ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 5
Registered: ‎11-25-2007

ArubaOS 6.1.x: Dual stack guest users

After upgrading from 5.0.3.3 via 6.0.1.3 to 6.1.2.0 I have noticed that there is a problem with dual stack guest clients.

First everything works fine, guests can login and work. After a while (minutes or hours) some guest users get the following error message in their browser:
Web authentication is disabled. Please contact the administrator for assistance.

The workaround is to reset the client WLAN adapter.

The problem is that the controller adds both IP addresses from dual stack clients. In our guest network there is no IPv6 router, so the clients send their link-local addresses. After time out of the IPv6 entry the error message occurs.
This behavior can also be triggered with: aaa ipv6 user delete mac xxxxxxxx

Question: Is it possible to prevent learning IPv6 addresses in the guest network?

IPv6 should still be enabled in our intranet, so disabling IPv6 globally is not an option.

I've already added following access-list to the guest-logon user with no success:
ip access-list session IPv6-denyall
ipv6 any any any deny

Thanks in Advance
Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: ArubaOS 6.1.x: Dual stack guest users

Please open a TAC case about this so that it can get replicated and we can find a solution for you, if possible.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 1
Registered: ‎07-18-2011

Re: ArubaOS 6.1.x: Dual stack guest users

For what it's worth, we're encountering the exact same problem after upgrading to 6.1.1.0. We'll submit our own case, but I wanted to stress that this problem is not isolated.

Dual-stack clients are having their lesser-used IPv6 addresses (local *or* global) aged out, which also impacts the user's IPv4 session. Users experience this as wireless instability. Disabling IPv6 on the client appears to solve this issue, but we require access to IPv6 in our environment.



#show user-table
10.250.18.219 f0:b4:79:1e:eb:9a captiveportal guest 00:00:07
fe80::f2b4:79ff:fe1e:eb9a f0:b4:79:1e:eb:9a captiveportal guest 00:00:07


5 minutes later:
MAC=f0:b4:79:1e:eb:9a IP=fe80::f2b4:79ff:fe1e:eb9a User entry deleted: reason=idle timeout
Search Airheads
Showing results for 
Search instead for 
Did you mean: