Unwanted RA on LAN

Eric Vyncke (evyncke) evyncke at cisco.com
Wed Mar 9 09:31:35 CET 2011


Daniel

You got me :-)

AFAIK, the normal Cisco/Linksys CPE have a internal switch which is dumb... so cannot do any ACL or even 'punt' ICMPv6 packets to the CPU... All that could possibly do it perhaps (and code is not there AFAIK) block the propagation from a rogue RA from WiFi to the LAN... and even...

Now, if you are at home with 10 IPv6 hosts, you probably do not need a powerful tool such as RAGuard. E.g., you probably do not inspect DHCPv4 or ARP in the same setting :-)

-éric

> -----Original Message-----
> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-ops-
> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Daniel Roesen
> Sent: mercredi 9 mars 2011 9:28
> To: ipv6-ops at lists.cluenet.de
> Subject: Re: Unwanted RA on LAN
> 
> On Wed, Mar 09, 2011 at 09:05:26AM +0100, Eric Vyncke (evyncke) wrote:
> > If using Cisco switches, then you can use an Port ACL or even the RA
> > guard (both available on most recent switches with the software
> > release of Summer 2010).
> 
> Now that you beat me to it:
> 
> What are the chances to get some kind of RA filtering / RA guard in the
> Cisco/Linksys line of residential CPE routers with built-in switches?
> 
> :-)
> 
> Best regards,
> Daniel
> 
> --
> CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0



More information about the ipv6-ops mailing list