Wireless Access

last person joined: 8 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

IPv6 Router advertisement and Aruba.

  • 1.  IPv6 Router advertisement and Aruba.

    Posted May 25, 2012 10:56 AM

    Product: Aruba 3000

    ArubaOS 6.1.3.1

     

    Hi everyone,

     

    Our network consists of several VLAN's that have IPv6 enabled. For the Aruba it's the external interface, the guest vlan and the office vlan.

     

    We are for the most part using Linux in our environment and to make sure that all the client know what router to use, we are sending router advertisements on the vlans and on the the servers we specify on what interface to accept Default Router and on what interface to accept a prefix for setting a IPv6 address. This works fine for all our equipment.

     

    For the Aruba I can't find where to tell it what interface it should accept the router advertisements on. The only thing I can find it the option to set a default gateway, but this is something we don't use anywhere and I would like to stay with that. Does anyone know of an option on how to fix this?

     

    Jan Hugo Prins

     

     



  • 2.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 01, 2012 10:51 AM

    Make sure you are using the RA-guard ipv6 session ACL (it's part of the default config after AOS 6.1).  You can add or alter that for specifics in your environment.  Or make another IPv6 session based policy to help.  I would try that first.



  • 3.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 03, 2012 05:45 PM

    At the moment I don't have access lists on the interfaces or the vlan's. This would mean that the RA's should get into the vlan interfaces. The only explanation I have that they don't do anything is that the Aruba is simply ignoring them.

     

    Jan Hugo Prins

     



  • 4.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 05, 2012 01:39 PM

    The RA-Guard ACL is put on the role. 



  • 5.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 05, 2012 04:10 PM

    Could you give me an example of where to find this?

    I'm a little bit new in the Aruba stuff and sometimes I get a little bit lost in the webinterface and the commandline.

     

    Jan Hugo Prins

     



  • 6.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 05, 2012 04:51 PM

    This might be a silly question, but I fell for it so I figured I'd ask.  is IPv6 enabled in the Stateful Firewall on the conroller? 



  • 7.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 05, 2012 04:57 PM

    Yes, it is.



  • 8.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 08, 2012 09:25 AM

    Sure, in the WebUI - Configuration - Security Section - Access Control - first tab called "user role."  This will show you which policies eash role has associated to it and in what order.  The other tabs there show you the policies and what they are doing.  Hope this helps!



  • 9.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 10, 2012 04:27 PM

    Hi,

     

    This is indeed the place I would look for it as well, so their are not hidden corners somewhere. This rule is not in use anywhere so RA's are blocked on no port at all as far as I can see. I also checked the running config to be sure I didn't miss anything.

     

    At the moment I'm very much convinced that the Aruba is simply ignoring them.

     

    Jan Hugo Prins

     



  • 10.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 12, 2012 06:21 PM

    Here is what I have discovered on my end when getting IPv6 with Router advertisements from our main router, a Cisco 6500. I'm running a 3200XM controller with 6.1.3.2 (This worked on 6.1.3.1 as well), AP105's and AP135's currently. My steps were as follows:



    First: Make sure that you have some IPv6 Rules allowed in your Port Based ACL's if you have any. A good test is to add the IPv6 AllowAll rules to your default to make sure that it isn't blocking anything.

    Second: Make sure that the Role the user is assigned after being fully authenticated (Usually Authenticated), Includes Allow IPv6 Rules. The default Authenticated profile for 802.1x does include that. If you use WPA-PSK or a captive portal with anything but 802.1x, I think the default is Guest, so you might need to change that.

    Third: Make sure you assign a static IPv6 Address to all your Vlan Interfaces on the Aruba Controller. I could not make it work without this.

    Fourth: On the Controller Config page of the GUI (Configuration -> Network -> Controller) that in the section called "Controller IP Details" for "IPv6 address" you have to select one of those vlans to be your main IPv6 address for the controller.

    Once I did all of the above, IPv6 advertisements were being passed on to my end users without issue over the wireless.

    Try what you can above and see if that gets you working.



  • 11.  RE: IPv6 Router advertisement and Aruba.

    Posted Jun 17, 2012 05:50 PM

    The problem is not that the router advertisement are not seen by the end users. this works all fine, also without adding an IPv6 address to every interface. The problem I have is that the switch is not using the router advertisements to set it's own default routes.

     

    Jan Hugo