Wireless Access

Occasional Contributor II

Cannot Block IPv6 Traffic

    In my IAP225, I am trying to block IPv6 traffic on a specific network. My goal is to allow only IPv4 traffic and block all ipv6 traffic going in the network. To achive this, I have created a network profile and associated a ACL rule to the profile. The acl rule to deny ipv6 traffic is given below.

    84:d4:7e:c6:d5:74 (Access Rule "TEST") # rule any any match ipv6 any any deny

However, this is not working. I can still send ipv6 traffic(ping traffic) over the network.

Set-up details: I have a set-up with 2 Aruba AP's and each WAP is connected with one Client(laptop's). The Laptop's are configured with IPv6 addresses(default link local address).With the above ACL rule configured in Aruba, I expect, all IPv6 traffic should be dropped however, that is not happening. I can still reach other client in the network via ping.

Aruba WAP Type    : IAP225
Firware Version    :

Please let me know is there any way to block only IPv6 traffic?

Thanks in advance.


Attaching the the complete network configuration and the ACL rule for your reference.

ACL Rule:
    wlan access-rule TEST
     index 3
     rule match any any any deny
     rule match any any any permit
     rule match udp any any permit
     rule match any any any deny
     rule any any match ipv6 any any deny
     rule any any match any any any permit
    wlan ssid-profile TEST
     index 1
     type guest
     essid Test-SSID
     opmode opensystem
     max-authentication-failures 0
     vlan 4092
     rf-band all
     captive-portal disable
     dtim-period 1
     inactivity-timeout 120
     broadcast-filter unicast-arp-only
     g-min-tx-rate 36
     a-min-tx-rate 36
     a-basic-rates 36,48,54
     a-tx-rates 36,48,54
     g-basic-rates 36,48,54
     g-tx-rates 36,48,54
     supported-mcs-set 5,6,7,13,14,15,21,22,23
     vht-supported-mcs-map "7,8,9,-"
     dmo-channel-utilization-threshold 90
     multicast-rate mcs15
     local-probe-req-thresh 0
     max-clients-threshold 45

Occasional Contributor II

Re: Cannot Block IPv6 Traffic

Thanks Vijay for helping me in this issue. 


The CLI indeed has an option to block to block IPv6 traffic while configuring the ACL rules. Use the below options based on the interface you are using.

1. Use 'v6-deny" if you are using GUI

2. Use "raw" option in CLI.


A sample ACL rule is given below.

      rule any any match raw any any deny




Search Airheads
Showing results for 
Search instead for 
Did you mean: