Wireless Access

Reply
Occasional Contributor II

IPv6 Router advertisement and Aruba.

Product: Aruba 3000

ArubaOS 6.1.3.1

 

Hi everyone,

 

Our network consists of several VLAN's that have IPv6 enabled. For the Aruba it's the external interface, the guest vlan and the office vlan.

 

We are for the most part using Linux in our environment and to make sure that all the client know what router to use, we are sending router advertisements on the vlans and on the the servers we specify on what interface to accept Default Router and on what interface to accept a prefix for setting a IPv6 address. This works fine for all our equipment.

 

For the Aruba I can't find where to tell it what interface it should accept the router advertisements on. The only thing I can find it the option to set a default gateway, but this is something we don't use anywhere and I would like to stay with that. Does anyone know of an option on how to fix this?

 

Jan Hugo Prins

 

 

Contributor I

Re: IPv6 Router advertisement and Aruba.

Make sure you are using the RA-guard ipv6 session ACL (it's part of the default config after AOS 6.1).  You can add or alter that for specifics in your environment.  Or make another IPv6 session based policy to help.  I would try that first.

Colleen Szymanik
------------------------------------
University of Pennsylvania
Network Engineer
(215)573-2628
Occasional Contributor II

Re: IPv6 Router advertisement and Aruba.

At the moment I don't have access lists on the interfaces or the vlan's. This would mean that the RA's should get into the vlan interfaces. The only explanation I have that they don't do anything is that the Aruba is simply ignoring them.

 

Jan Hugo Prins

 

Contributor I

Re: IPv6 Router advertisement and Aruba.

The RA-Guard ACL is put on the role. 

Colleen Szymanik
------------------------------------
University of Pennsylvania
Network Engineer
(215)573-2628
Occasional Contributor II

Re: IPv6 Router advertisement and Aruba.

Could you give me an example of where to find this?

I'm a little bit new in the Aruba stuff and sometimes I get a little bit lost in the webinterface and the commandline.

 

Jan Hugo Prins

 

Frequent Contributor I

Re: IPv6 Router advertisement and Aruba.

This might be a silly question, but I fell for it so I figured I'd ask.  is IPv6 enabled in the Stateful Firewall on the conroller? 

Occasional Contributor II

Re: IPv6 Router advertisement and Aruba.

Yes, it is.

Contributor I

Re: IPv6 Router advertisement and Aruba.

Sure, in the WebUI - Configuration - Security Section - Access Control - first tab called "user role."  This will show you which policies eash role has associated to it and in what order.  The other tabs there show you the policies and what they are doing.  Hope this helps!

Colleen Szymanik
------------------------------------
University of Pennsylvania
Network Engineer
(215)573-2628
Occasional Contributor II

Re: IPv6 Router advertisement and Aruba.

Hi,

 

This is indeed the place I would look for it as well, so their are not hidden corners somewhere. This rule is not in use anywhere so RA's are blocked on no port at all as far as I can see. I also checked the running config to be sure I didn't miss anything.

 

At the moment I'm very much convinced that the Aruba is simply ignoring them.

 

Jan Hugo Prins

 

Frequent Contributor I

Re: IPv6 Router advertisement and Aruba.

Here is what I have discovered on my end when getting IPv6 with Router advertisements from our main router, a Cisco 6500. I'm running a 3200XM controller with 6.1.3.2 (This worked on 6.1.3.1 as well), AP105's and AP135's currently. My steps were as follows:



First: Make sure that you have some IPv6 Rules allowed in your Port Based ACL's if you have any. A good test is to add the IPv6 AllowAll rules to your default to make sure that it isn't blocking anything.

Second: Make sure that the Role the user is assigned after being fully authenticated (Usually Authenticated), Includes Allow IPv6 Rules. The default Authenticated profile for 802.1x does include that. If you use WPA-PSK or a captive portal with anything but 802.1x, I think the default is Guest, so you might need to change that.

Third: Make sure you assign a static IPv6 Address to all your Vlan Interfaces on the Aruba Controller. I could not make it work without this.

Fourth: On the Controller Config page of the GUI (Configuration -> Network -> Controller) that in the section called "Controller IP Details" for "IPv6 address" you have to select one of those vlans to be your main IPv6 address for the controller.

Once I did all of the above, IPv6 advertisements were being passed on to my end users without issue over the wireless.

Try what you can above and see if that gets you working.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: