AP IPv6 Firewall Rules

About this task

IPV6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. These hosts require firewall packet protection unique to IPv6 traffic, as IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the ND protocol via ICMPv6 router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet layer configuration parameters.

Firewall rules can use one of the three following actions based on a rule criteria:
  • Allow an IPv6 formatted connection.
  • Allow a connection only if it is secured through the use of IPv6 security.
  • Block a connection and exchange of IPv6 formatted packets.

To view an access point's existing IPv6 firewall rules:

Procedure

  1. Select the Statistics menu from the Web UI.
  2. Expand the System node from the navigation pane (on the left-hand side of the screen).
    The System node expands to display the RF Domains created within the managed network.
  3. Expand an RF Domain node, select a controller or service platform, and select one of its connected access points.
    The Access Point's statistics menu displays in the right-hand side of the screen, with the Health tab selected by default.
  4. Expand the Firewall menu.
  5. Select IPv6 Firewall Rules.
    The Statistics > AP > Firewall > IPv6 Firewall Rules screen displays in the right-hand pane.
    Click to expand in new window
    GUID-793F8492-8B44-4784-B583-F0CD9B0655F6-low.png
    This screen displays the following information:
    Precedence

    Displays the precedence (priority) applied to IPV6 formatted packets. Unlike IPv4, IPV6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. Every rule has a unique precedence value between 1 - 5000. You cannot add two rules with the same precedence value.

    Friendly String This is a string that provides more information as to the contents of the IPv6 specific IP rule. This is for information purposes only.
    Hit Count Displays the number of times each IPv6 ACL has been triggered.
  6. Select Refresh to update the screen‘s statistics counters to their latest values.