Original Message:
Sent: Oct 04, 2023 06:07 AM
From: IanNightingale
Subject: 3800 (J9574A) IPv6 filtering
Applying access lists is hardware dependant to some extent. I can show you what you can configure on a 8360 for comparison:
access-list mac test-mac-acl
10 deny 0000.0000.0000 ffff.ffff.ffff ipv6 count
router1(config-lag-if)# apply access-list mac test-mac-acl in
<cr>
I've never tested the effect at L2 but this demonstrates what can be configured. If you don't have the same commands it isn't possible on that hardware.
Original Message:
Sent: Oct 03, 2023 03:19 PM
From: staylor135
Subject: 3800 (J9574A) IPv6 filtering
Hello,
I'm trying to figure out how I can do this. on my 3800/J9574A I want to kill all IPv6 traffic, I'm trying this as part of a possible fix for an issue with some other devices. on my 2930/JL322A basically I made a MAC ACL rule that matched any MAC address and IPv6 and killed it.
mac-access-list extended "300"
10 deny 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000 ffff.ffff.ffff ipv6
20 permit 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000 ffff.ffff.ffff any
Then apply group 300 to any port you wish.
Such filtering isn't available on my 3800. I was looking at the advanced networking guide and I thought I found an answer: Create a class and apply that to a policy.
class mac "mac-no-ipv6"
match any any ipv6
Then apply "mac-no-ipv6" to a policy. However when I looked at what you can do, it said you can apply PBR actions, QoS, or Mirroring actions. Checking PBR didn't seem to have something where I could just drop the packets.
Any suggestions?