[c-nsp] ME3600X IPv6 ND Control & Data Plane Problems

Mark Tinka mark.tinka at seacom.mu
Mon Mar 2 00:33:08 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 1/Mar/15 15:26, Gert Doering wrote:
>
> You're right.  Our e-mails overlapped.  And, I need more coffee.

Thanks, Gert and Dumitru - I obviously overlooked that little issue re:
the initial NS packet that needs to go out.

I've updated the ACL as below:

ipv6 access-list filter-outgoing6
 deny ipv6 any 3FFE::/16
 deny ipv6 any 2001:DB8::/32
 deny ipv6 any FE00::/9
 permit ipv6 any FF02::1:FF00:0/104
 deny ipv6 any FF00::/8
 sequence 65535 permit ipv6 any any

That seems to work just fine.

    Side note: this platform, for some reason, does not provide matches
for IPv6 ACL's.

So this solves problem 1). Problem 2), which is where one of the boxes
is never able to populate its ND cache, remains; whether without the ACL
or with this modified ACL. I'm suspecting something with the hardware.

Mark.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJU8/YUAAoJEGcZuYTeKm+GV+sP/3vodJzsgopWdpUPYVKG+FCI
LSgL6z2fpxANaGZHxKAg+dFXQsSlS+Emy64T4wFGJUt/iX4yBP0upIgKDRl2It6Y
rErGNnsbp8suEGvrfVfXBboFDFBn9Hucq1OKN2NFAG7L6xcUbUXqAIn2u/PgPIaB
7NO47relpWqYdX3ZAotGyAj8TctweDXXOZ34mb7ZA6sxuQCc5oPv4mIU0q6XPGa/
0CHLhpwDOTNDNLkroMVgkgnA8J8QHut+Mtn7tij514HqfsghgJJASZ4NW8SzLYf0
jheRgRq3Zegzu3ibIbZKiqTMFRxE9vqAcOl0f/LCfQAtpLEvYyL3wJezDiAc+Bbn
lmvLN4zIFv+iK0/0IJ5eJYfVOqQi2Zszak9qqiAcAlkWQ6+PIrJrLqL7wRe//IGu
evWas1sUvYj6xb8wcc0sgk9YUAgGNWFU3GTrsGzmLYF8qkhSCTLPRPqgu8pGI1+8
re6W88DIiZG7bMsOKRoEWG3YG8KpKLKODJQeWFCKeo6Gp8GLze3oRmZh0nrMYLOh
e6DUvkUmqg7/KBukNcdNF0dSiVxROOJ4SUQLHVEXXf6vMyczUsF4xB/Elm9FQfnV
iBYwjhGbXEkjZvuzxUg/KOsZklwmqOkx1kvo1ZbrljyJnvFOkXQz6TJquWKegr/U
U5o6/+aLCPZLD54YKJ6G
=ZRsT
-----END PGP SIGNATURE-----





More information about the cisco-nsp mailing list