Unwanted RA on LAN
Gert Doering
gert at space.net
Wed Mar 9 11:36:55 CET 2011
Hi,
On Wed, Mar 09, 2011 at 09:31:35AM +0100, Eric Vyncke (evyncke) wrote:
> AFAIK, the normal Cisco/Linksys CPE have a internal switch which
> is dumb... so cannot do any ACL or even 'punt' ICMPv6 packets to
> the CPU... All that could possibly do it perhaps (and code is not
> there AFAIK) block the propagation from a rogue RA from WiFi to the
> LAN... and even...
Typically (for example, in the E3000), the Wifi port is not connected
directly to the switch, but to its own CPU port - so bridging between
"fixed ethernet switch" and 2.4/5 GHz wifi is linux software bridging,
where you could filter with ebtables.
As for the fixed ethernet switches - the current breed of "dumb" switches
are fairly powerful indeed, if one looks at the data sheet here:
http://www.broadcom.com/products/Switching/Home-and-Small-Business/BCM53115
http://www.broadcom.com/collateral/pb/53115-PB01-R.pdf
(that's the switch in the E3000) - it talks about
"TCAM-based ACLs: 256 policy rules, rule-based filtering, and QoS class
modification; rule-based metering and accounting; 128-byte deep packet
header lookup, 28-byte matching."
... so it might actually do that. If anyone were to program a driver
for it... (Broadcom programming specs are only available under NDA)
Gert Doering
-- NetMaster
--
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list