Understanding IPv6 Exceptions and Best Practices
The IPv6 best practices are provided below:
Ensure that you enable IPv6 globally.
The uplink port must be trusted. This is the same behavior as IPv4.
Ensure that thevalidusersessionACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.does not block IPv6 traffic.
There must not be anyACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.that drop ICMPv6 or DHCPv6 traffic. It is acceptable to drop DHCPv6 traffic if the deployment usesSLAACStateless Address Autoconfiguration. SLAAC provides the ability to address a host based on a network prefix that is advertised from a local network router through router advertisements.only.
If an external device providesRARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers.:
Themanaged devicesupports a maximum of four IPv6 user entries in the user table. If a client uses more than four IPv6 addresses at a time, the user table is refreshed with the latest four active entries without disrupting the traffic flow. However, this may have some performance impact.
EnableVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.to drop any random IPv6 multicast traffic. DHCPv6, ND, NS, andRARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers.traffic are not dropped when you enable this option.
under interfaceWhile selecting a source address, the number of common bits between each source address in the list, is checked from the left most bit. This is followed by selection of the source address that has the maximum number of matching bits with the destination address. If more than one source addresses has the same number of matching bits with the destination address, the kernel selects that source address that is most recently configured on the system. It is essential that the administrator or user configures the network appropriately, if a particularVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.interface needs to be selected as the source. For example, in case of802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.authentication the administrator or user can configure the source interface appropriately so that it is selected for authentication process. For more information on IPv6 source address selection, see .
Ensure that support for IPv6 Unique Local Address is added to enable configuring authentication-server hosts.
ArubaOSdoes not support the following functions for IPv6 clients:
Themanaged device提供有限的IPv6路由服务clients, so it is recommended to use an external IPv6 router for a complete routing experience (dynamic routing).
VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network.ALGApplication Layer Gateway. ALG is a security component that manages application layer protocols such as SIP, FTP and so on.is not supported for IPv6 clients.
IPv6 Auto configuration and IPv6 Neighbor Discovery mechanisms does not apply to IPv6 tunnels.
Tunnel Encapsulation Limit, Tunnel-group, andMTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet.discovery options on IPv6 tunnels are not supported.
When the
command is executed after a managed device is upgraded, only the IPv4 address is displayed.