Wireless Access

Reply
Regular Contributor II

Client vlans for ipv6 using SLAAC

Hi,

 

We're testing dual-stack ipv4/ipv6 for clients (using SLAAC) and I'm running into an issue where the wireless client is not able to receive an IPv6 address. The vlan is configured as L2 only on the controller. The  L3 interface is on the router and is configured for both ipv4 and ipv6 addresses.

 

I've enabled ipv6 on the target local controller. The vlan gets assigned via VSA after 802.1x authentication. The controller sees the link-local ipv6 address for clients in this vlan. The router sees the link-local address for these clients as well. The client (MacOS) is configured for "Automatic" not link-local. The router is receiving solicits on this vlan. The controller user table sees two addresses for the client MAC, an ipv4 and ipv6 link-local. Just not getting the SLAAC address.

 

I added ipv6 "allow all" on the validuser policy and have an allow-all ipv6 in the user role. Do I need to create a vlan interface for this vlan, or is L2 enough? There are no ipv6 interfaces configured on the controller. We are not planning to use ipv6 for AP or controller addresses at this time. I have not configured IPv6 Neighbor info or mld or anything as I assume this is more for configuring ipv6 addresses on the controller. Just looking clients on existing trunked vlans that would become dual-stacked at the router vlan interface.

 

Any suggestions would be appreciated!

 

Mike

Guru Elite

Re: Client vlans for ipv6 using SLAAC

Multiple IPv6 VLANs are not supported on the same SSID. The IPv6 VLAN should be assigned to the virtual-ap.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor II

Re: Client vlans for ipv6 using SLAAC


@cappalli wrote:
Multiple IPv6 VLANs are not supported on the same SSID. The IPv6 VLAN should be assigned to the virtual-ap.

Is this a hard and fast rule for all AOS versions? I didn't see a reference to it in the 6.4UG (we're 6.4.4.16).My testing is with a single IPv6 vlan but it's not in the VAP.

 

On our eduroam SSID we IPv4 NAT students (1918 vlans VSA assigned, not in VAP) and fac/staff receive publicly routed IPv4 vlans (in VAP). And there are a few VIP staff VSA-assigned vlans (again, not in VAP). How would integrating IPv6 work in our current design?

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: