Article ID: 12627
Products
SecureStack C3, firmware 1.01.01.0039 and higher
SecureStack C2, firmware 5.01.01.0039 and higher
SecureStack B3, firmware 1.01.01.0039 and higher
SecureStack B2, firmware 4.01.01.0039 and higher
Goals
How to detect and drop incoming IP Version 6 traffic, using Policy.
Solution
Here is a sample policy configuration which will accomplish this task, by targeting traffic of ethertype 0x86DD:
set policy profile 1 name "Drop IPv6"
set policy rule 1 ether 0x86DD drop
set policy port *.*.* 1Note that the last command will spawn one policy assignment command
per port. This is by design.
Minimal firmware versions to support ethertype classification rules are outlined in
5821.
The B3 and B2 support Policy only after application of policy licensing, as explained in
5781.
