Hi, I have a customer connected to my Cisco 3560 switch via Gigabit Ethernet, recently I noticed that he is broadcasting IPv6 packets such as LLMNR, DHCPv6 and ICMPv6 it seems that the customer is connecting a Vista machine that has some IPv6 services enabled (some IPv6 services are enabled by default on Vista) How can I block such broadcast from entering my network? By the way there is no firewall in this setup, just a switch to switch. BR Sharef
On Thu, 23 Jul 2009, Sharef Mustafa wrote:
How can I block such broadcast from entering my network?
If you are not doing any L2 security for IPv6, you probably want to block the IPv6 ethertype packets altogether. Found a link here that might be useful: <http://ardenpackeer.com/security/security-common-ethertypes-in-vlan-access-maps/> I suggest anyone with L2 possibility between customers to implement something like this to avoid rogue RAs. -- Mikael Abrahamsson email: swmike@swm.pp.se
participants (2)
-
Mikael Abrahamsson
-
Sharef Mustafa