Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

I can't seem to get this 3750 to properly filter IPv6 on a VLAN ACL.

Here's what I'm working with.  I'm filtering all ethertype 0x86DD which matches IPv6.  I'm sniffing traffic leaving this VLAN and I can see that there's IPv6 traffic coming out and it does indeed have this ethertype.

mac access-list extended macl-ipv6

deny   any any 0x86DD 0x0

permit any any

!

vlan access-map vacl-ipv6 10

action forward

match mac address macl-ipv6

!

vlan filter vacl-ipv6 vlan-list 888

I've also tried filtering on destination MAC address 3333.0000.0000 0000.ffff.ffff and that didn't seem to work either.  It seems like the 3750 is completely ignoring anything to do with IPv6, as if to spite me for not running the ipv4-and-ipv6 sdm template.

I want this to completely filter out all IPv6, but nothing I'm doing seems to be working.  Any guesses?  I found a post on c-nsp suggesting that other people have had this problem with the 3750 platform but I'm hoping one of you guys has encountered this.

Oh yeah and I don't want to run the ipv6 sdm template because my particular application requires the vlan template - the ipv6 sdm template doesn't support enough MAC addresses.

Paul

Everyone's tags (5)
1 REPLY
New Member

Hello,

Hello,

Try this

mac access-list extended DENYIPV6

 permit any any 0x86DD 0x000

vlan access-map DENY_IPV6 10

 match mac address DENYIPV6

 action drop

vlan access-map DENY_IPV6 20

 action forward

vlan filter DENY_IPV6 vlan-list 10

562
Views
0
Helpful
1
Replies
CreatePlease login to create content