Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dynamic VLAN/SSID assignment w/IPv6

I have followed the answer in this discussion which instructs on how to get Dynamic VLAN/SSID assignments using WLCs + MS IAS:

https://supportforums.cisco.com/thread/339396

This works great for IPv4.  This does not appear to work for IPv6.

I have CT2504 WLCs running v7.0.116.0 and AP 3502s.  I have a Windows 2003 IAS working for 802.1x authentication using PEAP and per-user/group dynamic VLAN/SSID assignments.  Based on who you authenticate as, you are placed on the appropriate VLAN.

However, IPv6 does not function properly.  I believe this is due to the nature that the WLC only bridges IPv6 from the Interface Group that the WLAN is assigned to and/or whatever Multicast VLAN you assign.

If I connect as a user assigned to the same matching VLAN as the WLAN Interface / Multicast VLAN, IPv6 works just fine.  I do not even have to have the "Enable IPv6" box checked in the Advanced tab, nor does the "Multicast Vlan Feature" need to be enabled - IPv6 still works.

If I connect as a user that is assigned to a different VLAN than the WLAN Interface / Multicast VLAN, I see the IPv6 Router Advertisement from the WLAN Interface / Multicast VLAN, and not the VLAN that "Allow AAA Override" switched me to.  Naturally since I'm getting as IPv6 prefix for a different VLAN, when I try to route traffic through the IPv6 default gateway (which isn't on the VLAN I'm connected to), it doesn't work.

One work-around to have IPv6 support is to use distinct, non-dynamic per VLAN/SSID assignments.  This is ugly and doesn't scale (16 max SSIDs).

Has anyone else experienced this and know of a solution?

For now I'll just have to set the WLAN Interface to a VLAN which does not have IPv6 enabled and my wireless users won't have IPv6 unless they VPN on top of Wifi.  Rather disappointing.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Dynamic VLAN/SSID assignment w/IPv6

this sounds alot like another implication of IPv6 with "more than one VLAN on the same SSID".

see this thread:

https://supportforums.cisco.com/thread/2157621?tstart=60

not with dynamic vlan, but vlan select - which, on the L2/L3 on SSID-side is essentially the same.

as mentioned in the thread, 7.2 has a feature that "automatically sends the correct RA to the correct clients via L2  wireless unicast. By unicasting the RA, clients on the same WLAN, but a  different VLAN, do not receive the incorrect RA."

lucky for you, 7.2 is available for the 2504 - with my WiSM1s I am out of luck :-(

so this feature *could* solve this problem, as the problem is that the wrong IPv6-RAs are broadcasted for the client (because the SSID is the same)

2 REPLIES
New Member

Dynamic VLAN/SSID assignment w/IPv6

this sounds alot like another implication of IPv6 with "more than one VLAN on the same SSID".

see this thread:

https://supportforums.cisco.com/thread/2157621?tstart=60

not with dynamic vlan, but vlan select - which, on the L2/L3 on SSID-side is essentially the same.

as mentioned in the thread, 7.2 has a feature that "automatically sends the correct RA to the correct clients via L2  wireless unicast. By unicasting the RA, clients on the same WLAN, but a  different VLAN, do not receive the incorrect RA."

lucky for you, 7.2 is available for the 2504 - with my WiSM1s I am out of luck :-(

so this feature *could* solve this problem, as the problem is that the wrong IPv6-RAs are broadcasted for the client (because the SSID is the same)

New Member

Dynamic VLAN/SSID assignment w/IPv6

Excellent, thank you for the tip.  I downloaded 7.2 last night before I'd left, but did not have time to test yet.

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.2.110.0

Testing with the non-default VLAN shows the correct IPv6 RA for that VLAN is now coming through and IPv6 traffic is worknig as expected.

531
Views
0
Helpful
2
Replies