[c-nsp] Why WiSM appears to ignore IPv6 ACLs that should override interface ACLs?
Matti Saarinen
mjsaarin at cc.helsinki.fi
Tue May 23 07:52:19 EDT 2017
Hi,
Has anyone managed to get IPv6 ACLs working on WiSM/WLC? I followed the
instruction described here:
http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series-access-point/113443-cuwn-apple-bonjour-dg-00.html#block
but I wasn't able to get a working setup.
My aim is to prevent IPv6 mDNS packets from being forwarded between
associated clients. And the reason is that there are some host firewall
software that will misinterpret the mDNS packets as some kind of attacks
and this generates support tickets.
The WiSM accepts the config but the ACLs see no hits and I can see
packets destined to FF02::FB after I have applied the ACL. What can be
causing this effect? I tried searching for matching bugs but I found
none.
I wish there would be a way to configure an IPv6 ACL on the interface
level but currently there aren't any and I don't will there ever be.
Cheers,
Matti
More information about the cisco-nsp
mailing list