Cisco Support Community
Community Member

Is there a Simple way to prevent IPV6 Router Advertisement Spoofing/Flooding Via Cisco routers?

I have a client that is running IPV4 on their network and not IPV6, but of course IPV6 is enabled on all the windows boxes. They had an issue today where they had tons of IPV6 router advertisements flooding through their VPLS cloud all sourced from a MAC address that could not be located on their network. I did a packet capture and saw that all IPV6 router advertises to the multicast address were from the same source MAC. From reading various articles this appears to be an IPV6 Router Advertisement Spoofing/Flooding. I have seen ways of mitigating the attack via windows but is there a way to do this on Cisco via a central point. Seeing the client is not using IPV6, I guess I could use an IPV6 access list to deny all IPV6 traffic and apply it to all 40 VPLS routers. Anyone come across this and have a better way of mitigating this?

Thanks in advance,


CreatePlease to create content