IPv6 - ACLs, RAs, and RSes

When implementing an IPv6 ACL, there are some implicit statements that exist at the end of the access list. These ensure that the NDP protocol is functioning, an important part of the IPv6 operation.

However, these implicit statements do not include the permitting of Router Advertisements (RAs) and Router Solicitations (RSes), which are important messages needed for the correct operation of IPv6 stateless autoconfiguration, or SLAAC.

In order to permit RAs and RSes, the following statements should be added to the ACL:

permit icmp any any router-advertisement permit icmp any any router-solicitation

It is also important to remember the fact that outgoing ACLs of all types will not filter locally generated traffic.

Links:

https://forum.networklessons.com/t/ipv6-neighbor-discovery-protocol-on-cisco-router/898/81?u=lagapides

https://networklessons.com/ipv6/ipv6-access-list-on-cisco-ios

https://networklessons.com/ipv6/ipv6-neighbor-discovery-protocol-on-cisco-router