Ipv6 access list does not apply autonomous Aironet 3602I-E

As you can see in the attached config I configured two SSID (2G & 5 G) for a third (2G only) SSID and PEAP WPA2-Ent on the vlan 2 for 'poor team access as guest '.

Basically I forced the Dot11Radio0.2 interface in the Group of deck 1 to get all three SSIDS on vlan 1 (since I want just a quick way and dirty to allow its customers access to the internet, without having to configure a vlan separate everywhere).

The guest SSID (XX COMMENTS) allows tkip in addition to BSE and uses a PSK rather than PEAP. Access lists configured on Dot11Radio0.2 IPv4 allows clients connected to this SSID get an IP by DHCP, use the DNS servers on the local network and access the internet. All other traffic for the local network is blocked by access lists guest_ingress and guest_egress.

This all works very well, ipv4 is blocked for guests invited as expected. However, ipv6 is something different. For some reason, the ipv6 access list is completely ignored.

Because I don't need ipv6 for guest access, I thought that I have completely block and do with it. As you can see I have this set:

interface Dot11Radio0.2
guest_ingress6 filter IPv6 traffic in
guest_egress6 filter IPv6 traffic on

and these ipv6 access lists have a rule of "refuse a whole" only. Yet, the XX COMMENTS SSID connected client gets an ipv6 address of the server on the LAN DHCP6 and has full connectivity. For ipv4, that I had to explicitly allow DHCP packets to the client not even get an IP, so the ipv6 access lists are not clearly applied.

No matter if I move the access interface Dot11Radio0 instead lists, they don't do anything. I thought that maybe I should add a "enable ipv6" on the Dot11Radio0.2 interface (even if ipv6 traffic was very good, even where it shouldn't), but when I set "enable ipv6" Dot11Radio0 or Dot11Radio0.2 the radio goes into a sort of infinite loop of reset:

000261: Sep 23 2016 22:32:50.512 it IS: % DOT11-5-EXPECTED_RADIO_RESET: restart Radio Dot11Radio0 interface due to the reset of the interface
000262: Sep 23 2016 22:32:50.516 it IS: % LINK-6-UPDOWN: Interface Dot11Radio0, changed State to down
000263: Sep 23 2016 22:32:50.524 it IS: % LINK-5-CHANGED: Interface Dot11Radio0, changed State to reset
000264: Sep 23 2016 22:32:51.516 it IS: % LINEPROTO-5-UPDOWN: Line protocol on the Interface Dot11Radio0, state change downstairs
000265: Sep 23 2016 22:32:51.560 it IS: % LINK-6-UPDOWN: Interface Dot11Radio0, changed State to
000266: Sep 23 2016 22:32:51.568 it IS: % LINK-6-UPDOWN: Interface Dot11Radio0, changed State to down
000267: Sep 23 2016 22:32:51.576 it IS: % LINK-5-CHANGED: Interface Dot11Radio0, changed State to reset
000268: Sep 23 2016 22:32:52.608 it IS: % LINK-6-UPDOWN: Interface Dot11Radio0, changed State to
000269: Sep 23 2016 22:32:53.608 it IS: % LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed State to
000270: 22:32:53.608 Sep 23, 2016 it IS: % DOT11-5-EXPECTED_RADIO_RESET: restart Radio Dot11Radio0 interface due to the reset of the interface
000271: Sep 23 2016 22:32:53.612 it IS: % LINK-6-UPDOWN: Interface Dot11Radio0, changed State to down
etc.

In addition, when creating a list like this ipv6 access:

guest_egress6 IPv6 access list
refuse an entire ipv6

The other is automatically created:

IPv6-guest_egress6 role-based access list
refuse an entire ipv6

A deletion also removes the other.

What is happening with these ipv6 ACLs, why they are not blocking all traffic? Why do I get an acl "role-based" too? Is associated it with?

