[c-nsp] Blocking IPv6 on WiSM?
Tristan Gulyas
evilzardoz at gmail.com
Mon Aug 9 01:06:39 EDT 2010
Hi,
> Until RA Guard + DHCPv6 Snooping become routinely available
> in Ethernet switches, managing this kind of problem will be
> hectic at best.
>
We currently implement an ACL on our 3750 switches (ipbase) which can block router advertisements and we find this to be very effective. We haven't done anything for DHCPv6 however few clients support this.
Unfortunately we have yet to deal with clients on the wireless side. There's no IPv6 support coming for the WiSMs/WLCs till Q1 2011 as far as I know (but have not heard anything definitive). One solution to drop RAs would be to disable peer to peer communication however this may break other applications such as voip and video (not ideal when you have lots of students rocking up on campus who try to make FaceTime calls!).
Phil - you are correct by stating that IPv6 disables VLAN steering which is the same reason that our wireless (and load balancing) services are the only things that don't currently talk native IPv6. We're waiting on the same thing - Cisco to ship something IPv6 native.
Tristan
More information about the cisco-nsp
mailing list