11-07-2017 09:38 AM
In my IAP225, I am trying to block IPv6 traffic on a specific network. My goal is to allow only IPv4 traffic and block all ipv6 traffic going in the network. To achive this, I have created a network profile and associated a ACL rule to the profile. The acl rule to deny ipv6 traffic is given below.
84:d4:7e:c6:d5:74 (Access Rule "TEST") # rule any any match ipv6 any any deny
However, this is not working. I can still send ipv6 traffic(ping traffic) over the network.
Set-up details: I have a set-up with 2 Aruba AP's and each WAP is connected with one Client(laptop's). The Laptop's are configured with IPv6 addresses(default link local address).With the above ACL rule configured in Aruba, I expect, all IPv6 traffic should be dropped however, that is not happening. I can still reach other client in the network via ping.
Aruba WAP Type : IAP225
Firware Version : 22.214.171.124-126.96.36.199_56428
Please let me know is there any way to block only IPv6 traffic?
Thanks in advance.
Attaching the the complete network configuration and the ACL rule for your reference.
wlan access-rule TEST
rule 188.8.131.52 240.0.0.0 match any any any deny
rule 172.19.248.0 255.255.255.248 match any any any permit
rule 172.19.248.0 255.255.252.0 match udp any any permit
rule 172.19.248.0 255.255.252.0 match any any any deny
rule any any match ipv6 any any deny
rule any any match any any any permit
wlan ssid-profile TEST
Solved! Go to Solution.
11-30-2017 10:55 AM
Thanks Vijay for helping me in this issue.
The CLI indeed has an option to block to block IPv6 traffic while configuring the ACL rules. Use the below options based on the interface you are using.
1. Use 'v6-deny" if you are using GUI
2. Use "raw" option in CLI.
A sample ACL rule is given below.
rule any any match raw any any deny