Security

Hi,

I have a question about Dual-Stack for authentication on ClearPass (v.6.9).
When the clients have both ipv4 and ipv6 then it requires twice on each.
It looks like 2 addresses on their computer.
How can I configure to only one-time authentication?
Please advice.

------------------------------
Ratchapas Shatsa-Nga
https://www.facebook.com/Aruba-News-Update-1401095559960142
------------------------------

What type of authentication?
Is your ask about dual-stack on the ClearPass? Or Dual-Stacked clients?

Most authentication is on L2, which means per client MAC. The client MAC is the same for IPv4 and all of its IPv6 IP addresses.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Sep 08, 2021 04:55 AM
From: Ratchapas Shatsa-Nga
Subject: Clearpass Dual Stack authentication ipv4,ipv6

Hi,

I have a question about Dual-Stack for authentication on ClearPass (v.6.9).
When the clients have both ipv4 and ipv6 then it requires twice on each.
It looks like 2 addresses on their computer.
How can I configure to only one-time authentication?
Please advice.

------------------------------
Ratchapas Shatsa-Nga
https://www.facebook.com/Aruba-News-Update-1401095559960142
------------------------------

Hi Herman,

Captive portal for client authentication.
Dual-stacked on clients but I'm not sure I'm correct or not.
Currently, the clients browse to the ipv4  destination they will stick at captive portal however it also happens for ipv6 destination.

Please advice.

------------------------------
Ratchapas Shatsa-Nga
https://www.facebook.com/Aruba-News-Update-1401095559960142
------------------------------

Original Message:
Sent: Sep 08, 2021 06:49 AM
From: Herman Robers
Subject: Clearpass Dual Stack authentication ipv4,ipv6

What type of authentication?
Is your ask about dual-stack on the ClearPass? Or Dual-Stacked clients?

Most authentication is on L2, which means per client MAC. The client MAC is the same for IPv4 and all of its IPv6 IP addresses.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Sep 08, 2021 04:55 AM
From: Ratchapas Shatsa-Nga
Subject: Clearpass Dual Stack authentication ipv4,ipv6

Hi,

I have a question about Dual-Stack for authentication on ClearPass (v.6.9).
When the clients have both ipv4 and ipv6 then it requires twice on each.
It looks like 2 addresses on their computer.
How can I configure to only one-time authentication?
Please advice.

------------------------------
Ratchapas Shatsa-Nga
https://www.facebook.com/Aruba-News-Update-1401095559960142
------------------------------

That is not what I expect for most switches. If you do a captive portal authentication, the client MAC address is authorized, not the Client IP.

What is your setup with the captive portal? Switch? AP? Workflow?

Or open a support case to have TAC look at it. It is not expected to have reauthentication per client IP (IPv4 and separate for IPv6), as the network infrastructure in most cases is unaware of the higher-level protocols above L2.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Sep 08, 2021 01:55 PM
From: Ratchapas Shatsa-Nga
Subject: Clearpass Dual Stack authentication ipv4,ipv6

Hi Herman,

Captive portal for client authentication.
Dual-stacked on clients but I'm not sure I'm correct or not.
Currently, the clients browse to the ipv4  destination they will stick at captive portal however it also happens for ipv6 destination.

Please advice.

------------------------------
Ratchapas Shatsa-Nga
https://www.facebook.com/Aruba-News-Update-1401095559960142

Original Message:
Sent: Sep 08, 2021 06:49 AM
From: Herman Robers
Subject: Clearpass Dual Stack authentication ipv4,ipv6

What type of authentication?
Is your ask about dual-stack on the ClearPass? Or Dual-Stacked clients?

Most authentication is on L2, which means per client MAC. The client MAC is the same for IPv4 and all of its IPv6 IP addresses.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Sep 08, 2021 04:55 AM
From: Ratchapas Shatsa-Nga
Subject: Clearpass Dual Stack authentication ipv4,ipv6

Hi,

I have a question about Dual-Stack for authentication on ClearPass (v.6.9).
When the clients have both ipv4 and ipv6 then it requires twice on each.
It looks like 2 addresses on their computer.
How can I configure to only one-time authentication?
Please advice.

------------------------------
Ratchapas Shatsa-Nga
https://www.facebook.com/Aruba-News-Update-1401095559960142
------------------------------