[c-nsp] Why WiSM appears to ignore IPv6 ACLs that should override interface ACLs?
Matti Saarinen
mjsaarin at cc.helsinki.fi
Wed May 24 01:54:16 EDT 2017
Hi,
Christopher Werny wrote:
> which code version are you currently running?
The WiSM2 runs currently 8.0.121.0 as do the two WLC5508s we have.
Strangely, we have received no complaints from people who have been
connected to the two latter ones. The configurations are mostly
identical.
Unfortunately, we cannot move away from 8.0 until we have replaced the
remaining 1130 series APs (still 99 left) with newer ones.
> I have a similar setup where I get rid of all the link local multicast
> packets (mDNS/LLMNR etc.) as we do not have any use case for them. The
> IPv6 (and IPv4) ACL is working fine. The only difference to the
> configuration example is that I have bound the ACL on the SSID Level
> (and not on the Interface).
Likewise, the ACL is bound on SSID level. The software we run does not
permit binding IPv6 ACLs on interface level.
> Shameless self-plug:
>
> I am responsible for setting up a fully IPv6 enabled conference network
> (around 500 attendees) and presented the setup and (IPv6 relevant)
> configuration here:
>
> https://www.troopers.de/media/filer_public/5b/34/5b340a58-2c8e-46a0-9d96-834
> e5edd9154/tr16_ipv6_sec_summit_secure_reliable_guest_wlan_v15.pdf
>
> Maybe it helps ;-).
Thanks. I'll check that one.
Cheers,
Matti
More information about the cisco-nsp
mailing list