Filtering/Dropping IPv6 on IPv4-only Devices?

Unanswered Question
Jan 21st, 2009

Hi All -

Got an interesting requirement that (for something seemingly simple) has been remarkably challenging to locate a solution for...

Having a problem with random IPv6 traffic showing up on the enterprise LAN from time to time and freaking out certain network-connected devices that don't know how to process it (CPU 100%, etc.). So I'm looking for a way to filter/drop that IPv6 traffic at the network edge. I can certainly set the core 6500's not route (or even ignore) IPv6, but that still doesn't stop it from running around WITHIN a VLAN.

Is there a way that a IPv4-only device can identify IPv6 traffic (by a protocol type code or something along that line) so that it can be filtered/dropped before it even makes it onto the backbone?

Thanks in advance!

Mike

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
duncanm Mon, 01/26/2009 - 09:28

"but that still doesn't stop it from running around WITHIN a VLAN"

You are correct. The good thing is IPv6 devices use their MAC to go out looking for other IPv6 devices. You can capture the traffic with an IPS and use the MAC to find it.

If you don't have an IPS my ASA\PIXes generate a "no route to" for IPv6 destinations and I can pull the MAC from the message.

AS for keeping it off the backbone, don't enable IPv6 routing and it will be dropped.

Actions

This Discussion