1.RA扼杀
Router Advertisement Throttling
Router Advertisement (RA) throttling allows the controller to enforce rate limiting of RAs headed towards the wireless network. By enabling RA throttling, routers that are configured to send RAs frequently (every 3 seconds) can be trimmed back to a minimum frequency that will still maintain IPv6 client connectivity. This allows airtime to be optimized by reducing the number of multicast packets that must be sent. In all cases, if a client sends a Router Solicitation (RS), then an RA will be allowed through the controller and unicast to the requesting client. This is to ensure that new clients or roaming clients are not negatively impacted by RA throttling.
Note: When RA throttling occurs, only the first IPv6 capable router are allowed through. For networks that have multiple IPv6 prefixes being served by different routers, RA throttling must be disabled.
扼杀RA(路由器通告)
RA扼杀使得无线控制器向无线网络增强RA报文的限速。通过使能RA扼杀,路由器RA的发送频率(每3秒发送一次)可以减少到一个最小值,同时可以保持IPv6客户端的连接性。通过降低发送组播报文的数目可以优化airtime。在所有场景下,如果一个客户端发送RS报文,这时一个RA报文可以通过通过直使用单播的发送到请求的客户端。这样确保新的客户端或者漫游的客户端不被RA扼杀影响到
2.IPv6 Source Guard
The IPv6 source guard feature prevents a wireless client spoofing an IPv6 address of another client. This feature is analogous to IPv4 source guard. IPv6 source guard is enabled by default
IPv6源保护这个特性阻止1个无线客户端冒充另外一个IPv6客户端,这个特性和IPv4的源保护类似
3.IPv6 Access Control Lists
In order to restrict access to certain upstream wired resources or block certain applications, IPv6 Access Control lists can be used to identify traffic and permit or deny it. IPv6 Access Lists support the same options as IPv4 Access Lists including source, destination, source port, and destination port (port ranges are also supported). The wireless controller supports up to 64 unique IPv6 ACLs each with 64 unique rules in each. The wireless controller continues to support an additional 64 unique IPv4 ACLs with 64 unique rules in each for a total of 128 ACLs for a dual-stack client
IPv6访问控制列表
为了对接入到特定的上游有线网络资源或者规避特定的应用,IPv6 acl可以用于标识流量,然后允许或者拒绝它。它和IPv4的ACL类似,可以包含源目地址、源目端口等选项。无线控制器最多支持64个acl,每个acl中可以最多包含64个规则
4.DHCPv6 Server Guard
The DHCPv6 Server guard feature prevents wireless clients from handing out IPv6 addresses to other wireless clients or wired clients upstream. To prevent DHCPv6 addresses from being handed out, all DHCPv6 advertise packets from wireless clients are dropped. This feature operates on the controller, requires no configuration and is enabled automatically.
DHCPv6服务器保护特性阻止无线客户端向其他无线客户端或者上游的有线客户端分发IPv6地址。为了阻止DHCPv6地址被分发,所有的来自无线客户端的DHCPv6通告报文都被丢弃
5.