HPE Community
Comware Based
1753781 Members
7610 Online
108799 Solutions
New Discussion

Re: ACL to completely block IPv6 on 5700 FF

 
Seb_G
Occasional Contributor

‎03-07-2016 01:15 AM

‎03-07-2016 01:15 AM

ACL to completely block IPv6 on 5700 FF

Hello everybody,

i have a question about ACL's. We have a customer who's using the HP 577 FF as LAN-Core. There are specific printers tha have varius problems with IPv6 Traffic. Sometimes, the whole Network is going down. 

I want to block all IPv6 Traffic on the lan core. I've tried to create an ACL to block IPv6 but it didn't work. Can anybody tell me how to create the ACL rule correctly? 

Thanks in advance!

Greetings Sebastian

0 Kudos
3 REPLIES 3
16again
Respected Contributor

‎03-07-2016 01:52 AM

‎03-07-2016 01:52 AM

Re: ACL to completely block IPv6 on 5700 FF

 What did you try? 
I'd start using port based (not VLAN based) rules blocking "ipv6 any-any" in both in and out-going direction.

0 Kudos
Seb_G
Occasional Contributor

‎03-07-2016 11:42 PM

‎03-07-2016 11:42 PM

Re: ACL to completely block IPv6 on 5700 FF

Hey,

thanks for your reply.

I've tried the following command (as advanced IPv6 rule): rule deny ipv6 source any destination any

My current config:

[HP]dis acl ipv6 all
Advanced IPv6 ACL 3001, named -none-, 2 rules,
ACL's step is 5
rule 0 deny ipv6 logging
rule 1 deny icmpv6

I've also tried to set a second rule to deny icmpv6. But it seems, that none of the rules works properly. There's still IPv6 Traffic going through the device. 

0 Kudos
16again
Respected Contributor

‎03-08-2016 12:38 AM

‎03-08-2016 12:38 AM

Re: ACL to completely block IPv6 on 5700 FF

Drop the "logging"  on the ACL .
On lower end switches, logging only works om management plane ACL.  
On switch fabric there's probably no logging possibility, so rule doesn't get applied

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.