Using Policy to Filter IPv6 Traffic on a SecureStack

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 12627 

Products
SecureStack C3, firmware 1.01.01.0039 and higher
SecureStack C2, firmware 5.01.01.0039 and higher
SecureStack B3, firmware 1.01.01.0039 and higher
SecureStack B2, firmware 4.01.01.0039 and higher 

Goals
How to detect and drop incoming IP Version 6 traffic, using Policy. 

Solution
Here is a sample policy configuration which will accomplish this task, by targeting traffic of ethertype 0x86DD: 
set policy profile 1 name "Drop IPv6"
set policy rule 1 ether 0x86DD drop
set policy port *.*.* 1
Note that the last command will spawn one policy assignment command per port. This is by design. 

Minimal firmware versions to support ethertype classification rules are outlined in 5821.
The B3 and B2 support Policy only after application of policy licensing, as explained in 5781.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.