Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.2.14 and later.
Since ArubaOS 3.3.2.14, a new knob has been added to turn off/on IPV6 globally:
Turn off IPv6: #(config) no ipv6 enable
Turn on IPv6: #(config) ipv6 enable
By default, IPv6 is turned off globally. We no longer need to add any interface or user-role eth-acl to block IPv6 as was done in the older code.
The new knob takes the action on Ethernet type before any interface/user-role eth-acl. In the interface/user-role eth-acl of denying IPv6, it was noted in the ACL hits show command output, but the new knob does not display anything because the silent discarding happens before bridging/firewall lookup.
The following are the facts.
1. This knob will drop all IPv6 frames by doing minimal packet parsing to see if the ethertype is IPv6.
2. This inspection is done on all IPv6 packets received from the trusted wired side as well as IPv6 packets received from wireless users.
3. This knob will make the controller not IPv6 capable and will discard ALL frames based on the IPv6 ethertype.
4. The eth ACL that we usually use in older code to block IPv6 has to go through bridging and firewall processing, which adds extra overhead if applied to the port ACL. This overhead processing is removed with the new knob.