Product: Aruba 3000
Our network consists of several VLAN's that have IPv6 enabled. For the Aruba it's the external interface, the guest vlan and the office vlan.
We are for the most part using Linux in our environment and to make sure that all the client know what router to use, we are sending router advertisements on the vlans and on the the servers we specify on what interface to accept Default Router and on what interface to accept a prefix for setting a IPv6 address. This works fine for all our equipment.
For the Aruba I can't find where to tell it what interface it should accept the router advertisements on. The only thing I can find it the option to set a default gateway, but this is something we don't use anywhere and I would like to stay with that. Does anyone know of an option on how to fix this?
Jan Hugo Prins
Make sure you are using the RA-guard ipv6 session ACL (it's part of the default config after AOS 6.1). You can add or alter that for specifics in your environment. Or make another IPv6 session based policy to help. I would try that first.
At the moment I don't have access lists on the interfaces or the vlan's. This would mean that the RA's should get into the vlan interfaces. The only explanation I have that they don't do anything is that the Aruba is simply ignoring them.
The RA-Guard ACL is put on the role.
Could you give me an example of where to find this?
I'm a little bit new in the Aruba stuff and sometimes I get a little bit lost in the webinterface and the commandline.
This might be a silly question, but I fell for it so I figured I'd ask. is IPv6 enabled in the Stateful Firewall on the conroller?
Yes, it is.
Sure, in the WebUI - Configuration - Security Section - Access Control - first tab called "user role." This will show you which policies eash role has associated to it and in what order. The other tabs there show you the policies and what they are doing. Hope this helps!
This is indeed the place I would look for it as well, so their are not hidden corners somewhere. This rule is not in use anywhere so RA's are blocked on no port at all as far as I can see. I also checked the running config to be sure I didn't miss anything.
At the moment I'm very much convinced that the Aruba is simply ignoring them.
Here is what I have discovered on my end when getting IPv6 with Router advertisements from our main router, a Cisco 6500. I'm running a 3200XM controller with 184.108.40.206 (This worked on 220.127.116.11 as well), AP105's and AP135's currently. My steps were as follows:
First: Make sure that you have some IPv6 Rules allowed in your Port Based ACL's if you have any. A good test is to add the IPv6 AllowAll rules to your default to make sure that it isn't blocking anything.Second: Make sure that the Role the user is assigned after being fully authenticated (Usually Authenticated), Includes Allow IPv6 Rules. The default Authenticated profile for 802.1x does include that. If you use WPA-PSK or a captive portal with anything but 802.1x, I think the default is Guest, so you might need to change that.Third: Make sure you assign a static IPv6 Address to all your Vlan Interfaces on the Aruba Controller. I could not make it work without this.Fourth: On the Controller Config page of the GUI (Configuration -> Network -> Controller) that in the section called "Controller IP Details" for "IPv6 address" you have to select one of those vlans to be your main IPv6 address for the controller.Once I did all of the above, IPv6 advertisements were being passed on to my end users without issue over the wireless.Try what you can above and see if that gets you working.
The problem is not that the router advertisement are not seen by the end users. this works all fine, also without adding an IPv6 address to every interface. The problem I have is that the switch is not using the router advertisements to set it's own default routes.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.