Controller Based WLANs

How do I block IPv6 traffic?

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.2.14 and later.

 

Since ArubaOS 3.3.2.14, a new knob has been added to turn off/on IPV6 globally:

 

Turn off IPv6: #(config) no ipv6 enable

 

Turn on IPv6: #(config) ipv6 enable

 

By default, IPv6 is turned off globally. We no longer need to add any interface or user-role eth-acl to block IPv6 as was done in the older code.

 

The new knob takes the action on Ethernet type before any interface/user-role eth-acl. In the interface/user-role eth-acl of denying IPv6, it was noted in the ACL hits show command output, but the new knob does not display anything because the silent discarding happens before bridging/firewall lookup.

 

The following are the facts.

 

1. This knob will drop all IPv6 frames by doing minimal packet parsing to see if the ethertype is IPv6.

2. This inspection is done on all IPv6 packets received from the trusted wired side as well as IPv6 packets received from wireless users.

3. This knob will make the controller not IPv6 capable and will discard ALL frames based on the IPv6 ethertype.

4. The eth ACL that we usually use in older code to block IPv6 has to go through bridging and firewall processing, which adds extra overhead if applied to the port ACL. This overhead processing is removed with the new knob.

Version History
Revision #:
1 of 1
Last update:
‎06-30-2014 08:12 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.