Is there a another way to kill just any ipv6 on the SSID of COMMENTS XX traffic while leaving alone on others? That's all I need at this stage. If the ipv6 ACL do not work, perhaps this can be done (ab) using a service-policy or policy routing? I'm ready to creative solutions :)

PS. I know this is not the recommended method to configure a guest SSID, but it should still work IMO.

You have encountered a bug I discovered a few months ago (CSCva17063), in your case, the workaround is to apply the ACL on the physical rather than the void interface interface (because you want to completely block IPv6 in any case). I write (more) my conclusions regarding the traffic that refusal on autonomous APs in a blogpost, might be interesting for you to read as well.

Remember that the access point used as a bridge between the wired infrastructure and wireless, not as a router. There's some IOS routing of commands (like the "enable IPv6" command you pointed out) , but these are not the characteristics that should be used or need to be enabled on an access point.

Because the networks internal and customer spend somewhere else, I would perform filtering on this device instead. Also sub gi0.2 interface is missing from your configuration, so I do not think that access as a guest is currently working at all?

Please rate helpful messages... :-)

Tags: Cisco Wireless

Similar Questions

  • Access list does not work

    I want that no package would leave f0/0 (R2).

    Here is my configuration:

    R1:

    !

    interface FastEthernet0/0

    IP 192.168.1.1 255.255.255.0

    !

    R2:

    !

    interface FastEthernet0/0

    IP 192.168.1.2 255.255.255.0

    IP access-group 101 out

    !

    access-list 101 deny ip any one

    !

    Given the configs shown in the original post R2 will be able to ping to R1 and I guess this (or something very similar) is what brings the original poster said that the ACL does not work.

    The problem here is that a list of access applied on an interface will not process the traffic generated by the router itself. The illustrious ACL will be very effective in preventing transit traffic (traffic that came from somewhere to R2 and must be DISPATCHED f0/0). But it will not work on the packages generated by R2.

    HTH

    Rick

  • WRT150N access restrictions does not

    Good day everyone.

    I read the messages that are similar to my problem in the forum, but none of the suggested solutions solved my current dilemma.

    I use a WRT150N with firmware v1.00.5. I have a setup of Linux with Squid, connected to the network with the modem router 192.168.23.254. The WRT150N has a gateway of 192.168.23.1. The WRT150N is also connected to an Apple Base Station that serves as a Point of access for users of WiFi.

    Squid limits access to the IP addresses listed under the passerelle.254. But once I change my gateway to 23.1, everything is accessible. I want to block sites as well as on the WRT150N. But whenever I try to put a new restricted access, it does not work.

    I put in the IP addresses on which to apply this restriction:

    It ignores addresses is because addresses are reserved. I click on save settings here and I save the settings again on the home page.

    Whenever I try to test on the addresses given, I can still access the pages. Is there something that I am missing?

    Thanks in advance for your answers.

    Try to update / re Flash the firmware of your router.

    Connect computer with the Ethernet cable to the Ethernet port on the router.

    Download the firmware on the Linksys site.

    Open the router configuration page.

    Go to the tab Administration and go to the update of the Firmware tab sub.

    Browse and select the downloaded firmware and update the firmware.

    After the upgrade of the firmware reset and reconfigure the router settings manually.

    And see if that helps you.

  • Cannot install KB980182 + 17 other updates - error 0x8007371c or "does not apply to this system".

    I am running Vista Home Premium with Service Pack 2, 32-bit. For example, I have the 8.0.6001.18828 version. I use AVAST AV and Comodo Firewall. I've never had McAfee.

    I have 18 'Important' Windows Vista updates will not be installed: several updates, several windows Vista updates, etc. Back to 08/12/09 and 27/04/10 the most recent. They start to add up. Here is a screenshot of them:

    http://img94.imageshack.us/img94/5003/updatesl.PNG

    For about 11 of them, let's say in the meantime (until restarted), but then after the resumption, that they do not have to install but have no error code. The event viewer indicates that they are 'not applicable for this system' (then why they have been downloaded?). Who does not apply are: KB905866 KB971468, KB972270 KB979683 KB978601, KB977816, KB978338, KB979099, KB974318, KB980248, KB980232.

