02-11-2016 04:50 AM
I have a couple of Brocade metro-rings with MLXs connected to CERs and CESs. It seems that if a customer turns up some IP6 device on the network and starts sending some neighbor discovery packets the CPUs on all the CES and MLX go up. This happens on vlans that do not have any IP6 setup on them. I have IP6 setup on a couple of the MLXs just for testing on a couple of vlans. What I have resorted to doing is setting up a layer 2 ACL on the interface where the customers have devices generating IP6 traffic.
access-list 401 deny any any any etype ipv6
access-list 401 permit any any any etype any
interface ethernet 1/7
mac access-group 401 in
This keeps my CPUs in check. I want to move forward with running dual stack but how do I filter by vlan? Also I have seen mention in documents about ipv6 rate-limit subnet policy-map. Does anyone have an example of how they are using it and would you share it.