Unwanted RA on LAN

Gert Doering gert at space.net
Wed Mar 9 11:36:55 CET 2011


On Wed, Mar 09, 2011 at 09:31:35AM +0100, Eric Vyncke (evyncke) wrote:
> AFAIK, the normal Cisco/Linksys CPE have a internal switch which
> is dumb... so cannot do any ACL or even 'punt' ICMPv6 packets to
> the CPU... All that could possibly do it perhaps (and code is not
> there AFAIK) block the propagation from a rogue RA from WiFi to the
> LAN... and even...

Typically (for example, in the E3000), the Wifi port is not connected
directly to the switch, but to its own CPU port - so bridging between
"fixed ethernet switch" and 2.4/5 GHz wifi is linux software bridging,
where you could filter with ebtables.

As for the fixed ethernet switches - the current breed of "dumb" switches
are fairly powerful indeed, if one looks at the data sheet here:


(that's the switch in the E3000) - it talks about 

  "TCAM-based ACLs: 256 policy rules, rule-based filtering, and QoS class 
   modification; rule-based metering and accounting; 128-byte deep packet 
   header lookup, 28-byte matching."

... so it might actually do that.  If anyone were to program a driver
for it...  (Broadcom programming specs are only available under NDA)

Gert Doering
        -- NetMaster
did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list