    The rest of them, as (for example, KB980182) will fail because of an error of 8007371 C. In Event Viewer, they all have a sequence of error similar to this one (it's for KB980182):

    ###

    11:10 - Windows Servicing has completed the process of configuration KB980182 (update) package in State to install Requested(Install Requested)
    11:10 - Windows Servicing has not completed the process of change update 980182-39_neutral_PACKAGE of packaging KB980182 (Update) in Staged (Staged) State
    11:10 - Windows Servicing has completed the process of configuration KB980182 (update) package in State to install Requested(Install Requested)
    11:10 - Windows Servicing has not completed the process of change update 980182-38_neutral_PACKAGE of packaging KB980182 (Update) in Staged (Staged) State
    11:10 - Windows Servicing has completed the process of configuration KB980182 (update) package in State to install Requested(Install Requested)
    11:10 - Windows Servicing has not completed the process of change update 980182-37_neutral_PACKAGE of packaging KB980182 (Update) in Staged (Staged) State
    11:10 - Windows Servicing has completed the process of configuration KB980182 (update) package in State to install Requested(Install Requested)
    11:10 - Windows Servicing has not completed the process of change update 980182-2_neutral_GDR of packaging KB980182 (Update) in Staged (Staged) State
    ...
    [several other of these errors, with '2' to 36, even numbers only]
    ...
    11:11 - Installation failure: Windows failed to install the following update with error 0x8007371c: Cumulative security update for Internet Explorer 8 for Windows Vista (KB980182).

    ###

    Things I've tried:

    1. installation after a clean boot - at first, seems to be successful that I can get the list to the left of 1 or 2, but at some point given shortly after they all reappear.

    2A ran the System File Checker that comes up: "Windows Resource Protection has not found any breach of integrity."

    3 reset Windows Update components (manually or with the "FixIt" solution to http://support.microsoft.com/default.aspx/kb/971058?p=1)

    4. stop of services related to Windows Update, rename system folders, saving and then associated DLL files by restarting services (as described here: http://social.answers.microsoft.com/Forums/en/vistainstall/thread/ed275467-5580-41dc-9ccc-3c1e22c6fd28)-same result

    5 install in safe mode - gives me "Setup has encountered an error: 0x8007043c.» This service cannot be started in safe mode. »)

    6. scan the hard disk for errors (e.g., check disc) - Nothing found

    7. search for viruses, Trojans and malware - do not have

    8. install with UAC, anti-virus and firewall off the coast - same result

    9 install the upgrade preparation tool system for Windows Vista (KB947821) [January 2010] (with UAC, AV, etc off), but the installation 'failed' (no error code). Installation in safe mode it gives me the «...» "0x8007043c. this service cannot be started in safe mode."

    10. manually install them - same result

    A short circuit contact MS have exhausted the options?

    Thank you. This is not a beta or Release Candidate build both fuhgeddaboutit and open a free support incident.

    PS: I think you will find that the updates are not installed due to infection hijackware, Kurt.

    ~ Robear Dyer (PA Bear) ~ MS MVP (that is to say, mail, security, Windows & Update Services) since 2002 ~ WARNING: MS MVPs represent or work for Microsoft

  • Windows Explorer "option remove from this list" DOES NOT always WORK

    In Windows 7:
    When you right-click the Windows Explorer button at the bottom of the screen on the task bar, it has an option to "remove from this list. all Frequent ' point/place' that there are listed...

    I used this option during most of the items listed to clean a little bit because I don't want to see it all.

    BUT:
    I have now six items/places to the left.  I want three of them to stay.  I would like to 'Remove' the other three, but the option "Remove from this list" DOES NOT WORK!

    I tried:
    -Manually remove items/locations...   Always in the list.  So I put them back
    -Search for places objects in a windows search to see if they appeared in a file list somewhere that I could remove a manually.  No foumd.

