Header Only - DO NOT REMOVE - Extreme Networks

Block all IPv6 traffic


How can i block all ipv6 trafic in xos?

9 replies

Userlevel 6
You could write an ACL to block all traffic with ethertype 0x86DD.
Userlevel 2
Here is the article to block IPv6
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-an-ACL-rule-to-block-IPv6-tr...
Thanks!
Userlevel 2
Hi Gerson,

What if you just don't put IPv6 address on the interface/vlan? So there is no one can do IPv6 gatewaying? It is only work for L3 blocking.

Best regards,
Userlevel 6
Exos does not work that way, almost every acl action is done on all packets, no matter if it is l2 switched or routed.
Userlevel 2
OscarK wrote:

Exos does not work that way, almost every acl action is done on all packets, no matter if it is l2 switched or routed.

Hi Oscar,

If using ACL, is that kind ACL processed by CPU or ASIC?

Best regards,
Userlevel 6
OscarK wrote:

Exos does not work that way, almost every acl action is done on all packets, no matter if it is l2 switched or routed.

ACL is done in Hardware (asic).
i work at a very large campus.

A lot of routers are installed everyday without our knowledge.

I'm concerned with those routers acting as IPv6 dhcp-servers.

We have trusted ports well configured, but i suspect that it doesn't work for IPv6.

Since we don't have IPv6 for users, i think that if we block it, that problem is solved for now.
Userlevel 2
gbs wrote:

i work at a very large campus.

A lot of routers are installed everyday without our knowledge.

I'm concerned with those routers acting as IPv6 dhcp-servers.

We have trusted ports well configured, but i suspect that it doesn't work for IPv6.

Since we don't have IPv6 for users, i think that if we block it, that problem is solved for now.

Hi Gerson,

Any specific reason to do this on L2 level? Is IPv6 traffic inside a client VLAN only matter to you since it will not gatewaying if you don't put IPv6 address on your L3? I think the L2 way only works if all your clients connected directly to your controllable switch, if not L3 way is more simple since the traffic will only reach your controllable switch for gatewaying or accessing different connected ports clients (or client switches) on the same VLAN.

Best regards,

Reply