Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
0
Helpful
1
Replies

I can't seem to get this 3750 to properly filter IPv6 on a VLAN ACL.

paul
Level 1
Level 1

‎04-25-2012 09:55 AM - edited ‎03-07-2019 06:20 AM

Here's what I'm working with.  I'm filtering all ethertype 0x86DD which matches IPv6.  I'm sniffing traffic leaving this VLAN and I can see that there's IPv6 traffic coming out and it does indeed have this ethertype.

mac access-list extended macl-ipv6

deny   any any 0x86DD 0x0

permit any any

!

vlan access-map vacl-ipv6 10

action forward

match mac address macl-ipv6

!

vlan filter vacl-ipv6 vlan-list 888

I've also tried filtering on destination MAC address 3333.0000.0000 0000.ffff.ffff and that didn't seem to work either.  It seems like the 3750 is completely ignoring anything to do with IPv6, as if to spite me for not running the ipv4-and-ipv6 sdm template.

I want this to completely filter out all IPv6, but nothing I'm doing seems to be working.  Any guesses?  I found a post on c-nsp suggesting that other people have had this problem with the 3750 platform but I'm hoping one of you guys has encountered this.

Oh yeah and I don't want to run the ipv6 sdm template because my particular application requires the vlan template - the ipv6 sdm template doesn't support enough MAC addresses.

Paul

Labels:
0 Helpful
1 Reply 1

25dodon25
Level 1
Level 1

‎02-18-2016 01:13 AM

Hello,

Try this

mac access-list extended DENYIPV6

 permit any any 0x86DD 0x000

vlan access-map DENY_IPV6 10

 match mac address DENYIPV6

 action drop

vlan access-map DENY_IPV6 20

 action forward

vlan filter DENY_IPV6 vlan-list 10

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card