Guest

Preview Tool

Cisco Bug: CSCvv43986 - IPV6 connectivity broken when HA SSO is triggerred w/ AAA override enabled for vlan

Last Modified

Oct 06, 2020

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

8.10(139.27)

Description (partial)

Symptom:
AireOS WLC local mode: Wireless client IPv6 connectivity issues after WLC SSO or N+1 failover and AAA interface override

Scenario: 
The client assigned to VLAN x via AAA… however, the WLAN is assigned to VLAN Y (over an AP group).

After association, the client has IPv4 and IPv6 connectivity
In case of a SSO or N+1 failover event, the client has IPv4 connectivity, but no IPv6 connectivity. No issue in wlc outputs.
However, the distribution layer (l3 instance for VLAN X) shows an incomplete entry for the IPv6 address of the client when trying to ping the client from another subnet:

The traffic is bridged to VLAN Y (VLAN ID, which is assigned on the AP group level) instead of VLAN X, which is assigned to the client via AAA override.

IPv4 traffic to the wireless client is correctly en- and decapsulated in VLAN X.
If disassociating the client and reassociating the client, IPv6 connectivity is established, because the clients sends a router solicit message, which is bridged to VLAN X.

Conditions:
This issue has been observed, if:
-	The AP is in an AP group
-	The WLAN in the AP group is assigned to a different VLAN as in the WLAN configuration
-	AAA override is used to assign the client to a different VLAN
¿	I’m not sure whether the AP group VLAN assignment is of any relevance. I guess the problem occurs always if AAA override is used and the client is assigned to a different VLAN.

Furthermore, the IPv6 connectivity does not immediately breaks after the SSO failover. IPv6 connectivity issues starts approximately 15 seconds after the switchover.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.