03-24-2023 12:22 AM
Alright!
So we have a customer demanding we turn of ipv6 completely, which we do as best to our ability on all devices. The problem is that customer connects their devices to the network sometimes without turning of ipv6 beforehand. This causes the device to send out neighbor solicitation (ICMPv6) packets that will not go away in the cisco switch (3850). Even if the device is turned off the packets will still circulate in the switch environment.
So to my question, can you block the ICMPv6 packets on a cisco switch? We found 1 command called "device-tracking" but it caused some other issue i cannot remember so we were told to find a way around that command.
We have tried to apply ipv6 ACL where it is supposed to drop all the packets, but these still circulate.
We have tried the ipv6 nd suppress command with no luck.
We just want the switch to not get these ipv6 packets at all but right now seems impossible. Any one have an idea on how to do what we are looking for?
Im not able to provide screenshots of configuration files due to the secrecy of our customer i think im vague enough and hopefully specific enough for every one to understand.
Solved! Go to Solution.
03-24-2023 12:59 AM
03-24-2023 12:59 AM
Hi
Take a look in " First Hop Security" for ipv6
03-29-2023 02:01 AM
We decided after a lot of research to enable a device tracking policy. after that the IPv6 packets stopped appearing in the system.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide