Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
763
Views
10
Helpful
4
Replies

IPV6 Problem

Patrick McHenry
Level 4
Level 4

‎01-19-2011 05:34 AM - edited ‎03-06-2019 03:04 PM

I posted a question yesterday concerning IPV6 and updated it to "answered" by mistake.

Whenever someone plugs in an Apple or HP device with IPV6 enabled, the VLAN that it is associated comes to a halt. We get some kind of IPV6 broadcast storm. So, for a work-around, we are deploying new devices with IPV6 disabled.

I was wondering if anybody else has had this problem or if anybody has heard of this before and where I might start to trouble-shoot this issue?

Would this access-list work on my 6509's? I would like to try but, don't anywhere to lab it. Could it work on a 3750 for testing with the ipservices image?

access-list 101 permit ip any any
mac access-list extended IPV6
permit any any 0x86dd

vlan access-map BLOCK_IPV6 10
match mac-address IPV6
action drop
match ip address 101 20
action forward

vlan filter BLOCK_IPV6 vlan-list xx

Thanks, Pat.

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-19-2011 06:16 AM

Hello Pat,

you need also to specify an hex mask of 0x0000 after the ethertype see it as a range of possible ethertypes to filter

mac access-list extended ipv6test

permit any any 0x86dd 0x0000

the VACL has to be written in the following way: ( note the space between mac and address instead of '-')
vlan access-map BLOCK_IPV6 10
match mac address ipv6test
action drop
vlan access-map BLOCK_IPV6 20
match ip address 101
action forward
I tested the above commands on a C7600, but I couldn't perfom a test with traffic
However,
you can even do this in production router if you start by applying it only in a test vlan instead of all vlans of interest
access-list 101 may be omitted in second VACL block
Final note: IPv6 does not use any form of broadcast but it relies heavily on multicast for different functions
Hope to help
Giuseppe

Patrick McHenry
Level 4
Level 4
In response to Giuseppe Larosa

‎01-19-2011 06:28 AM

Thanks!

I did try configuring a 3750 a while back with the 0x86dd then a "?" to see what to put next but, wasn't sure what to put. Thanks for clearing that up.

In your response you didn't put the access-list 101 at the beginning. This is needed, correct? Also, is the 0x0000 similiar to any any?

Have you heard of this IPV6 problem before? It makes me wonder if there is some kind of fundamental problem with the core switches.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Patrick McHenry

‎01-19-2011 06:49 AM

Hello Pat,

the mask should be 0x0000 and specifies only that ethertype value to be checked using 0x0001 would mean last bit of ethertype can be 0 or 1 like a wildcard

and yes you need to define acl 101 or you will block everything !!

>> Have you heard of this IPV6 problem before?

unfortunately no

Hope to help

Giuseppe

Patrick McHenry
Level 4
Level 4
In response to Giuseppe Larosa

‎01-19-2011 09:34 AM

Thanks, Giuseppe!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card