Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Cisco IPv6 Downloadable ACLs?

This thread has been viewed 1 times

  • 1.  Cisco IPv6 Downloadable ACLs?

    Posted Oct 18, 2018 11:39 AM

    Does ClearPass support IPv6 Downloadable ACLs?

    Seems like it is only IPv4.

    We are a fully dual stack environment so IPv6 support is crucial!

     

    cisco-av-pair = ipv6:inacl#1=<IPv6-ACL-LINE-1>
cisco-av-pair = ipv6:inacl#2=<IPv6-ACL-LINE-2>
cisco-av-pair = ipv6:inacl#n=<IPv6-ACL-LINE-n>

    Thanks!



  • 2.  RE: Cisco IPv6 Downloadable ACLs?

    EMPLOYEE
    Posted Oct 18, 2018 11:48 AM
    Checking with engineering.


  • 3.  RE: Cisco IPv6 Downloadable ACLs?

    Posted Oct 23, 2018 05:06 PM

    The TAC recommended I try adding the av pair attributes to the enforcement profile, but that didn't work.

     

    Let me know what you find out.

     

    Thanks!

    -Neil

     



  • 4.  RE: Cisco IPv6 Downloadable ACLs?

    Posted Oct 31, 2018 09:56 AM

    Any update from engineering?



  • 5.  RE: Cisco IPv6 Downloadable ACLs?

    EMPLOYEE
    Posted Nov 01, 2018 10:34 AM
    Unfortunately it hasn’t been tested. It’s on my list but haven’t had the cycles.


  • 6.  RE: Cisco IPv6 Downloadable ACLs?

    Posted May 17, 2019 09:52 AM

    Tim,

     

    Installed the latest version of CP on my lab server and I see it still doesn't support IPv6 Downloadable ACL's for Cisco devices.

     

    I did get it to work with Cisco AV Pairs, but ipv4-ipv6 parity would be nice.

     

    Have you heard anything about upcoming support?

    I will talk to my SE as well.

     

    -Neil