Primrose's Blog

So, I got a CRS326-24G-2S+RM MikroTik switch in January to replace my aging Cisco SG300-52 switch that was more than a decade old, and I quickly learned how to do a lot with it, and got things set up the way I liked.

Everything, except IPv6. IPv6 is basically treated like a second class citizen on RouterOS, and it's kind of disappointing to say the least. Despite that, you can enable it via a package, and get it working more or less the way you would expect, despite the lack of documentation on IPv6 in RouterOS.

My biggest issue with it however, was the fact that when I would add an IPv6 ACL to the rule list on the switch, it would completely lock up, and halt all traffic regardless of protocol. This left me quite confused, and after trying to solve it myself for two months, I decided to ask for help on Reddit (see this thread)

The fix ended up being simple. I just had to add mac-protocol="ipv6" to the ACL rule so that the switch would know to specifically target IPv6 traffic only (not sure why it didn't just do that without that argument, but yeah). Nowhere on the MikroTik RouterOS help page for ACLs does it mention that you must add this if you want IPv6 ACLs to work properly, which is incredibly stupid.

Anyway, just wanted to put this post out there for anyone scouring the internet for answers as to why their IPv6 ACLs won't work on RouterOS. Thanks to Reddit user u/krisdb2009 for helping me out on the Reddit thread I linked to above.

Edit (Unix Timestamp 1709851301):

After taking a closer look at the help page for ACLs, it does mention that the use of mac-protocol is recommended if filtering IP packets, but doesn't say that it is required, so there's that I guess. I just expected it to work the same as the IPv4 ACLs, since those worked fine without defining mac-protocol, but I was wrong.

Signed,

Primrose