IPv6 ACLs lock up entire switch

primrose · Thu Mar 07, 2024 1:34 am

Hello everyone,

I have a CRS326-24G-2S+RM, L3HW offloading enabled for both v4 and v6, and I am trying to roll out IPv6 across my network, but I am having issues with IPv6 ACLs, which just completely lock up all traffic, regardless of whether it's v4 or v6 when added to the ruleset for the switch.

Below is an example of the rule I am adding, which should drop the traffic when matched:

add switch=switch1 ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23 src-address6="2603:xxxx:xxxx:xx03::/64" dst-address6="2603:xxxx:xxxx:xx14::/64" new-dst-ports="" comment="testtesttest"

Upon adding the rule, no traffic, regardless of protocol, can flow through and the switch becomes completely unresponsive. I have zero clue what is going on here, and am quite lost. IPv6 works great in every other aspect on this switch, so it's a shame that ACLs, which are a needed part of the implementation, are completely broken.

Any help at all would be appreciated. If there is any other information I may have missed that would be helpful during this process, please let me know. Thanks in advance!

primrose · Thu Mar 07, 2024 10:43 pm

Looked for help elsewhere, and apparently you need to specify

mac-protocol="ipv6"

in ACLs you create for IPv6. Otherwise, it will lock up the entire switch.

IPv6 ACLs lock up entire switch [SOLVED]

IPv6 ACLs lock up entire switch

Re: IPv6 ACLs lock up entire switch [SOLVED]

Who is online