On Sat, Jun 25, 2016 at 6:29 AM, Bruce Simpson <bms@fastmail.net> wrote:
On 24/06/16 18:31, joel jaeggli wrote:
you can filter multicast destination addresses by acl.
NDP you kinda need since it replaces ARP
RA's you can and should filter (icmp6 type 134)
Data point, although the chances of you using this kit in an IX are slim to none: The HPE-badged H3C workgroup switches are problematic to configure this for.
1) The web GUI is woefully unable to do it right, and HP do not officially sanction the use of the CLI.
haha! you said gui and switch configuration... Errm, 'do not officially sanction the use of the CLI' ? Did you promptly 'not officially sanction their use in your nettwork?' If not, I think I see your problem...
2) IPv6 packet ACLs only appear to be supported per-port on *ingress*.
I think this might actually be the case for quite a few devices/manufacturers actually. It's nice that for mcast on v6 you actually mostly care about that on ingress though :)