    HOW to REMOVE THESE UNWANTED ITEMS/LOCATIONS in the list of Windows Explorer?

    Thank you.   -TomE

    NOTE: A second problem is that I couldn't use a sign less "-" to exclude elements of my research, when I used Windows Search.  I tried to use '-internet "to exclude references to Internet Explorer.  It did not work.  There for me in the past.

    Hello

    Right-click the Start button, and then select Properties.

    In the privacy section, remove the check mark from the option "store and displayrecently open items in the Start Menu and the taskbar" . CLIck apply/OK.

    Check the list of shortcuts in Windows Explorer and recent items section should be empty.

    Go back and re - activate this option.

    NOTE: this procedure will empty all the list Jump list recent items as well as the recent items on the Start Menu.

    I hope this helps.

    Thank you for using Windows 7 Ronnie Vernon MVP

  • Lightroom does not apply lens profile automatically

    Hello

    I use Lightroom CC based on MacOS.

    Unfortunately, Lightroom does not apply the profile of my SIGMA 150-600 mm F5-6. 3 DG OS HSM p014 in development mode, but shows the lens correctly in library mode. All other lenses (CANON) are applied automatically, so it seems that I have a configuration problem. Lightroom shows that the profile cannot be detected automatically and cannot be applied. In the list of lenses, I can choose the target and that the profile is applied.

    Support said that this target is not supported. I can see the attached list of the answer all lenses supported by lightroom. And guess what, the lens is in this list. Detective Conan.

    So the support team has done a worse job, and did not check the list. I described that I can choose manually, but the response above was the answer.

    Any ideas how a.) the coup support team for doing their job and b.) help me with my problem.

    Thank you

    Peter

    After selecting the right lens manually, try this:

    This should fix it in the future.

  • esxcli swiscsi nic add "Failed to add nic", Ko 1009450 does not apply

    entry Ko 1009450 covering "Add failed in IMA" does NOT apply to my situation, as I have only 1 uplink in each portgroup.  I'm under esx 4.1 build 260247 (custom dell A00) on a Dell 2950 with ethernet 4 ports (+ drac) I can't link the software iscsi adapter vmhba38 to my switch.

    That's what I tried the CLI, starting with any network management port and vm on vswitch0 (linked to 1 network card)

    ~ # esxcfg - swiscsi - q
    ISCSI Software is enabled

    ~ # esxcfg - NICS - l
    Name PCI Driver link speed Duplex MAC address MTU Description
    vmnic0 0000:05:00.00 bnx2 up to 1000Mbps Full 00:1e:c9:db:39:10 1500 Broadcom Broadcom NetXtreme II BCM5708 1000Base-T Corporation
    vmnic1 0000:09:00.00 bnx2 up to 1000Mbps Full 00:1e:c9:db:39:12 1500 Broadcom Broadcom NetXtreme II BCM5708 1000Base-T Corporation
    vmnic2 e1000e up to 1000Mbps Full 00:15:17:95:4 c 0000:0e:00.00: 1 to 9000 Corporation Intel 82571EB Gigabit Ethernet Controller
    vmnic3 0000:0e:00.01 e1000e up to 1000Mbps Full 00:15:17:95:4 c: 1 b 9000 Corporation Intel 82571EB Gigabit Ethernet Controller

    ~ # esxcfg - vswitch - a vSwitch1
    ~ # esxcfg - vswitch - a vSwitch2

    ~ # esxcfg - vswitch vSwitch1 vmnic2-L
    ~ # esxcfg - vswitch vSwitch2-L vmnic3
    ~ # esxcfg - vswitch vSwitch1 m - 9000
    ~ # esxcfg - vswitch vSwitch2 m - 9000
    ~ # esxcfg - vswitch vSwitch1-a iscsi-a
    ~ # esxcfg - vswitch vSwitch2 - iscsi-b
    ~ # esxcfg - vmknic - a-i 172.16.128.3 255.255.255.0 n-m 9000 iscsi - has
    ~ # esxcfg - vmknic - a-i 172.16.129.3 - n 255.255.255.0 m 9000 iscsi-b


