Thanks @trendy, it really works!
But it works only because I have IPv6-PD delegated from my ISP:
IPv6-PD: 2a01:xxxx:xxxx:2502::/64on the WAN6 interface
So, based on the advice, I applied the following configuration, which has been working fine for me for ~1 week already:
config dhcp 'wan6'
option interface 'wan6'
option master '1'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
....
config dhcp 'lan'
option interface 'lan'
option ra 'server'
option dhcpv6 'server'
....
config dhcp 'IOT'
option interface 'IOT'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
....
Results:
- WAN6:
IPv6-PD: 2a01:xxxx:xxxx:2502::/64 - LAN:
IPv6: 2a01:xxxx:xxxx:2502::/64- DHCPv6 - IOT:
IPv6: 2a01:xxxx:xxxx:2500::/64- IPv6 relay mode - Guest: no IPv6
Regarding the initial question I raised at the beginning of this topic:
should I avoid IPv6 relay mode configuration for several VLANs interfaces if I get only /64 on WAN?
all the search results I found led me to the conclusion: yes, this configuration should be avoided.
The main reason I found is that you will be on the same IPv6 subnet for all VLANs if you will try to relay IPv6 /64 from WAN into several VLANs, which is unacceptable from a security perspective (in my case it was relay of IPv6 address 2a01:xxxx:xxxx:2500 ::/64 into both LAN and IOT).