Header Only - DO NOT REMOVE - Extreme Networks

Using Policy to Filter IPv6 Traffic on a SecureStack


Userlevel 3
Article ID: 12627

Products
SecureStack C3, firmware 1.01.01.0039 and higher
SecureStack C2, firmware 5.01.01.0039 and higher
SecureStack B3, firmware 1.01.01.0039 and higher
SecureStack B2, firmware 4.01.01.0039 and higher

Goals
How to detect and drop incoming IP Version 6 traffic, using Policy.

Solution
Here is a sample policy configuration which will accomplish this task, by targeting traffic of ethertype 0x86DD:
set policy profile 1 name "Drop IPv6"
set policy rule 1 ether 0x86DD drop
set policy port *.*.* 1[/code]Note that the last command will spawn one policy assignment command per port. This is by design.

Minimal firmware versions to support ethertype classification rules are outlined in 5821.
The B3 and B2 support Policy only after application of policy licensing, as explained in 5781.

0 replies

Be the first to reply!

Reply