This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

drop egress ipv6

drop egress ipv6

cpsd
New Contributor

‎02-06-2014 08:54 PM

How can I drop all IPv6 traffic in the egress of a lag?
The switch is a DFE in a E7 chassis.
Thanks
0 Kudos
5 REPLIES 5

Paul_Poyant
New Contributor III

‎02-10-2014 01:10 PM

Generally it is possible to combine multiple functions into an existing set of policy, perhaps as simply as adding in a rule or two. However, each case will have unique circumstances, so must be evaluated in detail before one can conclude whether such a multi-purpose policy can be successfully crafted to leave each intended function fully complete and effective.

For that detailed evaluation, it would probably be most helpful to get a GTAC Support case opened. Start it off with what has already been discussed here, and when a conclusion is reached, those results can be added to the end of this Hub topic to close the conversational loop.
0 Kudos

cpsd
New Contributor

‎02-10-2014 12:45 PM

Thank you for your answers, but in ports where we need to drop IPv6 traffic there is another policy working, I think that is not compatible.
¿It is possible add this rule to the policy profile?
I have seen than in these models I can't configure an ACL that denies IPv6 traffic.
0 Kudos

Paul_Poyant
New Contributor III

‎02-07-2014 12:59 PM

As James has stated, policy acts upon ingress yet you would like it to selectively affect egress. This seemingly insurmountable problem does have a workaround, though I preface the following discussion with the caution that we are now squarely within the realm of "understanding the rules so that they can be creatively broken".

Start with the background in
KB 5888, "Filtering Egress Traffic based on Frame Characteristics" (http://bit.ly/1l5lwNg).
A review of
KB 14443, "Using S/K-Series Policy to identify IPv6 Router Advertisements" (http://bit.ly/IMvR28) might also be helpful.

Let's say that the traffic in question will be ingressing port ge.1.1, and all ports on the system are initially egressing vlan x.
The following variation on the previously suggested policy config would, instead of dropping the IPv6 frames, move them to VLAN x2, which all ports except the LAG should be allowed to egress as well. For this purpose the presence of additional VLAN configurations (VLAN x2 definition, VLAN x2 untagged egress from non-LAG ports), not present here, may be assumed.

code:
set policy profile 100 name selectively-BlockIPV6

code:
set policy rule 100 ether 0x86dd vlan
<
code:
x2
>
code:
set policy port ge.1.1 100


The sequence of events outlined in KB 5888 would take it from there.
0 Kudos

James_A
Valued Contributor

‎02-07-2014 04:43 AM

I know how to drop IPv6 traffic on ingress:
set policy profile 100 name BlockIPV6
set policy rule 100 ether 0x86dd drop
set policy port ge.1.1 100
But I don't know how to set policy on egress packets.
0 Kudos
GTM-P2G8KFN