How to create an ACL rule to block ICMPv6 traffic in entire Network

  • 0
  • 3
  • Problem
  • Updated 3 years ago
  • Not a Problem
How to create an ACL rule to block ICMPv6 traffic in entire Network


Since ICMPV6 multicast are coming from multiple ports and flood the whole network. 
It is not easy to configure each and every single port to apply ACL rule. 

Below link ACL rule to Block IPv6 make sense in this case. But what about for ICMPV6 with different length.
And I need similar configuration on this to block ICMPV6 Multicast Listener Report.

kindly take note Length are 86, 90, 110, 130 and 150

 

=======================================
Sample config from Brandon is as follow. And this is to apply this ingress on the affected ports. and ethernet-type is 0x86dd which is IPv6.


Brandon Clay

entry deny_ipv6{
    if {
        ethernet-type 0x86dd;
    } then {
        deny;
        count ipv6_drop;
    }
}




Other related links....

How to create ACL in EXOS and apply in Ports
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS

it is known issue
https://communities.intel.com/thread/48051

How to create an ACL rule to block IPv6 traffichttps://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-an-ACL-rule-to-block-IPv6-tr...

lost Network message:ICMPv6 Mulitcast Listener Reporthttps://community.extremenetworks.com/extreme/topics/lost-network-message-icmpv6-mulitcast-listener-...
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb

Posted 3 years ago

  • 0
  • 3

Be the first to post a reply!