Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.2.14 and later. Starting in ArubaOS 3.3.2.14 (and later builds), IPv6 traffic processing is now disabled by default. To verify this, run the following command at the CLI prompt of the Aruba controller. (A6000-SC2) #show ipv6 firewall Global IPv6 Packet Processing is Disabled Global IPv6 firewall policies ----------------------------- Policy Action Rate Slot/Port ------ ------ ---- --------- Monitor ping attack Disabled Monitor TCP SYN attack Disabled Monitor IPv6 sessions attack Disabled Deny inter user bridging Disabled Deny all IPv6 fragments Disabled Per-packet logging Disabled Enforce TCP handshake before allowing data Disabled Prohibit RST replay attack Disabled Session Idle Timeout Disabled Session mirror destination Disabled Prohibit IPv6 Spoofing Disabled Enable IPv6 Stateful Firewall Disabled To enable IPv6 packet processing, execute the following command on the CLI prompt of the controller, in config mode: (A6000-SC2) (config) #ipv6 enable (A6000-SC2) (config) #show ipv6 firewall Global IPv6 Packet Processing is Enabled Global IPv6 firewall policies ----------------------------- Policy Action Rate Slot/Port ------ ------ ---- --------- Monitor ping attack Disabled Monitor TCP SYN attack Disabled Monitor IPv6 sessions attack Disabled Deny inter user bridging Disabled Deny all IPv6 fragments Disabled Per-packet logging Disabled Enforce TCP handshake before allowing data Disabled Prohibit RST replay attack Disabled Session Idle Timeout Disabled Session mirror destination Disabled Prohibit IPv6 Spoofing Disabled Enable IPv6 Stateful Firewall Disabled Enabling of IPv6 stateful firewall will not be effective unless IPv6 packet processing is enabled as shown. To enable IPv6 stateful firewall, execute the following command at the CLI prompt of the controller: (A6000-SC2) (config) #ipv6 firewall enable (A6000-SC2) (config) #show ipv6 firewall Global IPv6 Packet Processing is Enabled Global IPv6 firewall policies ----------------------------- Policy Action Rate Slot/Port ------ ------ ---- --------- Monitor ping attack Disabled Monitor TCP SYN attack Disabled Monitor IPv6 sessions attack Disabled Deny inter user bridging Disabled Deny all IPv6 fragments Disabled Per-packet logging Disabled Enforce TCP handshake before allowing data Disabled Prohibit RST replay attack Disabled Session Idle Timeout Disabled Session mirror destination Disabled Prohibit IPv6 Spoofing Disabled Enable IPv6 Stateful Firewall Enabled Note: These commands enable IPv6 traffic processing and IPv6 Stateful Firewall only on the controller on which these commands are executed. This allows for selectively configuring one or a group of controllers to allow processing of IPv6 traffic. The command needs to be executed on the master and local controller separately, as needed.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.