    ~ # esxcfg - vmknic - l

    Interface Port Group/DVPort IP IP family address Netmask Broadcast MAC address MTU TSO MSS active Type
    management 192.168.1.19 IPv4 network vmk0 255.255.255.0 192.168.1.255 true 1500 65535 STATIC 00:1e:c9:db:39:10
    vmk1 iscsi-a IPv4 172.16.128.3 255.255.255.0 172.16.128.255 00:50:56:78:b4:54 9000 65535 true STATIC
    IPv4 iscsi-b vmk2 172.16.129.3 255.255.255.0 172.16.129.255 00:50:56:7f:a4:4f 9000 65535 true STATIC

    ~ # esxcfg - vswitch - l


    Switch name Num used Ports configured Ports MTU rising ports
    128 3 128 1500 vmnic0 vSwitch0

    Name PortGroup VLAN ID used rising Ports
    The VM network 0 0 vmnic0
    0 1 vmnic0 network management

    Switch name Num used Ports configured Ports MTU rising ports
    128 3 128 9000 vmnic2 vSwitch1

    Name PortGroup VLAN ID used rising Ports
    0 1 vmnic2 iSCSI-a

    Switch name Num used Ports configured Ports MTU rising ports
    128 3 128 9000 vmnic3 vSwitch2

    Name PortGroup VLAN ID used rising Ports
    iSCSI-b 0 1 vmnic3

    ~ # esxcli swiscsi nic add - n vmk1 d vmhba38
    Errors:
    Failed to add the nic    .

    Can anyone suggest a work around?  Watch it has nothing useful.

    Thank you

    Hello

    Could you please run:

    esxcli swiscsi nic list vmhba38 d

    And show us the result? I'm interested to know if something is already linked there?

  • Cannot forward the e-mail message. Contact list does not appear to be selected. Can reply to the sender only

    When you try to send an e-mail message, contacts list does not appear. It can
    only be transmitted by manually entering addresses. Can I return an email answering
    but I can't pass under the Mozilla Fox server.

    When I'm in Internet Explorer, I can use the email forward without problem.
    Contacted AT & T to see if it was their problem, since I use att.net.
    The technician said it was a problem with Mozilla because it was not compatible
    with net work, AT & T. It might be in the recent updates, since I just
    discovered the problem in the last week.

    Prefer to enter my email through Mozilla Fox. So can you fix this
    for me.

    Start Firefox in Safe Mode to check if one of the extensions (Firefox/tools > Modules > Extensions) or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox/tools > Modules > appearance).

    • Do NOT click on the reset button on the startup window Mode safe or make changes.

  • Portege R500 - TrueSuite Access manager does not work with IE 8

    TrueSuite Access Manager does not work with Internet Explorer 8

    Version:
    Internet Explorer: 8.0.6001.18702
    TrueSuite Access Manager 2.1.23.0

    Any idea?

    Thankx
    Robert

    Hello!

    Which laptop computer and operating system you have?
    And what do you mean with it doesn t work? You get an error message or something else?

    You must give us a little more information. Otherwise, we can t help you my friend.

    Good bye

  • Put into registry or group policy to disable iTunes software upgrades on 10 to win? HT201677 does not apply to win 10.

    I would appreciate help on how to disable the software updates on Win 10 of iTunes through registry or group policy. HT201677 is close but does not apply to win 10 and similar keys do not appear in the registry.

    Thank you!

    See https://technet.microsoft.com/en-gb/library/cc725745.aspx.

    You create something that deletes the scheduled task of ASU.

    TT2

  • my button is not the top of my list of contacts - when I start typing a name, a list does not appear, for me to choose and my spell checker does not work

    my button is not the top of my list of contacts - when I start typing a name, a list does not appear, for me to choose and my spell checker does not work

    Hi Lynn,

    What mail client do you use?

