Information related to IPv6 support on the Wireless LAN Controller (WLC). Prior to WLC 6.0 release, IPv6 pass-thru is only supported but no L2 security can be enabled on IPv6 WLAN. With WLC 6.0 release and later, IPv6 pass-thru with Layer-2 security supported.
Same Wireless LAN (WLAN) can support both IPv4 and IPv6 clients. IPv6 pass-thru and IPv4 Web auth is also supported on same WLAN. IPv6 is not supported with guest mobility anchor tunneling.
Since controller is a L2 device, no IPv4 or IPv6 routing is supported on WLC controller. that is the reason wireless LAN controller support only bridging mode.
Below is the configuration guide which references IPv6 support.
Currently, the 4400 and 4100 series controllers only support IPv6 client pass-through.
Native IPv6 support is not supported. In order to enable IPv6 on the WLC, check the IPv6 Enable check box on the WLAN SSID configuration under the WLAN> Edit page.
Also, Ethernet Multicast Mode (EMM) is required to support IPv6. If you disable EMM, client devices that use IPv6 lose connectivity. In order to enable EMM, go to the Controller > General page and from the Ethernet Multicast Mode drop down menu, choose Unicast or Multicast.This enables multicast either in Unicast mode or Multicast mode. When multicast is enabled as multicast unicast, packets are replicated for each AP. This can be processor intensive, so use it with caution. Multicast enabled as multicast uses the user assigned multicast address to do a more traditional multicast out to the access points (APs).
Also, there is Cisco bug ID CSCsg78176 (IPv6 pass through is broken with interface assignment and AAA Override), which prevents using IPv6 pass-through when the AAA Override feature is used.
IPv6 Support on WLC and LAP for Release 18.104.22.168
IPv6/Dual Stack Client Support
This section describes new features that have been introduced as part of the IPv6 feature enhancements.
IPv6 Client Mobility
'Intelligent IPv6 Packet Processing enables seamless layer 2 and layer 3 roaming support for both dual stack and IPv6 only client. This feature enables reliable connectivity while roaming.
Cisco 2500 Series Controller requires Multicast-Multicast mode to be enabled with a valid Multicast IP address for IPv6 Client Support.
First-hop security features, including RA Guard automatically blocks rogue router announcements from the controller and access point. Source guard, DHCPv6 Server guard, and IPv6 Access Control List are supported in controller. This feature enables increased network availability and lower operational costs by proactively blocking known threats.
IPv6 Client Management
IPv6 addresses visibility on a per client basis, system-wide IP version distribution, and trends from NCS. This feature enables network administrators to perform IPv6 troubleshooting, address planning, client traceability, and so on from a common wired and wireless management system.
IPv6 Packet Optimization
Intelligent packet processing through NDP proxy and rate limiting of chatty IPv6 packets. This feature enables increased radio efficiency and reduces CPU utilization in the router.
New Release 22.214.171.124 support
From release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 126.96.36.199, PMIPv6 Feature is Not Supported on Cisco 2500 Series WLCs
IPv6/Dual Stack client visibility and PMIPv6 feature is Not Supported on Cisco Flex 7500 WLCs but IPv6 client bridging and Router Advertisement Guard are supported.
IPv6, PMIPv6 Feature is Not Supported on Cisco Virtual WLCs
Symptom : AP3600 in either autonomous IOS or FlexConnect local switching mode drops IP6to4 TCP SYN ACK packets that are received from its LAN port. A wired sniff at the AP port shows, when the wireless client attempts to establish a TCP connection over IPv6 in IPv4, that the AP transmits the TCP SYN (in IPv6 in IPv4) to the switch, and receives the SYN ACK from the switch, but fails to forward the SYN ACK packet to the wireless client. The first time that the AP, after a reload, drops the SYN ACK packet, the following message will be seen on the AP console, or in its log file:
WARNING - Received pak from RXTX port - Check log for detailed information
At the same time, the wireless client can successfully ping the IPv6 address of its 6to4 gateway.
Conditions : AP3600 or AP2600 in autonomous or FlexConnect local switching mode. Wireless client is attempting to establish TCP connections over IPv6 in IPv4, that is IPv4 protocol type 41.
1. Use AP1040, AP1140, AP1260, or AP3500
2. Disable IPv6 support on the application server.
3. Instead of using lightweight mode use a centrally switched WLAN rather than a locally switched one.
Symptom : Crash in different tasks after enabling guest LAN.
Conditions : Guest LAN on a 5500 series controller using 7.2 or later software releases with IPv6 traffic from clients.
Workaround : Disable guest LAN or disable IPv6.
Symptom : System is unresponsive in different tasks after guest LAN is enabled.
I just got my hands of an Cisco Aironet LAP1142N-E-K9 and want to convert it from Lightweight to Autonomous. For that I need the imagefile "c1140-k9w7-tar.153-3.JD17.tar" I cant download it from here, nor find it elsewhere. So how do I get the imagef...
This should be a question with an obvious answer but the Google Gods haven't been clear. I'm trying to determine which image I need for a 3702i access poing with the master controller AP (mobility express) running 8.8.125 but can't seem to find anything o...
Here is the complete boot capture: If I interrupt the boot, I can tftpboot at the (RNAQ-C7) # prompt a new ap1g4 file as part.bin to the device with no change. #====================== Connected 6:07 PM 10/18/2019 ====================...
Hello,Since we upgraded connections between our buildings we will use central WLC (5520) on our central location. There is around 1500APs on all locations which will be adopted to that WLC.My concern is that when I use local mode, I got my traffic do...
I have a guest network set up that is completely isolated from production, the intent being that visitors are issued a username and can go out to the Internet while they are visiting. I'd like to fix one thing: The visitor connects to the wireless network...