cancel
Showing results for 
Search instead for 
Did you mean: 

Default settings for ipv6 caused me a problem I just discovered

mike_galbicka
New Contributor II
Has anyone else experienced this?  By default my ZD1106 has ipv6 disabled which is what I want in my environment. However also by default the system default AP group configures all AP's to use ipv4 and ipv6. I always thought since it was disabled on the ZD it wasn't a problem. That is not the case. I found that guest traffic on the isolated guest WLAN was in fact passing to devices on the work network over ipv6. The automatic firewall rules put in place on the guest network for restricted subnet access to the LAN subnets DO NOT restrict ipv6 traffic and thus it needs to be disabled on the AP by changing those group settings to ipv4 only. That SHOULD BE the default don't you think to match the ZD and prevent this problem?
12 REPLIES 12

james_stevens_7
New Contributor II

galbicka,

     Interesting scenario.  What is your overall query, and what end result(s) are you looking to achieve?

mike_galbicka
New Contributor II
I am asking if others have experienced the same scenario and suggesting that the default settings be fixed if this is the case. Otherwise ipv4 networks are open to guest wireless intrusion instead of being isolated as claimed if this isn't caught by the user. A lot of users I know do not yet understand the implications of ipv6 and do not VLAN their guest network but rather rely on ipv4 firewall rules.

james_stevens_7
New Contributor II
I see your point.  I have not experienced this before; however, I usually configure my APs individually in an attempt to avoid instances such as what you have described; because Ruckus APs are able to be configured individually in order to accommodate being placed in odd places and support a variety of wifi enabled devices, having all APs inherit default IPv4 and IPv6 settings from ZD could pose a problem. 

michael_brado
Esteemed Contributor II
Specifying IPv4 and/or IPv6 on the ZoneDirector applies to ZD/AP communications.  Even if only using IPv4, mis-behaving client NICs may be sending IPv6  floods in their VLANs. 
https://support.ruckuswireless.com/answers/000003275

Unfortunately, APs see/inspect these packets too, even if they only ignore/drop them.