Controller Based WLANs

What changes to IPv6 traffic processing are introduced in ArubaOS version 3.3.2.14?

Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.2.14 and later. 

Starting in ArubaOS 3.3.2.14 (and later builds), IPv6 traffic processing is now disabled by default. 
To verify this, run the following command at the CLI prompt of the Aruba controller. 

     (A6000-SC2) #show ipv6 firewall 

     Global IPv6 Packet Processing is Disabled
 
   
     Global IPv6 firewall policies 
     ----------------------------- 
     Policy                                      Action    Rate  Slot/Port 
     ------                                      ------    ----  --------- 
     Monitor ping attack                         Disabled          
     Monitor TCP SYN attack                      Disabled          
     Monitor IPv6 sessions attack                Disabled          
     Deny inter user bridging                    Disabled          
     Deny all IPv6 fragments                     Disabled          
     Per-packet logging                          Disabled          
     Enforce TCP handshake before allowing data  Disabled          
     Prohibit RST replay attack                  Disabled          
     Session Idle Timeout                        Disabled          
     Session mirror destination                  Disabled          
     Prohibit IPv6 Spoofing                      Disabled          
     Enable IPv6 Stateful Firewall               Disabled          

To enable IPv6 packet processing, execute the following command on the CLI prompt of the controller, in config mode: 

     (A6000-SC2) (config) #ipv6 enable 

     (A6000-SC2) (config) #show ipv6 firewall 

     Global IPv6 Packet Processing is Enabled
 
      
     Global IPv6 firewall policies 
     ----------------------------- 
     Policy                                      Action    Rate  Slot/Port 
     ------                                      ------    ----  --------- 
     Monitor ping attack                         Disabled          
     Monitor TCP SYN attack                      Disabled          
     Monitor IPv6 sessions attack                Disabled          
     Deny inter user bridging                    Disabled          
     Deny all IPv6 fragments                     Disabled          
     Per-packet logging                          Disabled          
     Enforce TCP handshake before allowing data  Disabled          
     Prohibit RST replay attack                  Disabled          
     Session Idle Timeout                        Disabled          
     Session mirror destination                  Disabled          
     Prohibit IPv6 Spoofing                      Disabled          
     Enable IPv6 Stateful Firewall               Disabled    

Enabling of IPv6 stateful firewall will not be effective unless IPv6 packet processing is enabled as shown. To enable IPv6 stateful firewall, execute the following command at the CLI prompt of the controller: 

     (A6000-SC2) (config) #ipv6 firewall enable 

     (A6000-SC2) (config) #show ipv6 firewall 

     Global IPv6 Packet Processing is Enabled
 
      
     Global IPv6 firewall policies 
     ----------------------------- 
     Policy                                      Action    Rate  Slot/Port 
     ------                                      ------    ----  --------- 
     Monitor ping attack                         Disabled          
     Monitor TCP SYN attack                      Disabled          
     Monitor IPv6 sessions attack                Disabled          
     Deny inter user bridging                    Disabled          
     Deny all IPv6 fragments                     Disabled          
     Per-packet logging                          Disabled          
     Enforce TCP handshake before allowing data  Disabled          
     Prohibit RST replay attack                  Disabled          
     Session Idle Timeout                        Disabled          
     Session mirror destination                  Disabled          
     Prohibit IPv6 Spoofing                      Disabled          
     Enable IPv6 Stateful Firewall               Enabled    

Note: 
These commands enable IPv6 traffic processing and IPv6 Stateful Firewall only on the controller on which these commands are executed. This allows for selectively configuring one or a group of controllers to allow processing of IPv6 traffic. The command needs to be executed on the master and local controller separately, as needed. 

Version history
Revision #:
1 of 1
Last update:
‎07-09-2014 12:50 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.