This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to create an ACL rule to block ICMPv6 traffic in entire Network

How to create an ACL rule to block ICMPv6 traffic in entire Network

Paul11
Contributor

‎09-04-2015 02:20 PM

How to create an ACL rule to block ICMPv6 traffic in entire Network

Since ICMPV6 multicast are coming from multiple ports and flood the whole network.
It is not easy to configure each and every single port to apply ACL rule.

Below link ACL rule to Block IPv6 make sense in this case. But what about for ICMPV6 with different length.
And I need similar configuration on this to block ICMPV6 Multicast Listener Report.

kindly take note Length are 86, 90, 110, 130 and 150
 

d076e936bdcd43698532ecea324dd8e8_RackMultipart20150904-29695-e7g3nv-ICMPV6_inline.jpg

 


=======================================
Sample config from Brandon is as follow. And this is to apply this ingress on the affected ports. and ethernet-type is 0x86dd which is IPv6.

Brandon Clay,

entry deny_ipv6{ if { ethernet-type 0x86dd; } then { deny; count ipv6_drop; } }

Other related links....

How to create ACL in EXOS and apply in Ports
https://extremeportal.force.com/ExtrArticleDetail?an=000083345

it is known issue
https://communities.intel.com/thread/48051

How to create an ACL rule to block IPv6 traffic https://extremeportal.force.com/ExtrArticleDetail?an=000083208

lost Network message:ICMPv6 Mulitcast Listener Reporthttps://community.extremenetworks.com/extreme/topics/lost-network-message-icmpv6-mulitcast-listener-...

 

0 Kudos
0 REPLIES 0
GTM-P2G8KFN