[c-nsp] Why WiSM appears to ignore IPv6 ACLs that should override interface ACLs?

Matti Saarinen mjsaarin at cc.helsinki.fi
Tue May 23 07:52:19 EDT 2017


Has anyone managed to get IPv6 ACLs working on WiSM/WLC? I followed the
instruction described here:


but I wasn't able to get a working setup.

My aim is to prevent IPv6 mDNS packets from being forwarded between
associated clients. And the reason is that there are some host firewall
software that will misinterpret the mDNS packets as some kind of attacks
and this generates support tickets.

The WiSM accepts the config but the ACLs see no hits and I can see
packets destined to FF02::FB after I have applied the ACL. What can be
causing this effect? I tried searching for matching bugs but I found

I wish there would be a way to configure an IPv6 ACL on the interface
level but currently there aren't any and I don't will there ever be.



More information about the cisco-nsp mailing list