Network Management

Reply
New Contributor

RADIUS over IPv6

Hello, 

Trying to set up a test bed on OOB, to test authentication issues of different OS. 

I have read a lot of posts on how to implement RADIUS authentication over IPv6. 

I know it says it has to be a global IPv6 for the host and for the global RADIUS client. 

My LAN guys are convinced that the ip they issued me will work. 

My info:

Controller 6000 

Version of OS 6.4.4.17-FIPS

IPv6 for the controller : ff01::221/64

Radius HOST IPv6 : ff01::1

 

When I put RADIUS host ip6 and click apply it tells me that only global ipv6 are allowed, then I click apply again and it saves it. When I cli to the controller and do show aaa authetication-server all it puts that ip6 as FQDN and :: for ip. Then I thought ok, let point the controller to DNS to resolve FQDN to host ip, so LAN guys gave the FQDN name ipv4 to reach the DNS. So I applied all that and when I issue:

show aaa fqdn-server-names it gives me :

Auth Server FQDN names

----------------------

FQDN            IP Address  IPv6 Address  Refcount

----            ----------  ------------  --------

nmgt.netmgt  127.0.0.1   ::            1

Which I know means that it can’t resolve it. I did set DNS query interval to 1 min.

I can ping IPv6 but can’t reach the radius when trying to authenticate. I did a packet capture, I didn’t see any radius protocol in it when user is authenticating.

So does any one have any insight on what else I could try to resolve this?  

Highlighted
Moderator

Re: RADIUS over IPv6

The IPv6 feature set is incomplete.  It allows for monitoring devices on IPv6 with clients on IPv6, but it doesn't handle the AirWave config components yet.  This is in our backlog of features we want to do for complete IPv6 support.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
New Contributor

Re: RADIUS over IPv6

I believe I found reason why:

Currently AOS 6.4, 6.5, and anything before 8.2 only support global IPv6 addresses and do not support IPv6 ULA addresses..  Since I have 6000/M3 controllers the latest version of code these units support is 6.4.4.x and they will not support IPv6 ULA addressing.  The easiest fix would be to have the Radius folks support Global IPv6 addressing or purchase the new 72xx controllers and implement AOS 8.2.x.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: