[c-nsp] Blocking IPv6 on WiSM?

Phil Mayers p.mayers at imperial.ac.uk
Mon Aug 9 07:20:26 EDT 2010


On 09/08/10 06:06, Tristan Gulyas wrote:
> Hi,
>
>> Until RA Guard + DHCPv6 Snooping become routinely available in
>> Ethernet switches, managing this kind of problem will be hectic at
>> best.
>>
>
> We currently implement an ACL on our 3750 switches (ipbase) which can
> block router advertisements and we find this to be very effective.
> We haven't done anything for DHCPv6 however few clients support
> this.
>
> Unfortunately we have yet to deal with clients on the wireless side.
> There's no IPv6 support coming for the WiSMs/WLCs till Q1 2011 as far
> as I know (but have not heard anything definitive).  One solution to
> drop RAs would be to disable peer to peer communication however this
> may break other applications such as voip and video (not ideal when
> you have lots of students rocking up on campus who try to make
> FaceTime calls!).
>
> Phil - you are correct by stating that IPv6 disables VLAN steering
> which is the same reason that our wireless (and load balancing)
> services are the only things that don't currently talk native IPv6.
> We're waiting on the same thing - Cisco to ship something IPv6
> native.

At this point, I'd settle for a firmware upgrade that drops all packets 
with ethertype=0x86dd. I have a very hard time believing the hardware 
can't do that...


More information about the cisco-nsp mailing list