    Using Windows Live Mail or Outlook?

    For Windows Live Mail:

    The best place to ask your question of Windows Live is inside Windows Live help forums. The experts he specialize in all things, Windows Live and I would be happy to help you with your questions! Please choose a product below to be redirected to the appropriate community:

    Windows Live Mail

    Windows Live Hotmail

    Looking for a different product to Windows Live? Visit the home page Windows Live Help for the complete list of Windows Live forums at www.windowslivehelp.com.

    For Outlook:

    http://answers.Microsoft.com/en-us/Office/Forum/Outlook

    If you are not using one of the people then please let us know what you use so that we can help you further.

  • Fix installation problem: "the update does not apply to your system.

    Greetings and thanks for reading.

    Currently, I am trying to fix a problem of high performance mouse. During the game, the mouse staggers moving (or 'looking', through the mouse) left or right . I tried two different mouse and the problem persists. The mice and their software, both work fine when connected to an XP system.

    By raising the solution, I found this support page that seems to match symptoms more than all other pages (with the solutions, I have already tried) I found: http://support.microsoft.com/default.aspx/kb/932653/en-us?p=1

    The page suggests that a service pack must be installed (already done) and otherwise, to try a fix .

    I got the patch in question, but when trying to apply the patch I am presented with an error message:

    "The update does not apply to your system."

    I understand that this question would happen if I had chosen the bits bad operating system (I chose x 86 for my 32-bit system, rather than the x 64 bit), but I chose the right bit system.

    I wonder how do I overcome this problem during the installation of the hotfix.

    I want to emphasize: I updated all drivers for the system (I had to shell out money for a driver update program because you are looking for that many drivers manually is virtually impossible), including the specific software for the mouse, the firmware of the mouse... None of them solved the problem. This fix may be my only remaining option to fix this mouse and I am unable to continue without help.

    Kind regards
    Luke

    mousesupport12345,
    Please post with the information requested here: what to post in the Windows Update forum

    Explain when you experience the problem.  It is only in the games?  If so, is it all games or only some of them?

    Clean boot your PC then test the mouse and see if the problem persists.

    Mike - Engineer Support Microsoft Answers
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • The update does not apply to your system

    I can't run the help files which require winhlp32.exe. while I was trying to install the same.but I get the message that the update does not apply to your system,

    I use windows vista SP2 32 bit.

    Thank you

    Ankit,
    Here is an article about getting the winhlp32.exe for Vista. Mike - Engineer Support Microsoft Answers
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • When I copy a CD in Windows Media Player 11 does not apply media information.

    With the XP sp3 operating system, I rip the CD purchased and Windows Media Player 11 does not apply media information. Either he gives and error saying that it cannot be done because I am not connected to the internet while I'm connected, or it can recognize my internet connection, but I have to do a manual search and manually apply the name of each track, even if they are present and order under each line I have to click to match the name of the correct track.

    It's so frustrating to have to fight manually for applied information on the media which is clearly presented, and after all, album art that shows correctly in the finder info media constantly refuses to fill in the library and I have to go to a separate Web site and copy and paste it in. Yes, he found elsewhere on the internet, with the help of the connection which was present all along!

    It's crazy, the info is already there! And why do I go online in any case the info is in the CD? This doesn't seem to be a problem with the previous players. Please provide a fix for this useless, frustrating dinosaur, waste of time, a process!

    Have you tried to delete temporary Internet files and the Cookies in Internet Explorer?

    If you temporarily disable your firewall software, which helps? This could be a third-party firewall, like Symantec, or the built-in Windows Firewall.

  • "update does not apply to your system" error when installing Windows Easy Transfer for Vista 32 bit

    I downloaded and tried to install this update from my 32-bit Vista system and has received a notice of error "update does not apply to your system.

    Hello
     

    In Windows vista and Windows 7, you don't have to download Windows easy transfer.
    Windows easy transfer is incorporated.
    See the links below:

Maybe you are looking for