sys/net/ipv6/conf/eth1/autoconf # Should show 0
For older Debian versions using /etc/network/interfaces:
iface eth1 inet6 manual
up ip link set dev eth1 up
up sysctl -w net.ipv6.conf.eth1.autoconf=0
up sysctl -w net.ipv6.conf.eth1.accept_ra=0
When dealing with unpredictable interface naming (e.g., predictible network interface names):
# Disable for all except primary in a dynamic way
for IFACE in $(ls /sys/class/net/ | grep -v eth0); do
sysctl -w net.ipv6.conf.$IFACE.autoconf=0
sysctl -w net.ipv6.conf.$IFACE.accept_ra=0
done