07-13-2011 06:45 AM
First everything works fine, guests can login and work. After a while (minutes or hours) some guest users get the following error message in their browser:
Web authentication is disabled. Please contact the administrator for assistance.
The workaround is to reset the client WLAN adapter.
The problem is that the controller adds both IP addresses from dual stack clients. In our guest network there is no IPv6 router, so the clients send their link-local addresses. After time out of the IPv6 entry the error message occurs.
This behavior can also be triggered with: aaa ipv6 user delete mac xxxxxxxx
Question: Is it possible to prevent learning IPv6 addresses in the guest network?
IPv6 should still be enabled in our intranet, so disabling IPv6 globally is not an option.
I've already added following access-list to the guest-logon user with no success:
ip access-list session IPv6-denyall
ipv6 any any any deny
Thanks in Advance
07-14-2011 05:01 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
07-18-2011 03:55 PM
Dual-stack clients are having their lesser-used IPv6 addresses (local *or* global) aged out, which also impacts the user's IPv4 session. Users experience this as wireless instability. Disabling IPv6 on the client appears to solve this issue, but we require access to IPv6 in our environment.
10.250.18.219 f0:b4:79:1e:eb:9a captiveportal guest 00:00:07
fe80::f2b4:79ff:fe1e:eb9a f0:b4:79:1e:eb:9a captiveportal guest 00:00:07
5 minutes later:
MAC=f0:b4:79:1e:eb:9a IP=fe80::f2b4:79ff:fe1e:eb9a User entry deleted: reason=idle timeout