Reset Search
 

 

Article

How to block IPv6 traffic in WiNG environment?

« Go Back

Information

 
TitleHow to block IPv6 traffic in WiNG environment?
Objective
In case you want to suppress IPv6 traffic in your network, use following access list.
Environment
  • All Summit WM3000 Series Controllers
  • ExtremeWireless WiNG Controllers
  • ExtremeWireless WiNG Access Points
  • WiNG 5 Software
Procedure
In order to completely block IPv6 you can easily copy & modify an MAC access list to suppress IPv6 ethertype (0x86DD).
 
WLC(config)# mac access-list PERMIT-ARP-AND-IPv4-DENY-IPv6
             deny any any type ipv6 rule-precedence 5 rule-description "disable all IPv6 traffic"
             permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
             permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"

You can also create only IPv6 blocking access list (less preferred option)
 
WLC(config)# ipv6 access-list NoIPv6
             deny ipv6 any any rule-precedence 1

Then you need to map the ACL in WLAN / VLAN in inbound & outbound direction
 
WLC(config)# wlan NoIPv6
             use mac-access-list in PERMIT-ARP-AND-IPv4-DENY-IPv6
             use mac-access-list out PERMIT-ARP-AND-IPv4-DENY-IPv6

or

             use ipv6-access-list in NoIPv6
             use ipv6-access-list out NoIPv6

To block wired IPv6 traffic per VLAN or per GE port
 
VX(config)# profile anyap NoIPv6
VX(config-profile-NoIPv6)# interface vlan X
                           use ipv6-access-list in NoIPv6

or

VX(config-profile-NoIPv6)# interface ge1
                           use ipv6-access-list in NoIPv6
                           use mac-access-list in PERMIT-ARP-AND-IPv4

You can create the same in GUI under Configuration - Security - Wireless firewall - MAC ACL

User-added image

Configuration - Security - IP Firewall - IPv6 ACL

User-added image

Then map the ACL to WLAN

User-added image

Or VLAN / GE port

User-added image

User-added image

Now all IPv6 traffic will be blocked by firewall. 
Make sure you have firewall enabled and properly configured otherwise ACL might not work!
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255